CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerCSE 543 - Computer SecurityLecture 23 - Web SecurityNovember 27, 2007URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/1CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Network vs. Web SecurityCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page What is the web?•A collection of application-layer ! services used to distribute content–Web content (HTML)–Multimedia–Email–Instant messaging•Many applications–News outlets, entertainment, education, research and technology, …–Commercial, consumer and B2BCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Web security: the high bits•The largest distributed system in existence–threats are as diverse as applications and users–But need to be thought out carefully …•The stakeholders are …–Consumers (users, businesses, agents, …)–Providers (web-servers, IM services, …)•Another way of seeing web security is –Securing the web infrastructure such that the integrity, confidentiality, and availability of content and user information is maintainedCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Secure socket Layer (SSL/TLS)•Used to authenticate servers–Uses certificates, “root” CAs•Can authenticate clients•Inclusive security protocol•Security at the socket layer–Transport Layer Security (TLS)–Provides•authentication•confidentiality•integrityTCPIPSSLHTTPCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page SSL Handshake(1) Client Hello (algorithms,…)(2) Server Hello (alg. selection, …)(3) Server Certificate(4) ClientKeyRequest(5) ChangeCipherSuite(6) ChangeCipherSuite(7) Finished(8) FinishedClient ServerCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Simplified Protocol DetailParticipants: Alice/A (client) and Bob/B (server)Crypto Elements : Random R, Certificate C, k+iPublic Key (of i)Crypto Functions : Hash function H(x), Encryption E(k, d), Decryption D(k, d),Keyed MAC HMAC(k, d)1. Alice → Bob RA2. Bob → Alice RB, CBAlice pick pre-master secret SAlice calculate master secret K = H(S, RA, RB)3. Alice → Bob E(k+B, S), HMAC(K,!CLNT!+ [#1, #2])Bob recover pre-master secret S = D(k−B, E(k+B, S))Bob calculate master secret K = H(S, RA, RB)4. Bob → Alice HMAC(K,!SRV R!+ [#1, #2])Note: Alice and Bob : IV Keys, Encryption Keys, and Integrity Keys 6 keys,whereeach key ki= gi(K, RA, RB), and giis key generator function.1CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Advantages of SSL•Confidential session•Server authentication*•GUI clues for users•Built into every browser•Easy to configure on the server•Protocol has been analyzed like crazy•Seems like you are getting security “for free”CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Disadvantages of SSL•Users don’t check certificates–most don’t know what they mean•Too easy to obtain certificates•Too many roots in the browsers•Some settings are terrible–ssl v2 is on–totally insecure cipher suites are included•very little use of client-side certificates•performance! –early days had sites turning off–getting better (crypto coprocessors, etc.)CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Reality of SSL•SSL is here to stay no matter what•credit card over SSL connection is! probably safer than credit card to waiter•biggest hurdles:–performance–user education (check those certificates)–too many trusted sites (edit your browser prefs)–misconfiguration (turn off bad ciphersuites)–can be used for many non-web applicationsCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Cookies•Cookies were designed to offload server state to browsers–Not initially part of web tools (Netscape)–Allows users to have cohesive experience–E.g., flow from page to page, •Someone made a design choice–Use cookies to authenticate and authorize users–E.g. Amazon.com shopping cart, WSJ.comCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Cookie Issues …•New design choice means–Cookies must be protected•Against forgery (integrity)•Against disclosure (confidentiality)•Cookies not robust against web designer mistakes–Were never intended to be–Need the same scrutiny as any other tech. Many security problems arise out of a technology built for one thing incorrectly applied to something else.CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Cookie Design 1: mygorilla.com•Requirement: authenticate users on sitemygorilla.com•Design: 1.use digest authentication to login user2.set cookie containing hashed username3.check cookie for hashed username•Q: Is there anything wrong with this design?User ServerCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Cookie Design 2: mygorilla.com•Requirement: authenticate users on sitemygorilla.com•Design: 1.use digest authentication to login user2.set cookie containing encrypted username3.check cookie for encrypted username•Q: Is there anything wrong with this design?User ServerCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Exercise: Cookie Design•Design a secure cookie for mygorilla.com that meets the following requirements•Requirements–Users must be authenticated (assume digest completed)–Time limited (to 24 hours)–Unforgeable (only server can create)–Privacy-protected (username not exposed)–Location safe (cannot be replayed by another host)User ServerCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Library Attack ….•I am sitting in the local library using the computer …•… to buy some stuff …•… and walk away …CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Passport•Single signon for web merchants–No system modifications•E-commerce–SSL connection is negotiated–Users authenticate to merchant web site–Shop...–Repeat as necessary•SSL, authentication, etc. must be done from scratchCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Single Signon•Authenticate once for many merchants•What are some single signon systems?–What are their trust models?•Are web technologies effective for building single
View Full Document
Unlocking...