week12-WEB SECURITY

hotbroodΑσφάλεια

2 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

62 εμφανίσεις

WEB SECURITY

WEB ATTACK TYPES

Buffer Overflows

XML Injections

Session Hijacking

Attacks

WEB Attack Types

Common Effects:
DOS (Denial of Service), data corruption, malicious code
execution.


An attacker can craft XML data causing the XML to call upon itself
repetitively therefore constantly increasing in size. This causes a memory
overflow, or trigger error messages which reveal information about the
application.


A DOS attack can be caused by forcing a server to parse an abnormally long
XML file, which in essence uses up much more resources then actually
generating one, and can crash the application. Another type of attack
consists of sending a block of data to an application, which is stored in a
buffer of insufficient size. This block of data can then overwrite genuine
data and cause a function return which gives control to the malicious code
in the hacker’s data block.

Buffer Overflows

Common Effects:
Command execution, data theft and deletion, schema
poisoning.


SQL Injection is a high
-
risk exploit which may be performed using SOAP
messages. If a server does not validate data correctly, a SOAP message can
easily be used to create XML data which inserts a parameter into an SQL
query and have the server execute it with the rights of the Web Service. SQL
Injection is only one of the threats a server is exposed to if data is not
validated.


Another such example is Schema Poisoning. A schema file is what an XML
parser uses to understand the XML’s grammar and structure, and contains
essential preprocessor instructions. An attacker may damage the XML
schema or replace it with a modified one which would then allow the
parser to process malicious SOAP messages and specially crafted XML files
to inject OS commands on the server or database.


XML Injections

Common Effects
: Obtaining of user privileges within application or
network.


Session hijacking involves gaining illegal control of a legal user’s session
state. It occurs when an attacker steals a valid session ID (valid session
cookie), and uses it to gain that particular user’s privileges in the
application. By intercepting or sniffing SOAP messages, an attacker can
hijack a user’s session in the same ways as with normal web application
attacks, however once a hacker is authenticated as a valid user he may
perform more dangerous activities.

Session Hijacking

WEB SECURITY

Web Security

Threats

Secure Naming

SSL


The Secure Sockets Layer

Mobile Code Security


Secure Naming

(a)

Normal situation.
(b)

An attack based on breaking
into DNS and modifying Bob's record.

Secure Naming (2)

How Trudy spoofs Alice's ISP.

Secure DNS

An example RRSet for
bob.com
. The
KEY

record is Bob's
public key. The
SIG

record is the top
-
level

com

server's signed
has of the
A

and
KEY

records to verify their authenticity.

Self
-
Certifying Names

A self
-
certifying URL containing a hash of server's
name and public key.

SSL

Two

protocol

is

dominant

today

for

providing

security

at

the

transport

layer

SSL Services

Security Parameters

Sessions and Connections

Four Protocols

Transport Layer Security

Topics discussed in this section:

Location of SSL and TLS in the Internet model

SSL

The Secure Sockets Layer

Layers (and protocols) for a home user browsing with SSL.

SSL (2)

A simplified version of the SSL connection establishment subprotocol.

SSL (3)

Data transmission using SSL.

SSL cipher suite list

SSL cipher suite list (continued)

Cryptographic Secrets



Client

needs

one

key

for

message

authentication



Client

needs

one

key

for

encryption



Client

needs

one

Initiation

Vector

(IV)

for

block

encryption




Server

needs

one

key

for

message

authentication



Server

needs

one

key

for

encryption



Server

needs

one

Initiation

Vector

(IV)

for

block

encryption



The client and the server have six
different cryptography secrets.

Note

Creation of cryptographic secrets in SSL

Cryptographic Secrets



The

client

and

server

exchange

two

random

numbers
;

one

is



created

by

the

client

and

the

other

by

the

server
.




The

client

and

server

exchange

one

premaster

secret

by

using



one

of

the

key
-
exchange

algorithms

we

discussed

previously
.




A

48
-
byte

master

secret

is

created

from

the

premaster

secret

by



applying

two

hash

functions

(SHA
-
1

and

MD
5
)
.




The

master

secret

is

used

to

create

variable
-
length

secrets

by



applying

the

same

set

of

hash

functions

and

prepending

with



different

constants
.


Question 1

What steps are involved in the SSL Record Protocol
Transmission?




Answer 1

What steps are involved in the SSL Record Protocol
Transmission?


Answer:


Fragmentation.


Compression.


Add MAC.


Encrypt.


Append SSL record header.



Connection & Session



Connection
:

A

connection

is

a

transport

(in

the

OSI

layering

model

definition)

that

provides

a

suitable

type

of

service
.

A

connection

can

be

established

and

broken

several

times

during

a

session
.

For

SSL,

such

connections

are

peer
-
to
-
peer

relationships
.

The

connections

are

transient
.

Every

connection

is

associated

with

one

session
.





Session
:

An

SSL

session

is

an

association

between

a

client

and

a

server
.

A

session

between

two

systems

is

an

association

that

can

last

for

a

long

time
.

Sessions

are

created

by

the

Handshake

Protocol
.

Sessions

define

a

set

of

cryptographic

security

parameters,

which

can

be

shared

among

multiple

connections
.

Sessions

are

used

to

avoid

the

expensive

negotiation

of

new

security

parameters

for

each

connection
.


Question 2

What is the difference between a session and a connection in SSL?


Answer 2

What is the difference between a session and a connection in SSL?


Answer:


Connection: A connection is a transport (in the OSI layering
model definition) that provides a suitable type of service. For SSL,
such connections are peer
-
to
-
peer relationships. The connections
are transient. Every connection is associated with one session.



Session: An SSL session is an association between a client and
a server. Sessions are created by the Handshake Protocol.
Sessions define a set of cryptographic security parameters, which
can be shared among multiple connections. Sessions are used to
avoid the expensive negotiation of new security parameters for
each connection.


Four SSL protocols

Question 3

What protocols compromise SSL?


Answer 3

What protocols compromise SSL?


Answer:


SSL handshake protocol.


SSL change cipher spec protocol.


SSL alert protocol.


SSL record protocol.

Four Protocols



Handshake

Protocol
:

provides

security

parameters

for

the

Record

Protocol
.

It

establishes

a

cipher

set

and

provides

keys

and

security

parameters
.

It

also

authenticates

the

server

to

the

client

and

the

client

to

the

server

(if

needed),

and

to

exchange

information

for

building

the

cryptographic

secrets
.

The

handshaking

is

done

in

four

phases,

as

shown

in

Figure
.


Handshake Protocol

Four Protocols



ChangedCipherSpec

Protocol
:

is

used

for

signaling

the

readiness

of

cryptographic

secrets
.




Alert

Protocol
:

is

used

to

report

abnormal

conditions
.





Record

Protocol
:

caries

message

from

the

upper

layer

(Handshake

Protocol,

ChangeCipherSpec

Protocol,

Alert

Protocol,

or

application)
.

The

message

is

fragmented

and

optionally

compressed
;

a

MAC

is

added

to

the

compressed

message

by

using

the

negotiated

hash

algorithm
.

The

compressed

fragmented

and

the

MAC

are

encrypted

by

using

the

negotiated

encryption

algorithm
.

Finally,

the

SSL

header

is

added

to

the

encrypted

message
.

Figure

shows

this

process

at

the

sender
.

The

process

at

the

receiver

is

reversed
.

Processing done by the Record Protocol

Question 4

What services are provided by the SSL Record Protocol?


Answer 4

What services are provided by the SSL Record Protocol?


Answer:


Confidentiality: The Handshake Protocol defines a shared secret
key that is used for conventional encryption of SSL payloads.



Message Integrity: The Handshake Protocol also defines a
shared secret key that is used to form a message authentication
code (MAC).

How Do You Want Protect Your Network System

Thank You