Web Security

spongehousesSecurity

Nov 3, 2013 (3 years and 8 months ago)

57 views

Web Security

CS598MCC Spring 2013

Yiwei

Yang



Definition




a set of procedures, practices, and
technologies for assuring the reliable,
predictable operation of web servers, web
browsers, other programs that communicate
with web servers, and the surrounding
Internet infrastructure.


Three components









Data in
transit

Web
Browser

Web

Server

Privacy issue with web browser


Where does information leak out?


1. Provided by users (registration form)


2. Log files


-

W
eb logs (IP, time, requested URL, browser type,


username if authentication is used …)


proxy servers can obscure web log


-

Mail logs (from, to, …)


-

DNS logs (name, IP, query…)


-

RADIUS logs



Privacy issue with web browser


Where does information leak out?


3. Web bugs


<
img

src
=“ … “
width=1 height=1 border=0

/>


outsourced web site monitoring


4.
Cookie


-

user’s actual data


-

a number of codes that key into a database that


resides at the web provider



Privacy issue with web browser


Attacks related with cookies


1.XSS(Cross
-
site scripting)


-

Nonpersistent


-

Persistent




Prevention


-

Better cookie handling


-

Disable the script



Privacy issue with web browser


Attacks related with cookies


2. CSRF(
Cross
-
Site Request Forgery)


-

belongs to Deputy attack


-

carried out attack from user

himself




Prevention


-

Better cookie handling


-

Authentication for each operation


-

Random number

RADIUS(
Remote Authentication Dial
In User Service

)



Application layer client/server protocol on top of
UDP



Authentication, Authorization, Accounting (AAA)


RADIUS Server


-

daemon process running on Unix or Window NT machine


RADIUS Client


-

access server(gateway) that control access to network( RAS,
NAS, VPN server)


Radius Packet format

Authentication and Authorization


1.User initiates authentication to the NAS.

2.NAS prompts for username and password.

3.User replies.


4.RADIUS client sends username and encrypted password to the




RADIUS server.

5.RADIUS server responds with Accept, Reject, or Challenge.

6.The RADIUS client acts upon services and services parameters
bundled with Accept or Reject.



Client sends out access
-
request packet


-

request authenticator is a random 16 octet string


-

password is encrypted


p is divided into p
1
,p
2
,…..
p
n

where p
i

is a 16
-
octet block


c
1

= p
1

XOR MD5(S || request authenticator )


c
2

= p
2

XOR MD5(S || c
1

)


…….


c
n

=
p
n

XOR MD5(S || c
n
-
1
)


-

sent to port 1812 of server

Authentication and Authorization


Server received the packet


Drop it if no shared secret


Otherwise authenticate the user


-

access
-
accept( parameters used for this session including


access list to apply)


-

access
-
reject


-

access
-
challenge



response authenticator = MD5 (code || ID|| length|| request authenticator||
attributes || s)



Send out the packet to client






Authentication and Authorization


Client drop the packet if it doesn’t have
corresponding identifier or calculation on response
authenticator doesn’t match


Otherwise the user is authenticated if received
access
-
accept




What can go wrong?


Authentication and Authorization

Attacks on RAIDUS


Response Authenticator Based Shared Secret
Attack


User
-
Password Attribute Based Shared Secret
Attack


User
-
Password Based Password Attack


Active User
-
Password Compromise through
Repeated Request Authenticators


We need to secure the traffic

Accounting

Secure Network Connection

Cryptographic protocol


Offline encryption communication protocol


-
PGP/
OpenPGP
, S/MIME


Online encryption communication protocol


-
SSL,
IPsec
, Kerberos, SET, SSH

SSL(Secure Sockets Layer)


SSL Record Protocol


Handshake Protocol: Phase 1 and 2

SSL: Handshake Round 1

Client

Server

{
v
C

||
r
1

||
s
1

||
ciphers

||
comps

}

Client

Server

{
v

||
r
2

||
s
1

||
cipher

||
comp

}

v
C

Client’s version of SSL

v

Highest version of SSL that Client, Server both understand

r
1
,
r
2

nonces (timestamp and 28 random bytes)

s
1

Current session id (0 if new session)

ciphers

Ciphers that client understands

comps

Compression algorithms that client understand

cipher

Cipher to be used

comp

Compression algorithm to be used

SSL: Handshake Round 2

Client

Server

{
certificate

}

Note: if Server not to authenticate itself, only last message sent; third

step omitted if Server does not need Client certificate

k
S

Server’s private key

ctype

Certificate type requested (by cryptosystem)

gca

Acceptable certification authorities

er2

End round 2 message

Client

Server

{
mod

||
exp

|| Sig
S
(
h
(
r
1

||
r
2

||
mod

||
exp
)) }

Client

Server

{
ctype

||
gca

}

Client

Server

{
er2

}


Handshake Protocols: Phases 3 and 4

SSL: Handshake Round 3

Client

Server

{
pre

}Pub
S

msgs

Concatenation of previous messages sent/received this handshake

opad
,
ipad

As above

Client

Server

{

h
(
master || opad || h
(
msgs || master | ipad
)) }

Both Client, Server compute master secret
master
:

master

=

MD5(
pre

|| SHA(‘A’ ||
pre

||
r
1

||
r
2
) ||

MD5(
pre

|| SHA(‘BB’ ||
pre

||
r
1

||
r
2
) ||

MD5(
pre

|| SHA(‘CCC’ ||
pre

||
r
1

||
r
2
)

Client

Server

{
client_cert

}

SSL: Handshake Round 4

Client

Server

{
h
(
master || opad || h
(
msgs ||
0x434C4E54

|| master || ipad
)) }

msgs

Concatenation of messages sent/received this handshake in

previous

rounds (does notinclude these messages)

opad
,
ipad
,
master

As above

Client

Server

{

h
(
master || opad || h
(
msgs || 0x53525652 || master | ipad
)) }

Server sends “change cipher spec” message using that protocol

Client

Server

Client sends “change cipher spec” message using that protocol

Client

Server

SSL


What does SSL provide us?


-

Data integrity, Confidentiality


-

Authentication(handshake)


Limitation on SSL


-

doesn’t work with connection less protocol


-

doesn’t support non
-
repudiation


-

doesn’t protect the application itself


-

general
-
purpose data security



Misuse of SSL



TLS(Transport Layer Security)


SSL 3.0 served as the basis for TLS 1.0(SSL 3.1)


Slightly different from SSL


-

Message Authentication (HMAC)


-

key derivation


-

Finished


-
Alert protocol
message type


Secure Web Server


Based on CIA, what do we need to secure?








Three steps to secure server


1. Host security


2. S
ecure web service


3. E
xamine interaction between OS and web service







References


RADIUS

http://en.wikipedia.org/wiki/RADIUS

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080
0945cc.shtml


SSL

https://wiki.engr.illinois.edu/download/attachments/202934655
/ssl
-
ipsec.pdf?version=1&modificationDate=1348193253000



Thank you!