Unit 6
Unit 6
Unit 6
Web Security
• Virtually all businesses, most government agencies, and many
individuals now have Web sites.
• The number of individuals and companies with Internet
access is expanding rapidly and all of these have graphical
Web browsers.
• As a result, businesses are enthusiastic about setting up
facilities on the Web for electronic commerce.
• But the reality is that the Internet and the Web are extremely
vulnerable to compromises of various sorts.
• As businesses wake up to this reality, the demand for secure
Web services grows.
• need added security mechanisms
• The Internet is two way. Unlike traditional publishing
environments, even - electronic publishing systems
involving teletext, voice response, or fax-back, the Web
is vulnerable to attacks on the Web servers over the
Internet.
• Cipher spec: Specifies the bulk data encryption algorithm (such as null,
AES, etc.) and a hash algorithm (such as MD5 or SHA-1) used for MAC
calculation. It also defines cryptographic attributes such as the
hash_size
• Master secret: 48-byte secret shared between the client and server.
• Server and client random: Byte sequences that are chosen by the
server and client for each connection.
• Server write MAC secret: The secret key used in MAC operations
on data sent by the server.
• Client write MAC secret: The secret key used in MAC operations
on data sent by the client.
• PRF takes as input a secret value, an identifying label, and a seed value
and produces an output of arbitrary length.
TLS (Transport Layer Security)
• Alert code:
– Record overflow, unkown CA, access_denied, decode_error,
Protocol_version, insuffiecient security,
unsupported_extension, Internal_error, decrypt_error,
– User_canceled, no_recognization
• Cipher suites
– There are several small differences between the cipher suites
available under SSLv3 and under TLS:
– Key Exchange: TLS supports all of the key exchange
techniques of SSLv3 with the exception of Fortezza.
Once an encryption
algorithm has been
negotiated, the
entire packet
(excluding the MAC
field) is encrypted
after the MAC
value is calculated.
SSH Transport Layer Protocol
• The SSH Transport Layer packet exchange consists of a
sequence of steps.
• The first step, the identification string exchange, begins with
the client sending a packet with an identification string.
• Next comes algorithm negotiation. Each side sends an
SSH_MSG_KEXINIT containing lists of supported algorithms,
one list for each type of cryptographic algorithm, in the order
of preference to the sender.
• For each category, the algorithm chosen is the first algorithm
on the client's list that is also supported by the server.
SSH Transport Layer Protocol
• The next step is key exchange. The specification allows for
alternative methods of key exchange, but at present only two
versions of Diffie-Hellman key exchange are specified.
• As a result of these steps, the two sides now share a master key K.
In addition, the server has been authenticated to the client. The
end of key exchange is signaled by the exchange of
SSH_MSG_NEWKEYS packets. At this point, both sides may start
using the keys generated from K, as discussed subsequently.
• The final step is service request. The client sends an
SSH_MSG_SERVICE_REQUEST packet to request either the User
Authentication or the Connection Protocol. Subsequent to this, all
data is exchanged as the payload of an SSH Transport Layer packet,
protected by encryption and MAC.
SSH User Authentication Protocol
• The User Authentication Protocol provides the means by
which the client is authenticated to the server.
• Three types of messages are always used in the User
Authentication Protocol.
• Authentication requests from the client have type
SSH_MSG_USERAUTH_REQUEST. If the server either (a)
rejects the authentication request, or (b) accepts the request
but requires one or more additional authentication methods,
the server sends a SSH_MSG_USERAUTH_FAILURE message
that includes a list of methods that may productively continue
the dialog.
SSH User Authentication Protocol
• If the server accepts authentication then it sends a single byte
message, SSH_MSG_USERAUTH_SUCCESS.