4/9/2018
Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE
Introduction
Security facilities in the TCP/IP
Web Security Issues
Security Socket Layer (SSL)
Transport Layer Security (TLS)
HTTPS
Secure Shell (SSH)
4/9/2018 2
1
� 4/9/2018
4/9/2018 3
4/9/2018 4
2
� 4/9/2018
4/9/2018 5
4/9/2018 6
3
� 4/9/2018
transparent to end could be provided as Application-specific
users and applications part of the underlying security services
provides a general- protocol suite, embedded within the
purpose solution. therefore be particular application.
includes a filtering
transparent to the service can be
capability so that only applications. tailored to the
selected traffic need can be embedded in specific needs of a
incur the overhead of specific packages. given application.
IPsec processing. Ex, Netscape and IE
4/9/2018 7
SSL/ TLS is used to secure communication between two
parties using both asymmetric cryptography as well as
symmetric cryptography to
o provide data privacy, integrity, and authentication.
A man in the middle is unable to read the contents of
their messages.
o Two parties are able to authenticate to ensure they really are
talking to whom they think.
4/9/2018 8
4
� 4/9/2018
4/9/2018 9
A tool that provides website protection and guarantees
the confidentiality of data transmitted electronically.
SSL certificates are registered on a particular domain
name that contains information about the domain owner,
his address, etc.
Three basic types of SSL Certificates are issued by
Certificate Authorities (CAs):
o Domain Validated
o Organization Validated
o Extended Validation.
4/9/2018 10
5
� 4/9/2018
4/9/2018 11
Strong authentication, message privacy, and integrity
o secure transmitted data using encryption
o data integrity through an integrity check value
o help protect against masquerade attacks, man-in-the-middle,
rollback attacks, and replay attacks.
Interoperability: works with
o most Web browsers and on most OS and Web Server
Algorithm flexibility
o authentication mechanisms, encryption algorithms, and hashing
algorithms
Ease of deployment:
o transparently on a Windows Server
Ease of use:
o most of its operations are completely invisible to the client.
o The client still be protected from attackers. (no need knowledge)
4/9/2018 12
6
� 4/9/2018
the right solution for your server if you:
o Collect and process personal data,
o Sell things on the Internet,
o Publish information that needs to be authenticated,
o Are professionally active on the Internet,
o Share confidential information over the Internet with
your colleagues and business partners.
4/9/2018 13
Banks and financial institutions,
Online stores (e-commerce),
Auction services,
Public administration websites (customer services)
Websites that process and provide data in hospital
Business websites and cooperation portals,
School and university websites,
Email and database servers,
Client-server applications,
Communication within the Intranet and Extranet networks,
Secure file transfer protocols (SFTP).
4/9/2018 14
7
� 4/9/2018
Increased processor load
o Cryptography, specifically public key operations, is CPU-
intensive.
o TLS uses the greatest resources while it is setting up
connections.
Administrative overhead
o A TLS/SSL environment is complex and requires maintenance;
the system administrator must configure the system and manage
certificates.
4/9/2018 15
SSL-secured transactions with an e-commerce Web site
o certificate of the Web site is valid,
o sends the client’s credit card information as cipher text
o must be enabled for the Web page: an order form..
Authenticated client access to an SSL-secured Web site
o Both the client and server need certificates from a mutually-trusted
certification authority (CA)
Remote access
o provide authentication and data protection when users remotely log
in to Windows-based systems or networks.
SQL access
o client or server can be configured to require encryption of the data
that is transferred between them
E-mail
o protect data in a server-to-server exchange allows companies to
use the Internet to securely transfer e-mail among divisions within
the same company
4/9/2018 16
8
� 4/9/2018
Connection:
o A connection is a transport that provides a suitable type of service.
o Connections are peer-to-peer relationships.
o The connections are transient.
o Every connection is associated with one session.
Session:
o An association between a client and a server.
o Sessions are created by the Handshake Protocol.
o Sessions define a set of cryptographic security parameters which
can be shared among multiple connections.
o Sessions are used to avoid the expensive negotiation of new
security parameters for each connection.
4/9/2018 17
SSL is designed to make use of TCP to provide a reliable end-to-
end secure service.
SSL is not a single protocol but rather two layers of protocols
provides the transfer service for
are used in the management Web client/server interaction
of SSL exchanges
provides basic security services to
various higher layer protocols
4/9/2018 18
9
� 4/9/2018
The SSL Record Protocol provides two services for
SSL connections:
o Confidentiality:
The Handshake Protocol defines a shared secret key that is
used for conventional encryption of SSL payloads.
o Message Integrity:
The Handshake Protocol also defines a shared secret key that is
used to form a message authentication code (MAC).
4/9/2018 19
214 bytes
(16384 bytes)
Comp Algo TLS:
null
hash(MAC_write_secret || pad_2 || hash(MAC_write_secret
|| pad_1 || seq_num || [Link]
|| [Link] || [Link]))
Encryption algorithms: Block Cipher (AES,
DES, 3DES, RC2,…). Stream Cipher (RC4..)
Header fields: Content Type (8 bits); Major
Version (8 bits); Minor Version (8 bits);
4/9/2018 Compressed Length (16 bits) 20
10
� 4/9/2018
Change Cipher Spec Protocol:
o is the simplest.
o consists of a single message:
• consists of a single byte with the value 1
• to cause the pending state to be copied into the current state, which
updates the cipher suite to be used on this connection.
4/9/2018 21
The Alert Protocol:
o is used to convey SSL-related alerts to the peer entity.
o alert messages are compressed and encrypted, as specified by
the current state.
o Each message in this protocol consists of two bytes
• The first byte takes the value warning (1) or fatal (2) to convey the
severity of the message.
• The second byte contains a code that indicates the specific alert
4/9/2018 22
11
� 4/9/2018
Handshake Protocol
o The most complex part of SSL
o This protocol allows the server and client to authenticate each other
and to negotiate an encryption and MAC algorithm and cryptographic
keys to be used to protect data sent in an SSL record.
o It is used before any application data is transmitted.
o It consists of a series of messages exchanged by client and server.
Each message has three fields:
• Type (1 byte): Indicates one of 10 messages. Table 16.2 lists the defined
message types.
• Length (3 bytes): The length of the message in bytes.
• Content ( bytes): The parameters associated with this message
4/9/2018 23
Message Type Parameters
hello_request null
client_hello version, random, session id, cipher suite,
compression method
server_hello version, random, session id, cipher suite,
compression method
certificate chain of X.509v3 certificates
server_key_exchange parameters, signature
certificate_request type, authorities
server_done null
certificate_verify signature
client_key_exchange parameters, signature
finished hash value
4/9/2018 24
12
� Server Authentication and Establish Security
Key Exchange Capabilities
4/9/2018
4/9/2018
Client Authentication
Finish and Key Exchange
25
26
4/9/2018
13
� 4/9/2018
1. Symantec
2. Wormly
3. DigiCert
4. SSL Shopper
5. GlobalSign
6. Qualys
7. Free SSL Server Test
8. COMODO
9. SSL Checker
10. HowsMySSL
4/9/2018. [Link]
27
Two further items are of interest:
o the creation of a shared master secret by means of the key
exchange and
• a one-time 48-byte value
• generated using secure key exchange (RSA / DiffieHellman) and then
hashing info
• two stages.
• First, a pre_master_secret is exchanged (RSA / DiffieHellman)
• Second, the master_secret is calculated by both parties.
o the generation of cryptographic parameters from the master secret.
• Client and Server write:
• MAC secret,
• key,
• Initialization Value
• generated by hashing master secret into a sequence of secure bytes of
sufficient length for all needed parameters
4/9/2018 28
14
� 4/9/2018
TLS is an IETF standardization initiative whose goal is to
produce an Internet standard version of SSL.
TLS is defined as a Proposed Internet Standard in RFC
5246
It is very similar to SSLv3.
There are minor differences:
o record format version number
o uses HMAC for MAC
o a pseudo-random function expands secrets: based on HMAC using SHA-1 or MD5
o has additional alert codes
o some changes in supported ciphers
o changes in certificate types & negotiations
o changes in crypto computations & padding
4/9/2018 29
need to ensure that their private keys are not used
anywhere with server software that allows SSLv2
connections:
o web servers, SMTP servers, IMAP and POP servers
4/9/2018 30
15
� 4/9/2018
Web now widely used by business, government, individuals
but Internet & Web are vulnerable
have a variety of threats
o Integrity
o Confidentiality
o denial of service
o authentication
need added security mechanisms
4/9/2018 31
4/9/2018 32
16
� 4/9/2018
Two types of web security threats:
o Passive attacks include eavesdropping on network traffic
between browser and server and gaining access to information
on a Web site that is supposed to be restricted.
o Active attacks include impersonating another user, altering
messages in transit between client and server, and altering
information on a website
Another way to classify Web security threats is in terms
of the location of the threat:
o Web server,
o Web browser, and
o network traffic between browser and server
4/9/2018 33
HTTPS (HTTP over SSL) refers to the combination of HTTP
and SSL to implement secure communication between a Web
browser and a Web server.
o HTTPS is simply HTTP inside of a TLS session
Secure Socket Layer (SSL) provides security services
between TCP and applications that use TCP. The Internet
standard version is called Transport Layer Service (TLS).
SSL/TLS provides confidentiality using symmetric encryption
and message integrity using a message authentication code
(MAC).
SSL/TLS includes protocol mechanisms to enable two TCP
users to determine the security mechanisms and services
they will use.
4/9/2018 34
17
� 4/9/2018
HTTPS:
o is documented in RFC 2818, HTTP Over TLS or SSL
o refers to the combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server.
o is built into all modern Web browsers.
o Its use depends on the Web server supporting HTTPS
communication.
• For example, search engines do not support HTTPS.
• If HTTPS is specified, port 443 is used, which invokes SSL.
4/9/2018 35
When HTTPS is used, the following elements of the
communication are encrypted:
o URL of the requested document
o Contents of the document
o Contents of browser forms (filled in by browser user)
o Cookies sent from browser to server and from server to browser
o Contents of HTTP header
There is no fundamental change in using HTTP over
either SSL or TLS, and both implementations are
referred to as HTTPS.
4/9/2018 36
18
� 4/9/2018
4/9/2018 37
1. Session establishment (authentication, key exchange)
2. Exchange of data over SSL, often a 1KB file over HTTP
3. Session closure
4/9/2018 38
19
� 4/9/2018
Connection Initiation:
o The client initiates a connection to the server on the appropriate port
o begin the TLS handshake: client sends the TLS ClientHello.
o Then, the client initiate the first HTTP request.
o All HTTP data is to be sent as TLS application data.
Connection closure
o requires that TLS close the connection with the peer TLS entity on
the remote side (closing the underlying TCP connection)
o TLS level exchange close_notify alerts
o must handle TCP close before alert exchange sent or completed
4/9/2018 39
SSH:
o is a protocol for secure network communications designed to be relatively
and inexpensive to implement.
SSHv1:
o was focused on providing a secure remote logon facility,
o can be used for such network functions as file transfer and e-mail.
SSH2:
o fixes a number of security flaws in the original scheme.
o is documented as a proposed standard in IETF RFCs 4250 through 4256.
SSH client and server applications are widely available for most
operating systems.
It has become the method of choice for remote login and X tunneling
and is rapidly becoming one of the most pervasive applications for
encryption technology outside of embedded systems.
4/9/2018 40
20
� 4/9/2018
4/9/2018 41
- These strings are used in the
DiffieHellman key exchange
The cryptographic algorithm include:
key exchange, encryption, MAC
algorithm, and compression algorithm
Diffie-Hellman key exchange are
specified
At this point, both sides may start
using the keys generated from K
- Request: User Authentication or the
Connection Protocol.
- Then, all data is exchanged as the payload of
an SSH Transport Layer packet, protected by
4/9/2018 42
encryption and MAC
21
� 4/9/2018
Packet length
Padding length
Payload
Random padding
MAC
4/9/2018 43
Defines which the client is authenticated to the server
three message types:
o SSH_MSG_USERAUTH_REQUEST
o SSH_MSG_USERAUTH_FAILURE
SSH_MSG_USERAUTH_SUCCESS
Authentication methods:
o publickey: depend on the public-key algorithm chosen.
Client sends: (Pub,M(Sign_Pri))
Serrver: checks key is acceptable for authentication; checks
signature is correct or not
o password: Client sends En(Password) by TLP
o hostbased: works:
• Client send a signature created with the private key of the client host.
• The SSH server verifies the identity of the client host—and
• then believes the host when it says the user has already authenticated
on the client side
4/9/2018 44
22
� 4/9/2018
The SSH Connection Protocol used a tunnel to multiplex a number
of logical channels.
Channel Mechanism:
o Support all types of communication using SSH
o Each side associates a unique channel
o Channels are flow controlled using a window mechanism.
o No data may be sent to a channel until a message is received to indicate
that window space is available.
Channel Types
o Session: may be a shell, an application such as file transfer or e-mail, a
system command, or some built-in subsystem
o x11: allows applications to run on a network server but to be displayed
on a desktop machine.
o forwarded-tcpip: This is remote port forwarding
o direct-tcpip: This is local port forwarding
4/9/2018 45
The life of a channel progresses
through three stages:
o Opening a channel,
o Data transfer
o Closing a channel.
4/9/2018 46
23
� 4/9/2018
convert insecure TCP connection into a secure
SSH connection
o SSH Transport Layer Protocol establishes a TCP
connection between SSH client & server
o client traffic redirected to local SSH, travels via tunnel,
then remote SSH delivers to server
supports two types of port forwarding
o local forwarding – hijacks selected traffic
o remote forwarding – client acts for server
4/9/2018 47
4/9/2018 48
24
� 4/9/2018
49
4/9/2018 50
25
� 4/9/2018
Concepts
Web Security Issues
Security Socket Layer (SSL)
Transport Layer Security (TLS)
HTTPS
Secure Shell (SSH)
4/9/2018 51
Experience
o HTTPS: (HTTP over SSL)
• Check if a web browser can establish a secure connection
(TLS/SSL) with the site.
• configure the HTTPS service in Internet Information Services (IIS)
o SSH:
• Set up SSH Server – Client: on linux with authentication methods:
• publickey
• password
• hostbased
4/9/2018 52
26
� 4/9/2018
Step 1: Create a New Web Site
Step 2: Create a new Self Signed Certificate
Step 3: Enable HTTPS Bindings for our New Site
Step 4: Test out the Site
4/9/2018 53
4/9/2018 54
27
� 4/9/2018
4/9/2018 55
4/9/2018 56
28
� 4/9/2018
4/9/2018 57
4/9/2018 58
29
� 4/9/2018
Cryptography and Network Security, Principles
and Practice, William Stallings, Prentice Hall,
Sixth Edition, 2013
o Chapter 16
o Others
4/9/2018 59
30
