web security
play

Web Security [SSL/TLS and Browser Security Model] Fall 2017 - PowerPoint PPT Presentation

Feb 21, 2023 •125 likes •570 views

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [SSL/TLS and Browser Security Model] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

  1. CSE 484 / CSE M 584: Computer Security and Privacy Web Security [SSL/TLS and Browser Security Model] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Keys for People: Keybase • Basic idea: – Rely on existing trust of a person’s ownership of other accounts (e.g., Twitter, GitHub, website) – Each user publishes signed proofs to their linked account https://keybase.io/ 11/1/17 CSE 484 / CSE M 584 - Fall 2017 2

  3. SSL/TLS • Secure Sockets Layer and Transport Layer Security protocols – Same protocol design, different crypto algorithms • De facto standard for Internet security – “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications” • Deployed in every Web browser; also VoIP, payment systems, distributed systems, etc. 11/1/17 CSE 484 / CSE M 584 - Fall 2017 3

  4. TLS Basics • TLS consists of two protocols – Familiar pattern for key exchange protocols • Handshake protocol – Use public-key cryptography to establish a shared secret key between the client and the server • Record protocol – Use the secret symmetric key established in the handshake protocol to protect communication between the client and the server 11/1/17 CSE 484 / CSE M 584 - Fall 2017 4

  5. Basic Handshake Protocol ClientHello Client announces (in plaintext): • Protocol version it is running • Cryptographic algorithms it supports • Fresh, random number S C 11/1/17 CSE 484 / CSE M 584 - Fall 2017 5

  6. Basic Handshake Protocol C, version c , suites c , N c ServerHello Server responds (in plaintext) with: • Highest protocol version supported by S C both the client and the server • Strongest cryptographic suite selected from those offered by the client • Fresh, random number 11/1/17 CSE 484 / CSE M 584 - Fall 2017 6

  7. Basic Handshake Protocol C, version c , suites c , N c version s , suite s , N s , ServerKeyExchange S C Server sends his public-key certificate containing either his RSA, or his Diffie-Hellman public key (depending on chosen crypto suite) 11/1/17 CSE 484 / CSE M 584 - Fall 2017 7

  8. Basic Handshake Protocol C, version c , suites c , N c version s , suite s , N s , certificate, “ ServerHelloDone ” ClientKeyExchange S C The client generates secret key material and sends it to the server encrypted with the server’s public key (if using RSA) 11/1/17 CSE 484 / CSE M 584 - Fall 2017 8

  9. Basic Handshake Protocol C, version c , suites c , N c version s , suite s , N s , certificate, “ ServerHelloDone ” {Secret c } PKs if using RSA S C C and S share secret key material (secret c ) at this point switch to keys derived switch to keys derived from secret c , N c , N s from secret c , N c , N s Finished Finished Record of all sent and received handshake messages 11/1/17 CSE 484 / CSE M 584 - Fall 2017 9

  10. “Core” SSL 3.0 Handshake C, version c =3.0, suites c , N c version s =3.0, suite s , N s , certificate, “ ServerHelloDone ” {Secret c } PKs if using RSA S C C and S share secret key material (secret c ) at this point switch to keys derived switch to keys derived from secret c , N c , N s from secret c , N c , N s Finished Finished 11/1/17 CSE 484 / CSE M 584 - Fall 2017 10

  11. Version Rollback Attack C, version c = 2.0 , suites c , N c Version s = 2.0 , suite s , N s , Server is fooled into thinking he is communicating with a client who certificate, supports only SSL 2.0 “ ServerHelloDone ” {Secret c } PKs if using RSA S C C and S end up communicating using SSL 2.0 (weaker earlier version of the protocol that does not include “ Finished ” messages) 11/1/17 CSE 484 / CSE M 584 - Fall 2017 11

  12. “Chosen-Protocol” Attacks • Why do people release new versions of security protocols? Because the old version got broken! • New version must be backward-compatible – Not everybody upgrades right away • Attacker can fool someone into using the old, broken version and exploit known vulnerability – Similar: fool victim into using weak crypto algorithms • Defense is hard: must authenticate version in early designs • Many protocols had “version rollback” attacks – SSL, SSH, GSM (cell phones) 11/1/17 CSE 484 / CSE M 584 - Fall 2017 12

  13. Version Check in SSL 3.0 C, version c =3.0, suites c , N c version s =3.0, suite s , N s , certificate for PK s , “ ServerHelloDone ” “ Embed ” version number into secret S C Check that received version is equal to the version in ClientHello {version c , secret c } PKs C and S share secret key material secret c at this point switch to key derived switch to key derived from secret c , N c , N s from secret c , N c , N s 11/1/17 CSE 484 / CSE M 584 - Fall 2017 13

  14. Browser Security Model 11/1/17 CSE 484 / CSE M 584 - Fall 2017 14

  15. Big Picture: Browser and Network request website Browser reply OS Network Hardware 11/1/17 CSE 484 / CSE M 584 - Fall 2017 15

  16. HTTP: HyperText Transfer Protocol • Used to request and return data – Methods: GET, POST, HEAD, … • Stateless request/response protocol – Each request is independent of previous requests – Statelessness has a significant impact on design and implementation of applications • Evolution – HTTP 1.0: simple – HTTP 1.1: more complex 11/1/17 CSE 484 / CSE M 584 - Fall 2017 16

  17. HTTP Request Method File HTTP version Headers GET /default.asp HTTP/1.0 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Connection: Keep-Alive If-Modified-Since: Sunday, 17-Apr-96 04:32:58 GMT Blank line Data – none for GET 11/1/17 CSE 484 / CSE M 584 - Fall 2017 17

  18. HTTP Response HTTP version Status code Reason phrase Headers HTTP/1.0 200 OK Date: Sun, 21 Apr 1996 02:20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Data Content-Type: text/html Last-Modified: Thu, 18 Apr 1996 17:39:05 GMT Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML> 11/1/17 CSE 484 / CSE M 584 - Fall 2017 18

  19. Website Storing Info in Browser A cookie is a file created by a website to store information in the browser POST login.cgi username and pwd Browser Server HTTP Header: Set-cookie: NAME=VALUE ; domain = (who can read) ; If expires = NULL, expires = (when expires) ; this session only secure = (send only over HTTPS) GET restricted.html Browser Cookie: NAME=VALUE Server HTTP is a stateless protocol; cookies add state 11/1/17 CSE 484 / CSE M 584 - Fall 2017 19

  20. What Are Cookies Used For? • Authentication – The cookie proves to the website that the client previously authenticated correctly • Personalization – Helps the website recognize the user from a previous visit • Tracking – Follow the user from site to site; learn his/her browsing behavior, preferences, and so on 11/1/17 CSE 484 / CSE M 584 - Fall 2017 20

  21. Two Sides of Web Security • Web browser – Responsible for securely confining Web content presented by visited websites • Web applications – Online merchants, banks, blogs, Google Apps … – Mix of server-side and client-side code • Server-side code written in PHP, Ruby, ASP, JSP… runs on the Web server • Client-side code written in JavaScript… runs in the Web browser – Many potential bugs: XSS, XSRF, SQL injection 11/1/17 CSE 484 / CSE M 584 - Fall 2017 21

  22. All of These Should Be Safe • Safe to visit an evil website • Safe to visit two pages at the same time • Safe delegation 11/1/17 CSE 484 / CSE M 584 - Fall 2017 22

  23. Where Does the Attacker Live? request website Browser Network reply attacker Web attacker OS Network Malware attacker Hardware 11/1/17 CSE 484 / CSE M 584 - Fall 2017 23

  24. Web Attacker • Controls a malicious website (attacker.com) – Can even obtain an SSL/TLS certificate for his site • User visits attacker.com – why? – Phishing email, enticing content, search results, placed by an ad network, blind luck … • Attacker has no other access to user machine! • Variation: “ iframe attacker ” – An iframe with malicious content included in an otherwise honest webpage • Syndicated advertising, mashups, etc. 11/1/17 CSE 484 / CSE M 584 - Fall 2017 24

  25. HTML and JavaScript Browser receives content, <html> displays HTML and executes scripts … <p> The script on this page adds two numbers <script> var num1, num2, sum num1 = prompt("Enter first number") num2 = prompt("Enter second number") sum = parseInt(num1) + parseInt(num2) alert("Sum = " + sum) </script> … A potentially malicious webpage gets to </html> execute some code on user’s machine! 11/1/17 CSE 484 / CSE M 584 - Fall 2017 25

  26. Browser Sandbox • Goal: safely execute JavaScript code provided by a website – No direct file access, limited access to OS, network, browser data, content that came from other websites • Same origin policy – Can only access properties of documents and windows from the same domain, protocol, and port 11/1/17 CSE 484 / CSE M 584 - Fall 2017 26

  27. Same-Origin Policy Website origin = (scheme, domain, port) [Example thanks to Wikipedia.] 11/1/17 CSE 484 / CSE M 584 - Fall 2017 27

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann &amp; Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday &amp; Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security Specialists M. ANGELA SASSE, RUHR UNIVERSITY BOCHUM &amp; UCL The problem MENSCHLICH WELTOFFEN LEISTUNGSSTARK 2 ENISA Report December 2018

362 views • 33 slides
Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security:

Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security:

Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security: The protection a ff orded a

160 views • 4 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Election Security and Integrity What is election security? What is election integrity? Election

Election Security and Integrity What is election security? What is election integrity? Election

Election Security and Integrity What is election security? What is election integrity? Election Security = Physical Security + Cybersecurity Physical Security Security plans Secure storage of voting machines and electronic pollbooks

341 views • 13 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides

More recommend