6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
6/3/2015topic2 Overview Basics of Security Web Server Security Secure Applications using Java Servlets Certificates, PKI and SSL
6/3/2015topic3 Security Concepts: Authentication Authentication Verifying the identities of the parties involved Typical: user name and password Authentication applies to both client and server Client: want to know it is talking to the true server, not an imposter Server: want to know the client is a true client, not an imposter Problems with user names and password method?
6/3/2015topic4 Confidentiality Confidentiality: Only the parties involved can understand the communication Example: ensure no one else can intercept the transmission of credit-card numbers Relies heavily on cryptography But, need to key controls
6/3/2015topic5 Integrity Content of communication is not altered during transmission The alteration can be intentional or unintentional Need a mechanism to check if any character has been changed This can be accomplished again through cryptography
6/3/2015topic6 HTTP Authentication Basic Authentication in HTTP: user name and password Transmission Loophole: use Base64 encoding in the HTTP header Built into most web servers Apache: in httpd.conf file AuthType Basic AuthName CMPT470.com # This user file should be put under.../Apache/ directory AuthUserFile passwordfile.txt require valid-user
6/3/2015topic7 Form-based Custom Authentication Use an HTML Form to implement a custom authentication method Then, the servlet LoginHandler can access the user/password parameter and maintain session control for the current session First, it checks the user name and password Then, it sets a new session for the user Finally, it redirects the user to the target URL
6/3/2015topic8 Servlet Based Authentication Loginform.htmlLogin_servlet User accounts database Yes, valid user: go to applications No! Invalid user Login fails
6/3/2015topic9 Potential Problems Access control via password - susceptible to eavesdropping – confidentiality not guaranteed Wiretapping is especially easy in a LAN environment Potential Confidentiality and Integrity problems not solved Need encryption based methods for Confidentiality Integrity Advanced level of authenticity You are what you say you are
6/3/2015topic10 Private Key Algorithm The original message is called the plaintext (or cleartext), and the scrambled message ciphertext A key (a large number) is needed to scramble a message A private key algorithm (also called symmetric key algorithm) uses a private key that is known (only) to the sender and the receiver: E = encrypt(K, M) where M is the plaintext, E is the encrypted message, and K is the private key
6/3/2015topic11 Private Key Algorithm (cont’d) Decryption is the inverse of encryption: M = decrypt(K, encrypt(K, M)) The disadvantage of private key algorithms is that the key must be kept secret by both parties to avoid compromising security However, need to transmit keys over the Internet Someone may intercept the key in transmission! Private key algorithms include the Data Encryption Standard (DES) (used by Kerberos), IDEA (used by PGP).
6/3/2015topic12 Public Key System Also known as asymmetric key system which assigns a user a pair of keys, one public one private Encrypt with one key – Decrypt with another The encryption process is as follows M = decrypt(privK, encrypt(pubK, M)) where privK and pubK are the receipient’s private key and public key, respectively Thus, a sender encrypts the message using the receiver's public key which is publicly known; the receiver uses his/her private key to decrypt the message Solves the confidentiality problem: communication encrypted
6/3/2015topic13 Digital Signature Question: If cmpt470.com sends out a message, how do we know the message didn’t come from an imposter? A public key system can be used to implement digital signature (i.e., to authenticate the sender), in the following manner: let privK be a private key of cmpt470.com – only known to the real cmpt470.com, then when receiving M, M = decrypt(pubK, encrypt(privK, M)) The recipient can be certain of the authenticity of the sender because the latter is supposed to be the only person in possession of the private key
6/3/2015topic14 Public Key System (cont’d) Two levels of encryption can be used to guarantee that a message is both authentic and private: E = encrypt(pubK2, encrypt(privK1, M)) M = decrypt(pubK1, decrypt(privK2, E)) Public key algorithms include RSA, and Diffie- Hellman, Verisign.com
6/3/2015topic15 Digital Certificates Final Authentication Problem: How do we know cmpt470.com is for real? Answer: need a trusted authority to do the background work, and certify the public key of cmpt470.com Example: verisign.com Verisign calls the digital certificates the Verisign Server ID’s Vendors can obtain/purchase Server ID and signed Public Key from Verisign.com
6/3/2015topic16 Excerpted from Verisign.com whitepaper
6/3/2015topic17 Secure Socket Layer: SSL The above scenario has been implemented into many web servers To initiate, the client accesses a secure site by using the HTTPS (HTTP + SSL) protocol, as shown above SSL2.0 only has server authentication SSL3.0 also has client authentication Secure web servers listen on port 443 by default.
6/3/2015topic18 SSL SSL is used to encrypt the data between browser and server De facto standard for secure communication on the Web SSL support built into both NS and IE Requires a web server to install a digital certificate Obtained through versisign,com, netscape, etc Data encryption and decryption is completely transparent to servlet developers No additional Java coding required All needs done is for Web server to support SSL!