Jom Belajar Keselamatan Rangkaian

1Rangkaian!,Kebolehcapaian didahulukan,Keselamatan diutamakan!!

Sunday, November 1, 2009

Security in Applications

What is Email?
  • What is an e-mail?
    • An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822
  • Contain Two parts, separated by blank line:
    • The header: sender, recipient, date, subject, delivery path,…
    • The body: containing the actual message content.
Security provided in E-mail
  • Confidentiality
  • Data origin authentication
  • Message integrity
  • Non-repudiation of origin
  • Key management
MIME(Multipurpose Internet Mail Extensions)
  • Extends the capabilities of RFC 822 to allow e-mail to carry non-textual content, non-ASCII character sets, long messages.
  • Uses extra header fields in RFC 822 e-mails to specify form and content of extensions.
  • Supports a variety of content types, but e-mail still ASCII-coded for compatibility.
  • Specified in RFCs 2045-2049.
E-mail Security Threats
  • Two main group:
    • Threats to the security of e-mail itself
    • Threats to an organisation that are enabled by the use of e-mail.
  • Loss of confidentiality.
    • E-mails are sent in clear over open networks.
    • E-mails stored on potentially insecure clients and mail servers.
    • Ensuring confidentiality may be important for e-mails sent within an organisation.
  • Loss of integrity.
    • No integrity protection on e-mails; body can be altered in transit or on mail server.
  • Lack of data origin authentication.
    • Is this e-mail really from the person named in the From: field?
    • How many Kenny.Paterson’s are there?
    • Recall SMTP directly over telnet allows forgery of all e-mail fields!
    • E-mail could also be altered in transit.
    • Even if the From: field looks fine, who was logged in as Kenny.Paterson when the e-mail was composed?
    • Sharing of e-mail passwords common.
Threats Enabled by E-mail
  • Disclosure of sensitive information.
    • It’s easier to distribute information by e-mail than it is by paper and snail mail.
    • Disclosure may be deliberate (and malicious) or unintentional.
    • Disclosure may be internal or external (e-mail crosses LANs as well as the Internet).
    • Disclosure may be of personal, inappropriate, commercially sensitive or proprietary information.
    Can lead to loss of reputation and ultimately dismissal of staff.
  • Exposure of systems to denial of service attacks.
    • E-mail server attached to network, may be vulnerable to DoS attacks.
    • More relevant with increasing dependence on e-mail as a communications tool.
    • For example, a virulent worm using large percentage of network capacity to spread will prevent efficient use of e-mail as well as slowing down web browsing.
  • Spamming.
    • Spam wastes bandwidth and decreases productivity.
    • Hotmail and other free e-mail systems are particularly victimised by spammers.
    • 50% and more of all e-mail is now spam.
    • Anti-spam legislation in development or on the statute books in many countries.
  • Originated from RSA Data Security Inc. in 1995.
  • Further development by IETF S/MIME working group at:
  • Version 3 specified in RFCs 2630-2634.
  • Allows flexible client-client security through encryption and signatures.
  • Widely supported, e.g. in Microsoft Outlook, Netscape Messenger, Lotus Notes.
  • PGP=“Pretty Good Privacy”
    • First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy.
    • Freeware: OpenPGP and variants:
    • Commercial: formerly Network Associates International, now PGP Corporation at
    • OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.
    • Available as plug-in for popular e-mail clients, can also be used as stand-alone software.
Web Security
  • Web security includes:
    • Security of server
    • Security of client
    • Network traffic security between a browser and a server
  • SSH
  • SET
  • SSL/TLS widely used in Web browsers and servers to support ‘secure e-commerce’ over HTTP.
    Built into Microsoft IE, Netscape, Mozilla, Apache, IIS
    The (in)famous browser lock.
  • SSL architecture provides two layers:
    • SSL Record Protocol
    • Provides secure, reliable channel to upper layer.
  • Upper layer carrying:
    SSL Handshake Protocol, Change Cipher Spec. Protocol, Alert Protocol, HTTP, any other application protocols.
SSL/TLS Applications
  • Secure e-commerce using SSL/TLS.
  • Client authentication not needed until client decides to buy something.
  • SSL provides secure channel for sending credit card information, personal details, etc.
  • Client authenticated using credit card information, merchant bears (most of) risk.
  • Very successful (, on-line supermarkets, airlines,…)
  • Secure e-commerce: some issues.
    • No guarantees about what happens to client data (including credit card details) after session: may be stored on insecure server.
    • Does client understand meaning of certificate expiry and other security warnings?
    • Does client software actually check complete certificate chain?
    • Does the name in certificate match the URL of e-commerce site? Does the user check this?
    • Is the site the one the client thinks it is?
    • Is the client software proposing appropriate ciphersuites?
  • Secure electronic banking.
    • Client authentication may be enabled using client certificates.
    • Issues of registration, secure storage of private keys, revocation and re-issue.
    • Otherwise, SSL provides secure channel for sending username, password, mother’s maiden name,…
    • What else does client use same password for?
    • Does client understand meaning of certificate expiry and other security warnings?
    • Is client software proposing appropriate ciphersuites?
    • Enforce from server.
  • SSH = Secure Shell.
    • Initially designed to replace insecure rsh, telnet utilities.
    • Secure remote administration (mostly of Unix systems).
    • Extended to support secure file transfer and e-mail.
    • Latterly, provide a general secure channel for network applications.
    • SSH-1 flawed, SSH-2 better security (and different architecture).
  • SSH provides security at Application layer.
    • Only covers traffic explicitly protected.
    • Applications need modification, but port-forwarding eases some of this (see later).
    • Built on top of TCP, reliable transport layer protocol.
SSH Applications
  • Anonymous ftp for software updates, patches...
    • No client authentication needed, but clients want to be sure of origin and integrity of software.
  • Secure ftp.
    • E.g.upload of webpages to webserver using sftp.
    • Server now needs to authenticate clients.
    • Username and password may be sufficient, transmitted over secure SSH transport layer protocol.
  • Secure remote administration.
    • SysAdmin (client) sets up terminal on remote machine.
    • SysAdmin password protected by SSH transport layer protocol.
    • SysAdmin commands protected by SSH connection protocol.
  • Guerilla Virtual Private Network.
    • E.g. use SSH + port forwarding to secure e-mail communications.
SET Flow
SET Security Issues
  • Two pairs of PKs per entity
    • One pair for signing
    • One pair for exchanging keys
  • Assumes full PKI is available
    • Including revocation
  • Merchant does not see payment instrument used
Web Vulnerabilities
  • Revealing private information on server
  • Intercept of client information
  • Execute unauthorized programs
  • Denial of service
How to Secure the Web
  • Access control via addresses
    • Basic (username, password)
      Can be used along with cookie
    • Digest
  • Access control via addresses
  • Multi-layered:
    • S-http (secure http), just for http
    • Proposed by CommerceNet, pretty much dead
  • SSL (TLS), generic for TCP
    • https: http over SSL
  • IPSec
HTTP Authentication
  • Client doesn’t know which method
  • Client attempts access (GET, PUT, …)
  • Server returns
    • “401 unauthorized”
    • Realm: protection space
  • Client tries again with (user:password)
    • Passwords in the clear
    • Repeated for each access
HTTP Access Control - Digest
Server sends www-authenticate parameters:
  • Realm
  • Domain
  • Nonce, new for each 401 response
    • E.G. H(client-IP:timestamp:server-secret)
  • Algorithm
    • E.G., MD5
Client sends authorization response:
  • Same nonce
  • H(A1), where a1=user:realm:password, and other information
  • Steal H(A1)
    • Only good for realm
  • HTTPS = Secure Hypertext Transfer Protocol
  • HTTPS is a communications protocol designed to transfer encrypted information between computers over the World Wide Web (WWW)
  • Essentially an implementation of HTTP
  • Commonly used Internet protocol using an SSL
  • Used to enable online purchasing or the exchange of private information and resources over insecure networks


Post a Comment

Subscribe to Post Comments [Atom]

<< Home