security, privacy and trust - web technologies (1019888bnr)

2 December 2005

Web TechnologiesSecurity, Privacy and Trust

Prof. Beat Signer

Department of Computer Science

Vrije Universiteit Brussel

http://www.beatsigner.com

http://www.beatsigner.com/

Beat Signer - Department of Computer Science - [email protected] 2December 23, 2016

Security Aspects

Authenticity knowing the sender or receiver of data

- who is trying to access data on a web server

- who is offering a service

- who sent an email

- …

Privacy keeping information private

- protect credit card information that is sent to a server

- protect information sent in emails

- …

Integrity ensuring that information is not changed when transferred


HTTP Authentication

Native authentication functionality offered by HTTP instead of directly sending a response for a given request, the

server can always respond with an authentication challenge(401 status code)

HTTP is extensible to support different authentication

protocols and offers the following two standard protocols basic access authentication

- simple Base64 encoding of the string <username>:<password>

digest access authentication

Protected resources can be grouped in security realms

with different sets of authorised users or groups of users


Basic Access Authentication

Client Server

GET /wise/exam.pdf HTTP/1.0

Client Server

Client Server

Client Server

ask

password

try to access

a protected

resource

HTTP/1.0 401 Authorization RequiredWWW-Authenticate: Basic realm="WISE"

GET /wise/exam.pdf HTTP/1.0Authorization: Basic YmVhdDpydWxleg==

HTTP/1.0 200 OKContent-type: application/pdf

Internet


Base64 Encoding

Base64 encoding can be used to represent binary data

in a portable format (alphabet) used by MIME for content transfer encoding

used to embed binary data in XML files (e.g. in XML-RPC)

note that Base64 encoded data needs more space

Takes a sequence of bytes (8-bit) and breaks it into 6-bit

chunks padding with 0s to make it a multiple of 24 (LCM of 6 and 8)

complete 6-bit padding chunks are represented by the special character '='

Each 6-bit chunk is then represented by a character from

a 64-character alphabet


Base64 Encoding Example

Let us encode the string

'No' to Base64

padding to 24 bit

lookup of 6-bit chunks in

index table

use '=' for completely padded

6-bit chunks

val

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

char

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

val

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

char

Q

R

S

T

U

V

W

X

Y

Z

a

b

c

d

e

f

val

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

char

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

val

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

char

w

x

y

z

0

1

2

3

4

5

6

7

8

9

+

/

01001110

N o

01101111 00000000

19 38 60

T m 8 =

Base64 index table

Text

Bit Pattern

Index

Base64

padding


Web Server Configuration

Example configuration for an Apache HTTP Server

Create a new password file (using the –c parameter)

Put an .htaccess file with the configuration into the

directory that has to be protected alternatively add information to httpd.conf

#htpasswd -c /usr/local/apache/admin/passwords nelson

New password: nelson123Re-type new password: nelson123Adding password for user nelson

AuthType BasicAuthName "WISE"AuthUserFile /usr/local/apache/admin/passwordsRequire user nelson


Basic Access Authentication ...

Basic access authentication is not secure username and password are sent almost in "cleartext"

- Base64 value can be very easily decoded

easy to do replay attacks

- simply reuse the Base64-encoded username and the password

Potential solutions combine the basic access authentication with an encrypted data

transfer (e.g. via TLS/SSL)

- does not necessarily prevent replay attacks

use of alternative digest access authentication


Digest Access Authentication

Password is no longer sent in cleartext only a one-way digest that is computed out of the password

(one-way hash function) is sent to the server

Message Digest #5 (MD5) is a popular digest function

What about digest replay attacks? server sends a special token (nonce) that changes frequently

client adds the nonce to the password before computing the MD5

- any changes of the nonce result in changes of the digest which helps to

prevent replay attacks

h1 = MD5(username:realm:password)h2 = MD5(httpMethod:requestedURI)response = MD5(h1:nonce:h2)

Computed response based on MD5


Digest Access Authentication ...

Client Server

GET /wise/exam.pdf HTTP/1.0

Client Server

Client Server

Client Server

ask

password

HTTP/1.0 401 UnauthorizedWWW-Authenticate: Digest realm="WISE",qop="auth,auth-int" nonce="6G543RED"

GET /wise/exam.pdf HTTP/1.0Authorization: Digest username="nelson",realm="WISE", nonce="6G543RED",qop="auth", response="HF779RW47R7HF",...

HTTP/1.0 200 OKAuthorization-Info: nextnonce="7HZT7F6"...

Internet

try to access

a protected

resource


Digest Access Authentication ...

The Authorization-Info: nextnonce="..." is used

to send the next nonce in advance client can send the computed hash value already with the original

request (preemptive authorization)

The quality of protection (qop) field is used to

negotiate different protection mechanisms auth

- authentification

auth-int

- authentification and message integrity protection

- add an MD5 of the body


Transport Layer Security (TLS)

Cryptographic protocol to

ensure secure network

communication

successor of the Secure

Socket Layer (SSL) protocol

situated at the TCP/IP

Application Layer or OSI

Presentation Layer

Types of authentification

unilateral authentification

- only server authentification

mutual authentification

- client and server authentification

TCP/IP stack

Transport

Application

Link

Internet

TLS/SSL


Cryptography

In cryptography a cipher (coding scheme)

is used in combination with a key to create

a ciphertext out of a plaintext

Cryptanalysis tries to get information out of the ciphertext

without having access to the secret information (key)

MEET MEAT NOON

PHHW PHDW QLLQ

MEET MEAT NOONcipher

(encoder)

cipher

(decoder)ciphertext

key key

plaintext plaintext


Symmetric Key Cryptography

A symmetric key cipher uses the same key for the

encoding and decoding of a plaintext message

Many existing symmetric key ciphers DES, Triple DES, Blowfish, Rijndael/AES, ...

The algorithms are often common knowledge and the

key is the only secret thing key has to be kept secret

Brute force attack (enumeration attack) tries all keys

The key length defines the number of potential keys e.g. 128 bit key considered safe today

- can change with more powerful machines


Symmetric Key Cryptography ...

One problem of symmetric key cryptography is that we

have to secretly share the common key before we can

exchange any messages this has to be repeated with different keys for any two partners

willing to establish a secret communication

how should we establish the exchange over the Internet?

- initially only an insecure channel is available

where should we secretly store all those keys?


Public Key (Asymmetric) Cryptography

Instead of a single key, public key cryptography uses an

asymmetric pair of keys publicly available key for the encoding

secret key for the decoding

Each party has only a single public key which is used by

everybody to encode messages to this party only the receiver can decode message with their private key

MEET MEAT NOON

hJ7FHDuKJF Z8efsdlgi MEET ME

AT NOONcipher

(encoder)

cipher

(decoder)ciphertext

public key B private key B

plaintext plaintext

A B


Public Key (Asymmetric) Cryptography ...

Public key cryptography can be used to establish secure

Internet connections to any computer around the world

without having to secretly share a key beforehand

An asymmetric public key cipher has to ensure that an

attacker cannot compute the private key based on any

information they can intercept public key

ciphertext (with corresponding plaintext)

- can easily be created by any party by using the public key

A well known public key algorithm is the RSA cipher


RSA Cipher (Rivest, Shamir and Adleman)

Public-key cipher that can

be used for encryption as

well as signing published in 1978 by Rivest,

Shamir and Adleman while they were at MIT

The public and private keys are

generated based on two large distinct prime numbers the potential attacker will know about the product of the two prime

numbers but nothing about the numbers themselves

use modular arithmetic for the encoding/decoding

as long as the attacker is not able to do a factorisation into the two prime numbers, RSA is assumed to be secure

Adi Shamir, Ron Rivest and Len Adleman


Public Key (Asymmetric) Cryptography ...

A drawback of asymmetric public key cryptography is the

fact that the algorithms are much slower than symmetric

ciphers

Hybrid solutions combine public key with symmetric key

cryptography the public key encryption is only used in the setup phase to

securely exchange a pair of symmetric keys

afterwards a secure channel is established based on the symmetric keys

Security of public key cryptography? new developments (e.g. quantum computing) might break public

key cryptography


Digital Signatures

A digital signature can be used for two purposes to prove the authenticity of a message

to guarantee that a message has not been changed during the transfer (integrity)

Sender creates a plaintext digest, encodes it with the

private key and adds it as a signature to the message the receiver creates the same digest and compares it with the

decoded signature

ciphercipher

private key A public key A

plaintext plaintextplaintext

signature

digestdigest digest

same?

A B


Digital Certificates

Information about a

person/company that is

digitally signed by a

certificate authority (CA)

owner's name

validity time

signature of the CA

owner's public key


HTTP Secure (HTTPS)

Secure version of HTTP combines HTTP with asymmetric, symmetric and certificate-

based cryptography

HTTP sent over TLS/SSL

HTTPS protocol is selected by the https:// URL prefix

Browser connects to the HTTPS default port (port 443) Initial SSL handshake

- negotiate protocol versions

- negotiate common cipher

- authentication

- generate temporary symmetric session keys


Email Security

Emails are generally sent as unencrypted plain text

An email is stored on multiple intermediary servers

before reaching its target relatively easy to intercept

would you also put anything you write in an email on a postcard?

Note that the sender of an email can easily be faked

If we want to fix these problems we have to use third-

party tools such as Pretty Good Privacy (PGP) privacy

- strong encryption

authentication

- digital signatures


Email SPAM

Abuse of an electronic messaging

system (email) to deliver unwanted messages

A major part of all SPAM is sent by only a few hundred

spammers

It is estimated that SPAM costs businesses more than

100 billion dollars per year

SPAM is illegal in many countries and some spammers

have already been sentenced to jail

"Solutions" SPAM filters

micropayments for emails


Email SPAM ...

Phishing attacks send emails that look like coming from an official authority

and contain a request for sensitive data (e.g. password)

send emails with links to websites that look like official companies (e.g. your homebank)

Spammers often use botnets to send their SPAM


Botnets

Computers infected by malicious software become part

of a large botnet that can be remotely controlled the largest botnets contain more than 1 million machines

An attacker can buy part of such a botnet to perform

various harmful tasks including the distribution of SPAM

distributed denial of service attacks (DDOS)

Distributed denial of service attacks are a very powerful

weapon as it has for example been shown when Estonia

was attacked in May 2007 cannot easily be detected and filtered by firewalls since the traffic

is created by many different machines


Firewalls

Software and hardware firewalls introduce artifical

"bottlenecks" that have to be passed by all the traffic block specific ports

filter and block content

protect private intranets from incoming Internet traffic

- often only a subnetwork (demilitarised zone) is connected to the Internet

Internet

Client Server

Firewall


Privacy

While users access information over the Internet,

there is a continuous logging of their requests

Each server stores information about clients who

accessed specific resources

Data mining techniques can be used to combine this

logging information and create user profiles can for example be used for user-targeted advertising

Users also "deliberately" publish personal information e.g. on Facebook

Published information often cannot be easily deleted e.g. still accessible via Internet Archive (http://www.archive.org)


Web Log

Log entry created every time a web server is accessed

A log entry typically contains information about IP address of the requesting machine

accessed URL

request time

refer link (previous page accessed by the client)

- sent as part of the HTTP Request

browser type

errors that occured

...


Web Log

Web logs can be combined with other information e.g. login information can be used to reveal a user's identity

Refer link enables access to potentially private information

e.g. if previous request was an HTML form request using the GETmethod then all the data will be available as part of the URL

XXX.XXX.XXX.193 - - [02/Dec/2009:05:50:40 +0100] "GET /knives-shun-c-81_114-l-en.html?gclid=CLOFucf5tp4CFc5L5Qod8jQzpA HTTP/1.1" 200 65478 "http://guelph.kijiji.ca/f-Shun-Classifieds-W0QQKeywordZShunQQisSearchFormZtrue" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.15) Gecko/2009101601 Firefox/3.0.15"XXX.XXX.XXX.116 - - [02/Dec/2009:05:50:42 +0100] "GET /images/Jamie%20Oliver/flavourShakerSchwarz.jpg HTTP/1.1" 200 3594 "http://www.tenera.ch/kenwood-pasta-roller-at970a-for-lasagne-base-unit-p-1314-l-en.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"XXX.XXX.XXX.139 - - [02/Dec/2009:05:52:19 +0100] "GET /stylesheet.css HTTP/1.1" 200 10185 "http://www.tenera.ch/kai-seki-magoroku-redwood-nakirimesser-165-cm-p-1433-l-de.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"XXX.XXX.XXX.139 - - [02/Dec/2009:05:52:19 +0100] "GET /kai-seki-magoroku-redwood-nakirimesser-165-cm-p-1433-l-de.html HTTP/1.1" 200 60636 "http://www.google.ch/search?hl=de&source=hp&q=seki+magoroku&meta=&aq=0&oq=seki+ma" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"XXX.XXX.XXX.139 - - [02/Dec/2009:05:52:21 +0100] "GET /images/pixel_trans.gif HTTP/1.1" 200 43 "http://www.tenera.ch/kai-seki-magoroku-redwood-nakirimesser-165-cm-p-1433-l-de.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"...

web log with refer links


Web Log File Analysis

Site owner can use

various tools to analyse

the log files e.g. Webalizer

How much information do

we give away when

accessing a website?

What is happening with the logged data? combined with other information to reveal IP addresses?

combined with log files from other sites?

- user profiling

intended use of data should be mentioned in the privacy policy


Cookies Revisited

Persistent cookies can be used to track a

user over time similar to IP address but more precise

Third-party cookies can be used to build an anonymous

user profile if a website contains elements that have to be accessed from

another server (e.g. banner ads), then the server can set a cookie

- the third-party server creates a unique resource URL for every page on which

the resource has been embedded

- the user can be tracked on any site that uses the same service (e.g. banner

ads) and an anonymous user profile can be created

Cookies should not be used for authentication can be modified by a user to forge identity (cookie poisoning)


Web Bugs

User tracking based on the same idea as

with third-party cookies

Embed a small object (e.g. 1 pixel image) in a webpage

and get informed every time the webpage is accessed request containing the IP address is sent to the server

The web bugs approach cannot only be used for

webpages but also for other resources such as email,

Word documents etc. if the user reads an email containing an embedded HTML web

bug, the server knows when the email has been read but also gets information about the IP address of the mail client


Other Services with Privacy Issues

Google Earth shows a lot of sensitive information e.g. military bases etc.

Google Street View shows not only streets and buildings

but also citizens privacy of individuals might be violated since they are shown at

strange places or in weird situations

since the blurring of faces and number plates does not always work, some countries would like to stop the service

Many other free services from Google as well as other

companies harvest personal information and use it, for

example, for customer-targeted advertising


Video: Google Analytics


Google Analytics

Very nice tool for web administrators to analyse their

web traffic easy to "install" over the Web

website administrators have to add a piece of JavaScript code to their website

- similar to web bug approach shown earlier

Google gets information about site visitors

While a user can normally choose to use a free service

(e.g. Gmail) or not, the user has no choice when it

comes to the tracking via Google Analytics

How save is the captured data? what if somebody manages to steal the data?


Course Summary

1. Introduction history of the Web

- Memex, Xanadu and various hypertext systems

ARPANET and TCP/IP

World Wide Web

2. Web Architectures HTTP protocol and session management

client-server architectures, proxies, tunnels and gateways

caching

client-side processing

- JavaScript, Java Applets, ...

server-side processing

- CGI, Java Servlets, JavaServer Pages (JSP), ...


Course Summary …

3. HTML5 and the Open Web Platform history of HTML

HTML5 principles and markup

HTML5 APIs

- e.g. WebSockets, Geolocation, Drag and Drop, …

JavaScript Object Notation (JSON)

4. Web Application Frameworks Model-View-Controller (MVC)

Apache Struts 2

Apache Flex, CakePHP, Ruby on Rails, ...

web content management systems


Course Summary …

5. CSS3 and Responsive Web Design CSS syntax and selectors

CSS inclusion and cascading

box model and layouting

responsive web design

- media queries, breakpoints, …

6. JavaScript and jQuery basic JavaScript concepts

JavaScript best practises

jQuery syntax and event handling


Course Summary …

7. XML and Related Technologies SAX (Simple API for XML) and DOM (Document Object Model)

XSL (XSLT)

XPath, XPointer and XLink

Document Type Definition (DTD) and XML Schema

XML-RPC, VoiceXML etc.

8. Web 2.0 Patterns and Technologies main concepts and interactions

various Web 2.0 applications and social implications

asynchronous partial updates and RIAs

- AJAX and JSON-RPC

service-oriented architectures (SOAs)

- Big Web Services and RESTful Web Services


Course Summary …

9. Semantic Web semantic web stack

- RDF and RDFS, OWL, SPARQL, ...

semantic web applications

(X)HTML extensions and HTML5 Microdata

- Microformats, RDFa

10.Web Search and SEO information retrieval concepts

web search engine architectures

Google PageRank algorithm

search engine optimisations (SEO)

- e.g. white and black hat optimisations


Course Summary …

11.Security, Privacy and Trust HTTP Authentication

- basic authentication, digest authentication and base64 encoding

symmetric key and public key cryptography

- RSA cipher

digital signatures and digital certificates

TLS/SSL and HTTP Secure (HTTPS)

privacy issues


Exam

Exams on January 26 and February 1, 2017

Each student will be assigned an examination slot

of 20 minutes 5 minutes for questions about the assignment (6 ECTS)

15 minutes oral exam about different topics that have been covered in the course

- note that there will be no specific preparation time

Overall grade = oral exam (60%) + assigment (40%) students have some flexibility in distributing the grades for the

assignment (±2 points)

Students following the 3 ECTS programme will only have

an oral exam (100%) and no assigment


Exam …

You will have to register for a specific examination via

PointCarré (deadline December 23, 2016)

Submission of the assignment via PointCarré (dropbox) deadline: December 23, 24:00 (UTC)

You can bring the copies of your solutions for the

exercises with you as they might be used as a basis for

discussion during the oral exam

The exam will cover all the content presented in the

lectures as well as any additional information from the

exercise sessions includes the videos shown in some of the lectures


Exam …

Remember to read the following paper as it forms part of

the course material Vannevar Bush, As We May Think, Atlanic Monthly, July 1945

Make sure that you can sketch basic architectures of

web information systems possible roles of different technologies

know how the things presented in different lectures fit together

- e.g. security applied to varying architectures

- e.g. web search for RIAs

- …

Make sure that you understand the basic concepts however, we might ask questions at any level of detail to evaluate

your knowledge


References

David Gourley et al., HTTP: The Definitive

Guide, O'Reilly Media, September 2002

Google Analytics Video http://www.youtube.com/watch?v=rHeKRvo6OhI

R.L. Rivest, A. Shamir and L. Adleman, A Method for

Obtaining Digital Signatures and Public-Key

Cryptosystems Authentication, Communications of the

ACM, February 1978

http://www.youtube.com/watch?v=rHeKRvo6OhI

2 December 2005

The End

Good Luck with the Exam!

security, privacy and trust - web technologies (1019888bnr)

Education