Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security, Privacy and Trust - Lecture 11 - Web Technologies (1019888BNR)

Beat Signer
December 05, 2023

Security, Privacy and Trust - Lecture 11 - Web Technologies (1019888BNR)

This lecture forms part of the course Web Technologies given at the Vrije Universiteit Brussel.

Beat Signer

December 05, 2023
Tweet

More Decks by Beat Signer

Other Decks in Education

Transcript

  1. 2 December 2005
    Web Technologies
    Security, Privacy and Trust
    Prof. Beat Signer
    Department of Computer Science
    Vrije Universiteit Brussel
    beatsigner.com

    View full-size slide

  2. Beat Signer - Department of Computer Science - [email protected] 2
    December 5, 2023
    Security Aspects
    ▪ Authenticity
    ▪ knowing the sender or receiver of data
    - who is trying to access data on a web server
    - who is offering a service
    - who sent an email
    - …
    ▪ Privacy
    ▪ keeping information private
    - protect credit card information that is sent to a server
    - protect information sent in emails
    - …
    ▪ Integrity
    ▪ ensuring that information is not changed when transferred

    View full-size slide

  3. Beat Signer - Department of Computer Science - [email protected] 3
    December 5, 2023
    HTTP Authentication
    ▪ Native authentication functionality offered by HTTP
    ▪ instead of directly sending a response for a given request, the
    server can always respond with an authentication challenge
    (401 status code)
    ▪ HTTP is extensible to support different authentication
    protocols and offers the following two standard protocols
    ▪ basic access authentication
    - simple Base64 encoding of the string :
    ▪ digest access authentication
    ▪ Protected resources can be grouped in security realms
    with different sets of authorised users or groups of users

    View full-size slide

  4. Beat Signer - Department of Computer Science - [email protected] 4
    December 5, 2023
    Basic Access Authentication
    Client Server
    GET /wise/exam.pdf HTTP/1.1
    Client Server
    Client Server
    Client Server
    ask
    password
    try to access
    a protected
    resource
    HTTP/1.1 401 Authorization Required
    WWW-Authenticate: Basic realm="WISE"
    GET /wise/exam.pdf HTTP/1.1
    Authorization: Basic YmVhdDpydWxleg==
    HTTP/1.1 200 OK
    Content-type: application/pdf
    Internet

    View full-size slide

  5. Beat Signer - Department of Computer Science - [email protected] 5
    December 5, 2023
    Base64 Encoding
    ▪ Base64 encoding can be used to represent binary data
    in a portable format (alphabet)
    ▪ used by Media Types (MIME) for content transfer encoding
    ▪ used to embed binary data in XML files (e.g. in XML-RPC)
    ▪ note that Base64 encoded data needs more space
    ▪ Takes a sequence of bytes (8-bit) and breaks it into 6-bit
    chunks
    ▪ padding with 0s to make it a multiple of 24 (LCM of 6 and 8)
    ▪ complete 6-bit padding chunks are represented by the special
    character '='
    ▪ Each 6-bit chunk is then represented by a character from
    a 64-character alphabet

    View full-size slide

  6. Beat Signer - Department of Computer Science - [email protected] 6
    December 5, 2023
    Base64 Encoding Example
    ▪ Let us encode the string
    'No' to Base64
    ▪ padding to 24 bit
    ▪ lookup of 6-bit chunks in
    index table
    ▪ use '=' for completely padded
    6-bit chunks
    val
    0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    char
    A
    B
    C
    D
    E
    F
    G
    H
    I
    J
    K
    L
    M
    N
    O
    P
    val
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    char
    Q
    R
    S
    T
    U
    V
    W
    X
    Y
    Z
    a
    b
    c
    d
    e
    f
    val
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    char
    g
    h
    i
    j
    k
    l
    m
    n
    o
    p
    q
    r
    s
    t
    u
    v
    val
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    char
    w
    x
    y
    z
    0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    +
    /
    01001110
    N o
    01101111 00000000
    19 38 60
    T m 8 =
    Base64 index table
    Text
    Bit Pattern
    Index
    Base64
    padding

    View full-size slide

  7. Beat Signer - Department of Computer Science - [email protected] 7
    December 5, 2023
    Web Server Configuration
    ▪ Example configuration for an Apache HTTP Server
    ▪ Create a new password file (using the –c parameter)
    ▪ Put an .htaccess file with the configuration into the
    directory that has to be protected
    ▪ alternatively add information to httpd.conf
    #htpasswd -c /usr/local/apache/admin/passwords nelson
    New password: nelson123
    Re-type new password: nelson123
    Adding password for user nelson
    AuthType Basic
    AuthName "WISE"
    AuthUserFile /usr/local/apache/admin/passwords
    Require user nelson

    View full-size slide

  8. Beat Signer - Department of Computer Science - [email protected] 8
    December 5, 2023
    Basic Access Authentication ...
    ▪ Basic access authentication is not secure
    ▪ username and password are sent almost in "cleartext"
    - Base64 value can be very easily decoded
    ▪ easy to do replay attacks
    - simply reuse the Base64-encoded username and the password
    ▪ Potential solutions
    ▪ combine the basic access authentication with an encrypted data
    transfer (e.g.via TLS/SSL)
    - does not necessarily prevent replay attacks
    ▪ use of alternative digest access authentication

    View full-size slide

  9. Beat Signer - Department of Computer Science - [email protected] 9
    December 5, 2023
    Digest Access Authentication
    ▪ Password is no longer sent in cleartext
    ▪ only a one-way digest that is computed out of the password
    (one-way hash function) is sent to the server
    ▪ Message Digest #5 (MD5) is a popular digest function
    ▪ What about digest replay attacks?
    ▪ server sends a special token (nonce) that changes frequently
    ▪ client adds the nonce to the password before computing the MD5
    - any changes of the nonce result in changes of the digest which helps to
    prevent replay attacks (but client still has sure about the server's identity)
    h1 = MD5(username:realm:password)
    h2 = MD5(httpMethod:requestedURI)
    response = MD5(h1:nonce:h2)
    Computed response based on MD5

    View full-size slide

  10. Beat Signer - Department of Computer Science - [email protected] 10
    December 5, 2023
    Digest Access Authentication ...
    Client Server
    GET /wise/exam.pdf HTTP/1.1
    Client Server
    Client Server
    Client Server
    ask
    password
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: Digest realm="WISE",
    qop="auth,auth-int" nonce="6G543RED"
    GET /wise/exam.pdf HTTP/1.1
    Authorization: Digest username="nelson",
    realm="WISE", nonce="6G543RED",
    qop="auth", response="HF779RW47R7HF",
    ...
    HTTP/1.1 200 OK
    Authorization-Info: nextnonce="7HZT7F6"
    ...
    Internet
    try to access
    a protected
    resource

    View full-size slide

  11. Beat Signer - Department of Computer Science - [email protected] 11
    December 5, 2023
    Digest Access Authentication ...
    ▪ The Authorization-Info: nextnonce="..." is used to send the
    next nonce in advance
    ▪ client can send the computed hash value already with the original
    request (preemptive authorisation)
    ▪ The quality of protection (qop) field is used to negotiate
    different protection mechanisms
    ▪ auth
    - authentication
    ▪ auth-int
    - authentication and message integrity protection
    - add an MD5 of the body

    View full-size slide

  12. Beat Signer - Department of Computer Science - [email protected] 12
    December 5, 2023
    Transport Layer Security (TLS)
    ▪ Cryptographic protocol to
    ensure secure network
    communication
    ▪ successor of the Secure
    Socket Layer (SSL) protocol
    ▪ situated at the TCP/IP
    Application Layer or OSI
    Presentation Layer
    ▪ Types of authentication
    ▪ unilateral authentication
    - only server authentication
    ▪ mutual authentication
    - client and server authentication
    TCP/IP stack
    Transport
    Application
    Link
    Internet
    TLS/SSL

    View full-size slide

  13. Beat Signer - Department of Computer Science - [email protected] 13
    December 5, 2023
    Cryptography
    ▪ In cryptography a cipher (coding scheme)
    is used in combination with a key to create
    a ciphertext out of a plaintext
    ▪ Cryptanalysis tries to get information out of the ciphertext
    without having access to the secret information (key)
    MEET ME
    AT NOON
    PHHW PH
    DW QLLQ
    MEET ME
    AT NOON
    cipher
    (encoder)
    cipher
    (decoder)
    ciphertext
    key key
    plaintext plaintext

    View full-size slide

  14. Beat Signer - Department of Computer Science - [email protected] 14
    December 5, 2023
    Symmetric Key Cryptography
    ▪ A symmetric key cipher uses the same key for the
    encoding and decoding of a plaintext message
    ▪ Many existing symmetric key ciphers
    ▪ DES, Triple DES, Blowfish, Rijndael/AES, ...
    ▪ The algorithms are often common knowledge and the
    key is the only secret thing
    ▪ key must be kept secret
    ▪ Brute force attack (enumeration attack) tries all keys
    ▪ The key length defines the number of potential keys
    ▪ e.g.128 bit key considered safe today
    - might change with more powerful machines

    View full-size slide

  15. Beat Signer - Department of Computer Science - [email protected] 15
    December 5, 2023
    Symmetric Key Cryptography ...
    ▪ One problem of symmetric key cryptography is that we
    have to secretly share the common key before we can
    exchange any messages
    ▪ this must be repeated with different keys for any two partners
    willing to establish a secret communication
    ▪ how should we establish the exchange over the Internet?
    - initially only an insecure channel is available
    ▪ where should we secretly store all those keys?

    View full-size slide

  16. Beat Signer - Department of Computer Science - [email protected] 16
    December 5, 2023
    Public Key (Asymmetric) Cryptography
    ▪ Instead of a single key, public key cryptography uses an
    asymmetric pair of keys
    ▪ publicly available key for the encoding
    ▪ secret key for the decoding
    ▪ Each party has only a single public key which is used by
    everybody to encode messages to this party
    ▪ only the receiver can decode message with their private key
    MEET ME
    AT NOON
    hJ7FHDuKJ
    F Z8e
    fsdlgi MEET ME
    AT NOON
    cipher
    (encoder)
    cipher
    (decoder)
    ciphertext
    public key B private key B
    plaintext plaintext
    A B

    View full-size slide

  17. Beat Signer - Department of Computer Science - [email protected] 17
    December 5, 2023
    Public Key (Asymmetric) Cryptography ...
    ▪ Public key cryptography can be used to establish secure
    Internet connections to any computer around the world
    without having to secretly share a key beforehand
    ▪ An asymmetric public key cipher must ensure that an
    attacker cannot compute the private key based on any
    information they can intercept
    ▪ public key
    ▪ ciphertext (with corresponding plaintext)
    - can easily be created by any party by using the public key
    ▪ A well-known public key algorithm is the RSA cipher

    View full-size slide

  18. Beat Signer - Department of Computer Science - [email protected] 18
    December 5, 2023
    RSA Cipher (Rivest, Shamir and Adleman)
    ▪ Public-key cipher that can
    be used for encryption as
    well as signing
    ▪ published in 1978 by Rivest,
    Shamir and Adleman while
    they were at MIT
    ▪ The public and private keys are
    generated based on two large distinct prime numbers
    ▪ the potential attacker will know about the product of the two prime
    numbers but nothing about the numbers themselves
    ▪ use modular arithmetic for the encoding/decoding
    ▪ as long as the attacker is not able to do a factorisation into the
    two prime numbers, RSA is assumed to be secure
    Adi Shamir, Ron Rivest and Len Adleman

    View full-size slide

  19. Beat Signer - Department of Computer Science - [email protected] 19
    December 5, 2023
    Public Key (Asymmetric) Cryptography ...
    ▪ A drawback of asymmetric public key cryptography is the
    fact that the algorithms are much slower than symmetric
    ciphers
    ▪ Hybrid solutions combine public key with symmetric key
    cryptography
    ▪ the public key encryption is only used in the setup phase to
    securely exchange a pair of symmetric keys
    ▪ afterwards a secure channel is established based on the
    symmetric keys
    ▪ Security of public key cryptography?
    ▪ new developments (e.g. quantum computing) might break public
    key cryptography

    View full-size slide

  20. Beat Signer - Department of Computer Science - [email protected] 20
    December 5, 2023
    Digital Signatures
    ▪ A digital signature can be used for two purposes
    ▪ to prove the authenticity of a message
    ▪ to guarantee that a message has not been changed during the
    transfer (integrity)
    ▪ Sender creates a plaintext digest, encodes it with the
    private key and adds it as a signature to the message
    ▪ the receiver creates the same digest and compares it with the
    decoded signature
    cipher
    cipher
    private key A public key A
    plaintext plaintext
    plaintext
    signature
    digest
    digest digest
    same?
    A B

    View full-size slide

  21. Beat Signer - Department of Computer Science - [email protected] 21
    December 5, 2023
    Digital Certificates
    ▪ Information about a
    person/company that is
    digitally signed by a
    certificate authority (CA)
    ▪ owner's name
    ▪ validity time
    ▪ signature of the CA
    ▪ owner's public key

    View full-size slide

  22. Beat Signer - Department of Computer Science - [email protected] 22
    December 5, 2023
    HTTP Secure (HTTPS)
    ▪ Secure version of HTTP
    ▪ combines HTTP with asymmetric, symmetric and certificate-
    based cryptography
    ▪ HTTP sent over TLS/SSL
    ▪ HTTPS protocol is selected by the https:// URL prefix
    ▪ Browser connects to the HTTPS default port (port 443)
    ▪ Initial SSL handshake
    - negotiate protocol versions
    - negotiate common cipher
    - authentication
    - generate temporary symmetric session keys

    View full-size slide

  23. Beat Signer - Department of Computer Science - [email protected] 23
    December 5, 2023
    Email Security
    ▪ Emails are generally sent as unencrypted plain text
    ▪ An email is stored on multiple intermediary servers
    before reaching its target
    ▪ relatively easy to intercept
    ▪ would you also put anything you write in an email on a postcard?
    ▪ Note that the sender of an email can easily be faked
    ▪ If we want to fix these problems we have to use third-
    party tools such as Pretty Good Privacy (PGP)
    ▪ privacy
    - strong encryption
    ▪ authentication
    - digital signatures

    View full-size slide

  24. Beat Signer - Department of Computer Science - [email protected] 24
    December 5, 2023
    Email SPAM
    ▪ Abuse of an electronic messaging
    system (email) to deliver unwanted messages
    ▪ A major part of all SPAM is sent by only a few hundred
    spammers
    ▪ It is estimated that SPAM costs businesses more than
    100 billion dollars per year
    ▪ SPAM is illegal in many countries and some spammers
    have already been sentenced to jail
    ▪ "Solutions"
    ▪ SPAM filters
    ▪ micropayments for emails

    View full-size slide

  25. Beat Signer - Department of Computer Science - [email protected] 25
    December 5, 2023
    Email SPAM ...
    ▪ Phishing attacks
    ▪ send emails that look like coming from an official authority
    and contain a request for sensitive data (e.g. password)
    ▪ send emails with links to websites that look like official companies
    (e.g. your home bank)
    ▪ Spammers often use botnets to send their SPAM

    View full-size slide

  26. Beat Signer - Department of Computer Science - [email protected] 26
    December 5, 2023
    Botnets
    ▪ Computers infected by malicious software become part
    of a large botnet that can be remotely controlled
    ▪ the largest botnets contain more than 1 million machines
    ▪ An attacker can buy part of such a botnet to perform
    various harmful tasks including
    ▪ the distribution of SPAM
    ▪ distributed denial of service attacks (DDOS)
    ▪ Distributed denial of service attacks are a very powerful
    weapon as it has for example been shown when Estonia
    was attacked in May 2007
    ▪ cannot easily be detected and filtered by firewalls since the traffic
    is created by many different machines

    View full-size slide

  27. Beat Signer - Department of Computer Science - [email protected] 27
    December 5, 2023
    Firewalls
    ▪ Software and hardware firewalls introduce artificial
    "bottlenecks" that have to be passed by all the traffic
    ▪ block specific ports
    ▪ filter and block content
    ▪ protect private intranets from incoming Internet traffic
    - often only a subnetwork (demilitarised zone) is connected to the Internet
    Internet
    Client Server
    Firewall

    View full-size slide

  28. Beat Signer - Department of Computer Science - [email protected] 28
    December 5, 2023
    Privacy
    ▪ While users access information over the Internet,
    there is a continuous logging of their requests
    ▪ Each server stores information about clients who
    accessed specific resources
    ▪ Data mining techniques can be used to combine this
    logging information and create user profiles
    ▪ can for example be used for user-targeted advertising
    ▪ Users also "deliberately" publish personal information
    ▪ e.g. on Facebook
    ▪ Published information often cannot be easily deleted
    ▪ e.g. still accessible via Internet Archive (http://www.archive.org)

    View full-size slide

  29. Beat Signer - Department of Computer Science - [email protected] 29
    December 5, 2023
    Web Log
    ▪ Log entry created every time a web server is accessed
    ▪ A log entry typically contains information about
    ▪ IP address of the requesting machine
    ▪ accessed URL
    ▪ request time
    ▪ refer link (previous page accessed by the client)
    - sent as part of the HTTP Request
    ▪ browser type
    ▪ errors that occurred
    ▪ ...

    View full-size slide

  30. Beat Signer - Department of Computer Science - [email protected] 30
    December 5, 2023
    Web Log ...
    ▪ Web logs can be combined with other information
    ▪ e.g. login information can be used to reveal a user's identity
    ▪ Refer link
    ▪ enables access to potentially private information
    ▪ e.g. if previous request was an HTML form request using the GET
    method then all the data will be available as part of the URL
    XXX.XXX.XXX.193 - - [02/Dec/2009:05:50:40 +0100] "GET /knives-shun-c-81_114-l-en.html?gclid=CLOFucf5tp4CFc5L5Qod8jQzpA HTTP/1.1" 200 65478 "http://guelph.kijiji.ca/f-Shun-Classifieds-
    W0QQKeywordZShunQQisSearchFormZtrue" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.15) Gecko/2009101601 Firefox/3.0.15"
    XXX.XXX.XXX.116 - - [02/Dec/2009:05:50:42 +0100] "GET /images/Jamie%20Oliver/flavourShakerSchwarz.jpg HTTP/1.1" 200 3594 "http://www.tenera.ch/kenwood-pasta-roller-at970a-for-lasagne-base-unit-p-1314-l-
    en.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    XXX.XXX.XXX.139 - - [02/Dec/2009:05:52:19 +0100] "GET /stylesheet.css HTTP/1.1" 200 10185 "http://www.tenera.ch/kai-seki-magoroku-redwood-nakirimesser-165-cm-p-1433-l-de.html" "Mozilla/4.0 (compatible;
    MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"
    XXX.XXX.XXX.139 - - [02/Dec/2009:05:52:19 +0100] "GET /kai-seki-magoroku-redwood-nakirimesser-165-cm-p-1433-l-de.html HTTP/1.1" 200 60636
    "http://www.google.ch/search?hl=de&source=hp&q=seki+magoroku&meta=&aq=0&oq=seki+ma" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"
    XXX.XXX.XXX.139 - - [02/Dec/2009:05:52:21 +0100] "GET /images/pixel_trans.gif HTTP/1.1" 200 43 "http://www.tenera.ch/kai-seki-magoroku-redwood-nakirimesser-165-cm-p-1433-l-de.html" "Mozilla/4.0 (compatible;
    MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"
    ...
    web log with refer links

    View full-size slide

  31. Beat Signer - Department of Computer Science - [email protected] 31
    December 5, 2023
    Web Log File Analysis
    ▪ Site owner can use
    various tools to analyse
    the log files
    ▪ e.g. Webalizer
    ▪ How much information do
    we give away when
    accessing a website?
    ▪ What is happening with the logged data?
    ▪ combined with other information to reveal IP addresses?
    ▪ combined with log files from other sites?
    - user profiling
    ▪ intended use of data should be mentioned in the privacy policy

    View full-size slide

  32. Beat Signer - Department of Computer Science - [email protected] 32
    December 5, 2023
    Cookies Revisited
    ▪ Persistent cookies can be used to track a
    user over time
    ▪ similar to IP address but more precise
    ▪ Third-party cookies can be used to build an anonymous
    user profile
    ▪ if a website contains elements that have to be accessed from
    another server (e.g.ads), then the server can set a cookie
    - the third-party server creates a unique resource URL for every page on which
    the resource has been embedded
    - the user can be tracked on any site that uses the same service (e.g. ads) and
    an anonymous user profile can be created
    ▪ Cookies should not be used for authentication
    ▪ can be modified by a user to forge identity (cookie poisoning)

    View full-size slide

  33. Beat Signer - Department of Computer Science - [email protected] 33
    December 5, 2023
    Web Bugs
    ▪ User tracking based on the same idea as
    with third-party cookies
    ▪ Embed a small object (e.g.1 pixel image) in a webpage
    and get informed every time the webpage is accessed
    ▪ request containing the IP address is sent to the server
    ▪ The web bugs approach cannot only be used for
    webpages but also for other resources such as email,
    Word documents etc.
    ▪ if the user reads an email containing an embedded HTML web
    bug, the server knows when the email has been read but also
    gets information about the IP address of the mail client

    View full-size slide

  34. Beat Signer - Department of Computer Science - [email protected] 34
    December 5, 2023
    Other Services with Privacy Issues
    ▪ Google Earth shows a lot of sensitive information
    ▪ e.g. military bases etc.
    ▪ Google Street View shows not only streets and buildings
    but also citizens
    ▪ privacy of individuals might be violated since they are shown at
    strange places or in weird situations
    ▪ since the blurring of faces and number plates does not always
    work, some countries would like to stop the service
    ▪ Many other free services from Google as well as other
    companies harvest personal information and use it, for
    example, for customer-targeted advertising

    View full-size slide

  35. Beat Signer - Department of Computer Science - [email protected] 35
    December 5, 2023
    Video: How Does Google Analytics Work?

    View full-size slide

  36. Beat Signer - Department of Computer Science - [email protected] 36
    December 5, 2023
    Google Analytics
    ▪ Very nice tool for web administrators to analyse their
    web traffic
    ▪ easy to "install" over the Web
    ▪ website administrators have to add a piece of JavaScript code
    (tracking code) to their website
    - similar to web bug approach shown earlier
    ▪ Google gets information about site visitors
    ▪ While a user can normally choose to use a free service
    (e.g. Gmail) or not, the user has no choice when it
    comes to the tracking via Google Analytics
    ▪ How save is the captured data?
    ▪ what if somebody manages to steal the data?

    View full-size slide

  37. Beat Signer - Department of Computer Science - [email protected] 37
    December 5, 2023
    Exercise 10
    ▪ PageRank and Security

    View full-size slide

  38. Beat Signer - Department of Computer Science - [email protected] 38
    December 5, 2023
    References
    ▪ David Gourley et al., HTTP: The Definitive
    Guide, O'Reilly Media, September 2002
    ▪ How Does Google Analytics Work?
    ▪ https://www.youtube.com/watch?v=p1eQuegrNdU
    ▪ R.L. Rivest, A. Shamir and L. Adleman, A Method for
    Obtaining Digital Signatures and Public-Key
    Cryptosystems Authentication, Communications of the
    ACM, February 1978

    View full-size slide

  39. 2 December 2005
    Next Lecture
    Future Trends

    View full-size slide