2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term - - PowerPoint PPT Presentation

2) Secure HyperText Transfer Protocol

Emmanuel Benoist

Fall Term 2020/2021

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 1

Table of Contents

• HyperText Transfer Protocol - HTTP
• Credentials in HTTP
• Need for security
• Symetric and Asymetric Cryptography
• Public Key Infrastructure
• SSL and TLS
• How to Configure your Web Server
• Conclision: Limitations
• References

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 2

HyperText Transfer Protocol - HTTP

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 3

HyperText Transfer Protocol - HTTP

Request

From the client (browser) to the server Contains a description of the browser (user agent, accept) Contains the description of the requested page / or the information sent

Response

Only generated as a “response” to a request Contains the status of the response (success/fail/partial) Contains the document (body) Contains meta-information

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 4

HTTP Request

Request GET http://www.benoist.ch:80/SoftSec/ HTTP/1.1 Host: www.benoist.ch User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS

ց →X 10.6; fr; rv:1.9.2.15) Gecko/20110303 Firefoxց →/3.6.15

Accept: text/html,application/xhtml+xml,application/ց

→xml;q=0.9,*/*;q=0.8

Accept-Language: fr-fr,fr-ch;q=0.9,fr;q=0.7,en-us;qց

→=0.6,en;q=0.4,de-de;q=0.3,de-ch;q=0.1

Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 5

HTTP Response

Response HTTP/1.1 200 OK Date: Wed, 09 Mar 2011 08:29:25 GMT Server: Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11

ց →OpenSSL/0.9.8l PHP/5.2.9 mod_perl/2.0.4 Perl/v5ց →.10.0

X-Powered-By: PHP/5.2.9 X-Transfer-Encoding: chunked Content-Type: text/html Content-length: 11527 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang=ց

→"en" lang="en">

<head> <meta http-equiv="Content-Type" content="ց

→text/html;charset=iso-8859-1" /> Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 6

GET vs. POST

GET

Primarily for accessing information Forms containing small ammount of information Content of forms “URL encoded” inside the URL URL is to be seen in the browser URL stored in caches and logfiles.

GET http://localhost:80/coursWebProgramming/examples/http/formsց

→.php?text1=Hello+World&text2=80 HTTP/1.1

Host: localhost ... Proxy-Connection: keep-alive Referer: http://localhost/coursWebProgramming/examples/http/ց

→forms.php Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 7

GET vs. POST (Cont.)

POST

Primarily for sending info to the server Forms containing large ammount of information Content is URL encoded in the BODY of the message

POST http://localhost:80/coursWebProgramming/examples/http/ց

→forms.php?text1=Hello+World&text2=80 HTTP/1.1

Host: localhost ... Referer: http://localhost/coursWebProgramming/examples/http/ց

→forms.php?text1=Hello+World&text2=80

Content-Type: application/x-www-form-urlencoded Content-length: 26 text1=Hello+World&text2=80

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 8

Sending credentials in HTTP

Username Password

In a form (GET / POST) Using HTTP authorization schema (as a http header field encoded in base 64) Authorization: Basic YmllOmJpZQ==

Transfered clear text

GET form write username and password directly inside the URL bar and the log files POST let the information transfer clear text in the body of the request Basic http authorization sends the username and password in each request unencrypted (just encoded in base 64). You can decode (not decrypt) the username and password using: echo ’YmllOmJpZQ==’ | openssl base64 -d

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 9

Credentials in HTTP

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 10

Credentials in HTTP

Cookies

Small information Resent inside every request Contains a session ID Credentials are stored on the server and associated to the sessionID

GET http://localhost:80/coursWebProgramming/examplesց

→/phpWeb/session3.php HTTP/1.1

Host: localhost ... Referer: http://localhost/coursWebProgramming/ց

→examples/phpWeb/session2.php?firstName=Emmanuel

Cookie: PHPSESSID=105fc85ea2e9884eea1f9bed88e6b70f

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 11

Evesdroping and Tampering credentials in HTTP

Anybody can listen or fake any credentials in HTTP

GET / POST / Cookies are sent unencrypted and cleartext Basic authentication is sent unencrypted and Base64 encoded Both can easily be listened and/or spoofed and/or manipulated by a third party.

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 12

Need for security

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 13

Needs for security

Confidentiality

Nobody can read the message I send For both Security and Privacy

Authentication of the partner

Am I realy talking with the server I am supposed to? Am I realy the person I am supposed to be?

Integrity of the Message

Is the message the one that my partner sent?

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 14

Symetric and Asymetric Cryptography

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 15

Symetric Cryptography

Symetric Cryptography

Alice and Bob share the same Key K (which is secret) Alice encrypts the message with K Bob decrypts the message with K If Charly doesn’t have K, he can not read the message

Efficiency

This type of crypto is very efficient

Problem

How to exchange the key if you do not meet your correspondant Alice and Bob need a secure chanel to exchange the key

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 16

Asymetric Cryptography

Knowledge of Keys is Asymetric

Alice wants to send a message M to Bob Alice has access to the public key KBpub of Bob Bob knows a pair (KBpub, KBpriv)

Encryption of a message

Alice encrypts the message using Bob’s Public key KBpub Bob decrypts the message using his private key KBpriv

Problem

How can Bob be sure it is Alice who sent the message? Charlie may have intercepted the message and replaced by another one

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 17

Signing a message

Bob wants to be certain the message was sent by Alice

He wants to check the integrity of the message

Signing of the message

Alice also has a pair of keys:(KApub, KApriv) Bob knows the public key of Alice KApub Alice uses her private key to sign the message sent to Bob Bob uses the public key to verify the signature of Alice Since Charly does not know the private key, he can not forge such a message Bob is convinced that Alice has sent this message

Combining both : encrypting and signing

Alice writes a message M She creates a signature σ(M) with her private key KApriv She encrypts both M and σ(M) with Bob’s public key KBpub Bob receives the encrypted message,

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 18

Public Key Infrastructure

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 19

Public Key Infrastructure

A lot of keys have to be exchanged

Alice needs the public key of Bob Bob needs the public key of Alice etc.

How to exchange keys in a secure way?

Alice and Bod never met eachother They trust the same third party (called Certificate Authority - CA) They both have received (in a secure way) the public key of the CA

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 20

Certificate

Alice wants to receive Bob’s public key

Bob creates his key pair Bob is identified by CA and gives his Name and public key to the CA CA signes a “certificate” containing the following information

◮ Name of the Certificate Authority ◮ Name of the owner of the certificate (Bob) ◮ Address, . . . ◮ Public key of Bob

So if Alice trusts the verification of CA, she trusts the public key of Bob. Problems in real life

Alice and Bob may not have the same certificate authority: We have a chain of trust (or web of trust) The Public Key Infrastructure PKI uses a Root Certificate who anybody trusts. You need a way to revoke compromised keys . . .

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 21

Public Key Infrastructure (simplified)

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 22

Efficiency of Cryptography

Public Key Cryptography

Very useful between unknown persons Requires long keys Is too slow Can not be used for big transfer

Symetric Key Cryptography

Reserved for people that know each other Can be much more efficient Should be used to transfer large data

Solution

Use the two systems First “Hand Shaking” using a public key Then (once we know each other) use a symetric key algorithm

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 23

SSL and TLS

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 24

SSL and TLS

TCP/IP socket can be read and modified

TCP/IP does not contain any security mechanism Idea: we trust the others

SSL and TLS

Create a socket that can neither be read nor modified “Tuneling”

Content is protected from its origin to its destination

Content is encrypted and signed Protocol prevents any modification

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 25

Tunnel

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 26

Three Phases of TLS

• 1. Peer negotiation for algorithm support

For key Exchange: RSA, Difie-Hellman, DSA, SRP, PSK For symetric ciphers: RC4, Triple DES, AES or Camellia For crypto hash function (Message authentication codes - MAC): HMAC-MD5 or HMAC-SHA

• 2. Key exchange and authentication

Exchange of Certificate(s) (normally X.509, draft for OpenPGP) Verification of the certificate(s) (can ask the CA if it is still valid) Exchange of a new secret key for symetric encryption

• 3. Symmetric cipher encryption and message

authentication

Symetric encryption is faster

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 27

Advantages of TLS

Eavesdropping

The data transfered on the net are crypted. It is not possible to read it.

Data Modification

Since consitancy of data is checked using MAC hash functions, content can not be modified

Man in the middle attack

The client is certain to be faced with the server possessing the certificate.

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 28

Problems with HTTPS / TLS-SSL

Relies on the PKI infrastructure

Revocation of Certificates have to be tested Certificate Authorities have to be known (and trusted) X.509 relies on a Root certificate, should not be protected

Man in the Middle attack

Possible: the user is warned and clicks the button OK

Interception / Modification

Much more complicated than with HTTP

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 29

How to Configure your Web Server

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 30

Create your own HTTPS server

Create a Certificate (Standard X.509) Contains

Identity and Address of the subject Validity (not before, not after) Public Key Information (algorithm and key)

Let a CA sign your certificate You add the following information in your certificate

Identity and Address of the issuer of the certificate Signature (algorithm and fingerprint)

Configure the port 443 of your server

Update the configuration of your server such that it listens to this port using HTTPS.

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 31

Sample Certificate

Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1: ... d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92: ... 8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22: 68:9f Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 32

Hosting multiple servers on one computer

Virtual Hosts very common on Apache

One IP-address can correspond to many names (DNS’s point at the same address) One program listens on the port 80 of the computer HTTP header contains a field (mandatory) Host: The program can create virtual hosts for each of the host names.

Problem with virtual hosts for HTTPS

A https server listens to the port 443 Encrypted content arrives, It can not be redirected to the right server for authentication The requests are all directed toward one single server.

Solution: Having One IP-Address per Virtual-host

Virtual hosts can listen to the different ports for the different IP addresses.

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 33

Double Side Authentication

HTTPS means : authentification of the server

The client verifies that the server he/she talks to is the right

• ne

The classic web programming is used for identification / authentification of the client: Username + password Why not use the same mechanism in both directions

Users May be authenticated by a certificate

The browser may send its own certificate to the server Certificate and Private key may be contained inside the browser, on a chip card or USB stick.

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 34

Apache Configuration

You have to create a Certificate

server.crt your certificate (signed by a CA or self-signed) server.key your private key

Install SSL module

Module takes care of the protocole Load specific configuration for the module

Create a Virtual Host for your SSL server

CipherSuite (which protocols are supported) Address of the certificate and Key Port (or IP-address and Port) to be listened

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 35

Apache Configuration

For authenticating the users also Definition of the CA’s certificates (CRT) #SSLCACertificatePath /opt/lampp/etc/ssl.crt #SSLCACertificateFile /opt/lampp/etc/ssl.crt/ca-bundle.crt Definition of revocation lists (CRL) (for the CA’s) #SSLCARevocationPath /opt/lampp/etc/ssl.crl #SSLCARevocationFile /opt/lampp/etc/ssl.crl/ca-bundle.crl Set properties for clients

Protect one directory Protect the whole server . . .

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 36

Conclision: Limitations

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 37

Limitations: Server Problems

Private Key may be compromized (stollen, copied, changed, . . . )

Man in the middle attack possible Revocation list

Content of the site may have been changed

By malicious administrators By visitors

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 38

Limitations: Client Problems

Client may not pay attention to security warnings

Manual Verification of Certificate

Client may be compromized

Virus, Trojan, Worm, may infect the client computer Strength of the crypto depends on the client (in the handshaking part of the protocol)

Client may be malicious

You do have 0 control on the client Never trust the client side verification (javascript for instance)

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 39

References

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 40

References

Apache SSL/TLS Encryption http://httpd.apache.org/docs/2.2/ssl/ Wikipedia http: //en.wikipedia.org/wiki/Transport_Layer_Security http://en.wikipedia.org/wiki/X.509 Other resources http://sebsauvage.net/comprendre/encryptage/ crypto_asy.html http://www.openssl.org http://www.authsecu.com/ssl-tls/ssl-tls.php http://www.hsc.fr/ressources/presentations/pki/

Berner Fachhochschule | Haute ´ ecole sp´ ecialis´ ee bernoise | Berne University of Applied Sciences 41