Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Systems Security > Network Application Security > Flashcards

Network Application Security Flashcards

1
Q

What are the data transformation steps when sent via a TLS channel with the TLS_DHE_DSS_WITH_AES_128_CBC_SHA ciphersuite with ZIP

A

1) fragmentation
2) PACK.DATA = zip compression (PACK.DATA)
3) mac in this case a keyed digest using sha256 then I guess PACK.MAC = HMAC- SHA256 (key_auth_client_to_server, packet) (considering padding if tls or without considering it if ssl <= 2.0)
4) padding
5) generation IV, so PACK.IV = rand (128)
6) encryption using aes, then PACK.DATA = AES-128-CBC (PACK.IV, key_comp_client_to_server, PACK.DATA)
7) send packet, i.e. send (PACK) # which will contain IV, DATA and MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

TLS security properties with algorithms and keys.

A

Starting with TLS-1.2 we have:
- PEER AUTHN: mandatory server, optional client. C / R ASYM implicit and
explicit.
- DATA CONFIDENTIALITY: optional, SYM
- DATA AUTHN / INTEGRITY: mandatory, keyed-digest negotiated
- FILTERING: mandatory, implicit MID
- REPLAY: mandatory, implicit MID
The algorithms used are HMAC for integrity, and DH + DSA + 3DES for confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe how TLS client authentication works. Discuss its advantages and disadvantages.

A

1) certificate request (client): optional, requested by the server during the handshake phase
2) certificate (client): Carries the certificate for client authentication. The certificate must have been issued by one of the given CAs listed by the server in the Certicate Request message.
3) Cetificato verify: This is an explicit signature proof. It actually verifies that you have the private key and intend to use it in that context. The hash is calculated on all
handshake messages preceding this one and is signed with the client’s private key (to
avoid impostors)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TLS client authentication vs HTMLform-based authentication: advantages, disadvantages and solutions

A

TLS client auth: In case the SSL channel has been activated with client authentication, to authenticate the user must provide an X.509 certificate, in addition to having to respond correctly to the challenge. In this case, the server can perform a mapping to let the application developer know the credentials of the user who requested access to a particular resource.

The advantage is that the attacker will only be able to exploit the bugs contained within TLS; consequently you will have a very small attack surface.

The disadvantage is that unfortunately this is very often not possible because users rarely have an X.509 certificate, or even if they do, it is not certain that the systems engineer has activated the credentiality mapping function.

HTML form-based: the client sends its data after entering it in an html form
The disadvantage is that it simply sends the credentials encoded in base64 and are not protected by encryption so you can sniff the credentials and the server must also be careful to save them unencrypted while the advantage is that it is quick and easy to implement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company wants to do TLS client auth on a web server: advantages and disadvantages and precautions to be applied on client and server.

A

Advantages: strong authentication, reduced attack surface, no password stored on the server, etc …

The disadvantage is that unfortunately this is very often not possible because users rarely have an X.509 certificate, or even if they do, it is not certain that the systems engineer has activated the credentiality mapping function.

Tips: HSM on the server to put private K, smart card or secure device for private K on the client, HSTS and HPKP (which have nothing to do with the auth client but apparently they had to be said).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Considering the TLS-1.0 protocol, explain what security properties it offers and for each of them indicate whether it is mandatory or optional and how it is achieved.

A

server authentication (mandatory): when the channel is opened, the server:
1. authenticates itself by sending its public key, typically contained within an X.509 certificate;
2. undergoes a sort of asymmetric challenge to prove that it knows the private key corresponding to the public key in the certificate;
* client authentication (optional): when the channel is opened, the client authenticates itself in the same way as the server;
* authentication and integrity of messages (mandatory): all transmitted data are protected by MAC keyed-digest (eg SHA-2) (the digital signature would be too slow for data flows);
* confidentiality of messages (optional): all transmitted data is encrypted with a symmetrical session key (eg 3DES):
- the client decides the key;
- the client communicates the key to the server through public key cryptography (eg RSA, DH);
* protection from replay attacks and filtering: each message is numbered with a MID3, ensuring complete protection possible thanks to the reliable transport protocol (not partial as in IPsec4):
- replay: messages must always arrive in the same order in which they were sent and must not be duplicated;
- filtering (= deletion): messages must not be missing.
* message protection: according to various studies, 10% of messages really need confidentiality (optional), while 100% need authentication and integrity (mandatory).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List and explain the features of SSL.

A

SSL (Secure Socket Layer), originally proposed by Netscape, is a protocol for creating secure transport channels. SSL lies roughly at the session layer, between the transport layer and the application layer.

Features:
* server authentication (mandatory): when the channel is opened, the server:
1. authenticates itself by sending its public key, typically contained within an X.509 certificate;
2. undergoes a sort of asymmetric challenge to prove that it knows the private key corresponding to the public key in the certificate;
* client authentication (optional): when the channel is opened, the client authenticates itself in the same way as the server;
* authentication and integrity of messages (mandatory): all transmitted data are protected by MAC keyed-digest (eg SHA-2) (the digital signature would be too slow for data flows);
* confidentiality of messages (optional): all transmitted data is encrypted with a symmetrical session key (eg 3DES):
- the client decides the key;
- the client communicates the key to the server through public key cryptography (eg RSA, DH);
* protection from replay attacks and filtering: each message is numbered with a MID3, ensuring complete protection possible thanks to the reliable transport protocol (not partial as in IPsec4):
- replay: messages must always arrive in the same order in which they were sent and must not be duplicated;
- filtering (= deletion): messages must not be missing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TLS-then-proto and proto-then-TLS approaches: explain the functioning, advantages and disadvantages of the two approaches.

A

TLS then proto: that is, first a secure channel is opened and then the protocol for data transport is used. Security is not managed by the Web server programmer, but is managed by the system engineer: it is the latter’s job to activate TLS before making the Web application accessible. This has the advantage of requiring less work from developers, but at the same time they will have no control over the security systems; it will be necessary to trust the work of the systems engineers. It is therefore
necessary to have a synchronization between the work of programmers and that of systems engineers.

proto then TLS: In this case you have the initial opening of a normal channel via protocol, and the server will decide if you want to do security or not. It is therefore possible to upgrade a normal channel to TLS. it is the developer who must take care of security: when a user requests access to protected resources, it is necessary to stop the normal dialogue through the protocol, transform the channel into safe and only at that point can the dialogue resume. This results in a higher workload for the developer as he will have to take care of security as well, but this can also be seen as an advantage as it is the developer himself who controls if and what security you want to have.

As far as firewalls are concerned, the two solutions are not equivalent mainly for the reason that they use different ports.

As for the IDS, if you use TLS then proto the IDS will only be able to see a request to open a secure channel. Once the channel is open it will no longer be possible to see anything.
With proto then TLS, on the other hand, the IDS can see that the channel has been created and that for a specific request the server has decided to transform the channel into secure. The IDS will still not be able to see anything as long as TLS is active, but at least you have control over which URLs security is activated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You want to control access to web pages hosted by a server by operating only on the configuration of the server itself. Identify the possible techniques that can be used, indicating their advantages and disadvantages.

A

(Professor’s answer)
- INGRESS: simple, level S1. cons: IP spoofing, no per-page
- IP-SEC: level S2. disadvantages: also configure the client, no per-page
- TLS c / authn: level S3, per-page. disadvantages: certified clients that not everyone has.
- HTTP basic / digest: simple, per-page. disadvantages: S4 level, if basic -> TLS (to avoid sniffing)
- FORM based authn: integrity in the application. disadvantages: level S5, the actual strength depends on the technique used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which is the standard situation security wise in a network?

A
  • week authentication based on IP addresses or ID and paw: this leads to possible IP spoofing attack and password snooping attack
    • replay and filtering attacks
    • data snooping and data forging attack
    • creation of shadow server and MITM attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Channel security and message security

A
  • Channel: data transmitted in a secure channel have, as security properties, single or mutual authN, integrity, confidentiality but just when they pass through the Janelle. There is no possibility to have the non-repudiation property. It doesn’t require app modification. All the data that pass through the channel are protected
    • Message: those security properties are self-contained in the message and do not belong to the channel. The authentication can just be single and not mutual, and it may be non-repudiation. This solution requires app modification. Only selected data are protected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security internal and external to applications

A
  • internal: each app implements security internally and the common part between two apps is limited to the communication channels (socket) because they use the same TCP-IP network. There is the possibility of implementation errors because inventing security protocols is not simple and this solution does not guarantee interoperability
    • external: the session level would be the ideal one to be used to implement many security functions BUT it does not exist in TCP/IP. That is why a secure session level was proposed: this level simplifies the work of application developers by avoiding implementation errors. App can have internal security too.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which are the secure channel protocols?

A
  • SSL/TLS: most used
    • SSH: nowadays is a niche product
    • PCT: one of the fiascos of MS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TLS: main features

A
  • Transport Layer Security Protocol
    • it gives the possibility to create a secure transport channel AT SESSION LEVEL
    • security properties: peer authN (server or server+client), message confidentiality + authN + integrity, protection Fromm replay and filtering attacks
    • easily applicable to all protocols based on TCP such as HTTP, SMTP, TELNET, …
    • SSL-2 -> SSL-3 -> TLS1.0 -> TLS1.1 -> TLS1.2 -> TLS1.3
    • everything below TLS 1.2 is insecure and deprecated
    • example of official ports for SSL/TLS application: 443/tcp is https, 465/tcp is smtps…
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TLS: peer authentication

A
  • the server authenticates itself by sending its public key through a X.509 certificate and by responding to an implicit asymmetric challenge to show that it knows the secret key
    • the client authN is optional and optionally it is made thanks to a X.509 certificate and an explicit challenge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

TLS: data authentication, integrity and confidentiality

A
  • keyed-digest +
    • implicit MID to avoid replay and filtering attacks
    • The client generates a session key used for symmetric encryption of data. To exchange the generated key with the server it uses public-key cryptography (ex. RSA or DH).
    • Since TLS1.2 authenticated-encryption is also available
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

TLS handshake (with and without session-id)

A
  • Without
    Secure web server ————— browser
    1. the browser looks for https://www.polito.it/
    2. security configuration
    3. the server sends its certificate
    4. the server responds to the challenge
    5. optionally the browser sends its certificate and responds to the challenge
    6. they exchange keys
    7. the secure channel over TLS is created
    • With the use of a session-id
      Secure web server ————— browser
      1. the browser looks for https://www.polito.it/
      2. the browser (client) sends its session id
      3. the secure channel over TLS is created
17
Q

TLS architecture

A

From the bottom layer
1. network protocol (for example IP)
2. reliable transport protocol (for example TCP)
3. TLS record protocol (at session level data are called records)
4. TLS handshake protocol + TLS change cipher spec protocol + TLS alert protocol (+ application protocol, for example HTTP)

18
Q

TLS: sessions and connections

A

A typical web transaction follows the following steps:
1. Open
2. GET page.html
3. page.html
4. Close

Why? If the TLS parameters must be negotiated every time, then the computational load becomes high. To avoid re-negotiation of crypto parameters for each TLS connection, the TLS server can send a session identifier to the client. This way more connections can be part of the same logical session. If the client, when opening the TLS connection, sends a valid sesssion-id then the negotiation part is skipped and data are immediately exchanged over the secure channel. The server can reject the use of session-id: it can always reject it or just when a timeslot is passed.

TLS session: it is a logical association between client and server that is created by the handshake protocol. The session defines a set of cryptographic parameters and it can be shared by one or more TLS connections (1:N)

TLS connection: it is a transient TLS channel between client and server that is associated to one specific TLS session (1:1)

19
Q

TLS record protocol

A

Authenticate then encrypt principle
1. data coming from the application level are fragmented
2. each fragment is compressed
3. the MAC is computed, also taking into account the implicit sequence number -> we now have compressed data + MAC
4. the padding is added -> compressed data + MAC + P
5. enc(compressed data + MAC + P) (using the IV generated during the handshake if needed)
6. TLS header + enc(compressed data + MAC + P) = TLS RECORD

The MAC and the encryption use different keys!!!

20
Q

TLS-1.x record format

A

At session level data are called records.
The TLS header is 5 byte and the payload is at maximum 16kB.
* type (uint8): change_cipher_spec (20), alert (21), handshake (22), application_data (23)
* version: there are two different fields to express the TLS message version: major (uint16) and minor (uint16)
* length (uint16)
* fragment

21
Q

TLS: record protocol, MAC computation

A

MAC = message_digest(key, seq_number || type || version || length || frgment)
* different hash cryptographic functions can be used, based on the algorithm chosen
* key: it is the sender-write-key or the receiver-read-key
* the sequence number is a 64 bit integer NEVER TRANSMITTED, COMPUTED IMPLICITLY

22
Q

TLS handshake protocol: what does it take care of?

A

This protocol
* takes care of agreeing on a set of algorithms to have integrity, authN and confidentiality
* exchanges random numbers between client and server to be used for the subsequent generation of the keys
* establishes a symmetric key by means of public key operations
* negotiates the session-id
* exchanges the certificates

23
Q

TLS keys: relationship among keys and sessions between a server and the same client

A

The TLS handshake protocol generates the necessary keys. It generates two PUBLIC keys: the pre-master secret and the master secret.
The first one is the long term key and it will be used during each connection to generate the second one. The second one will be generated by combining the first one with some random numbers generated both by the client and the server. These parameters will be used to generate the key for the MAC computation, the key for the encryption, the IV for the encryption. These will be different for each connection.
(Slide 23, ask to chat gpt)

24
Q

Perfect forward secrecy

A

If a server has a certificate valid for both signature and encryption then it can be used both for authentication (via a signature) and key exchange (asymmetric encryption of the session key)… but if an attacker copies all the encrypted traffic and later discovers the (long term) private key then the attacker can decrypt all the traffic, past, present, and future.

Perfect forward secrecy: it is a property of the communication protocols such that the compromise of a private key compromises only the current (and eventually future) traffic but not the past one.

To reach PFS protocols use the so called ephemeral keys. An ephemeral key is a one-time key generated on the fly (it is generated at the connection creation so it cannot be compromised with some sort of pre computation).
* Keys for Signing: Long-term keys are used to sign ephemeral keys or to authenticate the connection, but not to directly encrypt session data. This reduces the risk that compromising these keys would expose historical data. -> DH suitable, RSA slow -> compromise for RSA = re-use N times
* Keys for Encryption: Ephemeral keys are used to encrypt data during a session. If these keys are compromised, only the data from that specific session can be decrypted, thus protecting the information from past sessions.

examples: ECDHE (Elliptic Curve DH Ephemeral)

25
Q

TLS and virtual servers: the problem and the solutions

A

TLS and virtual servers present a unique challenge, especially common in web hosting scenarios.
In such settings, multiple logical domain names are associated with the same IP address. For example, home.myweb.it and food.myweb.it might both point to 1.2.3.4.
Handling this situation is easy in HTTP/1.1 where the client specifies the desired server using the Host header. However, it becomes complicated with HTTPS because the TLS handshake, which encrypts the communication, occurs before HTTP communication begins. This poses the question: which server’s certificate should be provided, and it must correctly reflect the server’s name.

There are several solutions to this problem:
* Use of a collective (wildcard) certificate: This certificate, for instance, could be issued as CN=*.myweb.it. It allows all servers under the wildcard domain to share the same private key. However, this method receives different treatment across various browsers.
* Certificate with a list of servers in the subjectAltName: This certificate also involves a shared private key among all servers listed. The challenge here is that any time a server is added or removed, the certificate needs to be re-issued to update the list of valid servers.
* Employment of the Server Name Indication (SNI) extension: This extension is included in the ClientHello message, as permitted by RFC-4366. It allows the client to specify which host it wants to connect to at the start of the handshake, making it possible to present the correct certificate. Despite its utility, SNI has historically faced limited support from some older browsers and servers, though modern implementations generally support it well.

26
Q

ALPN extension

A

The Application-Layer Protocol Negotiation (ALPN) is a TLS extension. It facilitates the negotiation of which application protocol will be used over a secure connection, directly within the TLS handshake. This process enhances connection efficiency by reducing the need for additional network round-trips typically required for application protocol negotiation (a “round-trip” refers to the sending of a data packet from one point to another and then back again, essentially one complete cycle of communication between two devices. This process can take significant time).

Here’s a breakdown of how ALPN works:

ClientHello Message: During the TLS handshake, the client sends a ClientHello message that includes ALPN=true and a list of supported application protocols. This informs the server of the application protocols the client is prepared to use.

**ServerHello Message*b: In response, the server sends a ServerHello message. If ALPN is supported and enabled, this message will include ALPN=true and the selected application protocol from the list provided by the client.

ALPN is particularly important for the negotiation of modern protocols like HTTP/2 and QUIC, which are generally only supported over TLS by major browsers like Chrome and Firefox. It allows a web server to support multiple protocols and serve different types of content, potentially with different security certificates, depending on the application protocol negotiated.

For example, a server could use different certificates for HTTP/2 and other protocols, providing an additional layer of security or functionality differentiation.

Common ALPN Protocol Identifiers:
http/1.0: For HTTP/1.0 (less common today)
http/1.1: For HTTP/1.1, which is widely used
h2: For HTTP/2, providing efficient and modern web traffic handling
h2c: For HTTP/2 over TCP without TLS (less common in practice)

ALPN’s role in efficiently setting up secure connections without unnecessary delays is a critical improvement over earlier methods, contributing significantly to the performance and flexibility of secure web communications.

27
Q

DTLS

A
  • Datagram Transport Layer Security
    • This protocol applies TLS concepts to datagram security, for example to UDP. Anyway, it does not offer its same properties.
    • It is in competition with IPsec and application security
28
Q

List all the possibilities to have, for example, secure SIP

A
  • with IPsec
    • with TLS: only for SIP over TCP
    • with DTLS: only for SIP over UDP
    • with secure SIP
29
Q

The TLS downgrade problem

A

Imagine that:
* a client sends in ClientHello the highest supported TLS version
* the server notifies (in ServerHello) the version to be used, that is the highest in common with client)

Examples of a normal version negotiation:
* agreement on TLS-1.2
⁃ (C > S) 3,3
⁃ (S > C) 3,3
* fallback to TLS-1.1 (e.g. no TLS-1.2 at server)
⁃ (C > S) 3,3
⁃ (S > C) 3,2

We have an insecure downgrade when there is a server that does not send the correct response, rather it closes the connection … then the client has no choice but to try again with a lower protocol version. This is insecure because it can lead to the downgrade attack: the attacker sends fake server response, to force repeated downgrade until reaching a vulnerable version (e.g. SSL-3) … then executes a suitable attack (e.g. Poodle).

To prevent protocol downgrade attacks there is the TLS Fallback SCSV (Signaling Cipher Suite Value).
* It’s particularly useful when network issues cause legitimate failures that might be mistakenly interpreted by clients as the need to use older protocols for compatibility.
* Implementation as a Dummy Cipher Suite: It is not a real cipher suite but acts as a signal embedded within the cipher suite list sent by a client during a TLS handshake. This “cipher suite” is used only as a fallback indicator and does not contribute to encryption.
* Usage by Clients: Clients include this special cipher suite value in their list of cipher suites during a handshake only when they are intentionally falling back to an older protocol version due to failure in establishing a connection with a higher protocol version. It is recommended (SHOULD) to be placed last in the list of cipher suites.
* Server Response: If a server sees the TLS_FALLBACK_SCSV in the cipher suite list and the TLS version requested is lower than the highest it supports, it must (MUST) respond with a fatal alert called “inappropriate_fallback”. This is designed to alert the client that a downgrade attack may be occurring.
* Effect of the Alert: Once the “inappropriate_fallback” alert is triggered, the connection is terminated. The client should then attempt to reconnect using the highest version of the protocol it supports, assuming that the initial fallback was potentially due to an interception attack.

30
Q

HTTP/1.0 security

A

The security mechanisms defined in HTTP/1.0 are:
* “address-based” = the server performs access control based on the IP address of the client
* “password-based” (or Basic Authentication Scheme) = access control based on username and password, Base64 encoded
Both schemas are highly insecure (because HTTP assumes a secure channel!)

HTTP/1.1 introduces “digest authentication” based on a symmetric challenge.

31
Q

HTTP digest authentication

A
  • technically obsoleted but considered as base case in RFC-2617
    • keyed-digest computation:
      ⁃ HA1 = md5 ( A1 ) = md5 ( user “:” realm “:” pwd )
      ⁃ HA2 = md5 ( A2 ) = md5 ( method “:” URI )
      ⁃ response = md5 ( HA1 “:” nonce “:” HA2 )
      The server uses a nonce to avoid replay attacks.
      The authentication server may insert a field “opaque” to transport state informations (e.g. a SAML token) towards the content server.
32
Q

HTTP and SSL/TLS

A

Two approaches can be used:
* “TLS then HTTP” (RFC-2818 – HTTP over TLS): This approach is widely known as HTTPS. Here, the connection is first established using TLS, and then HTTP is used over this secure connection. This is the most common method and is used to encrypt the entire HTTP traffic
* “HTTP then TLS” (RFC-2817 – upgrading to TLS within HTTP/1.1): this approach involves starting with an unencrypted HTTP connection and then upgrading to a secure TLS connection. This method is less common and can be more complex to implement, but it allows for a single connection to start as HTTP and then switch to HTTPS.

The two approaches are not equivalent and have an impact over applications, firewall and IDS.
* Applications: Need to handle the TLS upgrade process if using “HTTP then TLS”. This can be more complex compared to starting with a secure connection.
* Firewalls: May need to support the protocol upgrade if using “HTTP then TLS”, adding complexity to traffic inspection.
* IDS: Must be able to detect and handle the upgrade to TLS, which can be challenging if the traffic starts unencrypted.

These concepts are generally applicable to all protocols: “SSL/TLS then proto” vs. “proto then TLS”
Note: “SSL then HTTP” is in widespread use but it is undocumented

33
Q

TLS client authentication at the application level

A

TLS client authentication can identify users through X.509 certificates without needing usernames and passwords. Some web servers can map credentials from these certificates to users in the HTTP service or operating system.
This is beneficial because:
* Earlier Access Control: Implementing authentication at a lower level reduces the attack surface.
* Single Authentication: The user is authenticated once at the TLS level, and this identity can be propagated to higher levels, avoiding repeated authentication.

Fundamental concept: the earlier the access control, the smaller the attack surface + there is no need to repeat the authentication (the id may be propagated)

The stack is
* ASP, PHP, JSP applications (application server) -> application level authN
* HTTP channel (web server) -> HTTP basic/diget authN
* TLS channel (library) -> TLS client-authN via X.509 certificate
If authN is performed at a lower level (for example at TLS channel level) it can be mapped to an higher level (for example HTTP or application levels)

34
Q

What about forms requesting user/pwd?

A

Technically speaking, it’s not important the security of the page containing the form… because the actual security depends on the URI of the method used to send username and password to the server… but psychologically, it is very important the security of the page containing the form because few users have the technical knowledge to verify the URI of the HTTP method used to send user/pwd.

35
Q

HTTP Strict Transport Security (HSTS)

A

HSTS is a policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. When a server uses HSTS, it declares that browsers should only interact with it using HTTPS. Key characteristics include:
* valid only in HTTPS response: HSTS headers are ignored if received over HTTP
* expiration renewed at every access
* may include subdomains (recommended): it extends the HSTS policy to all subdomains, ensuring consistent security across the entire domain. It simplifies management and enhances security but requires all subdomains to support HTTPS
* may be pre-loaded: Preload is an option in HSTS that allows a website to be added to a list maintained by browsers, ensuring that the very first connection to the website is made using HTTPS. It offers robust security but requires careful consideration due to the difficulty of removal and the strict requirement to always use HTTPS.
⁃ preload list maintained by Google and used by many browsers = https://hstspreload.org/

syntax and examples
Strict-Transport-Security:
max-age = <expire-time-in-seconds>
[ ; includeSubDomains ]
[ ; preload ]</expire-time-in-seconds>

$ curl –s –D- https://www.paypal.com/ | fgrep –i strict
strict-transport-security: max-age=63072000
$ curl –s –D- https://accounts.google.com/ | grep –i strict
strict-transport-security: max-age=31536000; includeSubDomains

36
Q

HTTP Public Key Pinning (HPKP)

A

HPKP is a security feature that allows HTTPS websites to resist impersonation by attackers using misissued or otherwise fraudulent certificates. It works by specifying which public keys are valid for a given domain name.

Key characteristics:
* Pinning: The site specifies the digest of its public key (or one of its CA’s public keys) which the user agent (browser) should trust for future connections.
* TOFU (Trust On First Use): The user agent learns the pins on first use.
* Backup Key: Always include a backup key to avoid problems during key updates.
* Report URI: Violations can be reported to a specified URI.
* Enforcing or Report-Only Mode: The policy can either be enforced or used in a report-only mode.

syntax and examples
Public-Key-Pins:
pin-sha256 = “ <base64-sha256-of-public-key> ";
max-age = <expireTime-in-seconds>
[; includeSubDomains]
[; report-uri = " <reportURI> "]</reportURI></expireTime-in-seconds></base64-sha256-of-public-key>

Public-Key-Pins-Report-Only:
pin-sha256 = “ <base64-sha256-of-public-key> ";
max-age = <expireTime-in-seconds>
[; includeSubDomains]
[; report-uri = " <reportURI> "]</reportURI></expireTime-in-seconds></base64-sha256-of-public-key>

$ $ curl -s -D - https://scotthelme.co.uk/ | fgrep -i public-key

37
Q

The Challenges of Digital Cash and Payment Protocols

A

In the history of electronic payment systems, there have been notable failures. One example is DigiCash, a digital cash system that failed due to a combination of technical and political issues. Another example is the Secure Electronic Transaction (SET) protocol, which was designed to ensure secure credit card transactions over the internet but failed due to technical difficulties and organizational challenges.

38
Q

The Current Standard: Credit Card Payments over TLS

A

Today, the most common method for online payments is the transmission of credit card numbers over a TLS (Transport Layer Security) channel. While this method provides a basic level of security, it does not eliminate the risk of fraud. For instance, VISA Europe has reported that although internet transactions account for only 2% of the total transaction volume, they generate about 50% of fraud attempts.

39
Q

Web-Based Payment Architecture for E-payment

A

Baseline Requirements
For web-based payments, the fundamental requirements are:
* The buyer must own a credit card.
* The buyer must use a TLS-enabled browser.

Schema
1. there is an offer from the merchant (server)
2. the cardholder (client) makes an order to the merchant
3. the server redirects the request to a virtual POS = PAYMENT GATEWAY
4. the virtual POS asks to the client to enter the c.c.
5. the client sends the c.c. data
6. the virtual POS communicates with the payment network to verify client’s data
7. the payment network confirms
8. the virtual POS tells to the server that the payment is OK

Consequences of This Architecture
The security of online payments heavily depends on the configuration of both the server and the client. In this setup:
* The payment gateway has access to all the payment information as well as details about the goods or services being purchased.
* The merchant, on the other hand, only receives information about the goods or services, not the payment details.

40
Q

PCI DSS (Payment Card Industry Data Security Standard)

A

PCI DSS is a security standard required by all credit card issuers for internet-based transactions. It is known for its detailed technical requirements.

Versions of PCI DSS: v2.0, v3.0, v3.1, v3.2, v3.2.1

PCI DSS Prescriptions
* Designing, Building, and Operating a Secure Network
⁃ Install and Maintain a Firewall Configuration: firewalls must be configured to protect cardholder data
⁃ Do Not Use Vendor-Supplied Defaults: Default passwords and other security settings provided by the manufacturer should be changed to enhance security.
* Protecting Cardholder Data
⁃ Protect Stored Cardholder Data: Any stored cardholder data must be protected through encryption and other security measures.
⁃ Encrypt Transmission of Cardholder Data: Cardholder data must be encrypted when transmitted across open, public networks.
* Vulnerability Management Program
⁃ Use and Regularly Update Antivirus Software: Antivirus software must be used and kept up to date to protect systems from malware.
⁃ Develop and Maintain Secure Systems and Applications: Applications and systems must be securely developed and maintained to prevent vulnerabilities.
* Implementing Strong Access Control
⁃ Restrict Access to Cardholder Data: Access to cardholder data should be limited to only those individuals who need it to perform their jobs.
⁃ Assign a Unique ID to Each Person: Each user must have a unique identifier to track their activities and ensure accountability
⁃ Restrict Physical Access to Cardholder Data: Physical access to systems containing cardholder data should be restricted and controlled.
* Regular Monitoring and Testing of Networks
⁃ Track and Monitor All Access to Network Resources and Cardholder Data: Monitoring systems should be in place to track all access to network resources and cardholder data
⁃ Regularly Test Security Systems and Processes: Security systems and processes should be tested periodically to ensure they are effective.
* Adopting a Security Policy
⁃ Maintain a Security Policy: A comprehensive security policy must be adopted and maintained to guide the protection of cardholder data.

These requirements are designed to ensure that organizations handling credit card data do so in a secure manner, minimizing the risk of data breaches and fraud.

Information Systems Security (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions