With the transformation of the Internet from a network used primarily by universities and research laboratories to a worldwide communications medium, attacks on the World Wide Web and Internet can have serious consequences. These attacks can involve nuisance attacks, phishing, criminal exploits, and, in information warfare, incapacitation of a nation’s critical infrastructure. Thus, there is a need for protecting nodes on the Internet and for providing for the confidentiality, integrity, and availability of information utilizing these networks.
Phishing is a term that refers to a large groups of exploits using the Internet to commit identity theft. Simply, phishing is the automated stealing of personal information for financial gain. Phishers use a variety of means to accomplish this, including:
- Social engineering through e-mail and brand spoofing
- Infected Web sites and cookies
- Trojan horses and spyware
- Browser hijacking and redirection
- Keyloggers and spybots
Spyware and Trojans, in addition to viruses, are commonly distributed via phishing exploits also, although some of these aren’t specifically designed to perpetrate identity theft or financial loss.
Browser hijackers change Web browser settings to switch home pages or hijack search functions. A browser hijacker is a type of malware program that alters your computer’s browser settings so that you are redirected to Web sites that you had no intention of visiting.
REDIRECTION
Redirection is a technique for moving visitors to a different site when its address has been changed and visitors are familiar with the old address. Redirection is used legitimately when users visit the Web site of a company whose name has changed or that has been acquired by another company. In either case, the website probably includes a new domain name and has a new Uniform Resource Locator (URL).
Redirection is often combined with browser hijackers to surreptitiously change the user’s browser settings and direct users to an inappropriate site.
For example, browser hijackers can set browser home pages and search settings to point to pornographic sites or generate pornographic pop-up windows faster than the user can shut them. Some browser hijackers have a financial incentive, altering default home pages and search pages to those of their customers, who pay for that service per referral or click-through. More virulent versions may redirect users to sites that install spyware.
Browser hijackers can create incidental problems because of the nature of the material they download, such as leaving pornography or other inappropriate material on the hard drive. Poorly coded browser hijackers may severely impact infected computer’s performance. Software may freeze and cause the computer to crash or reboot.
The Secure Sockets Layer (SSL) Protocol was developed by Netscape in 1994 to protect the confidentiality of information transmitted between two applications, to verify the integrity of the communications, and to provide an authentication means in both directions. SSL implements these functions using public- and private-key encryption and a message authentication code (MAC).
Microsoft has developed a newer version of SSL, Transport Layer Security (TLS). As with SSL, TLS implements confidentiality, integrity, and authentication above the Transport Layer and is application independent. Because SSL and TLS ride on the Transport Layer protocol, they are independent of the application. Thus, SSL and TLS can be used with applications such as Telnet, FTP, HTTP, and e-mail protocols.
Both SSL and TLS use certificates for public-key verification that are based on the X.509 standard.
The design goals of SSL 3.0 were to provide:
- Cryptographic security - protection of the confidentiality of transmitted messages
- Interoperability - applications should be able to be developed using SSL 3.0 by groups of individuals without knowledge of each other’s code
- Extensibility - the ability to incorporate different encryption algorithms into SSL 3.0 without major changes to SSL 3.0
- Relative efficiency - efficient utilization of computing and network resources
Session keys generated during SSL private-key cryptography transactions are either 40 bits or 128 bits in length. Newer browsers support 128-bit encryption.
The SSL Protocol comprises two layers: the SSL Record Protocol and the SSL Handshake Protocol. The SSL Record Protocol is layered above a transport protocol, such as TCP. This Record Protocol is used for encapsulation of higher-level protocols, such as the SSL Handshake Protocol. The latter protocol is used for client/server mutual authentication, negotiation of a cryptographic algorithm, and exchange of cryptographic keys.
Thus, through these mechanisms, SSL provides:
- Mutual authentication using public-key cryptography based on algorithms such as the Digital Signature Standard (DSS) and RSA
- Encryption of messages using private-key cryptography based on algorithms such as IDEA, 3DES, and RC4
- Integrity verification of the message using a keyed message authentication code (MAC) based on hash functions such as MD5 and SHA.
Similar to SSL, the TLS Protocol comprises the TLS Record and Handshake Protocols. The TLS Record Protocol is layered on top of a transport protocol such as TCP and provides privacy and reliability to the communications. The privacy is implemented by encryption using symmetric-key cryptography such as DES or RC4. The secret key is generated anew for each connection; however, the Record Protocol can be used without encryption. Integrity is provided through the use of a keyed Message Authentication Code (MAC) using hash algorithms such as SHA or MD5.
The TLS Record Protocol is also used to encapsulate a higher-level protocol such as the TLS Handshake Protocol. The server and client use this Handshake Protocol to authenticate each other. The authentication can be accomplished using asymmetric-key cryptography such as RSA or DSS. The Handshake Protocol also sets up the encryption algorithm and cryptographic keys to enable the application protocol to transmit and receive information.
HTTP/S
URLs of Web pages using the SSL Protocol start with HTTPs, denoting the Hypertext Transfer Protocol with SSL.
Since TLS is based on SSL, they have similar functionality and goals; however, SSL and TLS have enough differences that they cannot interoperate. In order to address this situation, TLS has a built-in mechanism that can be used to make TLS compatible with SSL 3.0.
Secure HTTP (S-HTTP) is a communications protocol designed to provide secure messaging over HTTP. S-HTTP provides equal and symmetric capabilities to both client and server, but one entity that is S-HTTP-enabled can communicate with another entity that is not S-HTTP capable. In that instance, the security features would not be operable. S-HTTP implements secure, end-to-end transactions.
S-HTTP supports a symmetric-key encryption-only mode and, therefore, does not require public-key encryption for key exchanges. It is flexible, however, and permits the clients and servers to use different forms of transactions related to the signing of messages, encryption of messages, algorithms used, and types of certificates.
In summary, S-HTTP is a protocol that supports:
- Option negotiations for defining the type of transactions desired
- A variety of key management approaches
- Different trust models
- Multiple cryptographic algorithms
- Multiple operation modes
- Different encapsulation formats
No comments:
Post a Comment