Post on 03-Feb-2022
Introduction
♦Haroula Zouridaki♦Mohammed Bin Abdullah♦Waheed Qureshi
Introduction
Comparing Secure Hypertextprotocol (S-HTTP) to Secure Socket Layer (SSL)
Agenda
♦Waheed– opens the presentation– introduces S-HTTP
♦Haroula– introduces SSL
♦Mohammed– Compares S-HTTP to SSL– Concludes the presentation
Internet Security♦Two basic security services
– Access Security– Transaction Security
♦Several mechanism to provide transaction security– S-HTTP– SSL– PCT– SET
S-HTTP
♦Developed by the Enterprise Integration Technologies (EIT) Inc in 1994
♦EIT formed Terisa Systems in conjunction with RSA Data Security
♦Terisa Systems is currently owned by spyrus Inc.
♦Verifone?
Functionality
♦Message oriented protocol♦Works at the application layer
WWW ClientCrypto Smarts
Encryptedand/or signedmessage
Network Layer
WWW ServerCrypto Smarts
Encryptedand/or signedmessage
Network Layer
Client Machine Server Machine
Secure HTTP
Unencrypted Channel
How does it work
♦Message Preparation:– Clear text message not necessarily HTTP– Receiver’s cryptographic preferences and
keying material– Sender’s cryptographic preferences and keying
material
How does it work (Cont’)
♦Message Recovery– Receiver gets the S-HTTP message– Receiver’s stated cryptographic
preferences and keying material– Receiver’s current cryptographic
preferences and keying material– Sender’s previously stated cryptographic
options
Security Services
♦Provides following security services– Confidentiality– Non-repudiation– Integrity– Authentication
Currently Supported Certificates and Algorithms♦One-way hash functions
– MD2 ,MD5 ,SHA-1♦Encryption Algorithms
– DES-CBC,3DES-CBC (2 or keys), DESX-CBC, IDEA-CFB, RC2-CBC,RC4,CDMF-CBC
♦ Digital Signature Algorithms – RSA, DSS ,SHS
Flexibility♦ Provides symmetric capabilities to both server and
client♦ S-HTTP aware clients can communicate with S-
HTTP oblivious server and vice-versa♦ Allows client and server to negotiate the strength
and type of cryptographic option♦ supports PKI, Kerberos, and pre-arranged keys♦ Works with non PKI aware clients
Current Implementations
♦NCSA httpd was the initial reference implementation, however it is no longer supported
♦Open Market’s Secure WebServer 2.0 and earlier versions. New version 2.1 no longer supports S-HTTP
♦SPRY Inc.'s SafteyWEB was a freely distributed version of S-HTTP server.
Why is S-HTTP disappearing?♦Application dependent♦ Implementation is time consuming♦Netscape is used among 70% of the internet
community♦SSL/TLS is becoming a standard
Secure Sockets Layer (SSL):♦ Netscape Protocol♦ Layered on top of Transmittion Control Protocol
[TCP]♦ Layered below protocols that run on top of
TCP/IP[HTTP, LDAP, IMAC]♦ Later refitted as Internet Engineering Task Force
[IETF] standard Transport Layer Security [TLS]♦ Session oriented
Security Services:
♦Confidentiality-All data encrypted
♦ Integrity-MAC, sequence number, per session key
♦Authentication-Public Key Cryptography
Protocol Architecture:
♦SSL Record Protocol
♦SSL Handshake Protocol
SSL Handshake Protocol:
SSL session begins with the handshake
♦Authentication♦Key exchange♦ Initialization, synchronization of security
parameters
SSL Record Protocol:
♦ Data sent via this protocol
- Data compression- Data encryption- MAC to check the integrity
Cryptographic Technique
♦ Message digest algorithmes-MD5. Message Digest algorithm developed by Rivest.-SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government.
♦ Encryption algorithms-DES. Data Encryption Standard, an encryption algorithm used by the U.S. Government.-RC2 and RC4. Rivest encryption ciphers developed for RSA Data Security.-Triple-DES. DES applied three times.-IDEA .International Data Encryption Algorithm.
♦ Digital signature algorithms-DSA. Digital Signature Algorithm, part of the digital authentication standard used by the U.S. Government.-RSA. A public-key algorithm for both encryption and authentication. Developed by Rifest, Shamir, and Adleman.
♦ Key exchange algorithm-KEA. Key Exchange Algorithm, an algorithm used for key exchange by the U.S. Government.-RSA key exchange. A key-exchange algorithm for SSL based on the RSA algorithm.-SKIPJACK. A classified symmetric-key algorithm implemented in FORTEZZA-compliant hardware used by the U.S. Government.
SSL comes in two strengths:
♦ 40-bit ♦ 128-bit session key.
Hardware Accelerators:
♦ Why we need cryptographic accelerators:-typical server: 12 new SSL connections/sec.-accelerator fitted: 240 new SSL connections/sec.
♦ Queuing problem.
♦ Examples:1. Compaq AXL200 PCI Accelerator Card2. NCipher's nFast
3. Intel Netstructure 7110 e-Commerce Accelerator
Implementation:♦ Public Domain:Servers
-Open SSL-Apache-SSL-SSLeay-Mod_SSL-SSLref
♦ Commercial Domain:SSL Server Certificates:
-40-bit: $125 -128-bit: $300 -Renew: $100
S-HTTP vs. SSL: Functionality Performance
Performance factor S-HTTP SSL
Establishment latency Minimal High to medium
Overhead Significant depending on service provided Not significant
Processing Complexity Significant depending on service provided Not significant
Server resources Stateless/Stateful Stateful
S-HTTP vs. SSL: Functionality Compatibility with other protocol
WWW ClientCrypto Smarts
Encryptedand/or signedmessage
Network Layer
WWW ServerCrypto Smarts
Encryptedand/or signedmessage
Network Layer
Client Machine Server Machine
HTTP
Unencrypted Channel
S-HTTP Application-levelSecurity
Client Machine Server Machine
WWW Server
Normal HTTPmessage
Network LayerCrypto Smarts
WWW Client
Normal HTTPmessage
Network LayerCrypto Smarts
HTTP
Encrypted Channel
SSLConnection-levelSecurity
S-HTTP vs. SSL: Functionality Compatibility with other protocol
Protocol/Applications S-HTTP SSL
Proxy software Limited Support Practically NO support
Main Web applications/ protocols HTTP only HTTP, FTP, Telnet,
NNTP
Other Protocols CRL Servers, Kerberos LDAP, Kerberos*
S-HTTP vs. SSL: Functionality Negotiation Flexibility
Security Services S-HTTP SSL
Combination Any Combination is Allowed
Certain Services are Mandatory
Order Any Order is Allowed Order of Service is Enforced
S-HTTP vs. SSL: Functionality Key Exchange Mechanisms
Key Exchange Mechanism S-HTTP SSL
Kerberos Yes Yes*
RSA Yes Yes
FORTEZZA No Yes
Diffie-Hellman Yes Yes
KEA No Yes
Inband** Yes No
Out of band (prearranged) Yes No
* Apache SSL** Inband: Refers to the direct assignment of an uncovered key to a symbolic name.
This name could be used for later reference.
S-HTTP vs. SSL: Security Security Services
Security Service S-HTTP SSL
Confidentiality Yes Yes
Message Integrity Yes Yes
Authentication Yes Yes
Non-repudiation Yes No
S-HTTP vs. SSL: Security Vulnerability
S-HTTP • Traffic analysis attacks.• Key-exchange algorithm rollback attack• Use of in-band key exchange • Use of in-band key exchange is potentially problematic • Local clocks-based time stamps• Denial of service attack
SSL• Traffic analysis attacks.• Key-exchange algorithm rollback attack • Weakness of some implementation of (PKCS#1) • Denial of service attack
S-HTTP vs. SSL: Security Future Trend
All indications show that S-HTTP seems to be loosing the battle to SSL
Conclusion
♦No single web security solution♦Evaluate the security technologies based on
the application needs♦ use a combination of secure technologies♦Focus on more than a flawless protocol and
non-technical factors. ♦Security policy enforcement