Introduction

♦Haroula Zouridaki♦Mohammed Bin Abdullah♦Waheed Qureshi

Introduction

Comparing Secure Hypertextprotocol (S-HTTP) to Secure Socket Layer (SSL)

Agenda

♦Waheed– opens the presentation– introduces S-HTTP

♦Haroula– introduces SSL

♦Mohammed– Compares S-HTTP to SSL– Concludes the presentation

Internet Security♦Two basic security services

– Access Security– Transaction Security

♦Several mechanism to provide transaction security– S-HTTP– SSL– PCT– SET

S-HTTP

♦Developed by the Enterprise Integration Technologies (EIT) Inc in 1994

♦EIT formed Terisa Systems in conjunction with RSA Data Security

♦Terisa Systems is currently owned by spyrus Inc.

♦Verifone?

Functionality

♦Message oriented protocol♦Works at the application layer

WWW ClientCrypto Smarts

Encryptedand/or signedmessage

Network Layer

WWW ServerCrypto Smarts

Encryptedand/or signedmessage

Network Layer

Client Machine Server Machine

Secure HTTP

Unencrypted Channel

How does it work

♦Message Preparation:– Clear text message not necessarily HTTP– Receiver’s cryptographic preferences and

keying material– Sender’s cryptographic preferences and keying

material

How does it work (Cont’)

♦Message Recovery– Receiver gets the S-HTTP message– Receiver’s stated cryptographic

preferences and keying material– Receiver’s current cryptographic

preferences and keying material– Sender’s previously stated cryptographic

options

Security Services

♦Provides following security services– Confidentiality– Non-repudiation– Integrity– Authentication

Currently Supported Certificates and Algorithms♦One-way hash functions

– MD2 ,MD5 ,SHA-1♦Encryption Algorithms

– DES-CBC,3DES-CBC (2 or keys), DESX-CBC, IDEA-CFB, RC2-CBC,RC4,CDMF-CBC

♦ Digital Signature Algorithms – RSA, DSS ,SHS

Flexibility♦ Provides symmetric capabilities to both server and

client♦ S-HTTP aware clients can communicate with S-

HTTP oblivious server and vice-versa♦ Allows client and server to negotiate the strength

and type of cryptographic option♦ supports PKI, Kerberos, and pre-arranged keys♦ Works with non PKI aware clients

Current Implementations

♦NCSA httpd was the initial reference implementation, however it is no longer supported

♦Open Market’s Secure WebServer 2.0 and earlier versions. New version 2.1 no longer supports S-HTTP

♦SPRY Inc.'s SafteyWEB was a freely distributed version of S-HTTP server.

Why is S-HTTP disappearing?♦Application dependent♦ Implementation is time consuming♦Netscape is used among 70% of the internet

community♦SSL/TLS is becoming a standard

Secure Sockets Layer (SSL):♦ Netscape Protocol♦ Layered on top of Transmittion Control Protocol

[TCP]♦ Layered below protocols that run on top of

TCP/IP[HTTP, LDAP, IMAC]♦ Later refitted as Internet Engineering Task Force

[IETF] standard Transport Layer Security [TLS]♦ Session oriented

Security Services:

♦Confidentiality-All data encrypted

♦ Integrity-MAC, sequence number, per session key

♦Authentication-Public Key Cryptography

Protocol Architecture:

♦SSL Record Protocol

♦SSL Handshake Protocol

SSL Handshake Protocol:

SSL session begins with the handshake

♦Authentication♦Key exchange♦ Initialization, synchronization of security

parameters

SSL Record Protocol:

♦ Data sent via this protocol

- Data compression- Data encryption- MAC to check the integrity

Cryptographic Technique

♦ Message digest algorithmes-MD5. Message Digest algorithm developed by Rivest.-SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government.

♦ Encryption algorithms-DES. Data Encryption Standard, an encryption algorithm used by the U.S. Government.-RC2 and RC4. Rivest encryption ciphers developed for RSA Data Security.-Triple-DES. DES applied three times.-IDEA .International Data Encryption Algorithm.

♦ Digital signature algorithms-DSA. Digital Signature Algorithm, part of the digital authentication standard used by the U.S. Government.-RSA. A public-key algorithm for both encryption and authentication. Developed by Rifest, Shamir, and Adleman.

♦ Key exchange algorithm-KEA. Key Exchange Algorithm, an algorithm used for key exchange by the U.S. Government.-RSA key exchange. A key-exchange algorithm for SSL based on the RSA algorithm.-SKIPJACK. A classified symmetric-key algorithm implemented in FORTEZZA-compliant hardware used by the U.S. Government.

SSL comes in two strengths:

♦ 40-bit ♦ 128-bit session key.

Hardware Accelerators:

♦ Why we need cryptographic accelerators:-typical server: 12 new SSL connections/sec.-accelerator fitted: 240 new SSL connections/sec.

♦ Queuing problem.

♦ Examples:1. Compaq AXL200 PCI Accelerator Card2. NCipher's nFast

3. Intel Netstructure 7110 e-Commerce Accelerator

Implementation:♦ Public Domain:Servers

-Open SSL-Apache-SSL-SSLeay-Mod_SSL-SSLref

♦ Commercial Domain:SSL Server Certificates:

-40-bit: $125 -128-bit: $300 -Renew: $100

S-HTTP vs. SSL: Functionality Performance

Performance factor S-HTTP SSL

Establishment latency Minimal High to medium

Overhead Significant depending on service provided Not significant

Processing Complexity Significant depending on service provided Not significant

Server resources Stateless/Stateful Stateful

S-HTTP vs. SSL: Functionality Compatibility with other protocol

WWW ClientCrypto Smarts

Encryptedand/or signedmessage

Network Layer

WWW ServerCrypto Smarts

Encryptedand/or signedmessage

Network Layer

Client Machine Server Machine

HTTP

Unencrypted Channel

S-HTTP Application-levelSecurity

Client Machine Server Machine

WWW Server

Normal HTTPmessage

Network LayerCrypto Smarts

WWW Client

Normal HTTPmessage

Network LayerCrypto Smarts

HTTP

Encrypted Channel

SSLConnection-levelSecurity

S-HTTP vs. SSL: Functionality Compatibility with other protocol

Protocol/Applications S-HTTP SSL

Proxy software Limited Support Practically NO support

Main Web applications/ protocols HTTP only HTTP, FTP, Telnet,

NNTP

Other Protocols CRL Servers, Kerberos LDAP, Kerberos*

S-HTTP vs. SSL: Functionality Negotiation Flexibility

Security Services S-HTTP SSL

Combination Any Combination is Allowed

Certain Services are Mandatory

Order Any Order is Allowed Order of Service is Enforced

S-HTTP vs. SSL: Functionality Key Exchange Mechanisms

Key Exchange Mechanism S-HTTP SSL

Kerberos Yes Yes*

RSA Yes Yes

FORTEZZA No Yes

Diffie-Hellman Yes Yes

KEA No Yes

Inband** Yes No

Out of band (prearranged) Yes No

* Apache SSL** Inband: Refers to the direct assignment of an uncovered key to a symbolic name.

This name could be used for later reference.

S-HTTP vs. SSL: Security Security Services

Security Service S-HTTP SSL

Confidentiality Yes Yes

Message Integrity Yes Yes

Authentication Yes Yes

Non-repudiation Yes No

S-HTTP vs. SSL: Security Vulnerability

S-HTTP • Traffic analysis attacks.• Key-exchange algorithm rollback attack• Use of in-band key exchange • Use of in-band key exchange is potentially problematic • Local clocks-based time stamps• Denial of service attack

SSL• Traffic analysis attacks.• Key-exchange algorithm rollback attack • Weakness of some implementation of (PKCS#1) • Denial of service attack

S-HTTP vs. SSL: Security Future Trend

All indications show that S-HTTP seems to be loosing the battle to SSL

Conclusion

♦No single web security solution♦Evaluate the security technologies based on

the application needs♦ use a combination of secure technologies♦Focus on more than a flawless protocol and

non-technical factors. ♦Security policy enforcement