Web Security I and II (2013-14 Fall/Winter)

Summary

This sequence of two courses will introduce graduate and qualified undergraduate students to the fundamental principles of web security including current practical attack and defense strategies on the web. This sequence of courses also includes a security-conscious introduction to web technologies and web development, the mathematical foundations of web security and web privacy, and future developments to come in web security. See the lecture-by-lecture schedule below for complete details.

The course will include programming assignments and also exercises using a deliberately insecure web site, allowing students to write programs that exploit vulnerabilities on web sites and learn effective defense strategies.

Textbook

There is no prescribed textbook for this course. Lecture notes, free online resources, articles published in research journals, and pieces in the mainstream media will together serve as the reading material for the course.

Prerequisites

Programming experience is highly recommended; however, expertise in no particular language is a pre-requisite for this course.

The course content includes material that uses programming languages most relevant to the web (e.g., JavaScript) and languages used in web development (e.g., HTML and CSS). Knowledge of HTML, CSS and JavaScript is helpful but not required to register for the course. This course does not include a full-fledged introduction to these languages; but, the lectures will include an elementary introduction to these languages as necessary in order to explain concepts relevant to web security. Students will receive guidance in learning what is needed through homework exercises and online tutorials and students will be expected to learn basics of these languages during the course.

In some course materials and assignments, especially those involving back-end web programming and cryptographic computations, the course will primarily use Python. However, Python being among the easiest of programming languages to learn, students are not expected to know Python before registering. Prior knowledge of Python may be helpful but is not required for this course. Students not familiar with Python will be expected to learn basic programming using Python; guidance on learning Python will be provided by the instructor.

Syllabus

The following is the week-by-week schedule (tentative, subject to changes) of topics covered in this sequence of two courses. Lectures 1 through 9 will be part of first course in the sequence (Web Security I). Lectures 10 through 17 will be part of the second course in the sequence (Web Security II).

Lecture 1: A security-conscious introduction to web protocols.

  • An introduction to issues in web security and the most common risks and attack strategies including information leakage, corss-site scripting, cross-site request forgery and injection attacks.
  • An overview of web protocols and systems; Hypertext Transfer Protocol (HTTP) and TCP/IP; basic syntax of HTTP, request and response messages and the associated security issues; HTTP Referer header behavior; HTTP cookies; HTTP caching; HTTP proxies.
  • HTTP response splitting; cache poisoning and page hijacking with HTTP response splitting; HTTP-SMTP interactions and related security issues.
  • The syntax of Uniform Resource Locators (URLs) and its security consequences; relative URLs.

Lecture 2: Symmetric and public key encryption.

  • Symmetric key cryptography; Data Encryption Standard (DES) and the Advanced Encryption Standard (AES); the history of legal restrictions on cryptography; the history of DES and AES; triple DES; cipher block chaining; attacks on cryptographic protocols; current practice and future directions.
  • Secret key exchange protocols; the Diffie-Hellman Exchange (DHE); attacks on DHE and countermeasures.
  • Fundamentals of number theory; modular arithmetic; Fermat's and Euler's theorems; primality testing; the Chinese Remainder Theorem.
  • Principles of public key cryptography; the RSA algorithm and practical implementation details; the choice of public and private keys; strategies for attacking RSA; how secure is RSA?
  • Cryptography in practice on the web; the limitations of cryptography; future directions.

Lecture 3: Digital certificates and authentication.

  • Authentication protocols; message integrity; message digests and cryptographic hash algorithms; essential properties of hash functions.
  • Cryptographic hash functions; MD5; Secure Hash Algorithm (SHA), SHA-2 and SHA-3; message authentication codes; digital signatures.
  • Digital certificates; certification authorities and certificate chains; certificate revocation; an X.509 certificate.
  • Case studies of DigiNotar and Comodo; current practice and future directions.

Lecture 4: A security-conscious introduction to HTML and CSS.

  • HyperText Markup Language (HTML) and its syntax; early growth of HTML; HTML parsing behavior; HTML content and forms; security basics of HTML; a brief introduction to XMLHTTPRequest.
  • HTML-based attacks and countermeasures; cross-site scripting using HTML; entity-encoding and its significance in HTML.
  • Cascading Style Sheets (CSS) and its syntax; the CSS parser and security consequences; CSS-based attacks and countermeasures including code injection, clickjacking and history mining.

Lecture 5: A security-conscious introduction to JavaScript.

  • An introduction to JavaScript and its runtime environment; JavaScript contexts; its parsing order, processing order and execution order; JavaScript objects and the concept of prototypes.
  • The Document Object Model (DOM) and the JavaScript object hierarchy; the Window object; security concerns with certain DOM properties;
  • A basic introduction to cross-site scripting; the JavaScript security model.

Lecture 6: Origin-based isolation of content.

  • An introduction to the problem of isolating content in browsers from different origins; the same-origin policy (SOP); what SOP restricts and does not restrict; mechanisms to cross the origin boundaries.
  • A deeper look into the Document Object Model (DOM) and the same-origin policy; attacks based on cross-site scripting.
  • Same-origin policy and session management with HTTP cookies; security policies for cookies; SOP and data theft.
  • Cross-site request forgery (CSRF); token-based validation; the Origin header; login CSRF; countermeasures.
  • Web storage and the same-origin policy; local storage and session storage; security consequences; web cookies.

Lecture 7: Encrypted web communications (HTTPS).

  • Secure Sockets Layer (SSL) and HTTPS; SSL operation; key management in SSL; understanding cipher suites; Transport Layer Security (TLS) and HTTPS; the future of SSL and TLS.
  • TLS implementation; TLS protocols; the handshake protocol in TLS; computation of the master secret; the hashed message authentication code (HMAC).
  • Interception attacks against SSL and TLS; brute force and dictionary attacks on TLS; replay and other attacks on TLS; known vulnerabilities of TLS; computational overhead of TLS.
  • Creating an SSL server and obtaining a certificate; using cookies securely on the server-side; connecting to databases securely; achieving server-side protection through redundancy; guarding the domain registration and DNS.

Lecture 8: Attacks on the Domain Name System (DNS).

  • A review of the DNS protocol; resource records; DNS queries and responses; why is DNS important to security?
  • DNS-based attacks: query redirection attacks; DNS rebinding attacks; DNS timing attacks; DNS cache-poisoning attacks; blind response forgery; the Kaminsky attack.
  • Solutions and counter-measures; DNS pinning; source port randomization; DNS Security Extensions (DNSSEC).

Lecture 9: DNS Security Extensions (DNSSEC).

  • The goals of DNSSEC; resource records in DNSSEC; the concept of a trust anchor; keys in DNSSEC.
  • Authenticated denial of existence and the NSEC3 record; current DNSSEC deployment; the zone enumeration issue in DNSSEC; the Google DNS; OpenDNS and its protection against phishing; current practice and future directions in DNS.

Lecture 10: Security and AJAX (Asynchronous JavaScript with XML).

  • XMLHttpRequest and its relevance to security; JavaScript Object Notation (JSON); using XMLHttpRequest.
  • XMLHttpRequest and the same-origin policy; security implications of custom HTTP headers in XMLHttpRequest; Cross-Origin Resource Sharing (CORS); simple and non-simple CORS requests.
  • Odds and ends: origin inheritance; data: and about:blank pages and security implications; web site back-end programming and network programming in Python.

Lecture 11: Web privacy.

  • Differences between privacy, security and anonymity.
  • User tracking within a site; tracking across multiple sites; third-party tracking; Google's AdID; defending against tracking; the Do Not Track option.
  • Browser history sniffing; timing attacks on privacy; web storage and privacy; browser fingerprinting.
  • HTML, CSS and JavaScript-based privacy leaks; SQL injection.
  • Directory traversal issues; file inclusion and remote file inclusion.

Lecture 12: Anonymous web browsing.

  • Privacy vs. anonymity; why anonymity? what anonymity implies; unlinkability and mixes; the mix process and flushing algorithms.
  • Proxies and proxy chaining; virtual private networks.
  • Onion routing and Tor; circuit establishment in onion routing; how Tor works; key management in Tor; the telescopic circuit establishment.
  • Attacks on Tor; traffic analysis attacks; JavaScript-based attacks on Tor; what Tor can and cannot protect against.
  • De-anonymization of data sets; browser uniqueness; mathematical foundations of de-anonymization; anonymous authentication; zero-knowledge proofs.

Lecture 13: Illegal hosting and anonymous publishing.

  • How does someone host illegal content (e.g., stolen credit card numbers, calls for democracy under an oppressive dictatorship) and get away with it?
  • Distributed hash tables; Freenet and the Dark Freenet.
  • Tor's hidden services; how Tor protects the anonymity of a hidden server; attacks on Tor's hidden services.
  • Botnets and fast-flux proxy networks; algorithmically generated domain fluxes.
  • Darknets; criminal web enterprises; denial of service attacks and cyber-extortion; the underground Internet economics of cybercrime.

Lecture 14: Internet censorship and surveillance.

  • Classes of censorship mechanisms: blocking by service type, user, content or traffic signature; classes of circumvention strategies: mirror sites, proxies, virtual private networks and Tor-like solutions.
  • Keyword filtering; censorship by forged RSTs and dropped SYN/ACK segments; censorship by DNS spoofing; collateral damage of DNS hijacking; IP address blocking mechanisms: null routing, BGP route poisoning; circumvention strategies.
  • Tor and censorship: blocking of public relays and bridges; detecting Tor bridges; a detailed case study of the Great Firewall of China.
  • Circumvention by packet fragmentation; TCP window resizing; flash proxies and pluggable transports; Google as a circumvention tool.
  • Internet surveillance; cybersecurity in international politics; political and corporate policies governing web publishing and Internet freedom; shifts in Internet governance and its implication to censorship and surveillance.

Lecture 15: Elliptic curve cryptography (ECC).

  • What is different about mobile? The mobile web and elliptic curve cryptography.
  • Groups, rings and fields; elliptic curves; the Diffie-Hellman Exchange using ECC; elliptic curve arithmetic; encryption and decryption using ECC.
  • ECC in practice; recommended ECC parameters; the efficiency of ECC.

Lecture 16: Web-based malware.

  • Worms, viruses, spyware and other malware; the web as a vehicle for malware distribution; drive-by download of malware; search worms.
  • Vulnerabilities exploited in web clients and servers: buffer overflow, the stack overflow and the heap overflow; race conditions; SQL injections.
  • Denial-of-Service attacks on the browser; browser limits on execution time, memory use and connections; pop-ups and pop-unders.
  • How attackers attack; the attacker's work bench; reconnaissance; proxy use by attackers; port scanning and vulnerability scanning tools; Metasploit and other penetration testing tools for defense against attackers.

Lecture 17: Fundamental principles of security for both web users and developers.

  • Common software security pitfalls; managing risk; black-box testing; fixing the weakest link; failing gracefully and securely; sand-boxing; using the principle of least privilege.
  • Keeping it simple; incorporating diversity; managing dampness and fairness; building in reciprocity.
  • Protecting your privacy on the web; securing your web browser; security advice for the user.
  • Future directions in browser security.

Grading Policy

The grading in these two courses is based on class participation, homework assignments, programming assignments, one mid-term examination and a final examination, each weighted as follows:

  • Class participation: 5%
  • Weekly homework assignments: 30%
  • Mid-term examination: 25%
  • Final examination: 40%

Policy on homework assignments

Homeworks are always due before the beginning of class hours (5pm on Mondays) approximately two weeks after they are assigned. Homework solutions will be explained during the lecture hours. Homeworks submitted after the due date and time will not be accepted, and will be graded at 0 points.

Policy on exams

All exams in the course will be open-lecture notes. Use of any books or any other material, however, is not permissible. Use of calculators is allowed but use of cellphones, laptops, or any other devices capable of computing are prohibited. The exams will primarily cover material discussed in the lectures and homework assignments.

Policy on Absences

Absence from examinations will be excused only under extraordinary circumstances such as medical or family emergencies. A missed examination without prior approval and without legitimate reasons will be graded at zero points. An absence will be excused only if the student is able to provide legitimate documentation (such as a physician's note). An absence from an examination with prior approval will require the student to take an alternate exam at a later time. Special examinations will not be held earlier or on later dates to accommodate, for example, flight schedules for overseas vacations.

Policy on Academic Honesty

Each student is expected to complete weekly assignments independently; it is not acceptable to copy another student's work or to copy solutions from any other source. Barring action on flagrant violations, an honor system will be assumed.

The following is a partial list of activities that will be considered to constitute academic dishonesty:

  • Presenting the work of another person (fellow student or not) as your own.
  • Cheating in an examination such as through conversations with other students, sharing textbooks, calculators or other materials with another student, using unauthorized material not approved by the instructor, or by inappropriate or unauthorized use of technology such as laptops and cell-phones during an examination.
  • Using or attempting to use the work of another student or providing answers to other students.
  • Failing to take reasonable measures to protect your work from use by other students in assignments, projects or examinations.

Penalties for academic dishonesty will be strictly enforced and will include a lowering of the grade or a failing grade in the course.