Introduction to Network Security Missouri S&T University CPE 5420 Application and Transport Layer Security

Transcription

1 Introduction to Network Security Missouri S&T University CPE 5420 Application and Transport Layer Security Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology 7 October 2016 rev Egemen K. Çetinkaya

2 Background Security of Higher Layers Outline Transport layer security Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 2

3 Background Security of Higher Layers Background Transport layer security Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 3

4 Network Architecture and Topology The Network Collection nodes or intermediate systems (IS) switches, routers, bridges, etc. Interconnected by links that Provide connectivity among end systems (ES) or hosts or terminals desktops, laptops, servers, telephone handsets, etc. note: in some networks nodes may be both ES and IS 7 October 2016 MST CPE 5420 Application & Transport Layer Security 4

5 Network Architecture and Topology The Network multihomed wireless link End system Intermediate system edge or access switch core or backbone switch 7 October 2016 MST CPE 5420 Application & Transport Layer Security 5

6 Protocol Layering OSI Model ISO 7498: open systems interconnection protocol: rules for communication between entities 7 application application application 6 presentation data formatting 5 session dialogue management 4 transport end-to-end 3 network forwarding/routing 2 link hop-by-hop MAC medium access control 1 physical transmission 7 October 2016 MST CPE 5420 Application & Transport Layer Security 6

7 L7 L5 L4 L3 L2 L2 L1 Protocol Layering Hybrid Layer/Plane Cube data plane physical application transport network link management control plane session MAC p l a n e 7 October 2016 MST CPE 5420 Application & Transport Layer Security 7

8 Application Layer Background Motivation What is the ultimate purpose of networking? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 8

9 Application Layer Background Motivation To support distributed applications Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 9

10 Application Layer Background Motivation Applications run on end systems Communicate over network Network core devices do not run user applications 7 October 2016 MST CPE 5420 Application & Transport Layer Security 10

11 Application Layer Background Example Applications What are some applications? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 11

12 Web Application Layer Background Example Applications Instant messaging Remote login P2P file sharing Multi-user network games Video conferencing Video streaming Social networks? layer 7 or higher? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 12

13 Internet Protocols Important Application Layer Protocols Protocol Name Function/Use Status Ref HTTP FTP hypertext transfer protocol file transfer protocol Web browsing file and document transfer draft standard standard Telnet telnet remote login standard SMTP POP IMAP simple mail transfer protocol post office protocol internet message access protocol relay and delivery server mail download server mail access NFS network file system remote access to files RTSP real-time streaming protocol control of multimedia streaming standard standard proposed standard proposed standard proposed standard RFC 2616 RFC 0959 STD 0009 RFC 0854 STD 0008 RFC 0821 STD 0010 RFC 1939 STD 0053 RFC 3501 RFC 3530 RFC October 2016 MST CPE 5420 Application & Transport Layer Security 13

14 Application Layer Background Application Characteristics Application types: how does utility vs. delay look? best effort interactive real-time deadline Application types dictate transport layer services delay throughput loss tolerance security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 14

15 Network Architecture and Topology Application Relationships request client Client/server e.g. Web browsing response server data streams with embedded synchronisation Peer-to-peer e.g. telepresence (video-conferencing) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 15

16 Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 16

17 Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 17

18 Transport Layer Background Motivation Ideal network characteristics: zero end-to-end delay unlimited end-to-end bandwidth no errors Reality is not ideal Need an end-to-end protocol to: handle delay control transmission rate perform error recovery 7 October 2016 MST CPE 5420 Application & Transport Layer Security 18

19 Transport Layer Background Services It provides logical communication between application processes running on different hosts Transport protocols run in end systems sender side: breaks app messages into segments passes to network layer (i.e. encapsulates) receiver side: reassembles segments into messages passes to application layer (i.e. decapsulates) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 19

20 Transport Layer Background Services Draw logical connections? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 20

21 Transport Layer Background Layering Egemen K. Çetinkaya end system repeater / bridge router end system transport transport network network network link link link link Transport layer is end-to-end (E2E) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 21

22 Transport Layer Background Services Egemen K. Çetinkaya What are the important transport layer protocols? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 22

23 Internet Protocols Important Transport Protocols Protocol Name Function Status Ref TCP transmission control protocol reliable data transfer with congestion control standard RFC 0793 STD 0007 UDP user datagram protocol socket access to unreliable IP datagrams standard RFC 0768 STD 0006 RTP real-time protocol streaming media (typically over UDP) standards track RFC 1889 T/TCP TCP for transactions remote login experimental RFC 1644 RDP reliable data protocol reliable data transfer with no congestion control experimental RFC 0908 SCTP stream control transmission protocol signalling proposed for wireless proposed standard RFC October 2016 MST CPE 5420 Application & Transport Layer Security 23

24 Transport Layer Background Services Egemen K. Çetinkaya What are important characteristics of TCP and UDP? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 24

25 Transport Layer Background Services TCP: Transmission Control Protocol reliable, in-order delivery congestion control flow control connection setup UDP: User Datagram Protocol unreliable, unordered delivery, aka best effort delivery no connection establishment (no handshaking) no congestion control 7 October 2016 MST CPE 5420 Application & Transport Layer Security 25

26 Transport Layer Background Services Egemen K. Çetinkaya What s difference between flow & congestion control? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 26

27 Transport Layer Background Services Flow control control transmission not to overwhelm the receiver Congestion control control transmission not to overwhelm the network 7 October 2016 MST CPE 5420 Application & Transport Layer Security 27

28 Transport Layer Security Overview What are transport-layer security protocols? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 28

29 Transport Layer Security Overview Secure Sockets Layer (SSL) Transport Layer Security (TLS) Note that they don t substitute TCP/UDP 7 October 2016 MST CPE 5420 Application & Transport Layer Security 29

30 Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 30

31 Secure Sockets Layer Overview One of the most widely used security services Set of protocols that rely on TCP Implementation can be provided in two ways: as an underlying protocol suite to applications can be embedded in packages; web browsers etc. Developed by Netscape Brief history: V1 never released to public V2 released in 1995 V3 released in 1996, RFC October 2016 MST CPE 5420 Application & Transport Layer Security 31

32 Secure Sockets Layer Protocol Stack SSL is not a single layer protocol it has two layers of protocols 7 October 2016 MST CPE 5420 Application & Transport Layer Security 32

33 Secure Sockets Layer Architecture SSL is a layered protocol Lower layer protocol SSL record protocol Higher layer protocols handshake protocol SSL change cipher spec protocol SSL alert protocol 7 October 2016 MST CPE 5420 Application & Transport Layer Security 33

34 Secure Sockets Layer SSL Record Protocol Operation Egemen K. Çetinkaya Multiple operations performed in SSL record protocol 7 October 2016 MST CPE 5420 Application & Transport Layer Security 34

35 Secure Sockets Layer SSL Record Protocol Operation Egemen K. Çetinkaya What are the services provided? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 35

36 Secure Sockets Layer SSL Record Protocol Operation Egemen K. Çetinkaya Confidentiality, authentication, and message integrity 7 October 2016 MST CPE 5420 Application & Transport Layer Security 36

37 Fragmentation Secure Sockets Layer SSL Record Protocol Operation APDUs are fragmented into blocks of 2 14 bytes or less Optional compression Message authentication code for integrity similar to HMAC; uses MD5 or SHA-1 Encryption block ciphers: AES, DES, 3DES stream ciphers: RC4 and variants Append header content type, major & minor version, compressed length 7 October 2016 MST CPE 5420 Application & Transport Layer Security 37

38 Secure Sockets Layer SSL Record Format Egemen K. Çetinkaya There are four fields to SSL record header 7 October 2016 MST CPE 5420 Application & Transport Layer Security 38

39 Content type (8 bits) Secure Sockets Layer SSL Record Format three SSL-specific protocols change_cipher_spec alert handshake no differentiation between separate application protocols application_data Major version (8 bits); e.g. SSLv3 Minor version (8 bits); minor version 0 Compressed length (16 bits); max value b 7 October 2016 MST CPE 5420 Application & Transport Layer Security 39

40 Secure Sockets Layer Change Cipher Spec Protocol Signals transitions in ciphering strategies The protocol consists of a single message The message consists of a single byte of value 1 The message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the just-negotiated CipherSpec and keys 7 October 2016 MST CPE 5420 Application & Transport Layer Security 40

41 Secure Sockets Layer Alert Protocol Alert messages convey the severity of the message a description of the alert Alert levels are: warning fatal Alert messages with a level of fatal result in the immediate termination of the connection Two types of alert messages closure alerts error alerts 7 October 2016 MST CPE 5420 Application & Transport Layer Security 41

42 Secure Sockets Layer Alert Protocol Messages Egemen K. Çetinkaya Closure alert message closure alert must be sent to avoid a truncation attack close_notify Error alert message always fatal: unexpected_message bad_record_mac decompression_failure handshake_failure illegal_parameter other messages: no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown 7 October 2016 MST CPE 5420 Application & Transport Layer Security 42

43 Secure Sockets Layer Handshake Protocol It is used to negotiate secure attributes of a session Handshake messages supplied to SSL record layer When an SSL client and server start communicating: a protocol version select cryptographic algorithms optionally authenticate each other use public key encryption to generate shared secrets Each message has three fields: type (1 byte) length (3 bytes) content 7 October 2016 MST CPE 5420 Application & Transport Layer Security 43

44 hello_request client_hello server_hello certificate Secure Sockets Layer Handshake Protocol Messages server_key_exchange certificate_request server_hello_done certificate_verify client_key_exchange finished 7 October 2016 MST CPE 5420 Application & Transport Layer Security 44

45 Secure Sockets Layer Handshake Protocol Signalling Client ClientHello > Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Server ServerHello Certificate* ServerKeyExchange* CertificateRequest* < ServerHelloDone Finished > [ChangeCipherSpec] < Finished Application Data < > Application Data Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 45

46 Key exchange Secure Sockets Layer Cryptographic Calculations Diffie-Hellman, RSA, and FORTEZZA Encryption asymmetric algorithms: Diffie-Hellman, RSA, and FORTEZZA symmetric algorithms: DES, AES, RC4 MAC algorithms MD5, SHA-1 7 October 2016 MST CPE 5420 Application & Transport Layer Security 46

47 Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 47

48 Transport Layer Security Overview TLS provides privacy and data integrity Based on SSLv3 protocol specification differences are not dramatic, but significant enough various versions of TLS and SSL 3.0 do not interoperate Layered architecture as SSLv3 Brief history: V1.0 released in RFC 2246 in 1999 V1.1 released in RFC 4346 in 2006 V1.2 released in RFC 5246 in 2008 V1.3 in draft form as of September 2016 (version 16) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 48

49 Transport Layer Security Goals Cryptographic security TLS should establish secure connection between two parties Interoperability programmers should develop applications utilizing TLS Extensibility new public key and encryption methods can be incorporated Relative efficiency cryptographic operations tend to be highly CPU intensive TLS has incorporated an optional session caching scheme to reduce the number of connections 7 October 2016 MST CPE 5420 Application & Transport Layer Security 49

50 SSL/TLS Implementations Implementation SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Botan yes yes yes yes MS Secure Channel yes yes No/disabled No/disabled OpenSSL yes yes yes yes OS X Secure Transport yes yes yes yes REF: 7 October 2016 MST CPE 5420 Application & Transport Layer Security 50

51 Layer-4 Security Conclusions TLS/SSL is a layer above TCP and UDP SSL v3 is being deprecated (RFC 7568, June 2015) There is no secure TCP/UDP RFC 5925: TCP Authentication Option Survey of Security Hardening for TCP Implementations TLS/SSL uses services of reliable TCP protocol What happens when the application requires UDP? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 51

52 Layer-4 Security Conclusions TLS/SSL is a layer above TCP and UDP SSL v3 is being deprecated (RFC 7568, June 2015) TLS/SSL uses services of reliable TCP protocol Some applications require UDP SIP (Session Initiation Protocol) electronic gaming Datagram semantics prohibits use of TLS UDP related RFC 6347 Datagram Transport Layer Security (DTLS) Version 1.2 DTLS is designed to be as similar to TLS as possible 7 October 2016 MST CPE 5420 Application & Transport Layer Security 52

53 Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH 7 October 2016 MST CPE 5420 Application & Transport Layer Security 53

54 Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH 7 October 2016 MST CPE 5420 Application & Transport Layer Security 54

55 Application Security HTTP HTTP: hypertext transfer protocol Documented in RFCs very recent updates, June 2014 Web s application layer protocol Client/server model client requests object from the server server responds with status message Uses TCP port 80 7 October 2016 MST CPE 5420 Application & Transport Layer Security 55

56 Application Security HTTPS HTTP was originally used in the clear on the Internet Increased use of HTTP for sensitive applications has required security measures Simply uses HTTP over TLS/SSL HTTPS is built into all modern Web browsers The default port is for HTTPS is 443 URI format includes: https Documented in RFC October 2016 MST CPE 5420 Application & Transport Layer Security 56

57 Application Security HTTPS Encryption URL of the requested document Contents of the document Contents of browser forms Cookies sent to/from browser to/from server Contents of HTTP header 7 October 2016 MST CPE 5420 Application & Transport Layer Security 57

58 Connection initiation Application Security HTTPS Connections agent acting as HTTP client should also act as the TLS client first, complete TLS handshake the client may then initiate the first HTTP request all HTTP data must be sent as TLS application data Connection closure TLS provides a facility for secure connection closure TLS initiates exchange of closure alerts before closure 7 October 2016 MST CPE 5420 Application & Transport Layer Security 58

59 Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH 7 October 2016 MST CPE 5420 Application & Transport Layer Security 59

60 Application Security SSH The Secure Shell (SSH) Protocol provides secure remote login over insecure network Documented in RFCs Widely available in most operating systems SSH protocol consists of three major components transport layer protocol provides server authentication, confidentiality, and integrity user authentication protocol authenticates the client to the server connection protocol multiplexes the encrypted tunnel into several logical channels 7 October 2016 MST CPE 5420 Application & Transport Layer Security 60

61 Application Security SSH Protocol Stack 7 October 2016 MST CPE 5420 Application & Transport Layer Security 61

62 Application Security SSH Major Components Transport Layer Protocol provides server authentication, confidentiality, and integrity it may optionally also provide compression it typically runs over a TCP/IP connection User Authentication Protocol authenticates the client-side user to the server it runs over the transport layer protocol Connection Protocol multiplexes encrypted tunnel into several logical channels it runs over the user authentication protocol 7 October 2016 MST CPE 5420 Application & Transport Layer Security 62

63 Application Security Remote Login/File Transfer Client Programs PuTTY and Tera Term for Windows OpenSSH for Mac OS X File transfer: WinSCP for Windows SFTP for Linux-like systems 7 October 2016 MST CPE 5420 Application & Transport Layer Security 63

64 Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH 7 October 2016 MST CPE 5420 Application & Transport Layer Security 64

65 Application Security What are the major components of ? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 65

66 Application Security Three major components: user agents mail reader compose, edit, read mail messages clients: MS-Outlook, Mac-Mail mail servers holds mailboxes for incoming and outgoing messages protocol protocols between servers: SMTP retrieval from servers via POP, IMAP Important protocols: SMTP, POP, IMAP, HTTP HTTP/Webmail: Gmail, Hotmail (now Outlook), Yahoo Mail 7 October 2016 MST CPE 5420 Application & Transport Layer Security 66

67 Application Security Internet Mail Architecture 7 October 2016 MST CPE 5420 Application & Transport Layer Security 67

68 Security PGP Overview Pretty Good Privacy (PGP) Uses PKCS encryption for and data security Available in versions that run on variety of platforms First released by Phil Zimmermann in 1991 Provides four services: authentication confidentiality compression conversion 7 October 2016 MST CPE 5420 Application & Transport Layer Security 68

69 PGP Services Authentication Sender creates a message Sender generates a hash code of the message Sender encrypts hash using sender's private key Encrypted hash code is prepended to the message Receiver decrypts hash using sender's public key Receiver generates a new hash for received message compares it to the decrypted hash code If the two match, message is accepted as authentic Combination of SHA-1 and RSA 7 October 2016 MST CPE 5420 Application & Transport Layer Security 69

70 PGP Services Confidentiality PGP provides confidentiality by encrypting messages Each key is used only once new key generated as random 128-bit number for each msg. session key is bound to the message and transmitted with it key is encrypted with the receiver's public key 7 October 2016 MST CPE 5420 Application & Transport Layer Security 70

71 PGP Services Compression PGP compresses the message after applying the signature but before encryption This has the benefit of saving space both for transmission and for file storage The compression algorithm used is ZIP 7 October 2016 MST CPE 5420 Application & Transport Layer Security 71

72 PGP Services Conversion Blocks consist of a stream of arbitrary 8-bit bytes Many electronic mail systems only permit the use of blocks consisting of ASCII text PGP provides the service of conversion raw 8-bit binary stream to stream of ASCII characters Scheme used for this purpose is radix-64 conversion 7 October 2016 MST CPE 5420 Application & Transport Layer Security 72

73 Security S/MIME Overview Secure/Multipurpose Internet Mail Extensions Security enhancement to the MIME Internet format standard Brief history: V3.2 RFC V3.1 RFC V3.0 RFC V2.0 RFC October 2016 MST CPE 5420 Application & Transport Layer Security 73

74 Internet Message Format A syntax for text messages that are sent between computer users Specified in RFC 5322 A syntax only for text messages It makes no provision for the transmission of images, audio, or other sorts of structured data Messages are viewed as having envelope & contents envelope contains information needed for transmission and delivery contents comprise the object to be delivered to the recipient 7 October 2016 MST CPE 5420 Application & Transport Layer Security 74

75 Internet Message Format Example From: John Doe To: Mary Smith Subject: Saying Hello Date: Fri, 21 Nov :55: Message-ID: This is a message just to say hello. So, "Hello". 7 October 2016 MST CPE 5420 Application & Transport Layer Security 75

76 Internet Message Format Extensions Multipurpose Internet Mail Extensions, or MIME Redefines the format of messages to allow for: textual message bodies in character sets other than US- ASCII an extensible set of different formats for non-textual message bodies multi-part message bodies textual header information in character sets other than US- ASCII Documented in RFC 2045 through October 2016 MST CPE 5420 Application & Transport Layer Security 76

77 Security S/MIME Services A secure way to send and receive MIME data The services provided: authentication message integrity non-repudiation of origin (using digital signatures) data confidentiality (using encryption) as a supplementary service, S/MIME provides compression S/MIME is not restricted to mail can be used with any mechanism that transports MIME data such as HTTP or SIP 7 October 2016 MST CPE 5420 Application & Transport Layer Security 77

78 Security Cryptographic Algorithms in S/MIME Message digest: MD5 & SHA-1 Digital signature: DSS & RSA Encrypting session key: DH & RSA Symmetric encryption: 3DES, AES, RC2 Message authentication: HMAC 7 October 2016 MST CPE 5420 Application & Transport Layer Security 78

79 Security DKIM Overview DomainKeys Identified Mail A mechanism for signing and verifying messages Defines domain-level DS authentication framework for through the use of public-key cryptography using the domain name service as its key server technology It permits verification of the signer of a message as well as the integrity of its contents DKIM's authentication of identity can assist in the global control of spam and phishing Widely adopted by: providers and ISPs 7 October 2016 MST CPE 5420 Application & Transport Layer Security 79

80 Application Security Internet Mail Architecture 7 October 2016 MST CPE 5420 Application & Transport Layer Security 80

81 Application Security DKIM Architecture 7 October 2016 MST CPE 5420 Application & Transport Layer Security 81

82 Security DKIM Example from: reply-to: to: date: subject: Joe Miner Wed, Oct 15, 2014 at 9:04 AM Re: ns-3 problems mailing list: ns-3-users.googlegroups.com Filter messages from this mailing list mailed-by: signed-by: unsubscribe: googlegroups.com gmail.com Unsubscribe from this mailing-list 7 October 2016 MST CPE 5420 Application & Transport Layer Security 82

83 Security DKIM Signature Example 1 DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t= ; x= ; h=from:to:subject:date:keywords:keywords; bh=mtizndu2nzg5mdeymzq1njc4otaxmjm0nty3odkwmti=; b=dzdvyofakcdlxdjoc9g2q8loxslenisbav+yuu4zgeerud00l szz VoG4ZHRNiYzR v=dkim version a=algorithm d=domain name s=selector used by verifier to retrieve proper key c=canonicalization algorithm q=default query method 7 October 2016 MST CPE 5420 Application & Transport Layer Security 83

84 Security DKIM Signature Example 2 DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t= ; x= ; h=from:to:subject:date:keywords:keywords; bh=mtizndu2nzg5mdeymzq1njc4otaxmjm0nty3odkwmti=; b=dzdvyofakcdlxdjoc9g2q8loxslenisbav+yuu4zgeerud00l szz VoG4ZHRNiYzR l=length of the canonicalized part t=signature timestamp x=expire time h=list of signed header fields bh=body hash b=actual digital signature of the contents 7 October 2016 MST CPE 5420 Application & Transport Layer Security 84

85 Security Spam Spam unsolicited marketing wasting time & resources First commercial instance in 1994 Canter and Siegel Green Card Lottery Final One? incident Mechanisms filtering counterattack fee restructuring [ 7 October 2016 MST CPE 5420 Application & Transport Layer Security 85

86 Security Spam Distribution [ 7 October 2016 MST CPE 5420 Application & Transport Layer Security 86

87 Security Verification of Sender Verifier to associate positive reputation with message Locally-maintained whitelists Shared reputation services Third-party accreditation 7 October 2016 MST CPE 5420 Application & Transport Layer Security 87

88 Impact: Security Attack Evaluation [RFC 4686] high: affects the verification of messages from an entire domain or multiple domains medium: affects the verification of messages from specific users, Mail Transfer Agents (MTAs), and/or time periods low: affects verification of isolated individual messages only Likelihood: high: all users should expect this attack frequently medium: users should expect this attack occasionally; frequently for a few users low: attack is expected to be rare and/or very infrequent 7 October 2016 MST CPE 5420 Application & Transport Layer Security 88

89 Security Attacks Against Message Signatures [RFC 4686] Attack Name Impact Likelihood Theft of private key for domain High Low Theft of delegated private key Medium Medium Private key recovery via side channel attack High Low Signed message replay Low High Denial-of-service attack against verifier High Medium Denial-of-service attack against key service High Medium Compromise of key server High Low Cryptographic weaknesses in signature High Low Falsification of key service replies Medium Medium Display name abuse Medium High 7 October 2016 MST CPE 5420 Application & Transport Layer Security 89

90 Privacy Enhanced Mail PEM is a 1993 RFC Security PEM Overview It is for securing using public-key cryptography It was never widely deployed or used depends on prior deployment of a hierarchical PKI public key infrastructure (PKI) with a single root 7 October 2016 MST CPE 5420 Application & Transport Layer Security 90

91 References and Further Reading [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, [S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, [KR2013] James F. Kurose and Keith W. Ross, Computer Networking: A Top-Down Approach, 6th edition, Addison-Wesley, Some slides are adopted from KU EECS 882 Mobile Wireless Networking class taught by Prof. James P.G. Sterbenz [TLS: RFC 5246], [SSL: RFC 6101], [SN Attack: RFC 6528] [HTTPS: RFC 2818], [SSH: RFC 4251] [PGP: RFC 1991], [OpenPGP: RFC 4880], [PEM: RFC 1421] [S/MIME: RFC 5751], [DKIM: RFC 5585, RFC 5863] 7 October 2016 MST CPE 5420 Application & Transport Layer Security 91

92 End of Foils 7 October 2016 MST CPE 5420 Application & Transport Layer Security 92