UH, FB Inf, SVS, 18-Okt covers all traffic on that link, independent of protocols above. application has no visibility of Internet layer.

Transcription

1 Security and Network Layers Where shall we put security? Security can be applied at any of the network layers except layer 1 (Physical layer). What are the pros and cons of applying security at each of these layers? UH, FB Inf, SVS, 18-Okt-04 1 Security and Network Layers Data Link (Network Interface) layer: covers all traffic on that link, independent of protocols above e.g. link level encryptor. protection only for one hop. Network (Internet) layer: covers all traffic, end-to-end. transparent to applications. little application control. application has no visibility of Internet layer. unnatural, since network layer is stateless and unreliable. order of data in secure channel may be crucial. difficult to maintain if IP datagrams are dropped, re-ordered, UH, FB Inf, SVS, 18-Okt-04 2

2 Security and Network Layers Transport layer: end-to-end, covers all traffic using the protected transport protocol. applications can control when it s used. application has greater visibility of transport layer. transport layer may be naturally stateful (TCP). applications must be modified (unless proxied). Application layer: security can be tuned to payload requirements. different applications may have radically different needs. eg VoIP applications versus sensitive data transfer. no leveraging effect every application must handle it s own security. UH, FB Inf, SVS, 18-Okt-04 3 SSH SSH overview SSH architecture SSH security Port forwarding with SSH SSH applications UH, FB Inf, SVS, 18-Okt-04 4

3 SSH Overview SSH = Secure Shell. Initially designed to replace insecure rsh, telnet utilities. Secure remote administration (mostly of Unix systems). Extended to support secure file transfer and . Can provide a general secure channel for network applications. SSH-1 flawed, SSH-2 better security (and different architecture). SSH provides security for the Application layer. Only covers traffic explicitly protected. Applications need modification, but port-forwarding eases some of this (see later). Built on top of TCP, reliable transport layer protocol. UH, FB Inf, SVS, 18-Okt-04 5 SSH Overview SSH Communications Security (SCS). Founded by Tatu Ylonen, writer of SSH-1. SSH is a trademark of SCS. Open source version from OpenSSH. IETF Secure Shell (SECSH) working group. Standard for SSH in preparation. Long-running confusion and dispute over naming. UH, FB Inf, SVS, 18-Okt-04 6

4 OpenSSH UH, FB Inf, SVS, 18-Okt-04 7 SSH-2 Architecture SSH-2 adopts a three layer architecture: SSH Transport Layer Protocol. Initial connection. Server authentication (almost always). Sets up secure channel between client and server. SSH Authentication Protocol Client authentication over secure transport layer channel. SSH Connection Protocol Supports multiple connections over a single transport layer protocol secure channel. Efficiency (session re-use). UH, FB Inf, SVS, 18-Okt-04 8

5 SSH-2 Architecture Applications SSH Connection Protocol SSH Authentication Protocol SSH Transport Layer Protocol TCP UH, FB Inf, SVS, 18-Okt-04 9 SSH-2 Security Goals Server (nearly) always authenticated in transport layer protocol. Client (nearly) always authenticated in authentication protocol. By public key (DSS, RSA, SPKI, OpenPGP). Or simple password for particular application over secure channel. Establishment of a fresh, shared secret. Shared secret used to derive further keys, similar to SSL/IPSec. For confidentiality and authentication in SSH transport layer protocol. Secure ciphersuite negotiation. Encryption, MAC, and compression algorithms. Server authentication and key exchange methods. UH, FB Inf, SVS, 18-Okt-04 10

6 SSH-2 Algorithms Key establishment through Diffie-Hellman key exchange. Variety of groups supported. Server authentication via RSA or DSS signatures on nonces (and other fields). HMAC-SHA1 or HMAC-MD5 for MAC algorithm. 3DES, RC4, or AES. Pseudo-random function for key derivation. UH, FB Inf, SVS, 18-Okt SSH-1 versus SSH-2 Many vulnerabilities have been found in SSH-1. SSH-1 Insertion attack exploiting weak integrity mechanism (CRC- 32) and unprotected packet length field. SSHv1.5 session key retrieval attack (theoretical). Man-in-the-middle attacks (using e.g. dsniff). DoS attacks. Overload server with connection requests. Buffer overflows. But SSH-1 widely deployed. And SSH-2 supports: Wider range of client authentication methods (.rhosts and Kerberos). Wider range of platforms. UH, FB Inf, SVS, 18-Okt-04 12

7 SSH Port Forwarding Without SSH or port forwarding. Shell-Server / Login server UM User s machine Mail server Src: UM Dest: LS Port: 23 Src: UM Dest: MS Port: 113 UH, FB Inf, SVS, 18-Okt Example: POP3 NC(1) BSD General Commands Manual NAME nc (netcat) - use network sockets from the command line SYNOPSIS nc [-h] [-ruvz] [-g gateway] [-G num] [-i secs] [-p port] [-o file] [-s addr] [-w secs] hostname port[s] [ports]... -l -p port [-nsuvwz] [-o file] [hostname] [port] DESCRIPTION nc allows you to use network sockets (tcp or udp) from the shell. For connecting to remote sites, it's usually only necessary to supply the host or ip address and port for the connection. For a listening on a socket, you must specify -l for listening, and -p port to specify the port on which you want to listen. UH, FB Inf, SVS, 18-Okt-04 14

8 Example: POP3 nc pop.gmx.net 110 +OK GMX POP3 StreamProxy ready USER OK May I have your password, please? PASS foobar +OK mailbox has 3 messages ( octets) list +OK mailbox has 3 messages ( octets) quit +OK bye UH, FB Inf, SVS, 18-Okt SSH Port Forwarding Recall: TCP port number identifies application. SSH on local machine: Intercepts traffic bound for server. Translates standard TCP port numbers. E.g. port 113 port Sends packets to SSH-enabled server through SSH secure channel. SSH-enabled server: Receives traffic. Re-translates port numbers. E.g. port 5113 port 113. Forwards traffic to appropriate server using internal network. UH, FB Inf, SVS, 18-Okt-04 16

9 SSH Port Forwarding With SSH and port forwarding. UM User s machine LS SSH-enabled login server MS Mail server UH, FB Inf, SVS, 18-Okt Upcoming Example 1. launch /usr/bin/ssh SSH client on the command line. 2. The SSH client logs into the remote machine using whatever authentication method (password, Pubkey, etc) is available. 3. The SSH client binds the local port 9999, on the loopback interface, When a process connects to on port 9999 on the client machine, the /usr/bin/ssh client program accepts the conection. 5. The SSH client informs the server, over the encrypted channel, to create a connection to the destination, in this case a mailserver at port The client takes any bits sent to this port (9999), sends them to the server inside the encrypted SSH session, who decrypts them and then sends them in the clear to the destination, port 110 of the mailserver. 7. The server takes any bits received from the destination, mailserver's port 110, and sends them inside the SSH session back to the client, who decrypts and sends them in the clear to the process that connected to the client's bound port, port When the connection is closed by either endpoint, it is torn down inside the SSH session as well. UH, FB Inf, SVS, 18-Okt-04 18

10 SSH SSH(1) BSD General Commands Manual SSH(1) NAME ssh - OpenSSH SSH client (remote login program) SYNOPSIS ssh [-l login_name] hostname user@hostname [command] ssh [-afgknqstvxacntx1246] [-b bind_address] [-c cipher_spec] [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec] [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R port:host:hostport] [-D port] hostname user@hostname [command] DESCRIPTION ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. UH, FB Inf, SVS, 18-Okt SSH -L port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. Only root can forward privileged ports. IPv6 addresses can be specified with an alternative syntax: port/host/hostport UH, FB Inf, SVS, 18-Okt-04 20

11 Example: POP3 Nothing on our local machine on port 9999? nc localhost 9999 Connection refused. % ssh -L 9999:pop.gmx.net:110 rzdspc2 password: ******** Last login: Wed Jun 22 18:19: from svs12.informati Sun Microsystems Inc. SunOS 5.8 Generic Patch December 2002 Willkommen auf der SUNW,Ultra-4 rzdspc2.informatik.unihamburg.de You have mail. Last cluster login: Wed Jun 22 18:19:07 on rzdspc2 rzdspc2$ UH, FB Inf, SVS, 18-Okt From a different window on your desktop machine, connect to your local machine (localhost) on port 9999: posegga@svs-jp% nc localhost OK GMX POP3 StreamProxy ready < @mp017> USER OK May I have your password, please? PASS foobar +OK mailbox has 3 messages ( octets) list +OK mailbox has 3 messages ( octets) quit +OK bye UH, FB Inf, SVS, 18-Okt-04 22

12 NAME sshd - OpenSSH SSH daemon SYNOPSIS sshd [-deiqtd46] [-b bits] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] DESCRIPTION sshd (SSH Daemon) is the daemon program for ssh(1). Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. The programs are intended to be as easy to install and use as possible. sshd is the daemon that listens for connections from clients. It is normally started at boot from /etc/rc. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. UH, FB Inf, SVS, 18-Okt SSH Applications Anonymous ftp for software updates, patches... No client authentication needed, but clients want to be sure of origin and integrity of software. Secure ftp. E.g.upload of webpages to webserver using sftp. Server now needs to authenticate clients. Username and password may be sufficient, transmitted over secure SSH transport layer protocol. Secure remote administration. SysAdmin (client) sets up terminal on remote machine. SysAdmin password protected by SSH transport layer protocol. SysAdmin commands protected by SSH connection protocol. Guerilla Virtual Private Network. E.g. use SSH + port forwarding to secure communications. UH, FB Inf, SVS, 18-Okt-04 24

13 Comparing IPSec, SSL/TLS, SSH All three have initial (authenticated) key establishment then key derivation. IKE in IPSec Handshake Protocol in SSL/TLS (can be unauthenticated!) Authentication Protocol in SSH All protect ciphersuite negotiation. All three use keys established to build a secure channel. UH, FB Inf, SVS, 18-Okt Comparing IPSec, SSL/TLS, SSH Operate at different network layers. This brings pros and cons for each protocol suite. Recall `Where shall we put security? discussion. Naturally support different application types, can all be used to build VPNs. All practical, but not simple. Complexity leads to vulnerabilities. Complexity makes configuration and management harder. Complexity can create computational bottlenecks. Complexity necessary to give both flexibility and security. UH, FB Inf, SVS, 18-Okt-04 26

14 Comparing IPSec, SSL/TLS, SSH Security of all three undermined by: Implementation weaknesses. Weak server platform security. Worms, malicious code, rootkits, Weak user platform security. Keystroke loggers, malware, Limited deployment of certificates and infrastructure to support them. Especially client certificates. Lack of user awareness and education. Users click-through on certificate warnings. Users fail to check URLs. Users send sensitive account details to bogus websites ( phishing ) in response to official-looking . UH, FB Inf, SVS, 18-Okt Secure Protocols Last Words A (mis)quote from Eugene Spafford: Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench. UH, FB Inf, SVS, 18-Okt-04 28