Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Size: px
Start display at page:

Download "Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel"

Transcription

1 Security Protocols Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel 1

2 Case Study: Host Access The first systems used telnet as the primary utility for accessing systems remotely. Telnet connects across the network on port tcp/23 Remotely allows a user access to the login prompt Username/passwords are supplied, allowed access to shell Everything is sent in cleartext across the network (eavesdropping) even the password! 2

3 RSH/RCP Remote shell (rsh) was introduced as a means of allowing remote access without having to login. Users would assert their identity implicitly in the call, and could invoke whatever scripts were allowed by that machine. -c <cmd> run whatever scripts were needed The /etc/hosts.equiv file indicates which machines should be allowed to invoke whatever users they want. The ~/.rhosts file allows users to identify trusted hosts 3

4 Problems? Of course both of these models were terrible from a security standpoint User identity could be asserted Traffic could be eavesdropped Passwords could be guessed Sadly, the standard in remote access until about

5 SSH Secure shell (ssh) - an alternate to telnet that looks and feels just like telnet! The difference is that it transparently uses cryptographic keys to provide for confidentiality, integrity, and authentication Concepts: Each machine has an identity recorded by each user Ever user has an identity Stored in each user s home directory They perform mutual authentication at startup, negotiate session keys, and use it to secure all the session communication 5

6 SSH Server Configuration files /etc/ssh/ssh_host_key.pub (pub identifies host) ~/.ssh authorized_keys2 (pub user keys) Client Configuration files ~/.ssh/known_hosts2 (pub keys of known hosts) ~/.ssh/id_dsa (priv key of user) 6

7 SSH Authentication RFC 4251: The client sends a service request once a secure transport layer connection has been established. A second service request is sent after user authentication is complete. This allows new protocols to be defined and coexist with the protocols listed above. (1) SSH_MSG_USERAUTH_REQUEST (user, service...) Client (2) SSH_MSG_USERAUTH_INFO_REQUEST (user, authtype, prompt, challenge,...) (3) SSH_MSG_USERAUTH_INFO_RESPONSE (user, response,..) Server Note: IETF standards identify the different services of SSH, which define the message formats and semantics of the protocols: (arch RFC 4251, auth 4252). 7

8 What it means? Security model of ssh: I can configure a.rhosts if you want, but no longer forgable Note: defaults to password if user identity not configured on server You authenticate hosts based on first interaction Build a map of known identities over time, warned when the identity changes (typically upon reinstall, or refresh - most ignore) Can t solve: Password cracking Traffic analysis Covert channels Thus: limited but highly usable way to access hosts. 8

9 Key Agreement Key negotiation/agreement is the basis for establishing a secure channel (q: what was the key agreement in SSH?) The predominant means of performing this is Diffie- Hellman, which allows two parties to exchange data over an insecure channel. Used as the basis for everything from SSL/TLS to IPsec Incredibly elegant and easy to understand Easy to implement? Side note: an alternate history of DH. Does it matter? 9

10 Multiplicative Groups Let p be a prime integer: The multiplicative group Z p is the set of integers which are invertable modulo p. The set Z p is a cyclic group of order p 1 for the operation modulo p A generator g of Z p: g Z p such that any h Z p can be uniquely written as h = g x mod p with 0 x p x is called the discrete logarithm of h to base g, and denoted log g h 10

11 Cyclic Group (p=11, g=6)

12 Diffie-Hellman 1. Select prime number n and base generator g 2. Alice chooses a random integer X and sends to Bob c A = g X mod n 3. Bob choose a random large Y and sends to Alice c B = g Y mod n 4. Alice then computes the key k = c X B mod n 5. Bob computes k = c Y A mod n. Note: by convention, n is used to signify prime p in most descriptions of Diffie-Hellman 12

13 Why DH works For any X and Y : (6 X mod 11) Y mod 11 = (6 Y mod 11) X mod 11 = 6 XY mod 11 or more generally (g X mod n) Y mod n =(g Y mod n) X mod n = g XY mod n 13

14 The hard part Selecting n and g is hard. g must be generator for multiplicative group of integers modulo n g is a primitive root modulo n Turns out for random prime n, finding g is really hard You need to be able to factor (n-1), which is a known hard problem So, what do you do? Observe: g is a generator for n IFF: g (n 1)/q mod n = 1 for each prime factor q of n 1 Which leads is to the trick for generating n and g... 14

15 Finding g Assume n = 11 Check g = 5: prime factors of n 1 = 10 = 2, 5, so 5 2 mod 11 = 25 mod 11 = 3, 3 = 1, OK 5 5 mod 11 = 3125 mod 11 = 1, not OK Check g = 6: prime factors of n 1 = 10 = 2, 5, so 6 2 mod 11 = 36 mod 11 = 3, 3 = 1, OK 6 5 mod 11 = 7776 mod 11 = 10, OK 15

16 Selecting DH Parameters 1. Phase 1: selectn 2. Pick a large candidate prime n 3. Assign q =(n 1)/2 4. Test primality of q. Ifq is not prime, goto step Phase 2: selectg 6. Pick large integer g 7. Check g q mod n = 1and g 2 mod n = 1, otherwise goto step 5. 16

17 Notes Trick: select n such that finding g is easy Phase1could be slow, phase 2 is fast any g<n is a generator for n with Pr(1/2) Which is why it works!! OK, pull out those calculators!! 17

18 SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols implement security at the application layer Popular for securing the web, but not part of it Is a general purpose secure communication protocol suite Uses certificate authentication HTTP FTP SMTP SSL/TLS TCP Note: throughout we will focus on SSLv3. Assume SSLv3 unless stated otherwise. IP 18

19 Model Often a one-way authentication mechanism, used to prove the authenticity of a web-server to a client. Server-side certificates Root CA certifications distributed with browser Non-certified (or expired) certificates can be accepted Mutual authentication performed using client-side certificates Less frequently uses (almost never in Web applications) Where used for enterprise internal or as layer for non-web based applications, much more frequently. 19

20 SSL as protocol suite Data Protocols Record Protocol Control Protocols Handshake Protocol Change Cipher Suite Protocol Alert Protocol Session Connection Connection Alice Connection Note: Sessions can be resumed using lost cost cryptography if both sides retain state. Connection Bob Connection Connection 20

21 SSL Session State Session ID Peer certificate (sometimes) Cipher Spec Compression algorithm Master Secret K = f(s, R s,r c ) 21

22 SSL Connection State Server and client random Server integrity key Client integrity key Server write key Client write key (2) Initialization vectors Oddly, referred to by many as keys? 22

23 Handshake Protocol The purpose of the handshake protocols is to authenticate one or both parties negotiate shared master keys Protocol operates in 4 phases Phase 1: establish security context Phase 2: server publishes certificate and key seeds Phase 3: client completes key exchange Phase 4: complete handshake 23

24 Phase 1 Client sends and offer (CLIENT_HELLO) including SSL Version (highest supported) Random (RC) - { timestamp, plus 28 random bytes } Session ID - { 0 = new session,!0 = refresh } CipherSuite - algorithm selections for security/compression Server replies with (SERVER_HELLO) response Section of SSL version, crypto and compression algorithms A new session ID (as needed) (SID) A server random number (RS) 24

25 Phase 2 Server sends a (CERTIFICATE) This contains the public key certificate for the server Ks+ Server sends a (SERVER_KEY_EXCHANGE) This contains the server parameters for the key exchange to be performed (there are many variants) For example, the anonymous Diffie-Hellman sends the prime number and primitive root (n,r) The key exchange parameters are signed using the private key of the server with exchanged random numbers, e.g., sig(k s, [n g X = g x mod n]) = Sig(K s,r c R s n g X) Server sends a completion (SERVER_DONE) 25

26 Phase 3 Client sends a (CERTIFICATE) - optional This contains the public key certificate for the clients Ks+ Client sends a response (CLIENT_KEY_EXCHANGE) This contains the client s key exchange parameters As before this is the public client Diffie-Hellman parameters Signed if client has signing capability The parties generate the pre_master_secret X = g x mod n Y = g y mod n p ms = Y x mod n = X y mod n 26

27 Phase 4 Both sides complete the process by computing the 48 byte master secret: M s k = MD5(p ms SHA( A p ms R c R s )) MD5(p ms SHA( BB p ms R c R s )) MD5(p ms SHA( CCC p ms R c R s )) Then generate a key block of secret bytes key block = MD5(M s k SHA( A M s k R c R s )) MD5(M s k SHA( BB M s k R c R s )) MD5(M s k SHA( CCC M s k R c R s )) MD5(M s k SHA( DDDD M s k R c R s ))... 27

28 Transport Keys Just use the key_block as a PRF to generate enough bytes to generate the keys for clients and servers. key_block Client Write Key Server Write Key Client MAC Key Server MAC Key... Note: this PRF is practically of unlimited length and in practice (although generated differently) is used extensively on TLS. 28

29 Record Protocol Provides to client (initiator) and server (service) Original Data Confidentiality (via encryption) Integrity (via MAC) Fragmented Data Fragmented Data Fragmented Data Data is fragmented, compressed, and security constructions applied. Compressed Data Compressed Data M A C Encrypted Data H D R Encrypted Data 29

30 Record Format Seq. No. Header Payload (Integrity Key) HMAC Header Payload HMAC Pad (Write Key) Header Encrypted Payload HMAC Pad 30

31 RFC 2104 (MAC for TLS) Given: h() = hash function B = input/out byte-length of h K = a secret key pad i = inner pad = 0x35 repeated B times pad o = outer pad = 0x5C repeated B times text = text to MAC Compute the MAC: MAC(K, text) =(H((K pad o ) H((K pad i ) text))

32 Alert/CCS Protocol Change Cipher Suite Protocol Trigged at end of handshake, causes security association to be enabled Alert Protocols - signals MAC failure No known certificate Handshake failure Bad certificate Close notification 32

33 Why not SSL v2.0? SSL v2.0 is the real "first" version of the protocol offered by NetScape, replaced with v3.0 in 1996 (and standardized in TLS) Identical keys for authentication and encryption MACs are based on MD5 hash function Truncation attack (forged FIN) Man-in-the-middle downgrade attack ClientHello message specifies the highest supported TLS/SSL protocol version and suggested cipher suites and compression methods. ServerHello, containing the chosen protocol version, cipher suite, and compression method from the choices offered by the client. 33

34 Export Restrictions Following the cold war, western countries place restrictions on the export/sale of cryptography (and in some cases computers) The release of DES in 1973 started modern age of cryptography... lead to sometimes obtuse regulations on the use of it. The "munitions" clause is probably the most famous. Today: they still exist, largely targeted at military-grade cryptography and rouge states. 34

35 Export restricted SSL Consequence: SSL v2.0 used MAC and encryption functions that severely reduced the effective key length of the symmetric keys 40-bit MACs (instead of 128) 40-but encryption (instead of 128) Trivially breakable now, within reach then. 1/ th (2^88) as hard Browsers were shipped with "international" versions. 35

36 Why?... does SSL work?... does SSL not work?... is SSL so popular? 36

Transport Layer Security

Transport Layer Security CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

E-commerce security: SSL/TLS, SET and others. 4.1

E-commerce security: SSL/TLS, SET and others. 4.1 E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?

More information

Internet security and privacy

Internet security and privacy Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are

More information

Transport Layer Security

Transport Layer Security Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

MTAT Applied Cryptography

MTAT Applied Cryptography MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone

More information

Chapter 8 Web Security

Chapter 8 Web Security Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43 0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link

More information

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric

More information

CSE543 Computer and Network Security Module: Network Security

CSE543 Computer and Network Security Module: Network Security CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel

More information

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?

More information

Security Protocols and Infrastructures. Winter Term 2010/2011

Security Protocols and Infrastructures. Winter Term 2010/2011 Winter Term 2010/2011 Chapter 4: Transport Layer Security Protocol Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 2 Contents Overview Record Protocol

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

Auth. Key Exchange. Dan Boneh

Auth. Key Exchange. Dan Boneh Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key

More information

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2. P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and

More information

Chapter 12 Security Protocols of the Transport Layer

Chapter 12 Security Protocols of the Transport Layer Chapter 12 Security Protocols of the Transport Layer Secure Socket Layer (SSL) Transport Layer Security (TLS) Secure Shell (SSH) [NetSec], WS 2009/2010 12.1 Scope of Transport Layer Security Protocols

More information

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment. CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2 Universität Hamburg SSL & Company Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Security in TCP/IP UH, FB Inf, SVS, 18-Okt-04 2 SSL/TLS Overview SSL/TLS provides security at TCP layer. Uses

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010 Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

Encryption. INST 346, Section 0201 April 3, 2018

Encryption. INST 346, Section 0201 April 3, 2018 Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:

More information

Introduction to Cryptography Lecture 11

Introduction to Cryptography Lecture 11 Introduction to Cryptography Lecture 11 Factoring, computing discrete logs SSL / TLS Benny Pinkas page 1 1 Integer factorization The RSA and Rabin cryptosystems use a modulus N and are insecure if it is

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management

More information

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014 Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption

More information

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University Chapter 7 WEB Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. Web Security Considerations 2. Secure Socket Layer

More information

CS 356 Internet Security Protocols. Fall 2013

CS 356 Internet Security Protocols. Fall 2013 CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5

More information

Security Protocols and Infrastructures. Winter Term 2015/2016

Security Protocols and Infrastructures. Winter Term 2015/2016 Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 8: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents

More information

MTAT Applied Cryptography

MTAT Applied Cryptography MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the

More information

SSL/TLS. Pehr Söderman Natsak08/DD2495

SSL/TLS. Pehr Söderman Natsak08/DD2495 SSL/TLS Pehr Söderman Pehrs@kth.se Natsak08/DD2495 1 Historical problems No general purpose security wrapper Kerberos doesn't cut it! Each protocol has it's own security layer SNMP, Ktelnet Or none at

More information

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018 Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to

More information

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

CS November 2018

CS November 2018 Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University

More information

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality

More information

Chapter 5. Transport Level Security

Chapter 5. Transport Level Security Chapter 5 Transport Level Security Bhargavi H Goswami Assistant Professor Sunshine Group of Institutes Rajkot, Gujarat, India. Email: bhargavigoswami@gmail.com Topic List 1. Web Security Considerations

More information

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent

More information

Lecture for February 10, 2016

Lecture for February 10, 2016 Lecture for February 10, 2016 ECS 235A UC Davis Matt Bishop February 10, 2016 ECS 235A, Matt Bishop Slide #1 Supporting Crypto All parts of SSL use them Initial phase: public key system exchanges keys

More information

Crypto meets Web Security: Certificates and SSL/TLS

Crypto meets Web Security: Certificates and SSL/TLS CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Lecture 10: Communications Security

Lecture 10: Communications Security INF3510 Information Security Lecture 10: Communications Security Nils Gruschka University of Oslo Spring 2018 Introduction Nils Gruschka University Kiel (Diploma in Computer Science) T-Systems, Hamburg

More information

David Wetherall, with some slides from Radia Perlman s security lectures.

David Wetherall, with some slides from Radia Perlman s security lectures. David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive

More information

Datasäkerhetsmetoder föreläsning 7

Datasäkerhetsmetoder föreläsning 7 Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management

More information

1. Diffie-Hellman Key Exchange

1. Diffie-Hellman Key Exchange e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives

More information

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted UNDERSTANDING by Simson L. Garfinkel S ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted information over the Internet. Developed by Netscape Communications Corp., SSL was

More information

TRANSPORT-LEVEL SECURITY

TRANSPORT-LEVEL SECURITY CHAPTER TRANSPORT-LEVEL SECURITY 5.1 Web Security Considerations Web Security Threats Web Traffic Security Approaches 5.2 Secure Socket Layer and Transport Layer Security SSL Architecture SSL Record Protocol

More information

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC) Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value

More information

Transport Layer Security

Transport Layer Security Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols

More information

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018 Introduction INF3510 Information Security Lecture 10: Communications Security Nils Gruschka University of Oslo Spring 2018 Nils Gruschka University Kiel (Diploma in Computer Science) T-Systems, Hamburg

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec

More information

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Key Management The first key in a new connection or association is always delivered via a courier Once you have a key, you

More information

Security Protocols and Infrastructures

Security Protocols and Infrastructures Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 8: The Transport Layer Security Protocol (TLS) December 4, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Overview

More information

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol

More information

Coming of Age: A Longitudinal Study of TLS Deployment

Coming of Age: A Longitudinal Study of TLS Deployment Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Photuris and SKIP PHASE 1 IKE PHASE 2 IKE How is SA established? How do parties negotiate

More information

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital

More information

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls

More information

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 6 Week of February 26, 2018 Question 1 TLS threats (10 min) An attacker is trying to attack the company Boogle and its users. Assume that

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE Outline 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE 2 Securing Real-time Communications 0 In a real-time protocol, two parties negotiate

More information

CS Computer Networks 1: Authentication

CS Computer Networks 1: Authentication CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on

More information

CS408 Cryptography & Internet Security

CS408 Cryptography & Internet Security CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is

More information

Public Key Algorithms

Public Key Algorithms CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and

More information

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec Author: Gwen Dente, IBM Gaithersburg, MD Acknowledgments: Alfred Christensen, IBM Erin Farr, IBM Christopher Meyer, IBM Linwood Overby, IBM Richard

More information

IP Security IK2218/EP2120

IP Security IK2218/EP2120 IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Secure Remote Access: SSH & HTTPS

Secure Remote Access: SSH & HTTPS Secure Remote Access: SSH & HTTPS What is SSH? SSH Secure Shell SSH is a protocol for secure remote login and other secure network services over an insecure network developed by SSH Communications Security

More information

Securing Internet Communication: TLS

Securing Internet Communication: TLS Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

More information

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical

More information

Lecture: Transport Layer Security (secure Socket Layer)

Lecture: Transport Layer Security (secure Socket Layer) Lecture: Transport Layer Security (secure Socket Layer) Recommended reading: Stephen Thomas, SSS and TLS essentials, Wiley, 2000 Very old and in some parts obsolete, but very well written Lecture s twofold

More information

Network Security Chapter 8

Network Security Chapter 8 Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification

More information

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define

More information

The OpenSSH Protocol under the Hood

The OpenSSH Protocol under the Hood The OpenSSH Protocol under the Hood Girish Venkatachalam Abstract The nitty-gritty details as to what OpenSSH is and why it is ubiquitous. Is there a program more commonly used in day-to-day Linux computing

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about

More information

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer

More information

Computer Networks. Wenzhong Li. Nanjing University

Computer Networks. Wenzhong Li. Nanjing University Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer

More information

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign

More information

Presented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis

Presented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis 2 nd Assignment of Comm. Sys. & Computer N.W Department of Information Technology, Institute of Graduate Studies and Research, University of Alexandria, Egypt. Presented by: Ahmed Atef Elnaggar Supervisor:

More information

Introduction and Overview. Why CSCI 454/554?

Introduction and Overview. Why CSCI 454/554? Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book

More information

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc. The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE

More information

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography

More information

Understanding Traffic Decryption

Understanding Traffic Decryption The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake

More information

SSH. Partly a tool, partly an application Features:

SSH. Partly a tool, partly an application Features: Internet security SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication

More information

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

More information

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney. Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw

More information

Evaluating the Security Risks of Static vs. Dynamic Websites

Evaluating the Security Risks of Static vs. Dynamic Websites Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline

More information

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional

More information