CPSC 467: Cryptography and Computer Security

Similar documents
CPSC 467b: Cryptography and Computer Security

Cryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan

Transport Level Security

SSH. Partly a tool, partly an application Features:

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Linux Network Administration

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

But where'd that extra "s" come from, and what does it mean?

Transport Layer Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Cryptographic Mechanisms: Recommendations and Key Lengths

An Overview of SSH. Presentation to Linux Users of Victoria. Melbourne, August 26, 2017

WAP Security. Helsinki University of Technology S Security of Communication Protocols

E-commerce security: SSL/TLS, SET and others. 4.1

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

(2½ hours) Total Marks: 75

CS November 2018

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

The Secure Shell (SSH) Protocol

SSL/TLS. How to send your credit card number securely over the internet

Transport Layer Security

LECTURE 7. Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH. Marco Spaziani Brunella, Manuel Campo

Configuring SSH and Telnet

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

CSCE 715: Network Systems Security

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

CSE543 Computer and Network Security Module: Network Security

Encryption. INST 346, Section 0201 April 3, 2018

Configuring SSL Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Using keys with SSH Rob Judd

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Overview. SSL Cryptography Overview CHAPTER 1

SSL Visibility and Troubleshooting

Presented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Information Security CS 526

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

HTTPS is Fast and Hassle-free with Cloudflare

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Configuring SSH and Telnet

Study Guide for the Final Exam

SSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

Securing Network Communications

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

SSH - Secure SHell. Lecture 23 CSIT571. Slides prepared by Joseph Zhaojun Wu Revised by Cunsheng Ding

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

OpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12

Introduction and Overview. Why CSCI 454/554?

Configure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch

Wireless LAN Security. Gabriel Clothier

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

SSH and keys. Network Startup Resource Center

Configuring SSL. SSL Overview CHAPTER

Today s Lecture. Secure Communication. A Simple Protocol. Remote Authentication. A Simple Protocol. Rules. I m Alice. I m Alice

David Wetherall, with some slides from Radia Perlman s security lectures.

LogMeIn Security. An In-Depth Look

Exam Questions SY0-401

Data Security and Privacy. Topic 14: Authentication and Key Establishment

CSC 474 Network Security. Authentication. Identification

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

CSC/ECE 774 Advanced Network Security

Securing Internet Communication: TLS

MAN-IN-THE-MACHINE: EXPLOIT ILL-SECURE COMMUNICATION INSIDE THE COMPUTER

Chapter 4: Securing TCP connections

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Network Security and Cryptography. 2 September Marking Scheme

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Security in Distributed Systems. Network Security

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Chapter 2. Switch Concepts and Configuration. Part II

Secure Shell Commands

Configuring SSL CHAPTER

Table of Contents 1 SSH Configuration 1-1

Chapter 12 Security Protocols of the Transport Layer

Evaluating the Security Risks of Static vs. Dynamic Websites

PPP Configuration Options

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

CIS 4360 Secure Computer Systems Applied Cryptography

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Internet security and privacy

Authentication CHAPTER 17

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

14. Internet Security (J. Kurose)

Configuring SSL. SSL Overview CHAPTER

White Paper for Wacom: Cryptography in the STU-541 Tablet

Chapter 6: Security of higher layers. (network security)

Distributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017

Transcription:

CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20

Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted Computing Platform CPSC 467, Lecture 24a 2/20

Secure Shell (SSH) CPSC 467, Lecture 24a 3/20

Secure Shell (SSH) SSH is a family of protocols that provide a secure encrypted channel connecting two networked computers over an insecure network. It was initially designed to allow secure login between a user and a remote computer. This replaced the older telnet, rlogin, and rsh programs that provided unencrypted versions of this service and sent unencrypted passwords over the network. The first version was designed by Tatu Ylönen at Helsinki University of Technology, Finland, and released as freeware in July 1995. CPSC 467, Lecture 24a 4/20

Open source and version forking By December 1995, Ylönen created a startup company to market and develop SSH. The original version remained free, but many enhancements were only available in the commercial version. Over the next five years, the licensing agreement became more and more restrictive as they worked to remove open source code (such as libgmp) from their code base. Several vulnerabilities in SSH-1.5 were discovered, giving further motivation to create an open source version of SSH that could be more easily vetted for bugs and distributed more widely. Starting from Ylönen s SSH-1.2.12, the last version released under an open source license, Björn Grönvall developed OSSH. OpenBSD developers then forked Grönvall s code and did further development to create the widely used OpenSSH. CPSC 467, Lecture 24a 5/20

SSH-2 By 2006, an improved but incompatible version 2 of the SSH protocol was adopted as a standard by the Internet Engineering Task Force (IETF). Development of OpenSSH continues to this day, allowing more and more applications derive the benefits of secure encrypted communications. CPSC 467, Lecture 24a 6/20

SSH protocol outline SSH is based on public key cryptography. Each machine has a public and private host key. Each user also has a public and private user key. When logging onto a remote machine, the client first authenticates the remote host key using the public key for the host with that domain name or IP address found in the local known hosts file. CPSC 467, Lecture 24a 7/20

Host key verification If the host is not in the file or cannot authenticate the public key found there, one gets a prompt The authenticity of host vm1.cs.yale.edu (128.36.229.150) can t be established. RSA key fingerprint is c9:a5:be:55:af:ab:05:77:b4:30:62:ed:bd:be:50:43. Are you sure you want to continue connecting (yes/no)? If you say yes, the public key of that host gets entered into the known hosts file and used the next time. CPSC 467, Lecture 24a 8/20

User authentication SSH supports several authentication methods. I ll describe the publickey method. Here, the host checks that the user s public key is in its authorized users file. If it is, it verifies that the user has the matching private key and accepts the authentication if it does. CPSC 467, Lecture 24a 9/20

Actual protocol The actual protocol is much more complicated than this. It include negotiations for which cipher to use, how to generate the shared session, what an encrypted packet looks like, and so forth. CPSC 467, Lecture 24a 10/20

Transport Layer Security (TLS) CPSC 467, Lecture 24a 11/20

TLS protocol Transport Layer Security (TLS) is a protocol to secure and encrypt network traffic at the transport layer. Like SSH, it provides authentication and encryption. It is used to implement secure web traffic (https:) but applies much more generally. CPSC 467, Lecture 24a 12/20

ISO/OSI Model SSL: Security at Transport Layer Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Data Link Layer Data Link Layer Physical Layer Physical Layer Peer-to-peer Network Layer Network Layer Data Link Layer Data Link Layer Physical Layer Physical Layer Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Data Link Layer Data Link Layer Physical Layer Physical Layer Flow of bits CPSC 467, Lecture 24a 13/20

History The TLS protocol has gone through several versions. It was originally called Secure Socket Layer (SSL). TLS 1.0 was first defined in 1999. It did not interoperate with the existing SSL 3.0 and so was renamed. CPSC 467, Lecture 24a 14/20

Key management TLS uses X.509 certificates for its key management as described in lecture 17. They allow the client to authenticate the server as follows: 1. The client obtains the server s certificate, generally from the server itself. 2. The client checks the validity of the certificate by verifying that it is properly signed by a trusted certificate authority. 3. The client then runs a simple authentication protocol whereby the server shows that it has the private key corresponding to its certificate. 4. Finally, client and server establish a shared symmetric key and use it to encrypt traffic between themselves. CPSC 467, Lecture 24a 15/20

The actual protocol The actual protocol has all of the complications of the other practical protocols we ve mentioned. It begins with a handshaking phase where client and server agree on the protocol level, cipher suite, and other parameters. Generally the server is authenticated by the client. The protocol allows for the server to require client authentication. However, this is not usually done for two reasons: 1. Most clients lack certificates. 2. Most servers use other means such as passwords to authenticate clients. This occurs after the encrypted connection has been established, so the passwords are not sent in the clear. CPSC 467, Lecture 24a 16/20

Preventing man-in-the-middle attacks TLS is secure against man-in-the-middle attacks, even with only one-way authentication. This is possible because the certificate gives the client a reliable means of obtaining its public key (providing the certificate authorities are trustworthy). At the end of the handshaking protocol, after the session key has been established, the client sends the server the hash of the complete transcript between client and server as seen by the client, secured with the server s public key. The server checks that hash value against the hash of its view of the same handshake. If they don t agree, it indicates the presence of a man-in-the-middle or other network error and the protocol does not continue. CPSC 467, Lecture 24a 17/20

Digital Rights Management and Trusted Computing Platform CPSC 467, Lecture 24a 18/20

Control of information Another attempted use of cryptography has been to control the use of information. Digital Rights Management (DRM) is the term for a class of encryption schemes to disallow certain kinds of use of data, for example, copying and modifying. Trusted Computing Platform (TCP) is a hardware architecture that requires authorization tokens to perform certain operations. These tokens are cryptographically produced using keys that are securely stored inside of a special crypto module. CPSC 467, Lecture 24a 19/20

A different paradigm In most uses of cryptography studied so far, the owner of the secret keys also possesses and protects them. With DRM and TCP, the party controlling the keys is not the same as the owner of the machine that uses them. This means that the keys must be hidden from the owner of the device on which they are used. While it is easy to prevent casual users from looking inside their box, protecting embedded secrets against sophisticated attacks has proved to be very difficult, and many DRM schemes have been broken soon after being introduced. CPSC 467, Lecture 24a 20/20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback