Introduction to Network Security Missouri S&T University CPE 5420 Application and Transport Layer Security Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2016 7 October 2016 rev. 16.0 2014 2016 Egemen K. Çetinkaya
Background Security of Higher Layers Outline Transport layer security Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 2
Background Security of Higher Layers Background Transport layer security Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 3
Network Architecture and Topology The Network Collection nodes or intermediate systems (IS) switches, routers, bridges, etc. Interconnected by links that Provide connectivity among end systems (ES) or hosts or terminals desktops, laptops, servers, telephone handsets, etc. note: in some networks nodes may be both ES and IS 7 October 2016 MST CPE 5420 Application & Transport Layer Security 4
Network Architecture and Topology The Network multihomed wireless link End system Intermediate system edge or access switch core or backbone switch 7 October 2016 MST CPE 5420 Application & Transport Layer Security 5
Protocol Layering OSI Model ISO 7498: open systems interconnection protocol: rules for communication between entities 7 application application application 6 presentation data formatting 5 session dialogue management 4 transport end-to-end 3 network forwarding/routing 2 link hop-by-hop MAC medium access control 1 physical transmission 7 October 2016 MST CPE 5420 Application & Transport Layer Security 6
L7 L5 L4 L3 L2 L2 L1 Protocol Layering Hybrid Layer/Plane Cube data plane physical application transport network link management control plane session MAC p l a n e 7 October 2016 MST CPE 5420 Application & Transport Layer Security 7
Application Layer Background Motivation What is the ultimate purpose of networking? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 8
Application Layer Background Motivation To support distributed applications Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 9
Application Layer Background Motivation Applications run on end systems Communicate over network Network core devices do not run user applications 7 October 2016 MST CPE 5420 Application & Transport Layer Security 10
Application Layer Background Example Applications What are some applications? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 11
E-mail Web Application Layer Background Example Applications Instant messaging Remote login P2P file sharing Multi-user network games Video conferencing Video streaming Social networks? layer 7 or higher? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 12
Internet Protocols Important Application Layer Protocols Protocol Name Function/Use Status Ref HTTP FTP hypertext transfer protocol file transfer protocol Web browsing file and document transfer draft standard standard Telnet telnet remote login standard SMTP POP IMAP simple mail transfer protocol post office protocol internet message access protocol email relay and delivery server mail download server mail access NFS network file system remote access to files RTSP real-time streaming protocol control of multimedia streaming standard standard proposed standard proposed standard proposed standard RFC 2616 RFC 0959 STD 0009 RFC 0854 STD 0008 RFC 0821 STD 0010 RFC 1939 STD 0053 RFC 3501 RFC 3530 RFC 2326 7 October 2016 MST CPE 5420 Application & Transport Layer Security 13
Application Layer Background Application Characteristics Application types: how does utility vs. delay look? best effort interactive real-time deadline Application types dictate transport layer services delay throughput loss tolerance security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 14
Network Architecture and Topology Application Relationships request client Client/server e.g. Web browsing response server data streams with embedded synchronisation Peer-to-peer e.g. telepresence (video-conferencing) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 15
Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 16
Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 17
Transport Layer Background Motivation Ideal network characteristics: zero end-to-end delay unlimited end-to-end bandwidth no errors Reality is not ideal Need an end-to-end protocol to: handle delay control transmission rate perform error recovery 7 October 2016 MST CPE 5420 Application & Transport Layer Security 18
Transport Layer Background Services It provides logical communication between application processes running on different hosts Transport protocols run in end systems sender side: breaks app messages into segments passes to network layer (i.e. encapsulates) receiver side: reassembles segments into messages passes to application layer (i.e. decapsulates) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 19
Transport Layer Background Services Draw logical connections? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 20
Transport Layer Background Layering Egemen K. Çetinkaya end system repeater / bridge router end system transport transport network network network link link link link Transport layer is end-to-end (E2E) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 21
Transport Layer Background Services Egemen K. Çetinkaya What are the important transport layer protocols? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 22
Internet Protocols Important Transport Protocols Protocol Name Function Status Ref TCP transmission control protocol reliable data transfer with congestion control standard RFC 0793 STD 0007 UDP user datagram protocol socket access to unreliable IP datagrams standard RFC 0768 STD 0006 RTP real-time protocol streaming media (typically over UDP) standards track RFC 1889 T/TCP TCP for transactions remote login experimental RFC 1644 RDP reliable data protocol reliable data transfer with no congestion control experimental RFC 0908 SCTP stream control transmission protocol signalling proposed for wireless proposed standard RFC 2960 7 October 2016 MST CPE 5420 Application & Transport Layer Security 23
Transport Layer Background Services Egemen K. Çetinkaya What are important characteristics of TCP and UDP? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 24
Transport Layer Background Services TCP: Transmission Control Protocol reliable, in-order delivery congestion control flow control connection setup UDP: User Datagram Protocol unreliable, unordered delivery, aka best effort delivery no connection establishment (no handshaking) no congestion control 7 October 2016 MST CPE 5420 Application & Transport Layer Security 25
Transport Layer Background Services Egemen K. Çetinkaya What s difference between flow & congestion control? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 26
Transport Layer Background Services Flow control control transmission not to overwhelm the receiver Congestion control control transmission not to overwhelm the network 7 October 2016 MST CPE 5420 Application & Transport Layer Security 27
Transport Layer Security Overview What are transport-layer security protocols? Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 28
Transport Layer Security Overview Secure Sockets Layer (SSL) Transport Layer Security (TLS) Note that they don t substitute TCP/UDP 7 October 2016 MST CPE 5420 Application & Transport Layer Security 29
Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 30
Secure Sockets Layer Overview One of the most widely used security services Set of protocols that rely on TCP Implementation can be provided in two ways: as an underlying protocol suite to applications can be embedded in packages; web browsers etc. Developed by Netscape Brief history: V1 never released to public V2 released in 1995 V3 released in 1996, RFC 6101 7 October 2016 MST CPE 5420 Application & Transport Layer Security 31
Secure Sockets Layer Protocol Stack SSL is not a single layer protocol it has two layers of protocols 7 October 2016 MST CPE 5420 Application & Transport Layer Security 32
Secure Sockets Layer Architecture SSL is a layered protocol Lower layer protocol SSL record protocol Higher layer protocols handshake protocol SSL change cipher spec protocol SSL alert protocol 7 October 2016 MST CPE 5420 Application & Transport Layer Security 33
Secure Sockets Layer SSL Record Protocol Operation Egemen K. Çetinkaya Multiple operations performed in SSL record protocol 7 October 2016 MST CPE 5420 Application & Transport Layer Security 34
Secure Sockets Layer SSL Record Protocol Operation Egemen K. Çetinkaya What are the services provided? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 35
Secure Sockets Layer SSL Record Protocol Operation Egemen K. Çetinkaya Confidentiality, authentication, and message integrity 7 October 2016 MST CPE 5420 Application & Transport Layer Security 36
Fragmentation Secure Sockets Layer SSL Record Protocol Operation APDUs are fragmented into blocks of 2 14 bytes or less Optional compression Message authentication code for integrity similar to HMAC; uses MD5 or SHA-1 Encryption block ciphers: AES, DES, 3DES stream ciphers: RC4 and variants Append header content type, major & minor version, compressed length 7 October 2016 MST CPE 5420 Application & Transport Layer Security 37
Secure Sockets Layer SSL Record Format Egemen K. Çetinkaya There are four fields to SSL record header 7 October 2016 MST CPE 5420 Application & Transport Layer Security 38
Content type (8 bits) Secure Sockets Layer SSL Record Format three SSL-specific protocols change_cipher_spec alert handshake no differentiation between separate application protocols application_data Major version (8 bits); e.g. SSLv3 Minor version (8 bits); minor version 0 Compressed length (16 bits); max value 2 14 + 2048 b 7 October 2016 MST CPE 5420 Application & Transport Layer Security 39
Secure Sockets Layer Change Cipher Spec Protocol Signals transitions in ciphering strategies The protocol consists of a single message The message consists of a single byte of value 1 The message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the just-negotiated CipherSpec and keys 7 October 2016 MST CPE 5420 Application & Transport Layer Security 40
Secure Sockets Layer Alert Protocol Alert messages convey the severity of the message a description of the alert Alert levels are: warning fatal Alert messages with a level of fatal result in the immediate termination of the connection Two types of alert messages closure alerts error alerts 7 October 2016 MST CPE 5420 Application & Transport Layer Security 41
Secure Sockets Layer Alert Protocol Messages Egemen K. Çetinkaya Closure alert message closure alert must be sent to avoid a truncation attack close_notify Error alert message always fatal: unexpected_message bad_record_mac decompression_failure handshake_failure illegal_parameter other messages: no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown 7 October 2016 MST CPE 5420 Application & Transport Layer Security 42
Secure Sockets Layer Handshake Protocol It is used to negotiate secure attributes of a session Handshake messages supplied to SSL record layer When an SSL client and server start communicating: a protocol version select cryptographic algorithms optionally authenticate each other use public key encryption to generate shared secrets Each message has three fields: type (1 byte) length (3 bytes) content 7 October 2016 MST CPE 5420 Application & Transport Layer Security 43
hello_request client_hello server_hello certificate Secure Sockets Layer Handshake Protocol Messages server_key_exchange certificate_request server_hello_done certificate_verify client_key_exchange finished 7 October 2016 MST CPE 5420 Application & Transport Layer Security 44
Secure Sockets Layer Handshake Protocol Signalling Client ClientHello --------> Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Server ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data Egemen K. Çetinkaya 7 October 2016 MST CPE 5420 Application & Transport Layer Security 45
Key exchange Secure Sockets Layer Cryptographic Calculations Diffie-Hellman, RSA, and FORTEZZA Encryption asymmetric algorithms: Diffie-Hellman, RSA, and FORTEZZA symmetric algorithms: DES, AES, RC4 MAC algorithms MD5, SHA-1 7 October 2016 MST CPE 5420 Application & Transport Layer Security 46
Background Security of Higher Layers Transport Layer Security Transport layer security Motivation and overview SSL TLS Application layer security 7 October 2016 MST CPE 5420 Application & Transport Layer Security 47
Transport Layer Security Overview TLS provides privacy and data integrity Based on SSLv3 protocol specification differences are not dramatic, but significant enough various versions of TLS and SSL 3.0 do not interoperate Layered architecture as SSLv3 Brief history: V1.0 released in RFC 2246 in 1999 V1.1 released in RFC 4346 in 2006 V1.2 released in RFC 5246 in 2008 V1.3 in draft form as of September 2016 (version 16) 7 October 2016 MST CPE 5420 Application & Transport Layer Security 48
Transport Layer Security Goals Cryptographic security TLS should establish secure connection between two parties Interoperability programmers should develop applications utilizing TLS Extensibility new public key and encryption methods can be incorporated Relative efficiency cryptographic operations tend to be highly CPU intensive TLS has incorporated an optional session caching scheme to reduce the number of connections 7 October 2016 MST CPE 5420 Application & Transport Layer Security 49
SSL/TLS Implementations Implementation SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Botan yes yes yes yes MS Secure Channel yes yes No/disabled No/disabled OpenSSL yes yes yes yes OS X Secure Transport yes yes yes yes REF: http://en.wikipedia.org/wiki/comparison_of_tls_implementations 7 October 2016 MST CPE 5420 Application & Transport Layer Security 50
Layer-4 Security Conclusions TLS/SSL is a layer above TCP and UDP SSL v3 is being deprecated (RFC 7568, June 2015) There is no secure TCP/UDP RFC 5925: TCP Authentication Option Survey of Security Hardening for TCP Implementations https://tools.ietf.org/html/draft-ietf-tcpm-tcp-security-03 TLS/SSL uses services of reliable TCP protocol What happens when the application requires UDP? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 51
Layer-4 Security Conclusions TLS/SSL is a layer above TCP and UDP SSL v3 is being deprecated (RFC 7568, June 2015) TLS/SSL uses services of reliable TCP protocol Some applications require UDP SIP (Session Initiation Protocol) electronic gaming Datagram semantics prohibits use of TLS UDP related RFC 6347 Datagram Transport Layer Security (DTLS) Version 1.2 DTLS is designed to be as similar to TLS as possible 7 October 2016 MST CPE 5420 Application & Transport Layer Security 52
Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH E-mail 7 October 2016 MST CPE 5420 Application & Transport Layer Security 53
Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH E-mail 7 October 2016 MST CPE 5420 Application & Transport Layer Security 54
Application Security HTTP HTTP: hypertext transfer protocol Documented in RFCs 7230-7235 very recent updates, June 2014 Web s application layer protocol Client/server model client requests object from the server server responds with status message Uses TCP port 80 7 October 2016 MST CPE 5420 Application & Transport Layer Security 55
Application Security HTTPS HTTP was originally used in the clear on the Internet Increased use of HTTP for sensitive applications has required security measures Simply uses HTTP over TLS/SSL HTTPS is built into all modern Web browsers The default port is for HTTPS is 443 URI format includes: https https://www.example.com/~smith/home.html Documented in RFC 2818 7 October 2016 MST CPE 5420 Application & Transport Layer Security 56
Application Security HTTPS Encryption URL of the requested document Contents of the document Contents of browser forms Cookies sent to/from browser to/from server Contents of HTTP header 7 October 2016 MST CPE 5420 Application & Transport Layer Security 57
Connection initiation Application Security HTTPS Connections agent acting as HTTP client should also act as the TLS client first, complete TLS handshake the client may then initiate the first HTTP request all HTTP data must be sent as TLS application data Connection closure TLS provides a facility for secure connection closure TLS initiates exchange of closure alerts before closure 7 October 2016 MST CPE 5420 Application & Transport Layer Security 58
Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH E-mail 7 October 2016 MST CPE 5420 Application & Transport Layer Security 59
Application Security SSH The Secure Shell (SSH) Protocol provides secure remote login over insecure network Documented in RFCs 4250-4256 Widely available in most operating systems SSH protocol consists of three major components transport layer protocol provides server authentication, confidentiality, and integrity user authentication protocol authenticates the client to the server connection protocol multiplexes the encrypted tunnel into several logical channels 7 October 2016 MST CPE 5420 Application & Transport Layer Security 60
Application Security SSH Protocol Stack 7 October 2016 MST CPE 5420 Application & Transport Layer Security 61
Application Security SSH Major Components Transport Layer Protocol provides server authentication, confidentiality, and integrity it may optionally also provide compression it typically runs over a TCP/IP connection User Authentication Protocol authenticates the client-side user to the server it runs over the transport layer protocol Connection Protocol multiplexes encrypted tunnel into several logical channels it runs over the user authentication protocol 7 October 2016 MST CPE 5420 Application & Transport Layer Security 62
Application Security Remote Login/File Transfer Client Programs PuTTY and Tera Term for Windows OpenSSH for Mac OS X File transfer: WinSCP for Windows SFTP for Linux-like systems 7 October 2016 MST CPE 5420 Application & Transport Layer Security 63
Background Security of Higher Layers Application Layer Security Transport layer security Application layer security HTTPS SSH E-mail 7 October 2016 MST CPE 5420 Application & Transport Layer Security 64
Application Security E-mail What are the major components of e-mail? 7 October 2016 MST CPE 5420 Application & Transport Layer Security 65
Application Security E-mail Three major components: user agents mail reader compose, edit, read mail messages clients: MS-Outlook, Mac-Mail mail servers holds mailboxes for incoming and outgoing messages protocol protocols between servers: SMTP retrieval from servers via POP, IMAP Important protocols: SMTP, POP, IMAP, HTTP HTTP/Webmail: Gmail, Hotmail (now Outlook), Yahoo Mail 7 October 2016 MST CPE 5420 Application & Transport Layer Security 66
Application Security Internet Mail Architecture 7 October 2016 MST CPE 5420 Application & Transport Layer Security 67
E-mail Security PGP Overview Pretty Good Privacy (PGP) Uses PKCS encryption for e-mail and data security Available in versions that run on variety of platforms First released by Phil Zimmermann in 1991 Provides four services: authentication confidentiality compression conversion 7 October 2016 MST CPE 5420 Application & Transport Layer Security 68
PGP Services Authentication Sender creates a message Sender generates a hash code of the message Sender encrypts hash using sender's private key Encrypted hash code is prepended to the message Receiver decrypts hash using sender's public key Receiver generates a new hash for received message compares it to the decrypted hash code If the two match, message is accepted as authentic Combination of SHA-1 and RSA 7 October 2016 MST CPE 5420 Application & Transport Layer Security 69
PGP Services Confidentiality PGP provides confidentiality by encrypting messages Each key is used only once new key generated as random 128-bit number for each msg. session key is bound to the message and transmitted with it key is encrypted with the receiver's public key 7 October 2016 MST CPE 5420 Application & Transport Layer Security 70
PGP Services Compression PGP compresses the message after applying the signature but before encryption This has the benefit of saving space both for e-mail transmission and for file storage The compression algorithm used is ZIP 7 October 2016 MST CPE 5420 Application & Transport Layer Security 71
PGP Services Conversion Blocks consist of a stream of arbitrary 8-bit bytes Many electronic mail systems only permit the use of blocks consisting of ASCII text PGP provides the service of conversion raw 8-bit binary stream to stream of ASCII characters Scheme used for this purpose is radix-64 conversion 7 October 2016 MST CPE 5420 Application & Transport Layer Security 72
E-mail Security S/MIME Overview Secure/Multipurpose Internet Mail Extensions Security enhancement to the MIME Internet e-mail format standard Brief history: V3.2 RFC 5751 2010 V3.1 RFC 3851 2004 V3.0 RFC 2633 1999 V2.0 RFC 2311 1998 7 October 2016 MST CPE 5420 Application & Transport Layer Security 73
E-mail Internet Message Format A syntax for text messages that are sent between computer users Specified in RFC 5322 A syntax only for text messages It makes no provision for the transmission of images, audio, or other sorts of structured data Messages are viewed as having envelope & contents envelope contains information needed for transmission and delivery contents comprise the object to be delivered to the recipient 7 October 2016 MST CPE 5420 Application & Transport Layer Security 74
E-mail Internet Message Format Example From: John Doe <jdoe@machine.example> To: Mary Smith <mary@example.net> Subject: Saying Hello Date: Fri, 21 Nov 1997 09:55:06-0600 Message-ID: <1234@local.machine.example> This is a message just to say hello. So, "Hello". 7 October 2016 MST CPE 5420 Application & Transport Layer Security 75
E-mail Internet Message Format Extensions Multipurpose Internet Mail Extensions, or MIME Redefines the format of messages to allow for: textual message bodies in character sets other than US- ASCII an extensible set of different formats for non-textual message bodies multi-part message bodies textual header information in character sets other than US- ASCII Documented in RFC 2045 through 2049 7 October 2016 MST CPE 5420 Application & Transport Layer Security 76
E-mail Security S/MIME Services A secure way to send and receive MIME data The services provided: authentication message integrity non-repudiation of origin (using digital signatures) data confidentiality (using encryption) as a supplementary service, S/MIME provides compression S/MIME is not restricted to mail can be used with any mechanism that transports MIME data such as HTTP or SIP 7 October 2016 MST CPE 5420 Application & Transport Layer Security 77
E-mail Security Cryptographic Algorithms in S/MIME Message digest: MD5 & SHA-1 Digital signature: DSS & RSA Encrypting session key: DH & RSA Symmetric encryption: 3DES, AES, RC2 Message authentication: HMAC 7 October 2016 MST CPE 5420 Application & Transport Layer Security 78
E-mail Security DKIM Overview DomainKeys Identified Mail A mechanism for signing and verifying messages Defines domain-level DS authentication framework for email through the use of public-key cryptography using the domain name service as its key server technology It permits verification of the signer of a message as well as the integrity of its contents DKIM's authentication of email identity can assist in the global control of spam and phishing Widely adopted by: e-mail providers and ISPs 7 October 2016 MST CPE 5420 Application & Transport Layer Security 79
Application Security Internet Mail Architecture 7 October 2016 MST CPE 5420 Application & Transport Layer Security 80
Application Security DKIM Architecture 7 October 2016 MST CPE 5420 Application & Transport Layer Security 81
E-mail Security DKIM Example from: reply-to: to: date: subject: Joe Miner <joe.miner@gmail.com> ns-3-users@googlegroups.com ns-3-users@googlegroups.com Wed, Oct 15, 2014 at 9:04 AM Re: ns-3 problems mailing list: ns-3-users.googlegroups.com Filter messages from this mailing list mailed-by: signed-by: unsubscribe: googlegroups.com gmail.com Unsubscribe from this mailing-list 7 October 2016 MST CPE 5420 Application & Transport Layer Security 82
E-mail Security DKIM Signature Example 1 DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=mtizndu2nzg5mdeymzq1njc4otaxmjm0nty3odkwmti=; b=dzdvyofakcdlxdjoc9g2q8loxslenisbav+yuu4zgeerud00l szz VoG4ZHRNiYzR v=dkim version a=algorithm d=domain name s=selector used by verifier to retrieve proper key c=canonicalization algorithm q=default query method 7 October 2016 MST CPE 5420 Application & Transport Layer Security 83
E-mail Security DKIM Signature Example 2 DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=mtizndu2nzg5mdeymzq1njc4otaxmjm0nty3odkwmti=; b=dzdvyofakcdlxdjoc9g2q8loxslenisbav+yuu4zgeerud00l szz VoG4ZHRNiYzR l=length of the canonicalized part t=signature timestamp x=expire time h=list of signed header fields bh=body hash b=actual digital signature of the contents 7 October 2016 MST CPE 5420 Application & Transport Layer Security 84
E-mail Security Spam Spam unsolicited marketing wasting time & resources First commercial instance in 1994 Canter and Siegel Green Card Lottery Final One? incident Mechanisms filtering counterattack fee restructuring [http://en.wikipedia.org/wiki/laurence_canter_and_martha_siegel] 7 October 2016 MST CPE 5420 Application & Transport Layer Security 85
E-mail Security Spam Distribution [http://www.symantec.com/security_response/landing/spam] 7 October 2016 MST CPE 5420 Application & Transport Layer Security 86
E-mail Security Verification of Sender Verifier to associate positive reputation with message Locally-maintained whitelists Shared reputation services Third-party accreditation 7 October 2016 MST CPE 5420 Application & Transport Layer Security 87
Impact: E-mail Security Attack Evaluation [RFC 4686] high: affects the verification of messages from an entire domain or multiple domains medium: affects the verification of messages from specific users, Mail Transfer Agents (MTAs), and/or time periods low: affects verification of isolated individual messages only Likelihood: high: all email users should expect this attack frequently medium: email users should expect this attack occasionally; frequently for a few users low: attack is expected to be rare and/or very infrequent 7 October 2016 MST CPE 5420 Application & Transport Layer Security 88
E-mail Security Attacks Against Message Signatures [RFC 4686] Attack Name Impact Likelihood Theft of private key for domain High Low Theft of delegated private key Medium Medium Private key recovery via side channel attack High Low Signed message replay Low High Denial-of-service attack against verifier High Medium Denial-of-service attack against key service High Medium Compromise of key server High Low Cryptographic weaknesses in signature High Low Falsification of key service replies Medium Medium Display name abuse Medium High 7 October 2016 MST CPE 5420 Application & Transport Layer Security 89
Privacy Enhanced Mail PEM is a 1993 RFC 1421 E-mail Security PEM Overview It is for securing email using public-key cryptography It was never widely deployed or used depends on prior deployment of a hierarchical PKI public key infrastructure (PKI) with a single root 7 October 2016 MST CPE 5420 Application & Transport Layer Security 90
References and Further Reading [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, 2002. [S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, 2017. [KR2013] James F. Kurose and Keith W. Ross, Computer Networking: A Top-Down Approach, 6th edition, Addison-Wesley, 2013. Some slides are adopted from KU EECS 882 Mobile Wireless Networking class taught by Prof. James P.G. Sterbenz [TLS: RFC 5246], [SSL: RFC 6101], [SN Attack: RFC 6528] [HTTPS: RFC 2818], [SSH: RFC 4251] [PGP: RFC 1991], [OpenPGP: RFC 4880], [PEM: RFC 1421] [S/MIME: RFC 5751], [DKIM: RFC 5585, RFC 5863] 7 October 2016 MST CPE 5420 Application & Transport Layer Security 91
End of Foils 7 October 2016 MST CPE 5420 Application & Transport Layer Security 92