Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Similar documents
Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

CSCE 715: Network Systems Security

Transport Layer Security

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

CS 356 Internet Security Protocols. Fall 2013

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Transport Level Security

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

CSCE 715: Network Systems Security

Chapter 11 The IPSec Security Architecture for the Internet Protocol

The IPSec Security Architecture for the Internet Protocol

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

Internet security and privacy

Internet security and privacy

Chapter 12 Security Protocols of the Transport Layer

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Network Security IN2101

IPSec. Overview. Overview. Levente Buttyán

Network Security: IPsec. Tuomas Aura

Virtual Private Network

CSC 6575: Internet Security Fall 2017

Network Encryption 3 4/20/17

Transport Layer Security

IP Security. Have a range of application specific security mechanisms

The IPsec protocols. Overview

IP Security IK2218/EP2120

Chapter 4: Securing TCP connections

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Network Security (NetSec) IN2101 WS 16/17

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Lecture 9: Network Level Security IPSec

Cryptography and Network Security. Sixth Edition by William Stallings

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Security Protocols and Infrastructures. Winter Term 2010/2011

AIT 682: Network and Systems Security

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

8. Network Layer Contents

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

CSE543 Computer and Network Security Module: Network Security

Firewalls, Tunnels, and Network Intrusion Detection

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Lecture 10: Communications Security

COSC4377. Chapter 8 roadmap

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Chapter 8 Web Security

Chapter 5: Network Layer Security

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Virtual Private Networks (VPN)

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

CSE509: (Intro to) Systems Security

Lecture 12 Page 1. Lecture 12 Page 3

Secure Socket Layer. Security Threat Classifications

Security Protocols and Infrastructures. Winter Term 2015/2016

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 13 Page 1. Lecture 13 Page 3

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Chapter 6/8. IP Security

Performance Implications of Security Protocols

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Cryptography and Network Security

Sample excerpt. Virtual Private Networks. Contents

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

MTAT Applied Cryptography

Information Security & Privacy

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Virtual Private Networks.

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 5

Introduction to IPsec. Charlie Kaufman

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

HP Instant Support Enterprise Edition (ISEE) Security overview

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

E-commerce security: SSL/TLS, SET and others. 4.1

MTAT Applied Cryptography

Security Protocols and Infrastructures

VPN Ports and LAN-to-LAN Tunnels

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

Transcription:

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec

Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) / TLS (Transport Layer Security) ~1990 1996 SSL Version 1, 2, 3 developed by Netscape 1999: TLS 1.0, 2006: TLS 1.1, 2008: TLS 1.2 developed / standardized by IETF Uses TCP as transport protocol On Layer 3: Goal: Provide security for IP traffic IPSec (IP Security) ~ 1998 Alternative: OpenVPN Often used for Virtual Private Networks (VPN) / Tunnel Internetpraktikum 2

SSL/TLS Internetpraktikum 3

TLS Properties Used for: Encryption and integrity protection for data sent over a socket Transparent for the application layer protocol E.g.: Protection of HTTP, IMAP HTTPS, IMAPS TCP/IP Modell Applikation Application flow: 1. Key exchange, e.g. with RSA, Diffie Hellman 2. optional server and/or client authentication (server/client certificates and digital signatures used) 3. finally: encryption + authentication for all packets TLS TCP IP Host to Network SSL/TLS uses the reliable transport protocol TCP DTLS is an adaptation that uses the more lightweight protocol UDP Internetpraktikum 4

TLS Architecture TLS can be split into two protocol layers: Applikation SSL Handshake Protocol SSL Change Cipherspec Protocol SSL Alert Protocol SSL Application Data Protocol SSL Record Protocol TCP Handshake: Authentication of peers and negotiation of security parameters Change Cipherspec: Signalization of encryption method to be used Alert: Signalization of errors (e.g. certificate could not be validated) Application Data: Transparent transport of application payload All protocols described above communicate via the Record Protocol Internetpraktikum 5

SSL Record Protocol 0 7 15 23 31 Type Ver. (maj.) Ver. (min.) Length Length Data Type: Change Cipherspec: 0x14 (20) Alert: 0x15 (21) Handshake: 0x16 (22) Application Data: 0x17 (23) Version: SSL Version (major = 3, minor = 3 TLS 1.2) Length: Length of payload Data: Payload to transmit (e.g. for Application Data Protocol: encrypted data, MAC, padding) Internetpraktikum 6

SSL Record Protocol Is directly built on top of TCP Processing chain (sending): Fragmentation Parts/records are max 2 14 Bit long Compression optional Calculation of authentication data MAC = H(MAC_write_secret + pad_2 + H(MAC_write_secret + pad_1 + seq_num + length + data)) Remark: the sequence number will not be sent inside the SSL header, as the TCP header contains the sequence number Encryption of data and MAC Using the algorithms which were selected and signalized with the current Change Cipherspec Internetpraktikum 7

SSL Handshake Protocol (RSA, Server auth.) Overview: 1. random number, set of cryptographic suites 1. random number, chosen cryptographic suite, certificate 1. Key exchange (Pre master secret) Generation of the master secret 1. MAC on all previous messages 2. MAC on all previous messages Client Key Generation Server 1 2 3 Key Generation 4 5 Note: 3 and 4 are actually sent together to reduce latency the TLS handshake requires two round trips Internetpraktikum 8

SSL Handshake Protocol (Bsp.: RSA, Server auth) Client Server 1 ClientHello(Ver,Random, CipherSuite,Compr) ServerHello(Ver,Random, SessionID,CipherSuite,Compr) ServerCertificate ServerHelloDone 2 3 4 ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished 5 Internetpraktikum 9

SSL Handshake Protocol Client Server 1 ClientHello(Ver,Random, CipherSuite,Compr) 3 [ClientCertificate] ClientKeyExchange [CertificateVerify] ServerHello(Ver,Random, SessionID,CipherSuite,Compr) [ServerCertificate] [CertificateRequest] [ServerKeyExchange] ServerHelloDone 2 4 ChangeCipherSpec Finished ChangeCipherSpec Finished 5 [...] denotes optional message Internetpraktikum 10

IPSec Internetpraktikum 11

Application of IPSec: Virtual Private Networks 3 typical configurations: End to End (both devices have VPN Software) Site to Site (security gateways apply IPSec to traffic, often used to connect branches of a company) End to Site (road warriors connect to the company) End to End Site to Site 10.3.2.11 10.3.2.34 Branch A End to Site Branch B Internetpraktikum 12

IP Security (IPSec) Shortcomings of IP: IP neither protects authenticity of communication entities or data, or protects data integrity, nor provides confidentiality Services of IPSec: Authentication of client/server Data integrity protection Confidentiality IPSec defines two packet formats AH (RFC 2402) Authentication ESP (RFC 2406) Confidentiality (+ Authentication) A combination of ESP and AH is possible and a key exchange protocol IKE (Internet Key Exchange) provides a safe key exchange mechanism via an insecure channel Internetpraktikum 13

Terms Security Policy (SP) / Security Policy Database (SPD) SP is a rule that specify how to protect a specific communication session E.g.: protect confidentiality and authenticity of all packets sent between Host a and Host b using encryption mechanism x and authentication mechanism y Security Policies are quite static and stateless E.g.: A SP does not contain a session key used for encryption Security Association (SA) / Security Association Database (SAD) SAs are the concrete settings that enforce the more abstract policies specified in the SPD SAs are bindings of IPs, encryption / authentication methods, the currently used key, duration, SAs are negotiated by IKE SAs are quite dynamic and stateful Each SA is identified by a SPI (Security Parameter Index) Internetpraktikum 14

Authentication Header vs. Encapsulating Security Payload The authentication header (AH): Provides data origin authentication and replay protection Is realized as a header which is inserted between the IP header and the data to be protected IP header AH header protected data authenticated The encapsulating security payload (ESP): Provides data origin authentication, confidentiality, replay protection Is realized with a header and a trailer encapsulating the data to be protected encrypted IP header ESP header protected data ESP trailer authenticated Internetpraktikum 15

ESP + AH Combined encrypted IP header AH header ESP header protected data ESP trailer authenticated ESP and AH can be combined for maximum security: Payload is encrypted by ESP Payload and nearly all header fields of the IP header are authenticated by AH Uses two SAs For ESP For AH Internetpraktikum 16

Transport Mode vs. Tunnel Mode IPSec works in two modes: Transport mode can be used between end points of a communication: host host Tunnel mode can be used between arbitrary peers security gateway security gateway host security gateway The difference between the two modes is, that: Transport mode just adds a security specific header (+ possibly a trailer): IP header Tunnel mode encapsulates IP packets: New IP header IPSec header IPSec header Old IP header protected data protected data Encapsulation of IP packets allows for a gateway protecting traffic on behalf of other entities (e.g. hosts of a subnetwork, etc.) Internetpraktikum 17

Example: IPSec Tunnel between two networks Site to Site 10.3.2.11 10.3.2.34 Branch A Branch B Internetpraktikum 18

AH Header AH authenticates all invariant fields of the IP Header Protocol (IPv4) / Next Header Feld (IPv6): 51 = AH 0 7 15 23 31 IP Header Next Header Payload Length Reserved Used to identify the currently used SA AH Security Parameter Index (SPI) Sequence Number Authentication Data authenticated Payload Internetpraktikum 19

ESP Header 0 7 15 23 31 Used to identify the currently used SA encrypted Security Parameter Index (SPI) Sequence Number Initialization Vector Protected Data authenticated Pad Pad Length Next Header Authentication Data The ESP Header directly follows the IP header or the AH header Protocol (IPv4) or Next Header (IPv6) field: 50 = ESP The next header field refers to protected data Internetpraktikum 20

Example: IPSec Tunnel between two networks Outbound Processing Site to Site 10.3.2.11 10.3.2.34 Branch A Branch B Internetpraktikum 21

Basic Scheme: Processing of Outgoing Packets IPSec outbound processing new incoming packet Lookup appropriate policy deliver packet discard packet IKE yes yes yes No policy? no Policy is discard? no Lookup SAs No SA? no perform outbound processing according to the order given in the SPD Internetpraktikum 22

Example: IPSec Tunnel between two networks Inbound Processing Site to Site 10.3.2.11 10.3.2.34 Branch A Branch B Internetpraktikum 23

Basic Scheme: Processing of Incoming Packets IP Inbound processing (1) Wait for Fragments All Fragments Available? yes IPSec header found yes get SPI from the IPSec header no no Does SA for SPI Exist? yes perform ESP/AH inbound processing no Discard Packet Internetpraktikum 24

Security of IPSec Currently no working attacks are known Design got criticized by various persons, e.g. Schneier/Ferguson Some concepts are redundant most operational modes are not used/not needed AH+ESP fits all Highly complexity, mainly due to IKE Complex things are prone to errors, i.e. implementation is very difficult Currently the best working security mechanism for securing IP communication (on layer 3) Internetpraktikum 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback