COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Similar documents
Virtual Private Network

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Transport Level Security

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Cryptography and Network Security

Virtual Private Networks

CSC 6575: Internet Security Fall 2017

COSC4377. Chapter 8 roadmap

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Encryption 3 4/20/17

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Internet security and privacy

IP Security IK2218/EP2120

CSCE 715: Network Systems Security

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

CS 356 Internet Security Protocols. Fall 2013

The EN-4000 in Virtual Private Networks

Network Security: IPsec. Tuomas Aura

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Information Security & Privacy

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

IP Security. Cunsheng Ding HKUST, Kong Kong, China

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

CSCE 715: Network Systems Security

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

Transport Layer Security

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

CSC 4900 Computer Networks: Security Protocols (2)

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

IP Security. Have a range of application specific security mechanisms

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

AIT 682: Network and Systems Security

8. Network Layer Contents

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

IPSec. Overview. Overview. Levente Buttyán

Cryptography and Network Security. Sixth Edition by William Stallings

Sample excerpt. Virtual Private Networks. Contents

The IPsec protocols. Overview

Wireless LAN Security. Gabriel Clothier

Chapter 8 Network Security

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

Security in IEEE Networks

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Introduction to IPsec. Charlie Kaufman

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Chapter 5: Network Layer Security

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Network Encryption Methods

Lecture 12 Page 1. Lecture 12 Page 3

Lecture 9: Network Level Security IPSec

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

EEC-682/782 Computer Networks I

Lecture 13 Page 1. Lecture 13 Page 3

The Secure Shell (SSH) Protocol

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

Chapter 4: Securing TCP connections

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

IPSec Transform Set Configuration Mode Commands

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Internet security and privacy

(2½ hours) Total Marks: 75

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

14. Internet Security (J. Kurose)

Security+ SY0-501 Study Guide Table of Contents

Key Management and Distribution

WAP Security. Helsinki University of Technology S Security of Communication Protocols

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

IPSec Transform Set Configuration Mode Commands

E-commerce security: SSL/TLS, SET and others. 4.1

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Introduction and Overview. Why CSCI 454/554?

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

IPSec Network Applications

VPN Overview. VPN Types

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Information Security CS 526

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Cryptography and Network Security. Sixth Edition by William Stallings

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Chapter 6: Security of higher layers. (network security)

EEC-682/782 Computer Networks I

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Wireless Network Security

Some optimizations can be done because of this selection of supported features. Those optimizations are specifically pointed out below.

Lecture 10: Communications Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Transcription:

COMPUTER SECURITY 7. Secure Communication Channels: 2 case studies (2) Technologies' case studies (2) WEP Wired Equivalent Privacy (3) IPsec Internet Protocol Security (11) SSL Secure Sockets Layer (25) SSH Secure Shell (32) PEM Privacy Enhanced Mail (39) S/MIME Secure Multipurpose Internet Mail Extensions (41) OpenPGP Open Pretty Good Privacy (42) Pointers... (47) 1 47

7. Secure Communication Channels: 2 case studies Technologies' case studies WEP Wired Equivalent Privacy IPsec Internet Protocol Security SSL Secure Sockets Layer SSH Secure SHell PEM Privacy Enhanced Mail S/MIME Secure/Multipurpose Internet Mail Extensions OpenPGP Open Pretty Good Privacy 2 47

WEP Wired Equivalent Privacy confidentiality protection at the data link level (OSI) designed for wireless networks, IEEE 802.11 confidentiality protection similar to the wired IEEE 802 networks! TCP IP WEP/Data L.... considered weak right from the beginning (optional) entities authentication (by shared key!) App... mainly for its short (40 b) static keys (sensitive to brute force attacks) reinforced by 128b (and 256 b) key; per packet key system, Temporal Key Integrity Protocol (and later AES) replaced by WPA (Wi Fi Protected Access) and later by WPA2 with IEEE 802.11i 3 47

WEP: operation (Association!) contact Access Point to get net services Authentication Open System Mobile Station mere courtesy Shared Key Base Station (Access Point) proof of possession of shared key Conversation (option: w/ Confidentiality) exchange of packages (optionally ciphered with stream cipher) 4 47

...WEP: operation (cont.) Association (ASS): M S ASS, MSaddr, SSid ASS, Aid A P Fig. Association of Mobile Station, MS, to base station, AP (Access Point), in IEEE 802.11's protocol. SSid is the identifier of the group of services requested from AP. Aid is the association's identifier. 5 47

...WEP: operation (cont.) Authentication (AUTH): Open System M S AUTH, OS, 1 AUTH, OS, 2 A P Shared Key AUTH, SK, 1 M S AUTH, SK, R, 2 AUTH, SK, RC4K(R), 3 A P AUTH, SK, 4 6 47

...WEP: operation (cont.) Conversation (DATA): WEP option M S DATA, RC4K(data) DATA, RC4K(data)... A P RC4 stream cipher shared key K used in seed to RC4 engine 64 b seed = IV (24b) + K (40b) IV is visible (and does not change from packet to packet!) 7 47

Cipher process in WEP IV K Network Data CRC 32 Network Data ICV RC4 WEP packet data: IV Enciphered Network Data ICV enciphered Fig. Cipher process in WEP. (ICV Integrity Check Value; CRC Cyclic Redundancy Check) 8 47

IEEE 802.11's packet format generic fields: protected data part of packet (if W bit active): WEP packet data: IV Enciphered Network Data ICV enciphered 9 47

WPA2 improvements (IEEE 802.11i 2004) types of usage: WPA Personal (domestic use): WPA2 w/ AES PreShared Key WPA Enterprise: WPA2 w/ EAP TLS and RADIUS server cryptography tricks: key mixing function, better than mere concatenation of secret root key with initialization vector sequence counter, to protect against replay attacks 64 bit Message Integrity Check (MIC) Curiosity: most attacks still are through supplementary system WPS, Wi Fi Protected Setup! Ref.: standards.ieee.org/about/get/802/802.11.html 10 47

IPsec Internet Protocol Security multiple services confidentiality, integrity, protection against replay attacks symmetrical and asymmetrical cryptography multiple algorithms possible choice, possible future change multiple granularities TCP connection protection protection of connection between machine pairs protection of connection between routers connection oriented > security association SA 11 47

Security Association OSI level: network unidirectional connection identification: security parameter index SPI index for associations table, with all agreed information App... TCP IPsec/IP Data Link... stored info: IP destination address cryptographic algorithms and keys security protocol (AH or ESP) maximum traffic or duration of connection utilization mode (transport, tunnel...) 12 47

Security Policies table with instructions for packets' handling (Security Policy Database, SPD) info on sender and receiver receiver includes machine (IPsec on routers) and port typical options: discard packet, apply security services, reroute it table similar to gateways' and firewalls' Example: origin destination port 192.168.2.9 10.1.2.3 10.1.2.99 25 discard 192.168.19.7 10.1.2.3 10.1.2.99 25 reroute * 10.1.2.3 10.1.2.99 25 apply IPsec * 10.1.2.3 10.1.2.99 80 reroute * * * discard action 13 47

IPsec's operation setting of keys: IKE Internet Key Exchange parameter negotiation and mutual authentication setting up of a security association (SA) IKEv1, was unnecessarily complex; current version is 2 (RFC 4306) setting of services (using accorded keys and algorithms) integrity, protection against replay attacks AH Authentication Header protocol confidentiality, integrity, protection against replay attacks ESP Encapsulating Security Payload protocol References: tools.ietf.org/html/rfc[4301 4309] 14 47

IPsec: IKE Internet Key Exchange (v2) group of message pair's exchange (UDP, ports 500 or 4500) has 2 phases Phase 1 (IKE_SA): mutual authentication and base agreements IKE_SA_INIT + IKE_AUTH (4 messages is enough!): master key's generation by Diffie Hellman's algorithm mutual authentication (predefined keys or public keys via digital certificates) establishment of a security association (AH ou ESP) Phase 2 (CREATE_CHILD_SA, INFORMATIONAL): setting of additional SAs or exchange of control information message exchanges protected by session keys from Phase 1 multiple possibilities of negotiation and control 15 47

IPsec: AH ( Authentication Header) protocol integrity, protection against replay attacks Transport Data IPSec: IPh AH Transport Data authenticated* Fig. Protection by Authentication Header protocol. (* The mutable fields in IP header do not have integrity protection.) in transport mode, as explained below 16 47

...IPsec: AH protocol (cont.) Fig. Utilization of AH protocol (picture enhancing header fields). in transport mode, as explained below 17 47

... IPsec: AH protocol (cont.) Fields of AH: Next header: type of payload header. Examples: IP=4; AH=51; ESP=50; TCP=6; UDP=17. Payload len: length of AH protocol header (in 32b words) 2 Security parameters index: identifier of security association, SA Sequence number: (unique) identifier for all protected packets Authentication data: HMAC of payload (shared key!) Payload + padding: packet net data with padding 18 47

IPsec: ESP (Encapsulating Security Payload) protocol integrity, confidentiality, protection against replay attacks Transport Data IPSec: IPh ESPh Enciphered Transport Data ESPt authenticated* enciphered* Fig. Protection by Encapsulating Security Payload protocol. (* Only part of the ESP footer has integrity and confidentiality protection.) in transport mode, as explained below 19 47

...IPsec: ESP protocol (cont.) 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Security Parameters Index (SPI) ^Auth. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Cov Sequence Number erage + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Payload Data* (variable) ^ ~ ~ Conf. + + + + + + + + + + + + + + + + + + + + + + + + + + Cov Padding (0 255 bytes) erage* + + + + + + + + + + + + + + + + + + + + + + + + + + Pad Length Next Header v v + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Authentication Data (variable) ~ ~ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Fig. Structure of packet protected with ESP protocol (in RFC 2406). (* if included in the Payload field, cryptographic synchronization data, e.g., an Initialization Vector, usually is not encrypted per se) in transport mode, as explained below 20 47

...IPsec: ESP protocol (cont.) Fields of ESP packets: Security parameters index: identifier of SA Sequence number: (unique) identifier of all protected packets Payload + padding: packet net data with padding. With confidential service, includes the initialization vector (IV) for the cipher algorithm. Pad length: number bytes of padding Next header: type of payload header Authentication data: HHMAC of payload (shared key!) 21 47

IPsec: Modes of operation (AH and ESP) transport protection of data from Transport layer APP... IPsec needs change in system's Network layer good for endpoint to endpoint communication TCP IPSec... tunnel protection of data from normal Network layer IPsec adds a new (sub Network) layer to system usually is used for protection between gateways so, not between communication endpoints APP... TCP IP IPSec... 22 47

IPsec: modes of operation with AH Transport mode: Transport Data IPSec: IPh AH Tunnel mode: Transport Data IP: IPSec: Transport Data IPh IPh AH Transport Data pre Network Data 23 47

IPsec: modes of operation with AH Transport mode: Transport Data IPSec: IPh ESPh Tunnel mode: ESPt Transport Data IP: IPSec: Enciphered Transport Data IPh IPh ESPh Transport Data Enciphered pre Network Data ESPt 24 47

SSL Secure Sockets Layer Services mutual authentication integrity protection of communication privacy protection of communication parameter negotiation between parties (client and server) data compression History protocol associated with WWWeb Netscape, 1995 HTTPS = HTTP + SSL SSL version 3, ~ TLS (Transport Layer Security) v.1, but not inter operable! IETF RFC 4346 25 47

SSL: location in OSI layers HTTP between Application and Transport layer SSL/TLS Session and Presentation TCP Problem: TCP ignores SSL! IP denial of service attack:... insertion of phony SSL packet, although TCP correct, in comm. flow: TCP accepts phony packet, but later rejects the real one SSL will signal error condition and secure channel will have to be restarted! 26 47

SSL: protocol structure in time: initial connection (handshake protocol) parameter negotiation and server authentication utilization (record protocol) protected conversation in space : connection control (handshake protocol!) Presentation layer! initial negotiation, alert messages, etc. message exchange support (record protocol!) Session layer! data packaging, ciphering, compression, etc. 27 47

SSL: connection establishment protocol Fig. SSLv3: possible (simplified!) steps of connection establishment protocol. 28 47

...SSL: connection establishment protocol (cont.) Steps: 1: A sends to server (B) cryptographic proposals and nonce RA. 2: B chooses cryptographic methods and sends A its own nonce RB. 3: B sends its digital certificates (its public key for the chosen authentication algorithm). At this point, B could ask A for a similar identification. But this is seldom done: client authentication is usually done later by the application (and over SSL). 4: B is satisfied, for now... 5: Ciphered with B's public key, A sends a random number (premaster key). A and B can now generate a session key: K = f(premaster key, RA, RB) 6 9: A and B signal each other the starting of ciphering of messages with K 29 47

SSL: Connection usage protocol Fig. SSLv3: Protocol for connection usage. The steps are taken by both entities. 30 47

...SSL (cont.) Exercise: Using the features of program openssl, connect to Web servers with SSL and study the protocol message exchanges. References: www.vanemery.com/linux/apache/openssl.html www.openssl.org 31 47

SSH Secure Shell Services Authentication, confidentiality and integrity of sessions of remote terminal file transfer port rerouting History SSH, 1995: Tatu Ylönen, TKK Helsinki University of Technology SSH 2, 1996: modularization, protocol negotiation, channel multiplexing, DH... proposed IETF standard, 2006: IETF RFC 4250 4 OpenSSH, free version! (www.openssh.org) 32 47

SSH: location in OSI layers OSI between Application and Transport layer Session and Presentation (just like SSL) APP... SSH TCP IP... SSH: protocol stack (~ in space!) Connection: user level services Authentication: of client towards server Transport: basic security services 33 47

SSH: connection protocol user level services: point to point security remote terminal file transfer tunneling port forwarding in client and in server forwarding of X11 protocol 34 47

SSH: transport protocol basic security services: server authentication (beware of 1st connection!) (Fig) confidentiality (negotiable algorithm) data integrity (negotiable algorithm) session identification (useful to upper layers) perfect forward secrecy ( random temporary session keys!) compression (optional!) Phase 1: Local (Lm) Remote (Rm) n1 has old KRm? accept new KRm? KRm (n1) ; KRm cont. Phase2 / break! SSL authentication protocol for server (practical work). 35 47

...SSH: transport protocol (cont.) Important problem does Client know that Server is the real one? + Yes, if he has access to genuine KS! But, does he normally has?...... 36 47

SSH: authentication protocol of client towards server: by public key (preferred!) (Fig) by password (most used!) (Fig) by machine (dangerous!) other... Phase 2: Local (Lm) Remote (Rm) ruser1! Authentication protocol for client by password and by public key (practical work). ruser1: pass1 pass1! Phase 2 (alt): ruser1: luser2: Klu2 ; Klu2 ruser1: pass1 pass1? Local (Lm) Remote (Rm) luser2 ; ruser1! n2 Klu2 (n2)! ruser1: luser2: Klu2 37 47

...SSH (cont.): Exercise: Using the debugging features of ssh, connect to servers and study the protocol message exchanges. References: tools.ietf.org/html/rfc[4250 4] www.rfc archive.org/getrfc.php?rfc=4716 38 47

PEM Privacy Enhanced Mail History has seen better days... (~1990; IETF RFC 1421...) but even then, was never a success would use a centralized PKI (Public Key Infrastructure) > main cause of success failure? Compatibility operates with normal email servers is located at the application OSI level does not need OS substitution PEM TCP IP... 39 47

PEM: features confidentiality, authentication and message integrity does not protect headers! (Subject:, To:, From:,...) types of message normal (ignoring PEM) with integrity protection (MIC CLEAR) with Base 64 coding and integrity protection (MIC ONLY) enciphered and with integrity protection (ENCRYPTED) asymmetrical and symmetrical cryptography symmetrical cipher, with session key session key is passed symmetrically or asymmetrically asymmetrical cryptography, with keys from digital certificates digital certificates are passed in messages independence from public key directory service! 40 47

S/MIME Secure Multipurpose Internet Mail Extensions consistent way to send and receive secure MIME data provides the cryptographic security services for electronic messaging: authentication message integrity non repudiation of origin (using digital signatures) privacy and data security (using encryption) can be used with traditional mail user agents and any transport mechanism that transports MIME data, such as HTTP...to be continued... 41 47

OpenPGP Open Pretty Good Privacy History original author (PGP): Philip Zimmermann, 1991 private electronic mail for everyone! «If privacy is outlawed, only outlaws will have privacy!» conflict with the government of the United States went on for years (1993 96) Compatibility identical to PEM's operates with normal email servers is located at the application OSI level does not need OS substitution OpenPGP TCP IP... 42 47

OpenPGP: features standard IETF version (RFC 4880) of PGP 's original idea and system goals and operation similar to PEM's: confidentiality, authentication and message integrity (except headers!) asymmetrical and symmetrical cryptography symmetrical cipher, with session key main differences: always used stronger algorithms (RSA, IDEA) also compacts messages the validation of public keys uses an interesting decentralized technique (ring of trust) competitor of S/MIME important free implementation: GPG Gnu Privacy Guard 43 47

OpenPGP: public key management the ring of trust each user assigns a certain degree of trust to another user (in the sense that finds he/she to be a reliable key signer!): unknown, none, marginal, total the system calculates the validity of a public key (of an user) based on the assigned trust to the users that have signed unknown, doubtful, valid classically, a key was valid if it was signed by: an user with total trust two users with marginal trust GnuPG allows the fine tuning of the algorithm by considering a key as valid if: a number of users with total trust signed it (default, 1!) a number of users with marginal trust signed it (default, 3) but only if the signature path (number of signed signatures) is limited (less than 5) 44 47

(in: The PGP Web of Trust, William Stallings, BYTE, Feb.1995) 45 47

Short comparison between OpenPGP, PEM and S/MIME OpenPGP certification of public keys validation of certificates PEM S/MIME directly or through digital certificates through digital certificates through digital certificates up to the user single hierarchy of multiple parallel Certification Authorities* hierarchies hard because relies easy, once the easy, based on PKIX's certification's procedure only on the user (web of hierarchy is established model, with X.509 trust) certificates up to the user complete (a single hierarchy) user chooses the hierarchy to trust security's potential great low great character encoding scheme Radix 64** ~ Base 64 + CRC Base 64 (RFC 1421) ~ Base 64 trust on system * top entity: IPRA Internet Policy Registration Authority ** also known as ASCII Armor 46 47

Pointers... The IEEE 802.11 standards, 2012 IEEE Standards Association The IPsec' IETF RFC, 1995 2010 R. Atkinson and others tools.ietf.org/html/rfc1421 The S/MIME's IETF RFC, 1998 2010 S. Dusse and others tools.ietf.org/html/rfc4251 The PEM's IETF RFC, 1987 1993 John Linn tools.ietf.org/html/rfc4346 The SSH's IETF RFC, 2006 T. Ylonen et al. tools.ietf.org/html/rfc4301 The TLS' IETF RFC, 1999 2006 T. Dierks and others standards.ieee.org/about/get/802/802.11.html tools.ietf.org/html/rfc5751 The OpenPGP's IETF RFC, 1996 2007 P. Zimmermann and others tools.ietf.org/html/rfc4880 47 47

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback