Upload
shannon-caplin
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Working ConnectionWorking Connection
Computer and Network Computer and Network SecuritySecurity
- SSL, IPsec, Firewalls –- SSL, IPsec, Firewalls –(Chapter 17, 18, 19, and 23)(Chapter 17, 18, 19, and 23)
Working ConnectionWorking Connection
Computer and Network Computer and Network SecuritySecurity
- SSL, IPsec, Firewalls –- SSL, IPsec, Firewalls –(Chapter 17, 18, 19, and 23)(Chapter 17, 18, 19, and 23)
So far, we talked about Basic Techniques of Security…
• Those are used in many different security scenarios– Secure email– Secure transport (SSL)– IPsec
Secure e-mail
• generates random symmetric private key, KS.• encrypts message with KS
• also encrypts KS with Bob’s public key.• sends both KS(m) and eB(KS) to Bob.
• Alice wants to send secret e-mail message, m, to Bob.
Secure e-mail (continued)• Alice wants to provide sender authentication message integrity.
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
Secure e-mail (continued)• Alice wants to provide secrecy, sender authentication, message integrity.
Note: Alice uses both her private key, Bob’s public key.
Secure Sockets Layer (SSL)
• SSL developed by Netscape Communications– Operates on top of TCP– Provides secure connections
• HTTP, FTP, telnet, …
– Electronic ordering & payment; e-mail– SSL 3.0 submitted to IETF for standardization
• TLS standardized by IETF (RFC 2246)– Slight differences with SSL 3.0
– www.ietf.org/html.charters/tls-charter.html
Secure sockets layer (SSL)
• SSL works at transport layer. Provides security to any TCP-based app using SSL services.
• SSL: used between WWW browsers, servers for I-commerce (shttp).
• SSL security services:– server authentication– data encryption – client authentication
(optional)
• Server authentication:– SSL-enabled browser
includes public keys for trusted CAs.
– Browser requests server certificate, issued by trusted CA.
– Browser uses CA’s public key to extract server’s public key from certificate.
SSL (continued)Encrypted SSL session:• Browser generates
symmetric session key, encrypts it with server’s public key, sends encrypted key to server.
• Using its private key, server decrypts session key.
• Browser, server agree that future msgs will be encrypted.
• All data sent into TCP socket (by client or server) i encrypted with session key.
• SSL: basis of IETF Transport Layer Security (TLS).
• Client authentication can be done with client certificates.
Transport Layer Security (TLS)
• TLS protocols operate at two layers• TLS Record Protocol operates on top of TCP• Protocols on top of TLS Record Protocol
– TLS Handshake Protocol– TLS Change Cipher Specification Protocol– TLS Alert Protocol
TCP
TLS Record Protocol
HandshakeProtocol
Change cipher spec Protocol
AlertProtocol
HTTPProtocol
IP
TLS Record Protocol• TLS Record protocol provides
– Privacy service through secret key encryption• Encryption algorithm is negotiated at session
setup• Secret keys generated per connection using
another protocol such as Handshake protocol
– Reliability service through keyed message authentication code• Hash algorithm negotiated at session setup• Operates without hash only during session
negotiation
TLS Handshake Protocol• TLS Handshake protocol used by client & server
– Negotiate protocol version, encryption algorithm, key generation method
– Can authenticate each other using public key algorithm– Client & server establish a shared secret– Multiple secure connections can be set up after session
setup• Session specified by following parameters
– Session Identifier: byte sequence selected by server– Peer Certificate: certificate of peer– Compression method: used prior to encryption– Cipher spec: encryption & message authentication
code– Master Secret: 48-byte secret shared by client & server– Is resumable?: flag indicating if new connections can
be initiated
Client Server
ClientHello
TLS Handshake Process
ServerHello
Certificate*
ServerKeyExchange*
ServerHelloDone
Request connectionIncludes:Version #; Time & date;Session ID (if resuming);Ciphersuite (combinationsof key exchange, encryption, MAC, compression)
Send ServerHello if there is acceptable Ciphersuite combination; else, send failure alert & close connection.* Optional messages
Server Certificate
Server part of handshake done
Server part of key exchange:Diffie-Hellman, gx;; RSA, public key
ServerHello includes:Version #; Random number;Session ID ; Ciphersuite & compression selections
Compute shared key
May contain public key
New CipherSpec pending
TLS Record protocol initially specifies no compression or encryption
Client Server
ClientKeyExchange
[ChangeCipherSpec]
Finished
Client’s part of key agreement:Diffie-Hellman gy; RSA, random #s
Change Cipher protocol message notifies server that subsequent records protected under new CipherSpec & keys
Server changes CipherSpec
Hash using new CipherSpec; allows server to verify change in Cipherspec
Handshake Protocol continued
Compute shared key
Verify CipherSpec
Client Server
Application Data
Handshake Protocol completion
[ChangeCipherSpec]
Finished
Notify client that subsequent records protected under new CipherSpec & keys
Client changes CipherSpec
Hash using new CipherSpec; Client verifies new CipherSpec
TLS Record protocol encapsulates application-layer messages• Privacy through secret key cryptography• Reliability through MAC• Fragmentation of application messages into blocks for compression/encryption• Decompression/Decryption/Verification/Reassembly
Client ServerClientHello
TLS Handshake with Client Authentication
ServerHello
Certificate*ServerKeyExchange*
CertificateRequest
ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished
Application Data
[ChangeCipherSpec]
Finished
Server requests certificate if client needs to be authenticated
Client sends suitable certificate
If server finds certificate unacceptable; server can send fatal failure alert message & close connection
Client prepares digital signature based on messages sent using its private key
Server verifies client has private key
IP Security (IPsec).• IPsec defined in RFCs 2401, 2402, 2406
• Provides authentication, integrity, confidentiality, and access control at the IP layer
• Provides a key management protocol to provide automatic key distribution techniques.
• Security service can be provided between a pair of communication nodes, where the node can be a host or a gateway (router or firewall).
• Two protocols & two modes to provide traffic security:- Authentication Header and Encapsulating Security
Payload- Transport mode or tunnel mode
IPsec: Network Layer Security• Network-layer secrecy:
– sending host encrypts the data in IP datagram
– TCP and UDP segments; ICMP and SNMP messages.
• Network-layer authentication– destination host can
authenticate source IP address
• Two principle protocols:– authentication header (AH)
protocol– encapsulation security
payload (ESP) protocol
• For both AH and ESP, source, destination handshake:– create network-layer
logical channel called a security association (SA)
• Each SA unidirectional.• Uniquely determined by:
– security protocol (AH or ESP)
– source IP address– 32-bit connection ID
IPsec Protocol Stack
• IPsec puts the two main protocols in between IP and the other protocols– AH - authentication header- ESP - encapsulating security
payload
• Tunnel vs. transport?• Other function provided by
external protocols and architectures– Key
Management/authentication– Policy
IPsec Protocol Suite
IPsec: Packet Handling
Security Association• A Security Association (SA) is a logical simplex
connection between two network-layer entities• Two SA’s required for bidirectional secure
communication• SA is specified by
– A unique identifier– Security services to be used– Cryptographic algorithms to be used– How shared keys will be established– Other attributes such as lifetime
• SA negotiated before security service begins
Integrity & Authentication Service• Integrity can be ascertained by sending a
cryptographic checksum or hash of message• Authentication also provided if hash covers:
– Shared secret key, sender’s identity & message– Fields that are changed while packet traverses
Internet are set to zero in calculation of hash• To protect against replay attacks, message
should carry a sequence number that is covered by the hash– Receiver accepts a packet only once– Receiver maintains a window of packets it accepts
• Receiver recalculates hash and compares to hash in received packet
Authentication Header (AH) Protocol
• Provides source host authentication, data integrity, but not secrecy.
• AH header inserted between IP header and IP data field.
• Protocol field = 51.• Intermediate routers
process datagrams as usual.
AH header includes:• connection identifier• authentication data: signed
message digest, calculated over original IP datagram, providing source authentication, data integrity.
• Next header field: specifies type of data (TCP, UDP, ICMP, etc.)
ESP Protocol
• Provides secrecy, host authentication, data integrity.
• Data, ESP trailer encrypted.• Next header field is in ESP
trailer.
• ESP authentication field is similar to AH authentication field.
• Protocol = 50.
IPsec: Tunnel vs. Transport mode
• Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.
• Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.
AH
ESP
Internet Key Exchange (IKE)• Built on of ISAKMP framework• Two phase protocol used to establish
parameters and keys for session– Phase 1: negotiate parameters, authenticate
peers, establish secure channel– Phase 2: Establish a security association (SA)
• The details are unimaginably complex• The SA defines algorithms, keys, and
policy used to secure the session
Gateway-to-Gateway
• Computers A and B have gateways interposed between their internal network and Internet
• Gateway can be a firewall– Controls external access to internal network– Packet filtering according to various header fields
• IP addresses, port numbers, ICMP types, fields within payload
• Secure tunnels can be established between gateways– All internal information including headers can be encrypted
Internet
A B
Remote user to Gateway
• Mobile host needs access to internal network• Gateway must provide user with access while
barring intruders from accessing internal network• May also need to protect identity of mobile user• IP-address of mobile user changes
Internet
Firewall Options• Firewalls can operate at different layers
– IP-layer filtering cannot operate on payload contents
• Circuit-Level Gateways– Direct client-to-server TCP connections not allowed– Relays TCP segments between actual client & actual
server
• Application-Level Gateways or Proxies– Interposed between actual client and actual server– Performs authentication and determines what
features are available to client– Monitors, filters & relays messages