Working Connection Computer and Network Security SSL IPsec

  • Slides: 32
Download presentation
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18,

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

So far, we talked about Basic Techniques of Security… • Those are used in

So far, we talked about Basic Techniques of Security… • Those are used in many different security scenarios – Secure email – Secure transport (SSL) – IPsec

Secure e-mail • Alice wants to send secret e-mail message, m, to Bob. •

Secure e-mail • Alice wants to send secret e-mail message, m, to Bob. • generates random symmetric private key, KS. • encrypts message with KS • also encrypts KS with Bob’s public key. • sends both KS(m) and e. B(KS) to Bob.

Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice

Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice digitally signs message. • sends both message (in the clear) and digital signature.

Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Note:

Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Note: Alice uses both her private key, Bob’s public key.

Secure Sockets Layer (SSL) • SSL developed by Netscape Communications – Operates on top

Secure Sockets Layer (SSL) • SSL developed by Netscape Communications – Operates on top of TCP – Provides secure connections • HTTP, FTP, telnet, … – Electronic ordering & payment; e-mail – SSL 3. 0 submitted to IETF for standardization • TLS standardized by IETF (RFC 2246) – Slight differences with SSL 3. 0 – www. ietf. org/html. charters/tls-charter. html

Secure sockets layer (SSL) • SSL works at transport • Server authentication: layer. Provides

Secure sockets layer (SSL) • SSL works at transport • Server authentication: layer. Provides security – SSL-enabled browser includes public keys for to any TCP-based app trusted CAs. using SSL services. – Browser requests server • SSL: used between certificate, issued by WWW browsers, servers trusted CA. for I-commerce (shttp). – Browser uses CA’s public key to extract server’s • SSL security services: – server authentication – data encryption – client authentication (optional) public key from certificate.

SSL (continued) Encrypted SSL session: • Browser generates symmetric session key, encrypts it with

SSL (continued) Encrypted SSL session: • Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. • Using its private key, server decrypts session key. • Browser, server agree that future msgs will be encrypted. • All data sent into TCP socket (by client or server) i encrypted with session key. • SSL: basis of IETF Transport Layer Security (TLS). • Client authentication can be done with client certificates.

Transport Layer Security (TLS) Handshake Change cipher Protocol spec Protocol Alert Protocol HTTP Protocol

Transport Layer Security (TLS) Handshake Change cipher Protocol spec Protocol Alert Protocol HTTP Protocol TLS Record Protocol TCP IP • TLS protocols operate at two layers • TLS Record Protocol operates on top of TCP • Protocols on top of TLS Record Protocol – TLS Handshake Protocol – TLS Change Cipher Specification Protocol – TLS Alert Protocol

TLS Record Protocol • TLS Record protocol provides – Privacy service through secret key

TLS Record Protocol • TLS Record protocol provides – Privacy service through secret key encryption • Encryption algorithm is negotiated at session setup • Secret keys generated per connection using another protocol such as Handshake protocol – Reliability service through keyed message authentication code • Hash algorithm negotiated at session setup • Operates without hash only during session negotiation

TLS Handshake Protocol • TLS Handshake protocol used by client & server – Negotiate

TLS Handshake Protocol • TLS Handshake protocol used by client & server – Negotiate protocol version, encryption algorithm, key generation method – Can authenticate each other using public key algorithm – Client & server establish a shared secret – Multiple secure connections can be set up after session setup • Session specified by following parameters – – – Session Identifier: byte sequence selected by server Peer Certificate: certificate of peer Compression method: used prior to encryption Cipher spec: encryption & message authentication code Master Secret: 48 -byte secret shared by client & server – Is resumable? : flag indicating if new connections can be initiated

TLS Handshake Process Client TLS Record protocol initially specifies no compression or encryption Request

TLS Handshake Process Client TLS Record protocol initially specifies no compression or encryption Request connection Includes: Version #; Time & date; Session ID (if resuming); Ciphersuite (combinations of key exchange, encryption, MAC, compression) Client. Hello * Optional messages New Cipher. Spec pending Server. Hello May contain public key Certificate* Compute shared key Server. Key. Exchange* Server. Hello. Done Server Send Server. Hello if there is acceptable Ciphersuite combination; else, send failure alert & close connection. Server. Hello includes: Version #; Random number; Session ID ; Ciphersuite & compression selections Server Certificate Server part of key exchange: Diffie-Hellman, gx; ; RSA, public key Server part of handshake done

Handshake Protocol continued Client’s part of key agreement: Diffie-Hellman gy; RSA, random #s Server

Handshake Protocol continued Client’s part of key agreement: Diffie-Hellman gy; RSA, random #s Server Client. Key. Exchange Cipher protocol [Change. Cipher. Spec] message notifies server that subsequent records protected under new Cipher. Spec & keys Hash using new Cipher. Spec; allows server to verify change in Cipherspec Finished Compute shared key Server changes Cipher. Spec Verify Cipher. Spec

Handshake Protocol completion Client changes Cipher. Spec Client verifies new Cipher. Spec Server [Change.

Handshake Protocol completion Client changes Cipher. Spec Client verifies new Cipher. Spec Server [Change. Cipher. Spec] Finished Notify client that subsequent records protected under new Cipher. Spec & keys Hash using new Cipher. Spec; Application Data TLS Record protocol encapsulates application-layer messages • Privacy through secret key cryptography • Reliability through MAC • Fragmentation of application messages into blocks for compression/encryption • Decompression/Decryption/Verification/Reassembly

TLS Handshake with Client Authentication Client. Hello Server. Hello Certificate* Server. Key. Exchange* Certificate.

TLS Handshake with Client Authentication Client. Hello Server. Hello Certificate* Server. Key. Exchange* Certificate. Request Server. Hello. Done Client sends suitable certificate Client prepares digital signature based on messages sent using its private key Certificate* Client. Key. Exchange Certificate. Verify* [Change. Cipher. Spec] Finished Application Data Server requests certificate if client needs to be authenticated If server finds certificate unacceptable; server can send fatal failure alert message & close connection Server verifies client has private key

IP Security (IPsec) • • • . IPsec defined in RFCs 2401, 2402, 2406

IP Security (IPsec) • • • . IPsec defined in RFCs 2401, 2402, 2406 Provides authentication, integrity, confidentiality, and access control at the IP layer Provides a key management protocol to provide automatic key distribution techniques. Security service can be provided between a pair of communication nodes, where the node can be a host or a gateway (router or firewall). Two protocols & two modes to provide traffic security: - Authentication Header and Encapsulating Security Payload - Transport mode or tunnel mode

IPsec: Network Layer Security • Network-layer secrecy: – sending host encrypts the data in

IPsec: Network Layer Security • Network-layer secrecy: – sending host encrypts the data in IP datagram – TCP and UDP segments; ICMP and SNMP messages. • Network-layer authentication – destination host can authenticate source IP address • Two principle protocols: – authentication header (AH) protocol – encapsulation security payload (ESP) protocol • For both AH and ESP, source, destination handshake: – create network-layer logical channel called a security association (SA) • Each SA unidirectional. • Uniquely determined by: – security protocol (AH or ESP) – source IP address – 32 -bit connection ID

IPsec Protocol Stack • IPsec puts the two main protocols in between IP and

IPsec Protocol Stack • IPsec puts the two main protocols in between IP and the other protocols – AH - authentication header - ESP - encapsulating security payload • Tunnel vs. transport? • Other function provided by external protocols and architectures – Key Management/authentication – Policy

IPsec Protocol Suite

IPsec Protocol Suite

IPsec: Packet Handling

IPsec: Packet Handling

Security Association • A Security Association (SA) is a logical simplex connection between two

Security Association • A Security Association (SA) is a logical simplex connection between two network-layer entities • Two SA’s required for bidirectional secure communication • SA is specified by – – – A unique identifier Security services to be used Cryptographic algorithms to be used How shared keys will be established Other attributes such as lifetime • SA negotiated before security service begins

Integrity & Authentication Service • Integrity can be ascertained by sending a cryptographic checksum

Integrity & Authentication Service • Integrity can be ascertained by sending a cryptographic checksum or hash of message • Authentication also provided if hash covers: – Shared secret key, sender’s identity & message – Fields that are changed while packet traverses Internet are set to zero in calculation of hash • To protect against replay attacks, message should carry a sequence number that is covered by the hash – Receiver accepts a packet only once – Receiver maintains a window of packets it accepts • Receiver recalculates hash and compares to hash in received packet

Authentication Header (AH) Protocol • Provides source host authentication, data integrity, but not secrecy.

Authentication Header (AH) Protocol • Provides source host authentication, data integrity, but not secrecy. • AH header inserted between IP header and IP data field. • Protocol field = 51. • Intermediate routers process datagrams as usual. AH header includes: • connection identifier • authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. • Next header field: specifies type of data (TCP, UDP, ICMP, etc. )

ESP Protocol • Provides secrecy, host • ESP authentication, data field is similar to

ESP Protocol • Provides secrecy, host • ESP authentication, data field is similar to AH integrity. authentication field. • Data, ESP trailer • Protocol = 50. encrypted. • Next header field is in ESP trailer.

IPsec: Tunnel vs. Transport mode • Tunnel mode is most commonly used between gateways,

IPsec: Tunnel vs. Transport mode • Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. • Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.

AH

AH

ESP

ESP

Internet Key Exchange (IKE) • Built on of ISAKMP framework • Two phase protocol

Internet Key Exchange (IKE) • Built on of ISAKMP framework • Two phase protocol used to establish parameters and keys for session – Phase 1: negotiate parameters, authenticate peers, establish secure channel – Phase 2: Establish a security association (SA) • The details are unimaginably complex • The SA defines algorithms, keys, and policy used to secure the session

Gateway-to-Gateway Internet A B • Computers A and B have gateways interposed between their

Gateway-to-Gateway Internet A B • Computers A and B have gateways interposed between their internal network and Internet • Gateway can be a firewall – Controls external access to internal network – Packet filtering according to various header fields • IP addresses, port numbers, ICMP types, fields within payload • Secure tunnels can be established between gateways – All internal information including headers can be encrypted

Remote user to Gateway Internet • Mobile host needs access to internal network •

Remote user to Gateway Internet • Mobile host needs access to internal network • Gateway must provide user with access while barring intruders from accessing internal network • May also need to protect identity of mobile user • IP-address of mobile user changes

Firewall Options • Firewalls can operate at different layers – IP-layer filtering cannot operate

Firewall Options • Firewalls can operate at different layers – IP-layer filtering cannot operate on payload contents • Circuit-Level Gateways – Direct client-to-server TCP connections not allowed – Relays TCP segments between actual client & actual server • Application-Level Gateways or Proxies – Interposed between actual client and actual server – Performs authentication and determines what features are available to client – Monitors, filters & relays messages