Download Networking Overview

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
page
112
page
113
page
114
page
115
page
116
page
117
page
118
page
119
page
120
page
121
page
122
page
123
page
124
page
125
page
126
page
127
page
128
page
129
page
130
page
131
page
132
page
133
Document related concepts

Net bias wikipedia , lookup

Computer security wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Zigbee wikipedia , lookup

RapidIO wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Network tap wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Computer network wikipedia , lookup

IEEE 1355 wikipedia , lookup

Airborne Networking wikipedia , lookup

Wireless security wikipedia , lookup

AppleTalk wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wake-on-LAN wikipedia , lookup

TCP congestion control wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Internet protocol suite wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Transcript 
Networking Overview
Networking Overview
1
TCP/IP
 TCP/IP
== Transmission Control
Protocol/Internet Protocol
 Almost ubiquitous protocol for
communication over network
 Many other networking protocols
o ATM, X.25, SS7, Sonet,…
o But TCP/IP has taken over the world
Networking Overview
2
TCP/IP

Here, a brief overview of TCP/IP
 For
more info, see, for example,
o Computer Networks, Tanenbaum
o Computer Networks and Internets, Comer
o Computer Networking: A Top Down
Approach Featuring the Internet, Kurose
and Ross
o TCP/IP Protocol Suite, Forouzan
Networking Overview
3
Why TCP/IP?
 Almost
everywhere
 Author developed payphone billing
protocol in 1992
o Used X.25, later ported to SS7
o Today would almost certainly use TCP/IP
 TCP/IP
makes the world “extremely
hackable”
Networking Overview
4
OSI Reference Model

In 1980, ISO
developed OSI
o Computer
communication over
network

Protocol layering
o Breaks problem into
small parts
 Modular
o Layer provides service
o Makes it easy, for
to next higher
example, to replace
Ethernet with wireless
Networking Overview
5
OSI Reference Model

Layer 7 --- Application Layer
o Links application to the communication channel

Layer 6 --- Presentation Layer
o How to represent bits for transmission

Layer 5 --- Session Layer
o Coordinate (multiple) sessions

Layer 4 --- Transport Layer
o Logical channel between systems
Networking Overview
6
OSI Reference Model

Layer 3 --- Network Layer
o Move data from host-to-host, across network
core (interconnected mesh of routers)

Layer 2 --- Data Link Layer (or Link Layer)
o Move data across one “hop”

Layer 1 --- Physical Layer
o Transmit bits across a physical link (fiber optic,
copper cable, wireless, etc.)

Note: Layers 7,6,5 often treated as one
Networking Overview
7
TCP/IP, Our Hero
Layers from TCP/IP’s perspective…
 Application Layer --- Program trying to
communicate using TCP/IP

o E.g., email servers, SSH client and server, etc

Transport Layer --- Includes TCP and UDP
o TCP provides reliable delivery
o UDP is “bare bones” transport layer protocol
Networking Overview
8
TCP/IP, Our Hero
 Network
Layer --- Based on IP
o Deliver packets from end-to-end
o To be cool, you must say “layer 3”
 Data
Link Layer --- One hop
o “Layer 2”
 Physical
Layer --- The physical media
Networking Overview
9
TCP/IP Protocol Stack
TCP/IP
synonymous
with transport
layer and
network layer
(combined)
 For example…

Networking Overview
10
Layering (Again)

Each layer adds some info
o Usually added to beginning, so called a header
Networking Overview
11
Terminology
 Application
layer  packet
 Transport layer  TCP segment (for
example)
 Network layer  IP datagram
 Data link/physical layer(s)  frame
 We may use “packet” for all of these
Networking Overview
12
TCP/IP

Protocols: TCP, UDP, IP, ICMP
o Defined in RFCs 791 thru 793

Developed for academic research
o No thought of security
o No confidentiality, integrity, authentication, …
Networking Overview
13
TCP/IP and Security
 Originally,
no security in TCP/IP
o Any security provided by applications
 But
TCP/IP retrofit for security
o IPSec --- security at the “IP layer”
o “Built in” security for applications
o IPSec is a bloated and complex protocol
Networking Overview
14
TCP
TCP provides reliable delivery
 Most familiar apps use TCP

o
o
o
o
o

Web browsing (HTTP)
Secure shell (SSH)
File transfer (FTP)
Email (SMTP, POP, IMAP)
Etc., etc., etc.
For most apps, TCP saves a lot of work
Networking Overview
15
TCP Header
 Every
TCP packet includes header
Networking Overview
16
TCP Port Numbers
 Source
port, destination port
 Server
application “listens” on a port
o 16-bit numbers
o Tells which “door” to send data to
o Source == outgoing “door”, etc.
o Listening ports are open
o Non-listening ports are closed
Networking Overview
17
TCP Port Numbers

Examples of well-known ports
o
o
o
o
o
o

TCP port 21 --- FTP
TCP port 22 --- SSH
TCP port 23 --- telnet
TCP port 25 --- SMTP
TCP port 80 --- HTTP
TCP port 6000 --- The X Window System (X11)
Note these ports are used by convention
o Could use 8080 for HTTP and not get arrested
o But both client and server must know this
Networking Overview
18
Ports
 Example
 Note
that attackers want to know
which ports (“doors”) are open
Networking Overview
19
Ports
 To
see which ports are in use
o Locally, use netstat -na
Networking Overview
20
TCP Control Bits
 Control
bits or flags
 For
“3-way handshake”, and other
special things
Networking Overview
21
TCP Control Bits

Originally, 6 control bits
o URG --- urgent data, give it priority (or not…)
o ACK --- acknowledge earlier data
o PSH --- push data thru now
o RST --- reset the connection, due to error or
an interruption (abnormal termination)
o SYN --- synchronize sequence numbers
o FIN --- no more data, so tear down connection
Networking Overview
22
TCP Control Bits

Two additional control bits
o CWR --- congestion window reduced; due to
network congestion, reduced window size
o ECE --- explicit congestion notification echo;
connection is experiencing congestion

For congestion control issues
Networking Overview
23
TCP 3-Way Handshake
 Used
to establish TCP connection
 Note
sequence numbers: ISNA and ISNB
o ACK and SYN flag bits used here
Networking Overview
24
TCP 3-Way Handshake
 Establishes
“connection”
 Sequence numbers enable TCP to
o Make sure all packets arrive
o Make sure all packets delivered in order
 FIN
bit used when session torn down
 RST used to end in “error” cases
Networking Overview
25
Other Fields in TCP Header
Data offset --- where the data begins
 Reserved --- reserved for future use (or
for clever attackers…)
 Window --- controls number of outstanding
packets; prevents one side from sending
too fast (flow control)
 Checksum --- error detection (uses CRC)

Networking Overview
26
Other Fields in TCP Header
 Urgent
pointer --- if URG flag set,
tells where the urgent data is located
 Options --- additional info (e.g., the
max size of packet); variable size
 Padding --- used to make things line
up on 32-bit boundaries
Networking Overview
27
UDP
 UDP
== User Datagram Protocol
 Minimal “no frills” transport protocol
o Does minimum possible
o “Connectionless”
o No flow control, no congestion control,
packets can be out of order, not arrive, …
o UDP == Unreliable Damn Protocol
Networking Overview
28
UDP
Why use UDP?
 Low overhead

o 8 byte header vs 20 bytes (or more) for TCP

No congestion control/flow control
o How can this be good?
Networking Overview
29
Where is UDP Used?
 Streaming
audio/video
o Some packet loss is OK
o Example: Real Player, UDP port 7070
 Apps
where low overhead is useful
o Trivial FTP (TFTP), UDP port 69
o Simple Network Management Protocol
(SNMP), UDP port 161
Networking Overview
30
FTP vs UDP
 Which
is more secure?
 With UDP, more work for firewalls
o Hard to track “connections”
o Example: Slammer worm fit into one
376-byte UDP packet; got thru firewalls
 But
neither TCP nor UDP offer any
“real” security (confidentiality, etc.)
Networking Overview
31
IP
 IP
== Internet Protocol
o Not “intellectual property”
 IP
is the network layer protocol
today
o Mostly IPv4
o IPv6 used a little bit --- offers more
addresses and more security
o Here, we focus on IPv4
Networking Overview
32
IP Header
 Note
that source and destination
addresses each 32 bits
Networking Overview
33
What is a Network?
 LAN
== Local Area Network
 LANs are building blocks of networks
 LAN is bunch of computers connected
together by hub, switch, wireless, …
o No router between computers on a LAN
 Usually,
Networking Overview
small geographic area
34
What is a Network?
 LANs
are
connected
by routers
o Routers
move
packets
between
LANs
Networking Overview
35
IP Addresses
IP addresses are 32 bits
 Identify hosts (computers) on network
 Written in “dotted decimal” notation

o Author calls it “dotted quad” notation
Networking Overview
36
IP Addresses
 Every
IP packet has source and
destination IP addresses
 Every IP address has 2 parts
o One part identifies the network (LAN)
o One part identifies the specific host
o Makes routing more efficient
 But
which part is which?
Networking Overview
37
Netmasks


Leftmost bits are network part of address
Netmask (subnet mask) often used
o Uses “AND” operation

Classless Inter-Domain Routing (CIDR) notation
o 10.21.0.0/16
Networking Overview
38
Packet Fragmentation
 Link
may accept packet of max length
 What if packet is too big?
 Fragmentation!
o Router chops packet into pieces
o Reassembled at destination
o Fields in IP header identify fragments
(and how to reassemble them)
Networking Overview
39
Fragmentation Bits
 Don’t
fragment bit
o 0 == OK to fragment, 1 == don’t fragment
 More
fragments bit
o 0 == last fragment, 1 == more fragments
 Fragmentation
opens door to attacks
o Firewalls/IDS do not like fragments
Networking Overview
40
Other Stuff in IP Header
Version --- IPv4 or IPv6
 Hlen --- total length of IP header
 Service Type --- for quality of service
 Total Length --- length of data and header
 Identification --- for fragment reassembly
 Flags --- don’t fragment, more fragments, …
 Fragmentation Offset --- how to
reassemble fragments

Networking Overview
41
Other Stuff in IP Header
Time-to-Live (TTL) --- max number of “hops”
remaining before packet dies
 Protocol --- TCP or UDP
 Header Checksum --- error detection in
header (recomputed at each router)
 Source IP Address --- “from”
 Destination IP Address --- “to”
 Options --- e.g., “source routing”
 Padding --- pad length to multiple of 32 bits

Networking Overview
42
ICMP
Internet Control Message Protocol
 Like the “network plumber”

o Host uses ICMP to see if another host is alive
and responding
o Router uses ICMP to tell source it does not
know how to route a packet
o Host can tell another host to stop sending data
so fast, etc., etc.
Networking Overview
43
ICMP
 Same
packet format as IP
o Protocol field is set to 1
 Many
ICMP message types
o Common types listed on next 2 slides
Networking Overview
44
ICMP

Name (type number) --- explanation
o Echo reply (0) --- response to ping
o Destination unreachable (3) --- IP packet
cannot be delivered (sent by router or host)
o Source quench (4) --- slow down!
o Redirect (5) --- send data to different router
o Echo (8) --- ping (is system responding?)
Networking Overview
45
ICMP

Message, type number, explanation
o Time Exceeded (11) --- TTL exceeded, or
o
o
o
o
o
problem reassembling fragments
Parameter Problem (12) --- bad parameter
Timestamp (13) --- request system’s time
Timestamp Reply (14) --- send system time
Information Request (15) --- used to determine
which network a host is on
Information Reply (16) --- network IP address
Networking Overview
46
Routing Packets
 How
routers get packets thru network
o Like Little Red Riding Hood trying to find
the best path to grandma’s house
 Dynamic
routing protocols
o RIP, OSPF, BGP
o As if trees in the forest calculate best
path and tell Red which way to go
Networking Overview
47
Routing Packets
 Static
routing protocols
o Hard-coded routes
o Red always has to go the same way
 Source
routing
o Source specifies route in packet
o Step-by-step directions to Grandma’s
house tattooed on Red’s forehead
Networking Overview
48
NAT
Network Address Translation
 Address-related problems

o Not enough IP addresses to go around
o Internal network uses “illegal” or unroutable
(private) addresses

Solutions: NAT
o Gateway (i.e., router or firewall) “translates”
addresses
Networking Overview
49
NAT
Outgoing --- gateway replaces internal
address with valid IP address
 Incoming --- gateway replaces valid IP
address with internal address
 Note that gateway must remember!

Networking Overview
50
How to Implement NAT?

Map single IP address
o Every packet mapped to one IP address
o Vary source port numbers
o Port Address Translation (PAT)

One-to-one mapping
o Internal address mapped to unique IP address

Dynamically allocate addresses
o Multiplex internal addresses to IP addresses
o Not as popular as other 2 approaches
Networking Overview
51
NAT and Security

NAT hides internal IP addresses
o Might be harder for attacker to map network
topology

NAT of limited security value
o Attacker could take over NAT device
o Attacker could let NAT do its job and attack
internal network
o Some argue NAT harms security (IPSec)
Networking Overview
52
Firewalls: Pick Your Analogy
 Network
“traffic cop”
 Network “soccer goalie”
Networking Overview
53
Firewalls
 Filter
based on…
o Services, addresses, data, etc., etc.
 May
o
o
o
o
be used to protect…
Your network from Internet
Your network from partner’s network
Your network from your network
Internet from your network
Networking Overview
54
Firewalls
 Attacker:
Networking Overview
“kick ball” past goalie…
55
Firewalls

Three types of firewalls
o Packet filter (network layer)
o Stateful packet filter (transport layer)
o Proxy-based firewall (application layer)

All firewalls one of these types
o In spite of marketing…

Also, Intrusion Prevention Systems (IPS)
o Not quite the same as firewall
Networking Overview
56
Packet Filter

Filter each packet individually
o No concept of state

Can filter based on…
o
o
o
o
o
o
Source/destination IP address
Source/destination port (application specific)
TCP control bits (SYN, ACK, etc.)
Protocol (e.g., allow TCP, deny UDP)
Direction (incoming, outgoing)
Interface (trusted or untrusted network)
Networking Overview
57
Packet Filter
 Access
control list (ACL), e.g.,
Protocol
Flag
Bits
80
HTTP
Any
80
> 1023
HTTP
ACK
All
All
All
All
Action
Source
IP
Dest
IP
Source
Port
Allow
Inside
Outside
Any
Allow
Outside
Inside
Deny
All
All
 Start
Dest
Port
at top and work down the list
o What do 1st, 2nd, 3rd lines do?
Networking Overview
58
Packet Filter
 Disadvantage:
very limited view
 Consider ACL on previous slide
o Easy to kick ball past this goalie
o E.g., ACK scan
 Even
worse with UDP
o No flag bits
 Advantages:
Networking Overview
speed and simplicity
59
Stateful Packet Filter

Improve packet filter by adding state
o State == remember something (packets)

Remember each active connection
o State table: info on active connections
o Time out, typically, after 10 to 90 seconds
o Can see how/if new packet fits into ongoing
connection
o For example, ACK must be preceeded by SYN
Networking Overview
60
Stateful Packet Filter
 With
packet filter
 With
stateful packet filter
o Attacker can “ACK scan” for open ports
o Send ACK packets with no prior SYN
o ACK scan fails
o Packets dropped since no prior SYN
 Can
also remember UDP “connections”
Networking Overview
61
Stateful Packet Filter
 Advantage:
Much stronger than
packet filter
 Disadvantage: More work
o Often implemented in custom hardware,
so speeds can be competitive
 Still
lacks a complete view…
Networking Overview
62
Proxy
 Proxy
--- acts on your behalf
 Analogy…
o
o
o
o
o
Student calls me at home late at night
My wife answers the phone
She tells me a student called
Me: “Tell that $&^# to get lost!”
My wife: “He’s busy, can I take a msg?”
Networking Overview
63
Proxy
 Another
o
o
o
o
analogy…
Telemarketer calls me at home
My wife answers the phone
She tells them to go away…
…without informing me of the call
 My
wife is acting as my proxy
 Proxy firewall is similar
Networking Overview
64
Proxy-Based Firewall
 Proxy
can look at complete picture
o Everything packet filter sees
o Everything stateful packet filter sees
o Plus application level info --- can verify
that protocols are followed, data is free
of malware, etc., etc.
 May
cache info for efficiency
Networking Overview
65
Proxy-Based Firewall
Advantage: complete view
 Disadvantage: speed, computing power

o May limit amount of traffic it can handle, more
expensive hardware, more complex, etc.
Networking Overview
66
IPS

Intrusion Prevention System (IPS)
o Similar to, but not quite a firewall
Analyze network traffic in real time
 Attack signatures/suspicious behavior

o Signatures/anomaly detection
Firewall does not do this
 Can block suspicious communications

Networking Overview
67
Best Firewall?
 Try
to get best from each technology
Networking Overview
68
Data Link Layer
 Not
part of TCP/IP
o But it is a source of attacks
 Data
Link Layer
o Move packets across one “hop”, LAN to
router, router to router, etc.
o Lives in Network Interface Card (NIC)
o Ethernet, 802.11 (wireless), etc.
Networking Overview
69
Ethernet
Ethernet is “king of the Link Layer”
 Ethernet used on shared media

o Resource contention

Media Access Control (MAC) addresses
o 48 bits, globally unique
o Of form AA:BB:CC:DD:EE:FF (or “.” for “:”)
o IP address is like street address, MAC address
like social security number
o Aside: Why not use IP address for everything?
Networking Overview
70
ARP

Address Resolution Protocol (ARP)
o MAC address for LAN, IP address for network

ARP is used to find MAC address, given the
IP address
o Broadcast IP address
o Whoever has it, responds with MAC address
o Response is cached (for efficiency)
Networking Overview
71
ARP
ARP only applies on same LAN
 ARP is stateless

Networking Overview
72
Hubs and Switches
 Both
used on LAN
 Hub is simple/dumb device
o Broadcast to all interfaces
o Simple, but wastes bandwidth
 Switch
is smarter
o Only sends data to a specific interface
o Reduces bandwidth usage
Networking Overview
73
Hubs and Switches
 Hub
o Simple
o Wasteful
 Switch
o Complex
o Saves bandwidth
Networking Overview
74
Switches
 Switch
stores MAC address locations
o Content Addressable Memory (CAM)
 Table
o
o
o
o
determined automatically
At first switch acts like hub
Then looks at MAC addresses
Uses this info to fill in table
This all happens automatically
Networking Overview
75
Switch
Networking Overview
76
Wireless LAN
 802.11
is king of WLAN
 Wireless security is difficult
o Often not secured, rogue access points, …
 LAN
usually has little or no security
o Maybe OK if physical access required
o But WLAN changes all of that…
o WLAN is good news for Trudy and Eve
Networking Overview
77
WLAN
 Regular
LAN attacks work on WLAN
 Physical access not required!
 Makes hackable network more so
 Great news for Trudy and Eve!
o Cell phones and other wireless
technology promise even more hacks
Networking Overview
78
802.11
802.11 --- 1997 @ 2Mbps
 802.11a --- 1999 @ 54Mbps

o Not used much, since came out at same time as
802.11b, and 802.11b is cheaper

802.11b --- 1999 @ 11Mbps
o Speed similar to traditional Ethernet

802.11g --- 2003 @ 54Mbps
o Popular, combines best of 802.11a and 802.11b
Networking Overview
79
802.11
 802.11i
--- 2004
o Real security
o Strong encryption (AES)
o Strong key exchange (TKIP)
 Much
stronger than WEP
o WEP: “swiss cheese” of security protocols
o WEP: no integrity, poor encryption, etc.
Networking Overview
80
WEP

According to Tanenbaum:
o “The 802.11 standard prescribes a data link-
level security protocol called WEP (Wired
Equivalent Privacy), which is designed to make
the security of a wireless LAN as good as that
of a wired LAN. Since the default for a wired
LAN is no security at all, this goal is easy to
achieve, and WEP achieves it as we shall see.”
Networking Overview
81
Security on the Internet
TCP/IP provides no security
 Must retrofit Internet for security
 Application layer

o PGP, S/MIME, SSH, …

“Socket layer”
o SSL/TLS (really part of application layer)

Network layer
o IPSec
Networking Overview
82
Application Layer Security

Pretty Good Privacy (PGP)
o Developed by Phil Zimmerman
o No backdoor?
 “We don’t hire that kind of person”

Secure/Multipurpose Internet Mail
Extensions (S/MIME)
o Secure email

Secure Shell (SSH)
o Secure “tunnel” for remote access
Networking Overview
83
SSL

Secure Socket Layer
(SSL)
o Developed for Web, HTTP
o Can be used anywhere
o Elegant security protocol

Transport Layer Security
(TLS)
o Same, but incompatible
Networking Overview
84
SSL
 Authentication,
confidentiality,
integrity
 You use SSL all the time
o Whenever “lock” (or “key”) appears in
browser
o HTTPS == HTTP with SSL
 Secure
transactions on Internet
Networking Overview
85
SSL
 Not
quite
the same
as in CS166
or CS265…
Networking Overview
86
SSL
Networking Overview
87
A Note on Notation

E(X,K) == encrypt X with symmetric key K
o Key is known to sender and receiver
o And nobody else

{X}Alice == encrypt X with Alice’s public key
o Key know to everybody
o Can only be decrypted with Alice’s private key
o Alice’s private key known only to Alice
Networking Overview
88
Notation

h(X) == cryptographic hash function
o Provides “fingerprint” of X
o Compresses data

Certificate
o Contains (at least) public key, name
o Signed by a Certificate Authority (CA)
o CA vouches that corresponding private key
belongs to “name” in certificate
o Anyone can verify signature (public key)
Networking Overview
89
Simple SSL-like Protocol
I’d like to talk to you securely
Here’s my certificate
{KAB}Bob
Alice
protected HTTP
Bob
Is Alice sure she’s talking to Bob?
 Is Bob sure he’s talking to Alice?

Networking Overview
90
Simplified SSL Protocol
Can we talk?, cipher list, RA
certificate, cipher, RB
{S}Bob, E(h(msgs,CLNT,K),K)
Alice




h(msgs,SRVR,K)
Data protected with key K
Bob
S is pre-master secret
K = h(S,RA,RB)
msgs = all previous messages
CLNT and SRVR are constants
Networking Overview
91
SSL Authentication

Alice authenticates Bob, not vice-versa
o How does client authenticate server?
o Why does server not authenticate client?

Mutual authentication is possible: Bob
sends certificate request in message 2
o This requires client to have certificate
o If server wants to authenticate client, server
could instead require (encrypted) password
Networking Overview
92
SSL MiM Attack
RA
certificateT, RB
Alice
{S1}Trudy,E(X1,K1)
h(Y1,K1)
E(data,K1)




RA
certificateB, RB
Trudy
{S2}Bob,E(X2,K2)
h(Y2,K2)
E(data,K2)
Bob
Q: What prevents this MiM attack?
A: Bob’s certificate must be signed by a
certificate authority (such as Verisign)
What does browser do if signature not valid?
What does user do if signature is not valid?
Networking Overview
93
SSL vs IPSec

IPSec  discussed next
o Lives at the network layer (part of the OS)
o Has encryption, integrity, authentication, etc.
o Is overly complex (including serious flaws)

SSL (and IEEE standard known as TLS)
o Lives at socket layer (part of user space)
o Has encryption, integrity, authentication, etc.
o Has a simpler specification
Networking Overview
94
SSL vs IPSec

IPSec implementation
o Requires changes to OS, but no changes to applications

SSL implementation
o Requires changes to applications, but no changes to OS





SSL built into Web application early on (Netscape)
IPSec used in VPN applications (secure tunnel)
Reluctance to retrofit applications for SSL
Reluctance to use IPSec due to complexity and
interoperability issues
Result? Internet less secure than it should be!
Networking Overview
95
IPSec
Networking Overview
96
IPSec and SSL
IPSec lives at
the network
layer
 IPSec is
transparent to
applications

SSL
IPSec
application
User
transport
OS
network
link
NIC
physical
Networking Overview
97
IPSec and Complexity
IPSec is a complex protocol
 Over-engineered

o Lots of generally useless extra features

Flawed
o Some significant security issues

Interoperability is serious challenge
o Defeats the purpose of having a standard!
Complex
 Did I mention, it’s complex?

Networking Overview
98
IKE and ESP/AH
Two parts to IPSec
 IKE: Internet Key Exchange

o Mutual authentication
o Establish shared symmetric key
o Two “phases”

ESP/AH
 like SSL session/connection
o ESP: Encapsulating Security Payload
 for
encryption and/or integrity of IP packets
o AH: Authentication Header  integrity only
Networking Overview
99
IKE
Networking Overview
100
IKE

IKE has 2 phases
o Phase 1  IKE security association (SA)
o Phase 2  AH/ESP security association
Phase 1 is comparable to SSL session
 Phase 2 is comparable to SSL connection
 Not an obvious need for two phases in IKE
 If multiple Phase 2’s do not occur, then it
is more expensive to have two phases!

Networking Overview
101
IKE Phase 1

Four different “key” options
o
o
o
o

Public key encryption (original version)
Public key encryption (improved version)
Public key signature
Symmetric key
For each of these, two different “modes”
o Main mode
o Aggressive mode
There are 8 versions of IKE Phase 1!
 Evidence that IPSec is over-engineered?

Networking Overview
102
IKE Phase 1
 We
discuss 1 of 8 phase 1 variants
o Public key signatures
o Both main and aggressive modes
Networking Overview
103
IKE Phase 1

Uses ephemeral Diffie-Hellman to
establish session key
o Provides perfect forward secrecy (PFS)
Let a be Alice’s Diffie-Hellman exponent
 Let b be Bob’s Diffie-Hellman exponent
 Let g be generator and p prime
 Recall that p and g are public

Networking Overview
104
IKE Phase 1: Digital Signature
(Main Mode)
IC, CP
IC,RC, CS
IC,RC, ga mod p, RA
Alice





IC,RC, gb mod p, RB
IC,RC, E(“Alice”, proofA, K)
IC,RC, E(“Bob”, proofB, K)
Bob
CP = crypto proposed, CS = crypto selected
IC = initiator “cookie”, RC = responder “cookie”
K = h(IC,RC,gab mod p,RA,RB)
SKEYID = h(RA, RB, gab mod p)
proofA = [h(SKEYID,ga,gb,IC,RC,CP,“Alice”)]Alice
Networking Overview
105
IKE Phase 1: Public Key
Signature (Aggressive Mode)
IC, “Alice”, ga mod p, RA, CP
IC,RC, “Bob”, RB,
gb mod p, CS, proofB
Alice

IC,RC, proofA
Bob
Main difference from main mode
o Not trying to protect identities
o Cannot negotiate g or p
Networking Overview
106
Main vs Aggressive Modes
Main mode MUST be implemented
 Aggressive mode SHOULD be implemented

o In other words, if aggressive mode is not
implemented, “you should feel guilty about it”
Might create interoperability issues
 For public key signature authentication

o Passive attacker knows identities of Alice and
Bob in aggressive mode
o Active attacker can determine Alice’s and Bob’s
identity in main mode
Networking Overview
107
IPSec
After IKE Phase 1, we have an IKE SA
 After IKE Phase 2, we have an IPSec SA
 Both sides have a shared symmetric key
 Now what?

o We want to protect IP datagrams

But what is an IP datagram?
o From the perspective of IPSec…
Networking Overview
108
IP Review

IP datagram is of the form
IP header

data
Where IP header is
Networking Overview
109
IP and TCP
 Consider
HTTP traffic (over TCP)
 IP encapsulates TCP
 TCP encapsulates HTTP
IP header
data
IP header
TCP hdr HTTP hdr app data
 IP
data includes TCP header, etc.
Networking Overview
110
AH vs ESP

AH
o Authentication Header
o Integrity only (no confidentiality)
o Integrity-protect everything beyond IP header
and some fields of header (why not all fields?)

ESP
o
o
o
o
Encapsulating Security Payload
Integrity and confidentiality
Protects everything beyond IP header
Integrity-only by using NULL encryption
Networking Overview
111
ESP’s NULL Encryption

According to RFC 2410
o NULL encryption “is a block cipher the origins of which
o
o
o
o
o

appear to be lost in antiquity”
“Despite rumors”, there is no evidence that NSA
“suppressed publication of this algorithm”
Evidence suggests it was developed in Roman times as
exportable version of Caesar’s cipher
Can make use of keys of varying length
No IV is required
Null(P,K) = P for any P and any key K
Security people have a strange sense of humor!
Networking Overview
112
Why Does AH Exist? (1)

Cannot encrypt IP header
o Routers must look at the IP header
o IP addresses, TTL, etc.
o IP header exists to route packets!

AH protects immutable fields in IP header
o Cannot integrity protect all header fields
o TTL, for example, must change

ESP does not protect IP header at all
Networking Overview
113
Why Does AH Exist? (2)
ESP encrypts everything beyond the IP
header (if non-null encryption)
 If ESP encrypts, firewall cannot look at
TCP header (e.g., port numbers)
 Why not use ESP with null encryption?

o Firewall sees ESP header, but does not know
whether null encryption is used
o End systems know, but not firewalls
Aside 1: Do firewalls reduce security?
 Aside 2: Is IPSec compatible with NAT?

Networking Overview
114
Why Does AH Exist? (3)
 The
real reason why AH exists
o At one IETF meeting “someone from
Microsoft gave an impassioned speech
about how AH was useless…”
o “…everyone in the room looked around and
said `Hmm. He’s right, and we hate AH
also, but if it annoys Microsoft let’s leave
it in since we hate Microsoft more than we
hate AH.”
Networking Overview
115
IPSec
 Will
it save us?
o According to the author: “No!”
 Even
if universally implemented, many
problems remain
o E.g., software (need I say more?)
 But
it is step in the right direction
Networking Overview
116
Kerberos
Networking Overview
117
Kerberos

In Greek mythology, Kerberos is 3-headed
dog that guards entrance to Hades
o “Wouldn’t it make more sense to guard the exit?”

In security, Kerberos is an authentication
system based on symmetric key crypto
o Originated at MIT
o Based on work by Needham and Schroeder
o Relies on a trusted third party (TTP)
Networking Overview
118
Motivation for Kerberos

Authentication using public keys
o N users  N key pairs

Authentication using symmetric keys
o N users requires about N2 keys
Symmetric key case does not scale!
 Kerberos based on symmetric keys but only
requires N keys for N users

o But must rely on TTP
o Advantage is that no PKI is required
Networking Overview
119
Kerberos KDC

Kerberos Key Distribution Center or KDC
o Acts as a TTP
o TTP must not be compromised!
o KDC shares symmetric key KA with Alice, key KB
o
o
o
o
with Bob, key KC with Carol, etc.
Master key KKDC known only to KDC
KDC enables authentication and session keys
Keys for confidentiality and integrity
In practice, the crypto algorithm used is DES
Networking Overview
120
Kerberos Tickets
KDC issues a ticket containing info needed
to access a network resource
 KDC also issues ticket-granting tickets or
TGTs that are used to obtain tickets
 Each TGT contains

o Session key
o User’s ID
o Expiration time

Every TGT is encrypted with KKDC
o TGT can only be read by the KDC
Networking Overview
121
Kerberized Login
Alice enters her password…
 …then Alice’s workstation

o Derives KA from Alice’s password
o Uses KA to get TGT for Alice from the KDC
Alice can then use her TGT (credentials) to
securely access network resources
 Plus: Security is transparent to Alice
 Minus: KDC must be secure  it’s trusted!

Networking Overview
122
Kerberized Login
Alice wants
Alice’s
password
Alice
a TGT
E(SA,TGT,KA)
Computer
KDC
Key KA derived from Alice’s password
 KDC creates session key SA
 Workstation decrypts SA, TGT, forgets KA
 TGT = E(“Alice”,SA, KKDC)

Networking Overview
123
Alice Requests Ticket to Bob
I want to
talk to Bob
REQUEST
Talk to Bob
REPLY
Alice
Computer
KDC
REQUEST = (TGT, authenticator) where
authenticator = E(timestamp,SA)
 REPLY = E(“Bob”,KAB,ticket to Bob, SA)
 ticket to Bob = E(“Alice”,KAB,KB)
 KDC gets SA from TGT to verify timestamp

Networking Overview
124
Alice Uses Ticket to Bob
ticket to Bob, authenticator
E(timestamp + 1,KAB)
Alice’s
Computer
Bob
ticket to Bob = E(“Alice”,KAB, KB)
authenticator = E(timestamp, KAB)
 Bob decrypts “ticket to Bob” to get KAB which he
then uses to verify timestamp


Networking Overview
125
Kerberos
Session key SA used for authentication
 Can also be used for confidentiality/integrity
 Timestamps used for mutual authentication
 Recall that timestamps reduce number of
messages

o Acts like a nonce that is known to both sides
o Note: time is a security-critical parameter!
Networking Overview
126
Kerberos Questions

When Alice logs in, KDC sends E(SA,TGT,KA)
where TGT = E(“Alice”,SA,KKDC)
Q: Why is TGT encrypted with KA?
A: Extra work and no added security!
In Alice’s Kerberized login to Bob, why can
Alice remain anonymous?
 Why is “ticket to Bob” sent to Alice?
 Where is replay prevention in Kerberos?

Networking Overview
127
Kerberos Alternatives

Could have Alice’s workstation remember
password and use that for authentication
o Then no KDC required
o But hard to protect password on workstation
o Scaling problem

Could have KDC remember session key
instead of putting it in a TGT
o Then no need for TGTs
o But stateless KDC is big feature of Kerberos
Networking Overview
128
Kerberos Keys
In Kerberos, KA = h(Alice’s password)
 Could instead generate random KA and

o Compute Kh = h(Alice’s password)
o And workstation stores E(KA, Kh)
Then KA need not change (on workstation or
KDC) when Alice changes her password
 But E(KA, Kh) subject to password guessing
 This alternative approach is often used in
applications (but not in Kerberos)

Networking Overview
129
Kerberos Issues?
 What
if…
 Trudy gets Alice’s “credentials”?
o No problem!
o Credentials encrypted with KKDC
 Trudy
breaks into Alice’s machine?
o Session key SA is cached
o This breaks authentication
Networking Overview
130
Conclusion
 TCP/IP
very flexible
 TCP/IP not designed for security
o Highly hackable
 SSL,
IPSec, etc., help
o But many problems remain
Networking Overview
131
Summary
 TCP/IP,
OSI Ref. Model, Layers, …
 Protocols: TCP, UDP, IP, ICMP
 Ports, well-known ports
 TCP flags/control bits
 3-way handshake
 Unreliable Damn Protocol
Networking Overview
132
Summary
IP, IP addresses, fragments, etc.
 ICMP, “plumbing”
 Routing, NAT, Firewalls
 Ethernet, hub, switch, MAC address, ARP
 WLAN and 802.11
 PGP, SSH, S/MIME
 SSL and IPSec

Networking Overview
133
Related documents
Slide 1
Slide 1
Competencies for ITNW 2413.doc
Competencies for ITNW 2413.doc
A group of people sharing a common goal can achieve the impossible.
A group of people sharing a common goal can achieve the impossible.
Subject Description Form Subject Code EIE3333 Subject Title Data
Subject Description Form Subject Code EIE3333 Subject Title Data
What is marketing?
What is marketing?
MPF - ARTICLE - Generational Perspective Social Networking
MPF - ARTICLE - Generational Perspective Social Networking
iPods in the language classroom
iPods in the language classroom
Ch.8 Web 2.0 and Social Media
Ch.8 Web 2.0 and Social Media
CSCI 4550/8556 Computer Networks
CSCI 4550/8556 Computer Networks
Networking Vocabulary 2 Directions: 1. Go to Word. 2. Insert a Blank
Networking Vocabulary 2 Directions: 1. Go to Word. 2. Insert a Blank
PC Maintenance: Preparing for A+ Certification
PC Maintenance: Preparing for A+ Certification