* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Networking Overview
Computer security wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Network tap wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
TCP congestion control wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Internet protocol suite wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Networking Overview Networking Overview 1 TCP/IP TCP/IP == Transmission Control Protocol/Internet Protocol Almost ubiquitous protocol for communication over network Many other networking protocols o ATM, X.25, SS7, Sonet,… o But TCP/IP has taken over the world Networking Overview 2 TCP/IP Here, a brief overview of TCP/IP For more info, see, for example, o Computer Networks, Tanenbaum o Computer Networks and Internets, Comer o Computer Networking: A Top Down Approach Featuring the Internet, Kurose and Ross o TCP/IP Protocol Suite, Forouzan Networking Overview 3 Why TCP/IP? Almost everywhere Author developed payphone billing protocol in 1992 o Used X.25, later ported to SS7 o Today would almost certainly use TCP/IP TCP/IP makes the world “extremely hackable” Networking Overview 4 OSI Reference Model In 1980, ISO developed OSI o Computer communication over network Protocol layering o Breaks problem into small parts Modular o Layer provides service o Makes it easy, for to next higher example, to replace Ethernet with wireless Networking Overview 5 OSI Reference Model Layer 7 --- Application Layer o Links application to the communication channel Layer 6 --- Presentation Layer o How to represent bits for transmission Layer 5 --- Session Layer o Coordinate (multiple) sessions Layer 4 --- Transport Layer o Logical channel between systems Networking Overview 6 OSI Reference Model Layer 3 --- Network Layer o Move data from host-to-host, across network core (interconnected mesh of routers) Layer 2 --- Data Link Layer (or Link Layer) o Move data across one “hop” Layer 1 --- Physical Layer o Transmit bits across a physical link (fiber optic, copper cable, wireless, etc.) Note: Layers 7,6,5 often treated as one Networking Overview 7 TCP/IP, Our Hero Layers from TCP/IP’s perspective… Application Layer --- Program trying to communicate using TCP/IP o E.g., email servers, SSH client and server, etc Transport Layer --- Includes TCP and UDP o TCP provides reliable delivery o UDP is “bare bones” transport layer protocol Networking Overview 8 TCP/IP, Our Hero Network Layer --- Based on IP o Deliver packets from end-to-end o To be cool, you must say “layer 3” Data Link Layer --- One hop o “Layer 2” Physical Layer --- The physical media Networking Overview 9 TCP/IP Protocol Stack TCP/IP synonymous with transport layer and network layer (combined) For example… Networking Overview 10 Layering (Again) Each layer adds some info o Usually added to beginning, so called a header Networking Overview 11 Terminology Application layer packet Transport layer TCP segment (for example) Network layer IP datagram Data link/physical layer(s) frame We may use “packet” for all of these Networking Overview 12 TCP/IP Protocols: TCP, UDP, IP, ICMP o Defined in RFCs 791 thru 793 Developed for academic research o No thought of security o No confidentiality, integrity, authentication, … Networking Overview 13 TCP/IP and Security Originally, no security in TCP/IP o Any security provided by applications But TCP/IP retrofit for security o IPSec --- security at the “IP layer” o “Built in” security for applications o IPSec is a bloated and complex protocol Networking Overview 14 TCP TCP provides reliable delivery Most familiar apps use TCP o o o o o Web browsing (HTTP) Secure shell (SSH) File transfer (FTP) Email (SMTP, POP, IMAP) Etc., etc., etc. For most apps, TCP saves a lot of work Networking Overview 15 TCP Header Every TCP packet includes header Networking Overview 16 TCP Port Numbers Source port, destination port Server application “listens” on a port o 16-bit numbers o Tells which “door” to send data to o Source == outgoing “door”, etc. o Listening ports are open o Non-listening ports are closed Networking Overview 17 TCP Port Numbers Examples of well-known ports o o o o o o TCP port 21 --- FTP TCP port 22 --- SSH TCP port 23 --- telnet TCP port 25 --- SMTP TCP port 80 --- HTTP TCP port 6000 --- The X Window System (X11) Note these ports are used by convention o Could use 8080 for HTTP and not get arrested o But both client and server must know this Networking Overview 18 Ports Example Note that attackers want to know which ports (“doors”) are open Networking Overview 19 Ports To see which ports are in use o Locally, use netstat -na Networking Overview 20 TCP Control Bits Control bits or flags For “3-way handshake”, and other special things Networking Overview 21 TCP Control Bits Originally, 6 control bits o URG --- urgent data, give it priority (or not…) o ACK --- acknowledge earlier data o PSH --- push data thru now o RST --- reset the connection, due to error or an interruption (abnormal termination) o SYN --- synchronize sequence numbers o FIN --- no more data, so tear down connection Networking Overview 22 TCP Control Bits Two additional control bits o CWR --- congestion window reduced; due to network congestion, reduced window size o ECE --- explicit congestion notification echo; connection is experiencing congestion For congestion control issues Networking Overview 23 TCP 3-Way Handshake Used to establish TCP connection Note sequence numbers: ISNA and ISNB o ACK and SYN flag bits used here Networking Overview 24 TCP 3-Way Handshake Establishes “connection” Sequence numbers enable TCP to o Make sure all packets arrive o Make sure all packets delivered in order FIN bit used when session torn down RST used to end in “error” cases Networking Overview 25 Other Fields in TCP Header Data offset --- where the data begins Reserved --- reserved for future use (or for clever attackers…) Window --- controls number of outstanding packets; prevents one side from sending too fast (flow control) Checksum --- error detection (uses CRC) Networking Overview 26 Other Fields in TCP Header Urgent pointer --- if URG flag set, tells where the urgent data is located Options --- additional info (e.g., the max size of packet); variable size Padding --- used to make things line up on 32-bit boundaries Networking Overview 27 UDP UDP == User Datagram Protocol Minimal “no frills” transport protocol o Does minimum possible o “Connectionless” o No flow control, no congestion control, packets can be out of order, not arrive, … o UDP == Unreliable Damn Protocol Networking Overview 28 UDP Why use UDP? Low overhead o 8 byte header vs 20 bytes (or more) for TCP No congestion control/flow control o How can this be good? Networking Overview 29 Where is UDP Used? Streaming audio/video o Some packet loss is OK o Example: Real Player, UDP port 7070 Apps where low overhead is useful o Trivial FTP (TFTP), UDP port 69 o Simple Network Management Protocol (SNMP), UDP port 161 Networking Overview 30 FTP vs UDP Which is more secure? With UDP, more work for firewalls o Hard to track “connections” o Example: Slammer worm fit into one 376-byte UDP packet; got thru firewalls But neither TCP nor UDP offer any “real” security (confidentiality, etc.) Networking Overview 31 IP IP == Internet Protocol o Not “intellectual property” IP is the network layer protocol today o Mostly IPv4 o IPv6 used a little bit --- offers more addresses and more security o Here, we focus on IPv4 Networking Overview 32 IP Header Note that source and destination addresses each 32 bits Networking Overview 33 What is a Network? LAN == Local Area Network LANs are building blocks of networks LAN is bunch of computers connected together by hub, switch, wireless, … o No router between computers on a LAN Usually, Networking Overview small geographic area 34 What is a Network? LANs are connected by routers o Routers move packets between LANs Networking Overview 35 IP Addresses IP addresses are 32 bits Identify hosts (computers) on network Written in “dotted decimal” notation o Author calls it “dotted quad” notation Networking Overview 36 IP Addresses Every IP packet has source and destination IP addresses Every IP address has 2 parts o One part identifies the network (LAN) o One part identifies the specific host o Makes routing more efficient But which part is which? Networking Overview 37 Netmasks Leftmost bits are network part of address Netmask (subnet mask) often used o Uses “AND” operation Classless Inter-Domain Routing (CIDR) notation o 10.21.0.0/16 Networking Overview 38 Packet Fragmentation Link may accept packet of max length What if packet is too big? Fragmentation! o Router chops packet into pieces o Reassembled at destination o Fields in IP header identify fragments (and how to reassemble them) Networking Overview 39 Fragmentation Bits Don’t fragment bit o 0 == OK to fragment, 1 == don’t fragment More fragments bit o 0 == last fragment, 1 == more fragments Fragmentation opens door to attacks o Firewalls/IDS do not like fragments Networking Overview 40 Other Stuff in IP Header Version --- IPv4 or IPv6 Hlen --- total length of IP header Service Type --- for quality of service Total Length --- length of data and header Identification --- for fragment reassembly Flags --- don’t fragment, more fragments, … Fragmentation Offset --- how to reassemble fragments Networking Overview 41 Other Stuff in IP Header Time-to-Live (TTL) --- max number of “hops” remaining before packet dies Protocol --- TCP or UDP Header Checksum --- error detection in header (recomputed at each router) Source IP Address --- “from” Destination IP Address --- “to” Options --- e.g., “source routing” Padding --- pad length to multiple of 32 bits Networking Overview 42 ICMP Internet Control Message Protocol Like the “network plumber” o Host uses ICMP to see if another host is alive and responding o Router uses ICMP to tell source it does not know how to route a packet o Host can tell another host to stop sending data so fast, etc., etc. Networking Overview 43 ICMP Same packet format as IP o Protocol field is set to 1 Many ICMP message types o Common types listed on next 2 slides Networking Overview 44 ICMP Name (type number) --- explanation o Echo reply (0) --- response to ping o Destination unreachable (3) --- IP packet cannot be delivered (sent by router or host) o Source quench (4) --- slow down! o Redirect (5) --- send data to different router o Echo (8) --- ping (is system responding?) Networking Overview 45 ICMP Message, type number, explanation o Time Exceeded (11) --- TTL exceeded, or o o o o o problem reassembling fragments Parameter Problem (12) --- bad parameter Timestamp (13) --- request system’s time Timestamp Reply (14) --- send system time Information Request (15) --- used to determine which network a host is on Information Reply (16) --- network IP address Networking Overview 46 Routing Packets How routers get packets thru network o Like Little Red Riding Hood trying to find the best path to grandma’s house Dynamic routing protocols o RIP, OSPF, BGP o As if trees in the forest calculate best path and tell Red which way to go Networking Overview 47 Routing Packets Static routing protocols o Hard-coded routes o Red always has to go the same way Source routing o Source specifies route in packet o Step-by-step directions to Grandma’s house tattooed on Red’s forehead Networking Overview 48 NAT Network Address Translation Address-related problems o Not enough IP addresses to go around o Internal network uses “illegal” or unroutable (private) addresses Solutions: NAT o Gateway (i.e., router or firewall) “translates” addresses Networking Overview 49 NAT Outgoing --- gateway replaces internal address with valid IP address Incoming --- gateway replaces valid IP address with internal address Note that gateway must remember! Networking Overview 50 How to Implement NAT? Map single IP address o Every packet mapped to one IP address o Vary source port numbers o Port Address Translation (PAT) One-to-one mapping o Internal address mapped to unique IP address Dynamically allocate addresses o Multiplex internal addresses to IP addresses o Not as popular as other 2 approaches Networking Overview 51 NAT and Security NAT hides internal IP addresses o Might be harder for attacker to map network topology NAT of limited security value o Attacker could take over NAT device o Attacker could let NAT do its job and attack internal network o Some argue NAT harms security (IPSec) Networking Overview 52 Firewalls: Pick Your Analogy Network “traffic cop” Network “soccer goalie” Networking Overview 53 Firewalls Filter based on… o Services, addresses, data, etc., etc. May o o o o be used to protect… Your network from Internet Your network from partner’s network Your network from your network Internet from your network Networking Overview 54 Firewalls Attacker: Networking Overview “kick ball” past goalie… 55 Firewalls Three types of firewalls o Packet filter (network layer) o Stateful packet filter (transport layer) o Proxy-based firewall (application layer) All firewalls one of these types o In spite of marketing… Also, Intrusion Prevention Systems (IPS) o Not quite the same as firewall Networking Overview 56 Packet Filter Filter each packet individually o No concept of state Can filter based on… o o o o o o Source/destination IP address Source/destination port (application specific) TCP control bits (SYN, ACK, etc.) Protocol (e.g., allow TCP, deny UDP) Direction (incoming, outgoing) Interface (trusted or untrusted network) Networking Overview 57 Packet Filter Access control list (ACL), e.g., Protocol Flag Bits 80 HTTP Any 80 > 1023 HTTP ACK All All All All Action Source IP Dest IP Source Port Allow Inside Outside Any Allow Outside Inside Deny All All Start Dest Port at top and work down the list o What do 1st, 2nd, 3rd lines do? Networking Overview 58 Packet Filter Disadvantage: very limited view Consider ACL on previous slide o Easy to kick ball past this goalie o E.g., ACK scan Even worse with UDP o No flag bits Advantages: Networking Overview speed and simplicity 59 Stateful Packet Filter Improve packet filter by adding state o State == remember something (packets) Remember each active connection o State table: info on active connections o Time out, typically, after 10 to 90 seconds o Can see how/if new packet fits into ongoing connection o For example, ACK must be preceeded by SYN Networking Overview 60 Stateful Packet Filter With packet filter With stateful packet filter o Attacker can “ACK scan” for open ports o Send ACK packets with no prior SYN o ACK scan fails o Packets dropped since no prior SYN Can also remember UDP “connections” Networking Overview 61 Stateful Packet Filter Advantage: Much stronger than packet filter Disadvantage: More work o Often implemented in custom hardware, so speeds can be competitive Still lacks a complete view… Networking Overview 62 Proxy Proxy --- acts on your behalf Analogy… o o o o o Student calls me at home late at night My wife answers the phone She tells me a student called Me: “Tell that $&^# to get lost!” My wife: “He’s busy, can I take a msg?” Networking Overview 63 Proxy Another o o o o analogy… Telemarketer calls me at home My wife answers the phone She tells them to go away… …without informing me of the call My wife is acting as my proxy Proxy firewall is similar Networking Overview 64 Proxy-Based Firewall Proxy can look at complete picture o Everything packet filter sees o Everything stateful packet filter sees o Plus application level info --- can verify that protocols are followed, data is free of malware, etc., etc. May cache info for efficiency Networking Overview 65 Proxy-Based Firewall Advantage: complete view Disadvantage: speed, computing power o May limit amount of traffic it can handle, more expensive hardware, more complex, etc. Networking Overview 66 IPS Intrusion Prevention System (IPS) o Similar to, but not quite a firewall Analyze network traffic in real time Attack signatures/suspicious behavior o Signatures/anomaly detection Firewall does not do this Can block suspicious communications Networking Overview 67 Best Firewall? Try to get best from each technology Networking Overview 68 Data Link Layer Not part of TCP/IP o But it is a source of attacks Data Link Layer o Move packets across one “hop”, LAN to router, router to router, etc. o Lives in Network Interface Card (NIC) o Ethernet, 802.11 (wireless), etc. Networking Overview 69 Ethernet Ethernet is “king of the Link Layer” Ethernet used on shared media o Resource contention Media Access Control (MAC) addresses o 48 bits, globally unique o Of form AA:BB:CC:DD:EE:FF (or “.” for “:”) o IP address is like street address, MAC address like social security number o Aside: Why not use IP address for everything? Networking Overview 70 ARP Address Resolution Protocol (ARP) o MAC address for LAN, IP address for network ARP is used to find MAC address, given the IP address o Broadcast IP address o Whoever has it, responds with MAC address o Response is cached (for efficiency) Networking Overview 71 ARP ARP only applies on same LAN ARP is stateless Networking Overview 72 Hubs and Switches Both used on LAN Hub is simple/dumb device o Broadcast to all interfaces o Simple, but wastes bandwidth Switch is smarter o Only sends data to a specific interface o Reduces bandwidth usage Networking Overview 73 Hubs and Switches Hub o Simple o Wasteful Switch o Complex o Saves bandwidth Networking Overview 74 Switches Switch stores MAC address locations o Content Addressable Memory (CAM) Table o o o o determined automatically At first switch acts like hub Then looks at MAC addresses Uses this info to fill in table This all happens automatically Networking Overview 75 Switch Networking Overview 76 Wireless LAN 802.11 is king of WLAN Wireless security is difficult o Often not secured, rogue access points, … LAN usually has little or no security o Maybe OK if physical access required o But WLAN changes all of that… o WLAN is good news for Trudy and Eve Networking Overview 77 WLAN Regular LAN attacks work on WLAN Physical access not required! Makes hackable network more so Great news for Trudy and Eve! o Cell phones and other wireless technology promise even more hacks Networking Overview 78 802.11 802.11 --- 1997 @ 2Mbps 802.11a --- 1999 @ 54Mbps o Not used much, since came out at same time as 802.11b, and 802.11b is cheaper 802.11b --- 1999 @ 11Mbps o Speed similar to traditional Ethernet 802.11g --- 2003 @ 54Mbps o Popular, combines best of 802.11a and 802.11b Networking Overview 79 802.11 802.11i --- 2004 o Real security o Strong encryption (AES) o Strong key exchange (TKIP) Much stronger than WEP o WEP: “swiss cheese” of security protocols o WEP: no integrity, poor encryption, etc. Networking Overview 80 WEP According to Tanenbaum: o “The 802.11 standard prescribes a data link- level security protocol called WEP (Wired Equivalent Privacy), which is designed to make the security of a wireless LAN as good as that of a wired LAN. Since the default for a wired LAN is no security at all, this goal is easy to achieve, and WEP achieves it as we shall see.” Networking Overview 81 Security on the Internet TCP/IP provides no security Must retrofit Internet for security Application layer o PGP, S/MIME, SSH, … “Socket layer” o SSL/TLS (really part of application layer) Network layer o IPSec Networking Overview 82 Application Layer Security Pretty Good Privacy (PGP) o Developed by Phil Zimmerman o No backdoor? “We don’t hire that kind of person” Secure/Multipurpose Internet Mail Extensions (S/MIME) o Secure email Secure Shell (SSH) o Secure “tunnel” for remote access Networking Overview 83 SSL Secure Socket Layer (SSL) o Developed for Web, HTTP o Can be used anywhere o Elegant security protocol Transport Layer Security (TLS) o Same, but incompatible Networking Overview 84 SSL Authentication, confidentiality, integrity You use SSL all the time o Whenever “lock” (or “key”) appears in browser o HTTPS == HTTP with SSL Secure transactions on Internet Networking Overview 85 SSL Not quite the same as in CS166 or CS265… Networking Overview 86 SSL Networking Overview 87 A Note on Notation E(X,K) == encrypt X with symmetric key K o Key is known to sender and receiver o And nobody else {X}Alice == encrypt X with Alice’s public key o Key know to everybody o Can only be decrypted with Alice’s private key o Alice’s private key known only to Alice Networking Overview 88 Notation h(X) == cryptographic hash function o Provides “fingerprint” of X o Compresses data Certificate o Contains (at least) public key, name o Signed by a Certificate Authority (CA) o CA vouches that corresponding private key belongs to “name” in certificate o Anyone can verify signature (public key) Networking Overview 89 Simple SSL-like Protocol I’d like to talk to you securely Here’s my certificate {KAB}Bob Alice protected HTTP Bob Is Alice sure she’s talking to Bob? Is Bob sure he’s talking to Alice? Networking Overview 90 Simplified SSL Protocol Can we talk?, cipher list, RA certificate, cipher, RB {S}Bob, E(h(msgs,CLNT,K),K) Alice h(msgs,SRVR,K) Data protected with key K Bob S is pre-master secret K = h(S,RA,RB) msgs = all previous messages CLNT and SRVR are constants Networking Overview 91 SSL Authentication Alice authenticates Bob, not vice-versa o How does client authenticate server? o Why does server not authenticate client? Mutual authentication is possible: Bob sends certificate request in message 2 o This requires client to have certificate o If server wants to authenticate client, server could instead require (encrypted) password Networking Overview 92 SSL MiM Attack RA certificateT, RB Alice {S1}Trudy,E(X1,K1) h(Y1,K1) E(data,K1) RA certificateB, RB Trudy {S2}Bob,E(X2,K2) h(Y2,K2) E(data,K2) Bob Q: What prevents this MiM attack? A: Bob’s certificate must be signed by a certificate authority (such as Verisign) What does browser do if signature not valid? What does user do if signature is not valid? Networking Overview 93 SSL vs IPSec IPSec discussed next o Lives at the network layer (part of the OS) o Has encryption, integrity, authentication, etc. o Is overly complex (including serious flaws) SSL (and IEEE standard known as TLS) o Lives at socket layer (part of user space) o Has encryption, integrity, authentication, etc. o Has a simpler specification Networking Overview 94 SSL vs IPSec IPSec implementation o Requires changes to OS, but no changes to applications SSL implementation o Requires changes to applications, but no changes to OS SSL built into Web application early on (Netscape) IPSec used in VPN applications (secure tunnel) Reluctance to retrofit applications for SSL Reluctance to use IPSec due to complexity and interoperability issues Result? Internet less secure than it should be! Networking Overview 95 IPSec Networking Overview 96 IPSec and SSL IPSec lives at the network layer IPSec is transparent to applications SSL IPSec application User transport OS network link NIC physical Networking Overview 97 IPSec and Complexity IPSec is a complex protocol Over-engineered o Lots of generally useless extra features Flawed o Some significant security issues Interoperability is serious challenge o Defeats the purpose of having a standard! Complex Did I mention, it’s complex? Networking Overview 98 IKE and ESP/AH Two parts to IPSec IKE: Internet Key Exchange o Mutual authentication o Establish shared symmetric key o Two “phases” ESP/AH like SSL session/connection o ESP: Encapsulating Security Payload for encryption and/or integrity of IP packets o AH: Authentication Header integrity only Networking Overview 99 IKE Networking Overview 100 IKE IKE has 2 phases o Phase 1 IKE security association (SA) o Phase 2 AH/ESP security association Phase 1 is comparable to SSL session Phase 2 is comparable to SSL connection Not an obvious need for two phases in IKE If multiple Phase 2’s do not occur, then it is more expensive to have two phases! Networking Overview 101 IKE Phase 1 Four different “key” options o o o o Public key encryption (original version) Public key encryption (improved version) Public key signature Symmetric key For each of these, two different “modes” o Main mode o Aggressive mode There are 8 versions of IKE Phase 1! Evidence that IPSec is over-engineered? Networking Overview 102 IKE Phase 1 We discuss 1 of 8 phase 1 variants o Public key signatures o Both main and aggressive modes Networking Overview 103 IKE Phase 1 Uses ephemeral Diffie-Hellman to establish session key o Provides perfect forward secrecy (PFS) Let a be Alice’s Diffie-Hellman exponent Let b be Bob’s Diffie-Hellman exponent Let g be generator and p prime Recall that p and g are public Networking Overview 104 IKE Phase 1: Digital Signature (Main Mode) IC, CP IC,RC, CS IC,RC, ga mod p, RA Alice IC,RC, gb mod p, RB IC,RC, E(“Alice”, proofA, K) IC,RC, E(“Bob”, proofB, K) Bob CP = crypto proposed, CS = crypto selected IC = initiator “cookie”, RC = responder “cookie” K = h(IC,RC,gab mod p,RA,RB) SKEYID = h(RA, RB, gab mod p) proofA = [h(SKEYID,ga,gb,IC,RC,CP,“Alice”)]Alice Networking Overview 105 IKE Phase 1: Public Key Signature (Aggressive Mode) IC, “Alice”, ga mod p, RA, CP IC,RC, “Bob”, RB, gb mod p, CS, proofB Alice IC,RC, proofA Bob Main difference from main mode o Not trying to protect identities o Cannot negotiate g or p Networking Overview 106 Main vs Aggressive Modes Main mode MUST be implemented Aggressive mode SHOULD be implemented o In other words, if aggressive mode is not implemented, “you should feel guilty about it” Might create interoperability issues For public key signature authentication o Passive attacker knows identities of Alice and Bob in aggressive mode o Active attacker can determine Alice’s and Bob’s identity in main mode Networking Overview 107 IPSec After IKE Phase 1, we have an IKE SA After IKE Phase 2, we have an IPSec SA Both sides have a shared symmetric key Now what? o We want to protect IP datagrams But what is an IP datagram? o From the perspective of IPSec… Networking Overview 108 IP Review IP datagram is of the form IP header data Where IP header is Networking Overview 109 IP and TCP Consider HTTP traffic (over TCP) IP encapsulates TCP TCP encapsulates HTTP IP header data IP header TCP hdr HTTP hdr app data IP data includes TCP header, etc. Networking Overview 110 AH vs ESP AH o Authentication Header o Integrity only (no confidentiality) o Integrity-protect everything beyond IP header and some fields of header (why not all fields?) ESP o o o o Encapsulating Security Payload Integrity and confidentiality Protects everything beyond IP header Integrity-only by using NULL encryption Networking Overview 111 ESP’s NULL Encryption According to RFC 2410 o NULL encryption “is a block cipher the origins of which o o o o o appear to be lost in antiquity” “Despite rumors”, there is no evidence that NSA “suppressed publication of this algorithm” Evidence suggests it was developed in Roman times as exportable version of Caesar’s cipher Can make use of keys of varying length No IV is required Null(P,K) = P for any P and any key K Security people have a strange sense of humor! Networking Overview 112 Why Does AH Exist? (1) Cannot encrypt IP header o Routers must look at the IP header o IP addresses, TTL, etc. o IP header exists to route packets! AH protects immutable fields in IP header o Cannot integrity protect all header fields o TTL, for example, must change ESP does not protect IP header at all Networking Overview 113 Why Does AH Exist? (2) ESP encrypts everything beyond the IP header (if non-null encryption) If ESP encrypts, firewall cannot look at TCP header (e.g., port numbers) Why not use ESP with null encryption? o Firewall sees ESP header, but does not know whether null encryption is used o End systems know, but not firewalls Aside 1: Do firewalls reduce security? Aside 2: Is IPSec compatible with NAT? Networking Overview 114 Why Does AH Exist? (3) The real reason why AH exists o At one IETF meeting “someone from Microsoft gave an impassioned speech about how AH was useless…” o “…everyone in the room looked around and said `Hmm. He’s right, and we hate AH also, but if it annoys Microsoft let’s leave it in since we hate Microsoft more than we hate AH.” Networking Overview 115 IPSec Will it save us? o According to the author: “No!” Even if universally implemented, many problems remain o E.g., software (need I say more?) But it is step in the right direction Networking Overview 116 Kerberos Networking Overview 117 Kerberos In Greek mythology, Kerberos is 3-headed dog that guards entrance to Hades o “Wouldn’t it make more sense to guard the exit?” In security, Kerberos is an authentication system based on symmetric key crypto o Originated at MIT o Based on work by Needham and Schroeder o Relies on a trusted third party (TTP) Networking Overview 118 Motivation for Kerberos Authentication using public keys o N users N key pairs Authentication using symmetric keys o N users requires about N2 keys Symmetric key case does not scale! Kerberos based on symmetric keys but only requires N keys for N users o But must rely on TTP o Advantage is that no PKI is required Networking Overview 119 Kerberos KDC Kerberos Key Distribution Center or KDC o Acts as a TTP o TTP must not be compromised! o KDC shares symmetric key KA with Alice, key KB o o o o with Bob, key KC with Carol, etc. Master key KKDC known only to KDC KDC enables authentication and session keys Keys for confidentiality and integrity In practice, the crypto algorithm used is DES Networking Overview 120 Kerberos Tickets KDC issues a ticket containing info needed to access a network resource KDC also issues ticket-granting tickets or TGTs that are used to obtain tickets Each TGT contains o Session key o User’s ID o Expiration time Every TGT is encrypted with KKDC o TGT can only be read by the KDC Networking Overview 121 Kerberized Login Alice enters her password… …then Alice’s workstation o Derives KA from Alice’s password o Uses KA to get TGT for Alice from the KDC Alice can then use her TGT (credentials) to securely access network resources Plus: Security is transparent to Alice Minus: KDC must be secure it’s trusted! Networking Overview 122 Kerberized Login Alice wants Alice’s password Alice a TGT E(SA,TGT,KA) Computer KDC Key KA derived from Alice’s password KDC creates session key SA Workstation decrypts SA, TGT, forgets KA TGT = E(“Alice”,SA, KKDC) Networking Overview 123 Alice Requests Ticket to Bob I want to talk to Bob REQUEST Talk to Bob REPLY Alice Computer KDC REQUEST = (TGT, authenticator) where authenticator = E(timestamp,SA) REPLY = E(“Bob”,KAB,ticket to Bob, SA) ticket to Bob = E(“Alice”,KAB,KB) KDC gets SA from TGT to verify timestamp Networking Overview 124 Alice Uses Ticket to Bob ticket to Bob, authenticator E(timestamp + 1,KAB) Alice’s Computer Bob ticket to Bob = E(“Alice”,KAB, KB) authenticator = E(timestamp, KAB) Bob decrypts “ticket to Bob” to get KAB which he then uses to verify timestamp Networking Overview 125 Kerberos Session key SA used for authentication Can also be used for confidentiality/integrity Timestamps used for mutual authentication Recall that timestamps reduce number of messages o Acts like a nonce that is known to both sides o Note: time is a security-critical parameter! Networking Overview 126 Kerberos Questions When Alice logs in, KDC sends E(SA,TGT,KA) where TGT = E(“Alice”,SA,KKDC) Q: Why is TGT encrypted with KA? A: Extra work and no added security! In Alice’s Kerberized login to Bob, why can Alice remain anonymous? Why is “ticket to Bob” sent to Alice? Where is replay prevention in Kerberos? Networking Overview 127 Kerberos Alternatives Could have Alice’s workstation remember password and use that for authentication o Then no KDC required o But hard to protect password on workstation o Scaling problem Could have KDC remember session key instead of putting it in a TGT o Then no need for TGTs o But stateless KDC is big feature of Kerberos Networking Overview 128 Kerberos Keys In Kerberos, KA = h(Alice’s password) Could instead generate random KA and o Compute Kh = h(Alice’s password) o And workstation stores E(KA, Kh) Then KA need not change (on workstation or KDC) when Alice changes her password But E(KA, Kh) subject to password guessing This alternative approach is often used in applications (but not in Kerberos) Networking Overview 129 Kerberos Issues? What if… Trudy gets Alice’s “credentials”? o No problem! o Credentials encrypted with KKDC Trudy breaks into Alice’s machine? o Session key SA is cached o This breaks authentication Networking Overview 130 Conclusion TCP/IP very flexible TCP/IP not designed for security o Highly hackable SSL, IPSec, etc., help o But many problems remain Networking Overview 131 Summary TCP/IP, OSI Ref. Model, Layers, … Protocols: TCP, UDP, IP, ICMP Ports, well-known ports TCP flags/control bits 3-way handshake Unreliable Damn Protocol Networking Overview 132 Summary IP, IP addresses, fragments, etc. ICMP, “plumbing” Routing, NAT, Firewalls Ethernet, hub, switch, MAC address, ARP WLAN and 802.11 PGP, SSH, S/MIME SSL and IPSec Networking Overview 133