Download Lecture3

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts

Computer security wikipedia , lookup

AppleTalk wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Deep packet inspection wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Server Message Block wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wireless security wikipedia , lookup

Internet protocol suite wikipedia , lookup

Lag wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Real-Time Messaging Protocol wikipedia , lookup

Transcript 
Working Connection
Computer and Network Security
- SSL, IPsec, Firewalls –
(Chapter 17, 18, 19, and 23)
So far, we talked about
Basic Techniques of Security…
• Those are used in many different
security scenarios
– Secure email
– Secure transport (SSL)
– IPsec
Secure e-mail
• Alice wants to send secret e-mail message, m, to Bob.
• generates random symmetric private key, KS.
• encrypts message with KS
• also encrypts KS with Bob’s public key.
• sends both KS(m) and eB(KS) to Bob.
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
Note: Alice uses both her private key, Bob’s public key.
Secure Sockets Layer (SSL)
• SSL developed by Netscape Communications
– Operates on top of TCP
– Provides secure connections
• HTTP, FTP, telnet, …
– Electronic ordering & payment; e-mail
– SSL 3.0 submitted to IETF for standardization
• TLS standardized by IETF (RFC 2246)
– Slight differences with SSL 3.0
– www.ietf.org/html.charters/tls-charter.html
Secure sockets layer (SSL)
• SSL works at transport
• Server authentication:
layer. Provides security
– SSL-enabled browser
includes public keys for
to any TCP-based app
trusted CAs.
using SSL services.
– Browser requests server
• SSL: used between
certificate, issued by
WWW browsers, servers
trusted CA.
for I-commerce (shttp).
– Browser uses CA’s public
key to extract server’s
• SSL security services:
– server authentication
– data encryption
– client authentication
(optional)
public key from
certificate.
SSL (continued)
Encrypted SSL session:
• Browser generates symmetric
session key, encrypts it with
server’s public key, sends
encrypted key to server.
• Using its private key, server
decrypts session key.
• Browser, server agree that
future msgs will be
encrypted.
• All data sent into TCP socket
(by client or server) i
encrypted with session key.
• SSL: basis of IETF
Transport Layer
Security (TLS).
• Client authentication
can be done with client
certificates.
Transport Layer Security (TLS)
Handshake Change cipher
Protocol
spec Protocol
Alert
Protocol
HTTP
Protocol
TLS Record Protocol
TCP
IP
• TLS protocols operate at two layers
• TLS Record Protocol operates on top of TCP
• Protocols on top of TLS Record Protocol
– TLS Handshake Protocol
– TLS Change Cipher Specification Protocol
– TLS Alert Protocol
TLS Record Protocol
• TLS Record protocol provides
– Privacy service through secret key encryption
• Encryption algorithm is negotiated at session setup
• Secret keys generated per connection using another
protocol such as Handshake protocol
– Reliability service through keyed message
authentication code
• Hash algorithm negotiated at session setup
• Operates without hash only during session
negotiation
TLS Handshake Protocol
• TLS Handshake protocol used by client & server
– Negotiate protocol version, encryption algorithm, key
generation method
– Can authenticate each other using public key algorithm
– Client & server establish a shared secret
– Multiple secure connections can be set up after session
setup
• Session specified by following parameters
–
–
–
–
–
Session Identifier: byte sequence selected by server
Peer Certificate: certificate of peer
Compression method: used prior to encryption
Cipher spec: encryption & message authentication code
Master Secret: 48-byte secret shared by client &
server
– Is resumable?: flag indicating if new connections can be
initiated
TLS Handshake Process
Client
TLS Record protocol initially specifies no
compression or encryption
Request connection
Includes:
Version #; Time & date;
Session ID (if resuming);
Ciphersuite (combinations
of key exchange, encryption, MAC,
compression)
ClientHello
* Optional messages
Server
Send ServerHello if there is
acceptable Ciphersuite
combination; else, send
failure alert & close
connection.
ServerHello includes:
New CipherSpec pending
ServerHello
May contain public key
Certificate*
Compute shared key
ServerKeyExchange*
ServerHelloDone
Version #; Random number;
Session ID ; Ciphersuite &
compression selections
Server Certificate
Server part of key exchange:
Diffie-Hellman, gx;; RSA, public key
Server part of handshake done
Handshake Protocol continued
Client
Client’s part of key agreement:
Diffie-Hellman gy; RSA, random #s
Server
ClientKeyExchange
Change Cipher protocol
[ChangeCipherSpec]
message notifies server that
subsequent records protected
under new CipherSpec & keys
Hash using new CipherSpec;
allows server to verify change
in Cipherspec
Finished
Compute shared key
Server changes CipherSpec
Verify CipherSpec
Handshake Protocol completion
Client
Client changes CipherSpec
Client verifies new
CipherSpec
Server
[ChangeCipherSpec]
Finished
Notify client that subsequent
records protected under new
CipherSpec & keys
Hash using new CipherSpec;
Application Data
TLS Record protocol encapsulates application-layer
messages
• Privacy through secret key cryptography
• Reliability through MAC
• Fragmentation of application messages into blocks for
compression/encryption
• Decompression/Decryption/Verification/Reassembly
TLS Handshake with Client
Authentication
Client
ClientHello
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest
ServerHelloDone
Client sends suitable
certificate
Certificate*
ClientKeyExchange
Client prepares digital
signature based on
messages sent using its
private key
CertificateVerify*
[ChangeCipherSpec]
Finished
[ChangeCipherSpec]
Finished
Application Data
Server
Server requests certificate if
client needs to be
authenticated
If server finds certificate
unacceptable; server can
send fatal failure alert
message & close connection
Server verifies client has
private key
IP Security (IPsec)
•
•
•
•
•
.
IPsec defined
in RFCs 2401, 2402, 2406
Provides authentication, integrity, confidentiality, and
access control at the IP layer
Provides a key management protocol to provide
automatic key distribution techniques.
Security service can be provided between a pair of
communication nodes, where the node can be a host or a
gateway (router or firewall).
Two protocols & two modes to provide traffic security:
- Authentication Header and Encapsulating Security Payload
- Transport mode or tunnel mode
IPsec: Network Layer Security
• Network-layer secrecy:
– sending host encrypts the
data in IP datagram
– TCP and UDP segments; ICMP
and SNMP messages.
• Network-layer authentication
– destination host can
authenticate source IP
address
• Two principle protocols:
– authentication header (AH)
protocol
– encapsulation security payload
(ESP) protocol
• For both AH and ESP,
source, destination
handshake:
– create network-layer
logical channel called a
security association (SA)
• Each SA unidirectional.
• Uniquely determined by:
– security protocol (AH or
ESP)
– source IP address
– 32-bit connection ID
IPsec Protocol Stack
• IPsec puts the two main
protocols in between IP and
the other protocols
– AH - authentication header
- ESP - encapsulating security
payload
• Tunnel vs. transport?
• Other function provided by
external protocols and
architectures
– Key Management/authentication
– Policy
IPsec Protocol Suite
IPsec: Packet Handling
Security Association
• A Security Association (SA) is a logical simplex
connection between two network-layer entities
• Two SA’s required for bidirectional secure
communication
• SA is specified by
–
–
–
–
–
A unique identifier
Security services to be used
Cryptographic algorithms to be used
How shared keys will be established
Other attributes such as lifetime
• SA negotiated before security service begins
Integrity & Authentication Service
• Integrity can be ascertained by sending a
cryptographic checksum or hash of message
• Authentication also provided if hash covers:
– Shared secret key, sender’s identity & message
– Fields that are changed while packet traverses
Internet are set to zero in calculation of hash
• To protect against replay attacks, message
should carry a sequence number that is
covered by the hash
– Receiver accepts a packet only once
– Receiver maintains a window of packets it accepts
• Receiver recalculates hash and compares to
hash in received packet
Authentication Header (AH) Protocol
• Provides source host
authentication, data
integrity, but not secrecy.
• AH header inserted between
IP header and IP data field.
• Protocol field = 51.
• Intermediate routers
process datagrams as usual.
AH header includes:
• connection identifier
• authentication data: signed
message digest, calculated
over original IP datagram,
providing source
authentication, data
integrity.
• Next header field:
specifies type of data (TCP,
UDP, ICMP, etc.)
ESP Protocol
• Provides secrecy, host
authentication, data
integrity.
• Data, ESP trailer
encrypted.
• Next header field is in
ESP trailer.
• ESP authentication
field is similar to AH
authentication field.
• Protocol = 50.
IPsec: Tunnel vs. Transport mode
• Tunnel mode is most commonly used between
gateways, or at an end-station to a gateway,
the gateway acting as a proxy for the hosts
behind it.
• Transport mode is used between endstations or between an end-station and a
gateway, if the gateway is being treated as a
host—for example, an encrypted Telnet
session from a workstation to a router, in
which the router is the actual destination.
AH
ESP
Internet Key Exchange (IKE)
• Built on of ISAKMP framework
• Two phase protocol used to establish
parameters and keys for session
– Phase 1: negotiate parameters, authenticate
peers, establish secure channel
– Phase 2: Establish a security association (SA)
• The details are unimaginably complex
• The SA defines algorithms, keys, and policy
used to secure the session
Gateway-to-Gateway
Internet
A
B
• Computers A and B have gateways interposed between
their internal network and Internet
• Gateway can be a firewall
– Controls external access to internal network
– Packet filtering according to various header fields
• IP addresses, port numbers, ICMP types, fields within payload
• Secure tunnels can be established between gateways
– All internal information including headers can be encrypted
Remote user to Gateway
Internet
• Mobile host needs access to internal network
• Gateway must provide user with access while barring
intruders from accessing internal network
• May also need to protect identity of mobile user
• IP-address of mobile user changes
Firewall Options
• Firewalls can operate at different layers
– IP-layer filtering cannot operate on payload contents
• Circuit-Level Gateways
– Direct client-to-server TCP connections not allowed
– Relays TCP segments between actual client & actual
server
• Application-Level Gateways or Proxies
– Interposed between actual client and actual server
– Performs authentication and determines what features
are available to client
– Monitors, filters & relays messages
Related documents
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Java SE Security
Java SE Security
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Protocol Overview
Protocol Overview
Protocol Overview
Protocol Overview
Lecture 9: Communication Security
Lecture 9: Communication Security
Rocket® Blue Zone Security Server
Rocket® Blue Zone Security Server
Slides for lecture 26
Slides for lecture 26
William Stallings, Cryptography and Network Security 4/e
William Stallings, Cryptography and Network Security 4/e
Slide 1
Slide 1
N - Hakan Tolgay
N - Hakan Tolgay