* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lecture3
Survey
Document related concepts
Computer security wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Deep packet inspection wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Server Message Block wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wireless security wikipedia , lookup
Internet protocol suite wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Transcript
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23) So far, we talked about Basic Techniques of Security… • Those are used in many different security scenarios – Secure email – Secure transport (SSL) – IPsec Secure e-mail • Alice wants to send secret e-mail message, m, to Bob. • generates random symmetric private key, KS. • encrypts message with KS • also encrypts KS with Bob’s public key. • sends both KS(m) and eB(KS) to Bob. Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice digitally signs message. • sends both message (in the clear) and digital signature. Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Note: Alice uses both her private key, Bob’s public key. Secure Sockets Layer (SSL) • SSL developed by Netscape Communications – Operates on top of TCP – Provides secure connections • HTTP, FTP, telnet, … – Electronic ordering & payment; e-mail – SSL 3.0 submitted to IETF for standardization • TLS standardized by IETF (RFC 2246) – Slight differences with SSL 3.0 – www.ietf.org/html.charters/tls-charter.html Secure sockets layer (SSL) • SSL works at transport • Server authentication: layer. Provides security – SSL-enabled browser includes public keys for to any TCP-based app trusted CAs. using SSL services. – Browser requests server • SSL: used between certificate, issued by WWW browsers, servers trusted CA. for I-commerce (shttp). – Browser uses CA’s public key to extract server’s • SSL security services: – server authentication – data encryption – client authentication (optional) public key from certificate. SSL (continued) Encrypted SSL session: • Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. • Using its private key, server decrypts session key. • Browser, server agree that future msgs will be encrypted. • All data sent into TCP socket (by client or server) i encrypted with session key. • SSL: basis of IETF Transport Layer Security (TLS). • Client authentication can be done with client certificates. Transport Layer Security (TLS) Handshake Change cipher Protocol spec Protocol Alert Protocol HTTP Protocol TLS Record Protocol TCP IP • TLS protocols operate at two layers • TLS Record Protocol operates on top of TCP • Protocols on top of TLS Record Protocol – TLS Handshake Protocol – TLS Change Cipher Specification Protocol – TLS Alert Protocol TLS Record Protocol • TLS Record protocol provides – Privacy service through secret key encryption • Encryption algorithm is negotiated at session setup • Secret keys generated per connection using another protocol such as Handshake protocol – Reliability service through keyed message authentication code • Hash algorithm negotiated at session setup • Operates without hash only during session negotiation TLS Handshake Protocol • TLS Handshake protocol used by client & server – Negotiate protocol version, encryption algorithm, key generation method – Can authenticate each other using public key algorithm – Client & server establish a shared secret – Multiple secure connections can be set up after session setup • Session specified by following parameters – – – – – Session Identifier: byte sequence selected by server Peer Certificate: certificate of peer Compression method: used prior to encryption Cipher spec: encryption & message authentication code Master Secret: 48-byte secret shared by client & server – Is resumable?: flag indicating if new connections can be initiated TLS Handshake Process Client TLS Record protocol initially specifies no compression or encryption Request connection Includes: Version #; Time & date; Session ID (if resuming); Ciphersuite (combinations of key exchange, encryption, MAC, compression) ClientHello * Optional messages Server Send ServerHello if there is acceptable Ciphersuite combination; else, send failure alert & close connection. ServerHello includes: New CipherSpec pending ServerHello May contain public key Certificate* Compute shared key ServerKeyExchange* ServerHelloDone Version #; Random number; Session ID ; Ciphersuite & compression selections Server Certificate Server part of key exchange: Diffie-Hellman, gx;; RSA, public key Server part of handshake done Handshake Protocol continued Client Client’s part of key agreement: Diffie-Hellman gy; RSA, random #s Server ClientKeyExchange Change Cipher protocol [ChangeCipherSpec] message notifies server that subsequent records protected under new CipherSpec & keys Hash using new CipherSpec; allows server to verify change in Cipherspec Finished Compute shared key Server changes CipherSpec Verify CipherSpec Handshake Protocol completion Client Client changes CipherSpec Client verifies new CipherSpec Server [ChangeCipherSpec] Finished Notify client that subsequent records protected under new CipherSpec & keys Hash using new CipherSpec; Application Data TLS Record protocol encapsulates application-layer messages • Privacy through secret key cryptography • Reliability through MAC • Fragmentation of application messages into blocks for compression/encryption • Decompression/Decryption/Verification/Reassembly TLS Handshake with Client Authentication Client ClientHello ServerHello Certificate* ServerKeyExchange* CertificateRequest ServerHelloDone Client sends suitable certificate Certificate* ClientKeyExchange Client prepares digital signature based on messages sent using its private key CertificateVerify* [ChangeCipherSpec] Finished [ChangeCipherSpec] Finished Application Data Server Server requests certificate if client needs to be authenticated If server finds certificate unacceptable; server can send fatal failure alert message & close connection Server verifies client has private key IP Security (IPsec) • • • • • . IPsec defined in RFCs 2401, 2402, 2406 Provides authentication, integrity, confidentiality, and access control at the IP layer Provides a key management protocol to provide automatic key distribution techniques. Security service can be provided between a pair of communication nodes, where the node can be a host or a gateway (router or firewall). Two protocols & two modes to provide traffic security: - Authentication Header and Encapsulating Security Payload - Transport mode or tunnel mode IPsec: Network Layer Security • Network-layer secrecy: – sending host encrypts the data in IP datagram – TCP and UDP segments; ICMP and SNMP messages. • Network-layer authentication – destination host can authenticate source IP address • Two principle protocols: – authentication header (AH) protocol – encapsulation security payload (ESP) protocol • For both AH and ESP, source, destination handshake: – create network-layer logical channel called a security association (SA) • Each SA unidirectional. • Uniquely determined by: – security protocol (AH or ESP) – source IP address – 32-bit connection ID IPsec Protocol Stack • IPsec puts the two main protocols in between IP and the other protocols – AH - authentication header - ESP - encapsulating security payload • Tunnel vs. transport? • Other function provided by external protocols and architectures – Key Management/authentication – Policy IPsec Protocol Suite IPsec: Packet Handling Security Association • A Security Association (SA) is a logical simplex connection between two network-layer entities • Two SA’s required for bidirectional secure communication • SA is specified by – – – – – A unique identifier Security services to be used Cryptographic algorithms to be used How shared keys will be established Other attributes such as lifetime • SA negotiated before security service begins Integrity & Authentication Service • Integrity can be ascertained by sending a cryptographic checksum or hash of message • Authentication also provided if hash covers: – Shared secret key, sender’s identity & message – Fields that are changed while packet traverses Internet are set to zero in calculation of hash • To protect against replay attacks, message should carry a sequence number that is covered by the hash – Receiver accepts a packet only once – Receiver maintains a window of packets it accepts • Receiver recalculates hash and compares to hash in received packet Authentication Header (AH) Protocol • Provides source host authentication, data integrity, but not secrecy. • AH header inserted between IP header and IP data field. • Protocol field = 51. • Intermediate routers process datagrams as usual. AH header includes: • connection identifier • authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. • Next header field: specifies type of data (TCP, UDP, ICMP, etc.) ESP Protocol • Provides secrecy, host authentication, data integrity. • Data, ESP trailer encrypted. • Next header field is in ESP trailer. • ESP authentication field is similar to AH authentication field. • Protocol = 50. IPsec: Tunnel vs. Transport mode • Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. • Transport mode is used between endstations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination. AH ESP Internet Key Exchange (IKE) • Built on of ISAKMP framework • Two phase protocol used to establish parameters and keys for session – Phase 1: negotiate parameters, authenticate peers, establish secure channel – Phase 2: Establish a security association (SA) • The details are unimaginably complex • The SA defines algorithms, keys, and policy used to secure the session Gateway-to-Gateway Internet A B • Computers A and B have gateways interposed between their internal network and Internet • Gateway can be a firewall – Controls external access to internal network – Packet filtering according to various header fields • IP addresses, port numbers, ICMP types, fields within payload • Secure tunnels can be established between gateways – All internal information including headers can be encrypted Remote user to Gateway Internet • Mobile host needs access to internal network • Gateway must provide user with access while barring intruders from accessing internal network • May also need to protect identity of mobile user • IP-address of mobile user changes Firewall Options • Firewalls can operate at different layers – IP-layer filtering cannot operate on payload contents • Circuit-Level Gateways – Direct client-to-server TCP connections not allowed – Relays TCP segments between actual client & actual server • Application-Level Gateways or Proxies – Interposed between actual client and actual server – Performs authentication and determines what features are available to client – Monitors, filters & relays messages