Presentation on theme: "Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)"— Presentation transcript:
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
So far, we talked about Basic Techniques of Security… Those are used in many different security scenarios –Secure –Secure transport (SSL) –IPsec
Secure generates random symmetric private key, K S. encrypts message with K S also encrypts K S with Bob’s public key. sends both K S (m) and e B (K S ) to Bob. Alice wants to send secret message, m, to Bob.
Secure (continued) Alice wants to provide sender authentication message integrity. Alice digitally signs message. sends both message (in the clear) and digital signature.
Secure (continued) Alice wants to provide secrecy, sender authentication, message integrity. Note: Alice uses both her private key, Bob’s public key.
Secure Sockets Layer (SSL) SSL developed by Netscape Communications –Operates on top of TCP –Provides secure connections HTTP, FTP, telnet, … –Electronic ordering & payment; –SSL 3.0 submitted to IETF for standardization TLS standardized by IETF (RFC 2246) –Slight differences with SSL 3.0 –www.ietf.org/html.charters/tls-charter.html
Secure sockets layer (SSL) SSL works at transport layer. Provides security to any TCP-based app using SSL services. SSL: used between WWW browsers, servers for I-commerce (shttp). SSL security services: –server authentication –data encryption –client authentication (optional) Server authentication: –SSL-enabled browser includes public keys for trusted CAs. –Browser requests server certificate, issued by trusted CA. –Browser uses CA’s public key to extract server’s public key from certificate.
SSL (continued) Encrypted SSL session: Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. Using its private key, server decrypts session key. Browser, server agree that future msgs will be encrypted. All data sent into TCP socket (by client or server) i encrypted with session key. SSL: basis of IETF Transport Layer Security (TLS). Client authentication can be done with client certificates.
Transport Layer Security (TLS) TLS protocols operate at two layers TLS Record Protocol operates on top of TCP Protocols on top of TLS Record Protocol –TLS Handshake Protocol –TLS Change Cipher Specification Protocol –TLS Alert Protocol TCP TLS Record Protocol Handshake Protocol Change cipher spec Protocol Alert Protocol HTTP Protocol IP
TLS Record Protocol TLS Record protocol provides –Privacy service through secret key encryption Encryption algorithm is negotiated at session setup Secret keys generated per connection using another protocol such as Handshake protocol –Reliability service through keyed message authentication code Hash algorithm negotiated at session setup Operates without hash only during session negotiation
TLS Handshake Protocol TLS Handshake protocol used by client & server –Negotiate protocol version, encryption algorithm, key generation method –Can authenticate each other using public key algorithm –Client & server establish a shared secret –Multiple secure connections can be set up after session setup Session specified by following parameters –Session Identifier: byte sequence selected by server –Peer Certificate: certificate of peer –Compression method: used prior to encryption –Cipher spec: encryption & message authentication code –Master Secret: 48-byte secret shared by client & server –Is resumable?: flag indicating if new connections can be initiated
Client Server ClientHello TLS Handshake Process ServerHello Certificate* ServerKeyExchange* ServerHelloDone Request connection Includes: Version #; Time & date; Session ID (if resuming); Ciphersuite (combinations of key exchange, encryption, MAC, compression) Send ServerHello if there is acceptable Ciphersuite combination; else, send failure alert & close connection. * Optional messages Server Certificate Server part of handshake done Server part of key exchange: Diffie-Hellman, g x; ; RSA, public key ServerHello includes: Version #; Random number; Session ID ; Ciphersuite & compression selections Compute shared key May contain public key New CipherSpec pending TLS Record protocol initially specifies no compression or encryption
Client Server ClientKeyExchange [ChangeCipherSpec] Finished Client’s part of key agreement: Diffie-Hellman g y ; RSA, random #s Change Cipher protocol message notifies server that subsequent records protected under new CipherSpec & keys Server changes CipherSpec Hash using new CipherSpec; allows server to verify change in Cipherspec Handshake Protocol continued Compute shared key Verify CipherSpec
Client Server Application Data Handshake Protocol completion [ChangeCipherSpec] Finished Notify client that subsequent records protected under new CipherSpec & keys Client changes CipherSpec Hash using new CipherSpec; Client verifies new CipherSpec TLS Record protocol encapsulates application-layer messages Privacy through secret key cryptography Reliability through MAC Fragmentation of application messages into blocks for compression/encryption Decompression/Decryption/Verification/Reassembly
Client Server ClientHello TLS Handshake with Client Authentication ServerHello Certificate* ServerKeyExchange* CertificateRequest ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data [ChangeCipherSpec] Finished Server requests certificate if client needs to be authenticated Client sends suitable certificate If server finds certificate unacceptable; server can send fatal failure alert message & close connection Client prepares digital signature based on messages sent using its private key Server verifies client has private key
IP Security (IPsec). IPsec defined in RFCs 2401, 2402, 2406 Provides authentication, integrity, confidentiality, and access control at the IP layer Provides a key management protocol to provide automatic key distribution techniques. Security service can be provided between a pair of communication nodes, where the node can be a host or a gateway (router or firewall). Two protocols & two modes to provide traffic security: - Authentication Header and Encapsulating Security Payload - Transport mode or tunnel mode
IPsec: Network Layer Security Network-layer secrecy: –sending host encrypts the data in IP datagram –TCP and UDP segments; ICMP and SNMP messages. Network-layer authentication –destination host can authenticate source IP address Two principle protocols: –authentication header (AH) protocol –encapsulation security payload (ESP) protocol For both AH and ESP, source, destination handshake: –create network-layer logical channel called a security association (SA) Each SA unidirectional. Uniquely determined by: –security protocol (AH or ESP) –source IP address –32-bit connection ID
IPsec Protocol Stack IPsec puts the two main protocols in between IP and the other protocols – AH - authentication header - ESP - encapsulating security payload Tunnel vs. transport? Other function provided by external protocols and architectures – Key Management/authentication – Policy
IPsec Protocol Suite
IPsec: Packet Handling
Security Association A Security Association (SA) is a logical simplex connection between two network-layer entities Two SA’s required for bidirectional secure communication SA is specified by –A unique identifier –Security services to be used –Cryptographic algorithms to be used –How shared keys will be established –Other attributes such as lifetime SA negotiated before security service begins
Integrity & Authentication Service Integrity can be ascertained by sending a cryptographic checksum or hash of message Authentication also provided if hash covers: –Shared secret key, sender’s identity & message –Fields that are changed while packet traverses Internet are set to zero in calculation of hash To protect against replay attacks, message should carry a sequence number that is covered by the hash –Receiver accepts a packet only once –Receiver maintains a window of packets it accepts Receiver recalculates hash and compares to hash in received packet
Authentication Header (AH) Protocol Provides source host authentication, data integrity, but not secrecy. AH header inserted between IP header and IP data field. Protocol field = 51. Intermediate routers process datagrams as usual. AH header includes: connection identifier authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. Next header field: specifies type of data (TCP, UDP, ICMP, etc.)
ESP Protocol Provides secrecy, host authentication, data integrity. Data, ESP trailer encrypted. Next header field is in ESP trailer. ESP authentication field is similar to AH authentication field. Protocol = 50.
IPsec: Tunnel vs. Transport mode Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. Transport mode is used between end- stations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.
Internet Key Exchange (IKE) Built on of ISAKMP framework Two phase protocol used to establish parameters and keys for session – Phase 1: negotiate parameters, authenticate peers, establish secure channel – Phase 2: Establish a security association (SA) The details are unimaginably complex The SA defines algorithms, keys, and policy used to secure the session
Gateway-to-Gateway Computers A and B have gateways interposed between their internal network and Internet Gateway can be a firewall –Controls external access to internal network –Packet filtering according to various header fields IP addresses, port numbers, ICMP types, fields within payload Secure tunnels can be established between gateways –All internal information including headers can be encrypted Internet A B
Remote user to Gateway Mobile host needs access to internal network Gateway must provide user with access while barring intruders from accessing internal network May also need to protect identity of mobile user IP-address of mobile user changes Internet
Firewall Options Firewalls can operate at different layers –IP-layer filtering cannot operate on payload contents Circuit-Level Gateways –Direct client-to-server TCP connections not allowed –Relays TCP segments between actual client & actual server Application-Level Gateways or Proxies –Interposed between actual client and actual server –Performs authentication and determines what features are available to client –Monitors, filters & relays messages