Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Similar presentations


Presentation on theme: "Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication."— Presentation transcript:

1 Securing Network Communication

2 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication  Not clear who you are talking with

3 Issues Capturing passwords Sniffing browsing sessions Hijacking TCP sessions Phishing

4 Solutions Securing existing applications without modifying them  Tunneling Developing secure applications  Using openSSL library

5 Tunneling Tunneling allows a secure connection between a client and server to be made first, then other network connections are forwarded or tunneled over that single connection.  openSSH  Stunnel

6 OpenSSH SSH protocol for accessing remote shell securely It uses password or public/private keys for authentication. One can set up a secure connection with a SSH daemon.

7 OpenSSH

8 Stunnel Uses openSSL library Works on top of TCP

9 9 TLS: Transport Layer Security Previously known as SSL: Secure Sockets Layer Addresses issues of privacy, integrity and authentication  What is it?  How does it address the issues?  How is it used

10 10 What is TLS? Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols IP TCP TLS HTTPTelnetFTPLDAP

11 11 TLS: Privacy Encrypts message so that it cannot be read Uses conventional cryptography with shared key  DES, 3DES  RC2, RC4  IDEA A Message B

12 12 TLS:Key Exchange Needs secure method to exchange secret key Use public key encryption for this  “key pair” is used - either one can encrypt and then the other can decrypt  slower than conventional cryptography  share one key, keep the other private Choices are RSA or Diffie-Hellman

13 13 TLS: Integrity Compute fixed-length Message Authentication Code (MAC)  Includes hash of message  Includes a shared secret  Include sequence number Transmit MAC with message

14 14 TLS: Integrity Receiver creates new MAC  should match transmitted MAC TLS allows MD5, SHA-1 AB Message’ MAC’ MAC =? Message MAC

15 15 TLS: Authentication Verify identities of participants Client authentication is optional Certificate is used to associate identity with public key and other attributes A Certificate B

16 16 TLS: Overview Establish a session  Agree on algorithms  Share secrets  Perform authentication Transfer application data  Ensure privacy and integrity

17 17 TLS: Architecture TLS defines Record Protocol to transfer application and TLS information A session is established using a Handshake Protocol TLS Record Protocol Handshake Protocol Alert Protocol Change Cipher Spec

18 18 TLS “Alternatives” S-HTTP: secure HTTP protocol, shttp:// IPSec: secure IP SET: Secure Electronic Transaction  Protocol and infrastructure for bank card payments SASL: Simple Authentication and Security Layer (RFC 2222)

19 19 TLS: Record Protocol

20 20 OpenSSL Open source, based on SSLeay Structures  SSL_METHOD: encryption method  SSL_CTX:context of communication  SSL: maintains info. About a given connection. One to one correspondence with sockets.

21 OpenSSL SSLv2_client_method() ctx=SSL_CTX_new(method) ssl=SSL_new(ctx) SSL_set_fd(ssl, fd) SSL_connect() SSL_read(ssl, buf, sizeof(buf)) SSL_write()

22 OpenSSL SSLv2_server_method() ctx=SSL_CTX_new(method) SSL_CTX_use_certficate_file() SSL_CTX_use_Privatekey_file() SSL_CTX_check_private_key() SSL ssl=SSL_new(ctx) SSL_set_fd(ssl, fd) SSL_accept() SSL_read(ssl, buf, sizeof(buf)) SSL_write()


Download ppt "Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication."

Similar presentations


Ads by Google