Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networking Overview 1 Networking Overview Networking Overview 2 TCP/IP  TCP/IP == Transmission Control Protocol/Internet Protocol  Almost ubiquitous.

Similar presentations


Presentation on theme: "Networking Overview 1 Networking Overview Networking Overview 2 TCP/IP  TCP/IP == Transmission Control Protocol/Internet Protocol  Almost ubiquitous."— Presentation transcript:

1

2 Networking Overview 1 Networking Overview

3 Networking Overview 2 TCP/IP  TCP/IP == Transmission Control Protocol/Internet Protocol  Almost ubiquitous protocol for communication over network  Many other networking protocols o ATM, X.25, SS7, Sonet,… o But TCP/IP has taken over the world

4 Networking Overview 3 TCP/IP  Here, a brief overview of TCP/IP  For more info, see, for example, o Computer Networks, Tanenbaum o Computer Networks and Internets, Comer o Computer Networking: A Top Down Approach Featuring the Internet, Kurose and Ross o TCP/IP Protocol Suite, Forouzan

5 Networking Overview 4 Why TCP/IP?  Almost everywhere  Author developed payphone billing protocol in 1992 o Used X.25, later ported to SS7 o Today would almost certainly use TCP/IP  TCP/IP makes the world “extremely hackable”

6 Networking Overview 5 OSI Reference Model  In 1980, ISO developed OSI o Computer communication over network  Protocol layering o Breaks problem into small parts o Layer provides service to next higher  Modular o Makes it easy, for example, to replace Ethernet with wireless

7 Networking Overview 6 OSI Reference Model  Layer Application Layer o Links application to the communication channel  Layer Presentation Layer o How to represent bits for transmission  Layer Session Layer o Coordinate (multiple) sessions  Layer Transport Layer o Logical channel between systems

8 Networking Overview 7 OSI Reference Model  Layer Network Layer o Move data from host-to-host, across network core (interconnected mesh of routers)  Layer Data Link Layer (or Link Layer) o Move data across one “hop”  Layer Physical Layer o Transmit bits across a physical link (fiber optic, copper cable, wireless, etc.)  Note: Layers 7,6,5 often treated as one

9 Networking Overview 8 TCP/IP, Our Hero  Layers from TCP/IP’s perspective…  Application Layer --- Program trying to communicate using TCP/IP o E.g., servers, SSH client and server, etc  Transport Layer --- Includes TCP and UDP o TCP provides reliable delivery o UDP is “bare bones” transport layer protocol

10 Networking Overview 9 TCP/IP, Our Hero  Network Layer --- Based on IP o Deliver packets from end-to-end o To be cool, you must say “layer 3”  Data Link Layer --- One hop o “Layer 2”  Physical Layer --- The physical media

11 Networking Overview 10 TCP/IP Protocol Stack  TCP/IP synonymous with transport layer and network layer (combined)  For example…

12 Networking Overview 11 Layering (Again)  Each layer adds some info o Usually added to beginning, so called a header

13 Networking Overview 12 Terminology  Application layer  packet  Transport layer  TCP segment (for example)  Network layer  IP datagram  Data link/physical layer(s)  frame  We may use “packet” for all of these

14 Networking Overview 13 TCP/IP  Protocols: TCP, UDP, IP, ICMP o Defined in RFCs 791 thru 793  Developed for academic research o No thought of security o No confidentiality, integrity, authentication, …

15 Networking Overview 14 TCP/IP and Security  Originally, no security in TCP/IP o Any security provided by applications  But TCP/IP retrofit for security o IPSec --- security at the “IP layer” o “Built in” security for applications o IPSec is a bloated and complex protocol

16 Networking Overview 15 TCP  TCP provides reliable delivery  Most familiar apps use TCP o Web browsing (HTTP) o Secure shell (SSH) o File transfer (FTP) o (SMTP, POP, IMAP) o Etc., etc., etc.  For most apps, TCP saves a lot of work

17 Networking Overview 16 TCP Header  Every TCP packet includes header

18 Networking Overview 17 TCP Port Numbers  Source port, destination port o 16-bit numbers o Tells which “door” to send data to o Source == outgoing “door”, etc.  Server application “listens” on a port o Listening ports are open o Non-listening ports are closed

19 Networking Overview 18 TCP Port Numbers  Examples of well-known ports o TCP port FTP o TCP port SSH o TCP port telnet o TCP port SMTP o TCP port HTTP o TCP port The X Window System (X11)  Note these ports are used by convention o Could use 8080 for HTTP and not get arrested o But both client and server must know this

20 Networking Overview 19 Ports  Example  Note that attackers want to know which ports (“doors”) are open

21 Networking Overview 20 Ports  To see which ports are in use o Locally, use netstat -na

22 Networking Overview 21 TCP Control Bits  Control bits or flags  For “3-way handshake”, and other special things

23 Networking Overview 22 TCP Control Bits  Originally, 6 control bits o URG --- urgent data, give it priority (or not…) o ACK --- acknowledge earlier data o PSH --- push data thru now o RST --- reset the connection, due to error or an interruption (abnormal termination) o SYN --- synchronize sequence numbers o FIN --- no more data, so tear down connection

24 Networking Overview 23 TCP Control Bits  Two additional control bits o CWR --- congestion window reduced; due to network congestion, reduced window size o ECE --- explicit congestion notification echo; connection is experiencing congestion  For congestion control issues

25 Networking Overview 24 TCP 3-Way Handshake  Used to establish TCP connection  Note sequence numbers: ISN A and ISN B o ACK and SYN flag bits used here

26 Networking Overview 25 TCP 3-Way Handshake  Establishes “connection”  Sequence numbers enable TCP to o Make sure all packets arrive o Make sure all packets delivered in order  FIN bit used when session torn down  RST used to end in “error” cases

27 Networking Overview 26 Other Fields in TCP Header  Data offset --- where the data begins  Reserved --- reserved for future use (or for clever attackers…)  Window --- controls number of outstanding packets; prevents one side from sending too fast (flow control)  Checksum --- error detection (uses CRC)

28 Networking Overview 27 Other Fields in TCP Header  Urgent pointer --- if URG flag set, tells where the urgent data is located  Options --- additional info (e.g., the max size of packet); variable size  Padding --- used to make things line up on 32-bit boundaries

29 Networking Overview 28 UDP  UDP == User Datagram Protocol  Minimal “no frills” transport protocol o Does minimum possible o “Connectionless” o No flow control, no congestion control, packets can be out of order, not arrive, … o UDP == Unreliable Damn Protocol

30 Networking Overview 29 UDP  Why use UDP?  Low overhead o 8 byte header vs 20 bytes (or more) for TCP  No congestion control/flow control o How can this be good?

31 Networking Overview 30 Where is UDP Used?  Streaming audio/video o Some packet loss is OK o Example: Real Player, UDP port 7070  Apps where low overhead is useful o Trivial FTP (TFTP), UDP port 69 o Simple Network Management Protocol (SNMP), UDP port 161

32 Networking Overview 31 FTP vs UDP  Which is more secure?  With UDP, more work for firewalls o Hard to track “connections” o Example: Slammer worm fit into one 376-byte UDP packet; got thru firewalls  But neither TCP nor UDP offer any “real” security (confidentiality, etc.)

33 Networking Overview 32 IP  IP == Internet Protocol o Not “intellectual property”  IP is the network layer protocol today o Mostly IPv4 o IPv6 used a little bit --- offers more addresses and more security o Here, we focus on IPv4

34 Networking Overview 33 IP Header  Note that source and destination addresses each 32 bits

35 Networking Overview 34 What is a Network?  LAN == Local Area Network  LANs are building blocks of networks  LAN is bunch of computers connected together by hub, switch, wireless, … o No router between computers on a LAN  Usually, small geographic area

36 Networking Overview 35 What is a Network?  LANs are connected by routers o Routers move packets between LANs

37 Networking Overview 36 IP Addresses  IP addresses are 32 bits  Identify hosts (computers) on network  Written in “dotted decimal” notation o Author calls it “dotted quad” notation

38 Networking Overview 37 IP Addresses  Every IP packet has source and destination IP addresses  Every IP address has 2 parts o One part identifies the network (LAN) o One part identifies the specific host o Makes routing more efficient  But which part is which?

39 Networking Overview 38 Netmasks  Leftmost bits are network part of address  Netmask (subnet mask) often used o Uses “AND” operation  Classless Inter-Domain Routing (CIDR) notation o /16

40 Networking Overview 39 Packet Fragmentation  Link may accept packet of max length  What if packet is too big?  Fragmentation! o Router chops packet into pieces o Reassembled at destination o Fields in IP header identify fragments (and how to reassemble them)

41 Networking Overview 40 Fragmentation Bits  Don’t fragment bit o 0 == OK to fragment, 1 == don’t fragment  More fragments bit o 0 == last fragment, 1 == more fragments  Fragmentation opens door to attacks o Firewalls/IDS do not like fragments

42 Networking Overview 41 Other Stuff in IP Header  Version --- IPv4 or IPv6  Hlen --- total length of IP header  Service Type --- for quality of service  Total Length --- length of data and header  Identification --- for fragment reassembly  Flags --- don’t fragment, more fragments, …  Fragmentation Offset --- how to reassemble fragments

43 Networking Overview 42 Other Stuff in IP Header  Time-to-Live (TTL) --- max number of “hops” remaining before packet dies  Protocol --- TCP or UDP  Header Checksum --- error detection in header (recomputed at each router)  Source IP Address --- “from”  Destination IP Address --- “to”  Options --- e.g., “source routing”  Padding --- pad length to multiple of 32 bits

44 Networking Overview 43 ICMP  Internet Control Message Protocol  Like the “network plumber” o Host uses ICMP to see if another host is alive and responding o Router uses ICMP to tell source it does not know how to route a packet o Host can tell another host to stop sending data so fast, etc., etc.

45 Networking Overview 44 ICMP  Same packet format as IP o Protocol field is set to 1  Many ICMP message types o Common types listed on next 2 slides

46 Networking Overview 45 ICMP  Name (type number) --- explanation o Echo reply (0) --- response to ping o Destination unreachable (3) --- IP packet cannot be delivered (sent by router or host) o Source quench (4) --- slow down! o Redirect (5) --- send data to different router o Echo (8) --- ping (is system responding?)

47 Networking Overview 46 ICMP  Message, type number, explanation o Time Exceeded (11) --- TTL exceeded, or problem reassembling fragments o Parameter Problem (12) --- bad parameter o Timestamp (13) --- request system’s time o Timestamp Reply (14) --- send system time o Information Request (15) --- used to determine which network a host is on o Information Reply (16) --- network IP address

48 Networking Overview 47 Routing Packets  How routers get packets thru network o Like Little Red Riding Hood trying to find the best path to grandma’s house  Dynamic routing protocols o RIP, OSPF, BGP o As if trees in the forest calculate best path and tell Red which way to go

49 Networking Overview 48 Routing Packets  Static routing protocols o Hard-coded routes o Red always has to go the same way  Source routing o Source specifies route in packet o Step-by-step directions to Grandma’s house tattooed on Red’s forehead

50 Networking Overview 49 NAT  Network Address Translation  Address-related problems o Not enough IP addresses to go around o Internal network uses “illegal” or unroutable (private) addresses  Solutions: NAT o Gateway (i.e., router or firewall) “translates” addresses

51 Networking Overview 50 NAT  Outgoing --- gateway replaces internal address with valid IP address  Incoming --- gateway replaces valid IP address with internal address  Note that gateway must remember!

52 Networking Overview 51 How to Implement NAT?  Map single IP address o Every packet mapped to one IP address o Vary source port numbers o Port Address Translation (PAT)  One-to-one mapping o Internal address mapped to unique IP address  Dynamically allocate addresses o Multiplex internal addresses to IP addresses o Not as popular as other 2 approaches

53 Networking Overview 52 NAT and Security  NAT hides internal IP addresses o Might be harder for attacker to map network topology  NAT of limited security value o Attacker could take over NAT device o Attacker could let NAT do its job and attack internal network o Some argue NAT harms security (IPSec)

54 Networking Overview 53 Firewalls: Pick Your Analogy  Network “traffic cop”  Network “soccer goalie”

55 Networking Overview 54 Firewalls  Filter based on… o Services, addresses, data, etc., etc.  May be used to protect… o Your network from Internet o Your network from partner’s network o Your network from your network o Internet from your network

56 Networking Overview 55 Firewalls  Attacker: “kick ball” past goalie…

57 Networking Overview 56 Firewalls  Three types of firewalls o Packet filter (network layer) o Stateful packet filter (transport layer) o Proxy-based firewall (application layer)  All firewalls one of these types o In spite of marketing…  Also, Intrusion Prevention Systems (IPS) o Not quite the same as firewall

58 Networking Overview 57 Packet Filter  Filter each packet individually o No concept of state  Can filter based on… o Source/destination IP address o Source/destination port (application specific) o TCP control bits (SYN, ACK, etc.) o Protocol (e.g., allow TCP, deny UDP) o Direction (incoming, outgoing) o Interface (trusted or untrusted network)

59 Networking Overview 58 Packet Filter  Access control list (ACL), e.g., AllowInsideOutsideAny80HTTP AllowOutsideInside80> 1023HTTP DenyAll Action Source IP Dest IP Source Port Dest Port Protocol Any ACK All Flag Bits  Start at top and work down the list o What do 1st, 2nd, 3rd lines do?

60 Networking Overview 59 Packet Filter  Disadvantage: very limited view  Consider ACL on previous slide o Easy to kick ball past this goalie o E.g., ACK scan  Even worse with UDP o No flag bits  Advantages: speed and simplicity

61 Networking Overview 60 Stateful Packet Filter  Improve packet filter by adding state o State == remember something (packets)  Remember each active connection o State table: info on active connections o Time out, typically, after 10 to 90 seconds o Can see how/if new packet fits into ongoing connection o For example, ACK must be preceeded by SYN

62 Networking Overview 61 Stateful Packet Filter  With packet filter o Attacker can “ACK scan” for open ports o Send ACK packets with no prior SYN  With stateful packet filter o ACK scan fails o Packets dropped since no prior SYN  Can also remember UDP “connections”

63 Networking Overview 62 Stateful Packet Filter  Advantage: Much stronger than packet filter  Disadvantage: More work o Often implemented in custom hardware, so speeds can be competitive  Still lacks a complete view…

64 Networking Overview 63 Proxy  Proxy --- acts on your behalf  Analogy… o Student calls me at home late at night o My wife answers the phone o She tells me a student called o Me: “Tell that $&^# to get lost!” o My wife: “He’s busy, can I take a msg?”

65 Networking Overview 64 Proxy  Another analogy… o Telemarketer calls me at home o My wife answers the phone o She tells them to go away… o …without informing me of the call  My wife is acting as my proxy  Proxy firewall is similar

66 Networking Overview 65 Proxy-Based Firewall  Proxy can look at complete picture o Everything packet filter sees o Everything stateful packet filter sees o Plus application level info --- can verify that protocols are followed, data is free of malware, etc., etc.  May cache info for efficiency

67 Networking Overview 66 Proxy-Based Firewall  Advantage: complete view  Disadvantage: speed, computing power o May limit amount of traffic it can handle, more expensive hardware, more complex, etc.

68 Networking Overview 67 IPS  Intrusion Prevention System (IPS) o Similar to, but not quite a firewall  Analyze network traffic in real time  Attack signatures/suspicious behavior o Signatures/anomaly detection  Firewall does not do this  Can block suspicious communications

69 Networking Overview 68 Best Firewall?  Try to get best from each technology

70 Networking Overview 69 Data Link Layer  Not part of TCP/IP o But it is a source of attacks  Data Link Layer o Move packets across one “hop”, LAN to router, router to router, etc. o Lives in Network Interface Card (NIC) o Ethernet, (wireless), etc.

71 Networking Overview 70 Ethernet  Ethernet is “king of the Link Layer”  Ethernet used on shared media o Resource contention  Media Access Control (MAC) addresses o 48 bits, globally unique o Of form AA:BB:CC:DD:EE:FF (or “.” for “:”) o IP address is like street address, MAC address like social security number o Aside: Why not use IP address for everything?

72 Networking Overview 71 ARP  Address Resolution Protocol (ARP) o MAC address for LAN, IP address for network  ARP is used to find MAC address, given the IP address o Broadcast IP address o Whoever has it, responds with MAC address o Response is cached (for efficiency)

73 Networking Overview 72 ARP  ARP only applies on same LAN  ARP is stateless

74 Networking Overview 73 Hubs and Switches  Both used on LAN  Hub is simple/dumb device o Broadcast to all interfaces o Simple, but wastes bandwidth  Switch is smarter o Only sends data to a specific interface o Reduces bandwidth usage

75 Networking Overview 74 Hubs and Switches  Hub o Simple o Wasteful  Switch o Complex o Saves bandwidth

76 Networking Overview 75 Switches  Switch stores MAC address locations o Content Addressable Memory (CAM)  Table determined automatically o At first switch acts like hub o Then looks at MAC addresses o Uses this info to fill in table o This all happens automatically

77 Networking Overview 76 Switch

78 Networking Overview 77 Wireless LAN  is king of WLAN  Wireless security is difficult o Often not secured, rogue access points, …  LAN usually has little or no security o Maybe OK if physical access required o But WLAN changes all of that… o WLAN is good news for Trudy and Eve

79 Networking Overview 78 WLAN  Regular LAN attacks work on WLAN  Physical access not required!  Makes hackable network more so  Great news for Trudy and Eve! o Cell phones and other wireless technology promise even more hacks

80 Networking Overview  Mbps  a Mbps o Not used much, since came out at same time as b, and b is cheaper  b Mbps o Speed similar to traditional Ethernet  g Mbps o Popular, combines best of a and b

81 Networking Overview  i o Real security o Strong encryption (AES) o Strong key exchange (TKIP)  Much stronger than WEP o WEP: “swiss cheese” of security protocols o WEP: no integrity, poor encryption, etc.

82 Networking Overview 81 WEP  According to Tanenbaum: o “The standard prescribes a data link- level security protocol called WEP (Wired Equivalent Privacy), which is designed to make the security of a wireless LAN as good as that of a wired LAN. Since the default for a wired LAN is no security at all, this goal is easy to achieve, and WEP achieves it as we shall see.”

83 Networking Overview 82 Security on the Internet  TCP/IP provides no security  Must retrofit Internet for security  Application layer o PGP, S/MIME, SSH, …  “Socket layer” o SSL/TLS (really part of application layer)  Network layer o IPSec

84 Networking Overview 83 Application Layer Security  Pretty Good Privacy (PGP) o Developed by Phil Zimmerman o No backdoor?  “We don’t hire that kind of person”  Secure/Multipurpose Internet Mail Extensions (S/MIME) o Secure  Secure Shell (SSH) o Secure “tunnel” for remote access

85 Networking Overview 84 SSL  Secure Socket Layer (SSL) o Developed for Web, HTTP o Can be used anywhere o Elegant security protocol  Transport Layer Security (TLS) o Same, but incompatible

86 Networking Overview 85 SSL  Authentication, confidentiality, integrity  You use SSL all the time o Whenever “lock” (or “key”) appears in browser o HTTPS == HTTP with SSL  Secure transactions on Internet

87 Networking Overview 86 SSL  Not quite the same as in CS166 or CS265…

88 Networking Overview 87 SSL

89 Networking Overview 88 A Note on Notation  E(X,K) == encrypt X with symmetric key K o Key is known to sender and receiver o And nobody else  {X} Alice == encrypt X with Alice’s public key o Key know to everybody o Can only be decrypted with Alice’s private key o Alice’s private key known only to Alice

90 Networking Overview 89 Notation  h(X) == cryptographic hash function o Provides “fingerprint” of X o Compresses data  Certificate o Contains (at least) public key, name o Signed by a Certificate Authority (CA) o CA vouches that corresponding private key belongs to “name” in certificate o Anyone can verify signature (public key)

91 Networking Overview 90 Simple SSL-like Protocol Alice Bob I’d like to talk to you securely Here’s my certificate {K AB } Bob protected HTTP  Is Alice sure she’s talking to Bob?  Is Bob sure he’s talking to Alice?

92 Networking Overview 91 Simplified SSL Protocol Alice Bob Can we talk?, cipher list, R A certificate, cipher, R B {S} Bob, E(h(msgs,CLNT,K),K) Data protected with key K h(msgs,SRVR,K)  S is pre-master secret  K = h(S,R A,R B )  msgs = all previous messages  CLNT and SRVR are constants

93 Networking Overview 92 SSL Authentication  Alice authenticates Bob, not vice-versa o How does client authenticate server? o Why does server not authenticate client?  Mutual authentication is possible: Bob sends certificate request in message 2 o This requires client to have certificate o If server wants to authenticate client, server could instead require (encrypted) password

94 Networking Overview 93 SSL MiM Attack Alice Bob RARA certificate T, R B {S 1 } Trudy,E(X 1,K 1 ) E(data,K 1 ) h(Y 1,K 1 )  Q: What prevents this MiM attack?  A: Bob’s certificate must be signed by a certificate authority (such as Verisign)  What does browser do if signature not valid?  What does user do if signature is not valid? Trudy RARA certificate B, R B {S 2 } Bob,E(X 2,K 2 ) E(data,K 2 ) h(Y 2,K 2 )

95 Networking Overview 94 SSL vs IPSec  IPSec  discussed next o Lives at the network layer (part of the OS) o Has encryption, integrity, authentication, etc. o Is overly complex (including serious flaws)  SSL (and IEEE standard known as TLS) o Lives at socket layer (part of user space) o Has encryption, integrity, authentication, etc. o Has a simpler specification

96 Networking Overview 95 SSL vs IPSec  IPSec implementation o Requires changes to OS, but no changes to applications  SSL implementation o Requires changes to applications, but no changes to OS  SSL built into Web application early on (Netscape)  IPSec used in VPN applications (secure tunnel)  Reluctance to retrofit applications for SSL  Reluctance to use IPSec due to complexity and interoperability issues  Result? Internet less secure than it should be!

97 Networking Overview 96 IPSec

98 Networking Overview 97 IPSec and SSL  IPSec lives at the network layer  IPSec is transparent to applications application transport network link physical SSL OS User NIC IPSec

99 Networking Overview 98 IPSec and Complexity  IPSec is a complex protocol  Over-engineered o Lots of generally useless extra features  Flawed o Some significant security issues  Interoperability is serious challenge o Defeats the purpose of having a standard!  Complex  Did I mention, it’s complex?

100 Networking Overview 99 IKE and ESP/AH  Two parts to IPSec  IKE: Internet Key Exchange o Mutual authentication o Establish shared symmetric key o Two “phases”  like SSL session/connection  ESP/AH o ESP: Encapsulating Security Payload  for encryption and/or integrity of IP packets o AH: Authentication Header  integrity only

101 Networking Overview 100 IKE

102 Networking Overview 101 IKE  IKE has 2 phases o Phase 1  IKE security association (SA) o Phase 2  AH/ESP security association  Phase 1 is comparable to SSL session  Phase 2 is comparable to SSL connection  Not an obvious need for two phases in IKE  If multiple Phase 2’s do not occur, then it is more expensive to have two phases!

103 Networking Overview 102 IKE Phase 1  Four different “key” options o Public key encryption (original version) o Public key encryption (improved version) o Public key signature o Symmetric key  For each of these, two different “modes” o Main mode o Aggressive mode  There are 8 versions of IKE Phase 1!  Evidence that IPSec is over-engineered?

104 Networking Overview 103 IKE Phase 1  We discuss 1 of 8 phase 1 variants o Public key signatures o Both main and aggressive modes

105 Networking Overview 104 IKE Phase 1  Uses ephemeral Diffie-Hellman to establish session key o Provides perfect forward secrecy (PFS)  Let a be Alice’s Diffie-Hellman exponent  Let b be Bob’s Diffie-Hellman exponent  Let g be generator and p prime  Recall that p and g are public

106 Networking Overview 105 IKE Phase 1: Digital Signature (Main Mode)  CP = crypto proposed, CS = crypto selected  IC = initiator “cookie”, RC = responder “cookie”  K = h(IC,RC,g ab mod p,R A,R B )  SKEYID = h(R A, R B, g ab mod p)  proof A = [h(SKEYID,g a,g b,IC,RC,CP,“Alice”)] Alice AliceBob IC, CP IC,RC, CS IC,RC, g a mod p, R A IC,RC, E(“Alice”, proof A, K) IC,RC, g b mod p, R B IC,RC, E(“Bob”, proof B, K)

107 Networking Overview 106 IKE Phase 1: Public Key Signature (Aggressive Mode)  Main difference from main mode o Not trying to protect identities o Cannot negotiate g or p Alice Bob IC, “Alice”, g a mod p, R A, CP IC,RC, “Bob”, R B, g b mod p, CS, proof B IC,RC, proof A

108 Networking Overview 107 Main vs Aggressive Modes  Main mode MUST be implemented  Aggressive mode SHOULD be implemented o In other words, if aggressive mode is not implemented, “you should feel guilty about it”  Might create interoperability issues  For public key signature authentication o Passive attacker knows identities of Alice and Bob in aggressive mode o Active attacker can determine Alice’s and Bob’s identity in main mode

109 Networking Overview 108 IPSec  After IKE Phase 1, we have an IKE SA  After IKE Phase 2, we have an IPSec SA  Both sides have a shared symmetric key  Now what? o We want to protect IP datagrams  But what is an IP datagram? o From the perspective of IPSec…

110 Networking Overview 109 IP Review  Where IP header is IP header data  IP datagram is of the form

111 Networking Overview 110 IP and TCP  Consider HTTP traffic (over TCP)  IP encapsulates TCP  TCP encapsulates HTTP IP headerTCP hdrHTTP hdrapp data IP header data  IP data includes TCP header, etc.

112 Networking Overview 111 AH vs ESP  AH o Authentication Header o Integrity only (no confidentiality) o Integrity-protect everything beyond IP header and some fields of header (why not all fields?)  ESP o Encapsulating Security Payload o Integrity and confidentiality o Protects everything beyond IP header o Integrity-only by using NULL encryptionNULL encryption

113 Networking Overview 112 ESP’s NULL Encryption  According to RFC 2410 o NULL encryption “is a block cipher the origins of which appear to be lost in antiquity” o “Despite rumors”, there is no evidence that NSA “suppressed publication of this algorithm” o Evidence suggests it was developed in Roman times as exportable version of Caesar’s cipher o Can make use of keys of varying length o No IV is required o Null(P,K) = P for any P and any key K  Security people have a strange sense of humor!

114 Networking Overview 113 Why Does AH Exist? (1)  Cannot encrypt IP header o Routers must look at the IP header o IP addresses, TTL, etc. o IP header exists to route packets!  AH protects immutable fields in IP header o Cannot integrity protect all header fields o TTL, for example, must change  ESP does not protect IP header at all

115 Networking Overview 114 Why Does AH Exist? (2)  ESP encrypts everything beyond the IP header (if non-null encryption)  If ESP encrypts, firewall cannot look at TCP header (e.g., port numbers)  Why not use ESP with null encryption? o Firewall sees ESP header, but does not know whether null encryption is used o End systems know, but not firewalls  Aside 1: Do firewalls reduce security?  Aside 2: Is IPSec compatible with NAT?

116 Networking Overview 115 Why Does AH Exist? (3)  The real reason why AH exists o At one IETF meeting “someone from Microsoft gave an impassioned speech about how AH was useless…” o “…everyone in the room looked around and said `Hmm. He’s right, and we hate AH also, but if it annoys Microsoft let’s leave it in since we hate Microsoft more than we hate AH.”

117 Networking Overview 116 IPSec  Will it save us? o According to the author: “No!”  Even if universally implemented, many problems remain o E.g., software (need I say more?)  But it is step in the right direction

118 Networking Overview 117 Kerberos

119 Networking Overview 118 Kerberos  In Greek mythology, Kerberos is 3-headed dog that guards entrance to Hades o “Wouldn’t it make more sense to guard the exit?”  In security, Kerberos is an authentication system based on symmetric key crypto o Originated at MIT o Based on work by Needham and Schroeder o Relies on a trusted third party (TTP)

120 Networking Overview 119 Motivation for Kerberos  Authentication using public keys o N users  N key pairs  Authentication using symmetric keys o N users requires about N 2 keys  Symmetric key case does not scale!  Kerberos based on symmetric keys but only requires N keys for N users o But must rely on TTP o Advantage is that no PKI is required

121 Networking Overview 120 Kerberos KDC  Kerberos Key Distribution Center or KDC o Acts as a TTP o TTP must not be compromised! o KDC shares symmetric key K A with Alice, key K B with Bob, key K C with Carol, etc. o Master key K KDC known only to KDC o KDC enables authentication and session keys o Keys for confidentiality and integrity o In practice, the crypto algorithm used is DES

122 Networking Overview 121 Kerberos Tickets  KDC issues a ticket containing info needed to access a network resource  KDC also issues ticket-granting tickets or TGT s that are used to obtain tickets  Each TGT contains o Session key o User’s ID o Expiration time  Every TGT is encrypted with K KDC o TGT can only be read by the KDC

123 Networking Overview 122 Kerberized Login  Alice enters her password…  …then Alice’s workstation o Derives K A from Alice’s password o Uses K A to get TGT for Alice from the KDC  Alice can then use her TGT (credentials) to securely access network resources  Plus: Security is transparent to Alice  Minus: KDC must be secure  it’s trusted!

124 Networking Overview 123 Kerberized Login Alice Alice’s Alice wants password a TGT E(S A,TGT,K A ) KDC  Key K A derived from Alice’s password  KDC creates session key S A  Workstation decrypts S A, TGT, forgets K A  TGT = E(“Alice”,S A, K KDC ) Computer

125 Networking Overview 124 Alice Requests Ticket to Bob Alice Talk to Bob I want to talk to Bob REQUEST REPLY KDC  REQUEST = (TGT, authenticator) where authenticator = E(timestamp,S A )  REPLY = E(“Bob”,K AB,ticket to Bob, S A )  ticket to Bob = E(“Alice”,K AB,K B )  KDC gets S A from TGT to verify timestamp Computer

126 Networking Overview 125 Alice Uses Ticket to Bob ticket to Bob, authenticator E(timestamp + 1,K AB )  ticket to Bob = E(“Alice”,K AB, K B )  authenticator = E(timestamp, K AB )  Bob decrypts “ticket to Bob” to get K AB which he then uses to verify timestamp Alice’s Computer Bob

127 Networking Overview 126 Kerberos  Session key S A used for authentication  Can also be used for confidentiality/integrity  Timestamps used for mutual authentication  Recall that timestamps reduce number of messages o Acts like a nonce that is known to both sides o Note: time is a security-critical parameter!

128 Networking Overview 127 Kerberos Questions  When Alice logs in, KDC sends E(S A,TGT,K A ) where TGT = E(“Alice”,S A,K KDC ) Q: Why is TGT encrypted with K A ? A: Extra work and no added security!  In Alice’s Kerberized login to Bob, why can Alice remain anonymous?  Why is “ticket to Bob” sent to Alice?  Where is replay prevention in Kerberos?

129 Networking Overview 128 Kerberos Alternatives  Could have Alice’s workstation remember password and use that for authentication o Then no KDC required o But hard to protect password on workstation o Scaling problem  Could have KDC remember session key instead of putting it in a TGT o Then no need for TGT s o But stateless KDC is big feature of Kerberos

130 Networking Overview 129 Kerberos Keys  In Kerberos, K A = h(Alice’s password)  Could instead generate random K A and o Compute K h = h(Alice’s password) o And workstation stores E(K A, K h )  Then K A need not change (on workstation or KDC) when Alice changes her password  But E(K A, K h ) subject to password guessing  This alternative approach is often used in applications (but not in Kerberos)

131 Networking Overview 130 Kerberos Issues?  What if…  Trudy gets Alice’s “credentials”? o No problem! o Credentials encrypted with K KDC  Trudy breaks into Alice’s machine? o Session key S A is cached o This breaks authentication

132 Networking Overview 131 Conclusion  TCP/IP very flexible  TCP/IP not designed for security o Highly hackable  SSL, IPSec, etc., help o But many problems remain

133 Networking Overview 132 Summary  TCP/IP, OSI Ref. Model, Layers, …  Protocols: TCP, UDP, IP, ICMP  Ports, well-known ports  TCP flags/control bits  3-way handshake  Unreliable Damn Protocol

134 Networking Overview 133 Summary  IP, IP addresses, fragments, etc.  ICMP, “plumbing”  Routing, NAT, Firewalls  Ethernet, hub, switch, MAC address, ARP  WLAN and  PGP, SSH, S/MIME  SSL and IPSec


Download ppt "Networking Overview 1 Networking Overview Networking Overview 2 TCP/IP  TCP/IP == Transmission Control Protocol/Internet Protocol  Almost ubiquitous."

Similar presentations


Ads by Google