Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.

Slides:

Advertisements

Similar presentations

Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL: Secure Sockets Layer

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Lecture 24 Secure Communications CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

IPsec Internet Headquarters Branch Office SA R1 R2

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

K. Salah1 Security Protocols in the Internet IPSec.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Lecture 7: Network Level Security – IPSec CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Keith Ross, and.

Lecture 23 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,

24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)

Secure connections.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)

Security at different layers

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.

Secure Sockets Layer (SSL) and Transport layer security (TLS)

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

8.4 – 8.5 Securing & Securing TCP connections with SSL By: Amanda Porter.

Karlstad University IP security Ge Zhang

Network Security David Lazăr.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

K. Salah1 Security Protocols in the Internet IPSec.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these ppt.

Real Security Protocols 1. Securing 2. Securing TCP connections: SSL 3. Network layer security: IPsec 4. Securing wireless LANs Computer Networking:

Last time Message Integrity Authentication

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

IPSec Detailed Description and VPN

Security in the layers 8: Network Security.

CSE 4905 IPsec.

BINF 711 Amr El Mougy Sherif Ismail

IP Security and VPN Most of the slides are derived from the slides (Chapter-8) by the authors of «Computer Networking: A Top Down Approach», and from the.

Slides have been taken from:

Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs)

Security at the Transport Layer

Presentation transcript:

Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University July , 2014 Supported by National Science Foundation

Securing Computer Networks Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU2  Recall the five layers in computer networks:  Q: In what layer do you think we should apply security tool? Transport Application Physical Link Network

Securing Computer Networks Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU3  Recall the five layers in computer networks:  Q: In what layer do you think we should apply security tool? Transport Application Physical Link Network We secure everything coming from above.

Securing Computer Networks Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU4  Recall the five layers in computer networks:  Q: In what layer do you think we should apply security tool? Transport Application Physical Link Network We secure everything coming from above.

Security in Application Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU5  We design a security module for a specific application:  Different applications may need different security efforts.  Case Study:  Securing s  Q: What are the security needs for s?

Secure Confidentiality Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU6 Notations:  K S : A symmetric key  K B : Bob’s public key  K S : Bob’s private key  Alice wants to send confidential , m, to Bob. + - K S ( ). K B ( ) K S (m) K B (K S ) + m KSKS KSKS KBKB + K S ( ). K B ( ). - KBKB - KSKS m K S (m) K B (K S ) + Internet

Secure Confidentiality Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU7 Alice:  Generates a random symmetric key K S  Encrypts message with K S  Also encrypts K S with Bobs public key  Sends both K S (m) and K B (K S ) to Bob  Alice wants to send confidential , m, to Bob. K S ( ). K B ( ) K S (m) K B (K S ) + m KSKS KSKS KBKB + K S ( ). K B ( ). - KBKB - KSKS m K S (m) K B (K S ) + Internet

Secure Confidentiality Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU8  Alice wants to send confidential , m, to Bob. K S ( ). K B ( ) K S (m) K B (K S ) + m KSKS KSKS KBKB + K S ( ). K B ( ). - KBKB - KSKS m K S (m) K B (K S ) + Internet Bob:  Uses his private key to decrypt and recover K S  Uses K S to decrypt K S (m) to recover m

Secure Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU9  Alice wants to provide sender authentication message integrity  Alice digitally signs message  Sends both message and digital signature H( ). K A ( ) H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare

Secure Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU10  Alice wants to provide both secrecy and authentication. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

Secure Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU11  Alice wants to provide both secrecy and authentication. H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS Q: What are the steps on the Bob’s side?

Secure Example Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU12  PGP (Pretty Good Privacy) Protocol -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bob: Can I see you tonight? Passionately yours, Alice -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw END PGP SIGNATURE----- m K A (H(m)) -

Secure Example Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU13  PGP (Pretty Good Privacy) Protocol -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bob: Can I see you tonight? Passionately yours, Alice -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw END PGP SIGNATURE----- K A (H(m)) m -----BEGIN PGP MESSAGE----- Version: PGP for Personal Privacy 5.0 u2R4d+/jKmn8Bc5+hgDsqAewsDfrGdszX68liKm5F6Gc4sDfcXyt RfdSlOjuHgbcfDssWe7/K=lKhnMikLo0+l/BvcX4t==Ujk9PbcD4 Thdf2awQfgHbnmKlok8iy6gThlp -----END PGP MESSAGE - K B (…) +

Security in Transport Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU14 This is not application-specific. Case Study:  SSL: Secure Sockets Layer  Transport Later Security to TCP-based apps. Transport Application Physical Link Network We secure everything coming from above.

SSL: Secure Sockets Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU15 Widely deployed protocol – Supported by almost all browsers, web servers – HTTPS First Implementation: – Netscape Provides – Confidentiality – Data Integrity – Authentication Original goals: – Web e-commerce transactions – Encryption (especially credit-card numbers) – Web-server authentication – Optional client authentication Available to all TCP apps – Secure socket interface

SSL Example – Online Purchase Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU16  Confidentiality: Credit Card Information  Data Integrity: Altering Your order (e.g., address)  Server Authentication: Fake Amazon Website!

SSL and TCP/IP Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU17 Application TCP IP normal application Application SSL TCP IP application with SSL  SSL provides application programming interface (API) to application developers to use “secure sockets”.  C and Java SSL libraries/classes readily available

SSL Approach: Something Like PGP Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU18  But want to send byte streams & interactive data (Q: Why?)  Want set of secret keys for entire connection  Want certificate exchange as part of protocol: handshake phase H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

SSL Lifetime Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU19 Handshake: Alice and Bob use their certificates, private keys to authenticate each other. – Now, they can exchange shared secret Key Derivation: Alice and Bob use shared secret to derive set of [symmetric] keys. Data Transfer: Exchange encrypted byte streams. Connection Closure: special messages to securely close connection (Q: Why securely?)

SSL: A Simple Handshake Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU20 MS: Master Secret EMS: Encrypted Master Secret SSL hello public key certificate K B + (MS) = EMS To Generate Symmetric Keys K B - (EMS) [ More details on handshake coming soon! ]

SSL: Key Derivation Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU21 Generate and use different keys for – Message Authentication Code (MAC) – Data Encryption Using Key Derivation Function (KDF) and Master Key (MS), Bob and Alice generate four different keys: – K B = Encryption key for data sent from Bob to Alice – M B = MAC key for data sent from Bob to Alice – K A = Encryption key for data sent from Alice to Bob – M A = MAC key for data sent from Alice to Bob

SSL: Data Records Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU22 Break down the byte stream into series of records – Each record carries a separate MAC – Receiver can act on each record as it arrives E.g., separate message identification in instant messaging Issue: Receiver needs to distinguish MAC from data – Want to use variable-length records  Indicate Data Length lengthdataMAC

SSL: Sequence Numbers Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU23 Problem: attacker can capture and replay record or re-order records – Is it a new message?

SSL: Sequence Numbers Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU24 Problem: attacker can capture and replay record or re-order records – Is it a new message? Solution: put sequence number into MAC: – MAC = MAC(M x, sequence||data) – Note: no separate sequence number field (Unlike TCP)

SSL: Sequence Numbers Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU25 Problem: attacker can capture and replay record or re-order records – Is it a new message? Solution: put sequence number into MAC: – MAC = MAC(M x, sequence||data) – Note: no separate sequence number field (Unlike TCP) Problem: attacker could replay all records Solution: use nonce (a number used once in a life-time)

SSL: Control Information Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU26 Problem: truncation attack: – Attacker forges TCP connection close segment – One or both sides think there is less data than actually is. Solution: record types, with one type for closure – Type 0 for data; Type 1 for closure MAC = MAC(M x, sequence||type||data) lengthtype data MAC

SSL: Summary Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU27 hello certificate, nonce K B + (MS) = EMS type 0, seq 1, data type 0, seq 2, data type 0, seq 1, data type 0, seq 3, data type 1, seq 4, close type 1, seq 2, close encrypted bob.com

SSL: We Are Not Done Yet! Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU28 How long are fields?  Standard Which encryption protocols? Want negotiation? – Allow Bob (client) and Alice (server) to support different encryption algorithms – Allow Bob (client) and Alice (server) to choose together specific algorithm before data transfer.

SSL Encryption Protocol Selection Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU29 Cipher Suite – Public-key algorithm – Symmetric encryption algorithm – MAC algorithm SSL supports many cipher suites –DES – Data Encryption Standard: block –3DES – Triple strength: block –RC2 – Rivest Cipher 2: block –RC4 – Rivest Cipher 4: stream

SSL: Handshake Details Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU30 Purpose 1.Server authentication 2.Negotiation: agree on crypto algorithms 3.Establish keys 4.Client authentication (optional)

SSL: Handshake Details Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU31 1.Client sends list of algorithms it supports – Along with client nonce 2.Server chooses algorithms from list; sends back: choice + public key certificate + server nonce

SSL: Handshake Details Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU32 3.Client – Verifies server’s public key certificate with a CA – Generates master_secret, – Encrypts it using server’s public key – Sends the encryption result back to the server Using its private key, the server obtains master_secret.

SSL: Handshake Details Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU33 4.Client and server use – master_secret – Nonces to independently compute: – Encryption – MAC keys

SSL: Handshake Details Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU34 5.Client sends a MAC in all the handshake messages 6.Server sends a MAC in all the handshake messages

SSL Programming Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU35  SSL programming tutorial:

Security in Network Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU36 This is not application-specific. Case Study:  IPSec: Internet Protocol (IP) Security Protocol  VPN: Virtual Private Networks (Using IPSec) Transport Application Physical Link Network We secure everything coming from above.

What is Network-layer Confidentiality? Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU37 Between two network entities: Sending entity encrypts datagram (Q: why?) payload. Payload could be: – TCP or UDP segment, ICMP message,... Indifferent to the content: – Web pages, , P2P file transfers, TCP SYN packets … “Blanket Coverage”

Virtual Private Networks (VPNs) Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU38 Motivation: Institutions often want private networks for security. – Cost: Separate routers, links, DNS infrastructure. – Feasibility: Members are not always physically co-located. VPN: Inter-office traffic is sent over public Internet, but – Encrypted before entering public Internet – Logically separated from other traffic

Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU39 Virtual Private Networks (VPNs) IP header IPsec header Secure payload IP header IPsec header Secure payload IP header IPsec header Secure payload IP header payload IP header payload Headquarters Branch Office Salesperson in a Hotel Laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec public Internet

Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU40 Virtual Private Networks (VPNs) IP header IPsec header Secure payload IP header IPsec header Secure payload IP header IPsec header Secure payload IP header payload IP header payload Headquarters Branch Office Salesperson in a Hotel Laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec public Internet No Need for IPsec

Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU41 Virtual Private Networks (VPNs) IP header IPsec header Secure payload IP header IPsec header Secure payload IP header IPsec header Secure payload IP header payload IP header payload Headquarters Branch Office Salesperson in a Hotel Laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec public Internet Must Use IPsec

IPsec Services Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU42 Data integrity Origin authentication Replay attack prevention (Sliding Window) Confidentiality Two protocols to send and receive secure datagrams: – Authentication Header (AH) – Encapsulated Security Payload (ESP)

IPsec Services Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU43 Authentication Header (AH) – Source Authentication – Data Integrity Encapsulated Security Payload (ESP) – Source Authentication – Data Integrity – Confidentiality

IPsec Services Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU44 Authentication Header (AH) – Source Authentication – Data Integrity Encapsulated Security Payload (ESP) – Source Authentication – Data Integrity – Confidentiality Critical

IPsec Services Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU45 Authentication Header (AH) – Source Authentication – Data Integrity Encapsulated Security Payload (ESP) – Source Authentication – Data Integrity – Confidentiality More Popular (Our Focus)

IPsec – Tunneling Mode Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU46 Edge routers IPsec-aware IPsec Tunnel Mode Host Mode Hosts IPsec-aware

Security Associations (SAs) Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU47 In ESP, before sending data, a “security association (SA)” is established from sending to receiving entity Receiving entitles maintain state information about SA – SA is opened – SA is closed Details: How many SAs in VPN w/ headquarters, branch office, and n traveling salespeople?

Example SA from R1 to R2 Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU / /24 security association Internet headquarters branch office R1 R2

Example SA from R1 to R2 Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU / /24 security association Internet headquarters branch office R1 R2 Initiating Router

Example SA from R1 to R2 Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU / /24 security association Internet headquarters branch office R1 R2 Receiving Router

Example SA from R1 to R2 Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU / /24 security association Internet headquarters branch office R1 R2 R1 maintains the following state information:  32-bit SA identifier: Security Parameter Index (SPI)  Origin SA interface ( )  Destination SA interface ( )  Encryption key and type of encryption (confidentiality)  Authentication key and type of authentication

Example SA from R1 to R2 Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU52 Example SA Fields: SPI: Source IP: Dest IP: Protocol: ESP Encryption algorithm: 3DES-cbc HMAC algorithm: MD5 Encryption key: 0x7aeaca… HMAC key:0xc0291f…

Security Association Database (SAD) Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU53  Routers hold SA states in security association database (SAD), where it can locate them during processing.  When sending IPsec datagram, R1 uses SAD to see how to process datagram. (Q: what kind of process?)  When IPsec datagram arrives to R2, R2 indexes SAD with SPI, and processes datagram accordingly.

IPsec Datagram Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU54 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq #

IPsec Datagram Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU55 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq # Adjust Length for Block Ciphers

IPsec Datagram Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU56 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq # UDP, TCP, etc.

IPsec Datagram Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU57 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq # Authentication with Shared Secret Key

IPsec Big Picture: What happens? Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU / /24 security association Internet headquarters branch office R1 R2 new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq #

IPsec Sequence Numbers Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU59 For new SA, sender initializes seq. # to 0 Each time datagram is sent on SA: – sender increments seq # counter and updates seq # field Q: Why do we use sequence numbers here?

IPsec Sequence Numbers Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU60 For new SA, sender initializes seq. # to 0 Each time datagram is sent on SA: – sender increments seq # counter and updates seq # field Goal: – Prevent attacker from sniffing and replaying a packet

IPsec Sequence Numbers Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU61 For new SA, sender initializes seq. # to 0 Each time datagram is sent on SA: – sender increments seq # counter and updates seq # field Goal: – Prevent attacker from sniffing and replaying a packet Method: – destination checks for duplicates – doesn’t keep track of all received packets; just uses a window

IPsec Services (Summary) Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU62 Trudy sits between R1 & R2. With no keys, can she: – See the original contents of datagram? – See the source, dest IP addr, transport protocol, app port? – Flip bits without detection? – Pretend to be R1 using R1’s IP address? – Replay a datagram? Justify Your Answers!

IKE: Internet Key Exchange Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU63 For 1 or 2 tunnels we can do manual keying. – Just manually enter the SA information to two routers The router in Headquarters. The router in Branch Office. It will be impractical for VPN with 100s of endpoints! Instead use IPsec IKE (Internet Key Exchange) – Similar to the Handshaking in SSL (Q: Remember SSL?)

IKE: PSK and PKI Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU64 Authentication (prove who you are) with either – Pre-shared secret (PSK) or – With PKI (pubic/private keys and certificates).

IKE: PSK and PKI Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU65 Authentication (prove who you are) with either – Pre-shared secret (PSK) or – With PKI (pubic/private keys and certificates). PSK: both sides start with a secret – run IKE to authenticate each other and to generate IPsec SAs (one in each direction) with encryption, authentication keys

IKE: PSK and PKI Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU66 Authentication (prove who you are) with either – Pre-shared secret (PSK) or – With PKI (pubic/private keys and certificates). PSK: both sides start with a secret – run IKE to authenticate each other and to generate IPsec SAs (one in each direction) with encryption, authentication keys PKI: both sides start with public/private keys, certificate – run IKE to authenticate each other, obtain IPsec SAs

IPsec Summary Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU67 IKE message exchange for algorithms, keys, SPI #s ESP Protocol (or AH protocol) – Use SAD, Sequence #s, etc. IPsec peers can be two end systems: – Two routers/firewalls, – A router/firewall and an end system – Two end systems, …

Security in Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU68 This is not application-specific. Case Study:  Wireless LAN: Wireless Local Area Network  WEP: Wired Equivalent Privacy Transport Application Physical Link Network We secure everything coming from above.

Security in Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU69 The main focus at link layer is to handle different link types: – Wired (Ethernet Cable, etc.) – Wireless (WLAN: Shared Channels, Q: Why?) Q: Which one is more vulnerable? Why? Q: Why do we care about WEP (Wired Equivalent Privacy)?

Security in Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU70 Our Focus: WiFi = IEEE We will cover: – IEEE WEP – IEEE i WEP Our Focus

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU71 WEP does not specify a key management algorithm. Assumption: – Shared key via an out-of-band method. (Q: What does that mean?) AP Mobile Device

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU72 WEP does not specify a key management algorithm. AP Mobile Device

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU73 WEP does not specify a key management algorithm. Q: Should the Mobile Device send the Security Key to the Access Point to Authenticate Itself? Q: Why? AP Mobile Device

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU74 WEP does not specify a key management algorithm. Q: Should the Mobile Device send the Security Key to the Access Point to Authenticate Itself? Q: Why? Q: What is your suggestion? AP Mobile Device

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU75 Step 1: Mobile Device Requests Authentication. AP Mobile Device I need access.

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU76 Step 2: Access point responds with a 128 bye nonce. AP Mobile Device Uniquely Generated Nonce.

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU77 Step 3: MD encrypts nonce using its Security Key. AP Mobile Device Encrypted Nonce.

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU78 Step 4: AP checks encrypted nonce and grants access. AP Mobile Device Authentication

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU79 Step 4: AP checks encrypted nonce and grants access. AP Mobile Device Authentication [ AP indicates if Authentication is necessary in beacon frames. ]

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU80 A hacker may hear all message exchanges. Q: Why? AP Mobile Device

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU81 Q: Does it help to try replay? Q: Why? AP Mobile Device

WEP Mobile Device Authentication Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU82 Q: How about trying different security keys… AP Mobile Device

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU83 Note 1: WEP must be “self-synchronized” – Each frame should be separately encrypted. – That is, no encryption dependency among frames. – Q: Why?

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU84 Note 1: WEP must be “self-synchronized” – Each frame should be separately encrypted. – That is, no encryption dependency among frames. – Q: Why? Frame Loss is a Frequent Problem in Wireless Links.

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU85 Note 2: We need to handle bit errors with CRC: – CRC: Cyclic Redundancy Check – Include CRC inside encryption. Frame Data: Payload CRC

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU86 Note 3: Minimal computation for encryption: – We cannot make encryption the bottleneck. – We send thousands of frames in a second. Can’t afford spending too much time on encryption. CRC an other tasks already take some time.

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU87 IEEE WEP uses XOR encryption! Q: What is the benefit? Payload CRC XOR Encrypted Data Security Key

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU88 IEEE WEP uses XOR encryption! Q: What is the disadvantage? Payload CRC XOR Encrypted Data Security Key

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU89 Q: What if the hacker knows the content? – Example: She knows know what file is being downloaded. – Knowing the content of one frame is enough: XOR Known Original Content Security Key Encrypted Data

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU90 The hacker can apply the key to the rest of frame. Solution: Use a different key for each frame. – Of course, both sides should know the key. – Q: Any suggestion?

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU91 IEEE WEP uses Initialization Vector (IV): Key Generator Function Randomly Generated 24-bit IV 40-bit Security Key

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU92 IEEE WEP uses Initialization Vector (IV): Key Generator Function Randomly Generated 24-bit IV 40-bit Security Key Per-Frame Security Key Encrypt Frame Data Indicate IV (Q: Why?)

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU93 IEEE WEP uses Initialization Vector (IV): Header IV Original Payload CRC Encrypted Link Layer Payload

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU94 IEEE WEP uses Initialization Vector (IV): Q: Do we encrypt IV or is it in plain text? Header IV Original Payload CRC Encrypted Link Layer Payload

Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU95 IEEE WEP uses Initialization Vector (IV): Q: Do we encrypt IV or is it in plain text? Q: Should we avoid duplicating ‘random’ IVs? Header IV Original Payload CRC Encrypted Link Layer Payload

IEEE i: Improved Security Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU96 Numerous (stronger) forms of encryption: – Encryption method is chosen during handshake. Uses authentication server separate from AP – MDs use AP to talk to authentication server first. – Example: Institutional WiFis, like at UC Riverside. Provides key distribution and generation, etc…

Firewalls: Operational Security Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU97 Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others! firewall administered network public Inter net firewall trusted “good guys” untrusted “bad guys”

Why Do We Need Firewalls? Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU98 Reason 1: They can Prevent Denial-of-Service (DoS) Attacks:  TCP SYN Flooding:  Attacker establishes many bogus TCP connections, no resources left for “real” connections Reason 2: Prevent illegal modification / access of internal data Q: Other reasons?

Firewall Example: Packet Filtering Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU99 Internal network connected to Internet via router firewall. Should arriving packet be allowed in? Departing packet let out?

Firewall Example: Packet Filtering Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU100 Router filters packet-by-packet based on: – Source IP address, Destination IP address Example: Block TCP connections by IP addresses in a county. Should arriving packet be allowed in? Departing packet let out?

Firewall Example: Packet Filtering Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU101 Router filters packet-by-packet based on: – TCP/UDP source and destination port numbers Example: Block all UDP packets, Or block non-standard ports Should arriving packet be allowed in? Departing packet let out?

Firewall Example: Packet Filtering Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU102 Router filters packet-by-packet based on: – ICMP message type Example: Block any “Ping” from the outside. Should arriving packet be allowed in? Departing packet let out?

Firewall Example: Packet Filtering Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU103 Router filters packet-by-packet based on: – TCP SYN and ACK bits Example: Block any “inbound” ACK = 0. Only the internal hosts can “initiate” a TCP connection to outside; not the reverse. Should arriving packet be allowed in? Departing packet let out?

Netowrk Security (Summary) Summer Workshop on Cyber Security August , 2014 – Network Security, Part 3, UCR & TTU104 Basic Techniques…... – Cryptography (Symmetric and Public) – Message Integrity – End-point Authentication …. used in many different layers – Application Layer: Secure – Transport Layer: Secure Transport (SSL) – Network Layer: IP sec – Link Layer: