Cosc 4765 SSL/TLS and VPN
SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http), just for http Proposed by CommerceNet, pretty much dead –SSL (TLS), generic for TCP https: http over SSL –IPSec http over IPSec
Security facilities in the TCP/IP protocol stack
SSL and TLS SSL was originated by Netscape TLS working group was formed within IETF First version of TLS can be viewed as an SSLv3.1
SSL Overview For any TCP protocol: HTTP ( port 443), NNTP, telnet, etc. –Secure byte stream. Optional (but common) public key server authentication. Optional client authentication. Hash: combined MD5 and SHA. Encryption optional. Now: TLS (IETF WG).
SSL/TLS Overview Secure Sockets Layer –Establishes encrypted channel for communications –Establishes a private session with public keys –All communications encrypted with private key
SSL Architecture Two layers: –SSL record protocol provides basic security services –3 higher-layer protocols: Handshake, change cipher spec, alert Connection –A transport with some service, associated with a session Session –Created by handshake, defines cryptographic security parameters for multiple connections
Handshake Protocol The most complex part of SSL. Allows the server and client to authenticate each other. Negotiate encryption, MAC algorithm and cryptographic keys. Used before any application data are transmitted.
Handshake Protocol Action
SSL Record Protocol 2 services: –Confidentiality, message integrity Layered protocol: –Fragment application data into blocks –Compress data –Apply message authentication code (MAC) = h(s|m) for message m and secret s –Encrypt with client (cw) or server (sw) write key –Transmit over TCP Specify content type for higher protocols
SSL Record Protocol Operation
SSL Record Format
Transport Layer Security The same record format as the SSL record format. Defined in RFC Similar to SSLv3. Differences in the: –version number –message authentication code –pseudorandom function –alert codes –cipher suites –client certificate types –certificate_verify and finished message –cryptographic computations –padding
Virtual Private Networks VPN –Can be built on top of SSL or IPSec infrastructure Works well with firewalls or as standard alone appliance. –User outside the firewall needs to get inside the firewall safely –Encrypted “tunnel” or channel is negotiated with firewall –User’s packets going to hosts behind the firewall get translated so they look like they’re coming from an internal IP –From the user’s point of view, they are “inside” the private network
IPSec IPSec is not a single protocol –but rather a set of services and protocols that provide a complete security solution for an IP network. Some of the kinds of protection services offered by IPSec include: –Encryption of user data for privacy. –Authentication of the integrity of a message to ensure that it is not changed en route. –Protection against certain types of security attacks, such as replay attacks. –The ability for devices to negotiate the security algorithms and keys required to meet their security needs. –Two security modes, tunnel and transport, to meet different network needs.
IP Security (IPSec) RFC Standards RFC 2401 Security Architecture for the Internet Protocol –Main document describing how to put it all together. RFC 2402IP Authentication Header –Defines the IPSec Authentication Header (AH) protocol used for ensuring data integrity and origin verification. RFC 2403 The Use of HMAC-MD5-96 within ESP and AH –Describes a particular encryption algorithm for use by AH and ESP called Message Digest 5 (MD5), HMAC variant. RFC 2404 The Use of HMAC-SHA-1-96 within ESP and AH –Describes a particular encryption algorithm for use by AH and ESP called Secure Hash Algorithm 1 (SHA-1), HMAC variant. RFC 2406 IP Encapsulating Security Payload (ESP) –Describes the IPSec Encapsulation Security Payload (ESP) protocol that provides data encryption for confidentiality. RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) –Defines methods for exchanging keys and negotiating security associations. RFC 2409 The Internet Key Exchange (IKE) –Describes the Internet Key Exchange (IKE) protocol used to negotiate security associations and exchange keys between devices for secure communications. Based on ISAKMP and OAKLEY. RFC 2412 The OAKLEY Key Determination Protocol –Describes a generic protocol for key exchange.
Operations It provides security services at the IP layer for other TCP/IP protocols and applications to use. –Provides the tools that devices on a TCP/IP network need in order to communicate securely To accomplish this they: 1.They agree on a set of security protocols to use, so that each one sends data in a format the other can understand. 2.They must decide on a specific encryption algorithm to use in encoding data. 3.They must exchange keys that are used “unlock” data that has been cryptographically encoded. 4.Once this background work is completed, each device must use the protocols, methods and keys previously agreed upon to encode data and send it across the network.
Components Core –IPSec Authentication Header (AH): provides authentication services for IPSec. verify that the supposed originator of a message was in fact the one that sent it. verify that none of the data in the datagram has been changed by any intermediate devices en route. Protects from “replay” attacks –Encapsulating Security Payload (ESP): ensures integrity of the data in datagram, but not its privacy, when the information in a datagram is “for your eyes only”, it can be further protected using the ESP protocol, which encrypts the payload of the IP datagram.
Implementation Integrated into the IP stack a common method, if all data going between two devices.
Implementation (2) When using two VPNS to provide a secure connection between remote locations
IPSec Modes There are 2 modes, Transport and tunnel –The main differences is one protects the orignal IP datagram (including headers), while the other does not. Transport –IP header, IPSec Header, IP payload. Tunnel –New IP header, IPSec header, old IP header, IP payload
Transport Mode
Tunnel Mode
Authentication Header (AH) AH is a protocol that provides authentication of either all or part of the contents of a datagram through the addition of a header that is calculated based on the values in the datagram. –What parts of the datagram are used for the calculation, and the placement of the header, depends on the mode (tunnel or transport) Remember this provides no privacy or encryption, only the integrity of the data.
Encapsulating Security Payload (ESP) Encrypts the IP datagrams. An encryption algorithm combines the data in the datagram with a key to transform it into an encrypted form. This is then repackaged using a special format that we will see shortly, and transmitted to the destination, which decrypts it using the same algorithm.
Putting it all together
Anti-replay Feature Optional Information to enforce held in SA entry Sequence number counter - 32 bit for outgoing IPSec packets Anti-replay window –32-bit –Bit-map for detecting replayed packets
Anti-replay Sliding Window Window should not be advanced until the packet has been authenticated Without authentication, malicious packets with large sequence numbers can advance window unnecessarily –Valid packets would be dropped!
References Computer Networking with internet protocols and technology, Stallings, Prentice Hall, netProtocolIPIPv4IPngIPv6andIPRelat edProtocol.htmhttp:// netProtocolIPIPv4IPngIPv6andIPRelat edProtocol.htm
Q A &