1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

Cryptography and Network Security Chapter 16
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security
Chapter 5 Network Security Protocols in Practice Part I
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Cs490ns-cotter1 SSH / SSL Supplementary material.
SSH Secure Login Connections over the Internet
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Network Security Essentials Chapter 5
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
06 APPLYING CRYPTOGRAPHY
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Understand Internet Security LESSON Security Fundamentals.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Cryptography CSS 329 Lecture 13:SSL.
1 Example security systems n Kerberos n Secure shell.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Virtual Private Networks
SECURING NETWORK TRAFFIC WITH IPSEC
SECURE SHELL MONIKA GUPTA COT 4810.
The Secure Sockets Layer (SSL) Protocol
Presentation transcript:

1 SSH / SSL Supplementary material

2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed –rlogin –rcp –rsh All data was unencrypted –This was a different world than exists today.

3 SSH SSH is a UNIX-based command interface and protocol for securely accessing a remote computer Suite of four utilities—slogin, ssh, sftp, and scp Can protect against: –IP spoofing –DNS spoofing –Intercepting information

4 SSH Objectives Protect data sent over the network –Negotiate an encryption algorithm between sender and receiver –Use that algorithm and a session key to encrypt / decrypt data sent Provide site authentication –Use public key / fingerprint to ensure identity of remote host. –Relies on locally generated keys, so no certifying authority is generally available.

5 SSH Communications Using password SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) OK S_key(Uname,pwd) OK S_key(data) Send Serv_Pub_Key

6 SSH Wire Shark Trace

SSH Communications Using Public Key Problems with Password Authentication –Passwords can be guessed. –Default allows multiple attempts against account –Only 1 account / password needs to be guessed –Alternate approach is to use public / private keys to authenticate user Public Key Authentication –Create public / private keypair –Ensure that private –Upload public key to server user account: ~.ssh/authorized_keys –ssh –o PreferredAuthentications=publickey server.example.org

SSH Communications Using Public Key SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) OK S_key(Uname) OK S_key(data) Send Serv_Pub_Key Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random)

9 SSH Tunneling Use SSH to create an encrypted channel between remote host and server Use that encrypted channel to carry other traffic. SSH Tunnel www access Web Server Local port Internet LAN

SSH Tunneling ssh –L 12345: :80 –l root homenet.net

11 SSH Tunneling

12 Secure Copy (scp) Allows encrypted transfer of files between machines Download files from server: –scp myfile1.txt password: xxxxx Upload files to server –Scp myfile.txt password: xxxxx

13 SSH Passwordless Login On remote client: –Create key pair. Store in.ssh subdirectory On ssh server: –Modify sshd_config to allow shosts based authentication –Create.shosts file in user’s subdirectory –Copy public key from remote client to.ssh subdirectory/authorized_keys

14 SSH Passwordless Login SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) OK S_key(Uname) OK S_key(data) Send Serv_Pub_Key Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random)

15 SecureSockets Layer (SSL) Transport Layer Security (TLS) Originally developed by Netscape to support encrypted access to web servers. SSL v3 released Served as the basis for IETF standard TLS (1999) Used by major financial institutions for secure commerce over the Internet Early problem with weak keys resolved with longer (128-bit) keys

16 SSL / TLS Application (www) SSL / TLS TCP IP

17 SSL/TLS Handshake SSL Client SSL Server Client hello Ciphers I have Server Hello Cipher I choose Server certificate (S_Pub) OK S_Pub(Session_key) Session_key(data)

18 SSL/TLS Security Depends on integrity of public key certificate Public Key Infrastructure (PKI) –Components necessary to securely distribute public keys –Certificate Authorities: Organizations that certify the relationship between a public key and its owner. –Verisign,Thawte

19 SSL/TLS Implementations SSL v2 – Still in use SSL v3 – Most widely deployed TLS v1 – Starting Deployment OpenSSL – Linux/UNIX toolkit that supports all 3 protocols listed above. Private Communication Technology (PCT) –Developed by Microsoft –Compatible with SSL v2 Versions are not completely compatible

SSL/TLS Vulnerability SSL/TLS supports the concept of session renegotiation due to errors, requests, etc. This feature assumes that the renegotiation is with the original party, and any requests or messages transmitted before the renegotiation are combined (pre-pended) with the requests after renegotiation This behavior can be abused to allow man-in-the-middle attacks Demonstrated with https, but the vulnerability exists with any application that uses SSL/TLS

SSL/TLS Vulnerability Client MITMServer TLS handshake session #1 TLS handshake session #2 GET /ebanking/paymemoney.cgi? Acc=LU ?amount=1000 Ignore-what-comes-now; Trigger renegotiation TLS handshake session #1 continued within the encrypted session #2 Client has authenticated session At app layer (with cookie) GET /ebanking/ Cookie: AS X Server receives: GET /ebanking/paymemoney.cgi? Acc=LU ?amount=1000 Ignore-what-comes-now; GET /ebanking/ Cookie: AS

22 References SSH –SSH Tutorial ( Tutorial – –UNIX Secure Shell – Carasik – McGraw-Hill, 1999 –SSH Agent Forwarding (unixwiz.net/techtips/ssh-agent-forwarding.html)unixwiz.net/techtips/ssh-agent-forwarding.html SSL – –RFCs – 2246, 3546 –SSL Authentication Gap (SSL Gap) ( ) –TLS/SSL renegotiation vulnerability explained ( )

SSH RFCs 4250 The Secure Shell (SSH) Protocol Assigned Numbers. –S. Lehtinen, C. Lonvick, Ed.. January (Format: TXT=44010 bytes) –(Status: PROPOSED STANDARD) 4251 The Secure Shell (SSH) Protocol Architecture. –T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=71750 bytes) –(Status: PROPOSED STANDARD) 4252 The Secure Shell (SSH) Authentication Protocol. – T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=34268 bytes) –(Status: PROPOSED STANDARD) 4253 The Secure Shell (SSH) Transport Layer Protocol. – T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=68263 bytes) –(Status: PROPOSED STANDARD) 4254 The Secure Shell (SSH) Connection Protocol. – T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=50338 bytes) – (Status: PROPOSED STANDARD) 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. – J. Schlyter, W. Griffin. January (Format: TXT=18399 bytes) –(Status: PROPOSED STANDARD) 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). –F. Cusack, M. Forssen. January (Format: TXT=24728 bytes) –(Status: PROPOSED STANDARD) 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. –M. Bellare, T. Kohno, C. Namprempre. January (Format: TXT=27521 bytes) –(Status: PROPOSED STANDARD) 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. – M. Friedl, N. Provos, W. Simpson. March (Format: TXT=18356 bytes) –(Status: PROPOSED STANDARD) 4716 The Secure Shell (SSH) Public Key File Format –. J. Galbraith, R. Thayer. November (Format: TXT=18395 bytes) – (Status: INFORMATIONAL) 4819 Secure Shell Public Key Subsystem. –J. Galbraith, J. Van Dyke, J. Bright. March (Format: TXT=32794 bytes) –(Status: PROPOSED STANDARD)

24 Summary SSH –Supports secure remote access to hosts –SSH – secure shell –SCP – secure copy –SFTP – secure file transfer SSL –Provides a framework for incorporating secure communications into applications –Uses strong cryptography –Can rely on PKI for reliable sharing of public keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.