Download presentation
Presentation is loading. Please wait.
1
Computer and Network Security
CSEN 1001 Computer and Network Security Amr El Mougy Alaa Gohar Heba Anwar **Slides are attributed to William Stallings
2
Lecture (10) Internet Security
3
Internet Security Protocols and Standards
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) IPv4 and IPv6 Security
4
Secure Sockets Layer (SSL)
Transport layer security service originally developed by Netscape version 3 designed with public input Subsequently became Internet standard RFC2246: Transport Layer Security (TLS) Use TCP to provide a reliable end-to-end service May be provided in underlying protocol suite Or embedded in specific packages
5
Secure Sockets Layer (SSL)
SSL identifies two main concepts: Session: an association between client and server that defines security parameters. Created by the Handshake Protocol Connection: A transport within a session supporting particular services. Every connection is associated with one session Handshake Protocol Change Cipher Spec Protocol Alert Protocol HTTP SSL Record Protocol TCP A client and a server may have more than one connections within a session They may also have several sessions but this is not common
6
SSL Record Protocol Services
Message integrity using a MAC with shared secret key Confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption
7
Record Protocol Operation
8
SSL Handshake Protocol
Allows server & client to: authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used Comprises a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange Finish
9
SSL Handshake Protocol
10
Change Cipher Spec Protocol
One of 3 SSL specific protocols which use the SSL Record protocol A single message Causes pending state to become current Hence updating the cipher suite in use
11
SSL Alert Protocol Conveys SSL-related alerts to peer entity Severity
warning or fatal Specific alert fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown Compressed & encrypted like all SSL data
12
HTTPS HTTP over SSL or TLS Uses port 443 instead of port 80
When HTTPS is used, the following are encrypted: URL of requested object Contents of object Contents of browser forms (filled in by user) Cookies HTTP header The client initiates the SSL/TLS session and connection Once the handshake is complete, the HTTP request can be sent Multiple TCP connections can be established in one session
13
IPSec Scheduled to be integral component of IPv6, optional in IPv4
Supports strong authentication and encryption at layer 3 Bi-directional tunnel Packet filtering is primary access control method Requires Public Key Infrastructure (PKI)
14
IPSec Uses
15
IPSec Functionality Functionality
AH (Authentication Header): integrity and authenticity ESP (Encrypted Security Payload): confidentiality, optional authentication & integrity Security Association (for each pair of hosts): determined by destination IP address and the SPI (Security Parameters Index) Specification of the crypto methods to be used by SPI Keys to be used by the crypto methods for that SPI The hosts and other entities associated with this traffic Key Management Manual Keying (required) Key Management Protocols (in flux)
16
IPSec Modes Transport Mode: Tunnel mode:
Provides protection to the payload of the packet (everything that comes after the IP header). Thus, headers are not encrypted Typically used for end-to-end communications between hosts Tunnel mode: Provides protection to the whole packet After AH or ESP headers are added, the entire packet plus the new headers are encrypted New outer IP header is then added Routers in the middle do not read the internal headers Used when one or both ends of the security association is a gateway, not a host
18
Security Policy (SP) and Security Association (SA)
SA is a one-way relationship between sender & receiver that affords security for traffic flow Defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier Has a number of other parameters seq no, AH & EH info, lifetime etc. SP determines how traffic in an SA is handled
19
IP Traffic Processing IPSec Architecture Inbound Packets
Outbound Packets Inbound Packets
20
Authentication Header
Provides data integrity and authentication Prevents source address spoofing Based on MAC Scope covers payload and parts of the IP header
21
Encapsulating Security Payload Header
Provides confidentiality and optional integrity Based on symmetric encryption techniques (AES) Scope depends on transport or tunnel modes
22
Combining Security Associations
23
Whatsapp End-to-End Encryption
Link encryption: data is visible to the server End-to-end encryption: data is encrypted in the server
24
Whatsapp End-to-End Encryption
New encryption system supports regular and group chats, images, videos, voice messages, files, and voice calls At the center of this system is the new “Signal Protocol” developed by Open Whisper Systems Even if a user’s key is physically compromised from a device, an attacker cannot decrypt previously encrypted messages
25
The Signal Protocol: Keys
Each user has three types of public keys: Long-term identity key generated at installation Medium-term key generated at installation and rotated periodically. The medium-term key is signed by the identity key One-time key: generated as needed In addition, there are three types of session keys: Root key: 32-byte value used to create chain keys Chain key: 32-byte value used to create message keys Message key: 80-byte value used to encrypt messages. Out of these 80 bytes, 32 are used for AES 256, another 32 are used for HMAC-SHA256, and 16 bytes IV
26
The Signal Protocol: Operation
At registration time, the client sends the public identity key, public medium-term key (signed by the private identity key) , and a set of one-time keys The private keys are never sent To chat with someone you need to establish a session (any open whatsapp chat is a session) A session does not need to be re-established unless the app is re-installed
27
The Signal Protocol: Operation
To establish a session, the initiator requests the public keys of the recipient from the server (identity key, signed medium term key, and one of the stored one-time keys) Once the server returns those keys, the initiator generates a new key and uses its own identity key in addition to the recipient’s public keys to calculate a master secret. The master secret is then used to create a root key and a chain key (using an algorithm similar to Diffie Hellman)
28
The Signal Protocol: Operation
Now, the initiator can start sending messages to the recipient, even if he/she is offline To establish the session at the receiving end, the initiator inserts all values necessary for the receiver to calculate the root and chain keys in the header of all messages The receiver uses this information together with its own private keys to calculate the master secret The master secret is used as input to the key-derivation function to calculate the root and chain keys
29
The Signal Protocol: Operation
Each message is encrypted with a message key that includes AES256 encryption and HMAC-SHA256 for integrity and authentication Each time a new message needs to be sent, a new message key is derived from the chain key The message key cannot be derived from the message The chain key is also rotated every time a message is sent
30
The Signal Protocol: Special Functions
To transmit media, the sender first saves it in an encrypted cloud store The sender then sends an encrypted pointer to the receiver to download the media Group messages in whatsapp are disseminated using server-side fan out (message is copied N times) Pairwise sessions are created between all members of the group Each of these session has a different chain key used to create message keys Thus, the sender encrypts the message N times (one for each member) and the server sends them Calls are established using encrypted RTP
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.