Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL and IPSec CS461/ECE422 Spring 2012. Reading Chapter 22 of text Look at relevant IETF standards.

Published byHugh Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "SSL and IPSec CS461/ECE422 Spring 2012. Reading Chapter 22 of text Look at relevant IETF standards."— Presentation transcript:

1 SSL and IPSec CS461/ECE422 Spring 2012

2 Reading Chapter 22 of text Look at relevant IETF standards

3 SSL Transport layer security – Provides confidentiality, integrity, authentication of endpoints – Developed by Netscape for WWW browsers and servers Internet protocol version: TLS – Compatible with SSL – Standard rfc2712rfc2712

4 Working at Transport Level Data link, Network, and Transport headers sent unchanged Original transport header can be protected if tunneling Ethernet Frame Header IP Header TCP Header TCP data stream Encrypted/authenticated Regardless of application

5 SSL Sessions and Connections SSL Sessions – Association between client and server – Created by Handshake protocol – Defines set of cryptographic security parameters SSL Connections – A transport-level connection – Potentially many connections per session – Share cryptographic parameters of session

6 SSL Protocol Stack

7 SSL Record Protocol Operation

8 Slide #11-8 Record Protocol Overview Lowest layer, taking messages from higher –Max block size 16,384 bytes –Bigger messages fragmented into multiple blocks –Construction –Block b compressed; call it b c –MAC computed for b c If MAC key not selected, no MAC computed –b c, MAC enciphered If enciphering key not selected, no enciphering done –SSL record header prepended

9 SSL Handshake Protocol Used to initiate connection – Sets up parameters for record protocol – 4 rounds Upper layer protocol – Invokes Record Protocol Note: what follows assumes client, server using RSA as interchange cryptosystem

10 Handshake Protocol: Phase 1 and 2

11 Handshake Round 1 Client Server { v C || r 1 || s 1 || ciphers || comps } Client Server {v || r 2 || s 1 || cipher || comp } v C Client’s version of SSL vHighest version of SSL that Client, Server both understand r 1, r 2 nonces (timestamp and 28 random bytes) s 1 Current session id (0 if new session) ciphersCiphers that client understands compsCompression algorithms that client understand cipherCipher to be used compCompression algorithm to be used

12 Handshake Round 2 Client Server {certificate } Note: if Server not to authenticate itself, only last message sent; third step omitted if Server does not need Client certificate k S Server’s private key ctypeCertificate type requested (by cryptosystem) gcaAcceptable certification authorities er2End round 2 message Client Server {mod || exp || Sig S (h(r 1 || r 2 || mod || exp)) } Client Server {ctype || gca } Client Server {er2 }

13 Handshake Protocols: Phases 3 and 4

14 Handshake Round 3 Client Server { pre }Pub S msgsConcatenation of previous messages sent/received this handshake opad, ipadAs above Client Server { h(master || opad || h(msgs || master | ipad)) } Both Client, Server compute master secret master: master =MD5(pre || SHA(‘A’ || pre || r 1 || r 2 ) || MD5(pre || SHA(‘BB’ || pre || r 1 || r 2 ) || MD5(pre || SHA(‘CCC’ || pre || r 1 || r 2 ) Client Server { client_cert }

15 Handshake Round 4 Client Server { h(master || opad || h(msgs || 0x434C4E54 || master || ipad )) } msgsConcatenation of messages sent/received this handshake in previous rounds (does notinclude these messages) opad, ipad, masterAs above Client Server { h(master || opad || h(msgs || 0x53525652 || master | ipad)) } Server sends “change cipher spec” message using that protocol Client Server Client sends “change cipher spec” message using that protocol Client Server

16 Supporting Crypto Algorithms The standard dictates algorithms that must be supported – Classical ciphers ensure confidentiality, cryptographic – checksums added for integrity Only certain combinations allowed – Won’t allow really weak confidentiality algorithm with really strong authentication algorithm Standard is augmented over time – E.g., AES added in 2002 by rfc3268

17 RSA: Cipher, MAC Algorithms

18 MITM Attacks Classic attack foiled by certificates Assuming certificates can be verified correctly Not necessarily the case if the root certificates cannot be trusted More subtle attacks appear over time – TLS Authentication Gap Interaction of TLS and HTTP http://www.phonefactor.com/sslgap Application above SSL/TLS tends to be HTTP but does not have to be

19 IPsec Network layer security – Provides confidentiality, integrity, authentication of endpoints, replay detection Protects all messages sent along a path dest gw2gw1 src IP IP+IPsecIP security gateway

20 Standards Original RFC’s 2401-2412 Mandatory portion of IPv6 Bolted onto IPv4 Newer standards – IKE: Standardized Key Management Protocol RFC 2409 RFC 2409 – NAT-T: UDP encapsulation for traversing address translation RFC 3948RFC 3948

21 Network Level Encryption Data link header and network header is unchanged With tunneling original IP header can be protected Ethernet Frame Header IP Header IP packet Encrypted/authenticated Regardless of application

22 IPsec Transport Mode Encapsulate IP packet data area Use IP to send IPsec-wrapped data packet Note: IP header not protected encapsulated data body IP header

23 IPsec Tunnel Mode Encapsulate IP packet (IP header and IP data) Use IP to send IPsec-wrapped packet Note: IP header protected encapsulated IP header and data body IP header

24 IPsec Protocols Authentication Header (AH) – Integrity of payload – Integrity of outer header – Anti-replay Encapsulating Security Payload (ESP) – Confidentiality of payload and inner header – Integrity of payload (and now header)

25 ESP and integrity Originally design, use AH to add integrity if needed. Bellovin showed integrity is always needed – So added directly to ESP – http://www.cs.columbia.edu/~smb/pape rs/badesp.pdf http://www.cs.columbia.edu/~smb/pape rs/badesp.pdf

26 IPsec Architecture Security Association (SA) – Association between peers for security services Identified uniquely by dest address, security protocol (AH or ESP), unique 32-bit number (security parameter index, or SPI) – Unidirectional Can apply different services in either direction – SA uses either ESP or AH; if both required, 2 SAs needed

27 SA Database Entries Sequence number counter Sequence counter overflow Anti-replay window AH or ESP information: algorithms, keys, key lifetimes Lifetime of SA IPSec mode: Tunnel or transport PathMTU

28 ESP Header

29 Slide #11-29 Key Points Separation of negotiation phase and operational phase Standardized elements for algorithm support Similar functionality between SSL and IPSec Difference in network stack level

Download ppt "SSL and IPSec CS461/ECE422 Spring 2012. Reading Chapter 22 of text Look at relevant IETF standards."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.

Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Web Security CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation.

Web Security CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Similar presentations

Ads by Google