200 likes | 358 Views
Chapters 8 Network Security. Professor Rick Han University of Colorado at Boulder rhan@cs.colorado.edu. Announcements. HW #5 (short) due May 2 Programming Assignment #3 due May 2 Final Exam May 7, 4:30-7:00 pm Comprehensive In this room Review next time Last week’s lectures on the Web
E N D
Chapters 8Network Security Professor Rick Han University of Colorado at Boulder rhan@cs.colorado.edu
Announcements • HW #5 (short) due May 2 • Programming Assignment #3 due May 2 • Final Exam May 7, 4:30-7:00 pm • Comprehensive • In this room • Review next time • Last week’s lectures on the Web • Next, IPSec, Firewalls Prof. Rick Han, University of Colorado at Boulder
Recap of Previous Lecture • Authentication via Digital Signatures • Hash the document, encrypt the hash with your private key • Data Integrity via One-Way Hashes • Non-Repudiation comes for free with public-key authentication • Key distribution via Digital Certificates from a trusted Certificate Authority • SSL/TLS • Public key handshake to negotiate secret session key • HTTPS = HTTP over SSL/TLS Prof. Rick Han, University of Colorado at Boulder
Symmetric Key Distribution • Key distribution • Public key via trusted Certificate Authorities • Symmetric key? • Diffie-Helman Key Exchange • Public key, then secret key (e.g. SSL) • Symmetric Key distribution via a KDC (Key Distribution Center) Prof. Rick Han, University of Colorado at Boulder
Symmetric Key Distribution (2) • Symmetric Key distribution via a KDC (Key Distribution Center) • KDC is a server (trusted 3rd party) sharing a different symmetric key with each registered user • Alice wants to talk with Bob, and sends encrypted request to KDC, KA-KDC(Alice,Bob) • KDC generates a one-time shared secret key R1 • KDC encrypts Alice’s identity and R1 with Bob’s secret key, let m= KB-KDC(Alice,R1) • KDC sends to both Alice R1 and m, encrypted with Alice’s key: i.e. KA-KDC(R1, KB-KDC(Alice,R1)) • Alice decrypts message, extracting R1 and m. Alice sends m to Bob. • Bob decrypts m and now has the session key R1 Prof. Rick Han, University of Colorado at Boulder
Symmetric Key Distribution (3) m= • Kerberos authentication basically follows this KDC trusted 3rd party approach • In Kerberos, the message m is called a ticket and has an expiration time Prof. Rick Han, University of Colorado at Boulder
IPsec • IP security protocol is a suite of protocols for security at the network layer • Provides data confidentiality/secrecy: Encrypt the IP payload (not header, except when tunneling) • All higher layer information is encrypted, including TCP/UDP port #’s • Called the Encapsulation Security Payload (ESP) protocol • Provides source authentication and data integrity • Authenticates the source to make sure the sender is not spoofing IP addresses • Called the Authentication Header (AH) protocol Prof. Rick Han, University of Colorado at Boulder
IPsec (2) • ESP protocol provides network-layer secrecy, source host authentication and data integrity • TCP/UDP segment is surrounded by header and trailer fields • DES-CBC encryption of TCP/UDP segment + trailer • Trailer lists the Protocol of the segment (TCP, or UDP, or …). Hidden from observers. • Normal IP routing using IP header. Destination sees protocol=50 and decrypts ESP packet Prof. Rick Han, University of Colorado at Boulder
IPsec (3) • Authentication field contains digital signature of entire original IP datagram (same as AH signature) • Signed message hash over IP header + TCP/UDP segment, including IP source address • Can’t spoof an IP address or tamper with the IP header without being detected Prof. Rick Han, University of Colorado at Boulder
IPsec (4) • AH protocol provides source authentication and data integrity, but not secrecy • Insert an AH header between IP header (indicated by Protocol = 51) • Next Header field indicates whether segment is TCP, UDP, etc. • Authentication Data field contains a digital signature, or signed message digest calculated over the original IP datagram • Provides source authentication • Provides datagram integrity tamper check • Digital signature could be DES, MD5, or SHA - negotiated Prof. Rick Han, University of Colorado at Boulder
IP source IP router IP dest IPsec (5) Logical Security Agreement • The two IP endpoints set up a logical connection called a Security Agreement (SA) • Simplex/unidirectional end-to-end security • Uniquely identified by 3-tuple: the security protocol (AH or ESP), source IP address, and a 32-bit ID called Security Parameter Index (SPI) • Key management in an SA governed either by Internet Key Exchange (IKE) algorithm or Internet Security Association and Key Management Protocol (ISAKMP) Prof. Rick Han, University of Colorado at Boulder
IP source NAT IP dest IPsec (6) Encrypted IP datagrams • Some implications: • NAT’s will no longer work when dealing with IPsec-encrypted IP datagrams – why? • NAT’s are transparent yet also require knowledge of TCP source port – this is encrypted by IPsec! • Also, NAT’s require changing the source port and source IP address, but NAT can’t modify the digital signature (which prevents undetectable tampering) Prof. Rick Han, University of Colorado at Boulder
IP source IPsec gateway IPsec gateway IP dest IPsec (7) Secure Intranet Secure Intranet Secure Tunnel over Insecure IP routing • Some implications: • Virtual Private Networks (VPN’s) are created and connected using IPsec • Create IPsec gateways that tunnel/encapsulate across the insecure Internet = “Virtual” • IPsec provides confidentiality = “Private” Prof. Rick Han, University of Colorado at Boulder
IPsec (8) • May want to use IPsec over your corporate intranet, even though the intranet is protected by a firewall • Protects against eavesdropping, tampering, and spoofing from the inside, i.e. disgruntled employees • IPsec has been proposed as part of wireless solution to overcome WEP’s security flaws • How widely deployed? • In Windows 2000/XP, some Linux flavors (Suse 8.0, patch others with open source IPsec implementation called FreeSWAN), firewalls, Cisco routers • Philosophy: if I have SSL end-to-end security why do I need IPsec end-to-end security? • Headers still exposed and could reveal info Prof. Rick Han, University of Colorado at Boulder
Firewalls • We’ve already seen two kinds of firewalls in action: • NAT’s act as filter-based firewalls • HTTP proxies can act as proxy-based firewalls • Firewalls address the Availability problem in security • Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks to a corporate intranet Prof. Rick Han, University of Colorado at Boulder
Firewalls (2) • Filter-based firewall can by default implement a policy that • Admits packets not on a list, OR • Only admits packets on a list • The firewall’s list/table will contain 5-tuples • <source IP addr, source TCP/UDP port, destination IP address, destination TCP/UDP port, protocol> • Can specify wildcards, e.g. <128.92.0.3, *, 192.12.13.14, 80, TCP> could mean to let pass all TCP packets with a source addr 128.92.0.3, any source port, which are destined for 192.12.13.14 port 80. Prof. Rick Han, University of Colorado at Boulder
Firewalls (3) • Sample policy #1: Filter-based firewalls can block all inbound packets claiming a source IP address from within an intranet • Thus, the interface from which a packet arrives is as important as the IP header info • Prevents easy spoofing of source IP addresses • Sample policy #2: filtering of all inbound UDP packets is popular among corporations to block external video on intranet • What about DNS? • Can limit to a few inbound ports from trusted DNS servers • can also remember that you’re expecting a response from a particular DNS server. • Can’t entirely eliminate spoofing of external addresses though Prof. Rick Han, University of Colorado at Boulder
Firewalls (4) • Sample policy #3: Enable all outgoing TCP connections but block all incoming TCP connections • Looks inside TCP packets and rejects all inbound SYN attempts • Variation: look inside TCP packets and reject all inbound packets with TCP ACK bit set to 0 – accomplishes same effect as rejecting inbound SYN’s • TCP ACK bit is set to 0 only for first segment of a TCP connection, otherwise it is set to 1 for responses • “Layer 4” switch Prof. Rick Han, University of Colorado at Boulder
Firewalls (5) • Sample policy #4: Packet-filtering firewalls can reject all inbound packets from a block of addresses • Some ISP’s have in the past rejected all packets with IP source addresses from China because hackers often use insecure servers in China to launch DOS attacks Prof. Rick Han, University of Colorado at Boulder
Firewalls (6) • FTP and firewalls: • FTP’ing between an intranet client to an external server creates both an outbound control connection (port 21) and an inbound TCP data connection (port 20) • The inbound data connection gets blocked by a firewall implementing sample policy #3 • Solution: server supports PASV option, chooses port > 1023, informs client of its port via the control channel, then the client initiates a TCP connection to server’s chosen port thru firewall • Most Web browsers support the PASV option but not all FTP servers Prof. Rick Han, University of Colorado at Boulder