1 / 63

563.1 Fundamentals

563.1 Fundamentals. Carl A. Gunter University of Illinois Fall 2007. Warm-Up Presentation. Public Key Infrastructure (PKI) Security and network layers Security tunnel protocols. Public Key Infrastructure.

shamus
Download Presentation

563.1 Fundamentals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 563.1 Fundamentals Carl A. Gunter University of Illinois Fall 2007

  2. Warm-Up Presentation • Public Key Infrastructure (PKI) • Security and network layers • Security tunnel protocols

  3. Public Key Infrastructure • Mutual authentication of participants in a transaction requires a system of identities • Principals are identified by public keys • These keys can be used for authentication, but only if “spoofing” is prevented • PKI provides a basis for establishing trust

  4. PKI Systems • Three Philosophies • Hierarchy • ITU X.509 (DAP, PKIX) • DNS • Web of Trust • PGP • Ad hoc • SSH • Most research studies

  5. Subject Name Subject Public Key CA Name CA Signature X.509 Certificates X.509 certificates bind a subject to a public key. This binding is signed by a Certificate Authority (CA). Subject Name Subject Public Key CA Name CA Signature

  6. Joe Smith Subject Joe’s Key Subject’s Key Urbana CA Issuer Urbana CA Urbana CA Key Illinois CA Illinois CA Illinois CA Key USA CA Chaining

  7. Distribution: How to find a certificate Certificate accompanying signature or as part of a protocol Directory service DAP LDAP DNS Email Cut and paste from web pages Revocation: Terminate certificates before their expiration time. How does the relying party know that the certificate has been revoked? Many CRL distribution strategies proposed Mitre report for NIST suggests certificate revocation will be the largest maintenance cost for PKIs Certificate Management

  8. Semantics of CRL’s • Three certificates. • Q says P is the public key of Alice. • R says P is the public key of Alice. • Q says R is the public key of Bob. • Three kinds of revocation. • P is not the public key of Alice. (3 not 2.) • Q no longer vouches for whether P is the public key of Alice. (2 and 3.) • The key of Q has been compromised. (2 not 3.) Revoke Fox and LaMacchia 98

  9. Problems Revocation User ability to deal with keys Registration (challenge for all authentication techniques) Weak business model Areas of Progress SSL Authenticode SSH Smart cards for government employees Web services Adoption of PKI

  10. Challenges for Network Security • Sharing • Complexity • Scale • Unknown perimeter • Anonymity • Unknown paths

  11. Physical Link Network Transport Application Internet Layers

  12. Physical Locked doors Spread spectrum Tempest Link WEP GSM Network Filtering firewalls IPsec Transport Circuit firewalls SSL and TLS Application Proxy firewalls S/MIME XMLDSIG and WS security Security at Layers

  13. Network Layer Security HTTP FTP SMTP TCP IP / IPsec

  14. Transport Layer Security HTTP FTP SMTP SSL or TLS TCP IP

  15. Application Layer Security PGP SET S/MIME Kerberos SMTP HTTP TCP UDP IP

  16. Division of Labor in the Internet Hosts Routers Networks

  17. TCP/IP Protocol Stack Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link Physical Physical Physical Physical

  18. Communication Processing Flow App1 App2 App1 App2 Transport Transport Network Network Network Network Link Link Link Link Link Link Physical Phys Phys Phys Phys Physical

  19. Physical Layer Protection Issues • Hide signal • Spread spectrum • Emission security • Radio emissions (Tempest) • Power emissions

  20. Encapsulation Link Layer Frame IP TCP Application Link Link Network Layer Header Transport Layer Header Application Layer Payload

  21. One Hop Link Layer Encryption Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link Link Link

  22. Link Layer Encryption Encrypted IP TCP Application Link Link

  23. End-to-End Network Security Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link

  24. Network Layer Transport Mode IP TCP Application Link Link Encrypted IP Hdr TCP Application Tlr Link Link

  25. VPN Gateway Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link

  26. Network Layer Tunnel Mode IP TCP Application Link Link Encrypted New IP Hdr IP TCP Application Tlr Link Link

  27. Layer 3 Implementation Options • Location • Host • Network • Style • Integrated • Modular (for tunnel mode)

  28. Bump In The Stack (BITS) App1 App2 App1 App2 Transport Network Transport Security Network Net + Sec Network Link Link Link Link

  29. Bump In The Wire (BITW) App1 App2 App1 App2 Transport Security Security Transport Network Network Network Network Link Link Link Link

  30. Integrated on Host App1 App2 App1 App2 Transport Transport Net + Sec Network Network Net + Sec Link Link Link Link

  31. Integrated on Router App1 App2 App1 App2 Transport Transport Network Net + Sec Net + Sec Network Link Link Link Link

  32. Network Security Location Options Application Application End-to-End Transport Transport Transport Network Network Network Network Link Link Link Link Application Application Transport Transport Voluntary Tunnel Network Network Network Network Link Link Link Link Application Application Transport Transport Involuntary Tunnel Network Network Network Network Link Link Link Link

  33. Transport Layer Security Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link

  34. Transport Layer Encryption IP TCP Application Link Link Encrypted IP TCP RH Application Link Link IP TCP App Link Link

  35. Message Processing Sequence App1 App2 App1 App2 App2 Sec App2 Sec Transport Transport Network Network Network Network Link Link Link Link

  36. IP TCP Application Link Link Application Layer Security Encrypted IP Key ID TCP Application Link Link

  37. Link Layer Security • Advantages • Transparent to applications • Hardware solution possible • Can address especially vulnerable links (viz. wireless) • Disadvantages • Hop-by-hop protection causes multiple applications of crypto operations. • Typically does not provide end-to-end security.

  38. Network Layer Security • Advantages • Transparent to applications • Amenable to hardware • Flexible • Disadvantages • Adds complexity for routing, MTUs, NATs • Flexibility introduces policy management and compatibility challenges.

  39. Transport Layer Security • Advantages • Transparent to applications and may be packaged with applications • Exposing TCP enables compression and QoS classification. • Disadvantages • Probably implemented in software • DoS vulnerabilities from TCP

  40. Application Layer Security • Advantages • Customized to application • Requires no special protocol stack (transparent to networking) • Disadvantages: • Hard to share between applications (viz. standardization challenge)

  41. Protocols to Software • There are important differences between theoretical descriptions, standards and software: • Evolution (versions, extensibility) • Interoperability (options, negotiation) • Error modes. • Two brief case studies • Transport Layer Security (TLS) • Network layer security (IPsec)

  42. Secure Socket Layer (SSL) • Session protocol with • Server authentication • Client authentication optional • Integrity checksum • Confidentiality. • Possibly the most important security-related ecommerce protocol • Session sets up security parameters • Many connections possible within a given session • Current version is TLS 1.1 (RFC 4346).

  43. X.509 Strong Two-Pass Exchange • Let DA = rA, LA, B, • Let DB = rB, LB, rA, A, PA(k) • Two messages: • A → B : certA, DA, SA(DA) Check that LA is not expired and that rA has not been seen in that lifetime. Remember rA for this lifetime. • B → A : certB, DB, SB(DB) Check rA and A. Check that LB is not expired and rB has not been seen in that lifetime. Use k to encrypt and decrypt bulk traffic.

  44. Establish Security Capabilities Client Server Client Hello Time Server Hello

  45. Server Key Exchange Server Hello Done Certificate Request Certificate Server Auth & Key Exchange Client Server Time Optional

  46. Client Auth & Key Exchange Client Server Time Certificate Client Key Exchange Optional Certificate Verification Optional

  47. Client Auth & Key Exchange Client Server Change Cipher Spec Time Finish Change Cipher Spec Finish

  48. IETF RFCs 4301-4309 from Dec 05 define the standard Modes Tunnel Transport Protocols Authenticated Header (AH) Encapsulated Security Payload (ESP) Configurations End-to-end Concatenated Nested Principal elements Security Associations (SAD) Internet Key Exchange (IKE) Policy (SPD) IPsec

  49. Typical Case S Client Internet G ESP S ESP Gateway Corporate Network S Server

  50. ESP Packet Format 0-7 8-15 16-23 23-31 Security Parameter Index (SPI) Sequence Number Initialization Vector Protected Data Pad Pad Length Next Header Authentication Data

More Related