320 likes | 336 Views
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23). So far, we talked about Basic Techniques of Security…. Those are used in many different security scenarios Secure email Secure transport (SSL) IPsec. Secure e-mail.
E N D
Working ConnectionComputer and Network Security- SSL, IPsec, Firewalls –(Chapter 17, 18, 19, and 23)
So far, we talked about Basic Techniques of Security… • Those are used in many different security scenarios • Secure email • Secure transport (SSL) • IPsec
Secure e-mail • Alice wants to send secret e-mail message, m, to Bob. • generates random symmetric private key, KS. • encrypts message with KS • also encrypts KS with Bob’s public key. • sends both KS(m) and eB(KS) to Bob.
Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice digitally signs message. • sends both message (in the clear) and digital signature.
Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Note: Alice uses both her private key, Bob’s public key.
Secure Sockets Layer (SSL) • SSL developed by Netscape Communications • Operates on top of TCP • Provides secure connections • HTTP, FTP, telnet, … • Electronic ordering & payment; e-mail • SSL 3.0 submitted to IETF for standardization • TLS standardized by IETF (RFC 2246) • Slight differences with SSL 3.0 • www.ietf.org/html.charters/tls-charter.html
SSL works at transport layer. Provides security to any TCP-based app using SSL services. SSL: used between WWW browsers, servers for I-commerce (shttp). SSL security services: server authentication data encryption client authentication (optional) Server authentication: SSL-enabled browser includes public keys for trusted CAs. Browser requests server certificate, issued by trusted CA. Browser uses CA’s public key to extract server’s public key from certificate. Secure sockets layer (SSL)
Encrypted SSL session: Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. Using its private key, server decrypts session key. Browser, server agree that future msgs will be encrypted. All data sent into TCP socket (by client or server) i encrypted with session key. SSL: basis of IETF Transport Layer Security (TLS). Client authentication can be done with client certificates. SSL (continued)
Handshake Protocol HTTP Protocol Alert Protocol Change cipher spec Protocol TLS Record Protocol TCP IP Transport Layer Security (TLS) • TLS protocols operate at two layers • TLS Record Protocol operates on top of TCP • Protocols on top of TLS Record Protocol • TLS Handshake Protocol • TLS Change Cipher Specification Protocol • TLS Alert Protocol
TLS Record Protocol • TLS Record protocol provides • Privacy service through secret key encryption • Encryption algorithm is negotiated at session setup • Secret keys generated per connection using another protocol such as Handshake protocol • Reliability service through keyed message authentication code • Hash algorithm negotiated at session setup • Operates without hash only during session negotiation
TLS Handshake Protocol • TLS Handshake protocol used by client & server • Negotiate protocol version, encryption algorithm, key generation method • Can authenticate each other using public key algorithm • Client & server establish a shared secret • Multiple secure connections can be set up after session setup • Session specified by following parameters • Session Identifier: byte sequence selected by server • Peer Certificate: certificate of peer • Compression method: used prior to encryption • Cipher spec: encryption & message authentication code • Master Secret: 48-byte secret shared by client & server • Is resumable?: flag indicating if new connections can be initiated
Client Server ClientHello ServerHello Certificate* ServerHelloDone ServerKeyExchange* TLS Handshake Process TLS Record protocol initially specifies no compression or encryption Request connection Includes: Version #; Time & date; Session ID (if resuming); Ciphersuite (combinations of key exchange, encryption, MAC, compression) Send ServerHello if there is acceptable Ciphersuite combination; else, send failure alert & close connection. * Optional messages ServerHello includes: Version #; Random number; Session ID ; Ciphersuite & compression selections New CipherSpec pending Server Certificate May contain public key Server part of key exchange: Diffie-Hellman, gx;; RSA, public key Compute shared key Server part of handshake done
Client Server ClientKeyExchange [ChangeCipherSpec] Finished Handshake Protocol continued Client’s part of key agreement: Diffie-Hellman gy; RSA, random #s Compute shared key Change Cipher protocol message notifies server that subsequent records protected under new CipherSpec & keys Server changes CipherSpec Verify CipherSpec Hash using new CipherSpec; allows server to verify change in Cipherspec
Client Server [ChangeCipherSpec] Finished Application Data Handshake Protocol completion Notify client that subsequent records protected under new CipherSpec & keys Client changes CipherSpec Client verifies new CipherSpec Hash using new CipherSpec; • TLS Record protocol encapsulates application-layer messages • Privacy through secret key cryptography • Reliability through MAC • Fragmentation of application messages into blocks for compression/encryption • Decompression/Decryption/Verification/Reassembly
Client Server Certificate* ClientKeyExchange CertificateVerify* ClientHello [ChangeCipherSpec] ServerHello ServerKeyExchange* Finished [ChangeCipherSpec] Certificate* Finished CertificateRequest ServerHelloDone Application Data TLS Handshake with Client Authentication Server requests certificate if client needs to be authenticated If server finds certificate unacceptable; server can send fatal failure alert message & close connection Client sends suitable certificate Client prepares digital signature based on messages sent using its private key Server verifies client has private key
IP Security (IPsec) . • IPsec defined in RFCs 2401, 2402, 2406 • Provides authentication, integrity, confidentiality, and access control at the IP layer • Provides a key management protocol to provide automatic key distribution techniques. • Security service can be provided between a pair of communication nodes, where the node can be a host or a gateway (router or firewall). • Two protocols & two modes to provide traffic security: • - Authentication Header and Encapsulating Security Payload • - Transport mode or tunnel mode
Network-layer secrecy: sending host encrypts the data in IP datagram TCP and UDP segments; ICMP and SNMP messages. Network-layer authentication destination host can authenticate source IP address Two principle protocols: authentication header (AH) protocol encapsulation security payload (ESP) protocol For both AH and ESP, source, destination handshake: create network-layer logical channel called a security association (SA) Each SA unidirectional. Uniquely determined by: security protocol (AH or ESP) source IP address 32-bit connection ID IPsec: Network Layer Security
IPsec Protocol Stack • IPsec puts the two mainprotocols in between IP andthe other protocols – AH - authentication header - ESP - encapsulating securitypayload • Tunnel vs. transport? • Other function provided byexternal protocols andarchitectures – Key Management/authentication – Policy
Security Association • A Security Association (SA) is a logical simplex connection between two network-layer entities • Two SA’s required for bidirectional secure communication • SA is specified by • A unique identifier • Security services to be used • Cryptographic algorithms to be used • How shared keys will be established • Other attributes such as lifetime • SA negotiated before security service begins
Integrity & Authentication Service • Integrity can be ascertained by sending a cryptographic checksum or hash of message • Authentication also provided if hash covers: • Shared secret key, sender’s identity & message • Fields that are changed while packet traverses Internet are set to zero in calculation of hash • To protect against replay attacks, message should carry a sequence number that is covered by the hash • Receiver accepts a packet only once • Receiver maintains a window of packets it accepts • Receiver recalculates hash and compares to hash in received packet
Provides source host authentication, data integrity, but not secrecy. AH header inserted between IP header and IP data field. Protocol field = 51. Intermediate routers process datagrams as usual. AH header includes: connection identifier authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. Next header field: specifies type of data (TCP, UDP, ICMP, etc.) Authentication Header (AH) Protocol
Provides secrecy, host authentication, data integrity. Data, ESP trailer encrypted. Next header field is in ESP trailer. ESP authentication field is similar to AH authentication field. Protocol = 50. ESP Protocol
IPsec: Tunnel vs. Transport mode • Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. • Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.
Internet Key Exchange (IKE) • Built on of ISAKMP framework • Two phase protocol used to establish parametersand keys for session – Phase 1: negotiate parameters, authenticate peers,establish secure channel – Phase 2: Establish a security association (SA) • The details are unimaginably complex • The SA defines algorithms, keys, and policy usedto secure the session
Internet Gateway-to-Gateway • Computers A and B have gateways interposed between their internal network and Internet • Gateway can be a firewall • Controls external access to internal network • Packet filtering according to various header fields • IP addresses, port numbers, ICMP types, fields within payload • Secure tunnels can be established between gateways • All internal information including headers can be encrypted B A
Internet Remote user to Gateway • Mobile host needs access to internal network • Gateway must provide user with access while barring intruders from accessing internal network • May also need to protect identity of mobile user • IP-address of mobile user changes
Firewall Options • Firewalls can operate at different layers • IP-layer filtering cannot operate on payload contents • Circuit-Level Gateways • Direct client-to-server TCP connections not allowed • Relays TCP segments between actual client & actual server • Application-Level Gateways or Proxies • Interposed between actual client and actual server • Performs authentication and determines what features are available to client • Monitors, filters & relays messages