Security Protocols
Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic mechanisms TCP/IP Stack Application (HTTP,DNS) Transport (TCP/UDP) Internet (IP) Network (Ethernet) Security Protocols HTTPS/ DNSSEC TLS Transport (TCP/UDP) Internet (IPSEC) Network (802.1x) Unsecure Secure
Transport Layer Security (TLS)
TLS Previous Secure Sockets Layer (SSL) Originally designed to support secure HTTP (HTTPS) Runs over TCP Datagram TLS TLS equivalent for UDP Currently used to secure many other protocols Provides: Authentication/Integrity uses MACs Confidentiality encryption of messages
TLS/SSL Versions Older SSL 1.0-2.0 well known security vulnerabilities SSL 3.0 weak key generation Government Approved (based on NIST SP 800-52 rev 1) TLS 1.0 not significantly different than SSLv3 Only when dealing with business/public (not govt only comm.) Browser Exploit Against SSL/TLS (BEAST) vulnerability TLS 1.1 fixes some issues with CBC mode, other fixes TLS 1.2 specify SHA-2 (256,512 bit) hash functions
TLS Protocol Stack
Type: Application Data
Type: Handshake Stateful connection Handshake used to communicate/agree on various parameters TLS/SSL versions Ciphers Certificates Pre-master secret Master secret Session ID
TLS Handshake Proposes 1) version, 2) ciphers, 3) session ID, 4) random number Specifies: 1) version, 2) cipher, 3) random number Server certificate Public key parameters Client certificate (optional) Premaster secret Change cipher suite (encrypted in future) Change cipher suite (encrypted in future)
TLS Handshake Continued Premaster secret Random number created by client Encrypted with server s public key Master secret Generated from premaster secret Data used to compute the encryption keys/ivs
TLS Ciphers Cipher contains set of crypto algorithms necessary to perform following functions: Key exchange algorithm E.g. RSA, Diffie Hellman, ECDH Bulk encryption algorithm Stream(RC4, etc.), Block(3DES, DES, AES, etc.) Data Integrity/Auth. MAC algorithms, HMAC with (MD5, SHA1, SHA256)
IPsec
IPsec Commonly used to build secure VPNs Host to host, network to network, host to network Encryption and authentication at the network layer Functions Security Associations algorithms and parameters used in encryption Authentication Header (AH) Deprecated connectionless authentication and integrity Encapsulated Security Payload (ESP) Provides confidentiality, authentication, integrity
Benefits Provide confidentiality, integrity, authentication of all IP packets (routable traffic) Transparent to users Can move crypto processing often moved to network routers/devices rather than the system
IPsec ESP Format
Security Associations One way relationship between sender and receiver about security protocol parameters Algorithms and keys used to protect the communication Need two SAs for two way communication Includes Security Parameter Index (SPI) identifier for the SA IP destination address destination endpoint of the SA Crypto algorithms/keys SA establishment relies on ISAKMP protocol
Encapsulating Security Payload (ESP) Normal IP IP Hdr Data TCP/IP Stack Application Transport IPsec Network IP Hdr ESP Hdr Data ESP Trailer ESP Auth Transport payload of IP packet encrypted/authenticated Common for communication between hosts TCP/IP Stack Application Transport Internet IPsec Network New IP Hdr ESP Hdr IP Hdr Data ESP Trailer Tunnel entire IP packet encrypted and/or authenticated Common for communication between networks ESP Auth
ESP Modes - Examples External Hosts External Hosts Unsecure Connection IPsec (Tunnel) IPsec (Transport) Trusted Network A Trusted Network B
TLS vs IPsec Connection Establishment IPSec pre-established Security Associations to agree on ciphers, etc. Additional overhead TLS utilizes handshake to negotiate between client/server Vulnerable to MitM downgrade attacks Trust Establishment IPSec pre-established during SA TLS based on trusted certificate authority pre-shared certificates