Email, SNMP, Securing the Web: SSL

Similar documents
Network Security Essentials Chapter 5

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Transport Layer Security Protocols

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

The Secure Sockets Layer (SSL)

FTP and . Computer Networks. FTP: the file transfer protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Communication Systems SSL

CS43: Computer Networks . Kevin Webb Swarthmore College September 24, 2015

Chapter 2 Application Layer. Lecture 5 FTP, Mail. Computer Networking: A Top Down Approach

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Network Security Part II: Standards

Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Electronic Mail

Chapter 7 Transport-Level Security

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Internet Technology 2/13/2013

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Communication Security for Applications

CPSC Network Programming. , FTP, and NAT.

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Transport Level Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

1 Introduction: Network Applications

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Web Security Considerations

Chapter 17. Transport-Level Security

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Security Protocols/Standards

Protocol Rollback and Network Security

Web Security. Mahalingam Ramkumar

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used:

Telematics. 13th Tutorial - Application Layer Protocols

CSC Network Security

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

CSC 474 Information Systems Security

Domain Name System (DNS)

CSCI-1680 SMTP Chen Avin

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Lecture 10: Communications Security

Three attacks in SSL protocol and their solutions

The Application Layer. CS158a Chris Pollett May 9, 2007.

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

SECURE SOCKETS LAYER (SSL)

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

mod_ssl Cryptographic Techniques

Networking Applications

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, , Web, DNS, and Network Management. Maximum Points: 60

DATA COMMUNICATOIN NETWORKING

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

Lecture 4: Transport Layer Security (secure Socket Layer)

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Appendix. Web Command Error Codes. Web Command Error Codes

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

FTP: the file transfer protocol

Chapter 51 Secure Sockets Layer (SSL)

Standards and Products. Computer Security. Kerberos. Kerberos

Electronic mail security. MHS (Message Handling System)

Internet Technologies Internet Protocols and Services

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Protocol Specification & Design. The Internet and its Protocols. Course Outline (trivia) Introduction to the Subject Teaching Methods

Network Fundamentals Carnegie Mellon University

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Chapter 34 Secure Sockets Layer (SSL)

Management CSCU9B2 CSCU9B2 1

Chapter 32 Internet Security

Update Instructions

Chapter 27 Secure Sockets Layer (SSL)

TLS and SRTP for Skype Connect. Technical Datasheet

SSL: Secure Socket Layer

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

SSL A discussion of the Secure Socket Layer

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Remote login (Telnet):

ITEC310 Computer Networks II

Open Thunderbird. To set up an account in Thunderbird, from the Tools menu select Account Settings; choose account; then click Next.

Configuring Health Monitoring

CS549: Cryptography and Network Security

SSL Handshake Analysis

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Computer and Network Security

Transcription:

Email, SNMP, Securing the Web: SSL 4 January 2015 Lecture 12 4 Jan 2015 SE 428: Advanced Computer Networks 1

Topics for Today Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan 2015 SE 428: Advanced Computer Networks 2

Email Application Level Protocol (like HTTP) Distinguish 1. User interface (mail reader: Thunderbird, Outlook) 2. Message transfer protocol (SMTP, POP, IMAP) 3. Companion protocol (message formatting: RFC 822, MIME) user agent SMTP SMTP mail access protocol (e.g., POP, IMAP) user agent sender s mail server receiver s mail server 4 Jan 2015 SE 428: Advanced Computer Networks 3

Simple Mail Transfer Protocol Used to move mail from sender to server and server to server Request/Reply conversation style (codes for replies) Authentication possible (password, SSL/TLS) Steps: 1. Greeting (HELO, EHLO) with name 2. Envelope headers RCPT TO MAIL FROM 3. Data Formatted according to rules in RFC or MIME Ends with a single period (.) on a line 4. Quit 4 Jan 2015 SE 428: Advanced Computer Networks 4

SMTP Trace 4 Jan 2015 SE 428: Advanced Computer Networks 5

SMTP Misc Verify mail address exists: VRFY Can refuse to answer Can answer only locally or even check globally May be disabled for security Expand name: EXPN Expands a mailing list name to its full list of users Often disabled for security Only a few common implementations sendmail, postfix Parsing is messy 4 Jan 2015 SE 428: Advanced Computer Networks 6

Retrieving Mail Post Office Protocol - POP Download emails from server Can delete after USER PASS LIST RETR STAT DELE UIDL Internet Message Access Protocol - IMAP Designed to leave messages on server Internal folders Move messages across folders Search folders More flexible retrieval Just mail headers Just single attachments Much more complicated 4 Jan 2015 SE 428: Advanced Computer Networks 7

POP Trace 4 Jan 2015 SE 428: Advanced Computer Networks 8

POP Trace 4 Jan 2015 SE 428: Advanced Computer Networks 9

Mail Formats RFC 5322 (822) Header lines From To Subject Received Date All mail is encoded in ASCII (7bits) Multipurpose Internet Mail Extensions (MIME) Header lines: Content-Description Content-Type image/gif image/png text/plain text/richtext application/postscript application/msword Content-Transfer-Encoding ASCII or base64 Encoding scheme Everything in ASCII characters Use 64 values (A-Za-z0-9+/) Encode 3B 4 chars in base64 4 Jan 2015 SE 428: Advanced Computer Networks 10

MIME Example 4 Jan 2015 SE 428: Advanced Computer Networks 11

MIME Example 4 Jan 2015 SE 428: Advanced Computer Networks 12

So Far Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan 2015 SE 428: Advanced Computer Networks 13

Network Management When you have hundreds of servers and routers, it s hard to manage them all manually remote protocol Lets network admin track status Simple Network Management Protocol (SNMP) Request/Reply protocol (GET/SET) Requests from network nodes information types (Management Information Base MIB): System: General parameters Interfaces: Physical addresses, packets sent on each interface Address translation: ARP and translation tables IP: Routing table, number of successfully routed packets, reassembly, drops TCP: Connections, timeouts, resets, per connection information UDP: Datagrams sent and received 4 Jan 2015 SE 428: Advanced Computer Networks 14

Used to build dashboards 4 Jan 2015 SE 428: Advanced Computer Networks 15

Variables and ASN.1 Abstract Syntax Notation (ASN.1) Basic Encoding Rules (BER) Data items in the form: <tag, length, value> Tag: 8 bit field (can be multibyte) Length: how many bytes follow Less than 127 B, length has the length >127B, length has how many B in the length Value can nest other data items ASN.1 in SNMP Variables listed in dot notation 1.3.6.1.2.1.4.3: IP field called ipinreceives (number of IP datagrams received) 1.3.6.1.2.1: all MIB fields 4 is the IP group 3 is the ipinreceives field 4 Jan 2015 SE 428: Advanced Computer Networks 16

So Far Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan 2015 SE 428: Advanced Computer Networks 17

Secure Sockets Layer Secure Sockets Layer (SSL) for securing the Web Official Name: Transport Layer Security (TLS) Protocol Designed by Netscape in 1996 Adapted by IETF Now in RFC 5246 TLS 1.2 in Aug 2008 Many extensions and outside applications Most important use is on the web (HTTP) Commonly called HTTPS SSL has no relation to HTTP, however 4 Jan 2015 SE 428: Advanced Computer Networks 18

Secure Sockets Layer Main goal: Establish a secure communication channel between two computers Engineering security Different operating systems (easy) Different cryptographic services (harder) Different versions (harder) No Trusted Third Party (?) One side may not have any authentication tokens (harder) Also: It must be efficient Must be flexible It must be exportable Online negotiation (!) 4 Jan 2015 SE 428: Advanced Computer Networks 19

Secure Sockets Layer Solution: Add another layer in the protocol stack on top of TCP Well, two layers really Several sub-protocols too 4 Jan 2015 SE 428: Advanced Computer Networks 20

Sessions and Connections Setting up a secure conversation involves online negotiation Expensive! 2 RTTs minimum Web content is sent in a series of Requests Each request (connection) gets 1 item HTTP 1.1 changes this a bit That shouldn t mean we negotiate for each request! Solution: Long running Sessions and short lived Connections Do the negotiation once for the session Make many connections on the same session 4 Jan 2015 SE 428: Advanced Computer Networks 21

The SSL Protocols SSL Record Protocol Move data SSL Handshake Protocol Negotiate security decisions SSL Change Cipher Spec Activate the negotiated security decisions SSL Alert Protocol! 4 Jan 2015 SE 428: Advanced Computer Networks 22

SSL Record Protocol 1. Fragment packets into 2 14 bytes or less (16,384) 2. Compress (if you want) 3. Message Authentication Code (Keyed) Hash 4. Encrypt 5. Append Header Content Type (Protocol) Change Cipher Spec Alert Handshake Application_Data Major Version Minor Version Compressed length 4 Jan 2015 SE 428: Advanced Computer Networks 23

SSL Handshake Protocol Does the negotiation Four phases: 1. Establish client security capabilities 2. Establish server security tokens 3. Establish client security tokens 4. Implement the negotiated decisions Change Cipher Spec 4 Jan 2015 SE 428: Advanced Computer Networks 24

SSL Handshake Protocol Phase 1: Client Starts (Highest) SSL Version Client Nonce: n c Session Id If it s 0 a new session If it s not continue a session Cipher Suite List of crypto algorithms supported In order of preference Compression Method List of supported methods Client waits 4 Jan 2015 SE 428: Advanced Computer Networks 25

SSL Handshake Protocol Phase 1: Server Responds Chosen SSL Version Server nonce: n s Session Id Old one if continuing Chosen Cipher Suite Chosen Compression Method Phase 2: Server tokens Server Certificate (Optional) Request Client Certificate Server_Hello_Done 4 Jan 2015 SE 428: Advanced Computer Networks 26

SSL Handshake Protocol Phase 3: Client tokens Client verifies certificate Client sends security tokens Certificate (Optional) Signs previous messages with Certificate private key (Client Verify) If no certificate: Pre-master secret (48 bits) Encrypted with Server Key 4 Jan 2015 SE 428: Advanced Computer Networks 27

SSL Handshake Protocol Phase 4: Implement Client sends: Change Cipher Spec Server sends: Change Cipher Spec Both indicate they are ready to use what has been negotiated 4 Jan 2015 SE 428: Advanced Computer Networks 29

SSL Change Cipher Spec Simple protocol: 1 message with 1 byte of data Byte set to 1 Tells the other side to implement the agreed upon cipher suite 4 Jan 2015 SE 428: Advanced Computer Networks 30

SSL Alert Protocol Two bytes of data Byte 1: Severity of alert = 1: Warning = 2: Fatal (terminates connection) Byte 2: Alert Codes Examples: Close notify, Decompression failure, Bad certificate, Certificate revoked, Illegal parameter, Decode error, Insufficient security 4 Jan 2015 SE 428: Advanced Computer Networks 31

Reflection: SSL Enables secure communication over the internet Works even if only one side has a certificate (more on this later) Client authentication must be done some other way Main application for certificates and PKI Has helped sell many certificates (more on this later) Secures the communication channel But not the data stored on the other side A thief can still steal your credit card information from the server Has made it harder for governments to spy on web traffic 4 Jan 2015 SE 428: Advanced Computer Networks 32

Conclusion Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan 2015 SE 428: Advanced Computer Networks 33

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information