Internetwork Security



Similar documents
APNIC elearning: IPSec Basics. Contact: esec03_v1.0

IP Security. Ola Flygt Växjö University, Sweden

Chapter 10. Network Security

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Securing IP Networks with Implementation of IPv6

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Chapter 4 Virtual Private Networking

Network Security. Lecture 3

Introduction to Security and PIX Firewall

Internet Protocol Security IPSec

Protocol Security Where?

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

IP SECURITY (IPSEC) PROTOCOLS

Overview. Protocols. VPN and Firewalls

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Chapter 5: Network Layer Security

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Chapter 8 Virtual Private Networking

Branch Office VPN Tunnels and Mobile VPN

Security vulnerabilities in the Internet and possible solutions

Chapter 8. Network Security

CCNA Security 1.1 Instructional Resource

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Chapter 7 Transport-Level Security

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

IPSec and SSL Virtual Private Networks

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Lecture 10: Communications Security

CS 4803 Computer and Network Security

CSCI 454/554 Computer and Network Security. Final Exam Review

Implementing and Managing Security for Network Communications

Network Security Part II: Standards

Application Note: Onsight Device VPN Configuration V1.1

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Using IPSec in Windows 2000 and XP, Part 2

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

EXAM questions for the course TTM Information Security May Part 1

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Communication Systems SSL

Chapter 6 CDMA/802.11i

FortiOS Handbook IPsec VPN for FortiOS 5.0

VPN Solutions. Lesson 10. etoken Certification Course. April 2004

Chapter 32 Internet Security

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

IPsec Details 1 / 43. IPsec Details

Virtual Private Networks

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Case Study for Layer 3 Authentication and Encryption

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Chapter 3. Network Domain Security

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Computer and Network Security

Internet Security Architecture

The BANDIT Products in Virtual Private Networks

Netzwerksicherheit: Anwendungen

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

VPN. VPN For BIPAC 741/743GE

T Cryptography and Data Security

Chapter 49 IP Security (IPsec)

Computer Networks - CS132/EECS148 - Spring

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Chapter 17. Transport-Level Security

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Site to Site Virtual Private Networks (VPNs):

Computer Networks. Secure Systems

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Overview. SSL Cryptography Overview CHAPTER 1

Lecture 9 - Network Security TDTS (ht1)

Network Security Essentials Chapter 5

The next generation of knowledge and expertise Wireless Security Basics

Lecture 17 - Network Security

Study on Remote Access for Library Based on SSL VPN

Transport Level Security

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Laboratory Exercises V: IP Security Protocol (IPSec)

Chapter 2 Virtual Private Networking Basics

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

This paper is a follow-on to an earlier paper 1 and. An architecture for the Internet Key Exchange Protocol. by P.-C. Cheng

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

NetScreen Concepts & Examples

Introduction to Computer Security

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Transcription:

Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Security Threats in the Network Spying out your data Manipulating your data Computer and system sabotage Analysis of communication profiles... Problem: To gain physical control of networks is expensive and often unreachable 2 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Wide-Area Scenarios 3 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Objectives of Security Layers Assure: Secrecy of information Secrecy of communication relations Verification of information integrity Verification of (sender-) authenticity Protection of infrastructure... 4 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Basis: Encryption Gain security objectives in public networks by encryption 983492342342734 key 234539834922734 key Ottos Mops.. KJSIJHASJDHK Ottos Mops.. plain text secure text plain text Public Key: public execution of key exchange - asymmetric method can exchange in the clear Private Key: secret key needs out of band installation - symmetric method needs pre-shared secret 5 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Symmetric Encryption Example: DES Private key method Classical, high performance Key exchange at runtime Needed: exchange of initial seed (out of band) Problem: No method for signature Authentication: Challenge-Response-Scheme 6 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Asymmetric Encryption Public key method (Diffie/Hellman 1976) Calculations numerically complex (long keys!) Separate key generation Public key exchange External key certification by Certification Authorities (CAs) Permits sender authentication RSA-Algorithm p, q large prime number, n= p * q let e, d and k with e*d = k* (p-1) * (q-1) +1 Number Theory: for every m (m**e)**d mod n = m m: message to send e: Encryptor (public key) d: Decryptor (private key) 7 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Key Agreement: Diffie-Hellmann Problem: Two mutually unknown parties (A & B) want to exchange an encryption key via a public data channel Approach: Use public key cryptography to spontaneously establish a shared secret key. Method: Diffie-Hellmann New Directions in Cryptography (1976) Shortcoming: Mutual authentication left open - to public key infrastructure or off-channel solution 8 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Diffie-Hellmann Algorithm Let p be a sufficiently large prime, g : g n mod p = p for some n, p and g publicly available. Then: 1. A chooses 0 a p 2 at random and sends c := g a to B 2. B chooses 0 b p 2 at random and sends d := g b to A 3. A computes the shared key k = d a = (g b ) a 4. B computes the shared key k = c b = (g a ) b The strength of the algorithm relies on the secrets a and b, which are discrete logarithms mod p 9 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Layers of Encryption Layer 7: Application encryption Process/ Application Transport Network Layer 4+: Socket layer security Layer 3: Network encryption Layer 2: Logic tunnelling Layer 1: Line encryption Link Bit transfer 10 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Application Layer Example: Pretty Good Privacy (Mail) Advantage: serves all purposes Inter-application security model application specifically optimized Disadvantage: Communication profiles remain visible on application layer Needs application programs for provisioning 11 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Example: Pretty Good Privacy Public key based: Fred encrypts his message with the public key of Barney. For authentication Fred appends a signature at his mail. Only Barney can decrypt the content of this mail. Barney decrypts the signature with the public key of Fred. 12 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Socket Layer (4+) Example: Secure Socket Layer (SSL/TLS) Advantage: end-to-end security model transparent w.r.t application data easy to integrate (secure socket library) Disadvantage: Communication profiles remain visible on the transport layer (incl. appl. protocol) Needs incorporation into application programs 13 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Example: SSL/TLS Transport Layer Security: RFC 2246, 3546 Protocol for encrypted transfer between unknown clients and known servers (approved by certification). Public key based session-initiation: on request server sends public key to a client. Client generates a pre-shared secret (private key) and sends this with the received public key encrypted to the server. Communication afterwards will be encrypted symmetrically. 14 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Line Encryption (L 1) Example: Transmission-Scrambling, WEP Advantage: complete information encryption completely transparent Disadvantage: bound to line, not end-to-end normally requires hardware support 15 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Example: WEP Protocol for encrypting wireless transmission between Access Point and Stations. Private key based: AP & STA hold pre-shared secret. Fixed length: 40 or 104 bits Static: no key exchange, except by reconfiguration Authentication: Challenge (AP) Response (STA) scheme. Encryption: RC4 encryption (XOR with pseudorandom stream) with (insufficiently changed) Initialisation Vectors (IV). Improvement: WPA the upgrade to Temporal Key Integrity Protocol (TKIP) a deficit healing by improved IV selection and re-keying. 16 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Layer 2: MAC Protection + Tunnels Examples: MAC Protection: ACLs, 802.1x port authentication Tunnels: PPP/PPTP, L2TP (+encryption), Advantage: prevents ARP spoofing + network intrusion transparent to network layer (only tunnel visible) Disadvantage: needs server / provider support limited scaling / performance 17 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

18 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

19 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Internet Layer (IP) Example: packet encryption, address authentification Advantage: transport transparent efficient & wide-area routable Disadvantage: communication profile visible on IP layer Solution: IP-in-IP secure tunnelling: IPSec 20 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

What is IPSec? A security architecture Two IP security protocols Authentication Header (AH) Encapsulation Security Payload (ESP) Internet Key Exchange (IKE) Exchange of IPSec security seeds An open standard (RFC 2401, 4301) An end-to-end security solution on the IP layer 21 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Concepts of IPSec internet intranet Protects data transfers throughout the Internet, procuring Authentication, Integrity, Encryption Transparent to, but compliant with network infrastructure End-to-end concept 22 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Tunnel and Transport Mode Tunnel Mode Tunnel Mode Tunnel Mode Joe s PC HR Server Transport Mode (with ALG) Transport Mode Transport Mode End-to-End or via ALG Tunnel Mode for all connection types 23 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Security Association (SA) Router A Insecure Channel Router B Directional description of security services in use (unidirectional per connection) Valid for individual data flow Two-way communication uses two SAs Each SA identified by a Security Parameter Index (SPI) as part of the IPSec Headers number with strictly local scope 24 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Security Association (2) Destination Address Security Parameter Index (SPI) IPSec Transform Key Additional SA Attributes (e.g. lifetime) 205.49.54.237 7A390BC1 AH, HMAC-MD5 MD5 7572CA49F7632946 One Day or 100MB 25 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

IPSec Authentication Header (AH) IP HDR Data Transport Mode IP HDR AH Data Authenticates all but variable fields Tunnel Mode New IP HDR AH IP HDR Data Authenticates all but variable fields of the new IP-Header 26 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Authentication Header (2) Authentication header is extension Header (IPv6). IPv4: placed prior to TCP/UDP header (change of IPv4-Stack) or as transport payload (lower efficiency) Authenticates data source and integrity by a Message Authentication Code (MAC). Remains unencrypted. Next Header Payload Length RESERVED Security Parameter Index (SPI) Sequence Number Field Authentication Data 27 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Encapsulating Security Payload (ESP) IP HDR Data Transport Mode IP HDR ESP HDR Data Encrypted Authenticated ESP Trailer ESP Auth Tunnel Mode ESP HDR IP HDR Data Encrypted Authenticated ESP Trailer ESP Auth 28 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Encapsulating Security Payload ESP Header handling as AH Ready to include encryption parameters (initialisation) ESP Header remains unencrypted, but authenticated with data ESP payload encrypted Trailer for terminating 0s and alignment. Security Parameter Index (SPI) Sequence Number Field Initialization Vector Payload Data Padding (If Any) Pad Length Authentication Data Next Header 29 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Encryption Methods IPSec can employ different encryption methods. To initiate a Security Association either a Public Key Infrastructure (PKI) or Preshared Secrets (offline) are needed. While an SA is running, data will be encrypted via symmetric encryption methods (performance). To regularly exchange keys an Internet Key Exchange Daemon is part of the IPSec concept. 30 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Internet Key Exchange (IKE) IKE-Protocol (RFC 2409, v2: RFC 4306) implements different key exchange schemes. Negotiates policies to use. Negotiates SAs to initiate IPSec. Modi: Main, Aggressive, Quick and New Group (depending on identification model). Authenticated Diffie-Hellman key exchange. 31 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Operation of IPSec Notable Traffic? IKE Negociation IPSec Negociation Tunnel Construction IKE IPSec Data 32 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

IKE Initiation of a SA SA Request IPSec (triggered by ACL) Fred Wilma IKE SA Offer - des, sha, rsa sig, D-H group 1, lifetime Policy Match accept offer In the Clear ISAKMP Phase 1 Oakley Main Mode Fred D-H exchange : KE, nonce Wilma D-H exchange : KE, nonce Fred Authenticate D-H apply Hash Wilma Authenticate D-H apply Hash Protected IKE Bi-directional SA Established 33 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

IPSec Constructing the SA Fred Wilma IPSec SA Offer - transform, mode, pfs, authentication, lifetime ISAKMP Phase 2 Oakley Quick Mode Policy Match accept offer Fred D-H exchange or refresh IKE key Wilma D-H exchange or refresh IKE key Protected by the IKE SA IPSec Outbound SA Established IPSec Inbound SA Established 34 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Example 2: Cryptographically Generated Addresses (IPv6) Problem: In IP infrastructure protocols the sender of a message frequently has to prove its ownership of address to a receiver, it never met before. Authentication between unknown partners normally requires a public key infrastructure. Cryptographically Generated Addresses (CGAs) are source addresses formed from the public key (RFC 3972). This mechanism allows the authentication of sender s address and the signing of data without a PKI. Most important uses: SEND (RFC 3971), OMIPv6 (IEdraft) 35 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

CGA Encapsulation 36 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

CGA: Encapsulation Steps 1. Sender forms public/private key pair e and d, calculates (node-)source address as a 64 bit hash from e. 2. Sender computes signature of network prefix, public key e, data encrypted with its private key d. 3. Sender includes (unencrypted) network prefix, e and the signature in a CGA parameter header within the packet. 4. Sender adds data and sends packet. 37 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

CGA Decapsulation 38 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

CGA: Decapsulation Steps 1. Receiver extracts network prefix and the public key e from the CGA parameter header. 2. It decrypts the signature with the public key e and verifies the CGA parameters + Data. 3. Receiver re-calculates and verifies sender s source address as a 64 bit hash from e. 4. The receiver can now be sure, that the received packet has been originally sent by the owner of the claimed IP address. 39 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

Summary Security in the net can be improved on many layers Final selection of a technology needs a careful need analysis The level of security achieved is determined by concept / algorithms, key strength and the management quality There is no such thing as secure (only more secure) 40 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

References William Stallings: Cryptography and Network Security, 3 rd Ed., Prentice Hall, 2003. John Edney, William A. Arbaugh: Real 802.11 Security, Addison-Wesley, 2004. Hans Delfs, Hartmut Knebl: Introduction to Cryptography, Springer, 2002. Claudia Eckert: IT Sicherheit, 4 th Ed., Oldenbourg Verlag, 2006. Internet Standards at: www.rfc-editor.org. 41 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information