Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts



Similar documents
Lecture 10: Communications Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Network Security Part II: Standards

Chapter 7 Transport-Level Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Network Security Essentials Chapter 5

Securing IP Networks with Implementation of IPv6

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Network Security. Lecture 3

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Transport Layer Security Protocols

Web Security Considerations

IP Security. Ola Flygt Växjö University, Sweden

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Lecture 17 - Network Security

Network Security Fundamentals

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Chapter 17. Transport-Level Security

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Transport Level Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Introduction to Computer Security

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Security Protocols/Standards

Chapter 32 Internet Security

The Secure Sockets Layer (SSL)

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Communication Security for Applications

Chapter 10. Network Security

TLS and SRTP for Skype Connect. Technical Datasheet

Security vulnerabilities in the Internet and possible solutions

Computer and Network Security

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Laboratory Exercises V: IP Security Protocol (IPSec)

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Introduction to Computer Security

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Computer Networks. Secure Systems

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Secure Sockets Layer

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Chapter 5: Network Layer Security

Chapter 4 Virtual Private Networking

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Communication Systems SSL

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

TLS/SSL in distributed systems. Eugen Babinciuc

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

IP SECURITY (IPSEC) PROTOCOLS

Protocol Rollback and Network Security

Site to Site Virtual Private Networks (VPNs):

CS 4803 Computer and Network Security

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

How To Understand And Understand The Security Of A Key Infrastructure

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Introduction to Internet Security

Virtual Private Networks

Chapter 9. IP Secure

T Cryptography and Data Security

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

ETSF10 Part 3 Lect 2

Network Access Security. Lesson 10

Overview. SSL Cryptography Overview CHAPTER 1

CCNA Security 1.1 Instructional Resource

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

ISM/ISC Middleware Module

Protocol Security Where?

Internetwork Security

Cornerstones of Security

Lecture 9 - Network Security TDTS (ht1)

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Introduction to Security and PIX Firewall

, SNMP, Securing the Web: SSL

Insecure network services. Firewalls. Two separable topics. Packet filtering. Example: blocking forgeries. Example: blocking outgoing mail

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Virtual Private Networks: IPSec vs. SSL

Internet Security Architecture

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Standards and Products. Computer Security. Kerberos. Kerberos

Internet Protocol Security IPSec

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Application Note: Onsight Device VPN Configuration V1.1

Transcription:

Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security protocols Transport Layer Security (TLS) IP Layer Security (IPSec) Audun Jøsang University of Oslo Spring 2015 2 Network Security Concepts Assumes that each organisation owns a network Wants to protect own local network Wants to protect communication with other networks Network Security: two main areas Communication Security: measures to protect the data transmitted across networks between organisations and end users Topic for this lecture Perimeter Security: measures to protect an organization s network from unauthorized access (theme for next lecture) Topic for next lecture 3 Communication Security Analogy Physical transport security Internet Protected Pipe Digital communication security 4

Communication Protocol Architecture Layered structure of hardware and software that supports the exchange of data between systems Each protocol consists of a set of rules for exchanging messages, i.e. the protocol. Two standards: OSI Reference model Never lived up to early promises TCP/IP protocol suite Most widely used OSI Open Systems Interconnection Developed by the International Organization for Standardization (ISO) A layer model of 7 layers Each layer performs a subset of the required communication functions Each layer relies on the next lower layer to perform more primitive functions Each layer provides services to the next higher layer Changes in one layer should not require changes in other layers 5 6 The OSI Protocol Stack Communication across OSI L10: ComSec INF3510 - Spring 2015 7 L10: ComSec INF3510 - Spring 2015 8

TCP/IP Protocol Architecture OSI model vs. TCP/IP model (The Internet) Developed by the US Defense Advanced Research Project Agency (DARPA) for its packet switched network (ARPANET) Used by the global Internet No official model, but it s a working one. Application layer Host to host or transport layer Internet layer Network access layer Physical layer 7 6 5 4 3 2 Application protocols, e.g. http, ftp, smtp, snmp TCP (Transmission Control Protocol) UDP (User Datagram Protocol ) IP (Internet Protocol) TCP or UDP 1 host IP IP IP router router host 9 10 OSI Security Architecture Originally specified as ISO 7498-2 Republished as X.800 Security Architecture for OSI Defines a systematic set of security requirements and options for the ISO communication protocol stack Also applicable to the TCP/IP protocol stack 11 Possible placement of security services in OSI protocol layers (X.800) Security Service Layer 1 2 3 4 5 6 7 Peer entity authentication Y Y Y Data origin authentication Y Y Y Access control service Y Y Y Connection confidentiality Y Y Y Y Y Y Connectionless confidentiality Y Y Y Y Y Selective field confidentiality Y Y Traffic flow confidentiality Y Y Y Connection Integrity with recovery Y Y Connection integrity without recovery Y Y Y Selective field connection integrity Y Connectionless integrity Y Y Y Selective field connectionless integrity Y Non-repudiation of Origin Y Non-repudiation of Delivery Y 12

Security Protocols Many different security protocols have been specified and implemented for different purposes Authentication, integrity, confidentiality Key establishment/exchange E-Voting Secret sharing etc. Protocols are surprisingly difficult to get right! Many vulnerabilities are discovered years later some are never discovered (or maybe only by the attackers) Security Protocols Overview This lecture discusses the operation of two networkrelated protocols that are in common use. Transport Layer Security (TLS): Used extensively on the web and is often referred to in privacy policies as a means of providing confidential web connections. IP Security (IPSec): Provides security services at the IP level and is used to provide Virtual Private Network (VPN) services. 13 14 SSL/TLS: History Transport Layer Security TLS/SSL 1994: Netscape Communications developed the network authentication protocol Secure Sockets Layer (SSL) 2.0. Badly broken 1995: Netscape release their own improvements SSL 3.0 Widely used for many years. 1996: SSL 3.0 was submitted to the IETF as an Internet draft, and an IETF working group was formed to develop a recommendation. In January 1999, RFC 2246 was issued by the IETF, Transport Layer Security Protocol: TLS 1.0 Similar to, but incompatible with SSL Currently TLS 1.2 (2008) 16

TLS: Overview TLS is a cryptographic services protocol based on the Browser PKIX, and is commonly used on the Internet. Most often used to allow browsers to establish secure sessions with web servers. Port 443 is reserved for HTTP over TLS/SSL and the protocol https is used with this port. http://www.develop.com implies the use of standard HTTP using port 80. https://www.develop.com implies the use of HTTP over TLS/SSL using port 443. TLS: Layer 4 Security 17 18 TLS: Architecture Overview Designed to provide secure reliable end-to-end services over TCP. Consists of 3 higher level protocols: TLS Handshake Protocol TLS Alert Protocol TLS Change Cipher Spec Protocol The TLS Record Protocol provides the practical encryption and integrity services to various application protocols. TLS: Protocol Stack TLS Handshake Protocol TLS Change Cipher Suite Protocol TCP TLS Alert Protocol TLS Record Protocol Application Protocol (HTTP) IP 19 20

TLS: Handshake Protocol The handshake protocol Negotiates the encryption to be used Establishes a shared session key Authenticates the server Authenticates the client (optional) Completes the session establishment After the handshake, application data is transmitted securely Several variations of the handshake exist RSA variants Diffie-Hellman variants TLS: Handshake Four phases Phase 1: Initiates the logical connection and establishes its security capabilities Phases 2 and 3: Performs key exchange. The messages and message content used in this phase depends on the handshake variant negotiated in phase 1. Phase 4: Completes the setting up of a secure connection. 21 22 DiagramTLS: Simplified RSA-based Handshake Client Supported crypto algorithms and protocol versions Secret material encrypted with server pub. key Go to crypto with common algorithm and session key Client Hello Server Hello Client Key Exchange Server Common protocol, Common algorithm, Server certificate Client and Server generate session key from secret material Change Cipher Suite Change Cipher Suite Go to crypto with common algorithm and session key Continues with TLS Record protocol encrypted with session key 23 TLS: Elements of Handshake Client hello Advertises available cipher suites (e.g. RSA, RC4/40, MD5) Server hello Returns the selected cipher suite Server adapts to client capabilities RSA and Server Certificate X.509 digital certificate sent to client, assumes RSA algorithm Client verifies the certificate including that the certificate signer is in its acceptable Certificate Authority (CA) list. Now the client has the server s certified public key. RSA and Client Certificate Optionally, the client can send its X.509 certificate to server, in order to provide mutual authentication, assumes RSA algorithm Anonymous Diffie-Hellman Optionally, the client and server can establish session key using the Diffie-Hellman algorithm 24

TLS: Record Protocol Overview Provides two services for SSL connections. Message Confidentiality: Ensure that the message contents cannot be read in transit. The Handshake Protocol establishes a symmetric key used to encrypt SSL payloads. Message Integrity: Ensure that the receiver can detect if a message is modified in transmission. The Handshake Protocol establishes a shared secret key used to construct a MAC. 25 TLS: Record Protocol Operation Fragmentation: Each application layer message is fragmented into blocks of 214 bytes or less. Compression: Optionally applied. SSL v3 & TLS default compression algorithm is null Add MAC: Calculates a MAC over the compressed data using a MAC secret from the connection state. Encrypt: Compressed data plus MAC are encrypted with symmetric cipher. Permitted ciphers include AES, IDEA,DES, 3DES, RC4 For block ciphers, padding is applied after the MAC to make a multiple of the cipher s block size. 26 SSL/TLS Challenges Higher layers should not be overly reliant on SSL/TLS. Many vulnerabilities exist for SSL/TLS. People are easily tricked Changing between http and https causes vulnerability to SSL stripping attacks SSL/TLS only as secure as the cryptographic algorithms used in handshake protocol: hashing, symmetric and asymmetric crypto. Relies on Browser PKI which has many security issues Fake server certificates difficult to detect Fake root server certificates can be embedded in platform, see e.g. Lenovo Komodia advare scam 27 User Client 1 SSL Stripping Attack http access http login page 6 7 http login credentials Man in the Middle 8 Stolen credentials http access 2 redirect SSL 3 https access 4 https login page 5 Variations include MitM server can connect to client over https in msg (6) with server certificate that has similar domain name as real server. Bank Server Attacker can leave the connection after stealing credentials, then the client connects directly to real server with https 28

User Client Preventing SSL Stripping with HSTS 1 http 6 2 Limitation of HSTS: https access http login page 5 Session blocked Man in the Middle https access https login page 4 No HSTS policy defined in browser at first visit to secure website Can be solved by browser having preloaded list of HSTS websites Browsers would be vulnerable if attacker could delete HSTS cache Bank Server 29 3 HSTS HTTP Strict Transport Security Preventing SSL Stripping A secure server can instruct browsers to only use https When requesting website that uses HSTS, the browser automatically forces connect with https. Users are not able to override policy Two ways of specifying HSTS websites List of HSTS websites can be preloaded into browsers HSTS policy initially specified over a https connection HSTS policy can be changed over a https connection Disadvantages HSTS websites can not use both http and https Difficult for a website to stop using https Can cause denial of service, e.g. no fallback to http in case of expired server certificate 30 Phishing and failed authentication User Phishing email 1 The Mafia Zooko s Triangle of name properties No name class exists of names that are global, unique and memorable Name classes can only have 2 of the 3 required properties Global Looks like HTML Bank Client Access 2 Server certificate Mafia 5 4 TLS setup Fake login page 6 7 Hijacked Login 3 HTML Mafia Server Unique No names land Petnames Memorable The edges of Zooko s triangle represent possible name classes: Pointers, e.g. domain names, www.pepespizza.com Petnames, personal names, e.g. My favourite pizza restaurant Nicknames, local names, e.g. Pepe s Pizza 31 32

Petname Systems Required name properties (Zooko s Triangle) Global, unique and memorable No name class can have all 3 properties Pointers are unique and global, e.g. domain name Nicknames are global and memorable, e.g. Pepes Pizza Petnames are unique and memorable, e.g. PPizza Petname model supports 3 properties of Zooko's triangle through mapping between pointer and petname Petname Systems implement the petname model. Used to enhance security and prevent phishing attacks Petname Tool extension available for Firefox Petname System A Petname tool stores a list of pointers with corresponding personallydefined petnames Thereby unifying all 3 required name properties Pointer www.dnb.no www.gmail.com Facebook.com Petname My bank My gmail Facebook When a pointer name is received, the tool looks up and displays the corresponding petname. The petname can also be a tune or ringtone. 33 34 Phishing detection with Petname System Server authentication with Petname System Warning! No petname Petname Mafia 7 Looks like HTML Bank User 5 2 Phishing email Access Server certificate 4 Mafia TLS setup 1 3 The Mafia Bank 6 4 User 1 Access Server certificate 3 Bank TLS setup 2 Bank Client Fake login page 6 HTML Mafia Server Client Correct login page 5 HTML Bank Server 7 Correct Login 35 36

IP Layer Security IPSec & Virtual Private Networks IPSec: Introduction Internet Protocol security (IPSec) is standard for secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. Uses encryption, authentication and key management algorithms Based on an end-to-end security model at the IP level Provides a security architecture for both IPv4 and IPv6 Mandatory for IPv6 Optional for IPv4 Requires operating system support, not application support. 38 Layer 3 Security IPSec: Security Services IP Sec Operation Message Confidentiality. Protects against unauthorized data disclosure. Accomplished by the use of encryption mechanisms. Message Integrity. IPsec can determine if data has been changed (intentionally or unintentionally) during transit. Integrity of data can be assured by using a MAC. Traffic Analysis Protection. A person monitoring network traffic cannot know which parties are communicating, how often, or how much data is being sent. Provided by concealing IP datagram details such as source and destination address. 39 40

IPSec: Security Services Message Replay Protection. The same data is not delivered multiple times, and data is not delivered grossly out of order. However, IPsec does not ensure that data is delivered in the exact order in which it is sent. Peer Authentication. Each IPsec endpoint confirms the identity of the other IPsec endpoint with which it wishes to communicate. Ensures that network traffic is being sent from the expected host. Network Access Control. Filtering can ensure users only have access to certain network resources and can only use certain types of network traffic. IPSec: Common Architectures Gateway-to-Gateway Architecture Host-to-Gateway Architecture Host-to-Host Architecture 41 42 IPSec: Gateway-to-Gateway Architecture IPSec: Host-to-Gateway Architecture Source: NIST Special Publication 800-77 43 Source: NIST Special Publication 800-77 44

IPSec: Host-to-Host Architecture IPSec: Protocols Types Encapsulating Security Payload (ESP) Confidentiality, authentication, integrity and replay protection Authentication Header (AH) Authentication, integrity and replay protection. However there is no confidentiality Internet Key Exchange (IKE) negotiate, create, and manage security associations Source: NIST Special Publication 800-77 45 46 IPSec: Modes of operation Each protocol (ESP or AH) can operate in transport or tunnel mode. Transport mode: Operates primarily on the payload (data) of the original packet. Generally only used in host-to-host architectures. Tunnel mode: Original packet encapsulated into a new one, payload is original packet. Typical use is gateway-to-gateway and host-to-gateway architectures. Transport Mode ESP Original IP Packet IP Header DATA IP Header ESP Header DATA ESP Trailer ESP Auth Encrypted Authenticated Original IP Packet protected by Transport-ESP 47 48

IPSec - ESP in Transport Mode: Outbound Packet Processing Tunnel Mode ESP The data after the original IP header is padded by adding an ESP trailer and the result is then encrypted using the symmetric cipher and key in the SA. An ESP header is prepended. If an SA uses the authentication service, an ESP MAC is calculated over the data prepared so far and appended. The original IP header is prepended. However, some fields in the original IP header must be changed. For example, Protocol field changes from TCP to ESP. Total Length field must be changed to reflect the addition of the AH header. Checksums must be recalculated. Original IP Packet IP Header DATA New IP Head ESP Head IP Header DATA ESP Trailer ESP Auth Authenticated Original IP Packet protected by Tunnel-ESP Encrypted 49 50 IPSec - ESP in Tunnel Mode: Outbound Packet Processing The entire original packet is padded by adding an ESP trailer and the result is then encrypted using the symmetric cipher and key agreed in the SA. An ESP header is prepended. If an SA uses the authentication service, an ESP MAC is calculated over the data prepared so far and appended. A new outer IP header is prepended. The inner IP header of the original IP packet carries the ultimate source and destination addresses. The outer IP header may contain distinct IP addresses such as addresses of security gateways. The outer IP header Protocol field is set to ESP. Security Associations A security association (SA) contains info needed by an IPSec endpoint to support one end of an IPSec connection. Can include cryptographic keys and algorithms, key lifetimes, security parameter index (SPI), and security protocol identifier (ESP or AH). The SPI is included in the IPSec header to associate a packet with the appropriate SA. Security Associations are simplex need one for each direction of connection stored in a security association database (SAD). Key exchange is largely automated after initial manual configuration by administrator prior to connection setup. (See ISAKMP, IKE, Oakley, Skeme and SAs) 51 52

Risks of using IPSec for VPN Risk of using VPN IPSec typically used for VPN (Virtual Private Networks) A VPN client at external location may be connected to the Internet (e.g. from hotel room or café) while at the same time being connected to home network via VPN. VPN gives direct access to resources in home network. Internet access from external location may give high exposure to cyber threats No network firewall, no network IDS Attacks against the VPN client at external location can directly access the home network through VPN tunnel External Location Attacker Internet Protected Pipe Home Network Secure pipe can be attack channel to home network! 53 54 End of lecture 55

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information