Computer and Network Security



Similar documents
Communication Security for Applications

Web Security Considerations

Communication Systems SSL

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Network Security Part II: Standards

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

IP Security. Ola Flygt Växjö University, Sweden

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

Network Security. Lecture 3

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Chapter 17. Transport-Level Security

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

SSL Secure Socket Layer

Cryptography and Network Security IPSEC

CSC 474 Information Systems Security

CSC Network Security

Secure Socket Layer. Security Threat Classifications

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

SECURE SOCKETS LAYER (SSL)

Protocol Rollback and Network Security

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

SSL Secure Socket Layer

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Chapter 7 Transport-Level Security

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Securing IP Networks with Implementation of IPv6

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Introduction to Computer Security

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Internet Protocol Security IPSec

Introduction to Computer Security

Secure Sockets Layer

Protocol Security Where?

IPsec Details 1 / 43. IPsec Details

Internet Security Architecture

Security vulnerabilities in the Internet and possible solutions

Chapter 5: Network Layer Security

IPSec and SSL Virtual Private Networks

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Transport Level Security

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Network Security Essentials Chapter 5

Overview. SSL Cryptography Overview CHAPTER 1

Laboratory Exercises V: IP Security Protocol (IPSec)

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Authenticity of Public Keys

Internetwork Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Chapter 10. Network Security

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

Transport Layer Security Protocols

The Secure Sockets Layer (SSL)

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

Lecture 4: Transport Layer Security (secure Socket Layer)

Chapter 9. IP Secure

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Ethernet. Ethernet. Network Devices

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

SSL: Secure Socket Layer

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

T Cryptography and Data Security

Chapter 32 Internet Security

CS 4803 Computer and Network Security

EXAM questions for the course TTM Information Security May Part 1

Security Protocols/Standards

IPV6 vs. SSL comparing Apples with Oranges

Application Note: Onsight Device VPN Configuration V1.1

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Insecure network services. Firewalls. Two separable topics. Packet filtering. Example: blocking forgeries. Example: blocking outgoing mail

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Network Security Fundamentals

Lecture 17 - Network Security

Using IPSec in Windows 2000 and XP, Part 2


APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

TLS/SSL in distributed systems. Eugen Babinciuc

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Transcription:

Computer and Network Security c Copyright 2000 R E Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@ciseufledu

Network Security Protocols 1

Network Security Protocols OSI, GSSAPI, IPSO, SSL R E Newman nemo@ciseufledu 352 392 1488 Security Protocol Locations HTTP FTP SMTP TCP IP/IPsec HTTP FTP SMTP SSL/TLS TCP IP SET S/MIME PGP Kerberos HTTP SMTP UDP TCP IP Network Transport Application 2

OSI Reference Architecture Layers 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Link 1 Physical underlying OS security interoperation multiple applications compression, encryption, common coding managing multiple related streams end to end host identification only per packet OH if datagram service higher level entities are treated same only useful for immediate neighbors OSI Security Services Classes 1 Peer entity authentication service no replay Data origin authentication service no modification/duplication prot 2 Access control service 3 Connection confidentiality service Connectionless confidentiality service Selected field confidentiality service Traffic flow confidentiality service 4 Connection integrity service with recovery Connection integrity service without recovery Selected field connection integrity service Connectionless integrity service Selected field connectionless integrity service 5 Non repudiation with proof of origin Non repudiation with proof of delivery 3

TCP Packet Format 0 4 10 16 31 source port destination port sequence number acknowledgment hdr len reserved FIN SYN RST PSH ACK URG window size TCP checksum urgent pointer options (if any) data (if any) UDP Packet Format 0 4 10 16 31 source port UDP length destination port UDP checksum data (if any) 4

IPSO IP Security Option RFC 1825 Overview of IP Security Architecture RFC 1826 Packet Authentication Extension to IP RFC 1827 Packet Encryption Extension to IP RFC 1828 A Specific Authentication Mechanism (MD5) RFC 1829 A Specific Encryption Algorithm IPv4 optional IPv6 support is mandatory Both features implemented in extension headers following main IP header authentication: Authentication Header (AH) privacy: Encapsulating Security Payload (ESP) header (optional authentication) Security Association: one way relationship between sender and receiver (if two way desired, then two SA s needed) SA uniquely identified by IP address and SPI (Security Parameter Index) More than one sender can share same SA with receiver Either ESP or AH, but not both IPSO Authentication Header 0 8 16 31 Next Header Length Reserved SPI sequence number Authentication data (variable number of 32 bit words) IPv4 immediately follows IPv4 header IPv6 after fragmentation and end to end headers, before ESP and transport level headers Next Header = Type of following header Length = number of 32 bit words in this header SPI = Security Parameter Index identifies SA 0 = none exists 1 255 = reserved Authentication data = depends on authentication algorithm must not use crypto weak checksum like CRC calculated on entire IP packet, excluding dynamic fields (TTL,) performed before fragmentation/after assembly if intermediate authentication desired => MTU discovery needed see RFC 1828 MD5 based authentication <p,ksa>md5 5

IPSO Security Association Defining Parameters: Authentication algorithm and algorithm mode in AH (req) Key(s) used with authentication algorithm (req) Encryption algorithm, mode and transform in ESP (req) Key(s) for ESP (req) Flag and size of crypto synch or IV for ESP (req) Authentication algorithm and mode for ESP (rec) Authentication keys for ESP (rec) Key lifetime (rec) SA lifetime (rec) Source address(es) of SA (wildcard if >1 source) (rec) Sensitivity level of protected data (req for MLS, rec o/w) (see RFC 1108 DoD Security Options labels and whose rules are to be used for protection) IPSO Key Management Manual sysadmin configures keys Automated on demand key creations for SAs, support of large systems ISAKMP/Oakley default automated key management protocol Oakley Key determination protocol based on Diffie Hellman ISAKMP Internet Security Association and Key Management Protocol framework for key management provides specfic formats, negotiation protocols 6

IPSO Encapsulating Security Payload A encrypted TCP session B Transport Mode A EGA encrypted tunnel EGB B Tunnel Mode IP Packet Format 0 4 8 16 19 31 version hdr len Type of Svc total length (bytes) datagram identifier flags fragment offset (13 bits) TTL (sec) next protocol header checksum source IP address destination IP address options (if any) data 7

0 IPSO Encapsulating Security Payload 16 24 31 SPI sequence number 0 255 bytes padding encrypted authentication coverage pad length next header Authentication data (variable number of 32 bit words) SPI = security parameters index data = transport level segment (transport mode) or IP packet (tunnel mode) Must support DES in CBC mode IDs for 3 key 3DES, RC5, IDEA, 3 key 3IDEA, CAST, Blowfish MAC default length 96 bits, must support HMAC MD5 96 and HMAC SHA 1 96 IPSO ESP Modes in IPv4 and IPv6 IPv4 Orig IP hdr ESP hdr TCP hdr data ESP Trlr ESP auth IPv6 Orig IP hdr hop d,r,f ESP hdr dest TCP hdr data ESP Trlr ESP auth Transport Mode IPv4 New IP hdr ESP hdr Orig IP hdr TCP hdr data ESP Trlr ESP auth IPv6 new IP h ext hdrs ESP hdr Orig IP hdr ext hdrs TCP data ESP Trlr ESP auth Tunnel Mode 8

IPSO ISAKMP Establish, negotiate, modify, delete IPSO SAs Defines payloads for key generation and authentication data independent of particular key exchange protocol, encryption algorithm, or authentication protocol Five default exchanges Base exchange (4) key and authentication data sent together gives Id ID protection (6) protects IDs by establishing SA first, then key, then auth Authentication only (3) establish AH SA Aggressive (3) authentication and key exchange, reveals IDs Informational (1) one way transmission of info for SA management IPSO ISAKMP Payload Types SA payload begin establishment of SA DOI situation (reqts) Proposal payload SA negotiation ESP/AH SPI # transforms Transform payload Transform # Transform ID parameters defines specific transform, eg, 3DES, HMAC MD5 96 Key Exchange payload KE data depends on key exchange algorithm Identification payload ID data usually IPv4 or IPv6 address Certificate payload transfers public key certificate (eg, PGP, X509,) Certificate Request payload acceptable types, CAs Hash payload for integrity, authentication Signature payload digital signature data integrity, nonrepudiation Nonce payload for liveness, replay prevention Notification payload error or status information Delete payload one or more SAs that are no longer valid 9

IPSO Oakley Key Determination Protocol Based on Diffie Hellman Uses cookies to defeat Denial of Service attacks start by sending cookies before DH exponentiation work can only force target to send ACKs on spoofed sessions cookies depend on source, dest IP/port and secret values Supports groups (preset g, n for DH exchange) Uses nonces to prevent replays Enables DH public key value exhange Authenticates DH key determination to prevent bucket brigade attack digital signatures public key encryption symmetric key encryption Supports various sequences for key exchange (eg, aggressive, 3 msg) Generic Security Service API (GSS API) RFC 1508: GSS API RFC 1509: GSS API bindings for C Provide interoperability for systems with different sets of security mechanisms Be independent of communication protocol, protocol association constructs GSS_{Acquire Release Inquire}_cred() credential management GSS_{Init Accept Delete}_sec_context() GSS_Process_context_token() context management GSS_Context_time() GSS_{Sign Verify Seal Unseal}() per message calls GSS_Display_status() support calls GSS_Indicate_mechs() GSS_{Compare Display Import Release}_name() GSS_Release_{buffer oid_set}() GSS API caller accepts (uninterpreted) tokens provided by local GSS API implementation, sends these to remote peer, who passes them to its impl Calls return a "more" or "done" status to indicate if further processing needed (c) Copyright 1998 Richard E Newman University of florida, Gainesville, FL USA 10

SESAME Application View SMIB DSS CA CAA LRA AS PAS KDS Audit PKM CSF APA Client SACM basic key PVF SACM User Sponsor Initiator Machine Appl Client dialog keys Appl Server Target Machine CSF = Cryptographic Support Facility SACM = Secure Association Context Manager PKM = Public Key Management SMIB = Security Management Information Base PVF = PAC Validation Facility APA = Authentication and Privilege Attribute (c) Copyright 1998 Richard E Newman University of florida, Gainesville, FL USA SESAME CA CA domain AS = Authen Svr CA = Cert Authority CCA = offline Cert Auth Agent LRA = Local Reg n Auth CAA PAS = Priv Attrib Svr KDS = Key Distrib Svr DSS = Domain Sec Svr AS LRA LRA AS authenticate PAS PAS get privilege KDS DSS KDS DSS get server key (like TGS) SESAME domain 1 SESAME domain 2 (c) Copyright 1998 Richard E Newman University of florida, Gainesville, FL USA 11

Secure Socket Layer Protocol Stack SSL SSL Change Handshake Cipher Spec SSL Record protocol TCP IP SSL Alert HTTP Connection OSI transport; peer to peer, transient relationship Each connection associated with one session Session client server association created by Handshake Protocol Set of cryptographic security parameters to be used over many connections SSL Connection State Client and Server Random random bytes chosen for each connection Server write MAC secret secret key used by server in MACs Client write MAC secret secret key used by client in MACs Server write key symmetric key used by server to encrypt data Client write key symmetric key used by client to encrypt data Initialization vectors IV for each key used with CBC mode Initialized by Handshake Protocol, then last ciphertext block from each record used as IV for next record Sequence numbers each party has its own 64 bit sequence numbers Change cipher spec messages (sent or received) reset these to 0 Sequence numbers may not wrap around 12

SSL Record Protocol Payload Formats 1 1 Type 1 Length 4 Content Change Cipher Spec Handshake 1 2 Level Alert Alert upper layer content other upper layer protocol SSL Record Protocol Provides Confidentiality (SSL Handshake Protocol defines symmetric keys) Message Integrity (Handshake Protocol defines MAC secrets) Steps Fragment into 16384 byte (max) chunks Compress lossless, no expansion more than 1024 bytes (default null) Add MAC H(MWS pad 2 H(MWS pad 1 seq # SSL comp type SSL comp length SSL compressed fragment)) Encrypt may not increase length by more than 1024 bytes Prepend header Content type (8), Major version (8), Minor version (8), Compressed length (16 bits) Content type is change_cipher_spec, alert, handshake, or application_data 13

SSL Session State Session ID for server to identify active or resumable state info Peer certificate X509v3 certificate of peer (may be null) Compression method for pre encryption compression Cipher spec bulk encryption algorithm, hash algorithm, other parameters (eg, hash length) Master Secret 48 byte secret shared between client and server Is resumable Flag indicates whether the session may be used to initiate new connections SSL Handshake Protocol negotiate Client server_hello client_hello Server server authenticate & key exchange client authenticate & key exchange finish certificate* server_key_exchange* certificate_request* server_hello_done certificate* client_key_exchange certificate_verify* change_cipher_spec finished change_cipher_spec finished 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information