Embed Size (px)
DESCRIPTION
CSCI 467 – IP and Web Security. Chapter 16, 17 from Cryptography and Network Security, 4 th Edition, William Stallings. Jason Detchevery With slides adapted from Lawrie Brown April 1 st 2009. IP Security Chapter 16. IP Security. Chapter Goals Understand why we use IP Security (IPSec) - PowerPoint PPT Presentation
Citation preview
CSCI 467 – IP and Web SecurityChapter 16, 17 from Cryptography and Network Security,
4th Edition, William Stallings
Jason DetcheveryWith slides adapted from Lawrie Brown
April 1st 2009
IP SecurityChapter 16
IP Security
• Chapter Goals• Understand why we use IP Security (IPSec)• To learn how IP Security works• Gain insight on the specific sections• The pros and cons of IP Security• Learn of specific implementations IP Security• Learn of IP Security Architecture and Standers
IP Security
• Purpose of IP Security• Application specific security measures insufficient• Organizations have needs of security which cut layers• IP-level security enhances both application security
already in place, and provides to security to applications lacking security
• What an IP Security system should provide• Three functional areas• Authentication• Confidentiality• Key management
• Look at security architecture, then each of the functional areas
IP Security Overview
• IP Security: Known as “IPSec”• IPv6 (successor to IPv4) has authentication and encryption• IPSec was designed to be work with both IPv4 and IPv6• In v6, IPSec’s implementation is mandatory• For IPv4, it’s still optional• Benefit is v6 security can be rolled out immediately, before v6 is mainstream
IPSec Applications
• Secure communications across a LAN• Indented uses of IPSec:
• Companies can use Internet for secure intra-office communication• Secure remote access (VPN, dial systems) from external computer to secured network• Secure connectively of terminals between companies• Adding security to E – commerce (which as application level security)
IPSec Applications
IPSec Benefits
• Applied on a router level to all traffic• Hard to bypass when used for firewall implementation• Below the transport layer: software is unaffected• Transparent to users• Can be customized to specific users• IPSec used in routing:
• router advertisements are authentic• neighbor advertisements are authentic• verification of redirect messages• prevents update forges
IP Security Architecture
• Complex specification (many documents/specs)• Protocols specify:
• Architecture• Encapsulating Security Payload (ESP)• Authentication Header (AH)• Encryption Algorithm• Authentication Algorithm• Key Management• Domain of Interpretation
IPSec Services
• Services at the IP Layer• Selecting protocols, algorithms, crypto-keys• Important security protocols: ESP and AH
• ESP and AH services:• Access control• Connectionless integrity• Data origin authentication• Rejection of replayed packets• Confidentiality (cipher text)• Confidentiality with limited cipher text
IPSec Services
Security Associations
• Very important concept (used throughout)• Association: one-way relationship between sender and receiver• Provides security on traffic between it
• Can use two Security Associations (SA’s) for two way communication• Services provided to AH, ESP, but not both simultaneously (but can be combined, as seen later)• SA uniquely identified by three parameters: Security Parameters Index (SPI), IP Destination Address, Security Protocol Identifier
SA Parameters
• An SA must carry with it a number of important values• Sequence Number Counter• Sequence Counter Overflow• Anti-replay window• AH, ESP Information• Lifetime of the SA• Protocol mode (Tunnel/Transport, see in a moment)• MTU: Maximum transmission unit
SA Selectors
• IPSec: Flexibility on application of services to traffic• How to relate IP traffic to an SA?• Security Policy Database:
• Simple idea: Table to relate subset of IP traffic to a specific SA• Becomes very complex (many to many relationship)
• An entry: IP and upper-layer protocol field values• Known as selectors (filter outgoing traffic to SA)
• Outgoing traffic: 1) compares fields of packet against SPD, finds match. 2) Determine the SA (if exists) 3) Do IPSec (AH ESP)
SPD Entry
• What does an SPD entry look like?• Destination IP Address – Single or Range (mask)• Source IP Address• UserID• Data Sensitivity Level• Transport Layer Protocol• Source and Destination Ports
Transport and Tunnel Mode
• Another important concept reused:• Transport mode: Protection of packet payload• Tunnel mode: Protection of entire packet
• Transport mode used in end to end communication between hosts.
• ESP: encrypts (+ authenticate) payload, not header• AH: Authenticates payload, selected header bits
• Tunnel mode: new routing info added• ESP: encrypts (+ authenticate) packet(not outer header)• AH: authenticates entire packet, selected outer bits
Authentication Header
• Adds data integrity and authentication to IP packets• Integrity: avoid alteration of packets• Authentication: filter traffic correctly• Prevent spoof attacks and replay attacks• Uses a message authentication code (MAC)
• Required shared secret key• Uses the following fields:
• Next Header, Payload Length• Reserved, SPI• Sequence Number, Authentication Data
Authentication Header
Preventing Replays
• Attacker grabs authentic packet, transmits later• Sequence Number tries to prevent this• Sequence Number is generated by sender for a new SA
• Starts and 0 and increments to 232 – 1• Incremented for each new packet, thus first value, 1• Cannot be allowed to cycle. Passing limit must negotiate NEW SA with a NEW secret key• Since IP does not guarantee packet delivery order (or at all for that matter), the receiver uses the familiar sliding window concept for data transmission.
Integrity Check Value
• ICV value in the Authentication Data• Authentication code from a MAC algorithm• Can use HMAC-MD5-96 or HMAC-SHA-1-96• Calculation of the MAC code:
• Includes immutable fields and predictable fields• Other fields set to 0• Authentication Data field = 0• Includes all additional protocol information (TCP/IP), which should be immutable• Recalculated and destination
Transport and Tunnel Modes
Encapsulating Security Payload
• Confidentiality services• ESP can optionally provide authentication• Parameters in an ESP Packet:
• Security Parameters Index• Sequence Number• Payload Data• Padding• Pad Length• Next Header• Authentication Data (e.g. ICV value)
Encapsulating Security Payload
• Uses any number symmetric encryption algorithms• Three-key DES• RC5• Blowfish• More
• Specified by the DOI• Padding:
• Padding can indicate cipher text length, make plain text long enough• Used to align fields• Conceal actual payload length
Encryption and Decryption
Transport and Tunnel Modes
• Transport Mode• IP Header removed. Payload (including TCP header) encrypted/replaced by cipher text• Header attached/sent to destination• Destination detaches and decrypts payload
• Tunnel Mode• Entire packet is encrypted• New IP Header added to cipher text and routed• Decrypts the packet at destination• Secondary header used for final routing
Combining Security Associates/Keys
• Can combine security associates (4 cases)• IPSec requires management of secret keys• Two types of key management: auto and manual• Oakley Key Determination Protocol (like Diffie-Hellman, but more secure)
• Cookies against clog attacks• nonces to prevent replays• authenticate against man in the middle
• Internet Security Association and Key Management Protocol (allows various key exchange algorithms)
Web SecurityChapter 17
Web Security Introduction
• Need for security on the Transport Control Protocol (TCP) Layer• Uses Secure Socket Layer (SSL) and Internet standard SSL called Transport Layer Service• Allows TCP users to indentify security mechanisms• Particularly concerted with E – commerce security: Secure Electronic Transaction (SET)
Web Security Considerations
• Room for nearly all levels of security in the Web• E.g. previous considerations
• Nevertheless: Web presents unique challenges• All communication two way thus doubling the opportunity for attack• Web integrated into business: high losses if security compromised• Security flaws in complex software• Web Servers may provide access to local intranet• Users not aware of security risks
Threats Classifications
Web Security Approaches
• Different ways of implementing security• Similar in services and (to an extent) mechanisms• Differ with respect to scope and location with TCP/IP stack• Simple security: Use IP Security! IPSec runs over TCP• Another solution: Run security just above TCP, below IP
• Basis of SSL and TLS• Choice: Make SSL/TLS transparent or integrate into applications? (advantage: tailored to needs, disadvantage: complexity)
SSL and TLS
• Current version is SSL v3. TLS is essentially SSLv3.1• Not a “successor” exactly, just a different standard
• SSL Architecture• Make TCP reliable/secure• Higher level protocols operate (HTTP for instance) on SSL• SSL uses three protocols: Handshake Protocol, Change Cipher Spec Protocol, Alter Protocol• Also a special “record” protocol• Used in management of SSL exchanges
SSL Architecture
SSL Session and Connection
• Connection: A transport (recall OSI layers) providing suitable service types. Here, these are peer-to-peer connections and are transient (short lived). That is, connections associated with one session.• Session: An association between client and a server. The Handshake protocol initiates sessions, which define cryptographic parameters. The parameters may be shared: in fact we use sessions to avoid negotiation of new security parameters for each connection (expensive)
Session and Connection States
• Session state has following parameters•Session Identifier, Peer certificate (X509, etc)• Compression Method• Cipher spec (data encryption) and hash• Master secret• Is resumable?
• Connection state:•Server and client randomness• Keys: Server/Client MAC, Server/Client Write• Initialization vectors• Sequence numbers
SSL Record Protocol
• SSL Record protocol provides two services:• Confidentiality
• Using symmetric encryption with a shared secret key defined by Handshake Protocol•AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128• Message is compressed before encryption
• Message integrity• Using a MAC with shared secret key• Similar to HMAC but with different padding
• Concerns itself with: fragmentation, compression, authentication (MAC), encryption, header
SSL Record Appearance
Handshake Protocol
• Allows server & client to:• Authenticate each other• To negotiate encryption & MAC algorithms• To negotiate cryptographic keys to be used
•Comprises a series of messages in phases• Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange• Finish
Handshake Protocol
• One of 3 SSL specific protocols which use the SSL Record protocol• A single message• Causes pending state to become current• Hence updating the cipher suite in use
SSL Change Cipher Spec Protocol
• Conveys SSL-related alerts to peer entity• Severity
• Warning or fatal• Specific Alert
• Fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter• Warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown
• Compressed & encrypted like all SSL data
SSL Alert Protocol
• As stated, standard similar to SSL• Some differences:
• Un record format version number • Uses HMAC for MAC• A pseudo-random function expands secrets• Has additional alert codes• Some changes in supported ciphers• Changes in certificate types & negotiations• Changes in crypto computations & padding
Transport Layer Security
• Open encryption & security specification• To protect Internet credit card transactions• Developed in 1996 by Mastercard, Visa etc• Not a payment system• Rather a set of security protocols & formats
• Secure communications amongst parties• Trust from use of X.509v3 certificates • Privacy by restricted info to those who need it
Secure Electronic Transactions
SET Components
SET Transaction
• Customer opens account• Customer receives a certificate• Merchants have their own certificates• Customer places an order• Merchant is verified• Order and payment are sent• Merchant requests payment authorization• Merchant confirms order• Merchant provides goods or service• Merchant requests payment
Purchase Request
• SET purchase request exchange consists of four messages
• Initiate Request - get certificates• Initiate Response - signed response • Purchase Request - of OI & PI• Purchase Response - ack order
Payment Gateway Authorization
• Verifies all certificates• Decrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization block• Verifies merchant's signature on authorization block• Decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block• Verifies dual signature on payment block• Verifies that transaction ID received from merchant matches that in PI received (indirectly) from customer• Requests & receives an authorization from issuer• Sends authorization response back to merchant
Payment Capture
• Merchant sends payment gateway a payment capture request• Gateway checks request• Then causes funds to be transferred to merchants account• Notifies merchant using capture response
