Embed Size (px)
DESCRIPTION
Network Security Essentials Chapter 5. Fourth Edition by William Stallings Lecture slides by Lawrie Brown. Chapter 5 – Transport-Level Security. Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter. Web Security. - PowerPoint PPT Presentation
Citation preview
Network Security Network Security EssentialsEssentialsChapter 5Chapter 5
Fourth EditionFourth Edition
by William Stallingsby William Stallings
Lecture slides by Lawrie BrownLecture slides by Lawrie Brown
Chapter 5 – Chapter 5 – Transport-Level SecurityTransport-Level Security
Use your mentalityUse your mentality
Wake up to realityWake up to reality
——From the song, "I've Got You under My From the song, "I've Got You under My Skin“ by Cole PorterSkin“ by Cole Porter
Web SecurityWeb Security
Web now widely used by business, Web now widely used by business, government, individualsgovernment, individuals
but Internet & Web are vulnerablebut Internet & Web are vulnerable have a variety of threatshave a variety of threats
integrityintegrity confidentialityconfidentiality denial of servicedenial of service authenticationauthentication
need added security mechanismsneed added security mechanisms
Web Traffic Security Web Traffic Security ApproachesApproaches
SSL (Secure Socket Layer)SSL (Secure Socket Layer)
transport layer security servicetransport layer security service originally developed by Netscapeoriginally developed by Netscape version 3 designed with public inputversion 3 designed with public input subsequently became Internet standard subsequently became Internet standard
known as TLS (Transport Layer Security)known as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end uses TCP to provide a reliable end-to-end
serviceservice SSL has two layers of protocolsSSL has two layers of protocols
SSL ArchitectureSSL Architecture
SSL ArchitectureSSL Architecture
SSL connectionSSL connection a transient, peer-to-peer, communications linka transient, peer-to-peer, communications link associated with 1 SSL sessionassociated with 1 SSL session
SSL sessionSSL session an association between client & serveran association between client & server created by the Handshake Protocolcreated by the Handshake Protocol define a set of cryptographic parametersdefine a set of cryptographic parameters may be shared by multiple SSL connectionsmay be shared by multiple SSL connections
SSL Record Protocol SSL Record Protocol ServicesServices
confidentialityconfidentiality using symmetric encryption with a shared using symmetric encryption with a shared
secret key defined by Handshake Protocolsecret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, AES, IDEA, RC2-40, DES-40, DES, 3DES,
Fortezza, RC4-40, RC4-128Fortezza, RC4-40, RC4-128 message is compressed before encryptionmessage is compressed before encryption
message integritymessage integrity using a MAC with shared secret keyusing a MAC with shared secret key similar to HMAC but with different paddingsimilar to HMAC but with different padding
SSL Record Protocol SSL Record Protocol OperationOperation
SSL Change Cipher Spec SSL Change Cipher Spec ProtocolProtocol
one of 3 SSL specific protocols which use one of 3 SSL specific protocols which use the SSL Record protocolthe SSL Record protocol
a single messagea single message causes pending state to become currentcauses pending state to become current hence updating the cipher suite in usehence updating the cipher suite in use
SSL Alert ProtocolSSL Alert Protocol conveys SSL-related alerts to peer entityconveys SSL-related alerts to peer entity severityseverity
• warning or fatalwarning or fatal
specific alertspecific alert• fatal: unexpected message, bad record mac, fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal decompression failure, handshake failure, illegal parameterparameter
• warning: close notify, no certificate, bad certificate, warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, unsupported certificate, certificate revoked, certificate expired, certificate unknowncertificate expired, certificate unknown
compressed & encrypted like all SSL datacompressed & encrypted like all SSL data
SSL Handshake ProtocolSSL Handshake Protocol allows server & client to:allows server & client to:
authenticate each otherauthenticate each other to negotiate encryption & MAC algorithmsto negotiate encryption & MAC algorithms to negotiate cryptographic keys to be usedto negotiate cryptographic keys to be used
comprises a series of messages in phasescomprises a series of messages in phases1.1. Establish Security CapabilitiesEstablish Security Capabilities
2.2. Server Authentication and Key ExchangeServer Authentication and Key Exchange
3.3. Client Authentication and Key ExchangeClient Authentication and Key Exchange
4.4. FinishFinish
SSL SSL Handshake Handshake
ProtocolProtocol
Cryptographic ComputationsCryptographic Computations
master secret creationmaster secret creation a one-time 48-byte valuea one-time 48-byte value generated using secure key exchange (RSA / generated using secure key exchange (RSA /
Diffie-Hellman) and then hashing infoDiffie-Hellman) and then hashing info generation of cryptographic parametersgeneration of cryptographic parameters
client write MAC secret, a server write MAC client write MAC secret, a server write MAC secret, a client write key, a server write key, a secret, a client write key, a server write key, a client write IV, and a server write IVclient write IV, and a server write IV
generated by hashing master secretgenerated by hashing master secret
TLS (Transport Layer TLS (Transport Layer Security)Security)
IETF standard RFC 2246 similar to SSLv3IETF standard RFC 2246 similar to SSLv3 with minor differenceswith minor differences
in record format version numberin record format version number uses HMAC for MACuses HMAC for MAC a pseudo-random function expands secretsa pseudo-random function expands secrets
• based on HMAC using SHA-1 or MD5based on HMAC using SHA-1 or MD5 has additional alert codeshas additional alert codes some changes in supported cipherssome changes in supported ciphers changes in certificate types & negotiationschanges in certificate types & negotiations changes in crypto computations & paddingchanges in crypto computations & padding
HTTPSHTTPS HTTPS (HTTP over SSL) HTTPS (HTTP over SSL)
combination of HTTP & SSL/TLS to secure combination of HTTP & SSL/TLS to secure communications between browser & servercommunications between browser & server• documented in RFC2818documented in RFC2818• no fundamental change using either SSL or TLSno fundamental change using either SSL or TLS
use https:// URL rather than http://use https:// URL rather than http:// and port 443 rather than 80and port 443 rather than 80
encryptsencrypts URL, document contents, form data, cookies, URL, document contents, form data, cookies,
HTTP headersHTTP headers
HTTPS UseHTTPS Use
connection initiationconnection initiation TLS handshake then HTTP request(s)TLS handshake then HTTP request(s)
connection closureconnection closure have “Connection: close” in HTTP recordhave “Connection: close” in HTTP record TLS level exchange close_notify alertsTLS level exchange close_notify alerts can then close TCP connectioncan then close TCP connection must handle TCP close before alert exchange must handle TCP close before alert exchange
sent or completedsent or completed
Secure Shell (SSH)Secure Shell (SSH) protocol for secure network communicationsprotocol for secure network communications
designed to be simple & inexpensivedesigned to be simple & inexpensive SSH1 provided secure remote logon facilitySSH1 provided secure remote logon facility
replace TELNET & other insecure schemesreplace TELNET & other insecure schemes also has more general client/server capabilityalso has more general client/server capability
SSH2 fixes a number of security flawsSSH2 fixes a number of security flaws documented in RFCs 4250 through 4254documented in RFCs 4250 through 4254 SSH clients & servers are widely availableSSH clients & servers are widely available method of choice for remote login/ X tunnelsmethod of choice for remote login/ X tunnels
SSH Protocol StackSSH Protocol Stack
SSH Transport Layer ProtocolSSH Transport Layer Protocol server authentication occurs at transport server authentication occurs at transport
layer, based on server/host key pair(s)layer, based on server/host key pair(s) server authentication requires clients to know server authentication requires clients to know
host keys in advancehost keys in advance packet exchangepacket exchange
establish TCP connection establish TCP connection can then exchange datacan then exchange data
• identification string exchange, algorithm identification string exchange, algorithm negotiation, key exchange, end of key exchange, negotiation, key exchange, end of key exchange, service requestservice request
using specified packet formatusing specified packet format
SSH User Authentication SSH User Authentication ProtocolProtocol
authenticates client to serverauthenticates client to server three message types:three message types:
SSH_MSG_USERAUTH_REQUESTSSH_MSG_USERAUTH_REQUEST SSH_MSG_USERAUTH_FAILURE SSH_MSG_USERAUTH_FAILURE SSH_MSG_USERAUTH_SUCCESSSSH_MSG_USERAUTH_SUCCESS
authentication methods usedauthentication methods used public-key, password, host-basedpublic-key, password, host-based
SSH Connection ProtocolSSH Connection Protocol runs on SSH Transport Layer Protocolruns on SSH Transport Layer Protocol assumes secure authentication connectionassumes secure authentication connection used for multiple logical channelsused for multiple logical channels
SSH communications use separate channelsSSH communications use separate channels either side can open with unique id numbereither side can open with unique id number flow controlledflow controlled have three stages:have three stages:
• opening a channel, data transfer, closing a channelopening a channel, data transfer, closing a channel four types:four types:
• session, x11, forwarded-tcpip, direct-tcpip.session, x11, forwarded-tcpip, direct-tcpip.
SSH SSH Connection Connection
Protocol Protocol ExchangeExchange
Port ForwardingPort Forwarding
convert insecure TCP connection into a convert insecure TCP connection into a secure SSH connectionsecure SSH connection SSH Transport Layer Protocol establishes a SSH Transport Layer Protocol establishes a
TCP connection between SSH client & serverTCP connection between SSH client & server client traffic redirected to local SSH, travels client traffic redirected to local SSH, travels
via tunnel, then remote SSH delivers to servervia tunnel, then remote SSH delivers to server supports two types of port forwardingsupports two types of port forwarding
local forwarding – hijacks selected trafficlocal forwarding – hijacks selected traffic remote forwarding – client acts for serverremote forwarding – client acts for server
SummarySummary
have considered:have considered: need for web securityneed for web security SSL/TLS transport layer security protocolsSSL/TLS transport layer security protocols HTTPSHTTPS secure shell (SSH)secure shell (SSH)
