Networking Overview

About This Presentation

Title:

Networking Overview

Description:

... 8080 for HTTP and not get arrested. But both client and server must ... RST --- reset the connection, due to error or an interruption (abnormal termination) ... – PowerPoint PPT presentation

Number of Views:228

Avg rating:3.0/5.0

Slides: 134

Provided by: marks9

Learn more at: http://www.cs.sjsu.edu

Category:

Tags: arrested | connection | in | networking | overview

more less

Transcript and Presenter's Notes

Title: Networking Overview

1
Networking Overview
2
TCP/IP

TCP/IP Transmission Control Protocol/Internet
Protocol
Almost ubiquitous protocol for communication over
network
Many other networking protocols
ATM, X.25, SS7, Sonet,
But TCP/IP has taken over the world

3
TCP/IP

Here, a brief overview of TCP/IP
For more info, see, for example,
Computer Networks, Tanenbaum
Computer Networks and Internets, Comer
Computer Networking A Top Down Approach
Featuring the Internet, Kurose and Ross
TCP/IP Protocol Suite, Forouzan

4
Why TCP/IP?

Almost everywhere
Author developed payphone billing protocol in
1992
Used X.25, later ported to SS7
Today would almost certainly use TCP/IP
TCP/IP makes the world extremely hackable

5
OSI Reference Model

In 1980, ISO developed OSI
Computer communication over network
Protocol layering
Breaks problem into small parts
Layer provides service to next higher

Modular
Makes it easy, for example, to replace Ethernet
with wireless

6
OSI Reference Model

Layer 7 --- Application Layer
Links application to the communication channel
Layer 6 --- Presentation Layer
How to represent bits for transmission
Layer 5 --- Session Layer
Coordinate (multiple) sessions
Layer 4 --- Transport Layer
Logical channel between systems

7
OSI Reference Model

Layer 3 --- Network Layer
Move data from host-to-host, across network core
(interconnected mesh of routers)
Layer 2 --- Data Link Layer (or Link Layer)
Move data across one hop
Layer 1 --- Physical Layer
Transmit bits across a physical link (fiber
optic, copper cable, wireless, etc.)
Note Layers 7,6,5 often treated as one

8
TCP/IP, Our Hero

Layers from TCP/IPs perspective
Application Layer --- Program trying to
communicate using TCP/IP
E.g., email servers, SSH client and server, etc
Transport Layer --- Includes TCP and UDP
TCP provides reliable delivery
UDP is bare bones transport layer protocol

9
TCP/IP, Our Hero

Network Layer --- Based on IP
Deliver packets from end-to-end
To be cool, you must say layer 3
Data Link Layer --- One hop
Layer 2
Physical Layer --- The physical media

10
TCP/IP Protocol Stack

TCP/IP synonymous with transport layer and
network layer (combined)
For example

11
Layering (Again)

Each layer adds some info
Usually added to beginning, so called a header

12
Terminology

Application layer ? packet
Transport layer ? TCP segment (for example)
Network layer ? IP datagram
Data link/physical layer(s) ? frame
We may use packet for all of these

13
TCP/IP

Protocols TCP, UDP, IP, ICMP
Defined in RFCs 791 thru 793

Developed for academic research
No thought of security
No confidentiality, integrity, authentication,

14
TCP/IP and Security

Originally, no security in TCP/IP
Any security provided by applications
But TCP/IP retrofit for security
IPSec --- security at the IP layer
Built in security for applications
IPSec is a bloated and complex protocol

15
TCP

TCP provides reliable delivery
Most familiar apps use TCP
Web browsing (HTTP)
Secure shell (SSH)
File transfer (FTP)
Email (SMTP, POP, IMAP)
Etc., etc., etc.
For most apps, TCP saves a lot of work

16
TCP Header

Every TCP packet includes header

17
TCP Port Numbers

Source port, destination port
16-bit numbers
Tells which door to send data to
Source outgoing door, etc.
Server application listens on a port
Listening ports are open
Non-listening ports are closed

18
TCP Port Numbers

Examples of well-known ports
TCP port 21 --- FTP
TCP port 22 --- SSH
TCP port 23 --- telnet
TCP port 25 --- SMTP
TCP port 80 --- HTTP
TCP port 6000 --- The X Window System (X11)
Note these ports are used by convention
Could use 8080 for HTTP and not get arrested
But both client and server must know this

19
Ports

Example

Note that attackers want to know which ports
(doors) are open

20
Ports

To see which ports are in use
Locally, use netstat -na

21
TCP Control Bits

Control bits or flags

For 3-way handshake, and other special things

22
TCP Control Bits

Originally, 6 control bits
URG --- urgent data, give it priority (or not)
ACK --- acknowledge earlier data
PSH --- push data thru now
RST --- reset the connection, due to error or an
interruption (abnormal termination)
SYN --- synchronize sequence numbers
FIN --- no more data, so tear down connection

23
TCP Control Bits

Two additional control bits
CWR --- congestion window reduced due to network
congestion, reduced window size
ECE --- explicit congestion notification echo
connection is experiencing congestion
For congestion control issues

24
TCP 3-Way Handshake

Used to establish TCP connection

Note sequence numbers ISNA and ISNB
ACK and SYN flag bits used here

25
TCP 3-Way Handshake

Establishes connection
Sequence numbers enable TCP to
Make sure all packets arrive
Make sure all packets delivered in order
FIN bit used when session torn down
RST used to end in error cases

26
Other Fields in TCP Header

Data offset --- where the data begins
Reserved --- reserved for future use (or for
clever attackers)
Window --- controls number of outstanding
packets prevents one side from sending too fast
(flow control)
Checksum --- error detection (uses CRC)

27
Other Fields in TCP Header

Urgent pointer --- if URG flag set, tells where
the urgent data is located
Options --- additional info (e.g., the max size
of packet) variable size
Padding --- used to make things line up on 32-bit
boundaries

28
UDP

UDP User Datagram Protocol
Minimal no frills transport protocol
Does minimum possible
Connectionless
No flow control, no congestion control, packets
can be out of order, not arrive,
UDP Unreliable Damn Protocol

29
UDP

Why use UDP?
Low overhead
8 byte header vs 20 bytes (or more) for TCP
No congestion control/flow control
How can this be good?

30
Where is UDP Used?

Streaming audio/video
Some packet loss is OK
Example Real Player, UDP port 7070
Apps where low overhead is useful
Trivial FTP (TFTP), UDP port 69
Simple Network Management Protocol (SNMP), UDP
port 161

31
FTP vs UDP

Which is more secure?
With UDP, more work for firewalls
Hard to track connections
Example Slammer worm fit into one 376-byte UDP
packet got thru firewalls
But neither TCP nor UDP offer any real security
(confidentiality, etc.)

32
IP

IP Internet Protocol
Not intellectual property
IP is the network layer protocol today
Mostly IPv4
IPv6 used a little bit --- offers more addresses
and more security
Here, we focus on IPv4

33
IP Header

Note that source and destination addresses each
32 bits

34
What is a Network?

LAN Local Area Network
LANs are building blocks of networks
LAN is bunch of computers connected together by
hub, switch, wireless,
No router between computers on a LAN
Usually, small geographic area

35
What is a Network?

LANs are connected by routers
Routers move packets between LANs

36
IP Addresses

IP addresses are 32 bits
Identify hosts (computers) on network
Written in dotted decimal notation
Author calls it dotted quad notation

37
IP Addresses

Every IP packet has source and destination IP
addresses
Every IP address has 2 parts
One part identifies the network (LAN)
One part identifies the specific host
Makes routing more efficient
But which part is which?

38
Netmasks

Leftmost bits are network part of address
Netmask (subnet mask) often used
Uses AND operation

Classless Inter-Domain Routing (CIDR) notation
10.21.0.0/16

39
Packet Fragmentation

Link may accept packet of max length
What if packet is too big?
Fragmentation!
Router chops packet into pieces
Reassembled at destination
Fields in IP header identify fragments (and how
to reassemble them)

40
Fragmentation Bits

Dont fragment bit
0 OK to fragment, 1 dont fragment
More fragments bit
0 last fragment, 1 more fragments
Fragmentation opens door to attacks
Firewalls/IDS do not like fragments

41
Other Stuff in IP Header

Version --- IPv4 or IPv6
Hlen --- total length of IP header
Service Type --- for quality of service
Total Length --- length of data and header
Identification --- for fragment reassembly
Flags --- dont fragment, more fragments,
Fragmentation Offset --- how to reassemble
fragments

42
Other Stuff in IP Header

Time-to-Live (TTL) --- max number of hops
remaining before packet dies
Protocol --- TCP or UDP
Header Checksum --- error detection in header
(recomputed at each router)
Source IP Address --- from
Destination IP Address --- to
Options --- e.g., source routing
Padding --- pad length to multiple of 32 bits

43
ICMP

Internet Control Message Protocol
Like the network plumber
Host uses ICMP to see if another host is alive
and responding
Router uses ICMP to tell source it does not know
how to route a packet
Host can tell another host to stop sending data
so fast, etc., etc.

44
ICMP

Same packet format as IP
Protocol field is set to 1
Many ICMP message types
Common types listed on next 2 slides

45
ICMP

Name (type number) --- explanation
Echo reply (0) --- response to ping
Destination unreachable (3) --- IP packet cannot
be delivered (sent by router or host)
Source quench (4) --- slow down!
Redirect (5) --- send data to different router
Echo (8) --- ping (is system responding?)

46
ICMP

Message, type number, explanation
Time Exceeded (11) --- TTL exceeded, or problem
reassembling fragments
Parameter Problem (12) --- bad parameter
Timestamp (13) --- request systems time
Timestamp Reply (14) --- send system time
Information Request (15) --- used to determine
which network a host is on
Information Reply (16) --- network IP address

47
Routing Packets

How routers get packets thru network
Like Little Red Riding Hood trying to find the
best path to grandmas house
Dynamic routing protocols
RIP, OSPF, BGP
As if trees in the forest calculate best path and
tell Red which way to go

48
Routing Packets

Static routing protocols
Hard-coded routes
Red always has to go the same way
Source routing
Source specifies route in packet
Step-by-step directions to Grandmas house
tattooed on Reds forehead

49
NAT

Network Address Translation
Address-related problems
Not enough IP addresses to go around
Internal network uses illegal or unroutable
(private) addresses
Solutions NAT
Gateway (i.e., router or firewall) translates
addresses

50
NAT

Outgoing --- gateway replaces internal address
with valid IP address
Incoming --- gateway replaces valid IP address
with internal address
Note that gateway must remember!

51
How to Implement NAT?

Map single IP address
Every packet mapped to one IP address
Vary source port numbers
Port Address Translation (PAT)
One-to-one mapping
Internal address mapped to unique IP address
Dynamically allocate addresses
Multiplex internal addresses to IP addresses
Not as popular as other 2 approaches

52
NAT and Security

NAT hides internal IP addresses
Might be harder for attacker to map network
topology
NAT of limited security value
Attacker could take over NAT device
Attacker could let NAT do its job and attack
internal network
Some argue NAT harms security (IPSec)

53
Firewalls Pick Your Analogy

Network traffic cop
Network soccer goalie

54
Firewalls

Filter based on
Services, addresses, data, etc., etc.
May be used to protect
Your network from Internet
Your network from partners network
Your network from your network
Internet from your network

55
Firewalls

Attacker kick ball past goalie

56
Firewalls

Three types of firewalls
Packet filter (network layer)
Stateful packet filter (transport layer)
Proxy-based firewall (application layer)
All firewalls one of these types
In spite of marketing
Also, Intrusion Prevention Systems (IPS)
Not quite the same as firewall

57
Packet Filter

Filter each packet individually
No concept of state
Can filter based on
Source/destination IP address
Source/destination port (application specific)
TCP control bits (SYN, ACK, etc.)
Protocol (e.g., allow TCP, deny UDP)
Direction (incoming, outgoing)
Interface (trusted or untrusted network)

58
Packet Filter

Access control list (ACL), e.g.,

Flag Bits
Source IP
Dest IP
Source Port
Dest Port
Action
Protocol
Allow Inside Outside Any 80 HTTP
Allow Outside Inside 80 gt 1023 HTTP
Deny All All All All All
Any
ACK
All

Start at top and work down the list
What do 1st, 2nd, 3rd lines do?

59
Packet Filter

Disadvantage very limited view
Consider ACL on previous slide
Easy to kick ball past this goalie
E.g., ACK scan
Even worse with UDP
No flag bits
Advantages speed and simplicity

60
Stateful Packet Filter

Improve packet filter by adding state
State remember something (packets)
Remember each active connection
State table info on active connections
Time out, typically, after 10 to 90 seconds
Can see how/if new packet fits into ongoing
connection
For example, ACK must be preceeded by SYN

61
Stateful Packet Filter

With packet filter
Attacker can ACK scan for open ports
Send ACK packets with no prior SYN
With stateful packet filter
ACK scan fails
Packets dropped since no prior SYN
Can also remember UDP connections

62
Stateful Packet Filter

Advantage Much stronger than packet filter
Disadvantage More work
Often implemented in custom hardware, so speeds
can be competitive
Still lacks a complete view

63
Proxy

Proxy --- acts on your behalf
Analogy
Student calls me at home late at night
My wife answers the phone
She tells me a student called
Me Tell that to get lost!
My wife Hes busy, can I take a msg?

64
Proxy

Another analogy
Telemarketer calls me at home
My wife answers the phone
She tells them to go away
without informing me of the call
My wife is acting as my proxy
Proxy firewall is similar

65
Proxy-Based Firewall

Proxy can look at complete picture
Everything packet filter sees
Everything stateful packet filter sees
Plus application level info --- can verify that
protocols are followed, data is free of malware,
etc., etc.
May cache info for efficiency

66
Proxy-Based Firewall

Advantage complete view
Disadvantage speed, computing power
May limit amount of traffic it can handle, more
expensive hardware, more complex, etc.

67
IPS

Intrusion Prevention System (IPS)
Similar to, but not quite a firewall
Analyze network traffic in real time
Attack signatures/suspicious behavior
Signatures/anomaly detection
Firewall does not do this
Can block suspicious communications

68
Best Firewall?

Try to get best from each technology

69
Data Link Layer

Not part of TCP/IP
But it is a source of attacks
Data Link Layer
Move packets across one hop, LAN to router,
router to router, etc.
Lives in Network Interface Card (NIC)
Ethernet, 802.11 (wireless), etc.

70
Ethernet

Ethernet is king of the Link Layer
Ethernet used on shared media
Resource contention
Media Access Control (MAC) addresses
48 bits, globally unique
Of form AABBCCDDEEFF (or . for )
IP address is like street address, MAC address
like social security number
Aside Why not use IP address for everything?

71
ARP

Address Resolution Protocol (ARP)
MAC address for LAN, IP address for network
ARP is used to find MAC address, given the IP
address
Broadcast IP address
Whoever has it, responds with MAC address
Response is cached (for efficiency)

72
ARP

ARP only applies on same LAN
ARP is stateless

73
Hubs and Switches

Both used on LAN
Hub is simple/dumb device
Broadcast to all interfaces
Simple, but wastes bandwidth
Switch is smarter
Only sends data to a specific interface
Reduces bandwidth usage

74
Hubs and Switches

Hub
Simple
Wasteful
Switch
Complex
Saves bandwidth

75
Switches

Switch stores MAC address locations
Content Addressable Memory (CAM)
Table determined automatically
At first switch acts like hub
Then looks at MAC addresses
Uses this info to fill in table
This all happens automatically

76
Switch
77
Wireless LAN

802.11 is king of WLAN
Wireless security is difficult
Often not secured, rogue access points,
LAN usually has little or no security
Maybe OK if physical access required
But WLAN changes all of that
WLAN is good news for Trudy and Eve

78
WLAN

Regular LAN attacks work on WLAN
Physical access not required!
Makes hackable network more so
Great news for Trudy and Eve!
Cell phones and other wireless technology promise
even more hacks

79
802.11

802.11 --- 1997 _at_ 2Mbps
802.11a --- 1999 _at_ 54Mbps
Not used much, since came out at same time as
802.11b, and 802.11b is cheaper
802.11b --- 1999 _at_ 11Mbps
Speed similar to traditional Ethernet
802.11g --- 2003 _at_ 54Mbps
Popular, combines best of 802.11a and 802.11b

80
802.11

802.11i --- 2004
Real security
Strong encryption (AES)
Strong key exchange (TKIP)
Much stronger than WEP
WEP swiss cheese of security protocols
WEP no integrity, poor encryption, etc.

81
WEP

According to Tanenbaum
The 802.11 standard prescribes a data link-level
security protocol called WEP (Wired Equivalent
Privacy), which is designed to make the security
of a wireless LAN as good as that of a wired LAN.
Since the default for a wired LAN is no security
at all, this goal is easy to achieve, and WEP
achieves it as we shall see.

82
Security on the Internet

TCP/IP provides no security
Must retrofit Internet for security
Application layer
PGP, S/MIME, SSH,
Socket layer
SSL/TLS (really part of application layer)
Network layer
IPSec

83
Application Layer Security

Pretty Good Privacy (PGP)
Developed by Phil Zimmerman
No backdoor?
We dont hire that kind of person
Secure/Multipurpose Internet Mail Extensions
(S/MIME)
Secure email
Secure Shell (SSH)
Secure tunnel for remote access

84
SSL

Secure Socket Layer (SSL)
Developed for Web, HTTP
Can be used anywhere
Elegant security protocol
Transport Layer Security (TLS)
Same, but incompatible

85
SSL

Authentication, confidentiality, integrity
You use SSL all the time
Whenever lock (or key) appears in browser
HTTPS HTTP with SSL
Secure transactions on Internet

86
SSL

Not quite the same as in CS166 or CS265

87
SSL
88
A Note on Notation

E(X,K) encrypt X with symmetric key K
Key is known to sender and receiver
And nobody else
XAlice encrypt X with Alices public key
Key know to everybody
Can only be decrypted with Alices private key
Alices private key known only to Alice

89
Notation

h(X) cryptographic hash function
Provides fingerprint of X
Compresses data
Certificate
Contains (at least) public key, name
Signed by a Certificate Authority (CA)
CA vouches that corresponding private key belongs
to name in certificate
Anyone can verify signature (public key)

90
Simple SSL-like Protocol
Id like to talk to you securely
Heres my certificate
KABBob
protected HTTP
Bob
Alice

Is Alice sure shes talking to Bob?
Is Bob sure hes talking to Alice?

91
Simplified SSL Protocol
Can we talk?, cipher list, RA
certificate, cipher, RB
SBob, E(h(msgs,CLNT,K),K)
h(msgs,SRVR,K)
Data protected with key K
Bob
Alice

S is pre-master secret
K h(S,RA,RB)
msgs all previous messages
CLNT and SRVR are constants

92
SSL Authentication

Alice authenticates Bob, not vice-versa
How does client authenticate server?
Why does server not authenticate client?
Mutual authentication is possible Bob sends
certificate request in message 2
This requires client to have certificate
If server wants to authenticate client, server
could instead require (encrypted) password

93
SSL MiM Attack
RA
RA
certificateT, RB
certificateB, RB
S1Trudy,E(X1,K1)
S2Bob,E(X2,K2)
h(Y1,K1)
h(Y2,K2)
Trudy
E(data,K1)
E(data,K2)
Alice
Bob

Q What prevents this MiM attack?
A Bobs certificate must be signed by a
certificate authority (such as Verisign)
What does browser do if signature not valid?
What does user do if signature is not valid?

94
SSL vs IPSec

IPSec ? discussed next
Lives at the network layer (part of the OS)
Has encryption, integrity, authentication, etc.
Is overly complex (including serious flaws)
SSL (and IEEE standard known as TLS)
Lives at socket layer (part of user space)
Has encryption, integrity, authentication, etc.
Has a simpler specification

95
SSL vs IPSec

IPSec implementation
Requires changes to OS, but no changes to
applications
SSL implementation
Requires changes to applications, but no changes
to OS
SSL built into Web application early on
(Netscape)
IPSec used in VPN applications (secure tunnel)
Reluctance to retrofit applications for SSL
Reluctance to use IPSec due to complexity and
interoperability issues
Result? Internet less secure than it should be!

96
IPSec
97
IPSec and SSL

IPSec lives at the network layer
IPSec is transparent to applications

User
SSL
OS
IPSec
NIC
98
IPSec and Complexity

IPSec is a complex protocol
Over-engineered
Lots of generally useless extra features
Flawed
Some significant security issues
Interoperability is serious challenge
Defeats the purpose of having a standard!
Complex
Did I mention, its complex?

99
IKE and ESP/AH

Two parts to IPSec
IKE Internet Key Exchange
Mutual authentication
Establish shared symmetric key
Two phases ? like SSL session/connection
ESP/AH
ESP Encapsulating Security Payload ? for
encryption and/or integrity of IP packets
AH Authentication Header ? integrity only

100
IKE
101
IKE

IKE has 2 phases
Phase 1 ? IKE security association (SA)
Phase 2 ? AH/ESP security association
Phase 1 is comparable to SSL session
Phase 2 is comparable to SSL connection
Not an obvious need for two phases in IKE
If multiple Phase 2s do not occur, then it is
more expensive to have two phases!

102
IKE Phase 1

Four different key options
Public key encryption (original version)
Public key encryption (improved version)
Public key signature
Symmetric key
For each of these, two different modes
Main mode
Aggressive mode
There are 8 versions of IKE Phase 1!
Evidence that IPSec is over-engineered?

103
IKE Phase 1

We discuss 1 of 8 phase 1 variants
Public key signatures
Both main and aggressive modes

104
IKE Phase 1

Uses ephemeral Diffie-Hellman to establish
session key
Provides perfect forward secrecy (PFS)
Let a be Alices Diffie-Hellman exponent
Let b be Bobs Diffie-Hellman exponent
Let g be generator and p prime
Recall that p and g are public

105
IKE Phase 1 Digital Signature (Main Mode)
IC, CP
IC,RC, CS
IC,RC, ga mod p, RA
IC,RC, gb mod p, RB
IC,RC, E(Alice, proofA, K)
Alice
Bob
IC,RC, E(Bob, proofB, K)

CP crypto proposed, CS crypto selected
IC initiator cookie, RC responder cookie
K h(IC,RC,gab mod p,RA,RB)
SKEYID h(RA, RB, gab mod p)
proofA h(SKEYID,ga,gb,IC,RC,CP,Alice)Alice

106
IKE Phase 1 Public Key Signature (Aggressive
Mode)
IC, Alice, ga mod p, RA, CP
IC,RC, Bob, RB, gb mod p, CS, proofB
IC,RC, proofA
Bob
Alice

Main difference from main mode
Not trying to protect identities
Cannot negotiate g or p

107
Main vs Aggressive Modes

Main mode MUST be implemented
Aggressive mode SHOULD be implemented
In other words, if aggressive mode is not
implemented, you should feel guilty about it
Might create interoperability issues
For public key signature authentication
Passive attacker knows identities of Alice and
Bob in aggressive mode
Active attacker can determine Alices and Bobs
identity in main mode

108
IPSec

After IKE Phase 1, we have an IKE SA
After IKE Phase 2, we have an IPSec SA
Both sides have a shared symmetric key
Now what?
We want to protect IP datagrams
But what is an IP datagram?
From the perspective of IPSec

109
IP Review

IP datagram is of the form

data
IP header

Where IP header is

110
IP and TCP

Consider HTTP traffic (over TCP)
IP encapsulates TCP
TCP encapsulates HTTP

data
IP header
IP header
TCP hdr
HTTP hdr
app data

IP data includes TCP header, etc.

111
AH vs ESP

AH
Authentication Header
Integrity only (no confidentiality)
Integrity-protect everything beyond IP header and
some fields of header (why not all fields?)
ESP
Encapsulating Security Payload
Integrity and confidentiality
Protects everything beyond IP header
Integrity-only by using NULL encryption

112
ESPs NULL Encryption

According to RFC 2410
NULL encryption is a block cipher the origins of
which appear to be lost in antiquity
Despite rumors, there is no evidence that NSA
suppressed publication of this algorithm
Evidence suggests it was developed in Roman times
as exportable version of Caesars cipher
Can make use of keys of varying length
No IV is required
Null(P,K) P for any P and any key K
Security people have a strange sense of humor!

113
Why Does AH Exist? (1)

Cannot encrypt IP header
Routers must look at the IP header
IP addresses, TTL, etc.
IP header exists to route packets!
AH protects immutable fields in IP header
Cannot integrity protect all header fields
TTL, for example, must change
ESP does not protect IP header at all

114
Why Does AH Exist? (2)

ESP encrypts everything beyond the IP header (if
non-null encryption)
If ESP encrypts, firewall cannot look at TCP
header (e.g., port numbers)
Why not use ESP with null encryption?
Firewall sees ESP header, but does not know
whether null encryption is used
End systems know, but not firewalls
Aside 1 Do firewalls reduce security?
Aside 2 Is IPSec compatible with NAT?

115
Why Does AH Exist? (3)

The real reason why AH exists
At one IETF meeting someone from Microsoft gave
an impassioned speech about how AH was useless
everyone in the room looked around and said
Hmm. Hes right, and we hate AH also, but if it
annoys Microsoft lets leave it in since we hate
Microsoft more than we hate AH.

116
IPSec

Will it save us?
According to the author No!
Even if universally implemented, many problems
remain
E.g., software (need I say more?)
But it is step in the right direction

117
Kerberos
118
Kerberos

In Greek mythology, Kerberos is 3-headed dog that
guards entrance to Hades
Wouldnt it make more sense to guard the exit?
In security, Kerberos is an authentication system
based on symmetric key crypto
Originated at MIT
Based on work by Needham and Schroeder
Relies on a trusted third party (TTP)

119
Motivation for Kerberos

Authentication using public keys
N users ? N key pairs
Authentication using symmetric keys
N users requires about N2 keys
Symmetric key case does not scale!
Kerberos based on symmetric keys but only
requires N keys for N users
But must rely on TTP
Advantage is that no PKI is required

120
Kerberos KDC

Kerberos Key Distribution Center or KDC
Acts as a TTP
TTP must not be compromised!
KDC shares symmetric key KA with Alice, key KB
with Bob, key KC with Carol, etc.
Master key KKDC known only to KDC
KDC enables authentication and session keys
Keys for confidentiality and integrity
In practice, the crypto algorithm used is DES

121
Kerberos Tickets