Computer Security: Principles and Practice

1
Computer Security Principles and Practice
Chapter 21 Internet Security Protocols and
Standards

• First Edition
• by William Stallings and Lawrie Brown
• Lecture slides by Lawrie Brown

2
Objectives

• The student should be able to
• Define VPN, intranet VPN, extranet VPN, tunnel.
• Describe the advantages of link versus end-to-end
  encryption.
• Define the protection provided by SSL, TLS,
  IPsec.
• Show where the following protocols exist in the
  protocol stack, and describe which applications
  they can be used with SSL, TLS, IPSec, S-MIME.
• Show a diagram of what happens to a packet during
  Tunnel versus Transport mode concerning the
  packet format.
• Describe the difference between IPSecs
  Authentication Header and Encapsulated Security
  Payload protocols.

3
Internet Security Protocols and Standards

• Secure Sockets Layer (SSL) / Transport Layer
  Security (TLS)
• IPv4 and IPv6 Security
• S/MIME (Secure/Multipurpose Internet Mail
  Extension)

4
VPNs

• Virtual Private Network (VPN) A means of
  carrying private traffic over a public network
• Uses link encryption to give users sense that
  they are operating on a private network when they
  are actually transmitting over a public network
• Communications pass through an encrypted tunnel
• Intranet VPN Connects two or more private
  networks within the same company
• Extranet VPN Connects two or more private
  networks between different companies
• E.g., B2B or business-to-business communication.
• Remote Access VPN A roaming user has access to
  a private network via wireless, hotel room, etc.

5
Encryption Types
Source
Destination
Router
6
Importance of Encryption Location MAC
A
P
L
I
C
A
P
L
I
C
TCP
TCP
IP
IP
IP
LLC MAC
LLC MAC
LLC MAC
LLC MAC
Physical
Physical
Physical
Physical
Wireless
Wired
MAC LLC IP TCP App - Data CRC
7
Importance of Encryption Location IP
A
P
L
I
C
A
P
L
I
C
VPN Router/Firewall may unencrypt
TCP
TCP
IPSEC/ IP
IP
IPSEC/ IP
LLC MAC
LLC MAC
LLC MAC
LLC MAC
Physical
Physical
Physical
Physical
MAC LLC IP TCP App - Data CRC
8
Importance of Encryption Location App.
HTTPS
HTTPS
HTTP
HTTP
A
P
L
I
C
A
P
L
I
C
TCP
TCP
IP
IP
IP
LLC MAC
LLC MAC
LLC MAC
LLC MAC
Physical
Physical
Physical
Physical
MAC LLC IP TCP App - Data CRC
9
Link versus End-to-EndEncryption
Use when LINK is vulnerable Packet sniffers eavesdroppers Use when Intermediate nodes may be compromised
Link-Specific All packets transmitted on the single link are encrypted Connection-Specific A connection is encrypted across all its links
Encrypted for all protocol layers (at or above encryption layer) Encrypted for upper layer protocols only
Intermediate nodes decrypt Intermediate nodes cannot decrypt
Provides node authentication Provides user authentication
Transparent to user One key per link Not user-transparent One key per connection
One algorithm for all users User selects encryption algorithm
Encryption done in hardware Encryption done in hardware or software
Virtual Private Network (VPN) IP Security (IPsec) Secure Shell (SSH) Secure Socket Layer (SSL)
10
Encryption Protocols
HTTP FTP SMTP
TCP or UDP TCP or UDP TCP or UDP
IPSec IP IPSec IP IPSec IP
HTTP HTTP
SSL or TLS HTTP
TCP TCP
IP IP
HTTPS
VPN
11
Secure Sockets Layer (SSL)

• transport layer security service
• originally developed by Netscape
• version 3 designed with public input
• subsequently became Internet standard RFC2246
  Transport Layer Security (TLS)
• use TCP to provide a reliable end-to-end service
• may be provided in underlying protocol suite
• or embedded in specific packages
• SSL HTTP used together HTTPS

HTTP
SSL or TLS
TCP
IP
12
SSL Protocol Stack

• Record Fragmentation, compression, MAC,
  encryption
• Handshake Setup Negotiation of security
• Alert Notifications of warnings or serious
  problems
• Change Cipher Spec Change state to active

13
SSL Record Protocol Services

• message integrity
• using a MAC with shared secret key
• similar to HMAC but with different padding
• confidentiality
• using symmetric encryption with a shared secret
  key defined by Handshake Protocol
• AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza,
  RC4-40, RC4-128
• message is compressed before encryption

14
SSL Record Protocol Operation
15
SSL Change Cipher Spec Protocol

• one of 3 SSL specific protocols which use the SSL
  Record protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use

16
SSL Alert Protocol

• conveys SSL-related alerts to peer entity
• severity
• warning or fatal
• specific alert
• fatal unexpected message, bad record mac,
  decompression failure, handshake failure, illegal
  parameter
• warning close notify, no certificate, bad
  certificate, unsupported certificate, certificate
  revoked, certificate expired, certificate unknown
• compressed encrypted like all SSL data

17
SSL Handshake Protocol

• allows server client to
• authenticate each other
• to negotiate encryption MAC algorithms
• to negotiate cryptographic keys to be used
• comprises a series of messages in phases
• Establish Security Capabilities
• Server Authentication and Key Exchange
• Client Authentication and Key Exchange
• Finish

18
SSL Handshake Protocol First 3 phases
Handshake ProtocolPhase 4 Change Cipher Spec
19
Public Key Infrastructure (PKI)
7. Tom confirms Sues DS
5. Tom requests Sues DC ? 6. CA sends Sues DC ?
Tom
Digital Certificate User Sue Public Key 2456
4. Sue sends Tom message signed with Digital
Signature
Certificate Authority (CA)
3. Send approved Digital Certificates
1. Sue registers with CA through RA
2. Registration Authority (RA) verifies owners
Sue
Register(Owner, Public Key)
20
IP Security

• various application security mechanisms exist
• eg. S/MIME, PGP, Kerberos, SSL/HTTPS
• security concerns cross protocol layers
• hence would like security implemented by the
  network for all applications
• authentication encryption security features
  included in next-generation IPv6
• also usable in existing IPv4

21
IPSec

• general IP Security mechanisms
• provides
• authentication
• confidentiality
• key management
• applicable to use over LANs, across public
  private WANs, for the Internet

22
IPSec Uses
23
Tunnel vs. Transport Mode

24
Benefits of IPSec

• in a firewall/router provides strong security to
  all traffic crossing the perimeter
• in a firewall/router is resistant to bypass
• is below transport layer, hence transparent to
  applications
• can be transparent to end users
• can provide security for individual users
• secures routing architecture

25
IP Security Architecture

• mandatory in IPv6, optional in IPv4
• have two security header extensions
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
• Key Exchange function
• VPNs want both authentication/encryption
• hence usually use ESP
• specification is quite complex
• numerous RFCs 2401/2402/2406/2408

26
Two Modes (From Network Security Essentials 2nd
Ed., W. Stallings, Prentice Hall)
Authentication Header (AH) Encapsulated Security Payload
Authentication Header (AH) (ESP encryption authentication)
Access control X X
Connectionless integrity X X (AH opt.)
Data Origin Authentication X X (AH opt.)
Rejection of Replayed Packets X X
Confidentiality X
Limited Traffic Flow Confidentiality X
27
Security Associations

• a one-way relationship between sender receiver
  that affords security for traffic flow
• defined by 3 parameters
• Security Parameters Index (SPI) SA
• IP Destination Address Unicast
• Security Protocol Identifier AH or EH
• has a number of other parameters
• seq no, AH EH info, lifetime etc
• have a database of Security Associations
• Holds data for each SA

28
Authentication Header (AH)

• provides support for data integrity
  authentication of IP packets
• end system/router can authenticate user/app
• prevents address spoofing attacks by tracking
  sequence numbers
• based on use of a MAC
• HMAC-MD5-96 or HMAC-SHA-1-96
• parties must share a secret key

29
Authentication Header
SPI Security Association Authentication Data
Message Authentication Code
30
Encapsulating Security Payload (ESP)
31
Key Management

• handles key generation distribution
• typically need 2 pairs of keys
• 2 per direction for AH ESP
• manual key management
• sysadmin manually configures every system
• automated key management
• automated system for on demand creation of keys
  for SAs in large systems
• has Oakley ISAKMP elements

32
S/MIME (Secure/Multipurpose Internet Mail
Extensions)

• security enhancement to MIME email
• original Internet RFC822 email was text only
• MIME provided support for varying content types
  and multi-part messages
• with encoding of binary data to textual form
• S/MIME added security enhancements
• have S/MIME support in many mail agents
• eg MS Outlook, Mozilla, Mac Mail etc

33
S/MIME Process
34
S/MIME Cryptographic Algorithms

• digital signatures DSS RSA
• hash functions SHA-1 MD5
• session key encryption ElGamal RSA
• message encryption AES, 3DES, etc
• MAC HMAC with SHA-1
• must map binary values to printable ASCII
• use radix-64 or base64 mapping

35
S/MIME Public Key Certificates

• S/MIME has effective encryption and signature
  services
• but also need to manage public-keys
• S/MIME uses X.509 v3 certificates
• each client has a list of trusted CAs certs
• and own public/private key pairs certs
• certificates must be signed by trusted CAs

36
Summary

• Secure Sockets Layer (SSL) / Transport Layer
  Security (TLS)
• IPsec IPv4 and IPv6 Security
• S/MIME (Secure/Multipurpose Internet Mail
  Extension)