Network Security Essentials Chapter 5

Network Security Network Security

Essentials Essentials

Chapter 5 Chapter 5

Fourth Edition Fourth Edition by William Stallings by William Stallings

Lecture slides by Lawrie Brown

Lecture slides by Lawrie Brown

Chapter 5 – Chapter 5 –

Transport-Level Security Transport-Level Security

Use your mentality Use your mentality

Wake up to reality Wake up to reality

— — From the song, "I've Got You under My From the song, "I've Got You under My Skin“ by Cole Porter

Skin“ by Cole Porter

Web Security Web Security

 Web now widely used by business, Web now widely used by business, government, individuals

government, individuals

 but Internet & Web are vulnerable but Internet & Web are vulnerable

 have a variety of threats have a variety of threats



integrity integrity



confidentiality confidentiality



denial of service denial of service



authentication authentication

 need added security mechanisms need added security mechanisms

Web Traffic Security Web Traffic Security

Approaches

Approaches

SSL (Secure Socket Layer) SSL (Secure Socket Layer)

 transport layer security service transport layer security service

 originally developed by Netscape originally developed by Netscape

 version 3 designed with public input version 3 designed with public input

 subsequently became Internet standard subsequently became Internet standard known as TLS (Transport Layer Security) known as TLS (Transport Layer Security)

 uses TCP to provide a reliable end-to-end uses TCP to provide a reliable end-to-end service

service

 SSL has two layers of protocols SSL has two layers of protocols

SSL Architecture

SSL Architecture

SSL Architecture SSL Architecture

 SSL connection SSL connection



a transient, peer-to-peer, communications link a transient, peer-to-peer, communications link



associated with 1 SSL session associated with 1 SSL session

 SSL session SSL session



an association between client & server an association between client & server



created by the Handshake Protocol created by the Handshake Protocol



define a set of cryptographic parameters define a set of cryptographic parameters



may be shared by multiple SSL connections may be shared by multiple SSL connections

SSL Record Protocol SSL Record Protocol

Services Services

 confidentiality confidentiality



using symmetric encryption with a shared using symmetric encryption with a shared secret key defined by Handshake Protocol secret key defined by Handshake Protocol



AES, IDEA, RC2-40, DES-40, DES, 3DES, AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128

Fortezza, RC4-40, RC4-128



message is compressed before encryption message is compressed before encryption

 message integrity message integrity



using a MAC with shared secret key using a MAC with shared secret key



similar to HMAC but with different padding similar to HMAC but with different padding

SSL Record Protocol SSL Record Protocol

Operation

Operation

SSL Change Cipher Spec SSL Change Cipher Spec

Protocol Protocol

 one of 3 SSL specific protocols which use one of 3 SSL specific protocols which use the SSL Record protocol

the SSL Record protocol

 a single message a single message

 causes pending state to become current causes pending state to become current

 hence updating the cipher suite in use hence updating the cipher suite in use

SSL Alert Protocol SSL Alert Protocol



conveys SSL-related alerts to peer entity conveys SSL-related alerts to peer entity



severity severity

•

warning or fatal warning or fatal



specific alert specific alert

•

fatal: unexpected message, bad record mac, fatal: unexpected message, bad record mac,

decompression failure, handshake failure, illegal decompression failure, handshake failure, illegal parameter

parameter

•

warning: close notify, no certificate, bad certificate, warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked,

unsupported certificate, certificate revoked, certificate expired, certificate unknown

certificate expired, certificate unknown



compressed & encrypted like all SSL data compressed & encrypted like all SSL data

SSL Handshake Protocol SSL Handshake Protocol



allows server & client to: allows server & client to:



authenticate each other authenticate each other



to negotiate encryption & MAC algorithms to negotiate encryption & MAC algorithms



to negotiate cryptographic keys to be used to negotiate cryptographic keys to be used



comprises a series of messages in phases comprises a series of messages in phases

1.

1.

Establish Security Capabilities Establish Security Capabilities

2.2.

Server Authentication and Key Exchange Server Authentication and Key Exchange

3.3.

Client Authentication and Key Exchange Client Authentication and Key Exchange

4.

4.

Finish Finish

SSL SSL

Handshake Handshake

Protocol

Protocol

Cryptographic Computations Cryptographic Computations

 master secret creation master secret creation



a one-time 48-byte value a one-time 48-byte value



generated using secure key exchange (RSA / generated using secure key exchange (RSA / Diffie-Hellman) and then hashing info

Diffie-Hellman) and then hashing info

 generation of cryptographic parameters generation of cryptographic parameters



client write MAC secret, a server write MAC client write MAC secret, a server write MAC secret, a client write key, a server write key, a secret, a client write key, a server write key, a

client write IV, and a server write IV client write IV, and a server write IV



generated by hashing master secret generated by hashing master secret

TLS (Transport Layer TLS (Transport Layer

Security) Security)

 IETF standard RFC 2246 similar to SSLv3 IETF standard RFC 2246 similar to SSLv3

 with minor differences with minor differences



in record format version number in record format version number



uses HMAC for MAC uses HMAC for MAC



a pseudo-random function expands secrets a pseudo-random function expands secrets

•

based on HMAC using SHA-1 or MD5 based on HMAC using SHA-1 or MD5



has additional alert codes has additional alert codes



some changes in supported ciphers some changes in supported ciphers



changes in certificate types & negotiations changes in certificate types & negotiations



changes in crypto computations & padding changes in crypto computations & padding

HTTPS HTTPS

 HTTPS (HTTP over SSL) HTTPS (HTTP over SSL)



combination of HTTP & SSL/TLS to secure combination of HTTP & SSL/TLS to secure communications between browser & server communications between browser & server

•

documented in RFC2818 documented in RFC2818

•

no fundamental change using either SSL or TLS no fundamental change using either SSL or TLS

 use https:// URL rather than http:// use https:// URL rather than http://



and port 443 rather than 80 and port 443 rather than 80

 encrypts encrypts



URL, document contents, form data, cookies, URL, document contents, form data, cookies, HTTP headers

HTTP headers

HTTPS Use HTTPS Use

 connection initiation connection initiation



TLS handshake then HTTP request(s) TLS handshake then HTTP request(s)

 connection closure connection closure



have “Connection: close” in HTTP record have “Connection: close” in HTTP record



TLS level exchange close_notify alerts TLS level exchange close_notify alerts



can then close TCP connection can then close TCP connection



must handle TCP close before alert exchange must handle TCP close before alert exchange sent or completed

sent or completed

Secure Shell (SSH) Secure Shell (SSH)

 protocol for secure network communications protocol for secure network communications



designed to be simple & inexpensive designed to be simple & inexpensive

 SSH1 provided secure remote logon facility SSH1 provided secure remote logon facility



replace TELNET & other insecure schemes replace TELNET & other insecure schemes



also has more general client/server capability also has more general client/server capability

 SSH2 fixes a number of security flaws SSH2 fixes a number of security flaws

 documented in RFCs 4250 through 4254 documented in RFCs 4250 through 4254

 SSH clients & servers are widely available SSH clients & servers are widely available

 method of choice for remote login/ X tunnels method of choice for remote login/ X tunnels

SSH Protocol Stack

SSH Protocol Stack

SSH Transport Layer Protocol SSH Transport Layer Protocol

 server authentication occurs at transport server authentication occurs at transport layer, based on server/host key pair(s)

layer, based on server/host key pair(s)



server authentication requires clients to know server authentication requires clients to know host keys in advance

host keys in advance

 packet exchange packet exchange



establish TCP connection establish TCP connection



can then exchange data can then exchange data

•

identification string exchange, algorithm identification string exchange, algorithm

negotiation, key exchange, end of key exchange, negotiation, key exchange, end of key exchange, service request

service request



using specified packet format using specified packet format

SSH User Authentication SSH User Authentication

Protocol Protocol

 authenticates client to server authenticates client to server

 three message types: three message types:



SSH_MSG_USERAUTH_REQUEST SSH_MSG_USERAUTH_REQUEST



SSH_MSG_USERAUTH_FAILURE SSH_MSG_USERAUTH_FAILURE



SSH_MSG_USERAUTH_SUCCESS SSH_MSG_USERAUTH_SUCCESS

 authentication methods used authentication methods used



public-key, password, host-based public-key, password, host-based

SSH Connection Protocol SSH Connection Protocol



runs on SSH Transport Layer Protocol runs on SSH Transport Layer Protocol



assumes secure authentication connection assumes secure authentication connection



used for multiple logical channels used for multiple logical channels



SSH communications use separate channels SSH communications use separate channels



either side can open with unique id number either side can open with unique id number



flow controlled flow controlled



have three stages: have three stages:

• opening a channel, data transfer, closing a channelopening a channel, data transfer, closing a channel



four types: four types:

• session, x11, forwarded-tcpip, direct-tcpip.session, x11, forwarded-tcpip, direct-tcpip.

SSH SSH

Connection Connection

Protocol

Protocol

Exchange

Exchange

Port Forwarding Port Forwarding

 convert insecure TCP connection into a convert insecure TCP connection into a secure SSH connection

secure SSH connection



SSH Transport Layer Protocol establishes a SSH Transport Layer Protocol establishes a TCP connection between SSH client & server TCP connection between SSH client & server



client traffic redirected to local SSH, travels client traffic redirected to local SSH, travels via tunnel, then remote SSH delivers to server via tunnel, then remote SSH delivers to server

 supports two types of port forwarding supports two types of port forwarding



local forwarding – hijacks selected traffic local forwarding – hijacks selected traffic



remote forwarding – client acts for server remote forwarding – client acts for server

Summary Summary

 have considered: have considered:



need for web security need for web security



SSL/TLS transport layer security protocols SSL/TLS transport layer security protocols



HTTPS HTTPS



secure shell (SSH) secure shell (SSH)