BLM5102

Computer Systems and

Network Security

Prof. Dr. Hasan Hüseyin BALIK

(10th Week)
 Outline
• 4. Network Security
—4.1. Internet Security Protocols and Standards
—4.2. Internet Authentication Applications
—4.3 Wireless Network Security
4.1 Internet Security Protocols and
Standards
 4.1. Outline
• Secure Email and S/MIME
• DomainKeys Identified Mail
• Secure Sockets Layer (SSL) and Transport
Layer Security (TLS)
• HTTPS
• IPv4 and IPv6 Security
 MIME and S/MIME
MIME
• Extension to the old RFC
822 specification of an
Internet mail format
• RFC 822 defines a simple
heading with To, From,
Subject
• Assumes ASCII text format
• Provides a number of
new header fields that
define information about
the body of the message
S/MIME
• Secure/Multipurpose
Internet Mail Extension
• Security enhancement to
the MIME Internet
e-mail format
• Based on technology from
RSA Data Security
• Provides the ability to
sign and/or encrypt
e-mail messages
 S/MIME Functions
Signed and
Enveloped Clear-
Signed data enveloped
data signed data
data

Encrypted Cleartext Nesting of

Encoded
content message + signed
message +
and encoded and
signed
associated signed encrypted
digest
keys digest entities
 Receiver’s
public key

One-time
secret key
Sender’s Encrypt
private key (e.g., RSA)

Sign
M sg (e.g., RSA/ M sg Encrypt M sg
SHA-256) (e.g,
AES-128/
CBC
Sig Sig

(a) Sender signs, then encrypts message

Receiver’s
private key

Sender’s
Secret key public key
generated by
sender
Decrypt
(e.g., RSA)

Decrypt Verify
M sg M sg signature
(e.g,
AES-128/ (e.g., RSA/
CBC SHA-256)

Sig Sig

(b) Receiver decrypts message, then verifies sender’s signature

Figure 22.1 Simplified S/M I M E Functional Flow

Signed and Clear-Signed Data
• The preferred algorithms used for signing S/MIME
messages use either an RSA or a DSA signature of a SHA-
256 message hash
• The process works as follows:
• Take the message you want to send and map it into a fixed-length code of 256
bits using SHA-256
• The 256-bit message digest is unique for this message making it virtually
impossible for someone to alter this message or substitute another message
and still come up with the same digest
• S/MIME encrypts the digest using RSA and the sender’s private RSA key
• The result is the digital signature, which is attached to the message
• Now, anyone who gets the message can recompute the message digest then
decrypt the signature using RSA and the sender’s public RSA key
• Since this operation only involves encrypting and decrypting a 256-bit block,
it takes up little time
 Enveloped Data
• Default algorithms used for encrypting S/MIME
messages are AES and RSA
• S/MIME generates a pseudorandom secret key that is used to
encrypt the message using AES or some other conventional
encryption scheme
• A new pseudorandom key is generated for each new message
encryption
• This session key is bound to the message and transmitted with it
• The secret key is used as input to the public-key encryption
algorithm, RSA, which encrypts the key with the recipient’s public
RSA key
• On the receiving end, S/MIME uses the receiver's private RSA key to
recover the secret key, then uses the secret key and AES to recover
the plaintext message
• If encryption is used alone, radix-64 is used to convert the
ciphertext to ASCII format
 DomainKeys Identified
Mail (DKIM)
• Specification of cryptographically signing e-mail
messages permitting a signing domain to claim
responsibility for a message in the mail stream
• Proposed Internet Standard (RFC 4871:
DomainKeys Identified Mail (DKIM) Signatures)
• Has been widely adopted by
a range of e-mail providers
M essage transfer M essage transfer M essage transfer
agent (M TA) agent (M TA) agent (M TA)
SM TP SM TP

SM TP (SM TP,
local)

M ail submission M ail delivery

agent (M SA) M ESSAGE HANDLI NG agent (M DA)
SYSTEM (M HS)

ESM TP ESM TP
(Submission) (Submission)
M essage user M essage store
agent (M UA) (M S)

(I M AP, POP,
local)

M essage user
M essage agent (M UA)
author

M essage
recipient

Figure 22.2 Function M odules and Standardized Protocols

Used Between Them in the I nternet M ail Architecture
 SMTP

MTA

MTA
SMTP
SMTP

DNS Public key query/response

MDA
MSA

DNS
Signer Verifier

POP, IMAP
SMTP

MUA

MUA

Mail origination Mail delivery

network network

DNS = domain name system

MDA = mail delivery agent
MSA = mail submission agent
MTA = message transfer agent
MUA = message user agent

Figure 22.3 Simple Example of DKIM Deployment

Secure Sockets Layer (SSL) and
Transport Layer Security (TLS)
• One of the most widely Two
used security services implementation
• General-purpose service
choices:
implemented as a set of
protocols that rely on Provided as part
TCP of the underlying
protocol suite
• Subsequently became
Internet standard
RFC4346: Transport Embedded in
Layer Security (TLS) specific packages
 Change
Handshake Alert Heartbeat
Cipher Spec HTTP
Protocol Protocol Protocol
Protocol

Record Protocol

TCP

IP

Figure 22.4 SSL/TLS Protocol Stack

 TLS Concepts
TLS Session TLS Connection
• An association between a • A transport (in the OSI
client and a server layering model
• Created by the definition) that provides
Handshake Protocol a suitable type of service
• Define a set of • Peer-to-peer relationships
cryptographic security
parameters • Transient

• Used to avoid the • Every connection is

expensive negotiation of associated with one
new security parameters session
for each connection
Application Data

Fragment

Compress

Add MAC

Encrypt

Append SSL
Record Header

Figure 22.5 TLS Record Protocol Operation

Change Cipher Spec Protocol
• One of four TLS specific protocols that use the TLS
Record Protocol
• Is the simplest
• Consists of a single message which consists of a single
byte with the value 1
• Sole purpose of this message is to cause pending state to
be copied into the current state
• Hence updating the cipher suite in use
 Alert Protocol
Alert messages are
Conveys TLS-related
compressed and
alerts to peer entity
encrypted

If the level is fatal, TSL

immediately terminates
the connection

First byte takes the

value warning (1) or
fatal (2) to convey the Other connections on
severity of the message the same session may
Each message consists continue, but no new
of two bytes: connections on this
Second byte contains a session may be
code that indicates the established
specific alert
 Handshake Protocol
• Most complex part of TLS
• Is used before any application data are transmitted
• Allows server and client to:

Negotiate Negotiate
Authenticate encryption and cryptographic
each other MAC keys to be
algorithms used

• Comprises a series of messages exchanged by client and

server
• Exchange has four phases
 Client Server
client_h
ello Phase 1
Establish security capabilities, including
protocol version, session ID, cipher suite,
hello
server_ compression method, and initial random
numbers.

ate
certific
ge
key _exchan
server_ Phase 2
Server may send certificate, key exchange,
te_req uest and request certificate. Server signals end
certifica of hello message phase.
e
he llo_don
server_
Time

certifica
te
client_k Phase 3
e y_ e xc h
an ge Client sends certificate if requested. Client
sends key exchange. Client may send
certifica certificate verification.
te_verif
y

change_
cipher_
spec
finished
Phase 4
Change cipher suite and finish
spec
cipher_ handshake protocol.
change_

finished

Note: Shaded transfers are

optional or situation-dependent
messages that are not always sent.

Figure 22.6 Handshake Protocol Action

 Heartbeat Protocol
• A periodic signal generated by hardware or software to
indicate normal operation or to synchronize other parts of a
system
• Typically used to monitor the availability of a protocol entity
• Defined in 2012 in RFC 6250
• Runs on top of the TLS Record Protocol
• Use is established during Phase 1 of the Handshake Protocol
• Each peer indicates whether it supports heartbeats
• Serves two purposes:
• Assures the sender that the recipient is still alive
• Generates activity across the connection during idle periods
 SSL/TLS Attacks
Attacks on the record
Attacks on the
and application data
Handshake Protocol
protocols

Four general
categories:

Attacks on the PKI Other attacks

 HTTPS
(HTTP over SSL)
• Combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server
• Built into all modern Web browsers
• Search engines do not support HTTPS
• URL addresses begin with https://

• Documented in RFC 2818, HTTP Over TLS

• Agent acting as the HTTP client also acts as the TLS client
• Closure of an HTTPS connection requires that TLS close the
connection with the peer TLS entity on the remote side, which
will involve closing the underlying TCP connection
 IP Security (IPsec)
• Various application security mechanisms
• S/MIME, Kerberos, SSL/HTTPS
•Security concerns cross protocol layers
• Would like security implemented by the
network for all applications
• Authentication and encryption security
features included in next-generation IPv6
• Also usable in existing IPv4
 Benefits of IPsec
• When implemented in a firewall or router, it
provides strong security to all traffic crossing the
perimeter
• In a firewall it is resistant to bypass
• Below transport layer, hence transparent to
applications
• Can be transparent to end users
• Can provide security for individual users
• Secures routing architecture
Provides two main
functions: The Scope of IPsec VPNs want
• A combined
authentication/encryption both
function called
authentication
Encapsulating Security
Payload (ESP) and
• Key exchange function encryption

Also an Specification is
authentication-only quite complex
function, • Numerous RFC’s
implemented using 2401/4302/
an Authentication 4303/4306

Header (AH)
• Because message
authentication is provided
by ESP, the use of AH is
included in IPsecv3 for
backward compatibility
but should not be used in
new applications
 Security Associations
• A one-way relationship
between sender and Defined by 3
receiver that affords
security for traffic flow parameters:
• If a peer relationship is Security Parameter Index
needed for two-way secure
exchange then two security (SPI)
associations are required
• Is uniquely identified by IP Destination Address
the Destination Address in
the IPv4 or IPv6 header
and the SPI in the enclosed Protocol Identifier
extension header (AH or
ESP)
 Bit: 0 16 24 31

Security Parameters Index (SPI)

Sequence Number
Authentication Coverage
Confidentiality Coverage

Payload Data (variable)

Padding (0 - 255 bytes)

Pad Length Next Header

Authentication Data (variable)

Figure 22.8 IPSec ESP Format

Transport and Tunnel Modes
Transport Mode
• Extends to the payload of an IP
packet
• Typically used for end-to-end
communication between two
hosts
• ESP encrypts and optionally
authenticates the IP payload
but not the IP header
Tunnel Mode
• Provides protection to the entire
IP packet
• The entire original packet
travels through a tunnel from
one point of an IP network to
another
• Used when one or both ends of
a security association are a
security gateway
• A number of hosts on networks
behind firewalls may engage in
secure communications without
implementing IPsec