IA Notes
IA Notes
12/21/2018 CS 311_2018-19 1
Building Blocks for Network Security
• Encryption and authentication algorithms are
building blocks of secure network protocols
• Deploying cryptographic algorithms at
different layers have different security effects
• Where should we put the security protocol in
the network architecture?
12/21/2018 CS 311_2018-19 2
Security Protocols in the TCP/IP
Model
TCP/IP Security Protocol
Layer
Application PGP, S/MIME, PEM, S-HTTP, HTTPS, SET,
KERBEROS
Transport SSL and TLS
Network IPSec and VPN
Data Link PPP, RADIUS, TACACS+
12/21/2018 CS 311_2018-19 3
What Are the Pros and Cons?
• Application Layer
– Provides end-to-end security protection
– No need to decrypt data or check for signatures
– Attackers may analyze traffic and modify
headers
• Transport Layer
– Provides security protections for TCP packets
– No need to modify any application programs
– Attackers may analyze traffic via IP headers
12/21/2018 CS 311_2018-19 4
What Are the Pros and Cons? ...
• Network Layer
– Provides link-to-link security protection
• Transport mode: Encrypt payload only
• Tunnel mode: Encrypt both header & payload; need a
gateway
– No need to modify any application programs
• Data-link Layer
– Provides security protections for frames
– No need to modify any application programs
– Traffic analysis would not yield much info
12/21/2018 CS 311_2018-19 5
PGP (Pretty Good Privacy)
• Implements all major cryptographic
algorithms, the ZIP compression algorithms,
and the Base64 encoding algorithm
• Can be used to authenticate or encrypt a
message, or both
• General format:
– Authentication
– ZIP compression
– Encryption
– Base64 encoding (for SMTP transmission)
12/21/2018 CS 311_2018-19 6
Why is PGP popular?
• It is available free on a variety of platforms
including Windows, UNIX and Macintosh.
• Based on well known algorithms such as RSA and
Diffie-Hellman Key Exchange.
• Wide range of applicability
• Not developed or controlled by governmental or
standards organizations
12/21/2018 CS 311_2018-19 7
PGP services
Services for Messages Algorithm used
Authentication (Digital DSS/SHA or RSA/SHA
Signature)
Confidentiality (Message CAST or IDEA or Three Key Triple DES
encryption) with Diffie Hellman or RSA
compression ZIP
e-mail compatibility Radix 64 Conversion
segmentation and
reassembly
Services for Key management:
•Generation, distribution, and revocation of public/private keys
•Generation and transport of session keys and IVs
12/21/2018 CS 311_2018-19 8
S/MIME (Secure Multipurpose Internet Mail
Extension)
• Created to deal with short comings of PGP
– Support for multiple formats in a message, not just ASCII
text
– Support for IMAP (Internet Mail Access Protocol)
– Support for multimedia
• Similar to PGP, can also do authentication, encryption, or
both
• Use X.509 PKI and public-key certificates
• Also support standard symmetric-key encryption, public-
key encryption, digital signature algorithms, hash functions,
and compression functions
12/21/2018 CS 311_2018-19 9
S/MIME Functions
• S/MIME content-types support four new functions:
• Enveloped data: This consists of encrypted content of any type and
encrypted-content encryption keys for one or more recipients.
• Signed data: A digital signature is formed by taking the message digest
of the content to be signed and then encrypting that with the private key
of the signer. The content plus signature are then encoded using base64
encoding. A signed data message can only be viewed by a recipient with
S/MIME capability.
• Clear-signed data: As with signed data, a digital signature of the content
is formed. However, in this case, only the digital signature is encoded
using base64. As a result, recipients without S/MIME capability can view
the message content, although they cannot verify the signature.
• Signed and enveloped data: Signed-only and encrypted-only entities
may be nested, so that encrypted data may be signed and signed data or
clear-signed data may be encrypted.
12/21/2018 CS 311_2018-19 10
S/MIME Cryptographic Algorithms
• Default algorithms used for signing messages are
Digital Signature Standard (DSS) and SHA-1
• RSA public-key encryption algorithm can be used
with SHA-1 or the MD5 message digest algorithm
for forming signatures
• Radix-64 or base64 mapping is used to map the
signature and message into printable ASCII
characters
12/21/2018 CS 311_2018-19 11
S/MIME Public Key Certificates
• Default algorithms used for encrypting S/MIME
message are 3DES and EI-Gamal
– EI-Gamal is based on the Diffie-Hellman public-key
exchange algorithm
• If encryption is used alone radix-64 is used to
convert the ciphertext to ASCII format
• Basic tool that permits widespread use of S/MIME is
the public-key certificate
– S/MIME uses certificates that conform to the
international standard X.509v3
12/21/2018 CS 311_2018-19 12
PEM (Privacy-Enhanced Mail )
• A draft Internet Standard (1993).
• Used with SMTP.
• Implemented at application layer.
• Provides:
– Disclosure protection
– Originator authenticity
– Message integrity
12/21/2018 CS 311_2018-19 13
Summary of PEM Services
Function Algorithms used Description
Message DES A message is encrypted
Encryption using using DES-CBC. The session
RSA key is encrypted with the
recipient’s public key.
Authentication RSA with MD2 A hash code of a message is
and Digital or MD5 created using MD2 or MD5.
signature This is encrypted using RSA
(asymmetric with the sender’s private
encryption) key.
E-mail Radix 64 To provide transparency for
compatibility conversion e-mail applications.
12/21/2018 CS 311_2018-19 14
Secure-HTTP (S-HTTP)
• Secure HTTP (S-HTTP) extends the Hypertext
Transfer Protocol (HTTP).
• When HTTP was developed, it was developed for a
Web that was simple, that did not have dynamic
graphics, that did not require, at that time, hard
encryption for end-to-end transactions.
• As the Web became popular for businesses users
realized that current HTTP protocols needed more
cryptographic and graphic improvements if it were
to remain in the e-commerce backbone.
12/21/2018 CS 311_2018-19 15
Secure-HTTP (S-HTTP) …
• Each S-HTTP file is either encrypted, contains a digital
certificate, or both.
• S-HTTP design provides for secure communications,
primarily commercial transactions, between a HTTP client
and a server.
• It does this through a wide variety of mechanisms to
provide for confidentiality, authentication, and integrity
while separating policy from mechanism.
• HTTP messages contain two parts: the header and the body
of the message. The header contains instructions to the
recipients (browser and server) on how to process the
message’s body
12/21/2018 CS 311_2018-19 16
Secure-HTTP (S-HTTP) …
• During the transfer transaction, both the client
browser and the server, use the information
contained in the HTTP header to negotiate formats
they will use to transfer the requested information.
• The S-HTTP protocol extends this negotiation
between the client browser and the server to
include the negotiation for security matters. Hence
S-HTTP uses additional headers for message
encryption, digital certificates and authentication in
the HTTP format which contains additional
instructions on how to decrypt the message body.
12/21/2018 CS 311_2018-19 17
Hypertext Transfer Protocol over Secure
Socket Layer (HTTPS)
• HTTPS is the use of Secure Sockets Layer (SSL) as a
sub-layer under the regular HTTP in the application
layer. It is also referred to as Hypertext Transfer
Protocol over Secure Socket Layer (HTTPS) or HTTP
over SSL, in short.
• HTTPS is a Web protocol developed by Netscape,
and it is built into its browser to encrypt and
decrypt user page requests as well as the pages that
are returned by the Web server. HTTPS uses port
443 instead of HTTP port 80 in its interactions with
the lower layer, TCP/IP
12/21/2018 CS 311_2018-19 18
Secure Electronic Transactions (SET)
• SET is a cryptographic protocol developed by a group of
companies that included Visa, Microsoft, IBM, RSA,
Netscape, MasterCard and others.
• It is a highly specialized system with complex specifications
contained in three books with book one dealing with the
business description, book two a programmer’s guide, and
book three giving the formal protocol description.
• For each transaction, SET provides the following services:
authentication, confidentiality, message integrity, and
linkage.
• SET uses public key encryption and signed certificates to
establish the identity of every one involved in the
transaction and to allow every correspondence between
them to be private.
12/21/2018 CS 311_2018-19 19
Kerberos Basics
• Goals:
– Authenticate users on a local-area network without PKI
– Allow users to access to services without re-entering
password for each service
• It uses symmetric-key encryption and electronic
passes called tickets
• It uses two different types of tickets:
– TGS-ticket: issued to the user by AS
– V-ticket (server ticket): issued to the user by TGS
12/21/2018 CS 311_2018-19 20
Kerberos Servers
• Requires two special servers to issue tickets to
users:
– AS: Authentication Server. AS manages users and user
authentication
– TGS: Ticket Granting Server. TGS manages servers
• Two Kerberos Protocols (single network vs. multiple)
– Single-Realm Kerberos
– Multi-Realm Kerberos
12/21/2018 CS 311_2018-19 21
Overview of SSH
• SSH: Secure Shell
• Used to replace non-secure login utilities such as
RCP, FTP, RSH, Telnet, rlogin
• Creates a secure connection between two
computers using authentication and encryption
algorithms
• Supports data compression
• Provides security protection for file transfers (SFTP)
and file copy (SCP)
• SSH protocol is broken up into 3 components
12/21/2018 CS 311_2018-19 22
3 Layers of SSH
• SSH Connection:
SSH Connection – Sets up multiple channels for
Application
different applications in a
SSH User Authentication
Layer single SSH connection
SSH Transport • SSH User Authentication:
– Authenticate user to server
TCP
– Using password or PKC
IP • SSH Transport
– Handles initial setup: server
Data Link
authentication, and key
Physical exchange
– Set up encryption and
SSH architecture compression algorithms
12/21/2018 CS 311_2018-19 23
Drawbacks of SSH
• Drawbacks
– no authentication
– verification of public keys is external
12/21/2018 CS 311_2018-19 24
SSL/TLS
• Secure Socket Layer Protocol (SSL)
– Designed by Netscape in 1994
– To protect WWW applications and electronic
transactions
– Transport layer security protocol (TLS)
• A revised version of SSLv3
– Two major components:
• Record protocol, on top of transport-layer protocols
• Handshake protocol, change-cipher-spec protocol,
and alert protocol; they reside between application-
layer protocols and the record protocol
12/21/2018 CS 311_2018-19 25
SSL Protocol Stack
12/21/2018 CS 311_2018-19 26
SSL Protocol Stack …
• SSL is designed to make use of TCP to provide a reliable
end-to-end secure service. SSL is not a single protocol
but rather two layers of protocols.
• The SSL Record Protocol provides basic security services
to various higher-layer protocols. In particular, the
Hypertext Transfer Protocol (HTTP), which provides the
transfer service for Web client/server interaction, can
operate on top of SSL. Three higher-layer protocols are
defined as part of SSL: the Handshake Protocol, the
Change Cipher Spec Protocol, and the Alert Protocol.
These SSL specific protocols are used in the
management of SSL exchanges.
12/21/2018 CS 311_2018-19 27
SSL Protocol Stack …
• Two important SSL concepts are the SSL session and the SSL
connection, which are defined in the specification as follows:
Connection: A connection is a transport (in the OSI layering
model definition) that provides a suitable type of service. For
SSL, such connections are peer-to- peer relationships. The
connections are transient. Every connection is associated with
one session.
Session: An SSL session is an association between a client
and a server. Sessions are created by the Handshake Protocol.
Sessions define a set of cryptographic security parameters,
which can be shared among multiple connections. Sessions
are used to avoid the expensive negotiation of new security
parameters for each connection.
Between any pair of parties (applications such as HTTP on
client and server), there may be multiple secure connections.
In theory, there may also be multiple simultaneous sessions
between parties, but this feature is not used in practice.
12/21/2018 CS 311_2018-19 28
SSL Handshake Protocol
• Allows the client and the server to negotiate and
select cryptographic algorithms and to exchange
keys
• Allows authentication to each other
• Four phases:
– Select cryptographic algorithms
• Client Hello Message
• Server Hello Message
– Authenticate Server and Exchange Key
– Authenticate Client and Exchange Key
– Complete Handshake
12/21/2018 CS 311_2018-19 29
Drawbacks of SSL
• Drawbacks
– only one authentication, at the beginning of the session
– certificates are not required for the client
– there is no signature after the initial handshake
12/21/2018 CS 311_2018-19 30
SSL vs SSH
• Differences
– SSL is text-oriented, SSH is file-oriented
– SSL negociates and encrypts, SSH allow a distant access
and a distant file transfer
– SSL is based on PKI, SSH allows several authentication
schemes
12/21/2018 CS 311_2018-19 31
IPsec: Network-Layer Protocol
• IPsec encrypts and/or authenticates IP packets
• It consists of three protocols:
– Authentication header (AH)
• To authenticate the origin of the IP packet and ensure its
integrity
• To detect message replays using sliding window
– Encapsulating security payload (ESP)
• Encrypt and/or authenticate IP packets
– Internet key exchange (IKE)
• Establish secret keys for the sender and the receiver
• Runs in one of two modes:
– Transport Mode
– Tunnel Mode (requires gateway)
12/21/2018 CS 311_2018-19 32
IPsec Security Associations
Alice Bob
SA
12/21/2018 CS 311_2018-19 34
Security Policy Database (SPD)
• Policy: For a given datagram, sending entity
needs to know if it should use IPsec.
• Needs also to know which SA to use
– May use: source and destination IP address;
protocol number.
• Info in SPD indicates “what” to do with
arriving datagram;
• Info in the SAD indicates “how” to do it.
12/21/2018 CS 311_2018-19 35
IPsec Packet Layout
12/21/2018 CS 311_2018-19 36
Key Determination and Distribution
• Oakley key determination protocol (KDP)
– Diffie-Hellman Key Exchange
+ authentication & cookies
– Authentication helps resist man-in-the-middle
attacks
– Cookies help resist clogging attacks
12/21/2018 CS 311_2018-19 37
Clogging Attacks
• A form of denial of service attacks
• Attacker sends a large number of public key Yi in crafted IP
packets, forcing the victim’s computer to compute secret
keys Ki = YiX mod p over and over again
– Diffie-Hellman is computationally intensive because of modular
exponentiations
• Cookies help
– Before doing computation, recipient sends a cookie (a random
number) back to source and waits for a confirmation including
that cookie
– This prevents attackers from making DH requests using crafted
packets with crafted source addresses
12/21/2018 CS 311_2018-19 38
ISAKMP
• ISAKMP: Internet Security Association
and Key Management Protocol
– Specifies key exchange formats
– Each type of payload has the same form of a payload
header
12/21/2018 CS 311_2018-19 39
SSL vs IPSec
• Advantages
– SSL does not require a modification of the TCP/IP stack
– SSL supports NAT
– SSL can go through firewalls and proxys easily
12/21/2018 CS 311_2018-19 40
Virtual Private Networks (VPN)
• A VPN is a private data network that makes use of the
public telecommunication infrastructure, such as the
Internet, by adding security procedures over the
unsecure communication channels.
• The security procedures that involve encryption are
achieved through the use of a tunneling protocol.
• There are two types of VPNs: remote access which lets
single users connect to the protected company
network and site-to-site which supports connections
between two protected company networks.
• In either mode, VPN technology gives a company the
facilities of expensive private leased lines at much
lower cost by using the shared public infrastructure like
the Internet.
12/21/2018 CS 311_2018-19 41
Components of a VPN
• Two terminators which are either software or
hardware. These perform encryption, decryption
and authentication services. They also
encapsulate the information.
• A tunnel – connecting the end-points. The tunnel
is a secure communication link between the end-
points and networks such as the Internet. In fact
this tunnel is virtually created by the end-points.
12/21/2018 CS 311_2018-19 42
Four Protocols used in VPN
• PPTP -- Point-to-Point Tunneling Protocol
• L2TP -- Layer 2 Tunneling Protocol
• IPsec -- Internet Protocol Security
• SOCKS – is not used as much as the ones
above
12/21/2018 CS 311_2018-19 43
Four Critical Functions of VPN
• Authentication – validates that the data was sent
from the sender.
• Access control – limiting unauthorized users from
accessing the network.
• Confidentiality – preventing the data to be read
or copied as the data is being transported.
• Data Integrity – ensuring that the data has not
been altered
12/21/2018 CS 311_2018-19 44
Benefits of VPN
• VPN is a popular, cost-effective way to securely
connect offices, remote workers, and mobile
workers with the corporate network. It provides
many benefits for a company including:
– Security – e.g., all data is encrypted
– Scalability – A VPN can easily grow to accommodate
more users and different locations as long as the
Internet access is available without adding
significant infrastructure.
– Flexibility – VPN allows a company to keep its
employees and partners securely connected to
central network resources no matter where they
are.
– Cost Effectiveness- VPN helps to reduce
connectivity charges and operational costs due to
the sharing of Internet infrastructure.
12/21/2018 CS 311_2018-19 45
SSL and VPN
• SSL is not adapted to VPNs
– SSL uses a port for each application
• Solution: webify
– any protocol (FTP, ...) is translated into a web textformat
• Solution: MTLS = Multiplexing TLS
– creation of a secure session
– establishment of several secure sessions using a
request/response protocol
12/21/2018 CS 311_2018-19 46
Security in the Link Layer and over LANS
• In the Data Link Layer, there are several protocols including:
PPP, RADIUS and TACAS+.
• Point-to-Point Protocol (PPP)
– This is an old protocol because early Internet users used to dial
into the Internet using a modem and PPP. It is a protocol limited to
a single data link. Each call went directly to the remote access
server (RAS) whose job was to authenticate the calls as they came
in.
– A PPP communication begins with a handshake which involves a
negotiation between the client and the RAS to settle the
transmission and security issues before the transfer of data could
begin.
– This negotiation is done using the Link Control Protocol (LCP).
Since PPP does not require authentication, the negotiation may
result in an agreement to authenticate or not to authenticate.
12/21/2018 CS 311_2018-19 47
Remote Authentication Dial-In User
Service (RADIUS)
• RADIUS is a server for remote user authentication and
accounting. It is one of a class of Internet dial-in security
protocols that include Password Authentication Protocol
(PAP) and Challenge-Handshake Authentication Protocol
(CHAP).
• It is mainly used by Internet Service Providers (ISPs) to
provide authentication and accounting for remote users.
• It can be used also in private networks to centralize
authentication and accounting services on the network for
all dial-in connections for service.
• It has two main components: authentication and
accounting protocols.
12/21/2018 CS 311_2018-19 48
Terminal Access Controller Access Control
System (TACACS+ )
• This protocol, commonly referred to as “tac-plus”, is
a commonly used method of authentication
protocol.
– It is a strong protocol for dial-up and it offers:
Authentication – arbitrary length and content
authentication exchange which allows many
authentication mechanisms to be used with it.
Authorization
Auditing – a recording of what a user has been doing
and in TACASCS+, it serves two purposes:
To account for services used
To audit for security services
12/21/2018 CS 311_2018-19 49
Firewall
• A firewall is hardware, software, or a
combination of both that is used to prevent
unauthorized programs or Internet users from
accessing a private network and/or a single
computer.
12/21/2018 CS 311_2018-19 50
Why do we need a firewall?
• To prevent certain types of data from
getting in or out of particular areas
• Security between the outside world and
your network, especially protection from
most Internet security threats
• Firewalls keep damage on one part of the
network
12/21/2018 CS 311_2018-19 51
Demilitarized Zone
• A zone with an intermediate trust level,
situated between the Internet and a
trusted internal network, is often
referred to as a "perimeter network" or
Demilitarized Zone (DMZ)
12/21/2018 CS 311_2018-19 52
Demilitarized Zone …
• Connections from the internal and the external
network to the DMZ are permitted, while
connections from the DMZ are only permitted to the
external network — hosts in the DMZ may not
connect to the internal network.
• This allows the DMZ's hosts to provide services to
both the internal and external network while
protecting the internal network in case intruders
compromise a host in the DMZ.
• The DMZ is typically used for connecting servers that
need to be accessible from the outside world, such
as e-mail, web and DNS servers.
12/21/2018 CS 311_2018-19 53
Firewall Implementations
• Hardware (network devices)
– Cisco PIX, Sonicwall, Watchguard Firebox
• Software (applications)
– Windows – ZoneAlarm, Norton Personal Firewall,
BlackICE
– Unix and variants – ipfw, ipchains, iptables, ipf
12/21/2018 CS 311_2018-19 54
Positioning of Servers in a Network
• If your organization uses a firewall to protect
its internal network from external attacks, you
have a number of choices of where to locate
your servers.
– A server located outside a firewall
– A server located inside a firewall
– A server located between an internal firewall and
an external firewall
12/21/2018 CS 311_2018-19 55
Setting Up Firewalls
• Microsoft Windows operating systems are
shipped with a built-in firewall. To set it up,
open Windows Firewall under the Control
Panel and click the firewall on.
• For Linux and UNIX operating systems, the
user may build a firewall using built in
programs. For example, Linux users may use
the iptables program to build a personal
stateless packet filter firewall.
12/21/2018 CS 311_2018-19 56