CHAPTER 5:

TRANSPORT-LEVEL SECURITY.

GROUP 4:
NO: NAMES:

1 TUMUHIMBISE ALLAN

1 2

3
  Web Security considerations
2
 Secure socket layer and transport layer security
 Transport layer security
 HTTPs
 Secure Shell (SSH)

These slides are based on Willian Stallings’s book “Network Security Essentials: Applications and Standards
(Fourth edition)”
3 Web Security Considerations:
 Web security is fundamentally a client/server application running over the internet and TCP/IP
intranets.
 ‘’Web security ,also known as Cyber Security ‘’ Involves protecting that information by
preventing, detecting and responding to attacks.
 The WEB is a highly visible utlet for corporate and product information and as the platform for
business transactions.
 Complex software hide many security flaws.
 Web servers are easy to configure and manage.
 Users are not aware of the risks
4 Web security Threats:
 Security threats faced in using the web
1. One way –Active attacks and Passive attacks
 Passive attacks include eavesdropping on network traffic between browser and server and
gaining access to information on a web site that is supposed to be restricted.
 Active attacks include impersonating another user, altering messages in transit between
client and server, and altering information on a Web site.
2. Another way :classify location of the threat e.g. web server, web browser, and network traffic
between browser and server. Issues of server and browser security fall into the category of
computer system security
 5 Web Traffic Security Approaches:
 Web security provide to use IP security (IP Sec) .
 The advantage of using IPSec is that it is transparent to end users and applications and provides a general
purpose solution.
 Ipsec includes a filtering capability so that only selected traffic need incur the overhead of Ipsec processing.
 Another relatively general-purpose solution is to implement security just above TCP .The foremost example
of this approach is Secure Sockets Layer(SSL) and Transport Layer Security(TLS).
 SSL or TLS could be provided protocol suite
 SSL can be embedded in specific packages
 Comparison of threats on the Web:
6
 Relative location of Security facilities in the
7
TCP/IP STACK:

 PGP-used to send message confidentially

 Kerberos-computer network authentication protocol
 Secure Electronic Transaction(SET) i.e. digital signature transaction
8
Secure Socket Layer(SSL) and Transport Layer
Security:
 SSL was originated by Netscape.SSLv.3 was designed with public review and input from
industry was published as an internet draft document. Subsequently, when a consensus was
reached to submit the protocol for Internet standardization, the TLS working group was formed
within IETF to develop a common standard.
 This first published version of TLS can be viewed as essentially an
 SSLv3.1 and is very close to and backward compatible with SSLv3.
 Below we are to discuss the principle differences between TLS and SSLv3
 9 SSL Architecture:
 Secure Sockets Layer(SSL) is a computer
networking protocol for securing connections
between network application clients and
servers over insecure network, such as the
internet.
 SSL is designed to make use of TCP to
provide reliable end to end secure service.
 SSL is not a single layer protocol but rather 2
layers of protocols
 The three higher layer protocols (handshake,
change cipher spec and Alert ) of SSL is used
in the management of SSL exchanges.
10 The two important concepts of SSL are:
Connection
 A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For
SSL, such connections are peer-to-peer relationships. The connections are transient. Every connection is
associated with one session.
Session
 An SSL session is an association between a client and a server. Sessions are created by handshake protocol.
Sessions are used to avoid the expensive negotiation of new security parameters.
11 SSL record protocol:
 Provides basic security services to various higher level protocols
 HTTP
 Handshake protocol
 Change Cipher Spec Protocol
 Alert Protocol
 Provides 2 services for SSL connections
Confidentiality : handshake protocol that defines a shared secret key that is used for conventional
encryption of SSL payloads.
Message integrity: handshake protocol also defines a shared secret key used to form a message
authentication code(MAC)
 12
SSL Record protocol operation:
 The SSL Record Protocol takes an application
message to be transmitted, fragments the data
into manageable blocks, optionally compresses
the data, applies a MAC, encrypts, adds a
header, and transmits the resulting unit in a
TCP segment.
 Received data are decrypted, verified,
decompressed, and reassembled before being
delivered to higher-level users.
13 SSL Record protocol operation:
1. The first step is fragmentation ,Each upper-layer message is fragmented into blocks of 214 bytes
(16384 bytes) or less.
2. Next, compression is optionally applied. Compression must be lossless and may not increase the
content length by more than 1024 bytes. In SSLv3 (as well as the current version of TLS),no
compression algorithm is specified, so the default compression algorithm is null.
3. The next step in processing is to compute a message authentication code (MAC) over the
compressed data. For this purpose, a shared secret key is used.
4. The compression msg+ MAC are encrypted using symmetric encryption
5. 5.SSL is to prepare a header consisting of the following fields as below
 14
SSL Record format:
 Content type(8bits)-used to process the
enclosed fragment.
 Major version(8bits)-indicates the major
version of SSL in use for SSLv3 the version is
3.
 Minor version(8bits)-indicates the minor
version of SSL for SSLv3 the value is 0.
 Compressed length(16bits)- the length of the
bytes of plain text fragment or compressed
fragment if compression is used.
15 Handshake protocol:
 The most complex part of SSL is the Handshake Protocol. This protocol allows the server and
client to authenticate each other and to negotiate an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent in an SSL record.
 The Handshake Protocol is used before any application data is transmitted.
 The Handshake Protocol consists of a series of messages exchanged by client and server.
 Handshake protocol:
16
17 Change Cipher Spec protocol:
 The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL
Record Protocol, and it is the simplest. This protocol consists of a single message , which
consists of a single byte with the value 1. The sole purpose of this message is to cause the
pending state to be copied into the current state, which updates the cipher suite to be used on this
connection.
18
Alert protocol:
 The Alert Protocol is used to convey SSL-related alerts to the peer entity. As with other
applications that use SSL, alert messages are compressed and encrypted, as specified by the
current state.
 Each message in this protocol consists of two bytes
 The first byte takes the value warning (1) or fatal (2) to convey the severity of the message.
 If the level is fatal, SSL immediately terminates the connection. Other connections on the same
session may continue, but no new connections on this session may be established.
19
Alert protocol cont’d:
The second byte contains a code that indicates the specific alert. First, we list those alerts that are
always fatal (definitions from the SSL specification):
 unexpected message: An inappropriate message was received.
 bad_record_mac: An incorrect MAC was received.
 decompression failure: The decompression function received improper
 input (e.g., unable to decompress or decompress to greater than maximum
 allowable length).
 handshake failure: Sender was unable to negotiate an acceptable set of
 security parameters given the options available.
 illegal parameter: A field in a handshake message was out of range or
 inconsistent with other fields.
 20 HTTPS:
 HTTPS (HTTP over SSL)
o Combination of HTTP & SSL/TLS to secure communications between browser & server
 Built into all modern Web browsers
 Depends on the Web server supporting HTTPS communication.

 Use https:// URL rather than http://

o And port 443 rather than 80
 Encrypts
o URL, document contents, form data, cookies, HTTP headers
 21 HTTPS Use:
 connection initiation
o TLS handshake is first done
 HTTP client (browser) acts as TLS client
o After the handshake HTTP request(s) are sent and then responded by the server
• Actually all HTTP data should be sent through TLS record protocol

 connection closure
o have “Connection: close” in HTTP record
o TLS level exchange close_notify alerts
o can then close TCP connection
o must handle TCP close before alert exchange sent or completed
 22
Secure Shell (SSH):
 Protocol for secure network communications
designed for simplicity, easy to implement.
 SSH1 provided secure remote logon facility
 replace TELNET & other insecure schemes
 SSH2 fixes a number of security flaws
 Documented in RFCs 4250 through 4254
 SSH provides general client/server capability: can
TCP
be used for network functions, e.g., file transfer, e-
mail IP
 SSH client and server applications widely available
for most OSs SSH Protocol Stack
 Has become method of choice for remote login, X
tunneling
 Pervasive application for encryption technology
outside of embedded systems
 SSH Transport Layer Protocol: Server
23
Authentication:
 Server authentication occurs at the transport layer, based on server’s public/private key pair
 A server may have multiple host keys using multiple different asymmetric encryption
algorithms
 Multiple hosts may share the same host key
 Server host key is used during key exchange to authenticate the identity of the host
 SSH Transport Layer: Protocol Packet
24
Exchange, Formation:
payload

COMPRESS

seq # pktl pdl compressed payload padding

ENCRYPT MAC

ciphertext

SSH Packet

pktl = packet length

pdl = padding length

Figure 6.10 SSH Transport Layer Protocol Packet Formation

 SSH Transport Layer Cryptographic Algorithms:
25
25 Cipher MAC algorithm
3des-cbc* Three-key 3DES in hmac-sha1* HMAC-SHA1; digest
CBC mode length = key length = 20
blowfish-cbc Blowfish in CBC mode hmac-sha1-96** First 96 bits of HMAC-
SHA1; digest length =
12; key length = 20
twofish256-cbc Twofish in CBC mode hmac-md5 HMAC-MD5; digest
with a 256-bit key length = key length = 16
twofish192-cbc Twofish with a 192-bit hmac-md5-96 First 96 bits of HMAC-
key MD5; digest length = 12;
key length = 16
twofish128-cbc Twofish with a 128-bit
key
aes256-cbc AES in CBC mode Compression algorithm
with a 256-bit key
aes192-cbc AES with a 192-bit key none* No compression
aes128-cbc** AES with a 128-bit key zlib Defined in RFC 1950
and RFC 1951
Serpent256-cbc Serpent in CBC mode
with a 256-bit key
Serpent192-cbc Serpent with a 192-bit
key
Serpent128-cbc Serpent with a 128-bit * = Required
key ** = Recommended
arcfour RC4 with a 128-bit key
cast128-cbc CAST-128 in CBC
mode
26 Authentication Methods:
Publickey
• The client sends a message to the server that contains the client’s public key, with the message
signed by the client’s private key
• When the server receives this message, it checks whether supplied key is acceptable for
authentication; if yes, it checks whether signature is correct

Password
• The client sends a message containing a plaintext password, which is protected by encryption by the
Transport Layer Protocol

Hostbased
• Authentication is performed on the client’s host rather than the client itself
• This method works by having the client send a signature created with the private key of the client
host
• Rather than directly verifying the user’s identity, the SSH server verifies the identity of the client
host
 27 SSH Connection Protocol:
 runs on SSH Transport Layer Protocol
 assumes secure authentication connection
 which is called tunnel
 used for multiple logical channels
 SSH communications use separate channels
 either side can open with unique id number
 flow controlled via sliding window mechanism
 have three stages:
 opening a channel, data transfer, closing a channel

Example SSH Connection Protocol Message

 28
Port forwarding:
 convert insecure TCP connection into a
secure SSH connection
 SSH Transport Layer Protocol establishes a
TCP connection between SSH client & server
 client traffic redirected to local SSH, travels
via tunnel, then remote SSH delivers to server
 supports two types of port forwarding
 local forwarding – hijacks selected traffic
 remote forwarding – client acts for server
 29
Types of Port forwarding:
1. Local forwarding: 2. Remote forwarding:
i. The SSH client sets up a connection to the remote i. From the work computer, set up an SSH
server.
connection to your home computer. The
ii. Select an unused local port number, say 9999, and
configure SSH to accept traffic from this port firewall will allow this, because it is a
destined for port 110 on the server. protected outgoing connection.
iii. The SSH client informs the SSH server to create a ii. Configure the SSH server to listen on a local
connection to the destination, in this case mail server port, say 22, and to deliver data across the
port 110. SSH connection addressed to remote port,
iv. The client takes any bits sent to local port 9999 and say 2222.
sends them to the server inside the encrypted SSH iii. You can now go to your home computer, and
session. The SSH server decrypts the incoming bits
configure SSH to accept traffic on port 2222.
and sends the plaintext to port 110.
v. In the other direction, the SSH server takes any bits
iv. You now have an SSH tunnel that can be
received on port 110 and sends them inside the SSH used for remote logon to the work server.
session back to the client, who decrypts and sends
them to the process connected to port 9999.
30
Summary:

 SSL provides security at transport layer. TLS is a standardization of SSL V3.

 SSL consists of 4 protocols: Handshake (Crypto Negotiation), Change Cipher, Alert,
and Record (Encryption and MAC)
 HTTPS is simply http over SSL.
 SSH provides secure remote login and consists of 3 protocols: User authentication,
Connection (Channels), Transport layer (Encryption, MAC, Server authentication)
 SSH port forwarding (tunneling) allows insecure applications to run in a secure
mode.