Network security

About This Presentation

Title:

Network security

Description:

Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: – PowerPoint PPT presentation

Number of Views:219

Avg rating:3.0/5.0

Slides: 82

Provided by: Reye88

Category:

more less

Transcript and Presenter's Notes

Title: Network security

1
Network security

Foundations
what is security?
cryptography
authentication
message integrity
key distribution and certification
Security in practice
application layer secure e-mail
transport layer Internet commerce, SSL, SET
network layer IP security

2
Network Security
Network Entities Friends and Enemies
Insecure medium

well-known in network security world
Bob, Alice want to communicate 'securely'
Trudy, the intruder may intercept, delete, add
messages

Routers exchange tables
Email applications exchange secure emails
Client-server establish secure transport
connection
3
What is network security?
DESIRABLE PROPERTIES OF SECURE CONNECTION

Secrecy only sender, intended receiver should
understand message contents
sender encrypts messages
receiver decrypts messages
Authentication sender, receiver want to confirm
identity of each other
Message Integrity sender, receiver want to be
sure message did not get altered (in transit), or
get altered without detection

1
2
3
4
What is network security?
DESIRABLE PROPERTIES OF SECURE CONNECTION

Availability and Access Control
communication can occur in the first place
Prevent Denial-of-Service attacks (DoS)
ensures network entities can gain access to
resources if they have access rights and perform
accesses in a well-defined manner
Firewall controls access to and from the
network by regulating which packet can pass into
and out of the network

4
5
Network Security
CYCLE IN ACHIEVING NETWORK SECURITY

Protect network communication and network
resources
Detect breaches of secure communication
attacks on infrastructure
Respond deployment of additional protection
mechanisms

1
2
3
6
Internet security threats
Sniffer tool for capturing packets sent across
wire/air

Packet sniffing
broadcast media (remember CSMA/CD protocol)
promiscuous NIC reads all packets passing by
can read all unencrypted data (e.g. passwords)
e.g. C sniffs B's packets

C
A
B
e.g. TCPDump, Snoop, Snort, Ethereal
7
Ethereal
An adapter could be set to listen in promiscuous
mode.
Lets see a sample capture file from Ethereal
8
Internet security threats
Spoofing providing false information about your
identity in order to gain unauthorized access to
systems

IP Spoofing
can generate raw IP packets directly from
application, putting any value into IP source
address field
receiver can't tell if source is spoofed
e.g. C pretends to be B

C
A
B
9
Internet security threats
Attack to reduce ability to service clients by
overloading target

Denial of service (DOS)
flood of maliciously generated packets swamp
receiver
Distributed DOS (DDOS) multiple coordinated
sources swamp receiver
e.g., C and remote host SYN-attack A

C
A
B
10
DoS
Exploits basic weakness of TCP/IP Protocol
Recall

Attacker sends thousands and thousands of SYN
packets to the victim

Victim is forced to wait for replies that would
never come.

While the host is waiting for so many replies,
it cannot accept any legitimate requests, so it
becomes unavailable

11
The language of cryptography
Figure 7.3 goes here

symmetric key crypto sender, receiver keys
identical
public-key crypto encrypt key public, decrypt
key secret

12
Cryptography
From Alice to Bob (SENDER)
Key KA Plaintext Message m
Ciphertext KA(m)
Encryption Algorithm
Bobs side (RECEIVER)
Encrypted Message KA key KB
Decryption Algorithm
Plaintext m
KB(KA(m))
Symmetric key systems KAKB, kept secret
Public key systems 1 key known to the world
other key known only
by Alice or Bob (but not both)
13
Monoalphabetic Cipher
Substitution of letters without any regular
pattern

Any letter can be substituted with any other
letter, as long as each letter has a unique
substitute letter, and vice-versa

plaintext abcdefghijklmnopqrstuvwxyz
ciphertext mnbvcxzasdfghjklpoiuytrewq
E.g.
Plaintext bob. i love you. alice
ciphertext nkn. s gktc wky. mgsbc
Q How hard to break this simple cipher?
Better than Ceasars cipher (shift cipher) in
that there are 26! (on the order of 1026)
Possible pairings of letters
14
Monoalphabetic Cipher
Substitution of letters without any regular
pattern

Any letter can be substituted with any other
letter, as long as each letter has a unique
substitute letter, and vice-versa

9 of letter occurrences
e and t are the most frequently occurring
letters in English
13 of letter occurrences
Two- and three-letter occurrences of letters
appear quite often together (e.g. in, it,
the, ion, ing, etc.)
If intruder has some knowledge about possible
contents of the message, code is even easier to
break
15
Symmetric key crypto DES

DES Data Encryption Standard
US encryption standard NBS 1977, NIST 1993
Designed by IBM adopted by the U.S. Government
for non-military and non-classified use
56-bit symmetric key, 64-bit plain text input

GOAL
Completely scramble data and key so that every
bit of ciphertext depends on every bit of data
and every bit of the key.. With a good algorithm,
there should be no correlation between the
ciphertext and either the original data or key.
16
Symmetric key crypto DES

initial permutation
16 identical 'rounds' of function application,
each using different 48 bits of key
final permutation

involve multiple rounds
block cipher - plaintext is divided into
blocks and use the same key to encrypt and
decrypt the blocks

For encrypting longer messages use cipher-block
chaining

17
Symmetric key crypto DES

How secure is DES?
97 DES Challenge 56-bit-key-encrypted phrase
('Strong cryptography makes the world a safer
place') decrypted (brute force) in 4 months
After testing a quarter of the key space 18
quadrillion keys
no known backdoor decryption approach
making DES more secure
use three keys sequentially (3-DES) on each datum
Successor to DES (2001) AES Advanced Encryption
Standard
128-bit block data processing keys 128,192,256
bits long
A machine that could crack 56-bit DES in one sec.
(i.e. 255 per second) would approx. take 149
trillion years to crack a 128-bit AES key

18
Public Key Cryptography
Is it possible to communicate with encryption
without having a shared secret key known in
advance?

symmetric key crypto
requires sender, receiver know shared secret key
Q how to agree on key in first place
(particularly if never met)?
Typical problem in the Internet

public key cryptography
radically different approach Diffie-Hellman76,
RSA78
sender, receiver do not share a secret key
encryption key public (known to all)
decryption key private (known only to receiver)

19
Public key cryptography

Figure 7.7 goes here

20
Public key encryption algorithms
Two inter-related requirements
.
.

need d ( ) and e ( ) such that

B
B
RSA Rivest, Shamir, Adleman algorithm
21
RSA Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n pq, z (p-1)(q-1)
3. Choose e (with e lt n) that has no common
factors with z. (e, z are 'relatively prime').
4. Choose d such that ed-1 is exactly divisible
by z. (in other words ed mod z 1 ).
5. Public key is (n,e). Private key is (n,d).
In mathematics, a prime number (or a prime) is a
natural number that has exactly two (distinct)
natural number divisors, which are 1 and the
prime number itself. The first 30 prime numbers
are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37,
41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89,
97, 101, 103, 107, 109, and 113
22
RSA Encryption, decryption
0. Given (n,e) and (n,d) as computed above
2. To decrypt received bit pattern, c, compute
d
(i.e., remainder when c is divided by n)
Magic happens!
23
RSA example
Bob chooses p5, q7. Then n35, z24.
e5 (so e, z relatively prime). d29 (so ed-1
exactly divisible by z.
e
m
m
letter
encrypt
l
12
248832
17
c
letter
decrypt

17
12
l

481968572106750915091411825223072000 - too big !!
(int type)
24
RSAhow strong is it??

RSA Challenges
Prize offered to anyone who can break an RSA key
of a certain size
(See www.rsasecurity.com/rsalabs )
US200,000.00 for whoever solves a 2048 bits
factorization problem. No one claimed the prize
so far...
Last challenge solved
RSA-576 10,000 Factored in 2003 by J. Franke et
al.
Using a powerful parallel machine and very clever
algorithms
Currently RSA-1024 is commonly used in practice
RSA key's size matters, see next...

25
Authentication
Process of proving ones identity to someone else
over a network

live party (often routers, client-server
processes)
Cannot rely on biometric information
Must be done solely on the basis of messages and
data exchanged
Must be performed before other protocols
E.g.
Reliable data transfer protocol
Routing information exchange protocol
E-mail protocol

Lets see stepwise evolution of a design of an
authentication protocol (ap)
Next
26
Authentication

Goal Bob wants Alice to prove her identity to him

Protocol ap1.0 Alice says ''I am Alice''
Failure scenario??
27
Authentication using IP
Protocol ap2.0 Alice says ''I am Alice'' and
sends her IP address along to prove it.
Failure scenario??
Create an Operating system kernel that sends an
IP datagram using Alices IP address
Not unless first-hop router of Trudy would
prevent it
28
Authentication Secret Password
Protocol ap3.0 Alice says ''I am Alice'' and
sends her secret password to prove it.
Failure scenario?
Passwords are sent as cleartext for some
applications (e.g. Telnet). Within the same LAN,
it can be sniffed
WireShark
29
Authentication Encrypted Secret Password
Protocol ap3.1 Alice says ''I am Alice'' and
sends her encrypted secret password to prove it.
Assumption Symmetric key cryptography is
employed
Shared Secret key
Failure scenario?
Playback attack record encrypted password,
playback encrypted password version to Bob to
pretend that she is Alice
Password is not learned by Trudy
Pitfall same password is used over and over
again.
30
Playback Attack
How to solve it?
Failure Scenario
Bob cannot distinguish between the original
authentication and its playback version
Countermeasures
Use a different password each time

use a sequence of passwords or password
generator (could be a number)

apply encryption algorithm to each password

Bob knows Alice is indeed sending the datagram,
because she knows the secret encryption key, and
she is sending it live because she is using the
number recently generated by Bob.
31
Authentication Sequence of Encrypted Secret
Passwords
Nonce Symmetric key Cryptography (Shared Secret
Key)
Goal avoid playback attack
Nonce number (R) used only once in a lifetime
ap4.0 to prove Alice is live, Bob sends Alice
nonce, R. Alice must return R, encrypted with
shared secret key
Figure 7.11 goes here
Failures, drawbacks?
We have a solution! Bob knows Alice is indeed
sending the datagram, because she knows the
secret encryption key, and she is sending it
live
32
Authentication ap5.0
Ap5.0 Nonce Public key cryptography

ap4.0 requires shared symmetric key
problem how do Bob, Alice agree on key
can we authenticate using public key techniques?

Problem Trudy may be able to impersonate Alice
Figure 7.12 goes here
Note eA(dA(R)) dA(eA(R)) R
Trudy
Eventually, Alice Bob may find together that
someone else was interacting with Bob.
33
ap5.0 security hole

Man (woman)-in-the-middle attack Trudy poses as
Alice (to Bob) and as Bob (to Alice)

Alice is happy to receive encrypted message using
her own public key
Bob is happy to send encrypted data
Figure 7.14 goes here
Need 'certified' public keys (more later )
Alice Bob may never know that Trudy was there
all along.
34
Digital Signatures

Cryptographic technique analogous to hand-written
signatures.
Sender (Bob) digitally signs document,
establishing he is document owner/creator.
Verifiable, non-forgeable, non-repudiable
recipient (Alice) can verify that Bob, and no one
else, signed document.

Simple digital signature for message m
Bob encrypts m with his private key dB, creating
signed message, dB(m).
Bob sends m and dB(m) to Alice.

35
Digital Signatures (more)

Suppose Alice receives msg m, and digital
signature dB(m)
Alice verifies m signed by Bob by applying Bobs
public key eB to dB(m) then checks eB(dB(m) )
m.
If eB(dB(m) ) m, whoever signed m must have
used Bob's private key.

Alice thus verifies that
Bob signed m.
No one else signed m.
Bob signed m and not m.
Non-repudiation
Alice can take m, and signature dB(m) to court
and prove that Bob signed m.

36
Message Digests

It is computationally expensive to
public-key-encrypt long messages.
Goal fixed-length,easy to compute digital
signature, 'fingerprint'
apply hash function H to m, get fixed size
message digest, H(m).

Hash function properties
Many-to-1
Produces fixed-size msg digest (fingerprint)
NON-FORGEABILITY REQUIREMENT
Given message digest x, computationally
infeasible to find m such that x H(m)
computationally infeasible to find any two
messages m and m' such that
H(m) H(m').

37
Digital signature Signed message digest

Bob sends digitally signed message

Alice verifies signature and integrity of
digitally signed message

38
Internet checksum poor crypto hash function

Internet checksum has some properties of hash
function
produces fixed-length digest (16-bit sum) of
message
is many-to-one

But given message with given hash value, it is
easy to find another message with same hash
value
message
ASCII format
message
ASCII format
I O U 9 0 0 . 1 9 B O B
49 4F 55 39 30 30 2E 31 39 42 4F 42
I O U 1 0 0 . 9 9 B O B
49 4F 55 31 30 30 2E 39 39 42 4F 42
B2 C1 D2 AC
B2 C1 D2 AC
different messages but identical checksums!
39
Hash Function Algorithms

MD5 hash function widely used (RFC1321 with
code).
Computes 128-bit message digest in 4-step
process.
For any arbitrary 128-bit message digest x, it
appears difficult to construct msg m whose MD5
hash is equal to x.
SHA-1 is also used.
US federal standard
160-bit message digest

Internet checksum would make a poor message
digest.
Too easy to find two messages with same checksum.
Even using a 128-bit CRC it would be easy to find
a second message to fit to the CRC

40
Hash Function Algorithms

MD5
Try the freeware WinMD5Free.exe
MD5 is a very reliable way to fingerprint a file
From rfc1321 (with code) ...The MD5 algorithm
takes as input a message of arbitrary length and
produces as output a 128-bit "fingerprint" or
"message digest" of the input. It is conjectured
that it is computationally infeasible to produce
two messages having the same message digest, or
to produce any message having a given
pre-specified target message digest.

Difficulty of coming up with any two messages
with same message digests order of 264
operations.
Given a message digest, the difficulty of coming
up with any message with the same message digest
is in the order of 2128 operations.
41
Trusted Intermediaries

Problem
How do two entities establish shared secret key
over network?
Solution
trusted key distribution centre (KDC) acting as
intermediary between entities

Problem
When Alice obtains Bob's public key (from web
site, e-mail, diskette), how does she know it is
Bob's public key, not Trudy's?
Solution
trusted certification authority (CA)

42
Kerberos

Authentication service developed at MIT (RFC
1510)

Uses symmetric key encryption key distribution
center

Variations extensions to KDC

Authentication Server (AS)
Plays the role of the KDC
Repository of secret keys of all users
Repository of users access privileges indicating
which service the user has access to, and on
which network servers
43
Key Distribution Center (KDC)
How can Alice Bob get a shared symmetric key in
a secured way?
expiration time

Alice,Bob need shared symmetric key.
KDC server shares different secret key with each
registered user.
Alice, Bob know their own symmetric keys, KA-KDC
KB-KDC , for communicating with KDC.

R1-encrypted time-stamp (nonce)
Bob a Server to which Alice a user
KDC uses the appropriate private user secret key
to communicate with them.
44
Key Distribution Center (KDC)
45
Certification Authorities

Certification authority (CA) binds public key to
particular entity.
Entity (person, router, etc.) can register its
public key with CA.
Entity provides proof of identity to CA.
CA creates certificate binding entity to public
key.
Certificate digitally signed by CA.

When Alice wants Bob's public key
gets Bob's certificate (from Bob or elsewhere).
Apply CA's public key to Bob's certificate, get
Bob's public key

46
Certificate Sample
47
Certification Authorities
International Telecommunication Union (ITU)
IETF set standards for CAs

Take a look at the CA in the browser...

48
END OF SESSION
49
Firewall
Uses a combination of hardware and software
components

isolates organization's internal net from larger
Internet, allowing some packets to pass, blocking
others.

gateway-to-remote host telnet session
X
application gateway
router and filter
50
Firewall

Two firewall types
packet filter (network layer)
application gateways (application layer)

51
PACKET FILTERING

Operates at the Network Layer

The Internet access relies on a particular Router
The router can filter packets based on
IP addresses
Domain names
Port numbers
Protocol types
TCP SYN and ACK bits on a TCP packet

Coarse-grain filtering on IP and TCP/UDP headers

Operates by sequentially checking filtering rules
against the datagram being inspected the first
rule matching the datagram determines the action
taken

52
PACKET FILTERING

Alice administers a company network 222.22.0.0/16
and, in general, wants to disallow access to her
network from the public internet (R3). However,
Alice collaborates with Bob and his colleagues
who are at network 111.11/16. Alice wants to let
users from Bobs network access a specific
subnet, 222.22.22/24 within her companys network
(R1). The problem is that Trudy belongs to Bobs
network, with subnet 111.11.11/24. Therefore,
Alice doesnt want any traffic from 11.11.11/24
entering anywhere into her network (R2).

Packet filtering rules (ordering of evaluation is
important!)

Specifying filtering rules

SOURCE IP DEST IP Desired Action Comments
R1 111.11/16 222.22.22/24 Permit Let datagram from Bobs university into a restricted subnet.
R2 111.11.11/24 222.22/16 Deny Dont let traffic from Trudys subnet into anywhere within Alices network
R3 0.0.0.0/0 0.0.0.0/0 Deny Dont let traffic into Alices network
SOURCE IP DEST IP Desired Action R2,R1,R3 R1,R2,R3
P1 111.11.11.1 222.22.6.6 Deny
P2 111.11.11.1 222.22.22.2 Deny
P3 111.11.6.6 222.22.22.2 Permit
P4 111.11.6.6 222.22.6.6 Deny
54
PACKET FILTERING

Operates at the Network Layer

SOURCE IP DEST IP Desired Action R2,R1,R3 R1,R2,R3
P1 111.11.11.1 222.22.6.6 Deny Deny(R2) Deny(R2)
P2 111.11.11.1 222.22.22.2 Deny Deny(R2) Permit(R1)
P3 111.11.6.6 222.22.22.2 Permit Permit(R1) Permit(R1)
P4 111.11.6.6 222.22.6.6 Deny Deny(R3) Deny(R3)

Applying more specific rules first does not
always avoid unanticipated or unwanted behaviour
arising from ordering issues

55
PACKET FILTERING

Example 3 block 'ping'
In order to avoid external users to find suitable
IP addresses to attack.
Example 4
Block domain names that are known to be dangerous
to users or inadequate for the scope of the
institution.

Example 1 block incoming and outgoing datagrams
with IP protocol field 17 and with either
source or dest port 23.
All incoming and outgoing UDP flows and telnet
connections are blocked.
Example 2 Block inbound TCP segments with ACK0.
Prevents external clients from making TCP
connections with internal clients, but allows
internal clients to connect to outside.

56
APPLICATION GATEWAYS

Application specific server through which all
application data must pass

Packet Filter Application Gateway
e.g. Force all outbound Telnet connections to
pass through the application gateway
Each Gateway separate server with own processes

Make policy decisions based on application data

Multiple application gateways on the same host

e.g. Telnet, HTTP, FTP, mail server, Web
Cache
57
APPLICATION GATEWAYS

Filters packets on application data as well as on
IP/TCP/UDP fields.
Example Allow only selected internal users to
telnet outside.

58
Limitations of firewalls and gateways

IP spoofing router can't know if data really
comes from claimed source
Multiple applications need special treatment
each with its own gateway.
Client software must know how to contact gateway.
e.g., must set IP address of proxy in Web browser

Filters often use all or nothing policy for UDP.
Trade off degree of communication with outside
world, level of security
Many highly protected sites still suffer from
attacks.
Does not protect against the enemy from within.

59
Snort

Snort is an open source network intrusion
prevention and detection system (IDS/IPS)
developed by Sourcefire. Combining the benefits
of signature, protocol, and anomaly-based
inspection, Snort is the most widely deployed
IDS/IPS technology worldwide. With millions of
downloads and nearly 400,000 registered users,
Snort has become the de facto standard for IPS.

60
Secure e-mail
Desirable Security Features

Confidentiality
Sender authentication
I dont love you anymore. I never want to see
you again. Formerly yours, Alice
Message Integrity
Receiver Authentication
Tools
symmetric key public key cryptography
Authentication
Key Distribution
Message Integrity
Digital Signatures

Lets see stepwise evolution of a design of a
Secure E-mail
Next
61
Secure e-mail
SE v1
Confidentiality

Alice wants to send secret e-mail message, m, to
Bob.

generates random symmetric private key, KS.
encrypts message with KS
also encrypts KS with Bob's public key.
sends both KS(m) and eB(KS) to Bob.

Tools Symmetric Session key Public key
cryptography
62
Secure e-mail (continued)
SE v2
X
Confidentiality Authentication Message
Integrity

Alice wants to provide sender authentication
message integrity.

Alice digitally signs message.
sends both message (in the clear) and digital
signature.

Tools Hash Function Digital Signature
63
Secure e-mail (continued)
SE v3
Confidentiality Authentication Message
Integrity

Alice wants to provide secrecy, sender
authentication, message integrity.

Confidentiality measures
Authentication Message Integrity
Note Alice uses both her private key, Bob's
public key.
64
Pretty good privacy (PGP)
dA(H(m))

Internet e-mail encryption scheme, a de-facto
standard.
Uses symmetric key cryptography, public key
cryptography, hash function, and digital
signature as described.
Provides secrecy, sender authentication,
integrity.
Inventor, Phil Zimmerman, was target of 3-year
federal investigation.

A PGP signed message

---BEGIN PGP SIGNED MESSAGE---
Hash SHA1
Bob(secret message)
---BEGIN PGP SIGNATURE---
Version PGP 5.0
Charset noconv
yhHJRHhGJGhgg/12EpJlo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---

Cryptography programs are considered munitions
under US federal law and are not allowed to be
exported
65
PGP
TOOLS

Design

Similar to SEv3 diagram discussed

Creation of Message Digest

MD5, SHA

Symmetric Key Encyption

CAST, triple-DES, IDEA

Public Key Encyption

RSA

Compression

66
Pretty good privacy (PGP)

Freely available on http//web.mit.edu/network/pgp
.html
Look also www.pgp.com
Zimmermann has received technical awards
2001 he was inducted into the CRN Industry Hall
of Fame
2000 InfoWorld named him one of the Top 10
Innovators in E-Business
1999 Louis Brandeis Award from Privacy
International
1998 Lifetime Achievement Award from Secure
Computing Magazine
1996 the Norbert Wiener Award from Computer
Professionals for promoting the responsible use
of technology.

67
Internet Commerce Scenario
Purchasing a product from a website
Use SSL protocol to combat these problems
Alice Incorporated Site
Information
Product, Quantity Address Payment card
number password
submit

Intercept order, obtain Bobs card information,
then make purchases using Bobs card or

Trudy could be masquerading as Alice Incorporated

68
Secure sockets layer (SSL)
sits between Application Layer and TCP

Server authentication
SSL-enabled browser includes public keys for
trusted CAs.
Browser requests server certificate, issued by
trusted CA.
Browser uses CA's public key to extract server's
public key from certificate.
Visit your browser's security menu to see its
trusted CAs.

Originally developed by Netscape
SSL security services
server authentication
data encryption
client authentication (optional)
SSL works at transport layer. Provides security
to any TCP-based app using SSL services.
SSL used between WWW browsers, servers for
Internet-commerce (https).

69
Secure Sockets Layer (SSL)
Originally developed by Netscape

Data encryption

Can be viewed as a layer bet. App. Layer
Transport Layer

Authentication bet. Web client Web server

Web Client (browser)
SSL-enabled Web Server
1. Handshake Phase

negotiates encryption algorithm

Authenticates server to client (or, vice-versa)

2. Data Transmission Phase

Encryption of data using Session keys generated
during handshake phase

70
Secure Sockets Layer (SSL)
HIGH-LEVEL VIEW OF HANDSHAKE PHASE OF SSL
Bob browses Alices secure page
Alice sends Bob her certificate
Bob extracts Alices public key
Bob generates a random symmetric key and
encrypts it using Alices public key
Alice extracts the symmetric key
71
Secure Sockets Layer (SSL)
FEATURES

SSL SERVER AUTHENTICATION

Allows the browser to authenticate the server
before the user submits important information

List of trusted CAs Public keys

Client obtains certificate from server, then
checks certificate with clients list of trusted
CAs.
If found on list, client validates certificates
integrity and
extracts servers public key

SSL CLIENT AUTHENTICATION (Optional)

ENCRYPTED SSL SESSION

encryption/decryption of all information between
browser server

information tampering detection

72
SSL (continued)
ENCRYPTED SSL SESSION

SSL basis of IETF Transport Layer Security
(TLS).
SSL can be used for non-Web applications, e.g.,
IMAP.
Client authentication can be done with client
certificates.

Browser generates symmetric session key, encrypts
it with servers public key, sends encrypted key
to server.
Using its private key, server decrypts session
key.
Browser, server agree that future msgs will be
encrypted.
All data sent into TCP socket (by client or
server) encrypted with session key.

73
Secure Sockets Layer (SSL)
LIMITATIONS

Provides a popular platform (for servers and
browsers) for card payment transactions

Generic secure communication bet. server client

signed certificate guarantees bona fide
company
certificate does not indicate if company is
authorized to accept
card payments nor if its a reliable merchant

Company has no assurance if card is not stolen

74
(No Transcript)
75
(No Transcript)
76
(No Transcript)
77
Secure electronic transactions (SET)

designed for payment-card transactions over
Internet.
provides security services among 3 players
customer
merchant
Merchant's bank
All must have certificates.
SET specifies legal meanings of certificates.
apportionment of liabilities for transactions

Customer's card number passed to merchant's bank
without merchant ever seeing number in plain
text.
Prevents merchants from stealing, leaking payment
card numbers.
Three software components
Browser wallet
Merchant server
Acquisition gateway

78
SSH (Secure Shell)
an example of secure connection

Telnet or rsh are not secure
They transmit login/passwords over the network
SSH is safer because it encrypts the
login/password
Authenticates the hosts
Keeps keys on the user's local directory
Example of known_hosts file
hostname1,130.113.118.147 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAsmnfyxDMN7o1UrXuvjchDD
FGRVdwRLVC/pVoXvrVl5Byxp/GQSdWJeYzMyEyKaNQIgFpiB
Gqnsgfk8uQJCzyJnB3nkYSAhVlz2emjuC6kuJ8yFgoIxON4v9N
VEeSgSEIua6aVBi4a4tfy2sSj15aYzWPSOmJoGhnt6lEaDY0

79
END OF SESSION
80
Ipsec Network Layer Security
Blanket coverage for all Internet traffic (RFC
2401, 2411)
Advantages
Necessary Precursor

Network-layer secrecy
sending host encrypts the data in IP datagram
TCP and UDP segments ICMP and SNMP messages.
Network-layer authentication
destination host can authenticate source IP
address
Two principal protocols
authentication header (AH) protocol
encapsulation security payload (ESP) protocol

For both AH and ESP, source, destination
handshake
create network-layer logical channel called
security association (SA)
Each SA unidirectional.
Uniquely determined by
security protocol (AH or ESP)
source IP address
32-bit connection ID

81
Authentication Header (AH) Protocol

AH header includes
connection identifier
authentication data signed message digest,
calculated over original IP datagram, providing
source authentication, data integrity.
Next header field specifies type of data (TCP,
UDP, ICMP, etc.)