7.network security

8/2/2019 7.Network Security

1/39

Information Security

Van K Nguyen - HUT

Network Security
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22


2/39

Sep 2009

Information Security by Van K Nguyen

Hanoi University of Technology 2


3/39

Sep 2009



Attacks against TCP


4/39

Sep 2009



Transmission Control Protocol - TCP

n Connection oriented protocol for a userprocess

q Reliable, full-duplex channel: acknowledgements,retransmissions, timeouts

q The packets are delivered in the same order

n Congestion control mechanisms
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22


5/39

Sep 2009



TCP 3-wayhandshake

n The sequence number

x and y are randomvalues that the otherside need to ack byincrement (x+1 or y+1)

n The connection onlyfully opened whenserver-side receivedclient s ack


6/39

Sep 2009



SYN Attack

n An attacker sends flood of SYNs with sourceaddress spoofed packets to a target.

n If the limit is reached, target machine will refuse any

incoming connections till the timeout expiresq The server send the SYN-ACK to the falsified IP address,

and thus never receive the ACK

n Server wait for ACK for some time, as simple networkcongestion could also be the cause of the missing ACK.

n Spoofed address chosen to be a non-existent one

q If the spoofed address belongs to a machine, then what ?


7/39

Sep 2009



Why it works?

n There is no authentication of the source ofthe packets

n

Addresses can be easily spoofedn Server needs to allocate a lot or resources

while client doesn t


8/39

Sep 2009



Some measurements to the SYN attack

n Configuration Optimization

q At the server

n Reduce the timeout to 10 seconds

n Increase the size of the queue

n Disable non-essential services, reducing the number ofports to be attacked

q At all routers in the Internet

n Block packets to the outside that have source addressesfrom outside the internal network


9/39

Sep 2009



Some measurements to the SYN attack

n Using firewall as relay/gateway

q Firewall acts in between, receive then forward the SYNpacket to server

q Firewall send fake ACK to server, then wait a little timeoutthen send RST to server if no real ACK coming.

n Active Monitoring

q Monitor the TCP traffic within a local area network andfigure out which ones are illegitimate connections.

q Send RST for the illegitimate connections to close them


10/39

Sep 2009



TCP Congestion Control

n Source determines how much bandwidth is availablefor it to send, it starts slow and increases thewindow of send packet based on ACKS.

n ACKS are also used to control the transmission ofpackets.

n Uses Additive Increase Multiplicative Decrease(AIMD)

n Uses Retransmission Timeout (RTO) to avoidcongestion


11/39

Sep 2009



TCP Congestion Control

n All the attacker needs todo is generate a TCPflow to force the targetedTCP connection to

repeatedly enter aretransmission timeoutstate


12/39

Sep 2009



IPsec:secure communication for the IP layer


13/39

Sep 2009



Intro

n Internet Protocol Security (IPsec) is a protocolsuite for securing Internet Protocol (IP)communications by authenticating and encryptingeach IP packet of a data stream.q Authentication/integrity

q Confidentiality

q Protection against replayed packets

n Transparent to applications

q below transport layer (TCP, UDP)n IETF IPSEC Working Group

q Documented in RFCs and Internet drafts


14/39

Sep 2009



Basics on IPSec

n Protocols

q Internet key exchange (IKE): set up a security association (SA)with encryption and authentication keys to be used.

q Authentication Header (AH): provides integrity and authenticationwithout confidentiality

q Encapsulating Security Payload (ESP): provides confidentialityand can also provide integrity and authentication

n Both AH/ESP can operate on two different modes

q Transport-mode: encapsulates an upper-layer protocol (e.g. TCPor UDP) and prepends an IP header in clear

q Tunnel-mode: encapsulates an entire IP datagram into newpacket adding a new IP header


15/39

Transport mode

n ESP in Transport Mode

q encrypts and optionally authenticates the IP payload(data), but not the IP header.

n AH in Transport Modeq authenticates the IP payload and selected portions of

the IP header

Sep 2009




16/39

Tunnel Mode

n ESP in Tunnel Mode

q encrypts and optionally authenticates the entireinner IP packet, including the inner IP header.

n AH in Tunnel Mode

q authenticates the entire inner IP packet andselected portions of the outer IP header.

Sep 2009




17/39

Security Associations

n SA- the basis for building security functions into IP.

n A security association is simply the bundle of algorithmselection and parameters (such as keys) that is beingused to encrypt and authenticate a particular f low in one

direction.q SPI + IP destination address uniquely identifies a particular

Security Association.

n Therefore, in normal bi-directional traf fic, the flows aresecured by a pair of security associations.

q SAs are unidirectional, sender supplies SPI to receiver.

Sep 2009




18/39

Authentication Header

n Provides support f or data integrity and authentication(MAC) of IP packets, using HMAC based on MD5 orSHA1.

n Defends against replay attacks (sequence number)

Sep 2009




19/39

AH: Preventing Replay

Sep 2009



n When a SA is established, sender initializes sequence counter to 0.n Every time a packet is sent the counter is incremented and is set in

the sequence number in the AH header.

n When sequence number 232 - 1 is reached, a new SA should benegotiated.


20/39

AH Authentication: Transport Mode

Sep 2009




21/39

AH Authentication: Tunnel Mode

n The new IP header contains different IP addresses thanthe ultimate destination and source

Sep 2009




22/39

Encapsulating Security Payload

n ESP provides conf identiality services, optionally can providethe same services as AH

n Encryption: 3DES, Blowfish, CAST, IDEA, 3IDEA

Sep 2009Information Security by Van K Nguyen

Hanoi University of Technology22


23/39

ESP Encryption and Authentication:

Transport Mode




24/39

ESP Encryption and Authentication:

Tunnel Mode




25/39

TLS/SSL: SECURE END-TO-END COMMUNICATION




26/39

History

n Netscape Communications developed the first three versions ofSecure Socket Layer (SSL) with significant assistance from theWeb community.q Although SSL s development was open, and Netscape encouraged others in the

industry to participate, the protocol technically belonged to Netscape.

n Beginning in May 1996, however, SSL development became theresponsibility of the Internet Engineering Task Force (IETF).

n The IETF renamed SSL to Transport Layer Security (TLS).q The final version of the first official TLS specification was released in January

1999.

n Despite the change of names, TLS is nothing more than a newversion of SSL.q In fact, there are far fewer differences between TLS 1.0 and SSL 3.0 than there

are between SSL 3.0 and SSL 2.0.




27/39

T LS/SSLbasics

n Protocol suite that allows to establish an end-to-end secure channel:

q Confidentiality: by encryption using DES, 3DES, RC2, RC4, IDEA.

q Integrity: by computing a MAC and send it with the message; MD5,SHA1.

q Key exchange: by publ ic key encryptionn Defines how the characteristics of the channel are negotiated

q key establishment, encryption cipher, authentication mechanism

n Requires reliable end-to-end protocol, so it runs on top of TCP

n Typically, used by other session protocols (HTTPS )

n Several implementations:q e.g. SSLeay, open source implementation (www.openssl.org)




28/39

TLS: Protocol Architecture



} 2 layer protocol


29/39

Session and Connection

n Session

q association between a client and a server

q created by the Handshake Protocol

q defines secure cryptographic parameters that canbe shared by multiple connections.

n Connection

q

end-to-end reliable secure communicationq every connection is associated with a session




30/39

n Session identifier: generated by the server to identify anactive or resumable session.

n Peer certificate: X 509v3 certificate.

n Compression method: algorithm used to compress thedata before encryption.

n Cipher spec: encryption and hash algorithm, includinghash size.

n Master secret: 48 byte secret shared between the clientand server.

n Is resumable: indicates if the session can be used toinitiate new connections.




31/39

Connection

n Server and client random: chosen for each connection.

n Server write MAC secret: shared key used to computeMAC on data sent by the server.

n Client write MAC secret: same as above for the clientn Server write key: shared key used by encryption when

server sends data.

n Client write key: same as above for the client.

n

Initialization vector: initialization vectors required byencryption.

n Sequence numbers: both server and client maintainssuch a counter to prevent replay, cycle is 264 - 1.


http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22


32/39

TLS: SSL Record Protocoln Provides confidentiality and message integrity using shared keys

established by the Handshake Protocol




33/39

TLS: Handshake Protocol

n Negotiate Cipher-Suite Algorithms to use

q Symmetric cipher

q Key exchange method

q Message digest function

n Establish the shared master secret

n Optionally authenticate server and/or client




34/39

Handshake:

At a glance




35/39

Handshake: Hellos messages

n Client_hello_message has parameters:

q Version

q Random: timestamp + 28-bytes random

q Session ID

q CipherSuite: cipher algorithms supported by the client, first is keyexchange

q Compression method

n Server responds with the same

n Client may request use of cached sessionq Server chooses whether to accept or not




36/39

Handshake: Key Exchange

n Supported key exchange methods:

n RSA: shared key encrypted with RSA public key

n Fixed Diffie-Hellman; public parametersprovided in a certificate

n Ephemeral Diffie-Hellman: the best; Diffie-Hellman with temporary secret key, messagessigned using RSA or DSS

n Anonymous Diffie-Hellman: vulnerable to man-inthe-middle




37/39

TLS: Authentication

n Verify identities of participants

q Client authentication is optional

q Certificate is used to associate identity with public

key and other attributes




38/39

TLS: Change Cipher Spec/Finished

n Change Cipher Spec completes the setup of theconnections.

n Announce switch to negotiated algorithms and

values

n The client sends a message under the newalgorithms, allows verification of that thehandshake was successful




39/39

TLS vs. IPSEC

n Security goals are similar

n IPSec more flexible in services it provides,decouples authentication from encryption

n Different granularity: IPSec operates betweenhosts, TLS between processes



7.network security

Documents