7.network security
TRANSCRIPT
-
8/2/2019 7.Network Security
1/39
Information Security
Van K Nguyen - HUT
Network Security
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
2/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 2
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
3/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 3
Attacks against TCP
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
4/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 4
Transmission Control Protocol - TCP
n Connection oriented protocol for a userprocess
q Reliable, full-duplex channel: acknowledgements,retransmissions, timeouts
q The packets are delivered in the same order
n Congestion control mechanisms
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
5/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 5
TCP 3-wayhandshake
n The sequence number
x and y are randomvalues that the otherside need to ack byincrement (x+1 or y+1)
n The connection onlyfully opened whenserver-side receivedclient s ack
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
6/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 6
SYN Attack
n An attacker sends flood of SYNs with sourceaddress spoofed packets to a target.
n If the limit is reached, target machine will refuse any
incoming connections till the timeout expiresq The server send the SYN-ACK to the falsified IP address,
and thus never receive the ACK
n Server wait for ACK for some time, as simple networkcongestion could also be the cause of the missing ACK.
n Spoofed address chosen to be a non-existent one
q If the spoofed address belongs to a machine, then what ?
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
7/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 7
Why it works?
n There is no authentication of the source ofthe packets
n
Addresses can be easily spoofedn Server needs to allocate a lot or resources
while client doesn t
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
8/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 8
Some measurements to the SYN attack
n Configuration Optimization
q At the server
n Reduce the timeout to 10 seconds
n Increase the size of the queue
n Disable non-essential services, reducing the number ofports to be attacked
q At all routers in the Internet
n Block packets to the outside that have source addressesfrom outside the internal network
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
9/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 9
Some measurements to the SYN attack
n Using firewall as relay/gateway
q Firewall acts in between, receive then forward the SYNpacket to server
q Firewall send fake ACK to server, then wait a little timeoutthen send RST to server if no real ACK coming.
n Active Monitoring
q Monitor the TCP traffic within a local area network andfigure out which ones are illegitimate connections.
q Send RST for the illegitimate connections to close them
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
10/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 10
TCP Congestion Control
n Source determines how much bandwidth is availablefor it to send, it starts slow and increases thewindow of send packet based on ACKS.
n ACKS are also used to control the transmission ofpackets.
n Uses Additive Increase Multiplicative Decrease(AIMD)
n Uses Retransmission Timeout (RTO) to avoidcongestion
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
11/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 11
TCP Congestion Control
n All the attacker needs todo is generate a TCPflow to force the targetedTCP connection to
repeatedly enter aretransmission timeoutstate
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
12/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 12
IPsec:secure communication for the IP layer
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
13/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 13
Intro
n Internet Protocol Security (IPsec) is a protocolsuite for securing Internet Protocol (IP)communications by authenticating and encryptingeach IP packet of a data stream.q Authentication/integrity
q Confidentiality
q Protection against replayed packets
n Transparent to applications
q below transport layer (TCP, UDP)n IETF IPSEC Working Group
q Documented in RFCs and Internet drafts
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
14/39
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 14
Basics on IPSec
n Protocols
q Internet key exchange (IKE): set up a security association (SA)with encryption and authentication keys to be used.
q Authentication Header (AH): provides integrity and authenticationwithout confidentiality
q Encapsulating Security Payload (ESP): provides confidentialityand can also provide integrity and authentication
n Both AH/ESP can operate on two different modes
q Transport-mode: encapsulates an upper-layer protocol (e.g. TCPor UDP) and prepends an IP header in clear
q Tunnel-mode: encapsulates an entire IP datagram into newpacket adding a new IP header
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
15/39
Transport mode
n ESP in Transport Mode
q encrypts and optionally authenticates the IP payload(data), but not the IP header.
n AH in Transport Modeq authenticates the IP payload and selected portions of
the IP header
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 15
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
16/39
Tunnel Mode
n ESP in Tunnel Mode
q encrypts and optionally authenticates the entireinner IP packet, including the inner IP header.
n AH in Tunnel Mode
q authenticates the entire inner IP packet andselected portions of the outer IP header.
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 16
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
17/39
Security Associations
n SA- the basis for building security functions into IP.
n A security association is simply the bundle of algorithmselection and parameters (such as keys) that is beingused to encrypt and authenticate a particular f low in one
direction.q SPI + IP destination address uniquely identifies a particular
Security Association.
n Therefore, in normal bi-directional traf fic, the flows aresecured by a pair of security associations.
q SAs are unidirectional, sender supplies SPI to receiver.
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 17
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
18/39
Authentication Header
n Provides support f or data integrity and authentication(MAC) of IP packets, using HMAC based on MD5 orSHA1.
n Defends against replay attacks (sequence number)
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 18
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
19/39
AH: Preventing Replay
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 19
n When a SA is established, sender initializes sequence counter to 0.n Every time a packet is sent the counter is incremented and is set in
the sequence number in the AH header.
n When sequence number 232 - 1 is reached, a new SA should benegotiated.
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
20/39
AH Authentication: Transport Mode
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 20
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
21/39
AH Authentication: Tunnel Mode
n The new IP header contains different IP addresses thanthe ultimate destination and source
Sep 2009
Information Security by Van K Nguyen
Hanoi University of Technology 21
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
22/39
Encapsulating Security Payload
n ESP provides conf identiality services, optionally can providethe same services as AH
n Encryption: 3DES, Blowfish, CAST, IDEA, 3IDEA
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology22
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
23/39
ESP Encryption and Authentication:
Transport Mode
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology23
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
24/39
ESP Encryption and Authentication:
Tunnel Mode
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology24
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
25/39
TLS/SSL: SECURE END-TO-END COMMUNICATION
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 25
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
26/39
History
n Netscape Communications developed the first three versions ofSecure Socket Layer (SSL) with significant assistance from theWeb community.q Although SSL s development was open, and Netscape encouraged others in the
industry to participate, the protocol technically belonged to Netscape.
n Beginning in May 1996, however, SSL development became theresponsibility of the Internet Engineering Task Force (IETF).
n The IETF renamed SSL to Transport Layer Security (TLS).q The final version of the first official TLS specification was released in January
1999.
n Despite the change of names, TLS is nothing more than a newversion of SSL.q In fact, there are far fewer differences between TLS 1.0 and SSL 3.0 than there
are between SSL 3.0 and SSL 2.0.
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 26
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
27/39
T LS/SSLbasics
n Protocol suite that allows to establish an end-to-end secure channel:
q Confidentiality: by encryption using DES, 3DES, RC2, RC4, IDEA.
q Integrity: by computing a MAC and send it with the message; MD5,SHA1.
q Key exchange: by publ ic key encryptionn Defines how the characteristics of the channel are negotiated
q key establishment, encryption cipher, authentication mechanism
n Requires reliable end-to-end protocol, so it runs on top of TCP
n Typically, used by other session protocols (HTTPS )
n Several implementations:q e.g. SSLeay, open source implementation (www.openssl.org)
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 27
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
28/39
TLS: Protocol Architecture
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 28
} 2 layer protocol
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
29/39
Session and Connection
n Session
q association between a client and a server
q created by the Handshake Protocol
q defines secure cryptographic parameters that canbe shared by multiple connections.
n Connection
q
end-to-end reliable secure communicationq every connection is associated with a session
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 29
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
30/39
n Session identifier: generated by the server to identify anactive or resumable session.
n Peer certificate: X 509v3 certificate.
n Compression method: algorithm used to compress thedata before encryption.
n Cipher spec: encryption and hash algorithm, includinghash size.
n Master secret: 48 byte secret shared between the clientand server.
n Is resumable: indicates if the session can be used toinitiate new connections.
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 30
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
31/39
Connection
n Server and client random: chosen for each connection.
n Server write MAC secret: shared key used to computeMAC on data sent by the server.
n Client write MAC secret: same as above for the clientn Server write key: shared key used by encryption when
server sends data.
n Client write key: same as above for the client.
n
Initialization vector: initialization vectors required byencryption.
n Sequence numbers: both server and client maintainssuch a counter to prevent replay, cycle is 264 - 1.
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 31
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
32/39
TLS: SSL Record Protocoln Provides confidentiality and message integrity using shared keys
established by the Handshake Protocol
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 32
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
33/39
TLS: Handshake Protocol
n Negotiate Cipher-Suite Algorithms to use
q Symmetric cipher
q Key exchange method
q Message digest function
n Establish the shared master secret
n Optionally authenticate server and/or client
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 33
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
34/39
Handshake:
At a glance
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 34
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
35/39
Handshake: Hellos messages
n Client_hello_message has parameters:
q Version
q Random: timestamp + 28-bytes random
q Session ID
q CipherSuite: cipher algorithms supported by the client, first is keyexchange
q Compression method
n Server responds with the same
n Client may request use of cached sessionq Server chooses whether to accept or not
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 35
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
36/39
Handshake: Key Exchange
n Supported key exchange methods:
n RSA: shared key encrypted with RSA public key
n Fixed Diffie-Hellman; public parametersprovided in a certificate
n Ephemeral Diffie-Hellman: the best; Diffie-Hellman with temporary secret key, messagessigned using RSA or DSS
n Anonymous Diffie-Hellman: vulnerable to man-inthe-middle
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 36
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
37/39
TLS: Authentication
n Verify identities of participants
q Client authentication is optional
q Certificate is used to associate identity with public
key and other attributes
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 37
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
38/39
TLS: Change Cipher Spec/Finished
n Change Cipher Spec completes the setup of theconnections.
n Announce switch to negotiated algorithms and
values
n The client sends a message under the newalgorithms, allows verification of that thehandshake was successful
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 38
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22 -
8/2/2019 7.Network Security
39/39
TLS vs. IPSEC
n Security goals are similar
n IPSec more flexible in services it provides,decouples authentication from encryption
n Different granularity: IPSec operates betweenhosts, TLS between processes
Sep 2009Information Security by Van K Nguyen
Hanoi University of Technology 39
http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22http://www.pdfcomplete.com/cms/hppl/tabid/108/Default.aspx?r=q8b3uige22