cse 331: introduction to networks and security fall 2000 instructor: carl a. gunter slide set 7
TRANSCRIPT
![Page 1: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/1.jpg)
CSE 331: Introduction to Networks and Security
Fall 2000Instructor: Carl A. Gunter
Slide Set 7
![Page 2: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/2.jpg)
Secure Socket Layer (SSL)
Session protocol with: Server authentication. Client authentication optional. Integrity checksum. Confidentiality.
Possibly the most important security-related ecommerce protocol.
Connection sets up security parameters.
Many sessions possible within a given connection.
![Page 3: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/3.jpg)
Network Layer Security
HTTP FTP SMTP
TCP
IP/IPSec
![Page 4: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/4.jpg)
Transport Layer Security
HTTP FTP SMTP
TCP
IP
SSL or TLS
![Page 5: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/5.jpg)
Application Layer Security
S/MIME PGP SET
TCP
IP
SMTP HTTP
UDP
Kerberos
![Page 6: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/6.jpg)
SSL Protocol Stack
TCP
IP
SSL Record Protocol
HandshakeChange
Cipher SpecAlert HTTP
![Page 7: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/7.jpg)
SSL Record
ContentType
MajorVersion
MinorVersion
Length
Payload
![Page 8: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/8.jpg)
Content Types
Handshake
Change Cipher Spec
Alert
Opaque Content
Type Length Content
1 byte 3 bytes 0 bytes
1
Level Alert
Higher-Level Protocol Content
1 byte
1 byte 1 byte
1 bytes
![Page 9: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/9.jpg)
Creating Opaque Content
Begin with application data. Fragment it into blocks of 2**14
bytes or less. Optionally compress the fragments. Add a message authentication code
(MAC) to the compressed data to ensure integrity.
Encrypt the data to ensure confidentiality.
Add SSL record header (4 fields).
![Page 10: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/10.jpg)
What Is Needed?
Negotiation of cryptographic protocols.
Initial authentication. Key exchange to set up:
Bulk encryption. MAC.
![Page 11: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/11.jpg)
How is this Done?
The handshake protocol negotiates the protocols to be used for authentication and bulk encryption.
The handshake protocol carries out initial authentication.
The handshake protocol establishes a 48 byte pre-master secret. Client and server use this to derive a 48 byte
master secret. The master secret is used to generate a key
block of sufficient length to supply all needed cryptographic parameters.
![Page 12: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/12.jpg)
MAC Calculation
A MAC write secret, MACWS, is extracted from the key block.
A hash function H is selected: either MD5 or SSH.
The MAC is defined as follows.
H( MACWS || pad2 || H( MACWS || pad1 || seq_no || SSLCompressed.type || SSLCompressed.length || SSLCompressed.fragment ))
![Page 13: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/13.jpg)
SSL Key Exchange Protocols
RSA Fixed Diffie-Hellman Ephemeral Diffie-Hellman Anonymous Diffie-Hellman Fortezza
![Page 14: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/14.jpg)
SSL Bulk Encryption Protocols
Protocol (type, key length) IDEA (block, 128) RC2-40 (block, 40) DES-40 (block, 40) DES (block, 56) 3DES (block, 168) Fortezza (block, 80) RC4-40 (stream, 40) RC4-128 (stream, 128)
![Page 15: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/15.jpg)
SSL Handshake Protocol Phases
Establish Security Capabilities Server Authentication and Key
Exchange Client Authentication and Key
Exchange Finish
![Page 16: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/16.jpg)
Establish Security Capabilities
Client Hello
Server Hello
Client Server
Time
![Page 17: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/17.jpg)
Client Hello
1. Highest version number understood by client.
2. 32-bit timestamp and 28-bit nonce.3. Session identifier.
Nonzero value: update parameters of existing connection.
Zero value: new connection and session.
4. CipherSuite list in order of preference. A CipherSuite identifies a key exchange protocol and other parameters.
5. List of compression methods.
![Page 18: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/18.jpg)
CipherSuite
BulkCipherAlgorithm (as given earlier).
MACAlgorithm (SHA-1 or MD5). CipherType (stream or block). IsExportable (true or false). HashSize: 0, 16 (for MD5), or 20 (for
SHA-1) bytes.
![Page 19: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/19.jpg)
Server Hello
1. Highest version number supplied by client and acceptable to server.
2. Time and nonce from server (independent of same from client).
3. Session identifier. If non-zero from client then same value from
server. Otherwise proposed by server.
4. First cipher suite proposed by client and supported by server.
5. First compression method proposed by client and supported by server.
![Page 20: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/20.jpg)
Server Auth & Key Exchange
Server Hello Done
Client Server
Time
Certificate Request
Server Key Exchange
Certificate
Optional
![Page 21: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/21.jpg)
Certificate
List of x.509 certificates. Required for all protocols except
anonymous Diffie-Hellman.
![Page 22: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/22.jpg)
Server Key Exchange
Protocol-dependent keying material. Needed for all except RSA and fixed
Diffie-Hellman. Example: in anonymous Diffie-
Hellman this message consists of a prime number, a primitive root for it, and the Diffie-Hellman public key for the server.
![Page 23: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/23.jpg)
Certificate Request
Requests a certificate type (e.g. DSS for ephemeral Diffie-Hellman).
Specifies a list of certificate authorities.
![Page 24: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/24.jpg)
Server Done
Indicates that all messages in the server authentication phase have been sent and server is now awaiting a client response.
![Page 25: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/25.jpg)
Client Auth & Key Exchange
Client Server
Time
Certificate Request
Client Key Exchange
Certificate
Optional
Optional
![Page 26: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/26.jpg)
Certificate
Client sends an X.509 certificate as requested by server or sends a No Certificate Alert.
![Page 27: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/27.jpg)
Client Key Exchange
Protocol-dependent keying material. Example: In RSA the client generates
a 48 byte secret and encrypts it using the public key of the server (from the Server Key Exchange message).
![Page 28: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/28.jpg)
Certificate Verification
Contains explicit verification of client certificate.
Client signs the hash of a concatenation of the master secret and handshake messages.
![Page 29: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/29.jpg)
Client Auth & Key ExchangeClient Server
Time
Change Cipher Spec
Finish
Change Cipher Spec
Finish
![Page 30: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/30.jpg)
Client and Server
The Change CipherSpec message causes the CipherSpec to become active. This is not a handshake record, but a record in the Change CipherSpec protocol.
Each party sends the Finished message under the new CipherSpec.
The message contains hashes using MD5 and SHA-1 containing the master secret and the handshake messages.
![Page 31: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/31.jpg)
Master Secret
The Master Secret is computed from the Pre-Master Secret as follows:
MasterSecret = MD5( PreMasterSecret || SHA(“A” || PreMasterSecret || ClientHello.random || ServerHello.random)) || MD5( PreMasterSecret || SHA(“BB” || PreMasterSecret || ClientHello.random || ServerHello.random)) || MD5( PreMasterSecret || SHA(“CCC” || PreMasterSecret || ClientHello.random || ServerHello.random))
![Page 32: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/32.jpg)
Cryptographic Parameters
The remaining cryptographic parameters are computed by iterating the following pattern.
KeyBlock = MD5( MasterSecret || SHA(“A” || MasterSecret || ClientHello.random || ServerHello.random)) || MD5( MasterSecret || SHA(“BB” || MasterSecret || ClientHello.random || ServerHello.random)) || MD5( MasterSecret || SHA(“CCC” || MasterSecret || ClientHello.random || ServerHello.random)) ||
![Page 33: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/33.jpg)
Cryptographic Parameters
Client write MAC secret. Server write MAC secret. Client write key. Server write key. Client write IV. Server write IV.
![Page 34: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/34.jpg)
Alerts
Unexpected message. Bad MAC. Decompression failure. Handshake failure, unable to
negotiate an acceptable set of security protocols.
Illegal parameter in handshake message.
Close notify.
![Page 35: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/35.jpg)
Alerts, Continued
No certificate. Bad certificate. Unsupported certificate. Certificate revoked. Certificate expired. Certificate unknown: an unspecified
issue arose in certificate verification.
![Page 36: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/36.jpg)
Electronic Commerce
Electronic data interchange. Some illustrative scenarios. Tools supporting ecommerce. Public key infrastructure.
![Page 37: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/37.jpg)
EDI
Electronic data interchange (EDI) is a format for computer-to-computer business exchanges like: Purchase orders, Invoices, Payment advices.
Standards. ANSI x12. United nations economic commission for
Europe: EDI for administration, commerce, and transport (EDIFACT).
![Page 38: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/38.jpg)
EDI on the Internet
Early use of EDI was mainly on Value Added Networks (VAN’s) based primarily on dedicated and dailup links, and terminal emulation.
Internet offers a lower cost option and more flexibility. Connecting VAN’s to the Internet. Using electronic messaging (MIME).
![Page 39: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/39.jpg)
E-Commerce and Security
Security is the primary technical issue for expanding electronic commerce.
Cryptography is one tool among many for achieving the necessary guarantees.
Approaches to e-commerce must be delivered using widely-accepted tools and techniques.
![Page 40: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/40.jpg)
Secure E-Mail
Privacy Enhanced Mail (PEM). MIME Object Security Services
(MOSS). S/MIME. (Applying PKCS #7 to MIME
body parts.) ITU X.400 secure messaging
protocols. (Not compatible with Internet messaging.)
Message Security Protocol (MSP). (Comprehensive set of DoD protocols.)
![Page 41: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/41.jpg)
Web Security
Secure Socket Layer (SSL). Secure HTTP (S-HTTP).
Request/response protocol. https:// versus shttp://
![Page 42: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/42.jpg)
Mobile or Downloadable Code
Java. Protection via language runtime system
guarantees. ActiveX. Microsoft Authenticode.
![Page 43: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/43.jpg)
Other Protocols
EDI security: ANSI X12.58 or S/MIME. Secure Electronic Transaction (SET).
Visa and MasterCard. CyberCash. Intermediary between
Web-based merchants and credit card banks.
CheckFree. Electronic checks. First Virtual. Credit card payments
via email.
![Page 44: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/44.jpg)
Public Key Infrastructure
Mutual authentication of participants in a transaction requires a system of identities.
Principals are identified by public keys.
These keys can be used for authentication, but only if “spoofing” is prevented.
A PKI provides a basis for establishing trust.
![Page 45: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/45.jpg)
PKI Systems
ITU X.509 (viz. IETF PKIX). PGP “web of trust”. DNS sec. Simple public key infrastructure
(SPKI - IETF alternative to X.509). QCM (Web-like system from
Penn/AT&T).
![Page 46: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/46.jpg)
X.509
Part of the X.500 series of standards: the ISO/ITU Directory.
Originally intended to support access control for the directory as part of the Directory Access Protocol (DAP).
Dominant candidate now for PKI to support electronic commerce, although adoption has been slow.
![Page 47: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/47.jpg)
X.509 Certificates
X.509 certificates bind a subject to a public key.This binding is signed by a Certificate Authority (CA).
Subject Name
Subject Public Key
CA Name
CA Signature
Subject Name
Subject Public Key
CA Name
CA Signature
![Page 48: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/48.jpg)
Chaining
Pennsylvania CA
Pennsylvania CA Key
USA CA
Philly CA
Philly CA Key
Pennsylvania CA
Joe Smith
Joe’s Key
Philly CA
Subject
Subject’s Key
Issuer
![Page 49: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/49.jpg)
Certificate Distribution
Certificate accompanying signature. Directory service.
DAP. LDAP. DNS SEC.
Email (S/MIME and MOSS). Primary technique: cut and paste
from web pages!
![Page 50: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/50.jpg)
X.509 Certificate Format (v3)
Required fields. Optional fields.
![Page 51: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/51.jpg)
Required Fields
Version of format (1,2, or 3 currently). Serial number. Signature algorithm identifier.
Examples: DSS with SHA hash. RSA with MD5 hash.
Issuer (CA) X.500 name. Validity period (start and expiry
times).
![Page 52: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/52.jpg)
Required Fields, Continued
Subject X.500 name. Subject public key information.
Algorithm identifier. Public key value.
Issuer signature.
![Page 53: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/53.jpg)
Optional Fields
Issuer unique identifier. Subject unique identifier. Extensions.
Extension type. Critical/Non-critical. Extension field value.
![Page 54: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/54.jpg)
Certificate Revocation Lists
Sometimes it is necessary to terminate certificates before their expiration time.
How does the relying party know that the certificate has been revoked?
Mitre report for NIST suggests certificate revocation will be the largest maintenance cost for PKI’s.
Many distribution strategies proposed.
![Page 55: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/55.jpg)
Semantics of CRL’s
Three certificates.1. Q says P is the public key of Alice.2. R says P is the public key of Alice.3. Q says R is the public key of Bob.
Three kinds of revocation.1. P is not the public key of Alice. (3 not
2.)2. Q no longer vouches for whether P is the
public key of Alice. (2 and 3.)3. The key of Q has been compromised. (2
not 3.)1998 Fox and LaMacchia
Revoke
![Page 56: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/56.jpg)
The Future
Strong market trend towards using public keys and certificates.
Many PKI security vendors arriving on the market.
None of these widely used.
![Page 57: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/57.jpg)
The Future, Continued
Export problems continue. Large-scale CA hierarchies analogous
to DNS have not emerged. PKI’s have very limited use
compared to potential. Will this change?
![Page 58: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/58.jpg)
Network Security
Here are some of the reasons that networks have security problems: Sharing Complexity Unknown perimeter Many points of attack Anonymity Unknown paths
![Page 59: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/59.jpg)
What are the Threats?
Interception of data in transit Access to programs or data at
remote hosts Modification of programs or data
remote hosts Modification of data in transit Insertion of communications
impersonating a user
![Page 60: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/60.jpg)
Threats, Continued
Insertion of a repeat of a repeat of a previous communication
Blocking of selected traffic Blocking of all traffic Running a program at a remote host.
![Page 61: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/61.jpg)
Layers for Encryption
Link Network Transport Application
![Page 62: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/62.jpg)
Division of Labor in the Internet
Hosts
Routers
Networks
![Page 63: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/63.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
TCP/IP Protocol Stack
Host HostRouter Router
![Page 64: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/64.jpg)
Message Processing Sequence
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
![Page 65: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/65.jpg)
Encapsulation
LinkLink IP TCP Application
Link Layer Frame
Network LayerHeader
Transport LayerHeader
Application LayerPayload
![Page 66: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/66.jpg)
Link Layer Encryption
LinkLink IP TCP Application
Encrypted
![Page 67: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/67.jpg)
Network Layer Encryption
LinkLink IP TCP Application
LinkLink New IP TCP ApplicationKey ID IP
Encrypted
![Page 68: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/68.jpg)
Transport Layer Encryption
LinkLink IP TCP Application
LinkLink IP TCP ApplicationKey ID
Encrypted
![Page 69: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/69.jpg)
Transport Layer Security Protocol
Link
Network
TLSP
App2
Link
Network
TLSP
Link
Network
Link
Network
App1 App2App1
Transport Transport
![Page 70: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/70.jpg)
Application Layer Encryption
LinkLink IP TCP Application
LinkLink IP TCP ApplicationKey ID
Encrypted
![Page 71: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/71.jpg)
Message Processing Sequence
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
App2 Sec App2 Sec
![Page 72: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/72.jpg)
Link Layer Encryption
Advantages: transparent to applications hardware solution possible
Disadvantages: encryption hop-by-hop
![Page 73: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/73.jpg)
IP Layer Encryption
Advantages transparent to applications amenable to hardware
Disadvantages routing more complex
![Page 74: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/74.jpg)
Transport Layer Encryption
Advantages transparent to applications
Disadvantages probably implemented in software
![Page 75: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/75.jpg)
Application Layer Encryption
Advantages: customize to application no special protocol stack required:
transparent to networking Disadvantages:
hard to share between applications
![Page 76: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/76.jpg)
Firewalls
GatewayInside Outside
Filter Filter
Filters protect against “bad” packets.A gateway machine restores needed services.Protect services offered internally from outside access.Provide outside services to hosts located inside.
![Page 77: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/77.jpg)
Possible Firewall Architecture
Hosts
Routers
Networks
Internal Network
External Network
Gateway
DMZ
Filtering Routers
“Demilitarized Zone”
![Page 78: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/78.jpg)
Benefits of Firewalls
Increased security for internal hosts. Reduced amount of effort required to
counter break ins. Possible added convenience of
operation within firewall (with some risk).
Reduced legal and other costs associated with sponsoring hacker activities.
![Page 79: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/79.jpg)
Costs of Firewalls
Hardware purchase and maintenance
Software development or purchase, and update costs
Administrative setup and training, and ongoing administrative costs and trouble-shooting
Lost business or inconvenience from broken gateway
Loss of some services that an open connection would supply.
![Page 80: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/80.jpg)
Firewall Placement
![Page 81: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/81.jpg)
Kinds of Firewalls
Filtering: operates by filtering based on packet headers
Circuit: operates at the level of TCP Application: operates at the level of
the application
![Page 82: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/82.jpg)
Filtering Firewalls
Filtering can take advantage of the following information from network and transport layer headers: Source Destination Source Port Destination Port Flags
![Page 83: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/83.jpg)
IPv4 Packet Format
IPv4 (Version field set to “4”)
Version Hlen TOS Length
Ident Flags Offset
TTL Protocol Checksum
SourceAddr
DestinationAddr
Options(variable length) Pad
Other Headersand Payload
![Page 84: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/84.jpg)
TCP and UDP packets
Protocols support O.S. “port numbers”:
SrcPort DstPort
Checksum Length SequenceNum
SrcPort DstPort
Options (variable)
Checksum UrgPtr
HL 0 Flags Advert.Wind.
Acknowledgment
Other Headersand Payload
UDP TCP
Other Headersand Payload
![Page 85: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/85.jpg)
Three-Way Handshake
![Page 86: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/86.jpg)
TCP State Transitions
![Page 87: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/87.jpg)
Ports
Ports are used to distinguish applications and services on a machine.
Low numbered ports are often reserved for server listening.
High numbered ports are often assigned for client requests.
Port 7 (UDP,TCP): echo server
Port 13 (UDP,TCP): daytime
Port 20 (TCP): FTP data Port 21 (TCP): FTP control Port 23 (TCP): telnet Port 25 (TCP): SMTP Port 79 (TCP): finger Port 80 (TCP): HTTP Port 123 (UDP): NTP Port 2049 (UDP): NFS Ports 6000 to 6xxx (TCP):
X11
![Page 88: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/88.jpg)
Filter Example
Action ourhost port theirhost port commentblock * * SPIGOT * we don’t trust these peopleallow GW 25 * * connect to our SMTP port
Action ourhost port theirhost port commentblock * * * * default
Apply rules from top to bottom with assumed default entry:
Bad entry intended to allow connections to SMTP from inside:
Action ourhost port theirhost port commentallow * * * 25 connection to their SMTP
This allows all connections from port 25, but an outside machinecan run anything on its port 25.
![Page 89: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/89.jpg)
Filter Example Continued
Action src port dest port flags commentallow {our hosts} * * 25 our pkts to their SMTPallow * 25 * * ACK their replies
Permit outgoing calls to port 25.
![Page 90: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/90.jpg)
When to Filter
Router
Inside Outside
![Page 91: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/91.jpg)
On Input or Output
Filtering on output can be more efficient since it can be combined with table lookup of the route.
However, some information is lost at this stage such as the physical input port on which the packet arrived.
This can be useful information to prevent address spoofing.
Filtering on input can protect the router itself.
![Page 92: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/92.jpg)
Recommend: Filter ASAP
Action src port dest port commentblock SPIGOT * * * we don’t trust themallow * * GW 25 connect to our SMTPallow GW 25 * * our reply packets
Action src port dest port commentblock * * SPIGOT * subtle differenceallow * * GW 25 connect to our SMTPallow GW 25 * * our reply packets
Is preferred over:
![Page 93: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/93.jpg)
Example of a Pitfall
Filter output to allow incoming and outgoing mail, but prohibit all else.
Apply this output filter set to both interfaces of the router. Does it work?
Unintended consequence: allows all communication on high numbered ports!
Action dest port commentallow * 25 incoming mailallow * >= 1024 outgoing responsesblock * * nothing else
Router
Inside Outside
![Page 94: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/94.jpg)
Router
Net 1
Outside
Larger Example
Gateway
Net 2
Net 3
AB
![Page 95: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/95.jpg)
Security Policy
Very limited connections through the router between GW and the outside world.
Very limited, but possibly different, connections are permitted between GW and anything in Net 2 or Net 3.
Anything can pass between Net 2 and Net 3.
Outgoing calls only are allowed between Net 2 or Net 3 and the outside world.
![Page 96: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/96.jpg)
Using Input Filters
This is very difficult or impossible to achieve with output filtering only.
Example: how can output filters be used to ensure that a spoofed source from the outside does not make it appear that the packet goes from Net 2 to Net 3?
![Page 97: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/97.jpg)
Filter on Input to Interface A
Action src port dest port flags commentblock {net 1} * * * * block forgeriesblock {net 2} * * * *block {net 3} * * * *allow * * GW 25 legal calls to usallow * * {net 2} * ACK replies to our callsallow * * {net 3} * ACK
![Page 98: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/98.jpg)
Filter on Input to Interface B
Action src port dest port flags commentallow GW * {partners} 25 mail relayallow GW * {net 2} * ACK replies to inside callsallow GW * {net 3} * ACKblock GW * {net 2} * stop other GW callsblock GW * {net 3} *allow GW * * * let GW call the world
![Page 99: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/99.jpg)
Doing it with Output Filtering
For a two-port router, input filtering on one port is the same asoutput filtering on the other.
RouterXY
Use two routers!
![Page 100: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/100.jpg)
Two Routers, Same Rules
Router
Outside
Gateway
Net 2
Net 3
A
BRouter
![Page 101: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/101.jpg)
Application Level Gateways
The gateway acts as an intermediary at the level of the application, receiving outgoing commands, relaying them, obtaining responses and relaying them back to the source.
Mail gateways are a typical example. Very strong control over security, but Special purpose software is required.
![Page 102: CSE 331: Introduction to Networks and Security Fall 2000 Instructor: Carl A. Gunter Slide Set 7](https://reader035.vdocument.in/reader035/viewer/2022070410/56649ec65503460f94bd1ce3/html5/thumbnails/102.jpg)
Circuit Level Gateways
Caller connects to a TCP port on the gateway and the gateway connects to a TCP port on the other side. It relays bytes, acting like a wire.
More general-purpose than application-level but allows finer control than filtering only.
Example: valuable logs of connections can be kept.