SlideShare une entreprise Scribd logo

Ip sec and ssl

Télécharger en tant que PPT, PDF
Mohd Arif
Mohd Arif
TechnologieFormation
1  sur  35
IPSec and SSL
Protocol Stack at Outset • What we have to start with HTTP FTP SMTP TCP IP • Can be at just about any point
Where can we put security? HTTP FTP SMTP HTTP FTP SMTP TCP SSL/PCT/TLS AH ESP TCP IP IP Network approach Transport approach SET PGP S-HTTP S/MIME HTTP FTP SMTP TCP TCP IP IP Application approach Presentation approach
IPSec - Network Approach  Sponsored by IETF IPSec working group  Scheduled to be integral component of IPv6  Supports strong authentication and encryption at layer 3  Bi-directional tunnel  Packet filtering is primary access control method  Requires Public Key Infrastructure (PKI)
IP Layer Security • Functionality – AH (Authentication Header): integrity and authenticity – ESP (Encrypted Security Payload): confidentiality, optional authentication & integrity • Security Association (for each pair of hosts): determined by destination IP address and the SPI (Security Parameters Index) – Specification of the crypto methods to be used by SPI – Keys to be used by the crypto methods for that SPI – The hosts and other entities associated with this traffic • Key Management – Manual Keying (required) – Key Management Protocols (in flux)
IPSec AH Packet Format IPv4 AH Packet Format IPv4 Header Authentication Header Higher Level Protocol Data IPv6 AH Packet Format Hop-by-Hop Authentication Higher Level IPv6 Header Other Headers Routing Header Protocol Data IPv6 AH Header Format Next Header Length Reserved Security Parameters Index Authentication Data (variable number of 32-bit words)
IPSec Authentication • SPI: identifies the security association to use for this packet – type of crypto checksum, how large it is, and how it is computed • authentication data – hash of packet contents include IP header as as specified by the transform indicated by the SPI – treat fields which change hop-by-hop (TTL, header checksum) as zero • Keyed MD5 Hash is default MD5 Hash Secret Key Headers and data being sent Key Key
IPSec ESP Packet Format IPv4 ESP Packet Format Unencrypted Encrypted Other IP IP Header ESP Header Encrypted Data Headers ESP Header Format Security Association Identifier Opaque Transform Data, variable length DES + MD5 ESP Format Security Parameters Index (SPI) Initialization Vector (optional) Replay Prevention Field (incrementing count) Payload Data (with padding) Authentication checksum
IPSec Encryption • ESP Modes – Tunnel-mode: payload in a whole IP datagram, mobile-IP – Transport Mode: payload is a higher level IP protocol, e.g., TCP/UDP • DES with CBC is default • Key Management * ISAMKP/Oakley (mandatory) – ISAMKP - association management protocol – Oakley - key management – exchange message(s) to establish long-lived context * Simple Key-Management for Internet Protocols -SKIP (elective)
Header Usage and Security • IPSec standards recommend using the AH to protect the ESP – AH validates both the IP addresses and the message contents • Omitting the ESP – without the ESP, it is possible to eavesdrop on the authenticated data (this is a threat when resusable, secret passwords are used) • Omitting the AH –ESP does not generally protect against modification – ESP is vulnerable to header cut-and-paste attack • attacker takes out the ESP out of packets and inserts a new ESP destined for another machine (when IPSec proxy is used) • another solution is to assign unique security associations to different pairs of communicating hosts (burden on administrators)
IPSec Issues Benefits: Concerns:  Integrated directly into IP  IETF working group stack slow to establish  Uses public key technology consensus  Proposed IETF standard  Client deployment dependent on Microsoft  Security model for IPv6  Competing key  Supports strong management standards authentication and encryption mechanisms  Requirement for public key infrastructure  Expected to be widely deployed in internetworking  Router Vendors are devices central to deployment  Supports only IP traffic  Users vs Addresses
Transport Approach - SSL/TLS • SSL: Secure Sockets Layer TLS: Transport Layer Security • SSL Version 1: Was quickly replaced by SSL v2. Not in use today. • SSL Version 2: Has some security problems. Still supported. • PCT: Microsoft’s response to SSL 2.0. Fixes some problems, but has been supplanted by SSL 3.0. • SSL Version 3: Complete redesign of SSL. Fixed the problems in previous versions and added many features • TLS: Under development IETF standard based on SSL 3.0 with enhancements.
What problem does SSL Solve? • Allows secure communications between two computers, provided that at least one has a certificate trusted by the other (avoids man- in-the-middle when possible). • Isolates application developers from the complexities and dangers of cryptosystem design. • Supports authentication, encryption, and key exchange • Reliable connections via various secure hash functions • Efficient, extendible, easy to integrate, not ASN.1 based, secure, open, interoperable. • End-to-end armored pipe only, not signed letter and sealed envelope model.
A simple SSL-like protocol Problem: A user wants to shop at a merchant’s server -- but the server doesn’t know anything about the user. Phase 1: Handshake to produce a shared secret K. 1. User requests, obtains, and verifies Server’s certificate 2. User creates a 160-bit value K at random 3. User computes K encrypted with server’s public key and sends the result to S. 4. Server decrypts with its private key to recover K. 5. Server hashes K and sends the result to user. 6. User also hashes K and verifies the value from server.
Simple SSL-like protocol, cont Phase 2: Secure communications using a shared secret K. Data to be exchanged is broken into packets. • Prior to transmission, each packet of data is encrypted and MAC’ed (Message Authentication Coded): – Communications are encrypted using K to ensure that data are private from eavesdropping – Communications are MAC’ed using K to ensure that data are secure against tampering and modification • The recipient decrypts the packet and verifies the MAC. An incorrect MAC indicates a fatal error.
SSL Protocols • The handshake Protocol: negotiates the use of new crypto algorithms and keys. • The record protocol: functions as a layer beneath all SSL messages and indicates the encryption and integrity protection being applied to the data. • The alert protocol: when errors have occurred or when a session is being ended.
SSL Handshake: Protocol • Handshake Protocol Goals: – Negotiate security parameters, – Authenticate server to client (server name must match name in certificate to prevent man-in-the-middle attacks) – Authenticate client to server (if requested by server), – Create a secret (the “Master Secret” shared between the participants) • Negotiated protocol parameters – Protocol version (e.g., SSL 3.0, TLS 3.1, etc.) – CipherSuite (crypto algorithms, etc. ) – Compression method (e.g., none)
SSL Handshake: CipherSuite • The CipherSuite defines the cryptographic algorithms, key sizes, etc • CipherSuite Parameters: – Encryption Algorithm: none, RC4-40, RC4-128, RC2-40, IDEA-128, DES-40, DES, TripleDES – Public Key algorithm: RSA, Fortezza, or Diffie-Hellman (with RSA, DSS, or, no certificates* ) – Hash Function: MD5, SHA * Certificate-less handshakes are vulnerable to man-in-the-middle attacks. In some environments, anonymous Diffie-Hellman is helpful -- but in most cases, any support for anonymous ciphersuites would be a massive security flaw
Client SSL Handshake: Steps Server 1. Client sends ClientHello message. 2. Server acknowledges with ServerHello message. 3. Server sends its certificate. Server Certificate MasterSecret 4. Server requests client’s certificate 5. Client sends its certificate. Server’s 6. Client sends ClientKeyExchange message Private Key Server’s Public Key 7. Client sends a Certificate Verify message. Digital Signature 8. Both send ChangeCipherSpec messages. 9. Both send Finished messages.
SSL Handshake:Resuming Sessions • Goal: minimize the number of SSL handshakes since: – Private key operations take server time – Network round trips are slow (2 per handshake) • If two parties have recently communicated, they already have a shared master. If both parties agree, the old master secret can be reused. This is called resuming a session. • A Hack: Adding state to a stateless protocol (http) • Resuming can be done even if the parent session is still alive to split sessions (e.g., to have 4 simultaneous connections, do the handshake once then “resume” three new sessions).
SSL Record Layer • Defines how application SSL ciphertext data (payload) is: MAC Content Padding – broken into packets SSL compressed – encrypted and decrypted SSL Plaintext – MAC’ed and verified Real application data • Record Layers: • Four keys are used and – SSL Plaintext - type, SSL derived from the MasterSecret: version, length, data – Server write key – SSL compressed - – Client write key compressed (SSL plaintext) – Server write MAC secret – SSL Ciphertext - encrypted (MAC and SSLcompressed) – Client write MAC secret
Strengths of the SSL • Bruteforce Attack – 128 bits or more can be said to be safe in the foreseeable future. • Dictionary Attack – for instance, take HTTP “get” command and use every possible key to precompute encrypted form of the plaintext. – SSL protects by having very large key spaces (even export version is actually 54 bit with 88 bits disclosed) • Replay Attack – Attack works by rerunning the messages sent earlier – SSL defeats it by using a 128-bit nonce value that is unique to that connection • Man-In-the-Middle Attack – SSL uses signed certificates to authenticate the server’s public key
Weaknesses of the SSL • Using weak encryption when strong is required Does not work with export version
Weaknesses of the SSL, cont • Certificate problems – not signed by a trusted Certificate Authority – expired certificates (No certificate revocation list (CRL) in spec!) – Only real server authentication is that the DNS name in the URL matches the name in the certificate – if you are fooled into using a wrong name (www.isbankasi.com.tr instead of www.isbank.com.tr) you’ll never know • Only using SSL for forms not all or most of your site – no caching of SSL by default therefore performance issues – what’s wrong with this picture: https://www.company.com/order_form.cgi <FORM ACTION=http://www.company.com/process_order.cgi METHOD=POST>
Web Spoofing • Web spoofing is pretending to be somebody else’s web site • Allows traffic to be intercepted and changed • All Web traffic must pass through attacker’s proxy – somebody puts a false link in a popular Web page – by choosing DNS name very close to the real one (www.isbankasi.com.tr instead of www.isbank.com.tr) • Users must be careful to detect it • Can NOT be stopped -- even with SSL – unless you are using client side certificates (which hardly anybody is)
Web Spoofing you.com good.com Browser WWW Server Link 2 4 bad.com http://bad.com/http://good.com/file 7 WWWserver 5 Modified URL 1 Call good.com to get file 3 Change data in the http://good.com/file copy of file 6 Normal URL Return to you.com
Web Transaction Security • Security Objectives – Protect transactions against attack on the Internet – ensure security without prior arrangements between customers and vendors – Apply crypto protections selectively as needed – The receiving host must be protected from attack by incoming messages • Basic issues – Widely available, user-friendly transaction protocol (HTTP) – Authenticating the customer and vendor – Key management with naive users – Liability with bogus transactions
Web Transactions • Three key elements – forms: Web pages with HTML functions to collect data from the user – the POST command: transmits the collected data values to the server – CGI Scripts: programs that process submitted data and return a Web page • Web Form Security Services – Transaction Integrity – Customer Authentication – Vendor Authentication – Transaction Secrecy
Security Alternatives for Web forms • Alternative security techniques: – Protection with passwords – Network Security (IPSec) – Connection Security (SSL) – Application Security (secure HTTP) –Java Applets with SSL • Protection with passwords – no crypto protection, must be restricted to low-risk applications – vulnerable to password sniffing – but available and easy to implement – provides only customer authentication
Security Alternatives, cont • Network-level security (IPSec): – provides all-or-nothing security • it is inefficient to apply crypto to all Web traffic • increases the risk of bogus transactions if it encrypts everything – blocks access to hosts that don’t support it or don’t have a security association with the server – key management is problem for arbitrary Internet customers and vendors • both client and server are assumed to have their own public keying material and that it has been validated by a third party – client authentication relies on user’s IP address
Security Alternatives, cont • Transport-level Security (SSL): – better control over when security measures are used • a Web browser can choose whether a particular connection is going to use SSL • using separate port number gives both the client and server some control over what traffic is protected and what traffic moves fast – all four of the protections are provided – transport layer crypto can pose architectural problems in some applications • crypto activities will be hidden from the application by an interface • SSL software must be integrated into the application for better crypto monitoring – everything that passes through SSL connection is encrypted • crypto security measures are only applied to the data in transit and are lost once a connection is closed
Security Alternatives, cont • Application-level Security (SHTTP) – all four of the protections are provided – application protocol yields the best security results • the protocol can define security very specifially in terms of the application’s activities e.g., an application could handle a message containing digital signatures by several different agents and make decisions based on who signed what, or optimize the application of crypto services to different parts of a large message – SHTTP can define crypto services for individual Web pages • each page can carry its own crypto checksum or digital signature • individually encrypted pages can be published on any Web server and still be read by those with authorized keys • signed pages can be reliably authenticated regardless of how they are replicated and distributed
SSL-enabled Client 1. Implement the latest version of the SSL protocol. 2. Implement a good RSA key exchange. 3. Support a few effective secret key ciphers. 4. Disable any inadequate crypto (e.g., 40 bits or 56 bits). 5. Ensure interoperability with SSL servers. 6. Provide a clear indication when SSL is working. 7. Protect against theft. 8. Support hardware crypto modules as well as software. 9. Block or restrict downloaded executable contents. 10. Use pre-installed public keys to validate server certificate. 11. SSL client authentication. 12. Support additional server authority keys.
SSL-enabled Server 1. Security on the server host must be as tight as possible. 2. Implement the latest version of the SSL protocol. 3. Implement a good RSA key exchange. 4. Support a few effective secret key ciphers. 5. Configure the secret key length to the application. 6. Provide server event logging. 7. Protect against host subversion. 8. Enforce SSL client authentication. 9. Do not share directories and files between http and https server. 10. If more than one option is available, always choose the latest version and strongest ciphersuite.
References  Material compiled by Stephen Hayne and Randy Marchany

Recommandé

Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
IPsec
IPsecIPsec
IPsec
abdullah roomi
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
davisli
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
Aditya Nama
 

Recommandé

Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
IPsec
IPsecIPsec
IPsec
abdullah roomi
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
davisli
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
Aditya Nama
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
Devang Badrakiya
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
Al Imran, CISA
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
Ram Dutt Shukla
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Pina Parmar
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
Pagina ftp http direccion estacion udec
Pagina ftp http direccion estacion udecPagina ftp http direccion estacion udec
Pagina ftp http direccion estacion udec
Javier Fernandez Castillo
 
Tcp
TcpTcp
Tcp
Deepa Rani
 

Contenu connexe

Tendances

BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 

Tendances (20)

What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
IP Security
IP SecurityIP Security
IP Security
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 

En vedette

Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
Sagar Mali
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
keithrozario
 
Network Fundamentals: Ch3 - Application Layer Functionality and Protocols
Network Fundamentals: Ch3 - Application Layer Functionality and ProtocolsNetwork Fundamentals: Ch3 - Application Layer Functionality and Protocols
Network Fundamentals: Ch3 - Application Layer Functionality and Protocols
Abdelkhalik Mosa
 

En vedette (20)

Pagina ftp http direccion estacion udec
Pagina ftp http direccion estacion udecPagina ftp http direccion estacion udec
Pagina ftp http direccion estacion udec
 
Tcp
TcpTcp
Tcp
 
Statutes and codes of HTTP
Statutes and codes of HTTPStatutes and codes of HTTP
Statutes and codes of HTTP
 
Laporan Pendahuluan dan Resmi FTP dan HTTP
Laporan Pendahuluan dan Resmi FTP dan HTTPLaporan Pendahuluan dan Resmi FTP dan HTTP
Laporan Pendahuluan dan Resmi FTP dan HTTP
 
NSN HSDPA Parameters
NSN HSDPA ParametersNSN HSDPA Parameters
NSN HSDPA Parameters
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
OSI and TCP/IP Reference Model - Ramesh Kumar, Convergence Labs
OSI and TCP/IP Reference Model - Ramesh Kumar, Convergence LabsOSI and TCP/IP Reference Model - Ramesh Kumar, Convergence Labs
OSI and TCP/IP Reference Model - Ramesh Kumar, Convergence Labs
 
Jaimin chp-7 - application layer- 2011 batch
Jaimin chp-7 - application layer- 2011 batchJaimin chp-7 - application layer- 2011 batch
Jaimin chp-7 - application layer- 2011 batch
 
Oracle database - Get external data via HTTP, FTP and Web Services
Oracle database - Get external data via HTTP, FTP and Web ServicesOracle database - Get external data via HTTP, FTP and Web Services
Oracle database - Get external data via HTTP, FTP and Web Services
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
Zte umts load-monitoring and expansion guide
Zte umts load-monitoring and expansion guideZte umts load-monitoring and expansion guide
Zte umts load-monitoring and expansion guide
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Network Fundamentals: Ch3 - Application Layer Functionality and Protocols
Network Fundamentals: Ch3 - Application Layer Functionality and ProtocolsNetwork Fundamentals: Ch3 - Application Layer Functionality and Protocols
Network Fundamentals: Ch3 - Application Layer Functionality and Protocols
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Drive test learning
Drive test learningDrive test learning
Drive test learning
 

Similaire à Ip sec and ssl

Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
NYversity
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544
Hfz Mushtaq
 

Similaire à Ip sec and ssl (20)

Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
The Security layer
The Security layerThe Security layer
The Security layer
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
CNS ppt.pdf
CNS ppt.pdfCNS ppt.pdf
CNS ppt.pdf
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Ip sec
Ip secIp sec
Ip sec
 
05 06 ike
05 06 ike05 06 ike
05 06 ike
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 

Plus de Mohd Arif

Bootp and dhcp
Bootp and dhcpBootp and dhcp
Bootp and dhcp
Mohd Arif
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
Mohd Arif
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocol
Mohd Arif
 
Project identification
Project identificationProject identification
Project identification
Mohd Arif
 
Project evalaution techniques
Project evalaution techniquesProject evalaution techniques
Project evalaution techniques
Mohd Arif
 
Presentation
PresentationPresentation
Presentation
Mohd Arif
 
Pointers in c
Pointers in cPointers in c
Pointers in c
Mohd Arif
 
Peer to-peer
Peer to-peerPeer to-peer
Peer to-peer
Mohd Arif
 
Overview of current communications systems
Overview of current communications systemsOverview of current communications systems
Overview of current communications systems
Mohd Arif
 
Overall 23 11_2007_hdp
Overall 23 11_2007_hdpOverall 23 11_2007_hdp
Overall 23 11_2007_hdp
Mohd Arif
 
Objectives of budgeting
Objectives of budgetingObjectives of budgeting
Objectives of budgeting
Mohd Arif
 
Network management
Network managementNetwork management
Network management
Mohd Arif
 
Networing basics
Networing basicsNetworing basics
Networing basics
Mohd Arif
 
Iris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platformIris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platform
Mohd Arif
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psec
Mohd Arif
 
Intro to comp. hardware
Intro to comp. hardwareIntro to comp. hardware
Intro to comp. hardware
Mohd Arif
 
H.323 vs. cops interworking
H.323 vs. cops interworkingH.323 vs. cops interworking
H.323 vs. cops interworking
Mohd Arif
 

Plus de Mohd Arif (20)

Bootp and dhcp
Bootp and dhcpBootp and dhcp
Bootp and dhcp
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocol
 
Project identification
Project identificationProject identification
Project identification
 
Project evalaution techniques
Project evalaution techniquesProject evalaution techniques
Project evalaution techniques
 
Presentation
PresentationPresentation
Presentation
 
Pointers in c
Pointers in cPointers in c
Pointers in c
 
Peer to-peer
Peer to-peerPeer to-peer
Peer to-peer
 
Overview of current communications systems
Overview of current communications systemsOverview of current communications systems
Overview of current communications systems
 
Overall 23 11_2007_hdp
Overall 23 11_2007_hdpOverall 23 11_2007_hdp
Overall 23 11_2007_hdp
 
Objectives of budgeting
Objectives of budgetingObjectives of budgeting
Objectives of budgeting
 
Network management
Network managementNetwork management
Network management
 
Networing basics
Networing basicsNetworing basics
Networing basics
 
Loaders
LoadersLoaders
Loaders
 
Lists
ListsLists
Lists
 
Iris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platformIris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platform
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psec
 
Intro to comp. hardware
Intro to comp. hardwareIntro to comp. hardware
Intro to comp. hardware
 
Heap sort
Heap sortHeap sort
Heap sort
 
H.323 vs. cops interworking
H.323 vs. cops interworkingH.323 vs. cops interworking
H.323 vs. cops interworking
 

Dernier

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Dernier (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Ip sec and ssl

  • 2. Protocol Stack at Outset • What we have to start with HTTP FTP SMTP TCP IP • Can be at just about any point
  • 3. Where can we put security? HTTP FTP SMTP HTTP FTP SMTP TCP SSL/PCT/TLS AH ESP TCP IP IP Network approach Transport approach SET PGP S-HTTP S/MIME HTTP FTP SMTP TCP TCP IP IP Application approach Presentation approach
  • 4. IPSec - Network Approach  Sponsored by IETF IPSec working group  Scheduled to be integral component of IPv6  Supports strong authentication and encryption at layer 3  Bi-directional tunnel  Packet filtering is primary access control method  Requires Public Key Infrastructure (PKI)
  • 5. IP Layer Security • Functionality – AH (Authentication Header): integrity and authenticity – ESP (Encrypted Security Payload): confidentiality, optional authentication & integrity • Security Association (for each pair of hosts): determined by destination IP address and the SPI (Security Parameters Index) – Specification of the crypto methods to be used by SPI – Keys to be used by the crypto methods for that SPI – The hosts and other entities associated with this traffic • Key Management – Manual Keying (required) – Key Management Protocols (in flux)
  • 6. IPSec AH Packet Format IPv4 AH Packet Format IPv4 Header Authentication Header Higher Level Protocol Data IPv6 AH Packet Format Hop-by-Hop Authentication Higher Level IPv6 Header Other Headers Routing Header Protocol Data IPv6 AH Header Format Next Header Length Reserved Security Parameters Index Authentication Data (variable number of 32-bit words)
  • 7. IPSec Authentication • SPI: identifies the security association to use for this packet – type of crypto checksum, how large it is, and how it is computed • authentication data – hash of packet contents include IP header as as specified by the transform indicated by the SPI – treat fields which change hop-by-hop (TTL, header checksum) as zero • Keyed MD5 Hash is default MD5 Hash Secret Key Headers and data being sent Key Key
  • 8. IPSec ESP Packet Format IPv4 ESP Packet Format Unencrypted Encrypted Other IP IP Header ESP Header Encrypted Data Headers ESP Header Format Security Association Identifier Opaque Transform Data, variable length DES + MD5 ESP Format Security Parameters Index (SPI) Initialization Vector (optional) Replay Prevention Field (incrementing count) Payload Data (with padding) Authentication checksum
  • 9. IPSec Encryption • ESP Modes – Tunnel-mode: payload in a whole IP datagram, mobile-IP – Transport Mode: payload is a higher level IP protocol, e.g., TCP/UDP • DES with CBC is default • Key Management * ISAMKP/Oakley (mandatory) – ISAMKP - association management protocol – Oakley - key management – exchange message(s) to establish long-lived context * Simple Key-Management for Internet Protocols -SKIP (elective)
  • 10. Header Usage and Security • IPSec standards recommend using the AH to protect the ESP – AH validates both the IP addresses and the message contents • Omitting the ESP – without the ESP, it is possible to eavesdrop on the authenticated data (this is a threat when resusable, secret passwords are used) • Omitting the AH –ESP does not generally protect against modification – ESP is vulnerable to header cut-and-paste attack • attacker takes out the ESP out of packets and inserts a new ESP destined for another machine (when IPSec proxy is used) • another solution is to assign unique security associations to different pairs of communicating hosts (burden on administrators)
  • 11. IPSec Issues Benefits: Concerns:  Integrated directly into IP  IETF working group stack slow to establish  Uses public key technology consensus  Proposed IETF standard  Client deployment dependent on Microsoft  Security model for IPv6  Competing key  Supports strong management standards authentication and encryption mechanisms  Requirement for public key infrastructure  Expected to be widely deployed in internetworking  Router Vendors are devices central to deployment  Supports only IP traffic  Users vs Addresses
  • 12. Transport Approach - SSL/TLS • SSL: Secure Sockets Layer TLS: Transport Layer Security • SSL Version 1: Was quickly replaced by SSL v2. Not in use today. • SSL Version 2: Has some security problems. Still supported. • PCT: Microsoft’s response to SSL 2.0. Fixes some problems, but has been supplanted by SSL 3.0. • SSL Version 3: Complete redesign of SSL. Fixed the problems in previous versions and added many features • TLS: Under development IETF standard based on SSL 3.0 with enhancements.
  • 13. What problem does SSL Solve? • Allows secure communications between two computers, provided that at least one has a certificate trusted by the other (avoids man- in-the-middle when possible). • Isolates application developers from the complexities and dangers of cryptosystem design. • Supports authentication, encryption, and key exchange • Reliable connections via various secure hash functions • Efficient, extendible, easy to integrate, not ASN.1 based, secure, open, interoperable. • End-to-end armored pipe only, not signed letter and sealed envelope model.
  • 14. A simple SSL-like protocol Problem: A user wants to shop at a merchant’s server -- but the server doesn’t know anything about the user. Phase 1: Handshake to produce a shared secret K. 1. User requests, obtains, and verifies Server’s certificate 2. User creates a 160-bit value K at random 3. User computes K encrypted with server’s public key and sends the result to S. 4. Server decrypts with its private key to recover K. 5. Server hashes K and sends the result to user. 6. User also hashes K and verifies the value from server.
  • 15. Simple SSL-like protocol, cont Phase 2: Secure communications using a shared secret K. Data to be exchanged is broken into packets. • Prior to transmission, each packet of data is encrypted and MAC’ed (Message Authentication Coded): – Communications are encrypted using K to ensure that data are private from eavesdropping – Communications are MAC’ed using K to ensure that data are secure against tampering and modification • The recipient decrypts the packet and verifies the MAC. An incorrect MAC indicates a fatal error.
  • 16. SSL Protocols • The handshake Protocol: negotiates the use of new crypto algorithms and keys. • The record protocol: functions as a layer beneath all SSL messages and indicates the encryption and integrity protection being applied to the data. • The alert protocol: when errors have occurred or when a session is being ended.
  • 17. SSL Handshake: Protocol • Handshake Protocol Goals: – Negotiate security parameters, – Authenticate server to client (server name must match name in certificate to prevent man-in-the-middle attacks) – Authenticate client to server (if requested by server), – Create a secret (the “Master Secret” shared between the participants) • Negotiated protocol parameters – Protocol version (e.g., SSL 3.0, TLS 3.1, etc.) – CipherSuite (crypto algorithms, etc. ) – Compression method (e.g., none)
  • 18. SSL Handshake: CipherSuite • The CipherSuite defines the cryptographic algorithms, key sizes, etc • CipherSuite Parameters: – Encryption Algorithm: none, RC4-40, RC4-128, RC2-40, IDEA-128, DES-40, DES, TripleDES – Public Key algorithm: RSA, Fortezza, or Diffie-Hellman (with RSA, DSS, or, no certificates* ) – Hash Function: MD5, SHA * Certificate-less handshakes are vulnerable to man-in-the-middle attacks. In some environments, anonymous Diffie-Hellman is helpful -- but in most cases, any support for anonymous ciphersuites would be a massive security flaw
  • 19. Client SSL Handshake: Steps Server 1. Client sends ClientHello message. 2. Server acknowledges with ServerHello message. 3. Server sends its certificate. Server Certificate MasterSecret 4. Server requests client’s certificate 5. Client sends its certificate. Server’s 6. Client sends ClientKeyExchange message Private Key Server’s Public Key 7. Client sends a Certificate Verify message. Digital Signature 8. Both send ChangeCipherSpec messages. 9. Both send Finished messages.
  • 20. SSL Handshake:Resuming Sessions • Goal: minimize the number of SSL handshakes since: – Private key operations take server time – Network round trips are slow (2 per handshake) • If two parties have recently communicated, they already have a shared master. If both parties agree, the old master secret can be reused. This is called resuming a session. • A Hack: Adding state to a stateless protocol (http) • Resuming can be done even if the parent session is still alive to split sessions (e.g., to have 4 simultaneous connections, do the handshake once then “resume” three new sessions).
  • 21. SSL Record Layer • Defines how application SSL ciphertext data (payload) is: MAC Content Padding – broken into packets SSL compressed – encrypted and decrypted SSL Plaintext – MAC’ed and verified Real application data • Record Layers: • Four keys are used and – SSL Plaintext - type, SSL derived from the MasterSecret: version, length, data – Server write key – SSL compressed - – Client write key compressed (SSL plaintext) – Server write MAC secret – SSL Ciphertext - encrypted (MAC and SSLcompressed) – Client write MAC secret
  • 22. Strengths of the SSL • Bruteforce Attack – 128 bits or more can be said to be safe in the foreseeable future. • Dictionary Attack – for instance, take HTTP “get” command and use every possible key to precompute encrypted form of the plaintext. – SSL protects by having very large key spaces (even export version is actually 54 bit with 88 bits disclosed) • Replay Attack – Attack works by rerunning the messages sent earlier – SSL defeats it by using a 128-bit nonce value that is unique to that connection • Man-In-the-Middle Attack – SSL uses signed certificates to authenticate the server’s public key
  • 23. Weaknesses of the SSL • Using weak encryption when strong is required Does not work with export version
  • 24. Weaknesses of the SSL, cont • Certificate problems – not signed by a trusted Certificate Authority – expired certificates (No certificate revocation list (CRL) in spec!) – Only real server authentication is that the DNS name in the URL matches the name in the certificate – if you are fooled into using a wrong name (www.isbankasi.com.tr instead of www.isbank.com.tr) you’ll never know • Only using SSL for forms not all or most of your site – no caching of SSL by default therefore performance issues – what’s wrong with this picture: https://www.company.com/order_form.cgi <FORM ACTION=http://www.company.com/process_order.cgi METHOD=POST>
  • 25. Web Spoofing • Web spoofing is pretending to be somebody else’s web site • Allows traffic to be intercepted and changed • All Web traffic must pass through attacker’s proxy – somebody puts a false link in a popular Web page – by choosing DNS name very close to the real one (www.isbankasi.com.tr instead of www.isbank.com.tr) • Users must be careful to detect it • Can NOT be stopped -- even with SSL – unless you are using client side certificates (which hardly anybody is)
  • 26. Web Spoofing you.com good.com Browser WWW Server Link 2 4 bad.com http://bad.com/http://good.com/file 7 WWWserver 5 Modified URL 1 Call good.com to get file 3 Change data in the http://good.com/file copy of file 6 Normal URL Return to you.com
  • 27. Web Transaction Security • Security Objectives – Protect transactions against attack on the Internet – ensure security without prior arrangements between customers and vendors – Apply crypto protections selectively as needed – The receiving host must be protected from attack by incoming messages • Basic issues – Widely available, user-friendly transaction protocol (HTTP) – Authenticating the customer and vendor – Key management with naive users – Liability with bogus transactions
  • 28. Web Transactions • Three key elements – forms: Web pages with HTML functions to collect data from the user – the POST command: transmits the collected data values to the server – CGI Scripts: programs that process submitted data and return a Web page • Web Form Security Services – Transaction Integrity – Customer Authentication – Vendor Authentication – Transaction Secrecy
  • 29. Security Alternatives for Web forms • Alternative security techniques: – Protection with passwords – Network Security (IPSec) – Connection Security (SSL) – Application Security (secure HTTP) –Java Applets with SSL • Protection with passwords – no crypto protection, must be restricted to low-risk applications – vulnerable to password sniffing – but available and easy to implement – provides only customer authentication
  • 30. Security Alternatives, cont • Network-level security (IPSec): – provides all-or-nothing security • it is inefficient to apply crypto to all Web traffic • increases the risk of bogus transactions if it encrypts everything – blocks access to hosts that don’t support it or don’t have a security association with the server – key management is problem for arbitrary Internet customers and vendors • both client and server are assumed to have their own public keying material and that it has been validated by a third party – client authentication relies on user’s IP address
  • 31. Security Alternatives, cont • Transport-level Security (SSL): – better control over when security measures are used • a Web browser can choose whether a particular connection is going to use SSL • using separate port number gives both the client and server some control over what traffic is protected and what traffic moves fast – all four of the protections are provided – transport layer crypto can pose architectural problems in some applications • crypto activities will be hidden from the application by an interface • SSL software must be integrated into the application for better crypto monitoring – everything that passes through SSL connection is encrypted • crypto security measures are only applied to the data in transit and are lost once a connection is closed
  • 32. Security Alternatives, cont • Application-level Security (SHTTP) – all four of the protections are provided – application protocol yields the best security results • the protocol can define security very specifially in terms of the application’s activities e.g., an application could handle a message containing digital signatures by several different agents and make decisions based on who signed what, or optimize the application of crypto services to different parts of a large message – SHTTP can define crypto services for individual Web pages • each page can carry its own crypto checksum or digital signature • individually encrypted pages can be published on any Web server and still be read by those with authorized keys • signed pages can be reliably authenticated regardless of how they are replicated and distributed
  • 33. SSL-enabled Client 1. Implement the latest version of the SSL protocol. 2. Implement a good RSA key exchange. 3. Support a few effective secret key ciphers. 4. Disable any inadequate crypto (e.g., 40 bits or 56 bits). 5. Ensure interoperability with SSL servers. 6. Provide a clear indication when SSL is working. 7. Protect against theft. 8. Support hardware crypto modules as well as software. 9. Block or restrict downloaded executable contents. 10. Use pre-installed public keys to validate server certificate. 11. SSL client authentication. 12. Support additional server authority keys.
  • 34. SSL-enabled Server 1. Security on the server host must be as tight as possible. 2. Implement the latest version of the SSL protocol. 3. Implement a good RSA key exchange. 4. Support a few effective secret key ciphers. 5. Configure the secret key length to the application. 6. Provide server event logging. 7. Protect against host subversion. 8. Enforce SSL client authentication. 9. Do not share directories and files between http and https server. 10. If more than one option is available, always choose the latest version and strongest ciphersuite.
  • 35. References  Material compiled by Stephen Hayne and Randy Marchany