SlideShare a Scribd company logo
1 of 36
Download to read offline
Information Security
CS 3002
Dr. Haroon Mahmood
Assistant Professor
NUCES Lahore
2
Information Security
Message/data security
 authentication (single), integrity and privacy self contained
in the message
 possibility of non repudiation
 requires modification of applications
3
Information Security
Channel Security
 authentication (single or mutual), integrity and privacy
only during the transit inside the communication channel
 no possibility of non repudiation
 requires no (or small) modification of applications
4
Information Security
Security internal to applications
 each application implements security internally
 the common part is limited to the communication channels
(socket)
 possible implementation errors (inventing security
protocols is not simple!)
 does not guarantee interoperability
5
Information Security
Security External to Applications
 the session level would be the ideal one to be used to
implement many security functions
 … but it does not exist in TCP/IP!
 a “secure session” level was proposed:
 it simplifies the work of application developers
 it avoids implementation errors
 it is up to the application to select it (or not)
6
Information Security
SSL what is it?
 Security at layer 4 (Transport layer)
 Secure Sockets Layer (SSL)
 secure transport channel (session level):
 peer authentication (server, server+client)
 message confidentiality
 message authentication and integrity
 protection against replay attacks
 Easily applicable to all protocols based on TCP:
 HTTP, SMTP, FTP, TELNET, ...
 e.g. the famous secure HTTP (https://....) = 443/TCP
7
Information Security
SSL/TLS
 Philosophy of SSL: Easier to deploy something if
no changes in OS required
 Application’s API (Socket) is interface to SSL:
Hence secure socket layer
 API to SSL is the superset of API to TCP
 SSL/TLS operate above TCP. OS doesn’t change
applications do!
8
Information Security
SSL handshake
 agree on a set of algorithms for confidentiality,
integrity and authentication
 exchange random numbers between the client
and the server to be used for the subsequent
generation of the keys
 establish a symmetric key by means of public key
operations, e.g. RSA
 negotiate the session-id
 exchange the necessary certificates
9
Information Security
SSL handshake simplified
 Secrets are: Pre-master key S, Master Key K
 Server authentication
 Client authentication by password (optional)
10
Information Security
SSL handshake in detail
11
Information Security
Key Terms
 HELLO Extensions: request extended functionality by
sending data in the extensions field.
 E.g: max_fragment_length, status request
 The server may not oblige
 Client may abort the handshake
 Pre-shared Secret (key): generated by client OR directly
obtained from the key exchange. E.g: (DH: gab mod p)
 Master keys: generated from the pre-shared secret +
random.client + random.server by applying a PRF
 Master key = PRF (pre-shared secret, random.client,
random.server)
 PRF = Pseudo Random Function
12
Information Security
SSL V3 Architecture
 Handshake: enables the SSL or TLS client and server to
establish the secret keys with which they communicate
 Change cipher spec: indicates the usage of secret key for
data communication
 Alert: signal problems with SSL connection, give current
status
 Record protocol: permits the encapsulation of higher level
protocols
13
Information Security
SSL3/TLS record protocol
14
Information Security
SSL MAC computation
 MAC = message_digest ( key, seq_number | type | version |
length | fragment )
 message_digest
 depends on the chosen algorithm
 key
 sender-write-key or receiver-read-key
 seq_number
 32-bit integer
 Type
 Type of record
 change cipher spec (20)
 alert (21)
 Handshake (22)
 Application data (23)
 length
 length of the fragment/plaintext
15
Information Security
Data protection in SSL
16
Information Security
SSL-3 new features with respect to SSL-2
 data compression:
 optional
 Done before encryption
 data encryption is optional: in order to have only
authentication and integrity
 possibility to re-negotiate the SSL connection:
 periodical change of keys
 change of the algorithms
17
Information Security
IPsec
 Philosophy of IPsec: implementing security within the
operating systems automatically causes applications to be
protected without changing applications
 IPsec is within the OS. OS changes, applications and API to
TCP don’t.
18
Information Security
End-to-end security with basic VPN
19
Information Security
Transport mode IPsec
 used for end-to-end security, that is used by hosts, not
gateways (exception: traffic for the gateway itself e.g:
SNMP, ICMP)
 pro: computationally light
 con: no protection of header variable fields
20
Information Security
Tunnel Mode IPsec
 used to create a VPN, usually by gateways
 Gateway-to-gateway mode
 pro: protection of header variable fields
 con: computationally heavy
21
Information Security
IPsec
 Security at layer 3
 IPsec ensures:
 Confidentiality, integrity, and authenticity
 Allows secure communication in the Internet
 Independent from the application or higher protocols
 Network-layer security instead of application-layer
security
 Compatible with schemes providing security at the
application layer
 Can be applied simultaneously
22
Information Security
IPSec
 Further advantages:
 Can be applied to all network traffic
 Routers/firewalls vendors can implement it (Can't
implement SSL)
 Transparent to the applications
 Transparent to the users
 Limitations:
 Limited to IP Addresses
 Has no concept of application users
23
Information Security
Applications of IPsec
 Secure connection among different branches of the same
company
 Virtual Private Network (VPN)
 Secure remote access to an Intranet through the (insecure)
Internet
 Allows secure remote workers
 Secure communication between peers
 Adding security for electronic commerce applications
24
Information Security
IPsec overview
 IETF architecture for L3 security in IPv4 / IPv6:
 definition of two specific packet types:
 AH (Authentication Header)
 for integrity, authentication, no replay
 ESP (Encapsulating Security Payload)
 for confidentiality, integrity, authentication, no replay
 protocol for key exchange:
 IKE (Internet Key Exchange)
25
Information Security
Security Association
 Establishment of shared security attributes between
sender and receiver to support secure communication
 Usually considered unidirectional
 contain all the information required for execution of
various network security services
 Three SA identification parameters
 Security parameter index
 IP destination address
 Security protocol identifier
 two SA are needed to get complete protection of a
bidirectional packet flow in IPsec
26
Information Security
IPsec local databases
 SAD (SA Database)
 list of active SA and their characteristics (algorithms,
keys, parameters)
 maintained by user-processes
 SPD (Security Policy Database)
 list of security policies to apply to the different packet
flows
 a-priori configured (e.g. manually) or connected to an
automatic system (e.g. ISPS, Internet Security Policy
System)
27
Information Security
How IPsec works (sending)
28
Information Security
AH
 Authentication Header
 mechanism (first version, RFC-1826):
 data integrity and sender authentication
 compulsory support of keyed-MD5 (RFC-1828)
 optional support of keyed-SHA-1 (RFC-1852)
 mechanism (second version, RFC-2402):
 data integrity, sender authentication and protection from
replay attack
 HMAC-MD5
 HMAC-SHA-1
29
Information Security
AH Packet
 Next header: identifies the nature of the payload (TCP/UDP)
 Length: Indicates the length of the AH header
 SPI: Identifies the correct security association for the
communication
 Sequence Number: Provides anti-replay protection for the SA
 Auth. Data: contains the Integrity Check Value (ICV) that is used
to verify the integrity of the message. The receiver calculates the
hash value and checks it against this value (calculated by the
sender) to verify integrity.
30
Information Security
AH verification
31
Information Security
ESP
 Encapsulating Security Payload (ESP)
 first version (RFC-1827) gave only confidentiality
 base mechanism: DES-CBC (RFC-1829)
 Second version (RFC-2406):
 provides confidentiality & authentication (but not the IP
header, so the coverage is not equivalent to that of AH)
32
Information Security
ESP in transport mode
 pro: the payload is hidden (including info needed for QoS
or intrusion detection)
 con: the header remains in clear
33
Information Security
ESP Packet
 SPI: Identifies the correct security association for the
communication
 Sequence number: Provides anti-replay protection for the SA
 Next header: Identifies the nature of the payload (TCP/UDP)
 Auth. Data: Contains the Integrity Check Value (ICV), and a
message authentication code that is used to verify the sender's
identity and message integrity. The ICV is calculated over the
ESP header, the payload data and the ESP trailer
 Initialization Vector (IV): optional. Is after the Sequence number
34
Information Security
ESP Packet: Encryption & Authentication
Next header
35
Information Security
ESP tunnel mode
 pro: hides both the payload and (original) header
 con: larger packet size
36
Information Security
IPSec: AH & ESP packet format

More Related Content

Similar to IS - SSL (20)

Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Network security
Network securityNetwork security
Network security
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Ch16
Ch16Ch16
Ch16
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Unit 6
Unit 6Unit 6
Unit 6
 
IP Security
IP SecurityIP Security
IP Security
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
Network Security Practices-IP Security
Network Security Practices-IP SecurityNetwork Security Practices-IP Security
Network Security Practices-IP Security
 
Web security
Web securityWeb security
Web security
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 

More from FumikageTokoyami4

More from FumikageTokoyami4 (9)

Chap014.pdf
Chap014.pdfChap014.pdf
Chap014.pdf
 
Lecture 2 - Profession and Professional Bodies in IT.pptx
Lecture 2 - Profession and Professional Bodies in IT.pptxLecture 2 - Profession and Professional Bodies in IT.pptx
Lecture 2 - Profession and Professional Bodies in IT.pptx
 
Lecture 1 - Introduction-LAW.pptx
Lecture 1 - Introduction-LAW.pptxLecture 1 - Introduction-LAW.pptx
Lecture 1 - Introduction-LAW.pptx
 
Lecture 15-16.pdf
Lecture 15-16.pdfLecture 15-16.pdf
Lecture 15-16.pdf
 
a STORY OF A GREAT LEADER.pptx
a STORY OF A GREAT LEADER.pptxa STORY OF A GREAT LEADER.pptx
a STORY OF A GREAT LEADER.pptx
 
lec-01-WP.pdf
lec-01-WP.pdflec-01-WP.pdf
lec-01-WP.pdf
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
Lecture 1-2.pdf
Lecture 1-2.pdfLecture 1-2.pdf
Lecture 1-2.pdf
 

Recently uploaded

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

IS - SSL

  • 1. Information Security CS 3002 Dr. Haroon Mahmood Assistant Professor NUCES Lahore
  • 2. 2 Information Security Message/data security  authentication (single), integrity and privacy self contained in the message  possibility of non repudiation  requires modification of applications
  • 3. 3 Information Security Channel Security  authentication (single or mutual), integrity and privacy only during the transit inside the communication channel  no possibility of non repudiation  requires no (or small) modification of applications
  • 4. 4 Information Security Security internal to applications  each application implements security internally  the common part is limited to the communication channels (socket)  possible implementation errors (inventing security protocols is not simple!)  does not guarantee interoperability
  • 5. 5 Information Security Security External to Applications  the session level would be the ideal one to be used to implement many security functions  … but it does not exist in TCP/IP!  a “secure session” level was proposed:  it simplifies the work of application developers  it avoids implementation errors  it is up to the application to select it (or not)
  • 6. 6 Information Security SSL what is it?  Security at layer 4 (Transport layer)  Secure Sockets Layer (SSL)  secure transport channel (session level):  peer authentication (server, server+client)  message confidentiality  message authentication and integrity  protection against replay attacks  Easily applicable to all protocols based on TCP:  HTTP, SMTP, FTP, TELNET, ...  e.g. the famous secure HTTP (https://....) = 443/TCP
  • 7. 7 Information Security SSL/TLS  Philosophy of SSL: Easier to deploy something if no changes in OS required  Application’s API (Socket) is interface to SSL: Hence secure socket layer  API to SSL is the superset of API to TCP  SSL/TLS operate above TCP. OS doesn’t change applications do!
  • 8. 8 Information Security SSL handshake  agree on a set of algorithms for confidentiality, integrity and authentication  exchange random numbers between the client and the server to be used for the subsequent generation of the keys  establish a symmetric key by means of public key operations, e.g. RSA  negotiate the session-id  exchange the necessary certificates
  • 9. 9 Information Security SSL handshake simplified  Secrets are: Pre-master key S, Master Key K  Server authentication  Client authentication by password (optional)
  • 11. 11 Information Security Key Terms  HELLO Extensions: request extended functionality by sending data in the extensions field.  E.g: max_fragment_length, status request  The server may not oblige  Client may abort the handshake  Pre-shared Secret (key): generated by client OR directly obtained from the key exchange. E.g: (DH: gab mod p)  Master keys: generated from the pre-shared secret + random.client + random.server by applying a PRF  Master key = PRF (pre-shared secret, random.client, random.server)  PRF = Pseudo Random Function
  • 12. 12 Information Security SSL V3 Architecture  Handshake: enables the SSL or TLS client and server to establish the secret keys with which they communicate  Change cipher spec: indicates the usage of secret key for data communication  Alert: signal problems with SSL connection, give current status  Record protocol: permits the encapsulation of higher level protocols
  • 14. 14 Information Security SSL MAC computation  MAC = message_digest ( key, seq_number | type | version | length | fragment )  message_digest  depends on the chosen algorithm  key  sender-write-key or receiver-read-key  seq_number  32-bit integer  Type  Type of record  change cipher spec (20)  alert (21)  Handshake (22)  Application data (23)  length  length of the fragment/plaintext
  • 16. 16 Information Security SSL-3 new features with respect to SSL-2  data compression:  optional  Done before encryption  data encryption is optional: in order to have only authentication and integrity  possibility to re-negotiate the SSL connection:  periodical change of keys  change of the algorithms
  • 17. 17 Information Security IPsec  Philosophy of IPsec: implementing security within the operating systems automatically causes applications to be protected without changing applications  IPsec is within the OS. OS changes, applications and API to TCP don’t.
  • 19. 19 Information Security Transport mode IPsec  used for end-to-end security, that is used by hosts, not gateways (exception: traffic for the gateway itself e.g: SNMP, ICMP)  pro: computationally light  con: no protection of header variable fields
  • 20. 20 Information Security Tunnel Mode IPsec  used to create a VPN, usually by gateways  Gateway-to-gateway mode  pro: protection of header variable fields  con: computationally heavy
  • 21. 21 Information Security IPsec  Security at layer 3  IPsec ensures:  Confidentiality, integrity, and authenticity  Allows secure communication in the Internet  Independent from the application or higher protocols  Network-layer security instead of application-layer security  Compatible with schemes providing security at the application layer  Can be applied simultaneously
  • 22. 22 Information Security IPSec  Further advantages:  Can be applied to all network traffic  Routers/firewalls vendors can implement it (Can't implement SSL)  Transparent to the applications  Transparent to the users  Limitations:  Limited to IP Addresses  Has no concept of application users
  • 23. 23 Information Security Applications of IPsec  Secure connection among different branches of the same company  Virtual Private Network (VPN)  Secure remote access to an Intranet through the (insecure) Internet  Allows secure remote workers  Secure communication between peers  Adding security for electronic commerce applications
  • 24. 24 Information Security IPsec overview  IETF architecture for L3 security in IPv4 / IPv6:  definition of two specific packet types:  AH (Authentication Header)  for integrity, authentication, no replay  ESP (Encapsulating Security Payload)  for confidentiality, integrity, authentication, no replay  protocol for key exchange:  IKE (Internet Key Exchange)
  • 25. 25 Information Security Security Association  Establishment of shared security attributes between sender and receiver to support secure communication  Usually considered unidirectional  contain all the information required for execution of various network security services  Three SA identification parameters  Security parameter index  IP destination address  Security protocol identifier  two SA are needed to get complete protection of a bidirectional packet flow in IPsec
  • 26. 26 Information Security IPsec local databases  SAD (SA Database)  list of active SA and their characteristics (algorithms, keys, parameters)  maintained by user-processes  SPD (Security Policy Database)  list of security policies to apply to the different packet flows  a-priori configured (e.g. manually) or connected to an automatic system (e.g. ISPS, Internet Security Policy System)
  • 28. 28 Information Security AH  Authentication Header  mechanism (first version, RFC-1826):  data integrity and sender authentication  compulsory support of keyed-MD5 (RFC-1828)  optional support of keyed-SHA-1 (RFC-1852)  mechanism (second version, RFC-2402):  data integrity, sender authentication and protection from replay attack  HMAC-MD5  HMAC-SHA-1
  • 29. 29 Information Security AH Packet  Next header: identifies the nature of the payload (TCP/UDP)  Length: Indicates the length of the AH header  SPI: Identifies the correct security association for the communication  Sequence Number: Provides anti-replay protection for the SA  Auth. Data: contains the Integrity Check Value (ICV) that is used to verify the integrity of the message. The receiver calculates the hash value and checks it against this value (calculated by the sender) to verify integrity.
  • 31. 31 Information Security ESP  Encapsulating Security Payload (ESP)  first version (RFC-1827) gave only confidentiality  base mechanism: DES-CBC (RFC-1829)  Second version (RFC-2406):  provides confidentiality & authentication (but not the IP header, so the coverage is not equivalent to that of AH)
  • 32. 32 Information Security ESP in transport mode  pro: the payload is hidden (including info needed for QoS or intrusion detection)  con: the header remains in clear
  • 33. 33 Information Security ESP Packet  SPI: Identifies the correct security association for the communication  Sequence number: Provides anti-replay protection for the SA  Next header: Identifies the nature of the payload (TCP/UDP)  Auth. Data: Contains the Integrity Check Value (ICV), and a message authentication code that is used to verify the sender's identity and message integrity. The ICV is calculated over the ESP header, the payload data and the ESP trailer  Initialization Vector (IV): optional. Is after the Sequence number
  • 34. 34 Information Security ESP Packet: Encryption & Authentication Next header
  • 35. 35 Information Security ESP tunnel mode  pro: hides both the payload and (original) header  con: larger packet size
  • 36. 36 Information Security IPSec: AH & ESP packet format