Network Security
Lecture 30
Presented by: Dr. Munam Ali Shah
Part 3
Internet Security
(Last lecture of last Part)
Summary of the Previous Lecture
We had a discussion about following topics
●
●
●
Email Security
Pretty Good Privacy
4 Why PGP is famous
4 PGP Operating
4 Message generation
4 Message Reception
Internet Mail Architecture
4 Email Threats
Outlines of today’s lecture
■ Secure Socket Layer (SSL)
4
Architecture
4
Connection
4
Session
4
Record Protocol Service
4
Record Protocol operation
■ Three SSL-specific protocols that use the SSL Record
Protocol
4
SSL Change Cipher Spec Protocol
4
Alert Protocol
4
Handshake Protocol
■ Integrating SSL/TLS with HTTP
■ HTTPS and SSH
HTTPS
Objectives
■ You would be able to present an understanding of how
web security is achieved through different protocols.
■ You would be able demonstrate knowledge about SSH,
HTTPS, TLS etc.
Web Security
■ Web now widely used by business, government,
individuals
■ but Internet & Web are vulnerable
■ have a variety of threats
● integrity
● confidentiality
● denial of service
● authentication
■ need added security mechanisms
Web Traffic Security Approaches
A number of approaches to providing Web security are possible. The various
approaches that have been considered are similar in the services they provide and,
to some extent, in the mechanisms that they use, but they differ with respect to their
scope of applicability and their relative location within the TCP/IP protocol stack.
SSL (Secure Socket Layer)
■
■
■
■
Transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard known as TLS
(Transport Layer Security)
■ uses TCP to provide a reliable end-to-end service
■ SSL has two layers of protocols
SSL Architecture
The SSL Record Protocol provides basic security services to various higherlayer protocols. In particular, the Hypertext Transfer Protocol (HTTP), which
provides the transfer service for Web client/server interaction, can operate on
top of SSL.
Three higher-layer protocols are also defined as part of SSL: the Handshake
Protocol, Change Cipher Spec Protocol, and Alert Protocol. These SSL-specific
protocols are used in the management of SSL exchanges.
SSL Architecture
Ø SSL connection
la
transient, peer-to-peer, communications link
l associated with 1 SSL session
Ø SSL session
l an association between client & server
l created by the Handshake Protocol
l define a set of cryptographic parameters
l may be shared by multiple SSL connections
SSL Record Protocol Services
■ confidentiality
●
using symmetric encryption with a shared secret key
defined by Handshake Protocol
● AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza,
RC4-40, RC4-128
● message is compressed before encryption
■ message integrity
● using a MAC with shared secret key
● similar to HMAC but with different padding
SSL Record Protocol Operation
The Record Protocol takes an application message to be transmitted, fragments the
data into manageable blocks, optionally compresses the data, computes and appends
a MAC (using a hash very similar to HMAC), encrypts (using one of the symmetric
algorithms listed on the previous slide), adds a header (with details of the SSL content
type, major/minor version, and compressed length), and transmits the resulting unit in
a TCP segment. Received data are decrypted, verified, decompressed, and
reassembled and then delivered to higher-layer applications
SSL Change Cipher Spec Protocol
■ One of 3 SSL specific protocols which use the SSL
Record protocol
■ a single message
■ causes pending state to become current
■ hence updating the cipher suite in use
SSL Alert Protocol
Ø conveys SSL-related alerts to peer entity
Ø severity
4 warning
or fatal
Ø specific alert
4 fatal:
unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
4 warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked,
certificate expired, certificate unknown
Ø compressed & encrypted like all SSL data
SSL Handshake Protocol
Ø
allows server & client to:
l authenticate each other
l to negotiate encryption & MAC algorithms
l to negotiate cryptographic keys to be used
Ø comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
SSL
Handshake
Protocol
TLS (Transport Layer Security)
■ IETF standard RFC 2246 similar to SSLv3
■ with minor differences
●
●
●
●
●
●
●
in record format version number
uses HMAC for MAC
a pseudo-random function expands secrets
4 based on HMAC using SHA-1 or MD5
has additional alert codes
some changes in supported ciphers
changes in certificate types & negotiations
changes in crypto computations & padding
Integrating SSL/TLS with HTTP
■ Two complications
HTTPS
web
proxy
web
server
Web proxies
■ solution: browser sends
corporate network
■ CONNECT domain-name
■ before client-hello (dropped by proxy)
Virtual hosting:
■ two sites hosted at same IP address.
client-hello
web
server
■ solution in TLS 1.1 (RFC 4366)
■ client_hello_extension: server_name=cnn.com server-cert ???
■ implemented in FF2 and IE7 (vista)
certCNN
certFOX
Why is HTTPS not used for all web traffic?
• Slows down web servers
• Breaks Internet caching
•
•
ISPs cannot cache HTTPS traffic
Results in increased traffic at web site
• Incompatible with virtual hosting (older browsers)
LETS SEE “HTTPS IN THE BROWSER”
The lock icon:
SSL indicator
■ Intended goal:
•
•
Provide user with identity of page origin
Indicate to user that page contents were not
viewed or modified by a network attacker
■ In reality:
●
●
Origin ID is not always helpful
4 example: Stanford HR is hosted at
BenefitsCenter.com
Many other problems
When is the (basic) lock icon displayed
• All elements on the page fetched using HTTPS
■
(with some exceptions)
• For all elements:
•
HTTPS cert issued by a CA trusted by browser
•
HTTPS cert is valid (e.g. not expired)
•
CommonName in cert matches domain in URL
The lock UI:
■ IE7:
help users authenticate site
The lock UI:
■ Firefox 3:
help users authenticate site
(no SSL)
(SSL)
The lock UI:
help users authenticate site
■ Firefox 3: clicking on bottom lock icon gives
The lock UI: Extended Validation (EV) Certs
• Harder to obtain than regular certs
•
requires human lawyer at CA to approve cert request
• Designed for banks and large e-commerce sites
• Helps block “semantic attacks”:
www.bankofthevvest.com