Outline • Preliminaries: – Internet protocols, PKI, X.509, Encoding Internet Security Protocols • Application layer security (email) – PGP, S/MIME • Transport layer security Bart Preneel – SSL / TLS June 2003 • Network layer security With thanks to Joris Claessens and Walter Fumy – IPSec, VPN, SSH 2 Internet Evolution Internet Standardization 1.000 m obile • ISOC/IAB/IESG/IETF Number of Internet Users in Millions WAP business • Internet Engineering Task Force (IETF) 100 XML Electronic • IETF Working Groups Business e-Commerce – Mailing List Information 10 – Scope of the Working Group HTML Experts – Goals and Milestones WWW – Current Internet Drafts & RFCs 1 – http://www.ietf.org/html.charters/wg-dir.html Armed Forces TCP/IP • RFCs Universities e-mail 0,1 – http://www.rfc-editor.org 1960 1970 1980 1990 2000 2010 2020 – ftp://FTP.ISI.EDU/in-notes/ 3 IETF Standards IETF Intermediate documents – Proposed Standard (PS) • Request for Comments (RFCs) with different maturity levels • stable spec Experimental – Experimental (E) • lowest level of standards track – Informational (I) Proposed – Draft Standard (DS) – Historic (H) • at least two independent and – Best Current Practice (BCP) Draft std interoperable implementations • Internet-Drafts (I-D) are working documents of the – Standard (STD) working groups and have no formal status Standard • widely, successfully used • Protocol Status (requirement level) Historic – "required", "recommended", "elective", "limited use", or "not recommended” – “must” and “should” 1
IETF Security Area (1) IETF Security Area (2) Area Directors: Jeffrey Schiller & Marcus Leech Area Directors: Jeffrey Schiller & Marcus Leech • An Open Specification for Pretty Good Privacy (openpgp) • One Time Password Authentication (otp) • Public-Key Infrastructure (X.509) (pkix) • Authenticated Firewall Traversal (aft) • S/MIME Mail Security (smime) • Common Authentication Technology (cat) • Secure Network Time Protocol (stime) • IP Security Policy (ipsp) • Secure Shell (secsh) • IP Security Protocol (ipsec) • Securely Available Credentials (sacred) • IP Security Remote Access (ipsra) • Security Issues in Network Event Logging (syslog) • Intrusion Detection Exchange Format (idwg) • Simple Public Key Infrastructure (spki) • Kerberized Internet Negotiation of Keys (kink) • Transport Layer Security (tls) • Kerberos WG (krb-wg) • Web Transaction Security (wts) • Multicast Security (msec) • XML Digital Signatures (xmldsig) Internet Protocols Security Protocols & Services • Cryptographic techniques typically utilized by a Security Protocol Application SMTP HTTP . . . SMTP HTTP . . . Transport – (unilateral or mutual) entity authentication TCP/UDP TCP/UDP mechanisms Network IP IP – symmetric encipherment Link Link – message authentication mechanisms – key establishment mechanisms (e.g., combined • Network Layer with entity authentication) – Internet Protocol (IP) • Transport Layer SP hdr data SP tlr MAC – Transmission Control Protocol (TCP), User Datagram confidentiality Protocol (UDP) 10 integrity Internet Security Protocols SP Architecture II: Session (Association) Establishment Electronic Commerce Layer SET, Ecash, ... PKIX Host A Host B S-HTTP PGP PEM S/MIME SP hdr encrypted data MAC Transport Layer Security (SSH, SSL, TLS) SPKI Transmission Control Protocol User Datagram Protocol (UDP) (TCP) Security Associations (Security Parameters IP/ IPSec (Internet Protocol Security) Public-Key incl. Shared Keys) Infrastructure • security services depend on the layer of integration: Key Management and – the mechanisms can only protect the payload and/or header Security Association information available at this layer Establishment Protocols – header information of lower layers is not protected!! 12 2
Note on export restrictions Public Key Infrastructure • cryptography is weapon or dual use good • X.509: ITU/T standard – basis for the IETF PKIX working group – thus should be export-controlled – allow only short keys – latest major release in ‘95 (v3) – Certification Authorities (CA) = Trusted Third • Until 1997: Parties (TTP), that warrant the link between a – 40-bit: symmetric encryption person and their public key – 512-bit: asymmetric encryption • Alternatives: • Since September 2000 – SPKI/SDSI (IETF) – less restrictions, evolution towards no restrictions – PGP between “civilized nations” 13 14 X.509 certificate v1 X.509 certificate v2 • Version number • Idem + • Serial number • Issuer unique identifier • Signature algorithm • Subject unique identifier • Issuer name • Directory Access Control • Validity period • Subject name • Subject public key • Signature of the CA 15 16 X.509 certificate v3 Typical X.509 solution • Idem + Certification Timestamping Directory Card Key Authority Authority System Issuing Recovery • Extensions (each one can be critical): System Authority Server Components – Alternative naming Registration Local Notarization – More info about the key Authority Authority Registration Authority – Other identification data Administration Components – CRL location information PKI User Agent – … Client 17 18 3
Recommend
More recommend
