ssl and ipsec
play

SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by - PowerPoint PPT Presentation

Oct 19, 2023 •48 likes •628 views

SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with Computer Slide #11-1 Security: Art and Science Reading Chapter 11 in Computer Science: Art and Science Stallings book Can also look at

  1. SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with Computer Slide #11-1 Security: Art and Science

  2. Reading • Chapter 11 in Computer Science: Art and Science • Stallings book • Can also look at Standards Documents Slide #11-2

  3. SSL • Transport layer security – Provides confidentiality, integrity, authentication of endpoints – Developed by Netscape for WWW browsers and servers • Internet protocol version: TLS – Compatible with SSL – Standard rfc2712 Slide #11-3

  4. Working at Transport Level • Data link, Network, and Transport headers sent unchanged • Original transport header can be protected if tunneling TCP data stream Ethernet TCP IP Encrypted/authenticated Frame Header Header Regardless of application Header Slide #11-4

  5. SSL Session • Association between two peers – May have many associated connections – Information for each association: • Unique session identifier • Peer’s X.509v3 certificate, if needed • Compression method • Cipher spec for cipher and MAC • “Master secret” shared with peer – 48 bits Slide #11-5

  6. SSL Connection • Describes how data exchanged with peer • Information for each connection – Random data – Write keys (used to encipher data) – Write MAC key (used to compute MAC) – Initialization vectors for ciphers, if needed – Sequence numbers Slide #11-6

  7. Structure of SSL SSL Alert SSL Application Protocol Data Protocol SSL Handshake SSL Change Cipher Protocol Spec Protocol SSL Record Protocol Slide #11-7

  8. SSL Record Layer Message Compressed blocks MAC Compressed blocks, enciphered, with MAC Slide #11-8

  9. Record Protocol Overview • Lowest layer, taking messages from higher – Max block size 16,384 bytes – Bigger messages split into multiple blocks • Construction – Block b compressed; call it b c – MAC computed for b c • If MAC key not selected, no MAC computed – b c , MAC enciphered • If enciphering key not selected, no enciphering done – SSL record header prepended Slide #11-9

  10. SSL MAC Computation • Symbols – h hash function (MD5 or SHA) – k w write MAC key of entity – ipad = 0x36, opad = 0x5C • Repeated to block length (from HMAC) – seq sequence number – SSL_comp message type – SSL_len block length • MAC h ( k w ||opad||h ( k w ||ipad||seq||SSL_comp||SSL_len||block )) Slide #11-10

  11. SSL Handshake Protocol • Used to initiate connection – Sets up parameters for record protocol – 4 rounds • Upper layer protocol – Invokes Record Protocol • Note: what follows assumes client, server using RSA as interchange cryptosystem Slide #11-11

  12. Overview of Rounds • Create SSL connection between client, server • Server authenticates itself • Client validates server, begins key exchange • Acknowledgments all around Slide #11-12

  13. Handshake Round 1 { v C || r 1 || s 1 || ciphers || comps } Client Server { v || r 2 || s 1 || cipher || comp } Client Server v C Client’s version of SSL v Highest version of SSL that Client, Server both understand r 1 , r 2 nonces (timestamp and 28 random bytes) s 1 Current session id (0 if new session) ciphers Ciphers that client understands comps Compression algorithms that client understand cipher Cipher to be used comp Compression algorithm to be used Slide #11-13

  14. Handshake Round 2 { certificate } Client Server { mod || exp || Sig S ( h ( r 1 || r 2 || mod || exp )) } Client Server { ctype || gca } Client Server { er2 } Client Server Note: if Server not to authenticate itself, only last message sent; third step omitted if Server does not need Client certificate k S Server’s private key ctype Certificate type requested (by cryptosystem) gca Acceptable certification authorities er2 End round 2 message Slide #11-14

  15. Handshake Round 3 { client_cert } Client Server { pre }Pub S Client Server Both Client, Server compute master secret master : master = MD5( pre || SHA(‘A’ || pre || r 1 || r 2 ) || MD5( pre || SHA(‘BB’ || pre || r 1 || r 2 ) || MD5( pre || SHA(‘CCC’ || pre || r 1 || r 2 ) { h ( master || opad || h ( msgs || master | ipad )) } Client Server msgs Concatenation of previous messages sent/received this handshake opad , ipad As above Slide #11-15

  16. Handshake Round 4 Client sends “change cipher spec” message using that protocol Client Server { h ( master || opad || h ( msgs || 0x434C4E54 || master || ipad )) } Client Server Server sends “change cipher spec” message using that protocol Server Client { h ( master || opad || h ( msgs || 0x53525652 || master | ipad )) } Client Server msgs Concatenation of messages sent/received this handshake in previous rounds (does notinclude these messages) opad , ipad , master As above Slide #11-16

  17. Supporting Crypto • All parts of SSL use them • Initial phase: public key system exchanges keys – Classical ciphers ensure confidentiality, cryptographic checksums added for integrity – Only certain combinations allowed • Depends on algorithm for interchange cipher – Interchange algorithms: RSA, Diffie-Hellman, Fortezza – AES added in 2002 by rfc3268 Slide #11-17

  18. RSA: Cipher, MAC Algorithms Interchange cipher Classical cipher MAC Algorithm RSA, none MD5, SHA key ≤ 512 bits RC4, 40-bit key MD5 RC2, 40-bit key, CBC mode MD5 DES, 40-bit key, CBC mode SHA RSA None MD5, SHA RC4, 128-bit key MD5, SHA IDEA, CBC mode SHA DES, CBC mode SHA DES, EDE mode, CBC mode SHA Slide #11-18

  19. Diffie-Hellman: Types • Diffie-Hellman: certificate contains D-H parameters, signed by a CA – DSS or RSA algorithms used to sign • Ephemeral Diffie-Hellman: DSS or RSA certificate used to sign D-H parameters – Parameters not reused, so not in certificate • Anonymous Diffie-Hellman: D-H with neither party authenticated – Use is “strongly discouraged” as it is vulnerable to attacks Slide #11-19

  20. D-H: Cipher, MAC Algorithms Interchange cipher Classical cipher MAC Algorithm Diffie-Hellman, DES, 40-bit key, CBC mode SHA DSS Certificate DES, CBC mode SHA DES, EDE mode, CBC mode SHA Diffie-Hellman, DES, 40-bit key, CBC mode SHA key ≤ 512 bits DES, CBC mode SHA RSA Certificate DES, EDE mode, CBC mode SHA Slide #11-20

  21. Ephemeral D-H: Cipher, MAC Algorithms Interchange cipher Classical cipher MAC Algorithm Ephemeral Diffie- DES, 40-bit key, CBC mode SHA Hellman, DES, CBC mode SHA DSS Certificate DES, EDE mode, CBC mode SHA Ephemeral Diffie- DES, 40-bit key, CBC mode SHA Hellman, DES, CBC mode SHA key ≤ 512 bits, DES, EDE mode, CBC mode SHA RSA Certificate Slide #11-21

  22. Anonymous D-H: Cipher, MAC Algorithms Interchange cipher Classical cipher MAC Algorithm Anonymous D-H, RC4, 40-bit key MD5 DSS Certificate RC4, 128-bit key MD5 DES, 40-bit key, CBC mode SHA DES, CBC mode SHA DES, EDE mode, CBC mode SHA Slide #11-22

  23. Fortezza: Cipher, MAC Algorithms Interchange cipher Classical cipher MAC Algorithm Fortezza key none SHA exchange RC4, 128-bit key MD5 Fortezza, CBC mode SHA Slide #11-23

  24. SSL Change Cipher Spec Protocol • Send single byte • In handshake, new parameters considered “pending” until this byte received – Old parameters in use, so cannot just switch to new ones Slide #11-24

  25. SSL Alert Protocol • Closure alert – Sender will send no more messages – Pending data delivered; new messages ignored • Error alerts – Warning: connection remains open – Fatal error: connection torn down as soon as sent or received Slide #11-25

  26. SSL Alert Protocol Errors • Always fatal errors: – unexpected_message, bad_record_mac, decompression_failure, handshake_failure, illegal_parameter • May be warnings or fatal errors: – no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown Slide #11-26

  27. SSL Application Data Protocol • Passes data from application to SSL Record Protocol layer Slide #11-27

  28. MITM Attacks • Classic attack foiled by certificates • More subtle attacks appear over time – TLS Authentication Gap • Interaction of TLS and HTTP • http://www.phonefactor.com/sslgap • Application above SSL/TLS tends to be HTTP but does not have to be Slide #11-28

  29. IPsec • Network layer security – Provides confidentiality, integrity, authentication of endpoints, replay detection • Protects all messages sent along a path IP+IPsec IP IP src dest gw2 gw1 security gateway Slide #11-29

  30. Standards • Original RFC’s 2401-2412 • Mandatory portion of IPv6 • Bolted onto IPv4 • Newer standards – IKE: Standardized Key Management Protocol RFC 2409 – NAT-T: UDP encapsulation for traversing address translation RFC 3948 Slide #11-30

  31. Network Level Encryption • Data link header and network header is unchanged • With tunneling original IP header can be protected Ethernet IP packet IP Frame Encrypted/authenticated Header Header Regardless of application Slide #11-31

  32. IPsec Transport Mode encapsulated IP data body header • Encapsulate IP packet data area • Use IP to send IPsec-wrapped data packet • Note: IP header not protected Slide #11-32

Recommend

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC can be used with VPNs Identify areas where extensions to IPSEC could be useful Bryan Gleeson, Page-1 VPN Reference Model CE CE PE

352 views • 9 slides
IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE PE CPE/CLE Host PE CPE to CPE IPSEC can be used for : PE to PE PE to CPE Bryan Gleeson, Page-1 CPE to CPE IPSEC tunnels

680 views • 8 slides
Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt draft-jml-ipsec-ikev2-security-context-00.txt Presented by: Joy Latten Document authors: Serge Hallyn, Trent Jaeger, Joy Latten, and George Wilson Problem Description Mandatory

295 views • 6 slides
Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab Version 2.5.47 basiert auf dem USAGI Projekt. Hierbei handelt es sich um eine alternative Implementierung des IPsec Stacks zum FreeS/WAN Projekt.

610 views • 8 slides
THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution Make encryption the default mode of communication Certifjcations (FIPS, Common Criteria, USGv6, etc.)

917 views • 25 slides
Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality

818 views • 37 slides
Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and Linux Contents Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP Tables The Connection Tracking

444 views • 9 slides
OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by Paul Wouters, RHEL Security THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution

736 views • 32 slides
Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com) 1 Motivation To secure communication

83 views • 6 slides
Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF

Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF

Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF standard for Network Layer security Popular for creating trusted link (VPN), either firewall-firewall, or machine to firewall Done at

868 views • 51 slides
IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised by Cunsheng Ding IP Security Architecture IPSec module 1 IPSec module 2 SPD SPD IKE IKE AH/ESP AH/ESP SAD SAD SA IKE: Internet Key

702 views • 26 slides
iLab IPsec Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of

iLab IPsec Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of

iLab IPsec Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 8 18ss 1 / 29 Outline Overview IPsec databases

563 views • 29 slides
IP IPSec ( ) 13 Network

IP IPSec ( ) 13 Network

IP IPSec ( ) 13 Network Security, Principles and Practice,2nd Ed. : http://www.fata.ir

567 views • 23 slides
IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22

IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22

IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22 1 / 22 Introduction 2 / 22 ESP and IKE Components of the IPsec protocol suite ESP Encapsulating Security Payload AH Authentication Header IKE

478 views • 22 slides
Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of

Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of

Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of course IKE/IPsec can be configured on routers to provide transport security for BGP and other similar control plane protocols. And certainly

480 views • 16 slides
for Constrained Environments dra%-raza-6lo-ipsec-02 {shahid.raza, simon.duquennoy}@sics.se

for Constrained Environments dra%-raza-6lo-ipsec-02 {shahid.raza, simon.duquennoy}@sics.se

Compression of IPsec AH and ESP Headers for Constrained Environments dra%-raza-6lo-ipsec-02 {shahid.raza, simon.duquennoy}@sics.se goran.selandaer@ericsson.com 1 Status of the Document First submi<ed as a posi=on paper to the Smart

209 views • 18 slides
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But theyre worried about attack How do you know

1k views • 56 slides
2N02 Aufbau eines VPNs mit IPsec Andreas Aurand Compaq Solution and Service Center Agenda

2N02 Aufbau eines VPNs mit IPsec Andreas Aurand Compaq Solution and Service Center Agenda

2N02 Aufbau eines VPNs mit IPsec Andreas Aurand Compaq Solution and Service Center Agenda IPsec Konfiguration unter IOS Konfiguration der ISAKMP Protection Suite Konfiguration der IPsec Protection Suite "Cisco VPN

359 views • 25 slides
IPsec Slide 1 Protocol security - where? Application layer: (+): easy access to user credentials,

IPsec Slide 1 Protocol security - where? Application layer: (+): easy access to user credentials,

IPsec 1 IPsec Slide 1 Protocol security - where? Application layer: (+): easy access to user credentials, extend without waiting for OS vendor, understand data; (-): design again and again; e.g., PGP, ssh, Kerberos Transport layer: (+):

420 views • 18 slides
Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich

Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich

Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich Overview What is IKE ? Internet Key Exchange , part of IPsec Formal analysis of IKE Previously considered infeasible Using Scyther

410 views • 19 slides
Specification-based testing of IPsec Institute for system Programming Russian Academy of

Specification-based testing of IPsec Institute for system Programming Russian Academy of

Specification-based testing of IPsec Institute for system Programming Russian Academy of Sciences Nickolay Pakoulin npak@ispras.ru Agenda Work Background Specification based testing in IPsec Discussion Future work The work

578 views • 30 slides
Intel 10Gbe status and other thoughts Linux IPsec Workshop 2018 Shannon Nelson Oracle Corp

Intel 10Gbe status and other thoughts Linux IPsec Workshop 2018 Shannon Nelson Oracle Corp

Intel 10Gbe status and other thoughts Linux IPsec Workshop 2018 Shannon Nelson Oracle Corp March 2018 Summary 10Gbe Niantic and family have IPsec HW offload Initial driver support came out in v4.15 Approx 6.5 Gbps

577 views • 22 slides
Traffic Flow Flow Confidentiality Confidentiality in in IPsec IPsec: : Traffic Protocol and

Traffic Flow Flow Confidentiality Confidentiality in in IPsec IPsec: : Traffic Protocol and

Universit di Roma di Roma Tor Tor Vergata Vergata Universit Traffic Flow Flow Confidentiality Confidentiality in in IPsec IPsec: : Traffic Protocol and and Implementation Implementation Protocol Giuseppe Bianchi,

514 views • 26 slides
Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure applications: Applicaz. (SHTTP) PGP, SHTTP, SFTP, or SSL/TLS Security down in the TCP protocol stack -SSL between TCP IPSEC and applic. layer

723 views • 59 slides

More recommend