css322y13s2l12 transport lffsevel security
TRANSCRIPT
-
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
1/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
1/32
Transport Level Security
CSS322: Security and Cryptography
Sirindhorn International Institute of TechnologyThammasat University
Prepared by Steven Gordon on 28 October 2013css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex, r2965
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
2/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
2/32
Contents
Web Security Issues
TLS/SSL
HTTPS
Secure Shell
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
3/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
3/32
Web Security Issues
Original Internet protocols do not have built-in security(IP, TCP, HTTP, . . . )
Many threats arise for web and other Internetapplications
Issues at: client, server and traffic between client andserver
Cover: SSL/TLS, SSH, IPsec
http://find/http://goback/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
4/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
4/32
Comparison of Threats on the Web
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
5/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
5/32
Security Options in TCP/IP
IPsec: Security for IP datagrams; general solution for allInternet traffic; implemented in OS
SSL/TLS: Security for TCP segments; general solutionfor all TCP-based applications; implemented in
libraries/applications (e.g. OpenSSL) Application-specific: Security for application messages;
specific to each applications; implemented in singleapplication
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
6/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
6/32
Contents
Web Security Issues
TLS/SSL
HTTPS
Secure Shell
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
7/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
7/32
SSL and TLS
Secure Sockets Layer (SSL) originated in Netscape webbrowser
Transport Layer Security (TLS) standardised by IETF
SSLv3 and TLS are almost the same
SSL provides security services to application layerprotocols using TCP
SSL architecture consists of multiple protocols
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
8/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
8/32
SSL Architecture
Record: provides confidentiality and messageintegrity
Handshake: authenticate entities, negotiate parametervalues
Change Cipher: change cipher for use in connection
Alert: alert peer entity of status/warning/error
http://find/http://goback/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
9/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
9/32
Connections and Sessions
SSL connection corresponds with TCP connection Client and server may have multiple connections
SSL session is association between client and server Session created with Handshake protocol Multiple connections can be associated with one session Security parameters for session can be shared for
connections
State information is stored after Handshake protocol Session: ID, certificate, compression, cipher spec,
master secret, . . . Connection: random values, encrypt keys, MAC secrets,
IV, sequence numbers, . . .
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
10/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
10/32
SSL Record Protocol Operation
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
11/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
11/32
SSL Record Protocol
Fragmentation: maximum fragment size is 16384 Bytes
Compression: lossless; algorithm chosen in Handshake
MAC: HMAC applied on compressed data; MAC secretkey for connection used; MAC appended to compressedfragment
Encrypt: applied to compressed fragment and MAC;
algorithm chosen in Handshake SSL record header:
Content type: higher layer protocol (change cipher spec,alert, handshake, application)
Version Compressed length in bytes
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
12/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
12/32
SSL Record Format
http://find/http://goback/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
13/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
13/32
SSL Record Protocol Payload
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
14/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
14/32
SSL Handshake Protocol
Allow client and server to authenticate each other
Negotiate encryption and MAC algorithms, exchange
keys Key Exchange: RSA, Diffie-Hellman MAC: HMAC using SHA or MD5 Encryption: RC4, RC2, DES, 3DES, IDEA, AES
Multiple phases:
1. Establish security capabilities: client proposesalgorithms, server selects one
2. Server authentication and key exchange3. Client authentication and key exchange4. Finish setting up connection
http://find/http://goback/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
15/32
CSS322
-
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
16/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
16/32
SSL Handshake Protocol Operation
CSS322
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
17/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
17/32
Contents
Web Security Issues
TLS/SSL
HTTPS
Secure Shell
CSS322H PS
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
18/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
18/32
HTTPS
HTTPS: HTTP over SSL (or TLS)
URL uses https://
Web server listens on port 443
Encrypt: URL of requested document, contents ofdocument, contents of browser forms, cookies, contentsof HTTP header
Server is authenticated using certificate (using SSL) Client is authenticated using password (using HTTP)
CSS322C
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
19/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
19/32
Contents
Web Security Issues
TLS/SSL
HTTPS
Secure Shell
CSS322S Sh ll
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
20/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
20/32
Secure Shell
TELNET provides a remote login facility; insecure
Secure Shell (SSH) designed for secure remote login
SSH also supports secure file transfer and tunnelling
SSHv2 developed by IETF
SSH architecture consists of 3 protocols
CSS322SSH P t l St k
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
21/32
CSS322
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
21/32
SSH Protocol Stack
CSS322SSH A th ti ti
http://find/http://goback/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
22/32
SS3
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
22/32
SSH Authentication
Server Authentication
Server has public/private key pair Assume client knows servers public key
During key exchange, server signs message with publickey
Client Authentication
Key-based: client has public/private key pair; serverknows client public key
Password-based: client sends password (encrypted);server knows password
CSS322SSH T a s o t La e Packet E cha ge
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
23/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
23/32
SSH Transport Layer Packet Exchange
CSS322SSH Transport Layer Protocol
http://find/http://goback/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
24/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
24/32
SSH Transport Layer Protocol
Identification string exchange: each entity identifiesprotocol and software version
Algorithm negotiation: client and server send list ofsupported algorithms, in order of preference; firstcommon algorithm chosen
Key exchange: Diffie-Hellman
End of key exchange: new keys generated from sharedsecret, e.g.
Kc2s=Hash(K||H||C||session id)
where
H=Hash(IDC||IDC||MC||MS||PUS||YA||YB||K)
Service request for User Authentication or Connection
Protocol
CSS322SSH Algorithms
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
25/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
25/32
SSH Algorithms
CSS322Key Exchange with Diffie Hellman
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
26/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
26/32
Key Exchange with Diffie-Hellman
CSS322SSH Key Exchange with Diffie Hellman
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
27/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
27/32
SSH Key Exchange with Diffie-Hellman
SSH notation: q=P, =G, YA=e, YB=f
ID string for client and server: IDC, IDS;
SSH MSG KEXINIT message from client and server:MC, MS
Server key pair: (PUS, PRS); assume clientknows/trustsPUS
Client and server have agreed upon hash and encryptionalgorithms
CSS322SSH Key Exchange with Diffie-Hellman
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
28/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
28/32
SSH Key Exchange with Diffie-Hellman
(see Wireshark capture)
CSS322SSH Transport Layer Packet Formation
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
29/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
29/32
SSH Transport Layer Packet Formation
CSS322TCP Connection
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
30/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
30/32
TCP Connection
a and bare application port numbers
CSS322SSH Tunnel over TCP Connection
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
31/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
31/32
SSH Tunnel over TCP Connection
x and yare application port numbers, a and bare portnumbers used by SSH
CSS322SSH Tunnels
http://find/ -
8/10/2019 Css322y13s2l12 Transport Lffsevel Security
32/32
Transport Security
Web Security
TLS/SSL
HTTPS
SSH
32/32
SSH Tunnels
Allow normal (unsecured) applications to securelytransfer data
Bypass firewalls by using different ports Local forwarding: traffic to local port is sent via SSH
client to remote port
Remote forwarding: traffic to remote port is sent via
SSH server to local port
http://find/