networking overview 1 networking overview networking overview 2 tcp/ip tcp/ip == transmission...
TRANSCRIPT
Networking Overview 1
Networking Overview
Networking Overview 2
TCP/IP TCP/IP == Transmission Control
Protocol/Internet Protocol Almost ubiquitous protocol for
communication over network Many other networking protocols
o ATM, X.25, SS7, Sonet,…o But TCP/IP has taken over the world
Networking Overview 3
TCP/IP Here, a brief overview of TCP/IP For more info, see, for example,
o Computer Networks, Tanenbaumo Computer Networks and Internets,
Comero Computer Networking: A Top Down
Approach Featuring the Internet, Kurose and Ross
o TCP/IP Protocol Suite, Forouzan
Networking Overview 4
Why TCP/IP? Almost everywhere Author developed payphone billing
protocol in 1992o Used X.25, later ported to SS7o Today would almost certainly use
TCP/IP TCP/IP makes the world “extremely
hackable”
Networking Overview 5
OSI Reference Model In 1980, ISO
developed OSIo Computer
communication over network
Protocol layeringo Breaks problem into
small partso Layer provides
service to next higher
Modularo Makes it easy, for
example, to replace Ethernet with wireless
Networking Overview 6
OSI Reference Model Layer 7 --- Application Layer
o Links application to the communication channel
Layer 6 --- Presentation Layero How to represent bits for transmission
Layer 5 --- Session Layero Coordinate (multiple) sessions
Layer 4 --- Transport Layero Logical channel between systems
Networking Overview 7
OSI Reference Model Layer 3 --- Network Layer
o Move data from host-to-host, across network core (interconnected mesh of routers)
Layer 2 --- Data Link Layer (or Link Layer)o Move data across one “hop”
Layer 1 --- Physical Layero Transmit bits across a physical link (fiber
optic, copper cable, wireless, etc.) Note: Layers 7,6,5 often treated as one
Networking Overview 8
TCP/IP, Our Hero Layers from TCP/IP’s perspective… Application Layer --- Program trying to
communicate using TCP/IPo E.g., email servers, SSH client and server,
etc Transport Layer --- Includes TCP and
UDPo TCP provides reliable deliveryo UDP is “bare bones” transport layer protocol
Networking Overview 9
TCP/IP, Our Hero Network Layer --- Based on IP
o Deliver packets from end-to-endo To be cool, you must say “layer 3”
Data Link Layer --- One hopo “Layer 2”
Physical Layer --- The physical media
Networking Overview 10
TCP/IP Protocol Stack
TCP/IP synonymous with transport layer and network layer (combined)
For example…
Networking Overview 11
Layering (Again) Each layer adds some info
o Usually added to beginning, so called a header
Networking Overview 12
Terminology Application layer packet Transport layer TCP segment
(for example) Network layer IP datagram Data link/physical layer(s) frame We may use “packet” for all of
these
Networking Overview 13
TCP/IP Protocols: TCP, UDP, IP, ICMP
o Defined in RFCs 791 thru 793
Developed for academic researcho No thought of securityo No confidentiality, integrity, authentication, …
Networking Overview 14
TCP/IP and Security Originally, no security in TCP/IP
o Any security provided by applications But TCP/IP retrofit for security
o IPSec --- security at the “IP layer”o “Built in” security for applicationso IPSec is a bloated and complex
protocol
Networking Overview 15
TCP TCP provides reliable delivery Most familiar apps use TCP
o Web browsing (HTTP)o Secure shell (SSH)o File transfer (FTP)o Email (SMTP, POP, IMAP)o Etc., etc., etc.
For most apps, TCP saves a lot of work
Networking Overview 16
TCP Header Every TCP packet includes header
Networking Overview 17
TCP Port Numbers Source port, destination port
o 16-bit numberso Tells which “door” to send data too Source == outgoing “door”, etc.
Server application “listens” on a porto Listening ports are openo Non-listening ports are closed
Networking Overview 18
TCP Port Numbers Examples of well-known ports
o TCP port 21 --- FTPo TCP port 22 --- SSHo TCP port 23 --- telneto TCP port 25 --- SMTPo TCP port 80 --- HTTPo TCP port 6000 --- The X Window System (X11)
Note these ports are used by conventiono Could use 8080 for HTTP and not get arrestedo But both client and server must know this
Networking Overview 19
Ports Example
Note that attackers want to know which ports (“doors”) are open
Networking Overview 20
Ports To see which ports are in use
o Locally, use netstat -na
Networking Overview 21
TCP Control Bits Control bits or flags
For “3-way handshake”, and other special things
Networking Overview 22
TCP Control Bits Originally, 6 control bits
o URG --- urgent data, give it priority (or not…)
o ACK --- acknowledge earlier datao PSH --- push data thru nowo RST --- reset the connection, due to error or
an interruption (abnormal termination)o SYN --- synchronize sequence numberso FIN --- no more data, so tear down
connection
Networking Overview 23
TCP Control Bits Two additional control bits
o CWR --- congestion window reduced; due to network congestion, reduced window size
o ECE --- explicit congestion notification echo; connection is experiencing congestion
For congestion control issues
Networking Overview 24
TCP 3-Way Handshake Used to establish TCP connection
Note sequence numbers: ISNA and ISNB
o ACK and SYN flag bits used here
Networking Overview 25
TCP 3-Way Handshake Establishes “connection” Sequence numbers enable TCP to
o Make sure all packets arriveo Make sure all packets delivered in
order FIN bit used when session torn
down RST used to end in “error” cases
Networking Overview 26
Other Fields in TCP Header Data offset --- where the data begins Reserved --- reserved for future use (or
for clever attackers…) Window --- controls number of
outstanding packets; prevents one side from sending too fast (flow control)
Checksum --- error detection (uses CRC)
Networking Overview 27
Other Fields in TCP Header Urgent pointer --- if URG flag set,
tells where the urgent data is located
Options --- additional info (e.g., the max size of packet); variable size
Padding --- used to make things line up on 32-bit boundaries
Networking Overview 28
UDP UDP == User Datagram Protocol Minimal “no frills” transport
protocolo Does minimum possibleo “Connectionless”o No flow control, no congestion control,
packets can be out of order, not arrive, …
o UDP == Unreliable Damn Protocol
Networking Overview 29
UDP
Why use UDP? Low overhead
o 8 byte header vs 20 bytes (or more) for TCP No congestion control/flow control
o How can this be good?
Networking Overview 30
Where is UDP Used? Streaming audio/video
o Some packet loss is OKo Example: Real Player, UDP port 7070
Apps where low overhead is usefulo Trivial FTP (TFTP), UDP port 69o Simple Network Management Protocol
(SNMP), UDP port 161
Networking Overview 31
FTP vs UDP Which is more secure? With UDP, more work for firewalls
o Hard to track “connections”o Example: Slammer worm fit into one
376-byte UDP packet; got thru firewalls
But neither TCP nor UDP offer any “real” security (confidentiality, etc.)
Networking Overview 32
IP IP == Internet Protocol
o Not “intellectual property” IP is the network layer protocol
todayo Mostly IPv4o IPv6 used a little bit --- offers more
addresses and more securityo Here, we focus on IPv4
Networking Overview 33
IP Header Note that source and destination
addresses each 32 bits
Networking Overview 34
What is a Network? LAN == Local Area Network LANs are building blocks of networks LAN is bunch of computers connected
together by hub, switch, wireless, …o No router between computers on a LAN
Usually, small geographic area
Networking Overview 35
What is a Network? LANs are
connected by routerso Routers
move packets between LANs
Networking Overview 36
IP Addresses IP addresses are 32 bits Identify hosts (computers) on network Written in “dotted decimal” notation
o Author calls it “dotted quad” notation
Networking Overview 37
IP Addresses Every IP packet has source and
destination IP addresses Every IP address has 2 parts
o One part identifies the network (LAN)o One part identifies the specific hosto Makes routing more efficient
But which part is which?
Networking Overview 38
Netmasks Leftmost bits are network part of address Netmask (subnet mask) often used
o Uses “AND” operation
Classless Inter-Domain Routing (CIDR) notationo 10.21.0.0/16
Networking Overview 39
Packet Fragmentation Link may accept packet of max
length What if packet is too big? Fragmentation!
o Router chops packet into pieceso Reassembled at destinationo Fields in IP header identify fragments
(and how to reassemble them)
Networking Overview 40
Fragmentation Bits Don’t fragment bit
o 0 == OK to fragment, 1 == don’t fragment
More fragments bito 0 == last fragment, 1 == more
fragments Fragmentation opens door to attacks
o Firewalls/IDS do not like fragments
Networking Overview 41
Other Stuff in IP Header Version --- IPv4 or IPv6 Hlen --- total length of IP header Service Type --- for quality of service Total Length --- length of data and header Identification --- for fragment reassembly Flags --- don’t fragment, more fragments, … Fragmentation Offset --- how to reassemble
fragments
Networking Overview 42
Other Stuff in IP Header Time-to-Live (TTL) --- max number of
“hops” remaining before packet dies Protocol --- TCP or UDP Header Checksum --- error detection in
header (recomputed at each router) Source IP Address --- “from” Destination IP Address --- “to” Options --- e.g., “source routing” Padding --- pad length to multiple of 32
bits
Networking Overview 43
ICMP Internet Control Message Protocol Like the “network plumber”
o Host uses ICMP to see if another host is alive and responding
o Router uses ICMP to tell source it does not know how to route a packet
o Host can tell another host to stop sending data so fast, etc., etc.
Networking Overview 44
ICMP Same packet format as IP
o Protocol field is set to 1 Many ICMP message types
o Common types listed on next 2 slides
Networking Overview 45
ICMP Name (type number) --- explanation
o Echo reply (0) --- response to pingo Destination unreachable (3) --- IP packet
cannot be delivered (sent by router or host)o Source quench (4) --- slow down!o Redirect (5) --- send data to different routero Echo (8) --- ping (is system responding?)
Networking Overview 46
ICMP Message, type number, explanation
o Time Exceeded (11) --- TTL exceeded, or problem reassembling fragments
o Parameter Problem (12) --- bad parametero Timestamp (13) --- request system’s timeo Timestamp Reply (14) --- send system timeo Information Request (15) --- used to
determine which network a host is ono Information Reply (16) --- network IP
address
Networking Overview 47
Routing Packets How routers get packets thru
networko Like Little Red Riding Hood trying to
find the best path to grandma’s house Dynamic routing protocols
o RIP, OSPF, BGPo As if trees in the forest calculate best
path and tell Red which way to go
Networking Overview 48
Routing Packets Static routing protocols
o Hard-coded routeso Red always has to go the same way
Source routingo Source specifies route in packeto Step-by-step directions to Grandma’s
house tattooed on Red’s forehead
Networking Overview 49
NAT Network Address Translation Address-related problems
o Not enough IP addresses to go aroundo Internal network uses “illegal” or unroutable
(private) addresses Solutions: NAT
o Gateway (i.e., router or firewall) “translates” addresses
Networking Overview 50
NAT Outgoing --- gateway replaces internal
address with valid IP address Incoming --- gateway replaces valid IP
address with internal address Note that gateway must remember!
Networking Overview 51
How to Implement NAT? Map single IP address
o Every packet mapped to one IP addresso Vary source port numberso Port Address Translation (PAT)
One-to-one mappingo Internal address mapped to unique IP
address Dynamically allocate addresses
o Multiplex internal addresses to IP addresseso Not as popular as other 2 approaches
Networking Overview 52
NAT and Security NAT hides internal IP addresses
o Might be harder for attacker to map network topology
NAT of limited security valueo Attacker could take over NAT deviceo Attacker could let NAT do its job and attack
internal networko Some argue NAT harms security (IPSec)
Networking Overview 53
Firewalls: Pick Your Analogy
Network “traffic cop” Network “soccer goalie”
Networking Overview 54
Firewalls Filter based on…
o Services, addresses, data, etc., etc. May be used to protect…
o Your network from Interneto Your network from partner’s networko Your network from your networko Internet from your network
Networking Overview 55
Firewalls Attacker: “kick ball” past goalie…
Networking Overview 56
Firewalls Three types of firewalls
o Packet filter (network layer)o Stateful packet filter (transport layer)o Proxy-based firewall (application layer)
All firewalls one of these typeso In spite of marketing…
Also, Intrusion Prevention Systems (IPS)o Not quite the same as firewall
Networking Overview 57
Packet Filter Filter each packet individually
o No concept of state Can filter based on…
o Source/destination IP addresso Source/destination port (application specific)o TCP control bits (SYN, ACK, etc.)o Protocol (e.g., allow TCP, deny UDP)o Direction (incoming, outgoing)o Interface (trusted or untrusted network)
Networking Overview 58
Packet Filter Access control list (ACL), e.g.,
Allow Inside Outside Any 80 HTTP
Allow Outside Inside 80 > 1023 HTTP
Deny All All All All All
Action
Source IP
Dest IP
Source
Port
Dest Port Protoco
lAny
ACK
All
FlagBits
Start at top and work down the listo What do 1st, 2nd, 3rd lines do?
Networking Overview 59
Packet Filter Disadvantage: very limited view Consider ACL on previous slide
o Easy to kick ball past this goalieo E.g., ACK scan
Even worse with UDPo No flag bits
Advantages: speed and simplicity
Networking Overview 60
Stateful Packet Filter Improve packet filter by adding state
o State == remember something (packets) Remember each active connection
o State table: info on active connectionso Time out, typically, after 10 to 90 secondso Can see how/if new packet fits into ongoing
connectiono For example, ACK must be preceeded by
SYN
Networking Overview 61
Stateful Packet Filter With packet filter
o Attacker can “ACK scan” for open portso Send ACK packets with no prior SYN
With stateful packet filtero ACK scan failso Packets dropped since no prior SYN
Can also remember UDP “connections”
Networking Overview 62
Stateful Packet Filter Advantage: Much stronger than
packet filter Disadvantage: More work
o Often implemented in custom hardware, so speeds can be competitive
Still lacks a complete view…
Networking Overview 63
Proxy Proxy --- acts on your behalf Analogy…
o Student calls me at home late at night
o My wife answers the phoneo She tells me a student calledo Me: “Tell that $&^# to get lost!”o My wife: “He’s busy, can I take a
msg?”
Networking Overview 64
Proxy Another analogy…
o Telemarketer calls me at homeo My wife answers the phoneo She tells them to go away…o …without informing me of the call
My wife is acting as my proxy Proxy firewall is similar
Networking Overview 65
Proxy-Based Firewall Proxy can look at complete picture
o Everything packet filter seeso Everything stateful packet filter seeso Plus application level info --- can
verify that protocols are followed, data is free of malware, etc., etc.
May cache info for efficiency
Networking Overview 66
Proxy-Based Firewall Advantage: complete view Disadvantage: speed, computing power
o May limit amount of traffic it can handle, more expensive hardware, more complex, etc.
Networking Overview 67
IPS Intrusion Prevention System (IPS)
o Similar to, but not quite a firewall Analyze network traffic in real time Attack signatures/suspicious behavior
o Signatures/anomaly detection Firewall does not do this Can block suspicious communications
Networking Overview 68
Best Firewall? Try to get best from each technology
Networking Overview 69
Data Link Layer Not part of TCP/IP
o But it is a source of attacks Data Link Layer
o Move packets across one “hop”, LAN to router, router to router, etc.
o Lives in Network Interface Card (NIC)o Ethernet, 802.11 (wireless), etc.
Networking Overview 70
Ethernet Ethernet is “king of the Link Layer” Ethernet used on shared media
o Resource contention Media Access Control (MAC) addresses
o 48 bits, globally uniqueo Of form AA:BB:CC:DD:EE:FF (or “.” for “:”)o IP address is like street address, MAC
address like social security numbero Aside: Why not use IP address for
everything?
Networking Overview 71
ARP Address Resolution Protocol (ARP)
o MAC address for LAN, IP address for network ARP is used to find MAC address, given
the IP addresso Broadcast IP addresso Whoever has it, responds with MAC addresso Response is cached (for efficiency)
Networking Overview 72
ARP ARP only applies on same LAN ARP is stateless
Networking Overview 73
Hubs and Switches Both used on LAN Hub is simple/dumb device
o Broadcast to all interfaceso Simple, but wastes bandwidth
Switch is smartero Only sends data to a specific interfaceo Reduces bandwidth usage
Networking Overview 74
Hubs and Switches Hub
o Simpleo Wasteful
Switcho Complexo Saves
bandwidth
Networking Overview 75
Switches Switch stores MAC address
locationso Content Addressable Memory (CAM)
Table determined automaticallyo At first switch acts like hubo Then looks at MAC addresseso Uses this info to fill in tableo This all happens automatically
Networking Overview 76
Switch
Networking Overview 77
Wireless LAN 802.11 is king of WLAN Wireless security is difficult
o Often not secured, rogue access points, …
LAN usually has little or no securityo Maybe OK if physical access requiredo But WLAN changes all of that…o WLAN is good news for Trudy and Eve
Networking Overview 78
WLAN Regular LAN attacks work on WLAN Physical access not required! Makes hackable network more so Great news for Trudy and Eve!
o Cell phones and other wireless technology promise even more hacks
Networking Overview 79
802.11 802.11 --- 1997 @ 2Mbps 802.11a --- 1999 @ 54Mbps
o Not used much, since came out at same time as 802.11b, and 802.11b is cheaper
802.11b --- 1999 @ 11Mbpso Speed similar to traditional Ethernet
802.11g --- 2003 @ 54Mbpso Popular, combines best of 802.11a and
802.11b
Networking Overview 80
802.11 802.11i --- 2004
o Real securityo Strong encryption (AES)o Strong key exchange (TKIP)
Much stronger than WEPo WEP: “swiss cheese” of security
protocolso WEP: no integrity, poor encryption, etc.
Networking Overview 81
WEP According to Tanenbaum:
o “The 802.11 standard prescribes a data link-level security protocol called WEP (Wired Equivalent Privacy), which is designed to make the security of a wireless LAN as good as that of a wired LAN. Since the default for a wired LAN is no security at all, this goal is easy to achieve, and WEP achieves it as we shall see.”
Networking Overview 82
Security on the Internet TCP/IP provides no security Must retrofit Internet for security Application layer
o PGP, S/MIME, SSH, … “Socket layer”
o SSL/TLS (really part of application layer) Network layer
o IPSec
Networking Overview 83
Application Layer Security Pretty Good Privacy (PGP)
o Developed by Phil Zimmermano No backdoor?
“We don’t hire that kind of person”
Secure/Multipurpose Internet Mail Extensions (S/MIME)o Secure email
Secure Shell (SSH)o Secure “tunnel” for remote access
Networking Overview 84
SSL
Secure Socket Layer (SSL)o Developed for Web, HTTPo Can be used anywhereo Elegant security protocol
Transport Layer Security (TLS)o Same, but incompatible
Networking Overview 85
SSL Authentication, confidentiality,
integrity You use SSL all the time
o Whenever “lock” (or “key”) appears in browser
o HTTPS == HTTP with SSL Secure transactions on Internet
Networking Overview 86
SSL
Not quite the same as in CS166 or CS265…
Networking Overview 87
SSL
Networking Overview 88
A Note on Notation E(X,K) == encrypt X with symmetric key K
o Key is known to sender and receivero And nobody else
{X}Alice == encrypt X with Alice’s public keyo Key know to everybodyo Can only be decrypted with Alice’s private keyo Alice’s private key known only to Alice
Networking Overview 89
Notation h(X) == cryptographic hash function
o Provides “fingerprint” of Xo Compresses data
Certificateo Contains (at least) public key, nameo Signed by a Certificate Authority (CA)o CA vouches that corresponding private key
belongs to “name” in certificateo Anyone can verify signature (public key)
Networking Overview 90
Simple SSL-like Protocol
Alice Bob
I’d like to talk to you securely
Here’s my certificate
{KAB}Bob
protected HTTP
Is Alice sure she’s talking to Bob? Is Bob sure he’s talking to Alice?
Networking Overview 91
Simplified SSL Protocol
Alice Bob
Can we talk?, cipher list, RA
certificate, cipher, RB
{S}Bob, E(h(msgs,CLNT,K),K)
Data protected with key K
h(msgs,SRVR,K)
S is pre-master secret K = h(S,RA,RB) msgs = all previous messages CLNT and SRVR are constants
Networking Overview 92
SSL Authentication Alice authenticates Bob, not vice-versa
o How does client authenticate server?o Why does server not authenticate client?
Mutual authentication is possible: Bob sends certificate request in message 2o This requires client to have certificateo If server wants to authenticate client, server
could instead require (encrypted) password
Networking Overview 93
SSL MiM Attack
Alice Bob
RA
certificateT, RB
{S1}Trudy,E(X1,K1)
E(data,K1)
h(Y1,K1)
Q: What prevents this MiM attack? A: Bob’s certificate must be signed by a
certificate authority (such as Verisign) What does browser do if signature not valid? What does user do if signature is not valid?
Trudy
RA
certificateB, RB
{S2}Bob,E(X2,K2)
E(data,K2)
h(Y2,K2)
Networking Overview 94
SSL vs IPSec IPSec discussed next
o Lives at the network layer (part of the OS)o Has encryption, integrity, authentication, etc.o Is overly complex (including serious flaws)
SSL (and IEEE standard known as TLS)o Lives at socket layer (part of user space)o Has encryption, integrity, authentication, etc.o Has a simpler specification
Networking Overview 95
SSL vs IPSec IPSec implementation
o Requires changes to OS, but no changes to applications SSL implementation
o Requires changes to applications, but no changes to OS SSL built into Web application early on
(Netscape) IPSec used in VPN applications (secure tunnel) Reluctance to retrofit applications for SSL Reluctance to use IPSec due to complexity and
interoperability issues Result? Internet less secure than it should
be!
Networking Overview 96
IPSec
Networking Overview 97
IPSec and SSL IPSec lives at
the network layer
IPSec is transparent to applications
application
transport
network
link
physical
SSL
OS
User
NIC
IPSec
Networking Overview 98
IPSec and Complexity IPSec is a complex protocol Over-engineered
o Lots of generally useless extra features Flawed
o Some significant security issues Interoperability is serious challenge
o Defeats the purpose of having a standard! Complex Did I mention, it’s complex?
Networking Overview 99
IKE and ESP/AH Two parts to IPSec IKE: Internet Key Exchange
o Mutual authenticationo Establish shared symmetric keyo Two “phases” like SSL session/connection
ESP/AHo ESP: Encapsulating Security Payload for
encryption and/or integrity of IP packetso AH: Authentication Header integrity only
Networking Overview 100
IKE
Networking Overview 101
IKE IKE has 2 phases
o Phase 1 IKE security association (SA)o Phase 2 AH/ESP security association
Phase 1 is comparable to SSL session Phase 2 is comparable to SSL connection Not an obvious need for two phases in IKE If multiple Phase 2’s do not occur, then it is
more expensive to have two phases!
Networking Overview 102
IKE Phase 1 Four different “key” options
o Public key encryption (original version)o Public key encryption (improved version)o Public key signatureo Symmetric key
For each of these, two different “modes”o Main modeo Aggressive mode
There are 8 versions of IKE Phase 1!
Evidence that IPSec is over-engineered?
Networking Overview 103
IKE Phase 1 We discuss 1 of 8 phase 1 variants
o Public key signatureso Both main and aggressive modes
Networking Overview 104
IKE Phase 1 Uses ephemeral Diffie-Hellman to
establish session keyo Provides perfect forward secrecy (PFS)
Let a be Alice’s Diffie-Hellman exponent Let b be Bob’s Diffie-Hellman exponent Let g be generator and p prime Recall that p and g are public
Networking Overview 105
IKE Phase 1: Digital Signature (Main Mode)
CP = crypto proposed, CS = crypto selected IC = initiator “cookie”, RC = responder “cookie” K = h(IC,RC,gab mod p,RA,RB) SKEYID = h(RA, RB, gab mod p) proofA = [h(SKEYID,ga,gb,IC,RC,CP,“Alice”)]Alice
Alice Bob
IC, CP
IC,RC, CS
IC,RC, ga mod p, RA
IC,RC, E(“Alice”, proofA, K)
IC,RC, gb mod p, RB
IC,RC, E(“Bob”, proofB, K)
Networking Overview 106
IKE Phase 1: Public Key Signature (Aggressive Mode)
Main difference from main modeo Not trying to protect identitieso Cannot negotiate g or p
Alice Bob
IC, “Alice”, ga mod p, RA, CP
IC,RC, “Bob”, RB,
gb mod p, CS, proofB
IC,RC, proofA
Networking Overview 107
Main vs Aggressive Modes Main mode MUST be implemented Aggressive mode SHOULD be
implementedo In other words, if aggressive mode is not
implemented, “you should feel guilty about it”
Might create interoperability issues For public key signature authentication
o Passive attacker knows identities of Alice and Bob in aggressive mode
o Active attacker can determine Alice’s and Bob’s identity in main mode
Networking Overview 108
IPSec
After IKE Phase 1, we have an IKE SA After IKE Phase 2, we have an IPSec SA Both sides have a shared symmetric key Now what?
o We want to protect IP datagrams But what is an IP datagram?
o From the perspective of IPSec…
Networking Overview 109
IP Review
Where IP header is
IP header data
IP datagram is of the form
Networking Overview 110
IP and TCP Consider HTTP traffic (over TCP) IP encapsulates TCP TCP encapsulates HTTP
IP header TCP hdr HTTP hdr app data
IP header data
IP data includes TCP header, etc.
Networking Overview 111
AH vs ESP AH
o Authentication Headero Integrity only (no confidentiality)o Integrity-protect everything beyond IP
header and some fields of header (why not all fields?)
ESPo Encapsulating Security Payloado Integrity and confidentialityo Protects everything beyond IP headero Integrity-only by using NULL encryption
Networking Overview 112
ESP’s NULL Encryption
According to RFC 2410o NULL encryption “is a block cipher the origins of which
appear to be lost in antiquity”o “Despite rumors”, there is no evidence that NSA
“suppressed publication of this algorithm”o Evidence suggests it was developed in Roman times as
exportable version of Caesar’s ciphero Can make use of keys of varying lengtho No IV is requiredo Null(P,K) = P for any P and any key K
Security people have a strange sense of humor!
Networking Overview 113
Why Does AH Exist? (1)
Cannot encrypt IP headero Routers must look at the IP headero IP addresses, TTL, etc.o IP header exists to route packets!
AH protects immutable fields in IP headero Cannot integrity protect all header fieldso TTL, for example, must change
ESP does not protect IP header at all
Networking Overview 114
Why Does AH Exist? (2) ESP encrypts everything beyond the IP
header (if non-null encryption) If ESP encrypts, firewall cannot look at
TCP header (e.g., port numbers) Why not use ESP with null encryption?
o Firewall sees ESP header, but does not know whether null encryption is used
o End systems know, but not firewalls Aside 1: Do firewalls reduce security? Aside 2: Is IPSec compatible with NAT?
Networking Overview 115
Why Does AH Exist? (3)
The real reason why AH existso At one IETF meeting “someone from
Microsoft gave an impassioned speech about how AH was useless…”
o “…everyone in the room looked around and said `Hmm. He’s right, and we hate AH also, but if it annoys Microsoft let’s leave it in since we hate Microsoft more than we hate AH.”
Networking Overview 116
IPSec Will it save us?
o According to the author: “No!” Even if universally implemented,
many problems remaino E.g., software (need I say more?)
But it is step in the right direction
Networking Overview 117
Kerberos
Networking Overview 118
Kerberos In Greek mythology, Kerberos is 3-
headed dog that guards entrance to Hadeso “Wouldn’t it make more sense to guard the
exit?” In security, Kerberos is an authentication
system based on symmetric key cryptoo Originated at MITo Based on work by Needham and Schroedero Relies on a trusted third party (TTP)
Networking Overview 119
Motivation for Kerberos Authentication using public keys
o N users N key pairs Authentication using symmetric keys
o N users requires about N2 keys Symmetric key case does not scale! Kerberos based on symmetric keys but
only requires N keys for N userso But must rely on TTPo Advantage is that no PKI is required
Networking Overview 120
Kerberos KDC Kerberos Key Distribution Center or
KDCo Acts as a TTPo TTP must not be compromised!o KDC shares symmetric key KA with Alice, key
KB with Bob, key KC with Carol, etc.o Master key KKDC known only to KDCo KDC enables authentication and session keyso Keys for confidentiality and integrityo In practice, the crypto algorithm used is DES
Networking Overview 121
Kerberos Tickets KDC issues a ticket containing info
needed to access a network resource KDC also issues ticket-granting
tickets or TGTs that are used to obtain tickets
Each TGT containso Session keyo User’s IDo Expiration time
Every TGT is encrypted with KKDCo TGT can only be read by the KDC
Networking Overview 122
Kerberized Login Alice enters her password… …then Alice’s workstation
o Derives KA from Alice’s passwordo Uses KA to get TGT for Alice from the KDC
Alice can then use her TGT (credentials) to securely access network resources
Plus: Security is transparent to Alice Minus: KDC must be secure it’s
trusted!
Networking Overview 123
Kerberized Login
Alice
Alice’s
Alice wants
password
a TGT
E(SA,TGT,KA)
KDC
Key KA derived from Alice’s password KDC creates session key SA
Workstation decrypts SA, TGT, forgets KA
TGT = E(“Alice”,SA, KKDC)
Computer
Networking Overview 124
Alice Requests Ticket to Bob
Alice
Talk to Bob
I want totalk to Bob
REQUEST
REPLY
KDC
REQUEST = (TGT, authenticator) whereauthenticator = E(timestamp,SA)
REPLY = E(“Bob”,KAB,ticket to Bob, SA) ticket to Bob = E(“Alice”,KAB,KB) KDC gets SA from TGT to verify timestamp
Computer
Networking Overview 125
Alice Uses Ticket to Bob
ticket to Bob, authenticator
E(timestamp + 1,KAB)
ticket to Bob = E(“Alice”,KAB, KB) authenticator = E(timestamp, KAB) Bob decrypts “ticket to Bob” to get KAB
which he then uses to verify timestamp
Alice’s Computer
Bob
Networking Overview 126
Kerberos Session key SA used for authentication Can also be used for
confidentiality/integrity Timestamps used for mutual
authentication Recall that timestamps reduce number of
messageso Acts like a nonce that is known to both sideso Note: time is a security-critical parameter!
Networking Overview 127
Kerberos Questions
When Alice logs in, KDC sends E(SA,TGT,KA) where TGT = E(“Alice”,SA,KKDC)
Q: Why is TGT encrypted with KA?A: Extra work and no added security!
In Alice’s Kerberized login to Bob, why can Alice remain anonymous?
Why is “ticket to Bob” sent to Alice? Where is replay prevention in Kerberos?
Networking Overview 128
Kerberos Alternatives Could have Alice’s workstation remember
password and use that for authenticationo Then no KDC requiredo But hard to protect password on workstationo Scaling problem
Could have KDC remember session key instead of putting it in a TGTo Then no need for TGTso But stateless KDC is big feature of Kerberos
Networking Overview 129
Kerberos Keys In Kerberos, KA = h(Alice’s password) Could instead generate random KA and
o Compute Kh = h(Alice’s password)o And workstation stores E(KA, Kh)
Then KA need not change (on workstation or KDC) when Alice changes her password
But E(KA, Kh) subject to password guessing This alternative approach is often used in
applications (but not in Kerberos)
Networking Overview 130
Kerberos Issues? What if… Trudy gets Alice’s “credentials”?
o No problem!o Credentials encrypted with KKDC
Trudy breaks into Alice’s machine?o Session key SA is cachedo This breaks authentication
Networking Overview 131
Conclusion TCP/IP very flexible TCP/IP not designed for security
o Highly hackable SSL, IPSec, etc., help
o But many problems remain
Networking Overview 132
Summary TCP/IP, OSI Ref. Model, Layers, … Protocols: TCP, UDP, IP, ICMP Ports, well-known ports TCP flags/control bits 3-way handshake Unreliable Damn Protocol
Networking Overview 133
Summary IP, IP addresses, fragments, etc. ICMP, “plumbing” Routing, NAT, Firewalls Ethernet, hub, switch, MAC address,
ARP WLAN and 802.11 PGP, SSH, S/MIME SSL and IPSec