services and protocols engineering -...

1

Ingeniería de Servicios y Protocolos – Services and Protocols Engineering

Ingeniería de servicios y protocolos Services and protocols engineering

NETWORK SECURITY PROTOCOLS AND SERVICES

Lourdes López Santidrián

[email protected]

2


NETWORK SECURITY SERVICES

3


System risk areas The big tree

Confidentiality

AAA Integrity

4


Security services Authentication A receiver can verify that the data is really sent by the claimed sender It is mandatory if the net needs a barrier between external and internal members

Authorization It states that only authorized entities can be able to perform certain operations

Availability The users of a Network must be capable of accessing its services whenever they need them

5


Security services

Confidentiality Only the desired recipients can understand the message May be not mandatory

Integrity If the data produced and sent over the network are altered, the receiver will have a proof In most cases it is a mandatory property

6


Secret/Symmetric Key Algorithms Algorithm Time (ms) CPU Cycles Power (μJ) ROM Memory

(Kb)

SkipJack 2,16 (3) 15.925,2 (3) 51,4 (3) 19 (4)

RC5 1,50 (2) 11.059,2 (1) 36,00 (1) 16 (3)

RC6 10,78 (5) 79.478,7 (5) 258,72 (5) 16 (3)

TEA 2,56 (4) 18.874,4 (4) 61,44 (4) 15,5 (1)

XTEA 1,45 (1) 12.450,2 (2) 40,7 (2) 15,5 (1)

DES 608,00 (6) 4.482.662,4 (6) 14.592,00 (6) 31 (6)

7


Public/Asymmetric Key Algorithm

Diffie-Hellman Algorithm TinyECC (Elliptic Curve Cryptography) ECC-based signature generation and verification (ECDSA) Encryption and decryption (ECIES) Key agreement (ECDH)

8


NETWORK SECURITY TRADITIONAL PROTOCOLS

9


SSH (Secure Shell) Telnet and other remote logins as Berkeley rsh and rexec: Send data in plaintext => login+password in clear

SSH is a protocol for secure remote login and other secure network services over an insecure network.

RFC 4251, 2006 Unix, Microsoft Windows, Apple's Mac OS X, and Linux. SSH uses the client-server model Other uses: Tunneling Forwarding TCP ports and X11 connections; it can transfer

files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols.

10


SSH (Secure Shell) It consists of three major components: The Transport Layer Protocol [SSH-TRANS] Provides server authentication, confidentiality, and

integrity. It may optionally also provide compression. Typically be run over a TCP/IP connection.

The User Authentication Protocol [SSH-USERAUTH] Authenticates the client-side user to the server. It runs over the transport layer protocol.

The Connection Protocol [SSH-CONNECT] Multiplexes the encrypted tunnel into several logical

channels. It runs over the user authentication protocol.

11


SSH (Secure Shell) Client Authentication: The client generate a key pair on its own computer Client copy its public key to the server When the server asks the client to prove who it is, client can

generate a signature using client private key. The server can verify that signature (since it has client

public key) and allow client to log in. Now if the server is hacked or spoofed, the attacker does

not gain client private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing.

12


SSL/TLS SSL (Secure Socket Layer) v3.0 Netscape

TLS (Transport Layer Security) IETF v1.2 RFC 5246

Protects any protocol built on sockets: telnet, ftp, HTTP.

Services provided: Session encryption (AES, DES, IDEA, RC4). Server authentication (RSA, DSS).

Client authentication (optional) (RSA, DSS).

Message integrity (SHA, MD5).

SSL/TLS uses certificates X.509 v3.

13


SSL/TLS architecture

Handshake Protocol

Alert Protocol

Change Cipher Spec Protocol

Record Protocol

14


Handshake Protocol It is the responsible for establishing and terminate SSL/TLS

connections. It is the responsible for session negotiation. It is the responsible for keys negotiation. It is the responsible for server authentication and optionally

client authentication. It uses the sub-protocols: Change Cipher Spec Protocol. Alert Protocol.

15


Handshake flow chart Client Server

ClientHello

ChangeCipherSpec Finished

ClientCertificate* ClientKeyExchange CertificateVerify* ChangeCipherSpec Finished

ServerHello ServerCertificate* ServerKeyExchange* CertificateRequest* ServerHelloDone

16


Change cipher spec Protocol ChangeCipherSpec protocol is used to switch

between an encryption algorithm (called "strategies" in the specification) and other.

To change the encryption algorithm, the client and server first negotiate a new CipherSpec (encryptions especification) and their keys. Then each sends a message ChangeCipherSpec, which makes the receiving process to start using the new CipherSpec and their keys.

17


Alert Protocol

The systems use the alert protocol to indicate an error or warning condition to the other entity in its communication.

It has two fields: AlertLevel: Warnings (1), indicate a non fatal problem Errors (2), terminate immediately the SSL session

AlertDescription: describe errors or warnings

18


Record protocol

type version length fragment

SSLPlaintext

type version length fragment

SSLCompressed

type version length content SSLCiphertext

MAC padding padding length

19


IPSec IPSec (Internet Protocol Security) IETF RFC 4301 It is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a

communication session HMAC-SHA1, TripleDES-CBC, AES-CBC

IPsec also includes protocols for: establishing mutual authentication between agents at the

beginning of the session and negotiation of cryptographic keys to be used during the

session IPsec is an end-to-end security scheme : host-to-host, network-to-network or network-to-host

20


IPSec Protocols Authentication Headers (AH) Provides connectionless integrity and data origin

authentication for IP datagrams Provides protection against replay attacks

Encapsulating Security Payloads (ESP) Provides confidentiality, data origin authentication,

connectionless integrity Provides an anti-replay service (a form of partial sequence

integrity) Provides limited traffic flow confidentiality

Security Associations (SA) Provide the bundle of algorithms and data that provide the

parameters necessary to operate the AH and/or ESP operations.

21


IPSec modes of operation TRANSPORT MODEL Only the payload of the IP packet is usually encrypted

and/or authenticated. The routing is intact, since the IP header is neither modified

nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this will invalidate the hash value.

The transport and application layers are always secured by hash, so they cannot be modified in any way (for example by translating the port numbers).

Transport mode is used for host-to-host communications.

22


IPSec modes of operation TUNNEL MODEL The entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP

header. Tunnel mode is used to create virtual private networks

(VPN) for: network-to-network communications (e.g. between

routers to link sites) host-to-network communications (e.g. remote user

access) and host-to-host communications (e.g. private chat)

23


SECURITY PROTOCOLS FOR ADVANCED NETWORKS

24


WSN Security Obstacles of Sensor Security Very limited resources Limited memory and storage space => code must be small Power limitation => processing must be small

Unreliable communication Unreliable transfer (connectionless) => lost, damage packets Conflicts by broadcast nature => transfer will fail Latency. Multi-hop routing difficult to achieve synchronization

=> problems with key distribution and critical event reports Unattended operation Exposure to physical attacks Managed remotely No central management point

25


Security requirements in WSN Data confidentiality Data integrity Data freshness Availability Self-organization Time synchronization Secure localization Authentication

26


Attacks in WSN Denial of service attacks Jam a node o set of nodes. Transmission of a radio signal

that interferes the WSN radio frequencies Constant jamming Intermittent jamming

Violate the communication protocol (ZigBee or IEEE 801.11b) transmitting continually message to generate collisions

Attack the routing layer Refusing to route messages in a multihop network Routing message to incorrect node

Attack the transport layer Flooding by many connection request

27


Attacks in WSN The Sybil attack Malicious device illegitimately takes on multiple identities Routing algorithms, data aggregation, voting, fair resource

allocation and foiling misbehavior detection Traffic analysis attack Attacker can monitor nodes closest to the base station

Node replication attacks Copy the node ID of an existing sensor node

Attack against privacy Monitor, eavesdropping, traffic analysis or camouflage

Physical attacks Node destruction, extract secrets, modify software

28


Defensive measures in WSN Key establishment Public key cryptography use to much resources Use of ECC 160 bits keys (8-bit CPU) TinyPK (use TinySec with DH)

Use of optimized symmetric cryptography: XTEA, RC5-32, MISTY1, AES

Random key pre-distribution schemes: Key ring LEAP protocol: 4 keys for different uses + distribution key

preloaded Common trust of a third node

29


References RFC 4251. The Secure Shell (SSH) Protocol Architecture. T.

Ylonen, SSH Communication Security Corp., C. Lonvick, Ed. Cisco Systems, Inc. January 2006. http://www.ietf.org/rfc/rfc4251.txt

RFC 5246. The Transport Layer Security (TLS) Protocol Version 1.2. T. Dierks , Independent, E. Rescorla RTFM, Inc. August 2008 http://tools.ietf.org/html/rfc5246

RFC 430. Security Architecture for the Internet Protocol. S. Kent, K. Seo, BBN Technologies. December 2005. http://tools.ietf.org/html/rfc4301

services and protocols engineering -...

Documents