Lecture9 1

ISO/OSI Model SSL: Security at Transport Layer
Application Layer Presentation Layer Peer-to-peer Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Flow of bits
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security 1 INFSCI 2935: Introduction to Computer Security 2
Network Security Assurance Lecture 9

October 30, 2003
Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Network Layer Data Link Layer Physical Layer
Security at the Transport Layer Secure Socket Layer (SSL)

l Developed by Netscape to provide security in WWW browsers and servers l SSL is the basis for the Internet standard protocol Transport Layer Security (TLS) protocol (compatible with SSLv3) l Key idea: Connections and Sessions
A SSL session is an association between two peers An SSL connection is the set of mechanisms used to transport data in an SSL session
Secure Socket Layer (SSL)

l Each party keeps session information
Session identifier (unique) The peers X.503(v3) certificate Compression method used to reduce volume of data Cipher specification (parameters for cipher and MAC) Master secret of 48 bits
l Connection information
Random data for the server & client Server and client keys (used for encryption) Server and client MAC key Initialization vector for the cipher, if needed Server and client sequence numbers
l Provides a set of supported cryptographic mechanisms that are setup during negotiation (handshake protocol)
3 INFSCI 2935: Introduction to Computer Security 4
INFSCI 2935: Introduction to Computer Security
SSL Architecture
SSL Record Protocol Operation

e.g., HTTP messages
Provides a basis for Secure communication Confidentiality + Message authenticity
Message type, version, length of block

INFSCI 2935: Introduction to Computer Security 5 INFSCI 2935: Introduction to Computer Security 6
Handshake Protocol
l The most complex part of SSL l Allows the server and client to authenticate each other
Based on interchange cryptosystem (e.g., RSA)
Other protocols
l SSL Change Cipher Spec Protocol
A single byte is exchanged After new cipher parameters have been negotiated (renegotiated)
l Negotiate encryption, MAC algorithm and cryptographic keys

Four rounds
l SSL Alert Protocol

Signals an unusual condition Closure alert : sender will not send anymore Error alert: fatal error results in disconnect
l Used before any application data are transmitted

ISO/OSI Model IPSec: IPSec : Security at Network Layer

Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Flow of bits
INFSCI 2935: Introduction to Computer Security 9
IPSec
l Set of protocols/mechanisms
Encrypts and authenticates all traffic at the IP level l Protects all messages sent along a path l Intermediate host with IPSec mechanism (firewall, gateway) is called a security gateway Use on LANs, WANs, public, and private networks
Peer-to-peer
Application Layer Presentation Layer Session Layer Transport Layer
l Application independent (Transparent to user)

Web browsing, telnet, ftp Network Layer Data Link Layer Physical Layer Network Layer Data Link Layer Physical Layer
l Provides at the IP level

Access control Connectionless integrity Data origin authentication Rejection of replayed packets Data confidentiality Limited traffic analysis confidentiality
Cases where IPSec can be used

Internet/ Intranet
Cases where IPSec can be used (2)

SG Intranet Internet SG Intranet
End-to-end security between two hosts
End-to-end security between two hosts + two gateways Internet
SG
Internet/ Intranet
SG
SG Intranet
End-to-end security between two security gateways

End-to-end security between two hosts during dial-up

IPSec Protocols
l Authentication header (AH) protocol
Message integrity Origin authentication Anti-replay services
Security Association (SA)

l Unidirectional relationship between peers (a sender and a receiver) l Specifies the security services provided to the traffic carried on the SA
Security enhancements to a channel along a path
l Encapsulating security payload (ESP) protocol

Confidentiality Message integrity Origin authentication Anti-replay services l Internet Key Exchange (IKE)
Exchanging keys between entities that need to communicate over the Internet What authentication methods to use, how long to use the keys, etc.
l Identified by three parameters:

IP Destination Address Security Protocol Identifier l Specifies whether AH or ESP is being used Security Parameters Index (SPI) l Specifies the security parameters associated with the SA
Security Association (2)

l Each SA uses AH or ESP (not both)
If both required two are SAs are created
Security Association Databases

l IP needs to know the SAs that exist in order to provide security services l Security Policy Database (SPD)
IPSec uses SPD to handle messages For each IP packet, it decides whether an IPSec service is provided, bypassed, or if the packet is to be discarded
l Multiple security associations may be used to provide required security services

A sequence of security associations is called SA bundle Example: We can have an AH protocol followed by ESP or vice versa
l Security Association Database (SAD)

Keeps track of the sequence number AH information (keys, algorithms, lifetimes) ESP information (keys, IVs, algorithms, lifetimes) Lifetime of the SA Protocol mode MTU
IPSec Modes
l Two modes
Transport mode
lEncapsulates IP packet data area lIP Header is not protected
Protection is provided for the upper layers Usually used in host-to-host communications
Authentication Header (AH)

parameters
l Next header
Identifies what protocol header follows Next Header Payload length Security Parameters Index Sequence Number Authentication Data
l Payload length
Indicates the number of 32-bit words in the authentication header
l Security Parameters Index

Specifies to the receiver the algorithms, type of keys, and lifetime of the keys used
Tunnel mode
lEncapsulates entire IP packet in an IPSec envelope
Helps against traffic analysis The original IP packet is untouched in the Internet
l Sequence number
Counter that increases with each IP packet sent from the same host to the same destination and SA
l Authentication Data
Preventing replay
l Using 32 bit sequence numbers helps detect replay of IP packets l The sender initializes a sequence number for every SA
Each succeeding IP packet within a SA increments the sequence number
Transport Mode AH
Internet/ Intranet
Original IP Header Original IP Header
TCP Header Auth Header
Payload Data
Without IPSec
l Receiver implements a window size of W to keep track of authenticated packets l Receiver checks the MAC to see if the packet is authentic
TCP Header Seq. No.
Payload Data
Next Payload Header Length
SPI
MAC
20
10
Tunnel Mode AH
Internet SG Intranet
ESP Encapsulating Security Payload

l Creates a new header in addition to the IP header l Creates a new trailer l Encrypts the payload data l Authenticates the security association l Prevents replay
21 INFSCI 2935: Introduction to Computer Security
Security Parameters Index (SPI) 32 bits Sequence Number 32 bits Payload Data Padding/ Next Header Authentication Data
Original IP Header New IP Header
TCP Header Auth Header
Payload Data
Without IPSec
Original IP Header Seq. No.
TCP Header
Payload Data
Next Payload Header Length
SPI
MAC
22
11
Details of ESP
l Security Parameters Index (SPI)
Specifies to the receiver the algorithms, type of keys, and lifetime of the keys used
Transport mode ESP
l Sequence number
Counter that increases with each IP packet sent from the same host to the same destination and SA
Original IP Header Original IP Header
TCP Header ESP Header
Payload Data
Without IPSec
l Payload
Application data carried in the TCP segment
l Padding
0 to 255 bytes of data to enable encryption algorithms to operate properly To mislead sniffers from estimating the amount of data transmitted
TCP Header
Payload Data
ESP Trailer
ESP Auth
Encrypted Authenticated
l Authentication Data
MAC created over the packet
23
24
12
Tunnel mode ESP

Original IP Header New IP Header TCP Header Payload Data Without IPSec
Perimeter Defense
l Organization system consists of a network of many host machines
the system is as secure as the weakest link
ESP Original IP Header Header
TCP Header
Payload Data
ESP Trailer
ESP Auth
l Use perimeter defense

Define a border and use gatekeeper (firewall)
Encrypted Authenticated
l If host machines are scattered and need to use public network, use encryption
Virtual Private Networks (VPNs)
25
26
13
Perimeter Defense
l Is it adequate?
Locating and securing all perimeter points is quite difficult
lLess effective for large border
Firewalls
l Total isolation of networked systems is undesirable
Use firewalls to achieve selective border control
l Firewall
Is a configuration of machines and software Limits network access Come for free inside many devices: routers, modems, wireless base stations etc. Alternate: a firewall is a host that mediates access to a network, allowing and disallowing certain type of access based on a configured security policy
Inspecting/ensuring that remote connections are adequately protected is difficult Insiders attack is often the most damaging
14
What Firewalls cant do

l They are not a panacea
Only adds to defense in depth
Virtual Private Networks What is it?

l It is a private network that is configured within a public network l A VPN appears to be a private national or international network to a customer l The customer is actually sharing trunks and other physical infrastructure with other customers l Security?
l If not managed properly

Can provide false sense of security
l Cannot prevent insider attack l Firewalls act a particular layer (or layers)
15
What is a VPN? (2)

l A network that supports a closed community of authorized users l The authorized users are allowed to access various network related resources and services l There is traffic isolation
Contents are secure Services and resources are secure
l Use the public Internet as part of the virtual private network l Provide security!
Confidentiality and integrity of data User authentication Network access control
Secure IP VPNs
l Use the public Internet as part of the virtual private network l Provide security!
Confidentiality and integrity of data User authentication Network access control
l IPSec can be used
l IPSec
31
32
16
Tunneling in VPN
Typical corporate network

Intranet Firewall Mail forwarding File Server Web Server Web Server DNS (DMZ) Demilitarized Zone (DMZ)
Mail server
DNS (internal) Firewall
User machines User machines User machines Internet

INFSCI 2935: Introduction to Computer Security 33 INFSCI 2935: Introduction to Computer Security 34
17
Typical network: Terms

l Network Regions
Internet Intranet DMZ
Issues
l IP: Intranet hidden from outside world
Internal addresses can be real
lProxy maps between real address and firewall
l Network Boundaries
Firewall
l Filtering firewall: Based on packet headers l Audit mechanism
Fake private addresses

lNetwork Address Translation protocol maps internal addresses to the Internet addresses (inner firewall)
l Mail Forwarding
Hide internal addresses Map incoming mail to real server Additional incoming/outgoing checks
Proxy
l Proxy firewall: Gives external view that hides intranet l Contents of packets and messages besides attributes of packet headers
18
Firewalls: Configuration
l External Firewall
What traffic allowed
lExternal source: IP restrictions lWhat type of traffic: Ports (e.g., SMTP, HTTP)
DMZ Administration
l Direct console access required?
Real hassle
l Special access
SSH connections allowed from internal to DMZ administration connections Only from specified internal IPs Only through internal firewall
Proxy between DMZ servers and internet
l Internal Firewall
Traffic restrictions: Ports, From/to IP Proxy between intranet and outside
37
38
19
Overview
l Trust l Problems from lack of assurance l Types of assurance l Life cycle and assurance l Waterfall life cycle model l Other life cycle models
Assurance
Courtesy of Professors Chris Clifton & Matt Bishop
INFSCI 2935: Introduction of Computer Security
39
40
20
Trust
l Trustworthy entity has sufficient credible evidence leading one to believe that the system will meet a set of requirements l Trust is a measure of trustworthiness relying on the evidence l Assurance is confidence that an entity meets its security requirements based on evidence provided by the application of assurance techniques
Formal methods, design analysis, testing etc.
Relationships
Policy Statement of requirements that explicitly defines the security expectations of the mechanism(s) Provides justification that the mechanism meets policy through assurance evidence and approvals based on evidence Executable entities that are designed and implemented to meet the requirements of the policy
Evaluation standards Trusted Computer System Evaluation Criteria Information Technology Security Evaluation Criteria Common Criteria
Assurance
Mechanisms
21
Problem Sources (Neumann)

1. 2. 3. 4. 5. 6. 7. 8. 9. Requirements definitions, omissions, and mistakes System design flaws Hardware implementation flaws, such as wiring and chip flaws Software implementation errors, program bugs, and compiler bugs System use and operation errors and inadvertent mistakes Willful system misuse Hardware, communication, or other equipment malfunction Environmental problems, natural causes, and acts of God Evolution, maintenance, faulty upgrades, and decommissions
Examples
l Challenger explosion (1986)
Sensors removed from booster rockets to meet accelerated launch schedule
l Deaths from faulty radiation therapy system

Hardware safety interlock removed Flaws in software design
l Bell V22 Osprey crashes

Failure to correct for malfunctioning components; two faulty ones could outvote a third
l Intel 486 chip bug (trigonometric function)

Cost a lot of time and money
22
Role of Requirements
l Requirements are statements of goals that must be met
Vary from high-level, generic issues to lowlevel, concrete issues
Types of Assurance
l Policy assurance is evidence establishing security requirements in policy is complete, consistent, technically sound
To counter threats and meet objectives
l Security objectives are high-level security highissues and business goals l Security requirements are specific, concrete issues
l Design assurance is evidence establishing design sufficient to meet requirements of security policy l Implementation assurance is evidence establishing implementation consistent with security requirements of security policy
Need to use good engineering practices
23
Types of Assurance
l Operational assurance is evidence establishing system sustains the security policy requirements during installation, configuration, and day -to- day operation day-toAlso called administrative assurance Example, Do a thorough review of product or system documentation and procedures, to ensure that the system cannot accidentally be placed in a non-secure state.
Assurance steps
Security requirements 2 Assurance justification 4
Design and implementation refinement 3
Design
Implementation
48
24
Life Cycle
l Conception l Manufacture l Deployment l Fielded Product Life
Conception
l Idea
Decisions to pursue it
l Proof of concept
See if idea has merit Rapid prototyping, analysis, etc.
l High-level requirements analysis High What does secure mean for this concept?
l Identify threats
Is it possible for this concept to meet this meaning of security? Is the organization willing to support the additional resources required to make this concept meet this meaning of security?
25
Manufacture
l Develop detailed plans for each group involved
May depend on use; internal product requires no sales Plans : marketing, sales training, development, testing Software development and engineering process
Deployment
l Delivery
Assure that correct (assured) masters are delivered to production and protected Distribute to customers, sales organizations
l Implement the plans to create entity

Includes decisions whether to proceed, for example due to market needs
l Installation and configuration

Developers must ensure that the system operates properly in the production environment
l May be the longest stage
51
52
26
Fielded Product Life

l Routine maintenance, patching
Responsibility of engineering in small organizations Responsibility may be in different group than one that manufactures product
Waterfall Life Cycle Model

l Requirements definition and analysis
Functional and non-functional General (for customer), specifications
l System and software design l Implementation and unit testing l Integration and system testing l Operation and maintenance
l Customer service, support organizations

Answering questions; recording bugs
l Retirement or decommission of product

Migration plans for customers
27
Relationship of Stages
Other Models of Software Development

l Exploratory programming
Develop working system quickly Used when detailed requirements specification cannot be formulated in advance, and adequacy is goal No requirements or design specification, so low assurance
Operation and maintenance
Requirements definition and analysis
System and software design
Implementation and unit testing
Integration and system testing
l Prototyping (Similar to Exploratory)

Objective is to establish system requirements Future iterations (after first) allow assurance techniques
55
56
28
Models
l Formal transformation
Create formal specification Translate it into program using correctnesspreserving transformations Very conducive to assurance methods
Models
l Extreme programming
Rapid prototyping and best practices Project driven by business decisions Requirements open until project complete Programmers work in teams Components tested, integrated several times a day Objective is to get system into production as quickly as possible, then enhance it Evidence adduced after development needed for assurance
l System assembly from reusable components

Depends on whether components are trusted Must assure connections, composition as well Very complex, difficult to assure This is common approach to building secure and trusted systems
58
29
Key Points
l Assurance critical for determining trustworthiness of systems l Different levels of assurance, from informal evidence to rigorous mathematical evidence l Assurance needed at all stages of system life cycle
59
60
30

Lecture9 1

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Lecture9 1

Caricato da

Copyright:

Formati disponibili

ISO/OSI Model SSL: Security at Transport Layer

Network Security Assurance Lecture 9

Network Layer Data Link Layer Physical Layer

Security at the Transport Layer Secure Socket Layer (SSL)

Secure Socket Layer (SSL)

INFSCI 2935: Introduction to Computer Security

SSL Record Protocol Operation

Provides a basis for Secure communication Confidentiality + Message authenticity

Message type, version, length of block

l Negotiate encryption, MAC algorithm and cryptographic keys

l SSL Alert Protocol

l Used before any application data are transmitted

ISO/OSI Model IPSec: IPSec : Security at Network Layer

Application Layer Presentation Layer Session Layer Transport Layer

l Application independent (Transparent to user)

l Provides at the IP level

Cases where IPSec can be used

Cases where IPSec can be used (2)

End-to-end security between two hosts

End-to-end security between two hosts + two gateways Internet

End-to-end security between two security gateways

End-to-end security between two hosts during dial-up

Security Association (SA)

l Encapsulating security payload (ESP) protocol

l Identified by three parameters:

Security Association (2)

Security Association Databases

l Multiple security associations may be used to provide required security services

l Security Association Database (SAD)

Authentication Header (AH)

l Security Parameters Index

Original IP Header Original IP Header

TCP Header Auth Header

TCP Header Seq. No.

Next Payload Header Length

INFSCI 2935: Introduction to Computer Security

ESP Encapsulating Security Payload

Original IP Header New IP Header

TCP Header Auth Header

Original IP Header Seq. No.

Next Payload Header Length

INFSCI 2935: Introduction to Computer Security

Transport mode ESP

Original IP Header Original IP Header

TCP Header ESP Header

INFSCI 2935: Introduction to Computer Security

INFSCI 2935: Introduction to Computer Security

Tunnel mode ESP

ESP Original IP Header Header

l Use perimeter defense

INFSCI 2935: Introduction to Computer Security

INFSCI 2935: Introduction to Computer Security

INFSCI 2935: Introduction to Computer Security

What Firewalls cant do

Virtual Private Networks What is it?

l If not managed properly

INFSCI 2935: Introduction to Computer Security

What is a VPN? (2)

l IPSec can be used

INFSCI 2935: Introduction to Computer Security

INFSCI 2935: Introduction to Computer Security

Typical corporate network