Transcript VPN and SSL

Cosc 4765
SSL/TLS and VPN
SSL and TLS
• We can apply this generally, but also from
a prospective of web services.
• Multi-layered:
– S-http (secure http), just for http
• Proposed by CommerceNet, pretty much dead
– SSL (TLS), generic for TCP
• https: http over SSL
– IPSec
• http over IPSec
Security facilities in the TCP/IP
protocol stack
SSL and TLS
• SSL was originated by Netscape
• TLS working group was formed within
IETF
• First version of TLS can be viewed as an
SSLv3.1
SSL Overview
• For any TCP protocol: HTTP (https:// port
443), NNTP, telnet, etc.
– Secure byte stream.
• Optional (but common) public key server
authentication.
• Optional client authentication.
• Hash: combined MD5 and SHA.
• Encryption optional.
• Now: TLS (IETF WG).
SSL/TLS Overview
• Secure Sockets
Layer
– Establishes
encrypted channel
for communications
– Establishes a private
session with public
keys
– All communications
encrypted with
private key
SSL Architecture
• Two layers:
– SSL record protocol provides basic security
services
– 3 higher-layer protocols:
• Handshake, change cipher spec, alert
• Connection
– A transport with some service, associated with
a session
• Session
– Created by handshake, defines cryptographic
security parameters for multiple connections
Handshake Protocol
• The most complex part of SSL.
• Allows the server and client to authenticate
each other.
• Negotiate encryption, MAC algorithm and
cryptographic keys.
• Used before any application data are
transmitted.
Handshake Protocol Action
SSL Record Protocol
• 2 services:
– Confidentiality, message integrity
• Layered protocol:
– Fragment application data into blocks
– Compress data
– Apply message authentication code (MAC) =
h(s|m) for message m and secret s
– Encrypt with client (cw) or server (sw) write key
– Transmit over TCP
• Specify content type for higher protocols
SSL Record Protocol Operation
SSL Record Format
Transport Layer Security
•
•
•
•
The same record format as the SSL record format.
Defined in RFC 2246.
Similar to SSLv3.
Differences in the:
–
–
–
–
–
–
–
–
–
version number
message authentication code
pseudorandom function
alert codes
cipher suites
client certificate types
certificate_verify and finished message
cryptographic computations
padding
Virtual Private Networks
• VPN
– Can be built on top of SSL or IPSec infrastructure
• Works well with firewalls or as standard alone appliance.
– User outside the firewall needs to get inside the firewall
safely
– Encrypted “tunnel” or channel is negotiated with
firewall
– User’s packets going to hosts behind the firewall get
translated so they look like they’re coming from an
internal IP
– From the user’s point of view, they are “inside” the
private network
IPSec
• IPSec is not a single protocol
– but rather a set of services and protocols that provide a complete security
solution for an IP network.
• Some of the kinds of protection services offered by IPSec
include:
– Encryption of user data for privacy.
– Authentication of the integrity of a message to ensure that it is not
changed en route.
– Protection against certain types of security attacks, such as replay
attacks.
– The ability for devices to negotiate the security algorithms and keys
required to meet their security needs.
– Two security modes, tunnel and transport, to meet different network
needs.
IP Security (IPSec) RFC Standards
•
RFC 2401 Security Architecture for the Internet Protocol
– Main document describing how to put it all together.
•
RFC 2402IP Authentication Header
– Defines the IPSec Authentication Header (AH) protocol used for ensuring data integrity and
origin verification.
•
RFC 2403 The Use of HMAC-MD5-96 within ESP and AH
– Describes a particular encryption algorithm for use by AH and ESP called Message Digest 5
(MD5), HMAC variant.
•
RFC 2404 The Use of HMAC-SHA-1-96 within ESP and AH
– Describes a particular encryption algorithm for use by AH and ESP called Secure Hash
Algorithm 1 (SHA-1), HMAC variant.
•
RFC 2406 IP Encapsulating Security Payload (ESP)
– Describes the IPSec Encapsulation Security Payload (ESP) protocol that provides data
encryption for confidentiality.
•
RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
– Defines methods for exchanging keys and negotiating security associations.
•
RFC 2409 The Internet Key Exchange (IKE)
– Describes the Internet Key Exchange (IKE) protocol used to negotiate security associations
and exchange keys between devices for secure communications. Based on ISAKMP and
OAKLEY.
•
RFC 2412 The OAKLEY Key Determination Protocol
– Describes a generic protocol for key exchange.
Operations
•
It provides security services at the IP layer for other
TCP/IP protocols and applications to use.
–
•
Provides the tools that devices on a TCP/IP network need in
order to communicate securely
To accomplish this they:
1.
2.
3.
4.
They agree on a set of security protocols to use, so that each one
sends data in a format the other can understand.
They must decide on a specific encryption algorithm to use in
encoding data.
They must exchange keys that are used “unlock” data that has
been cryptographically encoded.
Once this background work is completed, each device must use
the protocols, methods and keys previously agreed upon to
encode data and send it across the network.
Components
• Core
– IPSec Authentication
Header (AH):
• provides
authentication
services for IPSec.
• verify that the supposed originator of a message was in fact the one that
sent it.
• verify that none of the data in the datagram has been changed by any
intermediate devices en route.
• Protects from “replay” attacks
– Encapsulating Security Payload (ESP):
• ensures integrity of the data in datagram,
• but not its privacy, when the information in a datagram is “for your eyes only”,
it can be further protected using the ESP protocol, which encrypts the payload
of the IP datagram.
Implementation
• Integrated into
the IP stack a
common method,
if all data going
between two
devices.
Implementation (2)
• When using two VPNS to provide a secure
connection between remote locations
IPSec Modes
• There are 2 modes, Transport and tunnel
– The main differences is one protects the orignal IP
datagram (including headers), while the other does not.
• Transport
– IP header, IPSec Header, IP payload.
• Tunnel
– New IP header, IPSec header, old IP header, IP payload
Transport Mode
Tunnel Mode
Authentication Header (AH)
• AH is a protocol that provides authentication of
either all or part of the contents of a datagram
through the addition of a header that is calculated
based on the values in the datagram.
– What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode
(tunnel or transport)
• Remember this provides no privacy or encryption,
only the integrity of the data.
Encapsulating Security Payload (ESP)
• Encrypts the IP datagrams.
• An encryption algorithm combines the data
in the datagram with a key to transform it
into an encrypted form. This is then
repackaged using a special format that we
will see shortly, and transmitted to the
destination, which decrypts it using the
same algorithm.
• Putting it
all together
Anti-replay Feature
• Optional
• Information to enforce held in SA entry
• Sequence number counter - 32 bit for
outgoing IPSec packets
• Anti-replay window
– 32-bit
– Bit-map for detecting replayed packets
Anti-replay Sliding Window
• Window should not be advanced until the
packet has been authenticated
• Without authentication, malicious packets
with large sequence numbers can advance
window unnecessarily
– Valid packets would be dropped!
References
• Computer Networking with internet
protocols and technology, Stallings,
Prentice Hall, 2004
• http://www.tcpipguide.com/free/t_Inter
netProtocolIPIPv4IPngIPv6andIPRelat
edProtocol.htm
Q&A