o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
2. Session 9-10 objective
CS-9 Revision Previous Session revision
CS-9-10 – Review of SSL protocol
CS – 9-10 Review of SSL
protocol
CS -9-10 Review of IPSec
CS-9-10 PGP
SUMMARY
3. 3
There are two main schemes which are
especially designed to provide confidentiality
and authentication for electronic mail
systems. These are:
PGP
(Pretty Good Privacy)
S/MIME
(Secure/Multipurpose Internet Mail Extension)
PGP
4. 4
S/MIME
S/MIME uses public key certificates conforming to standard X.509 and
signed by a certification agency. In other respects, S/MIME is quite
similar to PGP.
S/MIME is not studied in any detail on this course and is not
examinable.
PGP
5. 5
Developed by Phil Zimmerman in 1995.
Documentation and source code is freely available.
The package is independent of operating system and processor.
PGP does not rely on the “establishment” and it’s popularity and
use have grown extensively since 1995.
PGP
7. 7
PGP Authentication
This is a digital signature scheme with hashing.
1. Alice has (private/public) key pair (Ad/Ae) and she wants to
send a digitally signed message m to Bob.
2. Alice hashes the message using SHA-1 to obtain SHA(m).
PGP
8. 8
PGP Authenticaton and Confidentiality
(at the same time)
The schemes for authentication and confidentiality can be
combined so that Alice can sign a confidential message which
is encrypted before transmission. The steps required are as
follows:
1. Alice generates a signature c for her message m as in the
Authentication scheme
c=pk.encryptAd(SHA(m))
PGP
9. 9
2. Alice generates a random session key k and
encrypts the message m and the signature c using
a symmetric cryptosystem to obtain ciphertext C
C=sk.encryptk(m,c)
4. She encrypts the session key k using Bob’s public
key
k’ = pk.encryptBe(k)
5. Alice sends Bob the values (k’,C)
PGP
10. 10
6. Bob receives k’ and C and decrypts k’ using
his private key Bd to obtain the session key
k
k=pk.decryptBd(k’)
7. Bob decrypts the ciphertext C using the
session key k to obtain m and c
(m,c) = sk.decryptk(C)
PGP
11. 11
8. Bob now has the message m. In order to
authenticate it he uses Alice’s public key
Ae to decrypt the signature c and hashes
the message m using SHA-1.
If SHA(m) = pk.decryptAe(c)
Then the message is authenticated.
PGP
12. 12
PGP E-Mail Compatibility
Many electronic mail systems can only transmit blocks of
ASCII text. This can cause a problem when sending
encrypted data since ciphertext blocks might not
correspond to ASCII characters which can be
transmitted.
PGP overcomes this problem by using radix-64
conversion.
PGP
13. 13
Radix-64 conversion
Suppose the text to be encrypted has been converted
into binary using ASCII coding and encrypted to give a
ciphertext stream of binary.
Radix-64 conversion maps arbitrary binary into printable
characters as follows:
PGP
14. 14
Radix-64 conversion
1. The binary input is split into blocks of 24 bits (3 bytes).
2. Each 24 block is then split into four sets each of 6-bits.
3. Each 6-bit set will then have a value between 0 and 26-1 (=63).
4. This value is encoded into a printable character.
PGP
15. 15
6 bit
value
Character
encoding
6 bit
value
Character
encoding
6 bit
value
Character
encoding
6 bit
value
Character
encoding
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Q
R
S
T
U
V
W
X
Y
Z
a
b
c
d
e
f
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
(pad)
w
x
y
z
0
1
2
3
4
5
6
7
8
9
+
/
=
16. 16
PGP Segmentation
Another constraint of e-mail is that there is usually a
maximum message length.
PGP automatically blocks an encrypted message into
segments of an appropriate length.
On receipt, the segments must be re-assembled before
the decryption process.
PGP
17. 17
Key Issues
1. Key Generation
Recall that a new session key is required each time a
message is encrypted. How are these keys generated?
PGP uses the timing of key strokes and key patterns
to generate random numbers.
PGP
18. 18
2. Key Identifiers
PGP allows users to have more
than one public/private key pair
To increase security
To ease the key changeover period
So how does Bob know which set
of keys he should be using?
PGP
19. 19
In the case of encryption, (Alice uses Bob’s public key) Alice can send
Bob the public key with the message since this is not secret (in fact
Alice only sends the 64 least significant bits so that Bob can identify
the key).
In the case of digital signatures Alice uses her private key and Bob
uses Alice’s corresponding public key. Alice cannot send Bob her
private key, but she can look up the corresponding public key and
send the 64 least significant bits of that.
PGP
20. 20
So a PGP message might consist of:
Message component – the actual data to be transmitted
+ a filename + a timestamp;
Signature component – timestamp + hash of message
and timestamp + first part of message (so user can
check that they are decrypting correctly) + Key ID of
sender’s public key
Session Key component – session key + key ID of
recipient’s public key
PGP
21. 21
• SSL was first developed by Netscape in 1994 and
became an internet standard in 1996 ( RFC 2246
– TLS V1.0)
• SSL is a cryptographic protocol to secure network
across a connection-oriented layer
• Any program using TCP can be modified to use
SSL connection
Encryption and its types SSL Facts
22. 22
• SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
• SSL is flexible in choice of which symmetric
encryption, message digest, and authentication
can be used
• SSL provides built in data compression
SSL Facts
23. 23
• Authenticate the server to the client
• Allow the client and server to select cryptographic
algorithms, or ciphers, that they both support
• Optionally authenticate the client to the server
• Use public key encryption techniques to generate
shared secret
• Establish an encrypted SSL connection
SSL Usage
24. 24
SSL is a secure protocol which runs above
TCP/IP and allows users to encrypt data and
authenticate servers/vendors identity
securely
Application
layer
Transport
layerTCP/IP layer
SMTPSFTPSHTTPS
SECURE SOCKET LAYER
SSL
34. 34
SSL Handshake
Client hello
Server hello
Present Server Certificate
*Request Client Certificate
Server Key Exchange
Client Finish
*Present Client Certificate
Client Key Exchange
*Certificate Verify
Change Cipher Spec
Server Finish
Change Cipher Spec
Client
Server
Application Data
SSL
35. 35
Comparison of SSL V2.0 and V3.0
• SSL 2.0 is vulnerable to “man-in-the-middle” attack. The
hello message can be modified to use 40 bits encryption. SSL
3.0 defends against this attack by having the last handshake
message include a hash of all the previous handshake
message
SSL
36. 36
Comparison of SSL V2.0 and V3.0
• SSL 2.0 uses a weak MAC construction
• In SSL 3.0, the Message Authentication Hash
uses a full 128 bits of key material for Export
cipher, while SSL 2.0 uses only 40 bits
SSL
37. 37
Comparison of SSL V2.0 and V3.0
• SSL 2.0 only allows a handshake at the
beginning of the connection. In 3.0, the
client can initiate a handshake routine any
time
• SSL 3.0 allows server and client to send
chains of certificate
• SSL 3.0 has a generalized key exchange
protocol. It allows Diffie-Hellman and
Fortezza key exchange
• SSL 3.0 allows for record compression and
decompression
SSL
38. One of the primary goals of the ARPANET
was remote access
Several different connections allowed
rlogin
rcp
rsh
All data was unencrypted
This was a different world than exists today.
SSH
39. GBI 39
SSH is a UNIX-based command interface and protocol for
securely accessing a remote computer
Suite of four utilities—slogin, ssh, sftp, and scp
Can protect against:
IP spoofing
DNS spoofing
Intercepting information
SSH
40. Protect data sent over the network
Negotiate an encryption algorithm between sender and
receiver
Use that algorithm and a session key to encrypt / decrypt data
sent
Provide site authentication
Use public key / fingerprint to ensure identity of remote host.
Relies on locally generated keys, so no certifying authority is
generally available.
SSH
46. GBI 46
SSH Tunneling
Use SSH to create an encrypted channel between remote host and server
Use that encrypted channel to carry other traffic.
SSH
Tunn
www
acce
ss
Web Server
192.168.1.10
Local port
12345
Internet
LAN
SSH
47. Security at Application Layer
(PGP, Kerberos, SSH, etc.)
Implemented in end-hosts
Advantages
- Extend application without involving operating system.
- Application can understand the data and can provide the
appropriate security.
Disadvantages
- Security mechanisms have to be designed independently of
each application.
IPSec
48. Security at Transport Layer
Transport Layer Security (TLS)
Implemented in end-hosts
Advantages
- Existing applications get security seamlessly
Disadvantages
- Protocol specific
IPSec
49. Security at Network Layer
IP Security (IPSec)
Advantages
- Provides seamless security to application and transport layers
(ULPs).
- Allows per flow or per connection security and thus allows for
very fine-grained security control.
Disadvantages
- More difficult to to exercise on a per user basis on a multi-
user machine.
IPSec
50. Security at Data Link Layer
(Hardware encryption)
Need a dedicated link between
host/routers.
Advantages- Speed.
Disadvantages
- Not scalable.
- Need dedicated links.
IPSec
51. IP Security (IPSec)
IPSec is a framework of open
standards developed by the Internet
Engineering Task Force (IETF).
Creates secure, authenticated,
reliable communications over IP
networks
IPSec
59. IPSec Modes of Operation
Transport Mode: protect the upper layer
protocols
IP
Header
TCP
Header
DataOriginal IP
Datagram
IP
Header
TCP
Header
IPSec
Header
DataTransport Mode
protected packet
Tunnel Mode: protect the entire IP payload
Tunnel Mode
protected packet
New IP
Header
TCP
Header
IPSec
Header
DataOriginal IP
Header
protected
protected
IPSec
60. Tunnel Mode
Host-to-Network, Network-to-
Network
Protected
Data
IPSec
IP Layer
SG
Interne
t
Transport
Layer
Applicatio
n
Layer
IP
Layer
Host B
Protected
Data
IPSec
IP Layer
SG
Transport
Layer
Applicatio
n
Layer
IP
Layer
Host A
SG = Security Gateway
IPSec
61. Transport Mode
Transport Layer
Application Layer
Host-to-Host
Transport Layer
Application Layer
IP Layer
Data Link Layer
IPSec
Host B
IP Layer
Data Link Layer
IPSec
Host A
IPSec
62. IPSec Security Protocols
Authentication Header (AH) provides:
- Connectionless integrity
- Data origin authentication
- Protection against replay attacks
Encapsulating Security Payload (ESP)
provides:
- Confidentiality (encryption)
- Connectionless integrity
- Data origin authentication
- Protection against reply attacks
Both protocols may be used alone or applied in
combination with each other.
IPSec