Applied IT Security: 8 Authentication and Security Protocols

Applied IT Security
Applied Cryptography
Dr. Stephan Spitz
Stephan.Spitz@zv.fraunhofer.de

8 Authentication/Security Protocols

• Overview & Basics
• Network Protocols and the Internet
• Operating Systems and Applications
• System Security
• Operating System Security
• Security Threats on Networks
• Firewalls and Intrusion Detection Systems

• Applied Cryptography
• Public Key Infrastructures
• Authentication Protocols
• Encryption and digital Signatures in topical Applications

• Software Development & IT Security
• Building Secure IT Systems
• Use of Cryptographic Libraries and Devices
• The Future of IT Security


• Overview & Basics
• Network Protocols and the Internet
• Operating Systems and Applications
• System Security
• Operating System Security
• Security Threats on Networks
• Firewalls and Intrusion Detection Systems

• Applied Cryptography
• Public Key Infrastructures
Today • Authentication Protocols
• Encryption and digital Signatures in topical Applications

• Software Development & IT Security
• Building Secure IT Systems
• Use of Cryptographic Libraries and Devices
• The Future of IT Security


Overview Authentication and Security Protocols
• Network and Transport Layer Security
• Virtual Private Networks
• IPSec
• Internet Key Exchange

• Application Layer Security
• SSL / TLS / HTTPS / SSH / SMIME
• SSL in Detail
• Example: Apache and SSL

• Wireless Protocol Security
• Wireless Security Protocols
• Bluetooth Security
• UMTS Security


Protocol Layers

Services for applications (E-Mail
SMTP, HTTP, SNMP, clients and server, WWW-Server),
FTP, SOAP, etc.
Application Layer
SSL/TLS name resolution (DNS)
Transmission Control SOCKET INTERFACE
Protocol (TCP), UDP, Connetion-oriented, connectionless
ICMP (Internet Control Transport Layer transport service for applications
Message Protocol) for IPSec Transport Layer
debugging
Network Layer Routing, Adressing of packages
Internet Protocol (IP)
IPSec Network Layer (Tunnel)

Ethernet, Token Ring, L2TP, PPTP Package Transmission on
ATM, PPP, GPRS Data Link Layer physical media
WEP, EAP


Network Layer Security (Tunnel)

Application Data
Application Layer Application Layer

Transport Payload
Transport Layer Transport Layer

Security Network Payload in a Secure Tunnel Security
enhanced enhanced
Network Network
Layer Layer

Data Link Payload
Data Link Data Link
Layer Layer

• Protected communication in an open network between secure
systems e.g. firewalls, router


Transport Layer Security

Application Data
Secured Packet Transport
Security Security
enhanced enhanced
Network Payload
Network Network
Layer Layer
Data Link Payload Data Link
Data Link
Layer Layer

• Communication inside a secure network with protected
transport payload (AH or ESP)


Virtual Private Networks (VPN)
• The basic VPN functionality is the provision of authentication,
access control, confidentiality and data integrity

• A process called „Tunneling“ enables the virtual part of a VPN.
There are two tunneling protocols:
PPTP Point to Point Tunneling Protocol
L2TP Layer 2 Tunneling Protocol

• IPSec security services keep the VPN (transport, network)
payload private (optionally), integer and authenticated:
IPSec AH Authentification Header
IPSec ESP Encapsulating Security Payload


IPSec

• Tunnel Mode (Network Layer Security)
IP IPSec IP TCP/UDP Application
Header Header Header Header Protocol

Original Packet (AH, optionally kept secret with ESP)

• Transport Mode (Transport Layer Security)
IP IPSec TCP/UDP Application
Header Header Header Protocol

Original Packet (AH, optionally kept secret with ESP)


Tunneling

• Tunneling with L2TP or PPTP
Layer 2 L2TP/PPTP IP TCP/UDP Application
Media Header Header Header Data
Header

Original Packet

• Combination of IPSec and L2TP
Layer 2 IP IPSec IP TCP/UDP
L2TP/PPTP Application
Media Header Header Header Header
Header Data
Header

Original Packet

IPSec Network View

IPSec Gateway

•Physical NWI, IP known in INTERNET
•Logical NWI inside VPN
INTERNET •Physical NWI with IP known in LAN

IPSec Host

•Physical NWI (Network Interface)
•Logical NWI with IPSec IP inside VPN
Company LAN


Internet Key Exchange (IKE)
• IKE is the alternative to manual key configuartion to … :
… agree between the communicating parties on
protocols, algorithms and keys.
… ensure talking to the right person (authentication).
… secure key management and exchange
• IKE = Security Association (SA)+Key Management Protocol (KMP)

• KMP can be done in …
… main mode i.e. DH-agreement with identity and nonces, key
derivation (deriv., auth., enc.) and identity prooving
… aggressive mode i.e. main mode without DH identity protection
… quick mode inside a SA


Application Layer Security
Authenticated and privacy protected Application Data


SSL/TLS/SSH SSL/TLS/SSH
Transport Payload
Network Payload
Network Network
Layer Layer
Data Link Payload Data Link
Data Link
Layer Layer

• Communication on application level is secured by cryptography


Overview

• SSL: Secure Socket Layer = Application level security built on
the socket interface to support security in ftp, telnet, http, etc.

• TLS: Transport Layer Security eq. SSL (SSL 3.0 = TLS 1.0)

• HTTPS: HTTP over TLS/SSL

• SSH: Secure Shell supports authenticated and encrypted remote
system logins also based on the socket interface (it´s a program
and a protocol)

• SMIME: Secure MIME (Multipurpose Internet Mail Extensions )
format for secure email exchange based on PKCS#7


SSL History
SSL V1.0 (1993)
• Security on application level
• Developed by Netscape

SSL V2.0 (1994)
• First implementation in Netscape Navigator
• Limitation on 40 bit keys

SSL V3.0 (1995)
• Bugfixes and new crypto algorithms
• Unlimited key length

SSL V3.1 TLS V1.0 (1999)
• Authentic mode only with message digest and without encryption


SSL Handshake
Client Server
Client Hello (ID, RND1, CipherSuite)

Server Hello (ID, RND2, CipherSuite)

Certificate

Certificate Request

Hello Done

Certificate

ClientKeyExchange (Enc PubKey Server)

Certificate Verify (Enc PrivKey Client)

ChangeCiperSpec/Finished (Enc SessionKey)

ChangeCiperSpec/Finished (Enc SessionKey)


SSL Communication

SSL Record Layer

• Complete division of SSL Handshake and Record Layer Communication

• Record Layer provides encrypted communication (handshake keys!)

• Fragmentation support for encrypted SSL records

• Bandwith reduction due to compression in SSL records

• Sequence counters ensure connection orientation on SSL level

• Integrity of data is ensured by adding message digest


Programming with SSL-Sockets
Client side :
1. Define socket parameters in SSL_struct
2. Open socket socket() and connect to server connect()
3. Connect Unix socket and SSL data SSL_ste_fd()
4. Start SSL handshake with SSL_connect()
5. Write and read data on SSL socket SSL_write(), SSL_read()
Server side :
Step 1-3 is like the client side without connect()
4. Wait on client request listen() and accept it accept()
5. Read the private server key SSL_use_RSAPrivateKey()
6. Select the server certificate again with SSL_use_RSAPrivateKey()
7. After SSL_connect() read and write data to client


Resistance of SSL against Attacks
Replay attack
• Random numbers inside SSL handshake prevent replay of
handshake
• Encrypted sequence numbers in SSL record layer prevent replay
of „old“ SSL-Records.
Man-in-the-Middle attack
• Dynamic key agreement via challenge response technique in
SSL handshake
IP Spoofing
• IP packages with faked source IP can not be prevented, because
SSL provides no security for the network and the transport layer


Security in Wireless Protocols

• General Security Aspects in Wireless LANs according to IEEE 802.1x

• WEP (Wired Equivalent Privacy) and EAP (Extensible Authentication
Protocol) security in Wireless LANs according to IEEE 802.1x

• Bluetooth security architecture (three secure modes),
authentification/key negotiation and encryption


General WLAN Security Aspects

• Wireless LAN access point detection (war driving) via Netstumbler/
Ministumbler or SSIDsniff; sniffing via CENiffer, Kismet, Ethereal

• Denial of service attacks based on jamming in the 2.4 GHz band or
the 5 GHz band are possible

• Secure Configuration:
Don´t use default SSID (Service Set Identifier i.e. WLAN Name)
Enable Hidden SSID (connection only with clients knowing SSID)
Limit access only to certain MACs (be careful MAC can be faked!)
Enable WEP and use EAP authentication


Wired Equivalent Privacy (WEP)
• Wired Equivalent Privacy (WEP) is defined in IEEE 802.11Wireless
LAN Medium Access Control (MAC) and Physical Layer (PHY) Spec.

• WEP defines a simple stream cipher based on an RC4 pseudo
random generator seeded by an initialisation vector and the key.

• WEP weaknesses have been announced by Fluhrer, Mantin and
Shamir in 2001; meanwhile cracks are available (Airsnort,
WEPCrack) based on:
IV is first transmitted as plain text and only 24 bit (after
224 packets the key is repeated simple crypto analysis
based on autocorrelation)
Seed must not be used twice, which is often practiced,
because of repetition of IV or using 0 as IV for the first
packet

Extensible Authentication Protocol (EAP)
• RFC 2284 defines the PPP Extensible Authentication Protocol (EAP)
for embedding authentication in other protocols like WEP.

• There are different ways for authentication:
EAP-MD5 provides a username, password authentication,
not advisable with the weaknesses of WEP encryption
EAP-TLS uses an asymmetric challenge-response
authentication based on X.509 certificates
EAP-TLS SSL-Handshake without client certificate
transmission
EAP-SIM authentication based on mobile phones SIM
(Subscriber Identity Module)


Bluetooth Security
• Bluetooth defines three modes Non Secure, Service Level Enforced
Security and Link Level Enforced Security and offers authentication
and encryption services.

• Bluetooth symmetric authentication steps:
1. Link Key negotiation based on Unit Key (fixed) or Combination Key
2. Challenge-response system authentication based on Link Key
3. Encryption key derivation based on Link Key, random number
and a Ciphering Offset

• Bluetooth encryption is based on a non „state of the art“ stream
chipher using linear feedback shift registers (LFSR) with max.
128bit key length.


Concerns on Bluetooth Security
• Usage of fixed Unit Key for authentication and key derivation
causes security problems and narrows variety of authentication
and encryption keys.

• The quality of the pseudo random number generators can be very
weak concerning different implementations.

• Security depends on the knowledge of one PIN (personal
identification number), because the random challenge and
bluetooth adresses are known.

• Cryptanalysis already reduced the complexity of the used stream
cipher from 2128 (Brute Force) to 266.


Applied IT Security: 8 Authentication and Security Protocols

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Applied IT Security: 8 Authentication and Security Protocols

Ähnlich wie Applied IT Security: 8 Authentication and Security Protocols (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Applied IT Security: 8 Authentication and Security Protocols