Breaking the Kubernetes Kill Chain: Host Path Mount
Applied IT Security: 8 Authentication and Security Protocols
1. Applied IT Security
Applied Cryptography
Dr. Stephan Spitz
Stephan.Spitz@zv.fraunhofer.de
8 Authentication/Security Protocols
2. • Overview & Basics
• Network Protocols and the Internet
• Operating Systems and Applications
• System Security
• Operating System Security
• Security Threats on Networks
• Firewalls and Intrusion Detection Systems
• Applied Cryptography
• Public Key Infrastructures
• Authentication Protocols
• Encryption and digital Signatures in topical Applications
• Software Development & IT Security
• Building Secure IT Systems
• Use of Cryptographic Libraries and Devices
• The Future of IT Security
8 Authentication/Security Protocols
3. • Overview & Basics
• Network Protocols and the Internet
• Operating Systems and Applications
• System Security
• Operating System Security
• Security Threats on Networks
• Firewalls and Intrusion Detection Systems
• Applied Cryptography
• Public Key Infrastructures
Today • Authentication Protocols
• Encryption and digital Signatures in topical Applications
• Software Development & IT Security
• Building Secure IT Systems
• Use of Cryptographic Libraries and Devices
• The Future of IT Security
8 Authentication/Security Protocols
4. Overview Authentication and Security Protocols
• Network and Transport Layer Security
• Virtual Private Networks
• IPSec
• Internet Key Exchange
• Application Layer Security
• SSL / TLS / HTTPS / SSH / SMIME
• SSL in Detail
• Example: Apache and SSL
• Wireless Protocol Security
• Wireless Security Protocols
• Bluetooth Security
• UMTS Security
8 Authentication/Security Protocols
5. Protocol Layers
Services for applications (E-Mail
SMTP, HTTP, SNMP, clients and server, WWW-Server),
FTP, SOAP, etc.
Application Layer
SSL/TLS name resolution (DNS)
Transmission Control SOCKET INTERFACE
Protocol (TCP), UDP, Connetion-oriented, connectionless
ICMP (Internet Control Transport Layer transport service for applications
Message Protocol) for IPSec Transport Layer
debugging
Network Layer Routing, Adressing of packages
Internet Protocol (IP)
IPSec Network Layer (Tunnel)
Ethernet, Token Ring, L2TP, PPTP Package Transmission on
ATM, PPP, GPRS Data Link Layer physical media
WEP, EAP
8 Authentication/Security Protocols
6. Network Layer Security (Tunnel)
Application Data
Application Layer Application Layer
Transport Payload
Transport Layer Transport Layer
Security Network Payload in a Secure Tunnel Security
enhanced enhanced
Network Network
Layer Layer
Data Link Payload
Data Link Data Link
Layer Layer
• Protected communication in an open network between secure
systems e.g. firewalls, router
8 Authentication/Security Protocols
7. Transport Layer Security
Application Data
Application Layer Application Layer
Secured Packet Transport
Security Security
enhanced enhanced
Transport Layer Transport Layer
Network Payload
Network Network
Layer Layer
Data Link Payload Data Link
Data Link
Layer Layer
• Communication inside a secure network with protected
transport payload (AH or ESP)
8 Authentication/Security Protocols
8. Virtual Private Networks (VPN)
• The basic VPN functionality is the provision of authentication,
access control, confidentiality and data integrity
• A process called „Tunneling“ enables the virtual part of a VPN.
There are two tunneling protocols:
PPTP Point to Point Tunneling Protocol
L2TP Layer 2 Tunneling Protocol
• IPSec security services keep the VPN (transport, network)
payload private (optionally), integer and authenticated:
IPSec AH Authentification Header
IPSec ESP Encapsulating Security Payload
8 Authentication/Security Protocols
9. IPSec
• Tunnel Mode (Network Layer Security)
IP IPSec IP TCP/UDP Application
Header Header Header Header Protocol
Original Packet (AH, optionally kept secret with ESP)
• Transport Mode (Transport Layer Security)
IP IPSec TCP/UDP Application
Header Header Header Protocol
Original Packet (AH, optionally kept secret with ESP)
8 Authentication/Security Protocols
10. Tunneling
• Tunneling with L2TP or PPTP
Layer 2 L2TP/PPTP IP TCP/UDP Application
Media Header Header Header Data
Header
Original Packet
• Combination of IPSec and L2TP
Layer 2 IP IPSec IP TCP/UDP
L2TP/PPTP Application
Media Header Header Header Header
Header Data
Header
Original Packet
8 Authentication/Security Protocols
11. IPSec Network View
IPSec Gateway
•Physical NWI, IP known in INTERNET
•Logical NWI inside VPN
INTERNET •Physical NWI with IP known in LAN
IPSec Host
•Physical NWI (Network Interface)
•Logical NWI with IPSec IP inside VPN
Company LAN
8 Authentication/Security Protocols
12. Internet Key Exchange (IKE)
• IKE is the alternative to manual key configuartion to … :
… agree between the communicating parties on
protocols, algorithms and keys.
… ensure talking to the right person (authentication).
… secure key management and exchange
• IKE = Security Association (SA)+Key Management Protocol (KMP)
• KMP can be done in …
… main mode i.e. DH-agreement with identity and nonces, key
derivation (deriv., auth., enc.) and identity prooving
… aggressive mode i.e. main mode without DH identity protection
… quick mode inside a SA
8 Authentication/Security Protocols
13. Application Layer Security
Authenticated and privacy protected Application Data
Application Layer Application Layer
SSL/TLS/SSH SSL/TLS/SSH
Transport Payload
Transport Layer Transport Layer
Network Payload
Network Network
Layer Layer
Data Link Payload Data Link
Data Link
Layer Layer
• Communication on application level is secured by cryptography
8 Authentication/Security Protocols
14. Overview
• SSL: Secure Socket Layer = Application level security built on
the socket interface to support security in ftp, telnet, http, etc.
• TLS: Transport Layer Security eq. SSL (SSL 3.0 = TLS 1.0)
• HTTPS: HTTP over TLS/SSL
• SSH: Secure Shell supports authenticated and encrypted remote
system logins also based on the socket interface (it´s a program
and a protocol)
• SMIME: Secure MIME (Multipurpose Internet Mail Extensions )
format for secure email exchange based on PKCS#7
8 Authentication/Security Protocols
15. SSL History
SSL V1.0 (1993)
• Security on application level
• Developed by Netscape
SSL V2.0 (1994)
• First implementation in Netscape Navigator
• Limitation on 40 bit keys
SSL V3.0 (1995)
• Bugfixes and new crypto algorithms
• Unlimited key length
SSL V3.1 TLS V1.0 (1999)
• Authentic mode only with message digest and without encryption
8 Authentication/Security Protocols
17. SSL Communication
SSL Record Layer
• Complete division of SSL Handshake and Record Layer Communication
• Record Layer provides encrypted communication (handshake keys!)
• Fragmentation support for encrypted SSL records
• Bandwith reduction due to compression in SSL records
• Sequence counters ensure connection orientation on SSL level
• Integrity of data is ensured by adding message digest
8 Authentication/Security Protocols
18. Programming with SSL-Sockets
Client side :
1. Define socket parameters in SSL_struct
2. Open socket socket() and connect to server connect()
3. Connect Unix socket and SSL data SSL_ste_fd()
4. Start SSL handshake with SSL_connect()
5. Write and read data on SSL socket SSL_write(), SSL_read()
Server side :
Step 1-3 is like the client side without connect()
4. Wait on client request listen() and accept it accept()
5. Read the private server key SSL_use_RSAPrivateKey()
6. Select the server certificate again with SSL_use_RSAPrivateKey()
7. After SSL_connect() read and write data to client
8 Authentication/Security Protocols
19. Resistance of SSL against Attacks
Replay attack
• Random numbers inside SSL handshake prevent replay of
handshake
• Encrypted sequence numbers in SSL record layer prevent replay
of „old“ SSL-Records.
Man-in-the-Middle attack
• Dynamic key agreement via challenge response technique in
SSL handshake
IP Spoofing
• IP packages with faked source IP can not be prevented, because
SSL provides no security for the network and the transport layer
8 Authentication/Security Protocols
20. Security in Wireless Protocols
• General Security Aspects in Wireless LANs according to IEEE 802.1x
• WEP (Wired Equivalent Privacy) and EAP (Extensible Authentication
Protocol) security in Wireless LANs according to IEEE 802.1x
• Bluetooth security architecture (three secure modes),
authentification/key negotiation and encryption
8 Authentication/Security Protocols
21. General WLAN Security Aspects
• Wireless LAN access point detection (war driving) via Netstumbler/
Ministumbler or SSIDsniff; sniffing via CENiffer, Kismet, Ethereal
• Denial of service attacks based on jamming in the 2.4 GHz band or
the 5 GHz band are possible
• Secure Configuration:
Don´t use default SSID (Service Set Identifier i.e. WLAN Name)
Enable Hidden SSID (connection only with clients knowing SSID)
Limit access only to certain MACs (be careful MAC can be faked!)
Enable WEP and use EAP authentication
8 Authentication/Security Protocols
22. Wired Equivalent Privacy (WEP)
• Wired Equivalent Privacy (WEP) is defined in IEEE 802.11Wireless
LAN Medium Access Control (MAC) and Physical Layer (PHY) Spec.
• WEP defines a simple stream cipher based on an RC4 pseudo
random generator seeded by an initialisation vector and the key.
• WEP weaknesses have been announced by Fluhrer, Mantin and
Shamir in 2001; meanwhile cracks are available (Airsnort,
WEPCrack) based on:
IV is first transmitted as plain text and only 24 bit (after
224 packets the key is repeated simple crypto analysis
based on autocorrelation)
Seed must not be used twice, which is often practiced,
because of repetition of IV or using 0 as IV for the first
packet
8 Authentication/Security Protocols
23. Extensible Authentication Protocol (EAP)
• RFC 2284 defines the PPP Extensible Authentication Protocol (EAP)
for embedding authentication in other protocols like WEP.
• There are different ways for authentication:
EAP-MD5 provides a username, password authentication,
not advisable with the weaknesses of WEP encryption
EAP-TLS uses an asymmetric challenge-response
authentication based on X.509 certificates
EAP-TLS SSL-Handshake without client certificate
transmission
EAP-SIM authentication based on mobile phones SIM
(Subscriber Identity Module)
8 Authentication/Security Protocols
24. Bluetooth Security
• Bluetooth defines three modes Non Secure, Service Level Enforced
Security and Link Level Enforced Security and offers authentication
and encryption services.
• Bluetooth symmetric authentication steps:
1. Link Key negotiation based on Unit Key (fixed) or Combination Key
2. Challenge-response system authentication based on Link Key
3. Encryption key derivation based on Link Key, random number
and a Ciphering Offset
• Bluetooth encryption is based on a non „state of the art“ stream
chipher using linear feedback shift registers (LFSR) with max.
128bit key length.
8 Authentication/Security Protocols
25. Concerns on Bluetooth Security
• Usage of fixed Unit Key for authentication and key derivation
causes security problems and narrows variety of authentication
and encryption keys.
• The quality of the pseudo random number generators can be very
weak concerning different implementations.
• Security depends on the knowledge of one PIN (personal
identification number), because the random challenge and
bluetooth adresses are known.
• Cryptanalysis already reduced the complexity of the used stream
cipher from 2128 (Brute Force) to 266.
8 Authentication/Security Protocols