IP SecurtyIP Securty1. Overview2. Architecture3. Authentication Header4. Encapsulating Security Payload5. Combining security Associations6. Internet Key Exchange.

Web Security: 1. Web Security Considerations, 2. Secure Sockets Layer 3. Transport Layer Security, 4. Electronic Payment

IP SecurityIP Securityhave a range of application

specific security mechanisms◦eg. S/MIME, PGP, Kerberos, SSL/HTTPS

however there are security concerns that cut across protocol layers

would like security implemented by the network for all applications

IPSecIPSecgeneral IP Security mechanismsprovides

◦authentication◦confidentiality◦key management

applicable to use over LANs, across public & private WANs, & for the Internet

IPSec UsesIPSec Uses

Benefits of IPSecBenefits of IPSecin a firewall/router provides strong

security to all traffic crossing the perimeter

in a firewall/router is resistant to bypass

is below transport layer, hence transparent to applications

can be transparent to end userscan provide security for individual

userssecures routing architecture

IP Security ArchitectureIP Security Architecturespecification is quite complexdefined in numerous RFC’s

◦incl. RFC 2401/2402/2406/2408◦many others, grouped by category

mandatory in IPv6, optional in IPv4have two security header

extensions:◦Authentication Header (AH)◦Encapsulating Security Payload (ESP)

IPSec ServicesIPSec ServicesAccess controlConnectionless integrityData origin authenticationRejection of replayed packets

◦a form of partial sequence integrityConfidentiality (encryption)Limited traffic flow confidentiality

Security AssociationsSecurity Associationsa one-way relationship between

sender & receiver that affords security for traffic flow

defined by 3 parameters:◦Security Parameters Index (SPI)◦IP Destination Address◦Security Protocol Identifier

has a number of other parameters◦seq no, AH & EH info, lifetime etc

have a database of Security Associations

Authentication Header Authentication Header (AH)(AH)provides support for data integrity

& authentication of IP packets◦end system/router can authenticate

user/app◦prevents address spoofing attacks by

tracking sequence numbersbased on use of a MAC

◦HMAC-MD5-96 or HMAC-SHA-1-96parties must share a secret key

Authentication HeaderAuthentication Header

Transport & Tunnel ModesTransport & Tunnel Modes

Encapsulating Security Payload Encapsulating Security Payload (ESP)(ESP)provides message content

confidentiality & limited traffic flow confidentiality

can optionally provide the same authentication services as AH

supports range of ciphers, modes, padding◦ incl. DES, Triple-DES, RC5, IDEA, CAST etc◦ CBC & other modes◦ padding needed to fill blocksize, fields, for

traffic flow

Encapsulating Security Encapsulating Security PayloadPayload

Transport vs Tunnel Mode Transport vs Tunnel Mode ESPESPtransport mode is used to encrypt

& optionally authenticate IP data◦data protected but header left in clear◦can do traffic analysis but is efficient◦good for ESP host to host traffic

tunnel mode encrypts entire IP packet◦add new header for next hop◦good for VPNs, gateway to gateway

security

Combining Security Combining Security AssociationsAssociationsSA’s can implement either AH or ESPto implement both need to combine

SA’s◦form a security association bundle◦may terminate at different or same

endpoints◦combined by

transport adjacency iterated tunneling

issue of authentication & encryption order

Combining Security Combining Security AssociationsAssociations

Key ManagementKey Managementhandles key generation & distributiontypically need 2 pairs of keys

◦2 per direction for AH & ESPmanual key management

◦sysadmin manually configures every system

automated key management◦automated system for on demand

creation of keys for SA’s in large systems◦has Oakley & ISAKMP elements

OakleyOakleya key exchange protocolbased on Diffie-Hellman key

exchangeadds features to address

weaknesses◦cookies, groups (global params),

nonces, DH key exchange with authentication

can use arithmetic in prime fields or elliptic curve fields

ISAKMPISAKMPInternet Security Association and

Key Management Protocolprovides framework for key

managementdefines procedures and packet

formats to establish, negotiate, modify, & delete SAs

independent of key exchange protocol, encryption alg, & authentication method

ISAKMPISAKMP

ISAKMP Payloads & ISAKMP Payloads & ExchangesExchangeshave a number of ISAKMP

payload types:◦Security, Proposal, Transform, Key,

Identification, Certificate, Certificate, Hash, Signature, Nonce, Notification, Delete

ISAKMP has framework for 5 types of message exchanges:◦base, identity protection,

authentication only, aggressive, informational

Web SecurityWeb Security

Web now widely used by business, government, individuals

but Internet & Web are vulnerablehave a variety of threats

◦ integrity◦ confidentiality◦ denial of service◦ authentication

need added security mechanisms

SSL (Secure Socket Layer)SSL (Secure Socket Layer)

transport layer security serviceoriginally developed by Netscapeversion 3 designed with public inputsubsequently became Internet standard

known as TLS (Transport Layer Security)uses TCP to provide a reliable end-to-

end serviceSSL has two layers of protocols

Where SSL FitsWhere SSL Fits

HTTP SMTP POP3

80 25 110

HTTPS SSMTP SPOP3

443 465 995

Secure Sockets Layer

Transport

Network

Link

Uses Public Key SchemeUses Public Key Scheme

Each client-server pair uses◦2 public keys

one for client (browser) created when browser is installed on client machine

one for server (http server) created when server is installed on server hardware

◦2 private keys one for client browser one for server (http server)

SSL ArchitectureSSL Architecture

SSL ArchitectureSSL ArchitectureSSL session

◦an association between client & server◦created by the Handshake Protocol◦define a set of cryptographic

parameters◦may be shared by multiple SSL

connectionsSSL connection

◦a transient, peer-to-peer, communications link

◦associated with 1 SSL session

SSL Record ProtocolSSL Record Protocolconfidentiality

◦ using symmetric encryption with a shared secret key defined by Handshake Protocol

◦ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128

◦ message is compressed before encryptionmessage integrity

◦ using a MAC (Message Authentication Code) created using a shared secret key and a short message

SSL Change Cipher Spec SSL Change Cipher Spec ProtocolProtocolone of 3 SSL specific protocols

which use the SSL Record protocol

a single messagecauses pending state to become

currenthence updating the cipher suite

in use

SSL Alert ProtocolSSL Alert Protocolconveys SSL-related alerts to peer entityseverity

warning or fatal

specific alert unexpected message, bad record mac,

decompression failure, handshake failure, illegal parameter

close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown

compressed & encrypted like all SSL data

SSL Handshake ProtocolSSL Handshake Protocolallows server & client to:

◦ authenticate each other◦ to negotiate encryption & MAC algorithms◦ to negotiate cryptographic keys to be used

comprises a series of messages in phases◦ Establish Security Capabilities◦ Server Authentication and Key Exchange◦ Client Authentication and Key Exchange◦ Finish

SSL Handshake ProtocolSSL Handshake Protocol

TLS (Transport Layer TLS (Transport Layer Security)Security)IETF standard RFC 2246 similar to

SSLv3with minor differences

◦ in record format version number◦ uses HMAC for MAC◦ a pseudo-random function expands secrets◦ has additional alert codes◦ some changes in supported ciphers◦ changes in certificate negotiations◦ changes in use of padding

Secure Electronic Transactions Secure Electronic Transactions (SET)(SET)open encryption & security

specificationto protect Internet credit card

transactionsdeveloped in 1996 by Mastercard, Visa

etcnot a payment system, rather a set of

security protocols & formats◦secure communications amongst parties◦trust from use of X.509v3 certificates◦privacy by restricted info to those who

need it

SET ComponentsSET Components

SET TransactionSET Transaction1. customer opens account2. customer receives a certificate3. merchants have their own certificates4. customer places an order5. merchant is verified6. order and payment are sent7. merchant requests payment authorization8. merchant confirms order9. merchant provides goods or service10. merchant requests payment

Dual SignatureDual Signaturecustomer creates dual messages

◦order information (OI) for merchant◦payment information (PI) for bank

neither party needs details of other

but must know they are linkeduse a dual signature for this

◦signed concatenated hashes of OI & PI

Purchase Request – Purchase Request – CustomerCustomer

Purchase Request – Purchase Request – MerchantMerchant

Purchase Request – Purchase Request – MerchantMerchant1. verifies cardholder certificates using CA

sigs2. verifies dual signature using customer's

public signature key to ensure order has not been tampered with in transit & that it was signed using cardholder's private signature key

3. processes order and forwards the payment information to the payment gateway for authorization (described later)

4. sends a purchase response to cardholder

Payment Gateway Payment Gateway AuthorizationAuthorization1. verifies all certificates2. decrypts digital envelope of authorization block to

obtain symmetric key & then decrypts authorization block

3. verifies merchant's signature on authorization block

4. decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block

5. verifies dual signature on payment block6. verifies that transaction ID received from

merchant matches that in PI received (indirectly) from customer

7. requests & receives an authorization from issuer8. sends authorization response back to merchant

Payment CapturePayment Capturemerchant sends payment

gateway a payment capture request

gateway checks requestthen causes funds to be

transferred to merchants accountnotifies merchant using capture

response