Summary of TCP/IP layers security

CSCE 813

Midterm Topics Overview

Internet Security - Farkas 1

Network Attacks

 Classifications

– Passive vs. Active

– Against security objectives

–

 What are the security objectives?

Attacker’s activities

 Give some examples


Forward Secrecy

 Compromised key: permits the disclosure of the data encrypted by the compromised key.

 No additional keys can be generated from the compromised key.

 Perfect Forward Secrecy : compromise of a single key will permit access to only data protected by a single key

Why PFS is important for security protocols?


Protection

 Protection at storage

 Protection during usage

 Protection during transmission

 Give an example attack and consequences for each

 What are the basic security technologies?


Communication Security

Security Protocols

 Cryptographic protocols

 Services: secrecy, integrity, authentication, key exchange, non-repudiation, etc.

 Components: communicating parties

(nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc.


Security Properties –

Authentication of Origin

 Verify

– Who sent the message?

– Who sent the message to whom?

– Who sent the message to whom and how many times?


Security Properties

 What is

– Non-interference

– Message confidentiality

– Sender authentication

– Message authentication

– Message integrity

–

–

Replay protection

…?

 How can we support

– Non-interference

– Message confidentiality

– Sender authentication

– Message authentication

– Message integrity

–

–

Replay protection

…?

Why do we need protocol analysis?


Attacks

 Known attacks

– Can be picked up by careful inspection

 Non-intuitive attacks

– Not easily apparent

– May not depend on flaws or weaknesses of cryptographic algs.

– Use variety of methods, e.g., statistical analysis, subtle properties of crypto algs., etc.


TCP/IP Protocol Stack

How does the TCP/IP stack compares to the ISO-OSI model?

Application Layer

Why is layering a good idea?

Transport Layer

Internetwork Layer

How does layering impact the security capabilities?

Network Access Layer

What are the main protocols for each layer?

How do these protocols support security?


What are the main security capabilities supported by the security protocols?


Security -- At What Layer?

 Where to implement security?

 Basic services that need to be implemented:

 Key management

 Confidentiality

 Nonrepudiation



Integrity/authentication

 Authorization

 What are the security technologies supporting these services?


Network Access Layer

Application Layer

Transport Layer

Network Layer

Network Access L

 Responsible for packet transmission on the physical media

 Protocols: Ethernet,

Token Ring,

Asynchronous

Transfer Mode

(ATM)

How does Ethernet support security?


Virtual Private Network

 L2TP: combines Layer 2 Forwarding (L2F) and

Point-to-Point Tunneling Protocol (PPTP)

 What does tunneling mean?

 Who can create a tunnel?

CSCE 813 - Farkas 13

L2TP Protocol

Service 1

Client 2

Client 1 LAC

Control

Session 1 (Call ID 1)

Session 2 (Call ID 2)

LNS

Service 2

 Tunnel components

– Control channel (reliable): control sessions and tunnel

– Data channel (unreliable): created for each call

 What is the level of protection between

 Client 1 & LAC?

 LAC & LNS?


L2TP and IPSec

 L2TP is NOT secure without the support of

IPSec

 What are the attacks to consider?


TCP/IP Protocol Stack

Application Layer

 Packaging

 Addressing

 Routing

Transport Layer

Network Layer

What are the supported security protocols?

Data Link Layer

CSCE813 - Farkas

What is the effect of standardization on security?

16

Internet Engineering Task

Force Standardization

 IPv6 development requirements: Strong security features

 1992: IPSEC WG (IETF)

–

–

Define security architecture

Standardize IP Security Protocol and Internet Key

Management Protocol

 1998: revised version of IP Security Architecture

– IPsec protocols (two sub-protocols AH and ESP)

– Internet Key Exchange (IKE)

CSCE813 - Farkas 17

IP Security Overview

IPSec: method of protecting IP datagrams

– Data origin authentication

– Connectionless data integrity authentication

– Data content confidentiality

– Anti-replay protection

– Limited traffic flow confidentiality

CSCE813 - Farkas 18

IP Security Architecture

IPsec module 1

IPsec module 2

SPD SPD

IKE

SAD

IPsec

IKE

IPsec

SAD

SA

CSCE813 - Farkas 19

The Domain Name System

 Why is it needed?

 Is this secure?

 What are the security concerns?

Good reading: SANS Institute: Security Issues with

DNS, http://www.sans.org/readingroom/whitepapers/dns/security-issues-dns-1069


Transport Layer

Application Layer

Transport Layer

Network Layer

 Host-to-host transportation of packets

 Services:

– Connection-oriented or connectionless

– Reliable or unreliable

 TCP, UDP

Data Link Layer

What are the TL security protocols?


Security Requirements

– Key management

– Confidentiality

– Repudiation

– Integrity/authentication

– Authorization

What are the advantages supporting security at this layer?

Which are the most popular transport layer security protocols?


Transport Layer Security

Protocols

 Connectionless and connection-oriented transport layer service:

Security Protocol 4 (SP4) – NSA, NIST,

Transport Layer Security Protocol (TLSP) – ISO

 Connection-oriented transport layer service:

–

–

–

Encrypted Session Manager (ESM) – AT&T Bell Labs.

Secure Socket Layer (SSL) – Netscape Communications

Transport Layer Security (TLS) – IETF TLS WG

Most popular transport layer security protocols


Application Layer

Application Layer

Transport Layer

 Provides applications that can access services at the other layers, e.g., telnet

(port 23), mail (port 25), finger (port 79)

Network Layer

Data Link Layer

 New services and protocols are always being developed


Approaches

 Provide security system that can be used by different applications

– Develop authentication and key distribution models

 Enhance application protocol with security features

– Need to enhance each application


Cerberus

Third Party Authentication

Client

6. Provide server authentication

1.Request ticketgranting ticket

2. Ticket + session key

3. Request servicegranting ticket

4. Ticket + session key

5. Request service

Kerberos

KDC

TGS

Server

Once per service session

CSCE 813 - Farkas

Once per user logon session

Once per type of service

26

Security-Enhanced Application

Protocol

 Applications:

– Terminal access

– File transfer

– Electronic mail

– WWW transactions

– DNS

– Distributed file system


SSH

 Use generic transport layer security protocol over

TCP/IP

 Support for

–

–

Host and user authentication

Data compression

–

–

Data confidentiality

Integrity protection

 Server listens for TCP connection on port 22, assigned to SSH


PGP: Confidentiality and Authentication

Sender A

K A private

K s

E

K B public

K s

[M+H(M)]

M

H E

M E c c

K A private

[H(M)]

K B public

(K s

)

D

K s

D

K B private

Receiver B

H

D

K A public

Compare


Summary of Advantages and

Disadvantages of

Supporting Security at

Different Layers


Network Access Layer Security

 Dedicated link between hosts/routers

 hardware devices for encryption

 Advantages:

– Speed

 Disadvantages:

– Not scaleable

–

–

Works well only on dedicates links

Two hardware devices need to be physically connected


Internetwork Layer Security

IP Security (IPSec)

 Advantages:

– Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure

– Ability to build VPN and intranet

 Disadvantages:

– Difficult to handle low granularity security, e.g., nonrepudation, user-based security,


Transport Layer Security

 Advantages:

– Does not require enhancement to each application

 Disadvantages:

– Difficult to obtain user context

–

–

Implemented on an end system

Protocol specific

 implemented for each protocol


Application Layer Security





Advantages:

– Executing in the context of the user --> easy access to user’s credentials

–

–

Complete access to data --> easier to ensure nonrepudation

Application can be extended to provide security (do not depend on the operating system)

– Application understand data --> fine tune security

Disadvantages:

–

–

Implemented in end hosts

Security mechanisms have to be implemented for each application

-->

– expensive

– greated probability of making mistake


Next Class:

Web Application Security


Summary of TCP/IP layers security

Network Attacks

Forward Secrecy

Protection

Communication Security

Security Protocols

Security Properties –

Authentication of Origin

Attacks

TCP/IP Protocol Stack

What are the main security capabilities supported by the security protocols?

Virtual Private Network

L2TP Protocol

L2TP and IPSec

TCP/IP Protocol Stack

Internet Engineering Task

Force Standardization

IP Security Overview

IP Security Architecture

The Domain Name System

Transport Layer

Security Requirements

Application Layer

Approaches

SSH

Summary of Advantages and

Disadvantages of

Supporting Security at

Different Layers

Related documents

Products

Support

Summary of TCP/IP layers security

Network Attacks

Forward Secrecy

Protection

Communication Security

Security Protocols

Security Properties –

Authentication of Origin

Attacks

TCP/IP Protocol Stack

What are the main security capabilities supported by the security protocols?

Virtual Private Network

L2TP Protocol

L2TP and IPSec

TCP/IP Protocol Stack

Internet Engineering Task

Force Standardization

IP Security Overview

IP Security Architecture

The Domain Name System

Transport Layer

Security Requirements

Application Layer

Approaches

SSH

Summary of Advantages and

Disadvantages of

Supporting Security at

Different Layers

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib