Key Management and Distribution
&
User Authentication Protocols
14
3
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Needham-Schroeder Protocol
Brief description of each step as in figure (next slide):
1.
Alice sends a message to K D C with her nonce (RA), her identity
and Bob’s identity.
2.
The K D C replies a message to Alice with Alice’s nonce, Bob’s
identity, the session key (RAB) and an encrypted ticket to Bob. The
whole message is encrypted withAlice’s key
3.
Alice sends Bob’s ticket to him.
4.
Bob sends his challenge to Alice (RB), encrypted with the session
key.
5.
Alice responds to Bob’s challenge,by sending (RB-1) instead of RB
14
4
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Needham-Schroeder Protocol
14
5
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Otway-Rees Protocol
Brief description of each step as in figure (next slide):
1.
Alice sends a message to Bob with a common nonce (R), the
identities of Alice and Bob, and a ticket for K D C (Challenge for
KDC) that includes Alice’s nonce RA, a copy of R and identities of
Alice and Bob.
2.
Bob creates same type of ticket, but with his own nonce RB. Both
the tickets are sent to K D C
3.
K D C creates a message that has R, ticket for Alice and a ticket for
bob, this message is sent to Bob. The ticket has RA, RB and session
key (KAB).
4.
Bob sendsAlice her ticket.
5.
Alice acknowledges by sending a short message encrypted with
K AB
14
6
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Otway-Rees Protocol
14
7
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Kerberos is an authentication protocol, and at the same time a KDC,
that has become very popular.
Topics discussed in this section:
Introduction
Servers
Operation
Using Different Servers
Kerberos Version 5
Realms
14
8
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Introduction:
Kerberos is a protocol for authenticating service requests between
trusted hosts across an untrusted network, such as the internet.
Kerberos is built in to all major operating systems, including
Microsoft Windows,Apple OS X, FreeBSD and Linux.
Kerberos was originally developed for Project Athena at the
Massachusetts Institute ofTechnology (MIT).
The protocol was named after the character Kerberos (or
Cerberus) from Greek mythology, the ferocious three-headed guard
dog of Hades.
14
9
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Introduction:
Kerberos provides a centralize authentication server whose function
is to authenticate users to servers and servers to users.
In Kerberos Authentication server and database is used for client
authentication.
Kerberos run as a third-party trusted server known as the Key
Distribution Center (KDC).
The three heads of the Kerberos protocol represent a client, a
server and a Key Distribution Center (KDC), which acts as
Kerberos' trusted third-party authentication service.
15
0
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Aim:
The user's password must never travel over the network.
The user's password must never be stored in any form on the client
machine.
The user's password should never be stored in an unencrypted form
even in the authentication server database.
The user is asked to enter a password only once per work session.
Authentication information management is centralized and resides
on the authentication server.
The application servers must prove their authenticity to the client as
well.This characteristic is known as Mutual authentication.
15
1
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Kerberos servers
15
2
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Kerberos servers
Authentication Server (AS)
The authentication server (AS) is the K D C in the Kerberos protocol.
Ticket-Granting Server (TGS)
The ticket-granting server (TGS) issues a ticket for the real server
(Bob).
Real Server
The real server (Bob) provides services for the user (Alice).
15
3
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Operation
15
4
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Operation: steps
1.
Alice sends request to AS in plain text using her registered
identity.
2.
The AS replies with an encrypted message with Alice’s permanent
symmetric key (KA-AS). The message has two items: a session key
(KA-TGS) and a ticket for TGS i.e., encrypted with TGS symmetric
key (KAS-TGS). When the message arrives, Alice types her password
which is used by the client process to create KA-AS, then decrypt
the message to extract the session key and the ticket.
3.
Alice sends three items to TGS: the ticket received from AS, the
name of the real server (Bob), the timestamp that is encrypted by
(KA-TGS).
15
5
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Operation: steps
4.
TGS sends two tickets, each containing Session key between Alice
and Bob (KA-B). The ticket for Alice is encrypted with (KA-TGS); the
ticket for Bob is encrypted with (KTGS-B).
5.
Alice sends Bob’s ticket with the timestamp encrypted by (KA-B).
6.
Bob confirms the receipt by adding 1 to the timestamp, the
message is encrypted with (KA-B).
15
6
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Using Different Servers
Note that if Alice needs to receive services from different servers,
she need repeat only the last four steps.
15
7
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Kerberos Version 5
The minor differences between version 4 and version 5 are briefly
listed below:
 Version 5
has a longer ticket lifetime.
 Version 5
allows tickets to be renewed.
 Version
5 can accept any symmetric-key algorithm.
 Version
5 uses a different protocol for describing data types.
 Version 5
15
8
has more overhead than version 4.
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
KERBEROS
Realm
Kerberos allows the global distribution of ASs and TGSs, with each
system called a realm.
A user may get a ticket for a local server or a remote server.
15
9
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Symmetric-key Agreement
Alice and Bob can create a session key between themselves without
using a K D C .
This method of session-key creation is referred to as the symmetrickey agreement.
Majorly used techniques:
1.
Diffie-Hellman KeyAgreement
2.
Station-to-Station KeyAgreement
16
0
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
P U B L IC - KE Y DISTRIBUTION
In asymmetric-key cryptography, people do not need to know a
symmetric shared key.
Everyone shields a private key and advertises a public key.
In Public-Key cryptography, everyone has access to
everyone’s public key;
Public keys are available to public
16
1
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
P U B L IC - KE Y DISTRIBUTION
Topics discussed in this section:
PublicAnnouncement
Trusted Center
ControlledTrusted Center
CertificationAuthority
X.509
16
2
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Public Announcement
The naive approach is to announce public keys publicly.
16
3
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Trusted Center
The more secure approach is to have a trusted center retain a
directory of public keys.
16
4
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Controlled Trusted Center
A higher level of security can be achieved if there are added controls on
the distribution of the public key.
The public key announcement can include a timestamp and be signed by
an authority to prevent interception and modification of the response.
16
5
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Certification Authority (CA)
Security certificates are used to reduce the load on trusted centers.
A server (Bob) can request a certificate from a certification authority
(CA), which could be a cross-certified company or state or federal
organization. Bob’s request contains his identification and his public key.
The C A checks the identification of Bob. If verified, the CA writes Bob’s
public key on the certificate and signs it with its own private key.
Bob can now upload the signed certificate and store it on his site or
Bob may send the certificate to users upon request.
Any user who wants Bob’s public key can download the certificate and
decrypts it using the CA’s public key to extract Bob’s public key
16
6
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Certification Authority (CA)
16
7
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
X. 5 09
The Internet community has e te et co u ity as accepted the ITU-T
recommendation X.509 as a way to unify certificate formats.
In X.509, the certificate has the following important fields:
 Version
3).
number: this field is the version of X.509 (current version is
 Serial
number: this field is the serial number assigned to each
certificate and is unique for each certificate issuer.
 Signature
algorithm ID: this field identifies the signature algorithm
used in the certificate.This field is repeated in the signature field.
16
8
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
X. 5 09
 Issuer
name:this field identifies the C A that issued the certificate.
 Validity
Period: this field defines the earliest (not before) time and
the latest (not after) time during which the certificate is valid.
 Subject
name: this field defines the entity that owns the public key
stored in this certificate.
 Subject
public key: this field gives the value of the public key of the
owner of the certificate and defines the public key algorithm.
 Signature:
this field contains the digest of all other fields in the
certificate encrypted by the CA’s private key, and also contains the
ID of the signature algorithm.
16
9
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
X. 5 09
17
0
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
X. 5 09
Certificate Renewal
Each certificate has a period of validity.
If there is no problem with the certificate, the C A issues a new
certificate before the old one expires.
Certificate Revocation
In some cases a certificate must be revoked before its expiration.
The revocation is done by periodically issuing a certificate revocation
list (CRL) that contains all revoked certificates that have not expired
on the date the CRL is issued.
To ensure the validity of a certificate, the user must check the latest
CRL published by the C A that issued the certificate.
17
1
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
X.509
Certificate Revocation
17
2
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
SUMMARY
Digital Signature
Comparison with Physical Signature
Digital Signature Process
Attacks on Digital Signature
Digital Signature Schemes
Key Management and Distribution & User Authentication Protocols
Symmetric-key Distribution
Public-key Distribution
17
3
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Digital Signature Schemes
Several digital signature schemes have evolved during the last
few decades.
RSA Digital Signature Scheme
ElGamal Digital Signature Scheme
Schnorr Digital Signature Scheme
Digital Signature Standard (DSS)
Elliptic Curve Digital Signature Scheme
11
5
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
R S A Digital Signature Sche me
General idea behind the RSA digital signature scheme
11
6
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
R S A Digital Signature Sche me
Key Generation
Key generation in the RSA digital signature scheme is exactly the
same as key generation in the RSA
In the RSA digital signature scheme, d is private;
e and n are public.
11
7
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
R S A Digital Signature Sche me
Signing andVerifying
RSA digital signature scheme
11
8
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
R S A Digital Signature Sche me
Example:
As a trivial example,suppose that Alice chooses p = 823 and q = 953,
and calculates n = 784319.
The value of (n) is 782544.
Now she chooses e = 313 and calculates d = 160009. At this point
key generation is complete.
Now imagine that Alice wants to send a message with the value of M
= 19070 to Bob.
She uses her private exponent, 160009, to sign the message:
11
9
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
R S A Digital Signature Sche me
Solution:
Alice sends the message and the signature to Bob.
Bob receives the message and the signature.
He calculates
Bob accepts the message because he has verifiedAlice’s signature.
12
0
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
R S A Digital Signature Sche me
When the digest is signed instead of the message itself,
the susceptibility of the RSA digital signature scheme
depends on the strength of the hash algorithm.
12
1
Dr. Budhaditya Bhattacharyya Asso.
Prof. (Sr), SENSE, VIT
Module-7
17
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Topics to be discussed
Transport-Level Security
Firewalls
Web Security
Software Security
IoT threats
17
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Transport-Level Security
Transport level security provides end to end security services for
applications that use a reliable transport layer protocol such asTCP.
The idea is to provide security services for transactions on the
internet.
Two protocols are dominant today for providing security at the
transport layer.
1.
Secure Sockets layer (SSL) protocol.
2.
Transport Layer Security (TLS) protocol.
17
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Transport-Level Security
Location of SSL andTLS in the Internet model
17
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Services
SSL is designed to provide security and compression services to data
generated from the application layer.
Fragmentation: First, SSL divides the data into blocks of 214 bytes or
less.
Compression: Each fragment of data is compressed using one of the
lossless compression methods.This service is optional.
Message Integrity:SSL uses a keyed-hash function to create MAC to
preserve integrity of data.
Confidentiality: The original data and the MAC are encrypted using
symmetric-key cryptography to provide confidentiality.
Framing:A header is added to the encrypted payload. The payload is
then passed to reliable transport layer protocol.
18
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Key Exchange Algorithms
To exchange an authenticated and confidential message, the client
and the server each need six cryptographic secrets (four keys and
two initialization vectors).
To create these secrets, one pre-master secret must be established
between the two parties.
SSL defines six key-exchange methods to establish this pre-master
secret.
18
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Key Exchange Algorithms
18
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Key Exchange Algorithms
NULL
There is no key exchange in this method. No pre-master secret is
established between the client and the server.
Both client and server need to know the
value of the pre-master secret.
18
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Key Exchange Algorithms
RSA
RSA key exchange;server public key
. The server needs to send its RSA encryption/decryption certificate
18
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Key Exchange Algorithms
Anonymous Diffie-Hellman
Anonymous Diffie-Hellman key exchange
The pre-master secret is established between the client and server
using the Diffie-Hellman (DH) protocol.
The DiffieHellman half-keys are sent in plaintext. It is called
anonymous Diffie-Hellman because neither party is known to the
other.
18
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Key Exchange Algorithms
Ephemeral Diffie-Hellman key exchange
Ephemeral Diffie-Hellman key exchange
Each party sends a Diffie-Hellman key signed by its private key.
The receiving party needs to verify the signature using the public
key of the sender
18
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Encryption/Decryption Algorithms
There are 6 groups of algorithms as shown below.
All block protocols use an 8-byte initialization vector (IV), except
Fortezza using 20-byte vector
18
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Encryption/Decryption Algorithms
NULL
The NULL category simply
encryption/decryption algorithm.
defines
Stream RC
Two RC algorithms are defined in stream mode.
Block RC
One RC algorithm is defined in block mode.
DES
All DES algorithms are defined in block mode.
18
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
the
lack
of
an
Encryption/Decryption Algorithms
IDEA
The IDEA algorithm defined in block mode is IDEA_CBC, with a
128-bit key.
Fortezza
The one Fortezza
FORTEZZA_CBC.
18
9
algorithm
defined
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
in
block
mode
is
H a s h Algorithm
19
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
FIREWALL
23
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Firewall defined
A firewall is a network security device that monitors the network’s
data traffic.
It permits or blocks data packets based on a set of security rules.
Firewalls can be software, hardware, or cloud-based, with each type
of firewall having its own unique pros and cons.
The primary goal of a firewall is to block malicious traffic requests
and data packets while allowing legitimate traffic through.
23
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
How does a firewall work?
Firewalls carefully analyze incoming traffic based on pre-established
rules and filter traffic coming from suspicious sources to prevent
attacks.
Firewalls guard traffic at a computer’s entry point, called ports, which is
where information is exchanged with external devices.
⦁
23
8
For example, “Source address 172.18.1.1 is allowed to reach destination
172.18.2.1 over port 22."
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
How does a firewall work?
Think of IP addresses as houses, and port numbers as rooms within
the house.
Only trusted people (source addresses) are allowed to enter the
house (destination address).
Further filtered people within the house are only allowed to access
certain rooms (destination ports),
⦁
Depending on if they're the owner, a child, or a guest.
The owner is allowed to any room (any port), while children and
guests are allowed into a certain set of rooms (specific ports).
23
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Types of Firewall
Firewall types can be divided into several different categories based
on their general structure and method of operation.
Here are eight types of firewalls:
⦁
Packet-filtering firewalls
⦁
Stateful inspection firewalls
⦁
Next-gen firewalls
⦁
Hardware firewalls
⦁
Circuit-level firewalls/gateways
⦁
Application-level gateways (a.k.a.proxy firewalls)
⦁
Software firewalls
⦁
Cloud firewalls
24
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Packet-Filtering Firewalls
It is the most “basic” and oldest type of firewall architecture.
It basically creates a checkpoint at a traffic router or switch.
The firewall performs a simple check of the data packets coming
through the router
⦁
inspecting information such as the destination and origination IP address,
packet type,port number, and other surface-level information.
These firewalls aren’t very resource-intensive thereby, impact on
system performance and are relatively simple.
However, they’re also relatively easy to bypass compared to firewalls
with more robust inspection capabilities.
24
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Circuit-Level Gateways
Another simplistic firewall which works quickly and easily approve or
deny traffic without consuming significant computing resources.
Circuit-level gateways work by verifying the transmission control
protocol (TCP) handshake.
This TCP handshake check is designed to make sure that the session
the packet is from is legitimate.
While extremely resource-efficient, these firewalls do not check the
packet itself.
So, if a packet held malware, but had the right TCP handshake, it
would pass right through.
This is why circuit-level gateways are not enough to protect your
business by themselves.
24
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Stateful Inspection Firewalls
State-aware devices, on the other hand, not only examine each
packet, but also keep track of whether or not that packet is part of
an establishedTCP or other network session.
These firewalls combine both packet inspection technology and TCP
handshake verification.
This offers more security than either packet filtering or circuit
monitoring alone.
However, these firewalls do put more of a strain on computing
resources and network performance.
24
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Proxy Firewalls (Application-Level Gateways)
Proxy firewalls operate at the application layer to filter incoming
traffic.
These firewalls are delivered via a cloud-based solution or another
proxy device.
Rather than letting traffic connect directly, the proxy firewall first
establishes a connection to the source of the traffic and inspects the
incoming data packet.
Also perform deep-layer packet inspections, checking the actual
contents of the information packet to verify that it contains no
malware.
Once the check is complete, and the packet is approved to connect
to the destination, the proxy sends it off.
24
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Proxy Firewalls (Application-Level Gateways)
This creates an extra layer of separation between the client and the
individual devices
⦁
obscuring them to create additional anonymity and protection for your
network.
If there’s one drawback to proxy firewalls, it’s that they can create
significant slowdown because of the extra steps in the data packet
transferal process.
24
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Next-Generation Firewalls
Many of the most recently-released firewall products are being
touted as “next-generation” architectures.
Some common features of next-generation firewall architectures
include deep-packet inspection, TCP handshake checks, and surfacelevel packet inspection.
Next-generation firewalls may include other technologies as well,
such as Intrusion Prevention Systems (IPSs) that work to
automatically stop attacks against your network.
The issue is that there is no one definition of a next-generation
firewall
24
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Software Firewalls
Software firewalls include any type of firewall that is installed on a
local device rather than a separate piece of hardware
The big benefit of a software firewall is that it's highly useful for
creating defense in depth by isolating individual network endpoints
from one another.
However, maintaining individual software firewalls on different
devices can be difficult and time-consuming.
Furthermore, not every device on a network may be compatible
with a single software firewall.Some of the well known firewalls:
•Sophos Firewall.
•Check Point Next Generation Firewalls (NGFWs)
•FortiGate.
•WatchGuard Network Security.
24
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Hardware Firewalls
Hardware firewalls use a physical appliance that acts in a manner
similar to a traffic router.
Act as a perimeter security by making sure malicious traffic is
intercepted before the company's network endpoints.
The major weakness of a hardware-based firewall, however, is that it
is often easy for insider attacks to bypass them.
Some of the well known hardware firewalls are Bitdefender
BOX, Cisco ASA, CUJO AI, Fortinet FortiGate, NetGear
ProSAFE, Palo Alto PA-7000, Netgate pfSense Appliances,
SonicWall, Sophos XG, and WatchGuard Firebox
24
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cloud Firewalls
Whenever a cloud solution is used to deliver a firewall, it can be
called a cloud firewall, or firewall-as-a-service (FaaS).
Cloud firewalls are considered synonymous with proxy firewalls by
many,since a cloud server is often used in a proxy firewall setup.
The big benefit of having cloud-based firewalls is that they are very
easy to scale with your organization.
As your needs grow, you can add additional capacity to the cloud
server to filter larger traffic loads.
Cloud firewalls, like hardware firewalls, excel at perimeter security.
For eg: Cloudflare Magic Firewall, AWS Firewall
24
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Web Security
There are different types of technologies available for maintaining the
best security standards.
Some popular technical solutions for testing, building, and preventing
threats include:
Black box testing tools
Fuzzing tools
White box testing tools
Web application firewalls (WAF)
Security or vulnerability scanners
Password cracking tools
25
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Software Security
Security software is any type of software that secures and protects a
computer, network or any computing-enabled device.
Security software is a broad term that encompasses a suite of
different types of software that deliver data and computer and
network security in various forms.
In end-user computing environments, anti-virus and anti-spam
software is the most common type of software used.
Whereas enterprise users add a firewall and intrusion detection
system on top of it.
25
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
IoT Threats
Anything that has connection to Internet is prone to threats.
Any threat on IoT is backed by a purpose. The purpose may differ
depending upon intruder’s target:
Since IoT enabled devices are used and operated by humans, an
intruder may try to gain unauthorized access to the device.
By gaining access to wireless IoT devices, the intruder may get hold
of confidential information.
IoT devices require low power and less computational capability.
⦁
25
2
Due to this, they cannot afford to have complex protocols. Therefore it
becomes an easy target for intruders.
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
IoT Threats
Vulnerability of IoT Devices:
There are two types of vulnerability:hardware and software.
⦁
A hardware vulnerability is difficult to detect.
⦁
However,it is more difficult to repair the damage.
⦁
Software vulnerability points towards a poorly written algorithm with a
back door.
⦁
Thus providing access to intruders for spying at such moments.
25
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
IoT Threats
Easy Exposure of IoT Devices:
Any device that is not attended or exposed to troublemakers is an
open invitation for threats.
In majority cases, IoT devices are prone to third-party exposure –
they either lay open or accessible to anyone.
⦁
Which means that an intruder can easily steal the device and connect it
with another device containing harmful data.
Thus extracting cryptographic secrets, modifying programming and
replacing devices with a malicious one.
25
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
IoT Threats
Threats to IoT:
There are two types of threat to IoT human threat and a natural
threat.
Any threat that occurs due to natural calamities like earthquakes,
hurricanes, the flood can cause severe damage to IoT devices.
In such cases,a backup is created to safeguard data.
But any damage to these devices cannot be repaired.
On the other hand, we do everything to curb human threats to IoT
devices.
These threats are malicious attacks.
25
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
IoT Threats
HumanAttacks on IoT Devices:
Cyber Reconnaissance:
⦁
Here intruder uses cracking techniques and malicious software to
conduct espionage on the targeted user to gain access to secret
information on the existing systems.
Brute ForceAttack :
⦁
Here the intruders make an attempt to guess user’s password with help
of automated software, which makes several attempts unless it gets the
right password to grant access.
Tracking:
⦁
25
6
User’s each move is captured using UID of IoT device. Tracking a user
gives away precise location in time where they wish to live.
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
S u m ma ry
In this module we discussed all security aspects required to establish
a network towards data sharing.
25
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H a s h Algorithm
NULL
The two parties may decline to use an algorithm.
In this case, there is no hash function and the message is not
authenticated.
MD5
The two parties may choose MD5 as the hash algorithm.
In this case, a 128-key MD5 hash algorithm is used.
SHA-1
The two parties may choose SHA as the hash algorithm.
In this case, a 160-bit SHA-1 hash algorithm is used.
19
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cipher Suite
The combination of key exchange, hash, and encryption algorithms
defines a cipher suite for each SSL session
DHE_RSA (ephemeral Diffie-Hellman with RSA digital signature)
“WITH” separates the key exchange algorithm.
DES_CBC as the encryption algorithm and SHA as the hash algorithm.
19
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cipher Suite: S S L cipher suite list
19
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Compression Algorithms
Compression is optional in SSLv3.
No specific compression algorithm is defined for SSLv3.
Therefore,the default compression method is NULL.
19
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cryptographic Parameter Generation
SSL needs six cryptographic secrets (4 keys & 2 IVs).
The client needs one key for HMAC, one key for encryption and one
IV for block encryption.The server needs same.
The parameters are generated using the following procedure:
1.
The client and server exchange two random numbers.
2.
The client and server exchange one pre-master secret using one
of the key-exchange algorithms.
3.
A 48 byte master secret is created from the pre-master secret by
applying two hash functions (SHA-1 and MD5).
19
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cryptographic Parameter Generation
Calculation of master secret from pre-master secret
19
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cryptographic Parameter Generation
4.
19
7
The master secret is used to create variable length key material
by applying the same set of hash functions and prepending with
different constants.
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cryptographic Parameter Generation
Six different keys are extracted from the key material, as shown
below
5.
Extractions of cryptographic secrets from key material
19
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Sessions and Connections
In a session, one party has the role of a client
and the other the role of a server;
in a connection, both parties have equal roles,
they are peers.
A session is an association between a client and a server.
After a session is established, the two parties have common
information such as the session identifier, the certificate
authenticating each of them (if necessary), the compression method
(if needed), the cipher suite, and a master secret that is used to
create keys for message authentication encryption.
19
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Sessions and Connections
• For two entities to exchange data, the establishment of a session is
necessary, but not sufficient.
• They need to create a connection between themselves.
• The two entities exchange two random numbers and create, using
the master secret, the keys and parameters needed for exchanging
messages involving authentication and privacy.
• A session can consist of many connections.
• A connection between two parties can be terminated and
reestablished within the same session.
• When a connection is terminated, the two parties can also
terminate the session, but it is not mandatory.
• A session can be suspended and resumed again.
• The separation of a session from a connection prevents the high
cost of creating a master secret
20
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Sessions and Connections
Session state parameters
20
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Sessions and Connections
Connection state parameters
20
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Sessions and Connections
The client and the server have six different
cryptography secrets: three read secrets
and three write secrets.
The read secrets for the client are the same as
the write secrets for the server and vice versa.
20
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Four Protocols
We have discussed the idea of SSL without showing how SSL
accomplishes its tasks.
SSL defines four protocols in two layers, as shown in next slide.
Topics in this session:
1.
Handshake Protocol
2.
ChangeCipher Spec Protocol
3.
Alert Protocol
4.
Record Protocol
20
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Four Protocols
20
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
It uses messages to negotiate the cipher suite, to authenticate the
server to the client and the client to the server if needed.
To exchange information for building the cryptographic secrets.
20
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Phase I of Handshake Protocol
20
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
After Phase I,the client and server know the
following:
❏ The version of SSL
❏ The algorithms for key exchange, message
authentication,and encryption
❏ The compression method
❏ The two random numbers for key
generation
20
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Phase II of Handshake Protocol
20
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
After Phase II,
❏ The server is authenticated to the client.
❏ The client knows the public key of the
server if required.
21
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Four cases in Phase II
21
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Phase III of Handshake Protocol
21
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
After Phase III,
❏ The client is authenticated for the server.
❏ Both the client and the server know the
pre-master secret.
21
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Four cases in Phase III
21
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Phase IV of Handshake Protocol
21
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
After Phase IV,the client and server are ready to
exchange data.
21
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
ChangeCipherSpec Protocol
In Handshake protocol the generation of cryptographic secrets and
the negotiation of the cipher suite is done.
SSL mandates the usage of these secrets until they have sent or
received a special message,“ChangeCipherSpec message”.
This message is exchanged during handshake protocol and defined
under ChangeCipherSpec protocol.
The sender and receiver has two states: Pending state and Active
state.
⦁
⦁
Pending state:keeps track of the secrets and parameters.
Active State: holds the parameters and secrets used by record protocol to
sign/verify messages.
This protocol defines the process of moving values between the
pending and active states.
21
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
ChangeCipherSpec Protocol
21
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Alert Protocol
SSL uses alert protocol for reporting errors and abnormal
conditions.
21
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Record Protocol
The record protocol carries message from the upper layer.
The message is fragmented and optionally compressed.
A MAC is added to the compressed message using the negotiated
hash algorithm.
The compressed fragment and MAC are encrypted using the
negotiated encryption algorithm.
Finally SSL header is added to the encrypted message.
22
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Record Protocol
22
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Record Protocol
Calculation of MAC
22
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Transport Layer Security (TLS)
The Transport Layer Security (TLS) protocol is the IETF standard
version of the SSL protocol.
The two are very similar, with slight differences.
Topics discussed in this section:
⦁
Version
⦁
Generation of Cryptographic Secrets
⦁
Handshake Protocol
⦁
Cipher Suite
⦁
Alert Protocol
⦁
Record Protocol
22
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Version
The first difference is the version number (major and minor).
The current version of SSL is 3.0
The current version ofTLS is 1.0
In other words,SSLv3.0 is compatible withTLSv1.0.
22
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cipher Suite
Another minor difference between SSL and TLS is the lack of
support for the Fortezza method.
TLS does not support Fortezza for key exchange or for
encryption/decryption.
Table in the next slide shows the cipher suite list for TLS (without
export entries).
22
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Cipher Suite
22
6
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Generation of Cryptographic Secrets
Data Expansion Function
22
7
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Generation of Cryptographic Secrets
Pseudorandom Function (PRF)
22
8
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Generation of Cryptographic Secrets
Pre master Secret:
⦁
The generation of pre-master secret inTLS is exactly the same as in SSL.
⦁
TLS uses the PRF function to create the master secret from the premaster secret.
Master Secret:
22
9
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Generation of Cryptographic Secrets
Key Material:
TLS uses the PRF function to create the key material from the
master secret.
This time the secret is the master secret, the label is “key
expansion”.
23
0
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Alert Protocol
TLS supports all of the alerts defined in SSL except for
NoCertificate.
TLS also adds some new ones to the list.
Table in next slide shows the full list of alerts supported byTLS.
23
1
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Alert Protocol
23
2
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
CertificateVerify Message:
23
3
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
H an dshake Protocol
Hash for Finished message inTLS
23
4
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT
Record Protocol
HMAC for TLS
23
5
Dr. Budhaditya Bhattacharyya, Asso.
Prof. (Sr), SENSE, VIT