SSH / SSL
advertisement
SSH / SSL Supplementary material cs490ns-cotter 1 Secure Shell (SSH) • One of the primary goals of the ARPANET was remote access • Several different connections allowed – rlogin – rcp – rsh • All data was unencrypted – This was a different world than exists today. cs490ns-cotter 2 SSH • SSH is a UNIX-based command interface and protocol for securely accessing a remote computer • Suite of four utilities—slogin, ssh, sftp, and scp • Can protect against: – IP spoofing – DNS spoofing – Intercepting information cs490ns-cotter 3 SSH Objectives • Protect data sent over the network – Negotiate an encryption algorithm between sender and receiver – Use that algorithm and a session key to encrypt / decrypt data sent • Provide site authentication – Use public key / fingerprint to ensure identity of remote host. – Relies on locally generated keys, so no certifying authority is generally available. cs490ns-cotter 4 SSH Graphical Client cs490ns-cotter 5 SSH Command Line Client (Linux) cs490ns-cotter 6 SSH Communications Using password SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) OK S_key(Uname,pwd) OK S_key(data) cs490ns-cotter 7 SSH Wire Shark Trace cs490ns-cotter 8 SSH Communications Using Public Key • Problems with Password Authentication – – – – Passwords can be guessed. Default allows multiple attempts against account Only 1 account / password needs to be guessed Alternate approach is to use public / private keys to authenticate user • Public Key Authentication – – – – Create public / private keypair Ensure that private Upload public key to server user account: ~.ssh/authorized_keys ssh –o PreferredAuthentications=publickey server.example.org SSH Communications Using Public Key SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) OK S_key(Uname) Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random) OK S_key(data) cs490ns-cotter sFTP in Linux cs490ns-cotter 11 SFTP cs490ns-cotter 12 SFTP cs490ns-cotter 13 SSH Tunneling • Use SSH to create an encrypted channel between remote host and server • Use that encrypted channel to carry other traffic. www access LAN Internet Web Server 192.168.1.10 Local port 12345 cs490ns-cotter SSH Tunnel 14 SSH Tunneling ssh –L 12345:192.168.1.10:80 –l root homenet.net SSH Tunneling cs490ns-cotter 16 Secure Copy (scp) • Allows encrypted transfer of files between machines • Download files from server: – scp user@server.net:myfile1.txt myfile1.txt – user@server.net’s password: xxxxx • Upload files to server – Scp myfile.txt user@server.net:myfile.txt – user@server.net’s password: xxxxx cs490ns-cotter 17 SSH Passwordless Login • On remote client: – Create key pair. Store in .ssh subdirectory • On ssh server: – Modify sshd_config to allow shosts based authentication – Create .shosts file in user’s subdirectory – Copy public key from remote client to .ssh subdirectory/authorized_keys cs490ns-cotter 18 SSH Passwordless Login SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) OK S_key(Uname) Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random) OK S_key(data) cs490ns-cotter 19 SecureSockets Layer (SSL) Transport Layer Security (TLS) • Originally developed by Netscape to support encrypted access to web servers. • SSL v3 released 1996. • Served as the basis for IETF standard TLS (1999) • Used by major financial institutions for secure commerce over the Internet • Early problem with weak keys resolved with longer (128-bit) keys cs490ns-cotter 20 SSL / TLS Application (www) SSL / TLS TCP IP cs490ns-cotter 21 SSL/TLS Handshake SSL Client SSL Server Client hello Ciphers I have Server Hello Cipher I choose Server certificate (S_Pub) S_Pub(Session_key) OK Session_key(data) OK cs490ns-cotter 22 SSL/TLS Security • Depends on integrity of public key certificate • Public Key Infrastructure (PKI) – Components necessary to securely distribute public keys – Certificate Authorities: Organizations that certify the relationship between a public key and its owner. – Verisign,Thawte cs490ns-cotter 23 SSL/TLS Implementations • • • • SSL v2 – Still in use SSL v3 – Most widely deployed TLS v1 – Starting Deployment OpenSSL – Linux/UNIX toolkit that supports all 3 protocols listed above. • Private Communication Technology (PCT) – Developed by Microsoft – Compatible with SSL v2 • Versions are not completely compatible cs490ns-cotter 24 SSL/TLS Vulnerability • SSL/TLS supports the concept of session renegotiation due to errors, requests, etc. • This feature assumes that the renegotiation is with the original party, and any requests or messages transmitted before the renegotiation are combined (pre-pended) with the requests after renegotiation • This behavior can be abused to allow man-in-the-middle attacks • Demonstrated with https, but the vulnerability exists with any application that uses SSL/TLS SSL/TLS Vulnerability Client MITM Server TLS handshake session #1 TLS handshake session #2 Trigger renegotiation GET /ebanking/paymemoney.cgi? Acc=LU00000000?amount=1000 Ignore-what-comes-now; X TLS handshake session #1 continued within the encrypted session #2 Client has authenticated session At app layer (with cookie) GET /ebanking/ Cookie: AS2398648756083745 Server receives: GET /ebanking/paymemoney.cgi? Acc=LU00000000?amount=1000 Ignore-what-comes-now; GET /ebanking/ Cookie: AS2398648756083745 References • SSH – – – – SSH Tutorial (http://www.suso.org/docs/shell/ssh.sdf) www.openssh.org UNIX Secure Shell – Carasik – McGraw-Hill, 1999 SSH Agent Forwarding (unixwiz.net/techtips/ssh-agent-forwarding.html) • SSL – www.openSSL.org – RFCs – 2246, 3546 – SSL Authentication Gap (SSL Gap) (http://www.phonefactor.com/sslgap ) – TLS/SSL renegotiation vulnerability explained (http://www.g-sec.lu/practicaltls.pdf ) cs490ns-cotter 27 SSH RFCs • 4250 The Secure Shell (SSH) Protocol Assigned Numbers. – – • 4251 The Secure Shell (SSH) Protocol Architecture. – – • TXT=24728 bytes) M. Bellare, T. Kohno, C. Namprempre. January 2006. (Format: TXT=27521 (Status: PROPOSED STANDARD) M. Friedl, N. Provos, W. Simpson. March (Status: PROPOSED STANDARD) 2006. (Format: TXT=18356 bytes) 4716 The Secure Shell (SSH) Public Key File Format – – • F. Cusack, M. Forssen. January 2006. (Format: (Status: PROPOSED STANDARD) bytes) 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. – – • TXT=18399 bytes) 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. – – • J. Schlyter, W. Griffin. January 2006. (Format: (Status: PROPOSED STANDARD) 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). – – • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=50338 bytes) (Status: PROPOSED STANDARD) 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. – – • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=68263 bytes) (Status: PROPOSED STANDARD) 4254 The Secure Shell (SSH) Connection Protocol. – – • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=34268 bytes) (Status: PROPOSED STANDARD) 4253 The Secure Shell (SSH) Transport Layer Protocol. – – • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=71750 bytes) (Status: PROPOSED STANDARD) 4252 The Secure Shell (SSH) Authentication Protocol. – – • S. Lehtinen, C. Lonvick, Ed.. January 2006. (Format: TXT=44010 bytes) (Status: PROPOSED STANDARD) . J. Galbraith, R. Thayer. November 2006. (Format: TXT=18395 bytes) (Status: INFORMATIONAL) 4819 Secure Shell Public Key Subsystem. – – J. Galbraith, J. Van Dyke, J. Bright. March 2007. (Format: TXT=32794 bytes) (Status: PROPOSED STANDARD) Summary • SSH – – – – Supports secure remote access to hosts SSH – secure shell SCP – secure copy SFTP – secure file transfer • SSL – Provides a framework for incorporating secure communications into applications – Uses strong cryptography – Can rely on PKI for reliable sharing of public keys cs490ns-cotter 29
