Ipsec SSL
Ipsec SSL
Ipsec SSL
HTTP
FTP
TCP
IP
Can be at just about any point
SMTP
FTP
SMTP
TCP
AH
ESP
IP
Network approach
HTTP
FTP
SSL/PCT/TLS
TCP
IP
Transport approach
SET
S-HTTP
S/MIME
TCP
IP
Application approach
SMTP
HTTP
PGP
FTP
SMTP
TCP
IP
Presentation approach
Sponsored by IETF
IPSec working group
Scheduled to be integral
component of IPv6
Supports strong
authentication and
encryption at layer 3
Bi-directional tunnel
Packet filtering is primary
access control method
Requires Public Key
Infrastructure (PKI)
IP Layer Security
Functionality
AH (Authentication Header): integrity and authenticity
ESP (Encrypted Security Payload): confidentiality, optional
authentication & integrity
Key Management
Manual Keying (required)
Key Management Protocols (in flux)
Authentication Header
Higher Level
Protocol Data
Hop-by-Hop Authentication
Higher Level
Other Headers
Routing
Header
Protocol Data
Length
Reserved
IPSec Authentication
SPI: identifies the security association to use for this packet
type of crypto checksum, how large it is, and how it is computed
authentication data
hash of packet contents include IP header as as specified by the transform
indicated by the SPI
treat fields which change hop-by-hop (TTL, header checksum) as zero
Secret
Key
Key
Key
Encrypted
ESP Header
Encrypted Data
IPSec Encryption
ESP Modes
Tunnel-mode: payload in a whole IP datagram, mobile-IP
Transport Mode: payload is a higher level IP protocol, e.g., TCP/UDP
Omitting the AH
ESP does not generally protect against modification
ESP is vulnerable to header cut-and-paste attack
attacker takes out the ESP out of packets and inserts a new ESP destined
for another machine (when IPSec proxy is used)
another solution is to assign unique security associations to different
pairs of communicating hosts (burden on administrators)
IPSec Issues
Benefits:
Concerns:
SSL Version 1: Was quickly replaced by SSL v2. Not in use today.
SSL Version 2: Has some security problems. Still supported.
PCT: Microsofts response to SSL 2.0. Fixes some problems, but
has been supplanted by SSL 3.0.
SSL Version 3: Complete redesign of SSL. Fixed the problems in
previous versions and added many features
TLS: Under development IETF standard based on SSL 3.0 with
enhancements.
SSL Protocols
The handshake Protocol:
negotiates the use of new crypto
algorithms and keys.
The record protocol: functions
as a layer beneath all SSL
messages and indicates the
encryption and integrity
protection being applied to the
data.
The alert protocol: when errors
have occurred or when a session
is being ended.
Client
Server
Server Certificate
MasterSecret
Digital Signature
8. Both send ChangeCipherSpec messages.
Servers
Private Key
Record Layers:
SSL Plaintext - type, SSL
version, length, data
SSL compressed compressed (SSL plaintext)
SSL Ciphertext - encrypted
(MAC and SSLcompressed)
SSL ciphertext
MAC
Content Padding
SSL compressed
SSL Plaintext
Real application data
Four keys are used and
derived from the MasterSecret:
Server write key
Client write key
Server write MAC secret
Client write MAC secret
Dictionary Attack
for instance, take HTTP get command and use every possible key to
precompute encrypted form of the plaintext.
SSL protects by having very large key spaces (even export version is
actually 54 bit with 88 bits disclosed)
Replay Attack
Attack works by rerunning the messages sent earlier
SSL defeats it by using a 128-bit nonce value that is unique to that
connection
Man-In-the-Middle Attack
SSL uses signed certificates to authenticate the servers public key
Only using SSL for forms not all or most of your site
no caching of SSL by default therefore performance issues
whats wrong with this picture:
https://www.company.com/order_form.cgi
<FORM ACTION=http://www.company.com/process_order.cgi METHOD=POST>
Web Spoofing
Web spoofing is pretending to be somebody elses web site
Allows traffic to be intercepted and changed
All Web traffic must pass through attackers proxy
somebody puts a false link in a popular Web page
by choosing DNS name very close to the real one (www.isbankasi.com.tr
instead of www.isbank.com.tr)
Web Spoofing
you.com
good.com
Browser
WWW Server
Link
4
bad.com
http://bad.com/http://good.com/file
Modified URL
WWWserver
Call good.com to
get file
Return to you.com
http://good.com/file
Normal URL
Basic issues
Widely available, user-friendly transaction protocol (HTTP)
Authenticating the customer and vendor
Key management with naive users
Liability with bogus transactions
Web Transactions
Three key elements
forms: Web pages with HTML functions to collect data from the user
the POST command: transmits the collected data values to the server
CGI Scripts: programs that process submitted data and return a Web
page
SSL-enabled Client
1. Implement the latest version of the SSL protocol.
2. Implement a good RSA key exchange.
3. Support a few effective secret key ciphers.
4. Disable any inadequate crypto (e.g., 40 bits or 56 bits).
5. Ensure interoperability with SSL servers.
6. Provide a clear indication when SSL is working.
7. Protect against theft.
8. Support hardware crypto modules as well as software.
9. Block or restrict downloaded executable contents.
10. Use pre-installed public keys to validate server certificate.
11. SSL client authentication.
12. Support additional server authority keys.
SSL-enabled Server
1. Security on the server host must be as tight as possible.
2. Implement the latest version of the SSL protocol.
3. Implement a good RSA key exchange.
4. Support a few effective secret key ciphers.
5. Configure the secret key length to the application.
6. Provide server event logging.
7. Protect against host subversion.
8. Enforce SSL client authentication.
9. Do not share directories and files between http and https server.
10. If more than one option is available, always choose the latest version and
strongest ciphersuite.
References
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: