Cs490ns-cotter1 SSH / SSL Supplementary material.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

Cryptography and Network Security Chapter 16
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security
Chapter 5 Network Security Protocols in Practice Part I
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Chapter 8 Web Security.
SSH Secure Login Connections over the Internet
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Network Security Essentials Chapter 5
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
06 APPLYING CRYPTOGRAPHY
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Understand Internet Security LESSON Security Fundamentals.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Cryptography CSS 329 Lecture 13:SSL.
1 Example security systems n Kerberos n Secure shell.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
SECURING NETWORK TRAFFIC WITH IPSEC
SECURE SHELL MONIKA GUPTA COT 4810.
The Secure Sockets Layer (SSL) Protocol
SSH – the practical solution
Chapter 7 Network Applications
Presentation transcript:

cs490ns-cotter1 SSH / SSL Supplementary material

cs490ns-cotter2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed –rlogin –rcp –rsh All data was unencrypted –This was a different world than exists today.

cs490ns-cotter3 SSH SSH is a UNIX-based command interface and protocol for securely accessing a remote computer Suite of four utilities—slogin, ssh, sftp, and scp Can protect against: –IP spoofing –DNS spoofing –Intercepting information

cs490ns-cotter4 SSH Objectives Protect data sent over the network –Negotiate an encryption algorithm between sender and receiver –Use that algorithm and a session key to encrypt / decrypt data sent Provide site authentication –Use public key / fingerprint to ensure identity of remote host. –Relies on locally generated keys, so no certifying authority is generally available.

cs490ns-cotter5 SSH Graphical Client

cs490ns-cotter6 SSH Command Line Client (Linux)

cs490ns-cotter7 SSH Communications Using password SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) OK S_key(Uname,pwd) OK S_key(data) Send Serv_Pub_Key

cs490ns-cotter8 SSH Wire Shark Trace

SSH Communications Using Public Key Problems with Password Authentication –Passwords can be guessed. –Default allows multiple attempts against account –Only 1 account / password needs to be guessed –Alternate approach is to use public / private keys to authenticate user Public Key Authentication –Create public / private keypair –Ensure that private –Upload public key to server user account: ~.ssh/authorized_keys –ssh –o PreferredAuthentications=publickey server.example.org

SSH Communications Using Public Key cs490ns-cotter SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) OK S_key(Uname) OK S_key(data) Send Serv_Pub_Key Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random)

cs490ns-cotter11 sFTP in Linux

cs490ns-cotter12 SFTP

cs490ns-cotter13 SFTP

cs490ns-cotter14 SSH Tunneling Use SSH to create an encrypted channel between remote host and server Use that encrypted channel to carry other traffic. SSH Tunnel www access Web Server Local port Internet LAN

SSH Tunneling ssh –L 12345: :80 –l root homenet.net

cs490ns-cotter16 SSH Tunneling

cs490ns-cotter17 Secure Copy (scp) Allows encrypted transfer of files between machines Download files from server: –scp myfile1.txt password: xxxxx Upload files to server –Scp myfile.txt password: xxxxx

cs490ns-cotter18 SSH Passwordless Login On remote client: –Create key pair. Store in.ssh subdirectory On ssh server: –Modify sshd_config to allow shosts based authentication –Create.shosts file in user’s subdirectory –Copy public key from remote client to.ssh subdirectory/authorized_keys

cs490ns-cotter19 SSH Passwordless Login SSH Client SSH Server SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) OK S_key(Uname) OK S_key(data) Send Serv_Pub_Key Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random)

cs490ns-cotter20 SecureSockets Layer (SSL) Transport Layer Security (TLS) Originally developed by Netscape to support encrypted access to web servers. SSL v3 released Served as the basis for IETF standard TLS (1999) Used by major financial institutions for secure commerce over the Internet Early problem with weak keys resolved with longer (128-bit) keys

cs490ns-cotter21 SSL / TLS Application (www) SSL / TLS TCP IP

cs490ns-cotter22 SSL/TLS Handshake SSL Client SSL Server Client hello Ciphers I have Server Hello Cipher I choose Server certificate (S_Pub) OK S_Pub(Session_key) Session_key(data)

cs490ns-cotter23 SSL/TLS Security Depends on integrity of public key certificate Public Key Infrastructure (PKI) –Components necessary to securely distribute public keys –Certificate Authorities: Organizations that certify the relationship between a public key and its owner. –Verisign,Thawte

cs490ns-cotter24 SSL/TLS Implementations SSL v2 – Still in use SSL v3 – Most widely deployed TLS v1 – Starting Deployment OpenSSL – Linux/UNIX toolkit that supports all 3 protocols listed above. Private Communication Technology (PCT) –Developed by Microsoft –Compatible with SSL v2 Versions are not completely compatible

SSL/TLS Vulnerability SSL/TLS supports the concept of session renegotiation due to errors, requests, etc. This feature assumes that the renegotiation is with the original party, and any requests or messages transmitted before the renegotiation are combined (pre-pended) with the requests after renegotiation This behavior can be abused to allow man-in-the-middle attacks Demonstrated with https, but the vulnerability exists with any application that uses SSL/TLS

SSL/TLS Vulnerability Client MITMServer TLS handshake session #1 TLS handshake session #2 GET /ebanking/paymemoney.cgi? Acc=LU ?amount=1000 Ignore-what-comes-now; Trigger renegotiation TLS handshake session #1 continued within the encrypted session #2 Client has authenticated session At app layer (with cookie) GET /ebanking/ Cookie: AS X Server receives: GET /ebanking/paymemoney.cgi? Acc=LU ?amount=1000 Ignore-what-comes-now; GET /ebanking/ Cookie: AS

cs490ns-cotter27 References SSH –SSH Tutorial ( Tutorial – –UNIX Secure Shell – Carasik – McGraw-Hill, 1999 –SSH Agent Forwarding (unixwiz.net/techtips/ssh-agent-forwarding.html)unixwiz.net/techtips/ssh-agent-forwarding.html SSL – –RFCs – 2246, 3546 –SSL Authentication Gap (SSL Gap) ( ) –TLS/SSL renegotiation vulnerability explained ( )

SSH RFCs 4250 The Secure Shell (SSH) Protocol Assigned Numbers. –S. Lehtinen, C. Lonvick, Ed.. January (Format: TXT=44010 bytes) –(Status: PROPOSED STANDARD) 4251 The Secure Shell (SSH) Protocol Architecture. –T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=71750 bytes) –(Status: PROPOSED STANDARD) 4252 The Secure Shell (SSH) Authentication Protocol. – T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=34268 bytes) –(Status: PROPOSED STANDARD) 4253 The Secure Shell (SSH) Transport Layer Protocol. – T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=68263 bytes) –(Status: PROPOSED STANDARD) 4254 The Secure Shell (SSH) Connection Protocol. – T. Ylonen, C. Lonvick, Ed.. January (Format: TXT=50338 bytes) – (Status: PROPOSED STANDARD) 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. – J. Schlyter, W. Griffin. January (Format: TXT=18399 bytes) –(Status: PROPOSED STANDARD) 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). –F. Cusack, M. Forssen. January (Format: TXT=24728 bytes) –(Status: PROPOSED STANDARD) 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. –M. Bellare, T. Kohno, C. Namprempre. January (Format: TXT=27521 bytes) –(Status: PROPOSED STANDARD) 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. – M. Friedl, N. Provos, W. Simpson. March (Format: TXT=18356 bytes) –(Status: PROPOSED STANDARD) 4716 The Secure Shell (SSH) Public Key File Format –. J. Galbraith, R. Thayer. November (Format: TXT=18395 bytes) – (Status: INFORMATIONAL) 4819 Secure Shell Public Key Subsystem. –J. Galbraith, J. Van Dyke, J. Bright. March (Format: TXT=32794 bytes) –(Status: PROPOSED STANDARD)

cs490ns-cotter29 Summary SSH –Supports secure remote access to hosts –SSH – secure shell –SCP – secure copy –SFTP – secure file transfer SSL –Provides a framework for incorporating secure communications into applications –Uses strong cryptography –Can rely on PKI for reliable sharing of public keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.