SSL and IPSec CS461/ECE422 Spring 2012. Reading Chapter 22 of text Look at relevant IETF standards.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Web Security CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 8 Web Security.
Slide #11-1 SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Security Tunneling Cyber Security Spring Reading Material IPSec overview –Chapter 6 – Network Security Essentials, William Stallings SSH –RFCs 4251,
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
1 Network Security Lecture 8 IP Sec Waleed Ejaz
CSCE 715: Network Systems Security
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
1 ISA 662 Information System Security 9. Network Security CISSP Domain 7 and Chapter 11.3 and.4 of Bishop.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
ISA 662 Information System Security
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Cryptography CSS 329 Lecture 13:SSL.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
Computer and Network Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Chapter 18 IP Security  IP Security (IPSec)
IT443 – Network Security Administration Instructor: Bo Sheng
UNIT.4 IP Security.
BINF 711 Amr El Mougy Sherif Ismail
Virtual Private Networks (VPNs)
SSL (Secure Socket Layer)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Presentation transcript:

SSL and IPSec CS461/ECE422 Spring 2012

Reading Chapter 22 of text Look at relevant IETF standards

SSL Transport layer security – Provides confidentiality, integrity, authentication of endpoints – Developed by Netscape for WWW browsers and servers Internet protocol version: TLS – Compatible with SSL – Standard rfc2712rfc2712

Working at Transport Level Data link, Network, and Transport headers sent unchanged Original transport header can be protected if tunneling Ethernet Frame Header IP Header TCP Header TCP data stream Encrypted/authenticated Regardless of application

SSL Sessions and Connections SSL Sessions – Association between client and server – Created by Handshake protocol – Defines set of cryptographic security parameters SSL Connections – A transport-level connection – Potentially many connections per session – Share cryptographic parameters of session

SSL Protocol Stack

SSL Record Protocol Operation

Slide #11-8 Record Protocol Overview Lowest layer, taking messages from higher –Max block size 16,384 bytes –Bigger messages fragmented into multiple blocks –Construction –Block b compressed; call it b c –MAC computed for b c If MAC key not selected, no MAC computed –b c, MAC enciphered If enciphering key not selected, no enciphering done –SSL record header prepended

SSL Handshake Protocol Used to initiate connection – Sets up parameters for record protocol – 4 rounds Upper layer protocol – Invokes Record Protocol Note: what follows assumes client, server using RSA as interchange cryptosystem

Handshake Protocol: Phase 1 and 2

Handshake Round 1 Client Server { v C || r 1 || s 1 || ciphers || comps } Client Server {v || r 2 || s 1 || cipher || comp } v C Client’s version of SSL vHighest version of SSL that Client, Server both understand r 1, r 2 nonces (timestamp and 28 random bytes) s 1 Current session id (0 if new session) ciphersCiphers that client understands compsCompression algorithms that client understand cipherCipher to be used compCompression algorithm to be used

Handshake Round 2 Client Server {certificate } Note: if Server not to authenticate itself, only last message sent; third step omitted if Server does not need Client certificate k S Server’s private key ctypeCertificate type requested (by cryptosystem) gcaAcceptable certification authorities er2End round 2 message Client Server {mod || exp || Sig S (h(r 1 || r 2 || mod || exp)) } Client Server {ctype || gca } Client Server {er2 }

Handshake Protocols: Phases 3 and 4

Handshake Round 3 Client Server { pre }Pub S msgsConcatenation of previous messages sent/received this handshake opad, ipadAs above Client Server { h(master || opad || h(msgs || master | ipad)) } Both Client, Server compute master secret master: master =MD5(pre || SHA(‘A’ || pre || r 1 || r 2 ) || MD5(pre || SHA(‘BB’ || pre || r 1 || r 2 ) || MD5(pre || SHA(‘CCC’ || pre || r 1 || r 2 ) Client Server { client_cert }

Handshake Round 4 Client Server { h(master || opad || h(msgs || 0x434C4E54 || master || ipad )) } msgsConcatenation of messages sent/received this handshake in previous rounds (does notinclude these messages) opad, ipad, masterAs above Client Server { h(master || opad || h(msgs || 0x || master | ipad)) } Server sends “change cipher spec” message using that protocol Client Server Client sends “change cipher spec” message using that protocol Client Server

Supporting Crypto Algorithms The standard dictates algorithms that must be supported – Classical ciphers ensure confidentiality, cryptographic – checksums added for integrity Only certain combinations allowed – Won’t allow really weak confidentiality algorithm with really strong authentication algorithm Standard is augmented over time – E.g., AES added in 2002 by rfc3268

RSA: Cipher, MAC Algorithms

MITM Attacks Classic attack foiled by certificates Assuming certificates can be verified correctly Not necessarily the case if the root certificates cannot be trusted More subtle attacks appear over time – TLS Authentication Gap Interaction of TLS and HTTP Application above SSL/TLS tends to be HTTP but does not have to be

IPsec Network layer security – Provides confidentiality, integrity, authentication of endpoints, replay detection Protects all messages sent along a path dest gw2gw1 src IP IP+IPsecIP security gateway

Standards Original RFC’s Mandatory portion of IPv6 Bolted onto IPv4 Newer standards – IKE: Standardized Key Management Protocol RFC 2409 RFC 2409 – NAT-T: UDP encapsulation for traversing address translation RFC 3948RFC 3948

Network Level Encryption Data link header and network header is unchanged With tunneling original IP header can be protected Ethernet Frame Header IP Header IP packet Encrypted/authenticated Regardless of application

IPsec Transport Mode Encapsulate IP packet data area Use IP to send IPsec-wrapped data packet Note: IP header not protected encapsulated data body IP header

IPsec Tunnel Mode Encapsulate IP packet (IP header and IP data) Use IP to send IPsec-wrapped packet Note: IP header protected encapsulated IP header and data body IP header

IPsec Protocols Authentication Header (AH) – Integrity of payload – Integrity of outer header – Anti-replay Encapsulating Security Payload (ESP) – Confidentiality of payload and inner header – Integrity of payload (and now header)

ESP and integrity Originally design, use AH to add integrity if needed. Bellovin showed integrity is always needed – So added directly to ESP – rs/badesp.pdf rs/badesp.pdf

IPsec Architecture Security Association (SA) – Association between peers for security services Identified uniquely by dest address, security protocol (AH or ESP), unique 32-bit number (security parameter index, or SPI) – Unidirectional Can apply different services in either direction – SA uses either ESP or AH; if both required, 2 SAs needed

SA Database Entries Sequence number counter Sequence counter overflow Anti-replay window AH or ESP information: algorithms, keys, key lifetimes Lifetime of SA IPSec mode: Tunnel or transport PathMTU

ESP Header

Slide #11-29 Key Points Separation of negotiation phase and operational phase Standardized elements for algorithm support Similar functionality between SSL and IPSec Difference in network stack level

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.