Tunneling and Securing TCP Services Nathan Green

Outline Concept of Tunneling Tunneling Protocols –SSL –SSH –SOCKS Examples of Useful Tunnels

Introduction Many popular protocols were designed before security became a major issue –FTP –POP –Telnet –HTTP

Vulnerabilities Sniffing – a problem because many protocols (SMTP, POP, HTTP, etc) transmit data in clear text. Connection hijacking – after a successful authentication, an attacker can take over the connection and initiate requests/intercept replies

Vulnerabilities False Authentication – many protocols rely solely on IP or domain names Data Spoofing – attackers can easily manipulate/inject packets (MitM) Implementation/configuration – misconfigured systems can put machines at risk DoS Attacks

Unfortunately, most companies can’t afford to discontinue the use of POP or FTP since many still use them A solution to this problem is tunneling

Tunneling Tunneling is the transmission of data intended for private use through a public network Tunnel: a virtual link between two network nodes Generally accomplished by encapsulating the private data and protocol information within public network packets so the private protocol appears to the public as ordinary data

Low Level Tunneling Protocols Layer 2 –L2F: Layer 2 Forwarding –PPTP: Point-To-Point Tunneling Protocol –L2TP: Layer 2 Tunneling Protocol Layer 3 –IPSec: IP Security Protocol –VTP: Virtual Terminal Protocol –ATMP: Ascend Tunnel Management Protocol

High-Level Tunneling Protocols SSL SSH SOCKS

SSL: Secure Sockets Layer Encrypts communications between Web servers and Web browsers for tunneling over the Internet. SSL alone is nothing but a handshake and encryption. Developed by Netscape for securing HTTP Not clear at what level it is implemented. Transport? Session? Application layer?

SSL: Secure Sockets Layer

SSL Architecture Has two layers of protocols...

SSL Architecture SSL Handshake Protocol –Negotiation of security algorithms and parameters –Key exchange –Server/client authentication SSL Alert Protocol –Error messages SSL Change Cipher Spec Protocol –A single message that indicates the end of the SSL handshake SSL Record Protocol –Fragmentation –Compression –Message authentication –Encryption

SSL Handshake Protocol Establishes a TCP/IP connection Client/server negotiate encryption and MAC algorithms Negotiate cryptographic keys to be used. The client and server agree on the level of security they will use

SSL Handshake Protocol 1)The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL. 2) The server sends the client the server's SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate. INTERNET

Server Authentication Sample Certificate

5) Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection). 7) The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. 6) The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. SSL Handshake Protocol 3) The client creates the pre-master secret for the session, encrypts it with the server’s public key obtained from the server’s certificate, and sends it to the server Optional: Server requests client authentication: the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client's own certificate to the server along with the encrypted pre-master secret. The server then authenticates the client 4) The server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret. Does this different ways: RSA, Fixed DH, Ephemeral DH, Anonymous DH, Fortezza INTERNET

In the case of server authentication, the client encrypts the pre-master secret with the server's public key. Only the corresponding private key can correctly decrypt the secret, so the client has some assurance that the identity associated with the public key is in fact the server with which the client is connected. Otherwise, the server cannot decrypt the pre-master secret and cannot generate the symmetric keys required for the session, and the session will be terminated. This is the normal operation condition of the secure channel. At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself.

Single message that indicates end of handshake SSL Change Cipher Spec Protocol

SSL Alert Protocol Fatal alerts and warnings

SSL Record Protocol Fragment: separated into blocks Compress MAC: Message Authentication Code, a cryptographic checksum Encrypt

SSL Record Protocol Format

Difference Between SSL and TLS Not much –TLS is the IETF protocol standard that grew out of SSL 3.0, documented by RFC 2246 –TLS doesn’t support Fortezza key exchange/encryption –More alert codes in SSL –TLS current version number is 3.1

SSH SSH is a protocol for secure remote login, shell, and file copying other secure network services over an insecure network Replace RSH, RCP, RLOGIN Runs at application layer Uses RSA public key cryptography Data flow directions client->server and server->client are independent, may use different algos (i.e. 3DES+SHA1 and Blowfish+MD5) Currently SSH v2 is the standard

SSH Components The Transport Layer Protocol provides server authentication, confidentiality, and integrity. It may optionally also provide compression. The transport layer will typically be run over a TCP/IP connection. The User Authentication Protocol authenticates the client-side user to the server. It runs over the transport layer protocol. The Connection Protocol multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol. –these logical channels can be used for a wide range of purposes secure interactive shell sessions TCP port forwarding

Difference Between SSL and SSH SSL originally intended for web sessions SSL is a drop-in which other applications run over Server authentication optional SSL alone is just a handshake and encryption SSH originally intended for replacing telnet and FTP SSH is a Swiss-army-knife designed to do many different things Server authentication required SSH alone allows you to do lots of different things

SOCKS A security protocol used to communicate through a firewall or proxy server Defined in RFC 1928

SOCKS When a TCP-based client wishes to establish a connection to an object that is reachable only via a firewall, it must open a TCP connection to the appropriate SOCKS port on the SOCKS server system. The SOCKS service is conventionally located on TCP port If the connection request succeeds, the client enters a negotiation for the authentication method to be used, authenticates with the chosen method, then sends a relay request. The SOCKS server evaluates the request, and either establishes the appropriate connection or denies it.

Example of Useful Tunnels POP3 –Open a secure tunnel using SSH –Needs an accessible shell account on the server –$ ssh -L 110:mail.my.org:110 tunnel.my.org –Set mail client to query ‘localhost’ as the POP3 server IMAP –Same setup, different port number (220) Telnet –$ ssh -L 23:server.my.org:23 tunnel.my.org –$ telnet localhost

Alternatives IPv6 VPN IPSec