1. CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi

2. Lecture (9) Internet Security

3. Internet Security Protocols and Standards  Secure Sockets Layer (SSL) / Transport Layer Security (TLS)  IPv4 and IPv6 Security

4. Secure Sockets Layer (SSL)  Transport layer security service originally developed by Netscape version 3 designed with public input  Subsequently became Internet standard RFC2246: Transport Layer Security (TLS)  Use TCP to provide a reliable end-to-end service  May be provided in underlying protocol suite  Or embedded in specific packages

5. SSL Protocol Stack

6. SSL Record Protocol Services  Message integrity using a MAC with shared secret key  Confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption

7. SSL Record Protocol Operation

8. Change Cipher Spec Protocol  One of 3 SSL specific protocols which use the SSL Record protocol  A single message  Causes pending state to become current  Hence updating the cipher suite in use

9. SSL Alert Protocol  Conveys SSL-related alerts to peer entity  Severity warning or fatal  Specific alert fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  Compressed & encrypted like all SSL data

10. SSL Handshake Protocol  Allows server & client to: authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used  Comprises a series of messages in phases 1.Establish Security Capabilities 2.Server Authentication and Key Exchange 3.Client Authentication and Key Exchange 4.Finish

11. SSL Handshake Protocol

12. IP Security  Various application security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS  Security concerns cross protocol layers  Hence would like security implemented by the network for all applications  Authentication & encryption security features included in next-generation IPv6  Also usable in existing IPv4

13. IPSec  General IP Security mechanisms  Provides authentication confidentiality key management  Applicable to use over LANs, across public & private WANs, & for the Internet

14. IPSec Uses

15. IP Security Architecture  Mandatory in IPv6, optional in IPv4  Have two security header extensions: Authentication Header (AH) Encapsulating Security Payload (ESP) Key Exchange function  VPNs want both authentication/encryption hence usually use ESP  Specification is quite complex numerous RFC’s 2401/2402/2406/2408

16. IP Security Associations  A one-way relationship between sender & receiver that affords security for traffic flow  Defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier  Has a number of other parameters seq no, AH & EH info, lifetime etc.  Have a database of Security Associations

17. Authentication Header (AH)  Provides support for data integrity & authentication of IP packets end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers  Based on use of a MAC  Parties must share a secret key

18. Authentication Header (AH)

19. Encapsulating Security Payload (ESP)

20. Whatsapp End-to-End Encryption Link encryption: data is visible to the server End-to-end encryption: data is encrypted in the server

21. Whatsapp End-to-End Encryption  New encryption system supports regular and group chats, images, videos, voice messages, files, and voice calls  At the center of this system is the new “Signal Protocol” developed by Open Whisper Systems  Even if a user’s key is physically compromised from a device, an attacker cannot decrypt previously encrypted messages

22. The Signal Protocol: Keys  Each user has three types of public keys: Long-term identity key generated at installation Medium-term key generated at installation and rotated periodically. The medium-term key is signed by the identity key One-time key: generated as needed  In addition, there are three types of session keys: Root key: 32-byte value used to create chain keys Chain key: 32-byte value used to create message keys Message key: 80-byte value used to encrypt messages. Out of these 80 bytes, 32 are used for AES 256, another 32 are used for HMAC-SHA256, and 16 bytes IV

23. The Signal Protocol: Operation  At registration time, the client sends the public identity key, public medium-term key (signed by the private identity key), and a set of one-time keys  The private keys are never sent  To chat with someone you need to establish a session (any open whatsapp chat is a session)  A session does not need to be re-established unless the app is re-installed

24. The Signal Protocol: Operation  To establish a session, the initiator requests the public keys of the recipient from the server (identity key, signed medium term key, and one of the stored one- time keys)  Once the server returns those keys, the initiator generates a new key and uses its own identity key in addition to the recipient’s public keys to calculate a master secret.  The master secret is then used to create a root key and a chain key (using an algorithm similar to Diffie Hellman)

25. The Signal Protocol: Operation  Now, the initiator can start sending messages to the recipient, even if he/she is offline  To establish the session at the receiving end, the initiator inserts all values necessary for the receiver to calculate the root and chain keys in the header of all messages  The receiver uses this information together with its own private keys to calculate the master secret  The master secret is used as input to the key-derivation function to calculate the root and chain keys

26. The Signal Protocol: Operation  Each message is encrypted with a message key that includes AES256 encryption and HMAC-SHA256 for integrity and authentication  Each time a new message needs to be sent, a new message key is derived from the chain key  The message key cannot be derived from the message  The chain key is also rotated every time a message is sent

27. The Signal Protocol: Special Functions  To transmit media, the sender first saves it in an encrypted cloud store  The sender then sends an encrypted pointer to the receiver to download the media  Group messages in whatsapp are disseminated using server-side fan out (message is copied N times)  Pairwise sessions are created between all members of the group  Each of these session has a different chain key used to create message keys  Thus, the sender encrypts the message N times (one for each member) and the server sends them  Calls are established using encrypted RTP