8 authentication security protocols

8 Authentication/Security Protocols

Dr. Stephan [email protected]

Applied IT Security

Applied Cryptography


• Applied Cryptography

• System Security

• Firewalls and Intrusion Detection Systems

• Authentication Protocols

• Encryption and digital Signatures in topical Applications

• Public Key Infrastructures

• Security Threats on Networks

• Overview & Basics• Network Protocols and the Internet

• Operating Systems and Applications

• Software Development & IT Security

• Use of Cryptographic Libraries and Devices

• Building Secure IT Systems

• The Future of IT Security

• Operating System Security


Today

• Applied Cryptography

• System Security

• Firewalls and Intrusion Detection Systems

• Authentication Protocols

• Encryption and digital Signatures in topical Applications

• Public Key Infrastructures

• Security Threats on Networks

• Overview & Basics• Network Protocols and the Internet

• Operating Systems and Applications

• Software Development & IT Security

• Use of Cryptographic Libraries and Devices

• Building Secure IT Systems

• The Future of IT Security

• Operating System Security


Overview Authentication and Security Protocols

• Application Layer Security

• SSL / TLS / HTTPS / SSH / SMIME

• SSL in Detail

• Network and Transport Layer Security• Virtual Private Networks

• IPSec

• Internet Key Exchange

• Wireless Protocol Security• Wireless Security Protocols

• Bluetooth Security

• UMTS Security

• Example: Apache and SSL


Protocol Layers

Data Link Layer

Transport Layer

Network Layer

Application Layer

Ethernet, Token Ring, ATM, PPP, GPRS

Package Transmission onphysical media

Routing, Adressing of packages

Connetion-oriented, connectionlesstransport service for applications

Internet Protocol (IP)

Transmission Control Protocol (TCP), UDP, ICMP (Internet Control Message Protocol) for debugging

Services for applications (E-Mailclients and server, WWW-Server),name resolution (DNS)

SMTP, HTTP, SNMP, FTP, SOAP, etc.

SOCKET INTERFACESSL/TLS

IPSec Transport Layer

IPSec Network Layer (Tunnel)

L2TP, PPTP

WEP, EAP


Network Layer Security (Tunnel)

Data Link Layer

Transport Layer

SecurityenhancedNetwork

Layer

Application Layer

Data Link Layer

Transport Layer

Application LayerApplication Data

Transport Payload

Network Payload in a Secure Tunnel

Data Link Payload

SecurityenhancedNetwork

Layer

Protected communication in an open network between securesystems e.g. firewalls, router

•


Transport Layer Security

Data Link Layer

Securityenhanced

Transport Layer

NetworkLayer

Application Layer

Data Link Layer

Securityenhanced

Transport Layer

Application LayerApplication Data

Secured Packet Transport

Network Payload

Data Link Payload

Communication inside a secure network with protectedtransport payload (AH or ESP)

•

NetworkLayer


Virtual Private Networks (VPN)

A process called „Tunneling“ enables the virtual part of a VPN. There are two tunneling protocols:

PPTP Point to Point Tunneling Protocol

L2TP Layer 2 Tunneling Protocol

•

The basic VPN functionality is the provision of authentication, access control, confidentiality and data integrity

•

IPSec security services keep the VPN (transport, network)payload private (optionally), integer and authenticated:

IPSec AH Authentification Header

IPSec ESP Encapsulating Security Payload

•


IPSec

IPSecHeader

Original Packet (AH, optionally kept secret with ESP)

IP Header

TCP/UDP Header

ApplicationProtocol

IP Header

• Tunnel Mode (Network Layer Security)

IPSecHeader

Original Packet (AH, optionally kept secret with ESP)

TCP/UDP Header

ApplicationProtocol

IP Header

• Transport Mode (Transport Layer Security)


Tunneling

L2TP/PPTP Header

IP Header

ApplicationData

Layer 2 Media

Header

• Tunneling with L2TP or PPTP

Original Packet

• Combination of IPSec and L2TP

TCP/UDP Header

L2TP/PPTP Header

IP Header

ApplicationData

Layer 2 Media

Header

IPSecHeader

IP Header

TCP/UDP Header

Original Packet


IPSec Network View

IPSec Host

•Physical NWI (Network Interface)

•Logical NWI with IPSec IP inside VPN

IPSec Gateway

•Physical NWI, IP known in INTERNET•Logical NWI inside VPN•Physical NWI with IP known in LAN

Company LAN

INTERNET


Internet Key Exchange (IKE)

IKE is the alternative to manual key configuartion to … :

… agree between the communicating parties on protocols, algorithms and keys.

… ensure talking to the right person (authentication).

… secure key management and exchange

•

IKE = Security Association (SA)+Key Management Protocol (KMP)•

KMP can be done in …

… main mode i.e. DH-agreement with identity and nonces, keyderivation (deriv., auth., enc.) and identity prooving

… aggressive mode i.e. main mode without DH identity protection

… quick mode inside a SA

•


Application Layer Security

Data Link Layer

Transport Layer

NetworkLayer

Application Layer

Data Link Layer

Transport Layer

Application Layer

Authenticated and privacy protected Application Data

Transport Payload

Network Payload

Data Link Payload

Communication on application level is secured by cryptography•

NetworkLayer

SSL/TLS/SSH SSL/TLS/SSH


Overview

HTTPS: HTTP over TLS/SSL•

TLS: Transport Layer Security eq. SSL (SSL 3.0 = TLS 1.0)•

SSL: Secure Socket Layer = Application level security built on the socket interface to support security in ftp, telnet, http, etc.

•

SSH: Secure Shell supports authenticated and encrypted remotesystem logins also based on the socket interface (it´s a programand a protocol)

•

SMIME: Secure MIME (Multipurpose Internet Mail Extensions ) format for secure email exchange based on PKCS#7

•


SSL History

SSL V3.0 (1995)

• Bugfixes and new crypto algorithms

• Unlimited key length

SSL V1.0 (1993)

• Security on application level

• Developed by Netscape

SSL V3.1 TLS V1.0 (1999)

• Authentic mode only with message digest and without encryption

SSL V2.0 (1994)

• First implementation in Netscape Navigator

• Limitation on 40 bit keys


SSL HandshakeServerClient

Client Hello (ID, RND1, CipherSuite)

Server Hello (ID, RND2, CipherSuite)

Certificate

Certificate Request

Hello Done

ClientKeyExchange ( )Enc PubKey Server

Certificate

Certificate Verify ( )Enc PrivKey Client

ChangeCiperSpec/Finished ( )Enc SessionKey

ChangeCiperSpec/Finished (Enc SessionKey)


SSL Communication

SSL Record Layer

• Complete division of SSL Handshake and Record Layer Communication

• Record Layer provides encrypted communication (handshake keys!)

• Integrity of data is ensured by adding message digest

• Sequence counters ensure connection orientation on SSL level

• Fragmentation support for encrypted SSL records

• Bandwith reduction due to compression in SSL records


Programming with SSL-Sockets

Server side :

Step 1-3 is like the client side without connect()

Client side :

2. Open socket socket() and connect to server connect()

3. Connect Unix socket and SSL data SSL_ste_fd()

5. Write and read data on SSL socket SSL_write(), SSL_read()

4. Start SSL handshake with SSL_connect()

1. Define socket parameters in SSL_struct

4. Wait on client request listen() and accept it accept()

5. Read the private server key SSL_use_RSAPrivateKey()

6. Select the server certificate again with SSL_use_RSAPrivateKey()

7. After SSL_connect() read and write data to client


Resistance of SSL against Attacks

IP Spoofing

Replay attack

Man-in-the-Middle attack

Encrypted sequence numbers in SSL record layer prevent replayof „old“ SSL-Records.

•

Random numbers inside SSL handshake prevent replay of handshake

•

Dynamic key agreement via challenge response technique in SSL handshake

•

IP packages with faked source IP can not be prevented, becauseSSL provides no security for the network and the transport layer

•


Security in Wireless Protocols

WEP (Wired Equivalent Privacy) and EAP (Extensible AuthenticationProtocol) security in Wireless LANs according to IEEE 802.1x

Bluetooth security architecture (three secure modes), authentification/key negotiation and encryption

•

•

General Security Aspects in Wireless LANs according to IEEE 802.1x•


General WLAN Security Aspects

Denial of service attacks based on jamming in the 2.4 GHz band orthe 5 GHz band are possible

•

Wireless LAN access point detection (war driving) via Netstumbler/ Ministumbler or SSIDsniff; sniffing via CENiffer, Kismet, Ethereal

•

Secure Configuration:

Don´t use default SSID (Service Set Identifier i.e. WLAN Name)

Enable Hidden SSID (connection only with clients knowing SSID)

Limit access only to certain MACs (be careful MAC can be faked!)

Enable WEP and use EAP authentication

•


Wired Equivalent Privacy (WEP)

WEP defines a simple stream cipher based on an RC4 pseudorandom generator seeded by an initialisation vector and the key.

•

Wired Equivalent Privacy (WEP) is defined in IEEE 802.11Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Spec.

•

WEP weaknesses have been announced by Fluhrer, Mantin and Shamir in 2001; meanwhile cracks are available (Airsnort, WEPCrack) based on:

IV is first transmitted as plain text and only 24 bit (after224 packets the key is repeated simple crypto analysisbased on autocorrelation)

Seed must not be used twice, which is often practiced, because of repetition of IV or using 0 as IV for the firstpacket

•


Extensible Authentication Protocol (EAP)

RFC 2284 defines the PPP Extensible Authentication Protocol (EAP) for embedding authentication in other protocols like WEP.

•

There are different ways for authentication:

EAP-MD5 provides a username, password authentication, not advisable with the weaknesses of WEP encryption

EAP-TLS uses an asymmetric challenge-responseauthentication based on X.509 certificates

EAP-TLS SSL-Handshake without client certificatetransmission

EAP-SIM authentication based on mobile phones SIM (Subscriber Identity Module)

•


Bluetooth Security

Bluetooth defines three modes Non Secure, Service Level EnforcedSecurity and Link Level Enforced Security and offers authenticationand encryption services.

•

Bluetooth symmetric authentication steps:

1. Link Key negotiation based on Unit Key (fixed) or Combination Key

2. Challenge-response system authentication based on Link Key

3. Encryption key derivation based on Link Key, random numberand a Ciphering Offset

•

Bluetooth encryption is based on a non „state of the art“ streamchipher using linear feedback shift registers (LFSR) with max. 128bit key length.

•


Concerns on Bluetooth Security

Usage of fixed Unit Key for authentication and key derivationcauses security problems and narrows variety of authenticationand encryption keys.

•

The quality of the pseudo random number generators can be veryweak concerning different implementations.

•

Cryptanalysis already reduced the complexity of the used streamcipher from 2128 (Brute Force) to 266.

•

Security depends on the knowledge of one PIN (personal identification number), because the random challenge and bluetooth adresses are known.

•

8 authentication security protocols

Technology

security protocols network

security security threats

l2tp layer

vpn transport

applications system

security building secure

security applied cryptography

secure network