1 / 63

Carl A. Gunter University of Pennsylvania Summer 2004

Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice. Carl A. Gunter University of Pennsylvania Summer 2004. Public Key Infrastructure. Mutual authentication of participants in a transaction requires a system of identities

duante
Télécharger la présentation

Carl A. Gunter University of Pennsylvania Summer 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Security ArchitecturesPart 1 FundamentalsSummer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer 2004

  2. Public Key Infrastructure • Mutual authentication of participants in a transaction requires a system of identities • Principals are identified by public keys • These keys can be used for authentication, but only if “spoofing” is prevented • A Public Key Infrastructure (PKI) provides a basis for establishing trust

  3. PKI Systems • Three Philosophies • Hierarchy • ITU X.509 (DAP, PKIX) • DNS • Web of Trust • PGP • Ad hoc • SSH • Most research studies

  4. Subject Name Subject Public Key CA Name CA Signature X.509 Certificates X.509 certificates bind a subject to a public key. This binding is signed by a Certificate Authority (CA). Subject Name Subject Public Key CA Name CA Signature

  5. Joe Smith Subject Joe’s Key Subject’s Key Philly CA Issuer Philly CA Philly CA Key Pennsylvania CA Pennsylvania CA Pennsylvania CA Key USA CA Chaining

  6. Distribution: How to find a certificate Certificate accompanying signature or as part of a protocol Directory service DAP LDAP DNS Email Cut and paste from web pages Revocation: Terminate certificates before their expiration time. How does the relying party know that the certificate has been revoked? Many CRL distribution strategies proposed Mitre report for NIST suggests certificate revocation will be the largest maintenance cost for PKIs Certificate Management

  7. Semantics of CRL’s • Three certificates. • Q says P is the public key of Alice. • R says P is the public key of Alice. • Q says R is the public key of Bob. • Three kinds of revocation. • P is not the public key of Alice. (3 not 2.) • Q no longer vouches for whether P is the public key of Alice. (2 and 3.) • The key of Q has been compromised. (2 not 3.) Revoke 1998 Fox and LaMacchia

  8. Problems Revocation User ability to deal with keys Registration (challenge for all authentication techniques) Weak business model Areas of Progress SSL Authenticode SSH Smart cards for government employees Web services Adoption of PKI

  9. Challenges for Network Security • Sharing • Complexity • Scale • Unknown perimeter • Anonymity • Unknown paths

  10. Physical Link Network Transport Application Internet Layers

  11. Physical Locked doors Spread spectrum Tempest Link WEP GSM Network Firewalls IPSec Transport SSL and TLS Application S/MIME XMLDSIG and WS security Access control systems for web pages, databases, and file systems Security at Layers

  12. Network Layer Security HTTP FTP SMTP TCP IP/IPSec

  13. Transport Layer Security HTTP FTP SMTP SSL or TLS TCP IP

  14. Application Layer Security PGP SET S/MIME Kerberos SMTP HTTP TCP UDP IP

  15. Division of Labor in the Internet Hosts Routers Networks

  16. TCP/IP Protocol Stack Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link Physical Physical Physical Physical

  17. Communication Processing Flow App1 App2 App1 App2 Transport Transport Network Network Network Network Link Link Link Link Link Link Physical Phys Phys Phys Phys Physical

  18. Typical Patchwork App1 App2 App1 App2 Transport Transport Network Network Network Network Link Link Link Link Link Link Physical Phys Phys Phys Phys Physical

  19. Physical Layer Protection Issues • Hide signal • Spread spectrum • Emission security • Radio emissions (Tempest) • Power emissions

  20. Encapsulation Link Layer Frame IP TCP Application Link Link Network Layer Header Transport Layer Header Application Layer Payload

  21. One Hop Link Layer Encryption Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link Link Link

  22. Link Layer Encryption Encrypted IP TCP Application Link Link

  23. End-to-End Network Security Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link

  24. Network Layer Transport Mode IP TCP Application Link Link Encrypted IP Hdr TCP Application Tlr Link Link

  25. VPN Gateway Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link

  26. Network Layer Tunnel Mode IP TCP Application Link Link Encrypted New IP Hdr IP TCP Application Tlr Link Link

  27. Layer 3 Implementation Options • Location • Host • Network • Style • Integrated • Modular (for tunnel mode)

  28. Modular Implementation:Bump In The Stack (BITS) App1 App2 App1 App2 Transport Network Transport Security Network Net + Sec Network Link Link Link Link

  29. Modular Implementation:Bump In The Wire (BITW) App1 App2 App1 App2 Transport Security Security Transport Network Network Network Network Link Link Link Link

  30. Implementation Options:Integrated on Host App1 App2 App1 App2 Transport Transport Net + Sec Network Network Net + Sec Link Link Link Link

  31. Implementation Options:Integrated on Router App1 App2 App1 App2 Transport Transport Network Net + Sec Net + Sec Network Link Link Link Link

  32. Network Security Location Options Application Application End-to-End Transport Transport Transport Network Network Network Network Link Link Link Link Application Application Transport Transport Voluntary Tunnel Network Network Network Network Link Link Link Link Application Application Transport Transport Involuntary Tunnel Network Network Network Network Link Link Link Link

  33. Transport Layer Security Host Router Router Host Application Application Transport Transport Network Network Network Network Link Link Link Link

  34. Transport Layer Encryption IP TCP Application Link Link Encrypted IP TCP RH Application Link Link IP TCP App Link Link

  35. Message Processing Sequence App1 App2 App1 App2 App2 Sec App2 Sec Transport Transport Network Network Network Network Link Link Link Link

  36. IP TCP Application Link Link Application Layer Security Encrypted IP Key ID TCP Application Link Link

  37. Link Layer Security • Advantages: • Transparent to applications • Hardware solution possible • Can address especially vulnerable links (viz. wireless) • Disadvantages: • Hop-by-hop protection causes multiple applications of crypto operations • May not provide end to end security

  38. Network Layer Security • Advantages • Transparent to applications • Amenable to hardware • Flexible • Disadvantages • Makes routing more complex • Flexibility introduces policy management and compatibility challenges

  39. Transport Layer Security • Advantages • Transparent to applications and may be packaged with applications • Exposing TCP enables compression and QoS classification • Disadvantages • Probably implemented in software • Exposing TCP risks DoS

  40. Application Layer Security • Advantages • Customized to application • Requires no special protocol stack (transparent to networking) • Disadvantages: • Hard to share between applications (viz. standardization challenge)

  41. Protocols to Software • There are important differences between theoretical descriptions, standards and software • Evolution (versions, extensibility) • Interoperability (options, negotiation) • Error modes • Two brief case studies • Transport Layer Security (TLS) • Network layer security (Ipsec)

  42. Secure Socket Layer (SSL) • Session protocol with: • Server authentication • Client authentication optional • Integrity checksum • Confidentiality • Possibly the most important security-related ecommerce protocol • Session sets up security parameters • Many connections possible within a given session • Current version TLS 1.0 http://www.ietf.org/rfc/rfc2246.txt

  43. X.509 Key Est. Messages • Let DA = EB(k), rA, LA, A. • Let DB = rB, LB, rA, A • Two messages: • A -> B : certA, DA, SA(DA) Check that the nonce rA has not been seen, and is not expired according to LA. Remember it for its lifetime LA. • B -> A : certB, DB, SB(DB) Check the rA and A. Check that rB has not been seen and is not expired according to LB.

  44. Establish Security Capabilities Client Server Client Hello Time Server Hello

  45. Server Key Exchange Server Hello Done Certificate Request Certificate Server Auth & Key Exchange Client Server Time Optional

  46. Client Auth & Key Exchange Client Server Time Certificate Client Key Exchange Optional Certificate Verification Optional

  47. Client Auth & Key Exchange Client Server Change Cipher Spec Time Finish Change Cipher Spec Finish

  48. Modes Tunnel Transport Protocols Authenticated Header (AH) Encapsulated Security Payload (ESP) Configurations End-to-end Concatenated Nested Principal elements Security Associations (SAD) Internet Key Exchange (IKE) Policy (SPD) IPsec

  49. Typical Case S Client Internet G ESP S ESP Gateway Corporate Network S Server

  50. Encapsulated Security Header and Trailer 0-7 8-15 16-23 23-31 Security Parameter Index (SPI) Sequence Number Initialization Vector Protected Data Pad Pad Length Next Header Authentication Data

More Related