1 / 24

SSH / SSL

SSH / SSL. Supplementary material. Secure Shell (SSH). One of the primary goals of the ARPANET was remote access Several different connections allowed rlogin rcp rsh All data was unencrypted This was a different world than exists today. SSH.

elijah-harrington
Télécharger la présentation

SSH / SSL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSH / SSL Supplementary material

  2. Secure Shell (SSH) • One of the primary goals of the ARPANET was remote access • Several different connections allowed • rlogin • rcp • rsh • All data was unencrypted • This was a different world than exists today.

  3. SSH • SSH is a UNIX-based command interface and protocol for securely accessing a remote computer • Suite of four utilities—slogin, ssh, sftp, and scp • Can protect against: • IP spoofing • DNS spoofing • Intercepting information

  4. SSH Objectives • Protect data sent over the network • Negotiate an encryption algorithm between sender and receiver • Use that algorithm and a session key to encrypt / decrypt data sent • Provide site authentication • Use public key / fingerprint to ensure identity of remote host. • Relies on locally generated keys, so no certifying authority is generally available.

  5. SSH CommunicationsUsing password SSH Server SSH Client SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) OK S_key(Uname,pwd) OK S_key(data)

  6. SSH Wire Shark Trace

  7. SSH CommunicationsUsing Public Key • Problems with Password Authentication • Passwords can be guessed. • Default allows multiple attempts against account • Only 1 account / password needs to be guessed • Alternate approach is to use public / private keys to authenticate user • Public Key Authentication • Create public / private keypair • Ensure that private • Upload public key to server user account: ~.ssh/authorized_keys • ssh –o PreferredAuthentications=publickey server.example.org

  8. SSH CommunicationsUsing Public Key SSH Server SSH Client SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) OK S_key(Uname) Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random) OK S_key(data)

  9. SSH Tunneling • Use SSH to create an encrypted channel between remote host and server • Use that encrypted channel to carry other traffic. LAN www access Internet Web Server 192.168.1.10 Local port 12345 SSH Tunnel

  10. SSH Tunneling ssh –L 12345:192.168.1.10:80 –l root homenet.net

  11. SSH Tunneling

  12. Secure Copy (scp) • Allows encrypted transfer of files between machines • Download files from server: • scp user@server.net:myfile1.txt myfile1.txt • user@server.net’s password: xxxxx • Upload files to server • Scp myfile.txt user@server.net:myfile.txt • user@server.net’s password: xxxxx

  13. SSH Passwordless Login • On remote client: • Create key pair. Store in .ssh subdirectory • On ssh server: • Modify sshd_config to allow shosts based authentication • Create .shosts file in user’s subdirectory • Copy public key from remote client to .ssh subdirectory/authorized_keys

  14. SSH Passwordless Login SSH Server SSH Client SSH2? SSH2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) OK S_key(Uname) Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random) OK S_key(data)

  15. SecureSockets Layer (SSL)Transport Layer Security (TLS) • Originally developed by Netscape to support encrypted access to web servers. • SSL v3 released 1996. • Served as the basis for IETF standard TLS (1999) • Used by major financial institutions for secure commerce over the Internet • Early problem with weak keys resolved with longer (128-bit) keys

  16. SSL / TLS Application (www) SSL / TLS TCP IP

  17. SSL/TLS Handshake SSL Server SSL Client Client hello Ciphers I have Server Hello Cipher I choose Server certificate (S_Pub) S_Pub(Session_key) OK Session_key(data) OK

  18. SSL/TLS Security • Depends on integrity of public key certificate • Public Key Infrastructure (PKI) • Components necessary to securely distribute public keys • Certificate Authorities: Organizations that certify the relationship between a public key and its owner. • Verisign,Thawte

  19. SSL/TLS Implementations • SSL v2 – Still in use • SSL v3 – Most widely deployed • TLS v1 – Starting Deployment • OpenSSL – Linux/UNIX toolkit that supports all 3 protocols listed above. • Private Communication Technology (PCT) • Developed by Microsoft • Compatible with SSL v2 • Versions are not completely compatible

  20. SSL/TLS Vulnerability • SSL/TLS supports the concept of session renegotiation due to errors, requests, etc. • This feature assumes that the renegotiation is with the original party, and any requests or messages transmitted before the renegotiation are combined (pre-pended) with the requests after renegotiation • This behavior can be abused to allow man-in-the-middle attacks • Demonstrated with https, but the vulnerability exists with any application that uses SSL/TLS

  21. SSL/TLS Vulnerability Client MITM Server TLS handshake session #1 TLS handshake session #2 GET /ebanking/paymemoney.cgi? Acc=LU00000000?amount=1000 Ignore-what-comes-now; Trigger renegotiation X TLS handshake session #1 continued within the encrypted session #2 Server receives: GET /ebanking/paymemoney.cgi? Acc=LU00000000?amount=1000 Ignore-what-comes-now; GET /ebanking/ Cookie: AS2398648756083745 Client has authenticated session At app layer (with cookie) GET /ebanking/ Cookie: AS2398648756083745

  22. References SSH SSH Tutorial (http://www.suso.org/docs/shell/ssh.sdf) www.openssh.org UNIX Secure Shell – Carasik – McGraw-Hill, 1999 SSH Agent Forwarding (unixwiz.net/techtips/ssh-agent-forwarding.html) SSL www.openSSL.org RFCs – 2246, 3546 SSL Authentication Gap (SSL Gap) (http://www.phonefactor.com/sslgap ) TLS/SSL renegotiation vulnerability explained (http://www.g-sec.lu/practicaltls.pdf ) 22

  23. SSH RFCs • 4250 The Secure Shell (SSH) Protocol Assigned Numbers. • S. Lehtinen, C. Lonvick, Ed.. January 2006. (Format: TXT=44010 bytes) • (Status: PROPOSED STANDARD) • 4251 The Secure Shell (SSH) Protocol Architecture. • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=71750 bytes) • (Status: PROPOSED STANDARD) • 4252 The Secure Shell (SSH) Authentication Protocol. • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=34268 bytes) • (Status: PROPOSED STANDARD) • 4253 The Secure Shell (SSH) Transport Layer Protocol. • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=68263 bytes) • (Status: PROPOSED STANDARD) • 4254 The Secure Shell (SSH) Connection Protocol. • T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=50338 bytes) • (Status: PROPOSED STANDARD) • 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. • J. Schlyter, W. Griffin. January 2006. (Format: TXT=18399 bytes) • (Status: PROPOSED STANDARD) • 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). • F. Cusack, M. Forssen. January 2006. (Format: TXT=24728 bytes) • (Status: PROPOSED STANDARD) • 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. • M. Bellare, T. Kohno, C. Namprempre. January 2006. (Format: TXT=27521 bytes) • (Status: PROPOSED STANDARD) • 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. • M. Friedl, N. Provos, W. Simpson. March 2006. (Format: TXT=18356 bytes) • (Status: PROPOSED STANDARD) • 4716 The Secure Shell (SSH) Public Key File Format • . J. Galbraith, R. Thayer. November 2006. (Format: TXT=18395 bytes) • (Status: INFORMATIONAL) • 4819 Secure Shell Public Key Subsystem. • J. Galbraith, J. Van Dyke, J. Bright. March 2007. (Format: TXT=32794 bytes) • (Status: PROPOSED STANDARD)

  24. Summary • SSH • Supports secure remote access to hosts • SSH – secure shell • SCP – secure copy • SFTP – secure file transfer • SSL • Provides a framework for incorporating secure communications into applications • Uses strong cryptography • Can rely on PKI for reliable sharing of public keys

More Related