Tải bản đầy đủ

Lecture Network security: Chapter 30 - Dr. Munam Ali Shah

Network Security
Lecture 30

Presented by: Dr. Munam Ali Shah

Part 3
Internet Security
(Last lecture of last Part)

Summary of the Previous Lecture
We had a discussion about following topics

Email Security
Pretty Good Privacy
4 Why PGP is famous

4 PGP Operating
4 Message generation
4 Message Reception
Internet Mail Architecture
4 Email Threats

Outlines of today’s lecture
■ Secure Socket Layer (SSL)







Record Protocol Service


Record Protocol operation

■ Three SSL-specific protocols that use the SSL Record


SSL Change Cipher Spec Protocol


Alert Protocol


Handshake Protocol

■ Integrating SSL/TLS with HTTP


■ You would be able to present an understanding of how

web security is achieved through different protocols.
■ You would be able demonstrate knowledge about SSH,

Web Security
■ Web now widely used by business, government,

■ but Internet & Web are vulnerable
■ have a variety of threats
● integrity
● confidentiality
● denial of service
● authentication
■ need added security mechanisms

Web Traffic Security Approaches

A number of approaches to providing Web security are possible. The various
approaches that have been considered are similar in the services they provide and,
to some extent, in the mechanisms that they use, but they differ with respect to their
scope of applicability and their relative location within the TCP/IP protocol stack.

SSL (Secure Socket Layer)

Transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard known as TLS
(Transport Layer Security)
■ uses TCP to provide a reliable end-to-end service
■ SSL has two layers of protocols

SSL Architecture

The SSL Record Protocol provides basic security services to various higherlayer protocols. In particular, the Hypertext Transfer Protocol (HTTP), which
provides the transfer service for Web client/server interaction, can operate on
top of SSL.
Three higher-layer protocols are also defined as part of SSL: the Handshake
Protocol, Change Cipher Spec Protocol, and Alert Protocol. These SSL-specific
protocols are used in the management of SSL exchanges.

SSL Architecture
Ø SSL connection

transient, peer-to-peer, communications link
l associated with 1 SSL session
Ø SSL session
l an association between client & server
l created by the Handshake Protocol
l define a set of cryptographic parameters
l may be shared by multiple SSL connections

SSL Record Protocol Services
■ confidentiality

using symmetric encryption with a shared secret key
defined by Handshake Protocol
● AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza,
RC4-40, RC4-128
● message is compressed before encryption
■ message integrity
● using a MAC with shared secret key
● similar to HMAC but with different padding

SSL Record Protocol Operation

The Record Protocol takes an application message to be transmitted, fragments the
data into manageable blocks, optionally compresses the data, computes and appends
a MAC (using a hash very similar to HMAC), encrypts (using one of the symmetric
algorithms listed on the previous slide), adds a header (with details of the SSL content
type, major/minor version, and compressed length), and transmits the resulting unit in
a TCP segment. Received data are decrypted, verified, decompressed, and
reassembled and then delivered to higher-layer applications

SSL Change Cipher Spec Protocol
■ One of 3 SSL specific protocols which use the SSL

Record protocol
■ a single message
■ causes pending state to become current
■ hence updating the cipher suite in use

SSL Alert Protocol
Ø conveys SSL-related alerts to peer entity
Ø severity
4 warning

or fatal

Ø specific alert
4 fatal:

unexpected message, bad record mac,
decompression failure, handshake failure, illegal
4 warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked,
certificate expired, certificate unknown
Ø compressed & encrypted like all SSL data

SSL Handshake Protocol

allows server & client to:
l authenticate each other
l to negotiate encryption & MAC algorithms
l to negotiate cryptographic keys to be used
Ø comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish


TLS (Transport Layer Security)
■ IETF standard RFC 2246 similar to SSLv3
■ with minor differences

in record format version number
uses HMAC for MAC
a pseudo-random function expands secrets
4 based on HMAC using SHA-1 or MD5
has additional alert codes
some changes in supported ciphers
changes in certificate types & negotiations
changes in crypto computations & padding

Integrating SSL/TLS with HTTP
■ Two complications




Web proxies
■ solution: browser sends
corporate network
■ CONNECT domain-name
■ before client-hello (dropped by proxy)
Virtual hosting:
■ two sites hosted at same IP address.



■ solution in TLS 1.1 (RFC 4366)
■ client_hello_extension: server_name=cnn.com server-cert ???
■ implemented in FF2 and IE7 (vista)


Why is HTTPS not used for all web traffic?
• Slows down web servers
• Breaks Internet caching

ISPs cannot cache HTTPS traffic
Results in increased traffic at web site

• Incompatible with virtual hosting (older browsers)


The lock icon:

SSL indicator

■ Intended goal:

Provide user with identity of page origin
Indicate to user that page contents were not
viewed or modified by a network attacker

■ In reality:

Origin ID is not always helpful
4 example: Stanford HR is hosted at
Many other problems

When is the (basic) lock icon displayed

• All elements on the page fetched using HTTPS

(with some exceptions)

• For all elements:

HTTPS cert issued by a CA trusted by browser

HTTPS cert is valid (e.g. not expired)

CommonName in cert matches domain in URL

The lock UI:

■ IE7:

help users authenticate site

The lock UI:
■ Firefox 3:

help users authenticate site

(no SSL)


The lock UI:

help users authenticate site

■ Firefox 3: clicking on bottom lock icon gives

The lock UI: Extended Validation (EV) Certs
• Harder to obtain than regular certs

requires human lawyer at CA to approve cert request

• Designed for banks and large e-commerce sites

• Helps block “semantic attacks”:


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay