[Intro. to Computer Security Course Note] Ch 22

Posted on Edited on Views: Word count in article: 6.7k Reading time ≈ 6 mins.

Ch22. Internet Security Protocols and Standards

Secure E-mail

MIME S/MIME
Extension to the old RFC 822 specification of an Internet mail format
- RFC 822 defines a simple heading with To, From, Subject
- Assu,es ASCII text format		 Secure/Multipurpose Internet Mail Extension
Based on RSA
Provides the ability to sign and/or encrypt e-mail messages

Typical S/MIME Process for Creating an S/MIME Message

S/MIME Functions

  • Enveloped data
    • Encrypted content and associated keys
  • Signed data
    • Encoded message + signed digest
  • Clear-signed data
    • Cleartext message + signed digest
  • Signed and enveloped data
    • Nesting of signed and encrypted entities

Enveloped Data Using Public-key Infrastructure

  • M -> 3DES(M) -> X + 3DES(M) -> ELGamal(X + 3DES(M))
    • M: message
    • X: a session encryption key
    • User recipient’s ELGamal’s public key to encrypt X + 3DES(M)
    • ELGamal is based no the Diffie-Hellman public-key exchange algorithm
  • Radix-64 is used to convert the ciphertext to ACSII format
  • Basic tool that permits widespread use of S/MIME is the public-key certificate
  • S/MIMNE uses certificates that conform to the international standard X.509.3

Signed and Clear-signed Data

  • Signed data -> Base64(content + sig)
  • Clear-signed data -> content + Base674(sig)
  • DSS(SHA-1(MEssage), DSS-private-key)
  • RSA(SHA-1/MD5(Message), RSA-private-key)
  • Radix-64 or Base64 mapping is used to map the signature and message into printable ASCII characters

DomainKeys Identified Mail (DKIM)

  • A specification of cryptographically signing e-mail messages
  • A proposed Internet standard

Internet Mail Architecture

  • User world: MUA
  • Transfer world: MHS
    • Composed of MTAs

Why DKIM

  • An email authentication technique that is transparent to the end user
  • Reasons
    • S/MIME depends on both the sending and receiving users employing S/MIME
      • But, the bulk of incoming mail does not use S/MIME
      • S/MIME signs only the message content
        • Header information concerning origin can be compromised
      • Applied to all mail from cooperating domains
      • Preventing forgers from masquerading as good senders

Simple Example of DKIM Deployment

  • DNS = domain name system
  • MDA = mail delivery agent
  • MSA = mail submission agent
  • MTA = message transfer agent
  • MUA = message user agent

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

  • Secure Socket Layer (SSL)
    • One of the most widely used security services
  • Transport Layer Security (TLS)
    • Becoming Internet standard RFC4346
    • General-purpose service: as a set of protocols that rely on TCP
    • Two implementation choices
      • As part of the underlying protocol suite: transparent to apps
      • Be embedded in specific packages: e.g., most browsers come equipped with SSL

SSL/TLS Protocol Stack

TLS Concepts

  • TLS Connection
    • A transport (in the OSI layering model definition) that provides a suitable type of service
    • Peer-to-peer relationships
    • Transient (暫時的)
    • Every connection is associated with one session
  • TLS Session
    • An association between a client and a server
    • Created by the handshake protocol
    • Define a set of cryptographic security parameters
    • Used to avoid the expensive negotiation of new security parameters for each connection

TLS Record Protocol Operation

Handshake Protocol

  • TLS 最複雜的部份
  • Is used before any application data are transmitted
  • Authenticate each other -> Negotiate encryption and MAC algorithms -> Negotiate cyrptographic keys to be used
  • Exchanges has four phases

Handshake Protocol Action 1 (phase 1 & 2)

Handshake Protocol Action 2 (phase 3 & 4)

ClientHello (RFC)

1
2
3
4
5
6
7
struct {
   ProtocolVersion client_version;
   Random random;
   SessionID session_id;
   CipherSuite cipher_suites <2..2^16-2>;
   CompressionMethod compression_methods <1..2^8-1>;
} ClientHello;

ServerHello (RFC)

1
2
3
4
5
6
7
struct {
   ProtocolVersion server_version;
   Random random;
   SessionID session_id;
   CipherSuite cipher_suite;
   CompressionMethod compression_method;
} ServerHello;

Four TLS specific protocols

  • Change Cipher Spec Protocol
    • One of four TLS specific protocols that use the TLS Record Protocol
    • Simplest
    • Consists of a single message which consists of a single byte with the value 1
    • Sole purpose of this message is to cause pending state to be copied into the current state
    • Hence updating the cipher suite in use
  • Alert Protocol
    • Two bytes
      • 1^st^ byte: warning (1), fatal (2)
        • For fatal, TLS implementation terminates the TLS connection
        • For other TLS connections using the same TSL session, they may continue, but no new TLS connections may be established
      • 2^nd^: specific alert code (RFC5246-appendix)
        • close_notify(0), unexpected_message(10), etc
  • Heartbeat Protocol
    • A periodic signal generated to indicate normal operation or to synchronize other parts of a system
    • Typically used to monitor the availability of a protocol entity
    • Runs on top of the TLS Record Protocol
    • Established during phase 1 of the handshake protocol
    • Each peer indicated whether it supports heartbeats
    • Serves two purposes:
    • Assures the sender that the recipient is still alive
    • Generates activity across the connection during idle periods

SSL/TLS Attacks

The Heartbleed Exploit (Source: BAE Systems)

HTTPS (HTTP over SSL/TLS)

  • Secure communication between a Web browser and a Web server
  • Build into all modern Web browsers
    • Search engines do not support HTTPS
  • Connection initiation and closure
    • HTTP client act as TLS client
    • TLS handshake -> HTTP request
    • Three levels: HTTP, TLS session, TCP

IPSec v.s. SSL/TLS

Applications of IPSec

  • Secure branch office connectivity over the Internet
  • Secure remote access over the Internet
  • Establishing extranet and internet connectivity with partners
  • Enhancing electronic commerce security

Benefits of IPSec

  • Strong security
  • Resistant to bypass at a firewall
  • Transparent to apps
    • No need to change software
  • Transparent to end user
    • No need to train users on security mechanisms
  • Routing apps: prevent attackers from disrupting communications or diverting some traffic
    • A router advertisement from an authorized router
    • A neighbor advertisement from an authorized router
    • A redirect message from the router to which the initial packet was sent
    • A routing update is nor forged
  • The Scope of IPSec
    • Two main functions
      • Encapsulating Security Payload (ESP): a combined authentication/encryption function
      • A key exchange function
    • VPN: both authentication and encryption are generally desired
    • Authentication Header (AH): authentication-only function (deprecated)

Security Associations

  • A key concept of IPSec
    • One-way relationship between a sender and a receiver
    • Two-way secure exchange: two SAs are required
  • Uniquely identified by three parameters
    • Security parameter index (SPI)
    • IP destination address
    • Protocol identifier: AH or ESP
  • Characterized by the following parameters
    • Sequence number counter: 32-bit
    • Sequence counter overflow: A flag -> whether overflow -> an auditable event
    • Antireplay window: defining a sliding window
    • AH information
      • Algorithm, keys, key lifetimes
    • ESP information
      • Algorithm, keys, init values, key lifetimes
    • Lifetime of this security association
    • IPSec protocol mode: tunnel or transport
    • Path MTU

Two IPSec Operation Modes

  • Transport and tunnel modes
  • Transport Mode Tunnel Mode
    Provides protection to the payload of an IP packet
    Typically used for end-to-end communication __between two hosts__
    ESP protects the __IP payload__ but not the IP header    		 Provides protection to the __entire IP packet__
    Entire original packet travels through a tunnel from one point to another
    Used when one or both ends of a security association are a security gateway
    Hosts on networks behind firewalls may engage in secure communications without implementing IPSec

Encapsulating Security Payload

  • Providing authentication and confidentiality services

IPSec: AH + ESP

  • IP AH only
  • IP AH + ESP
    • Transport mode
    • Tunnel mode

IPv4 and IPv6 Security