Security in communications and
networks
PV018
Vašek Matyáš
Typical Security Requirements
ˇ Authentication: originator's identity assured.
ˇ Integrity: information received as originated.
ˇ Confidentiality: information available only to authorized
parties.
ˇ Availability: data & resources available when needed.
ˇ Non-repudiation: party cannot deny communication
(origin, receipt, delivery, etc.).
ˇ Access Control: resources controlled by authorized parties.
Major security enablers ­ critical
(infrastructure) applications
ˇ Kerberos
ˇ Public-key crypto based ­ certificates,
typically X.509 ­ SSH, SSL/TLS
ˇ Shared-key crypto based ­ symmetric key
ciphers, hash functions
Kerberos
ˇ Greek mythology ­ guardian to the entrance of
Hades (master of the Underground)
ˇ MIT project Athena ­ MIT's UNIX-based campus-
wide academic computing facility
Kerberos ­ threat model
ˇ Users reading messages of other users
ˇ Users replaying messages of other users
ˇ Users altering a workstation network address
ˇ Users impersonating themselves
Kerberos ­ approach
ˇ Centralised authentication server
authenticating both users and machines
ˇ Using symmetric-key techniques, no
public-key techniques
Kerberos
ˇ Trusted third-party authentication service
ˇ Key Distribution Center (KDC) grants
authentication tokens ("tickets") to users
­ Trusted, dedicated machine
ˇ Applications can use Kerberos for:
­ Data authentication
­ Data integrity
­ Data confidentiality
Kerberos ­ simple authentication
ˇ C  AS: IDC || PC || IDV
ˇ AS  C: Ticket
ˇ C  V: IDC || Ticket
Ticket = EKv (IDC || PC || IDV)
Kerberos Tickets
ˇ Ticket-Granting-Ticket
­ Used to obtain further tickets
­ Requires password or additional authentication from
user
­ Lifetime in hours
ˇ Service Tickets
­ Issued to user from KDC
­ User can not decrypt ticket
­ User passes ticket to authenticate to server
Kerberos used for applications
ˇ telnet, rlogin, rcp, FTP, etc.
ˇ Use Kerberos Protocol to exchange
authentication information
ˇ Client application uses Ticket-Granting-
Ticket to obtain service tickets from KDC
ˇ May use session key to encrypt data
checksums (data integrity) or encrypt data
(data confidentiality)
Kerberos Tickets (Credentials)
ˇ Partly encrypted data structures
­ client ID
­ server ID
­ timestamp
­ session key
­ encrypted part (session key, client info, timestamp)
ˇ Passed the way KDC  client  server
ˇ Encrypted with the key of intended recipient
Kerberos ­ important terms
­ C = Client
­ AS = authentication server
­ V = server
­ IDC = identifier of user on C
­ IDV = identifier of V
­ PC = password of user on C
­ ADC = network address of C
­ KV = secret encryption key shared by AS an V
­ TS = timestamp
­ || = concatenation
Kerberos ­ time vs. replay issue
ˇ The threat: an opponent steals a ticket and
uses it before its expiry time
ˇ Lifetime of the ticket-granting ticket
­ Too short  frequent ticket requests
­ Too long  greater risk of replay attack
Tickets
ˇ Ticket-Granting Ticket ­ get once per logon
ˇ Service-Granting Ticket ­ get then once
before first use of a service (usually in a
given logon session)
ˇ Authenticated Service Request ­ once per
(service) session
Kerberos(v4) Authentication Process
Authentication Service Exhange ­ To obtain the Ticket-Granting Ticket
1) C  AS: IDC || IDTGS || TS1
2) AS  C: EKc (KC,TGS|| IDTGS || TS2 || Lifetime2 || TicketTGS)
Ticket-Granting Service Echange ­ To obtain the Service-Granting Ticket
3) C  TGS: IDV || TicketTGS || AuthenticatorC
4) TGS  C: EKc (KC,V|| IDV || TS4 || TicketV)
Client/Server Authentication Exhange: To Obtain Service
5) C  V: TicketV || AuthenticatorC
6) V  C: EKc,v (TS5 +1)
Kerberos today
ˇ Currently two broadly used versions:
ˇ 4 - restricted to a single realm (domain)
ˇ 5 - allows inter-realm authentication
ˇ Kerberos v5 is an Internet standard (RFC1510)
ˇ MSFT implementation (since Windows 2000)
Key distribution (with indirect
authentication)
ˇ Direct distribution
ˇ Key distribution center (also generates the
key ­ following slide)
ˇ Key transport center
A BEKAB(KS,...)
TTP - C
A B
EKBC(KS)
EKAC(KS)
Indirect authentication ­ key
distribution topologies.
TTP-managed
TTP - C
A B
Direct (pull/push)
TTP - C
A B
EKAC(KS)
EKBC(KS)
EKAC(KS, EKBC(KS))
EKBC(KS)
X.509 based authentication
ˇ X.509 specifies the format for public-key
certificates.
ˇ The certificate contains the public key of a
user and is signed with the private key of a
Certification Authority (CA).
ˇ Distributed environment using a database with
certificate (user) information.
ˇ Used in S/MIME, IP Security, SSL/TLS, SET.
Secure Sockets Layer / Transport Layer Security
What is SSL/TLS?
ˇ Protocols providing security and reliability
ˇ Protecting communication of two applications
ˇ Running over standard protocols like TCP
ˇ SSL ­ developed by Netscape, supported also
by Microsoft...
ˇ TLS ­ IETF standard (sometimes called SSL
v3.1)
ˇ Transparent for higher-level protocols like
HTTP
ˇ Using PKI and X.509 certificates
What security SSL/TLS provide?
Three basic security services:
ˇ Entity authentication ­ the entities are authenticated
using server and client certificates.
ˇ Integrity ­ message authentication code (MAC) which
ensures the data received is same as the data sent.
ˇ Confidentiality ­ after the initial "handshake", a symmetric
key is defined and used to encrypt all subsequent
communication (even checked passwords, etc.).
Concepts of SSL/TLS
ˇ Record Protocol
­The basic layer of the protocol.
­Works over TCP/IP (or other transport protocol).
­Allows for encapsulation of different higher level
protocols (HTTP, FTP, telnet, etc.) which run unmodified.
ˇ Handshake Protocol
­Allows the server and client to authenticate each other.
­By default, server authentication is mandatory, client
authentication optional.
­Authentication through presentation of digital certificates.
ˇ And verification of the ability to use the related private key!
Handshake Protocol
Client
Client Hello
Server
Server Hello, ( , Client Cert Request,...)
Server
Cert
Client
CertClient Key Exchange, Cipher Spec, ( , ...)
Application Data
S E C U R E
SSL/TLS Change Cipher Protocol
Application Data
S E C U R E
Client
Client Hello
Server
Server Hello, Change Cipher Spec
Server
Cert
Client
CertApplication Data
S E C U R E
Server
Cert
Client
Cert
... more detail
ˇ Establish Session
­ Send random challenge value, accept public key.
­ Verify signed challenge.
­ Deliver session key protected by recipient's public key.
ˇ Communicate Protected Data
­ Encrypt data using agreed cipher and the session key.
­ Produce hash regularly to protect integrity.
­ Data packed into sequenced records.
ˇ (Change Cipher - optional)
ˇ Finish Session
ˇ http://www.ietf.org/rfc/rfc2246.txt
Typical network attacks
ˇ Holes in software (sendmail, RPC, NFS, or
the firewall itself )
ˇ Network snooping ­ search for gold
ˇ IP/DNS spoofing ­ masquerade
ˇ Holes in new (higher-level) protocols
Intrusion Detection Systems
ˇ Intrusion ­ activity aimed at disrupting or
circumventing a service within an
organization's system
ˇ Also penetration, breach (, attack)
ˇ Social engineering 
ˇ Technical methods
IDS Principles
ˇ Anomaly detection
­ Unusual pattern (as
compared to typical
user/system behavior).
­ False positives!
ˇ Misuse detection
­ Pattern of intrusion(-
like) behavior
­ False negatives!
Combine these two approaches!
IDS Topologies
Network-based
ˇ Checking network traffic
ˇ Use raw network packets.
ˇ Typically a network
adapter running in
promiscuous - monitoring
and analyzing all traffic.
ˇ Responses like admin
notification, connection
termination, session
recording (for forensic
analysis), other detailed
evidence collection.
Host-based
ˇ Checking machines (log files,
etc.).
ˇ Started in 80s ­ log file
review.
ˇ Typically monitor system,
event, and security logs on
WinNT and syslog on Unix.
ˇ Also critical file checksum
control, response time, port
activities.
ˇ Responses analogous...
Combine these two approaches!
Email Security
ˇ Postcard-like service
ˇ PGP (Pretty Good Privacy)
ˇ S/MIME (Secure Multipurpose Internet
Mail Extension)
ˇ (X.400)
IPSEC
ˇ Authentication Header (AH), RFC-1826
­ Authenticity & integrity
ˇ Encapsulating Security Payload (ESP),
RFC-1827
­ Confidentiality (non-repudiation of origin)
­ Tunneling mode (encapsulation incl. headers)
­ Transport mode (data encapsulation)
ˇ Security Associations (SA)
IPSEC ­ Security Associations
ˇ Set of security features for a given session
between two or more systems.
ˇ Identifiable by Security Parameter Index
(SPI) and the IP address.
ˇ SPI depends on its Domain of Interpretation
(DOI), this defines format, type of key-
exchange, naming conventions, etc. One
system can support more DOIs.
Parameters of Security Associations
ˇ For AH ­ key authentication alg.
ˇ For ESP ­ encryption alg., crypto
synchronization, initiation vector.
ˇ Both for AH and ESP ­ level of security,
key lifetime, support of certificates, etc.
Firewalls
ˇ Protect against attacks from the outside
(across the firewall)
ˇ Attacks against internal data
ˇ Denial-of-service attacks
ˇ Communication options:
1. Allow
2. Deny
3. Translate (Proxy)
Basic options ­ firewalls
TCP/UDP Allow/Deny Packet filtering
(routers)
TCP A/D/Translate Circuit-gateway
(trust inside)
HTTP, FTP... A/D/T Applic.-gateway
Secure SHell
ˇ SSH
ˇ http://www.ssh.com/
ˇ Non-commercial
downloads
ˇ WinSCP
ˇ http://winscp.sou
rceforge.net/eng/
ˇ WinSCP
Closely related topics ­ to be
discussed later.
ˇ Firewalls and network security
­ Guest lecture next week ­ Josef Pojsl,
Technical Director, Trusted Network Solutions
Recommended reading
(assignment #1)
ˇ Paper "The Evolution of the Kerberos
Authentication System"
ftp://athena-dist.mit.edu/pub/kerberos/doc/krb_evol.PS
­ Limitations of Kerberos 4, and changes made in
Kerberos 5.
Questions?
Reminder:
Term project presentations May 3 & 10!
6 slots each date ­ mail to follow soon...