8/17/2019 SIC Module -4
1/78
Email Security
• email is one of the most widely usedand regarded network services
• currently message contents are notsecure – may be inspected either in transit
– or by suitably privileged users on
destination system
8/17/2019 SIC Module -4
2/78
Email SecurityEnhancements
• condentiality – protection from disclosure
• authentication – of sender of message
• message integrity – protection from modication
• non-repudiation of origin – protection from denial by sender
8/17/2019 SIC Module -4
3/78
Pretty Good Privacy (PGP)
• widely used de facto secure email
• developed by Phil immermann
• selected best available crypto algs touse
• integrated into a single program
• on !ni"# P$# %acintosh and other
systems• originally free# now also have
commercial versions available
8/17/2019 SIC Module -4
4/78
PGP &peration 'uthentication
* sender creates message+* use S,- to generate .-bit hash
of message
/* signed hash with 0S using sender1sprivate key# and is attached tomessage
2* receiver uses 0S with sender1s
public key to decrypt and recoverhash code
3* receiver veries received messageusing hash of it and compares withdecrypted hash code
8/17/2019 SIC Module -4
5/78
PGP &peration '$ondentiality
* sender generates message and +4-bit random number as session keyfor it
+* encrypt message using $S5-+4 678E 6 /8ES in $9$ mode withsession key
/* session key encrypted using 0Swith recipient1s public key# :attached to msg
2* receiver uses 0S with private key
to decrypt and recover session key
8/17/2019 SIC Module -4
6/78
PGP &peration ' $ondentiality :uthentication
• can use both services on samemessage – create signature : attach to message
– encrypt both message : signature
– attach 0S6ElGamal encrypted sessionkey
8/17/2019 SIC Module -4
7/78
PGP &peration '$ompression
• by default PGP compresses messageafter signing but before encrypting – so can store uncompressed message :
signature for later verication
– : because compression is nondeterministic
• uses 7P compression algorithm
8/17/2019 SIC Module -4
8/78
PGP &peration ' Email$ompatibility
• when using PGP will have binary data tosend (encrypted message etc)
• however email was designed only for te"t
• hence PGP must encode raw binary datainto printable S$77 characters
• uses radi"-2 algorithm –
maps / bytes to 2 printable chars – also appends a $0$
• PGP also segments messages if too big
8/17/2019 SIC Module -4
9/78
PGP &peration ' Summary
8/17/2019 SIC Module -4
10/78
PGP Session ;eys
• need a session key for each message – of varying siS7 ?+*@ mode
• uses random inputs taken fromprevious uses and from keystroke
timing of user
8/17/2019 SIC Module -4
11/78
PGP Public : Private ;eys
• since many public6private keys may be inuse# need to identify which is actually usedto encrypt session key in a message –
could send full public-key with every message – but this is ineAcient
• rather use a key identier based on key – is least signicant 2-bits of the key
–
will very likely be uniBue• also use key 78 in signatures
8/17/2019 SIC Module -4
12/78
PGP %essage Cormat
8/17/2019 SIC Module -4
13/78
S6%7%E (Secure6%ultipurpose7nternet %ail E"tensions)
• security enhancement to %7%E email – original 7nternet 0C$4++ email was te"t
only
– %7%E provided support for varyingcontent types and multi-part messages
– with encoding of binary data to te"tual
form – S6%7%E added security enhancements
• have S6%7%E support in many mail
agents –
8/17/2019 SIC Module -4
14/78
S6%7%E Cunctions
• enveloped data – encrypted content and associated keys
• signed data – encoded message D signed digest
• clear-signed data – clearte"t message D encoded signed
digest
• signed : enveloped data – nesting of signed : encrypted entities
8/17/2019 SIC Module -4
15/78
S6%7%E $ryptographiclgorithms
• digital signatures= 8SS : 0S
• hash functions= S,- : %83
•
session key encryption= ElGamal :0S
• message encryption= ES# 5riple-8ES#0$+62. and others
• %$= ,%$ with S,-
• have process to decide which algs touse
8/17/2019 SIC Module -4
16/78
S6%7%E %essages
• S6%7%E secures a %7%E entity with asignature# encryption# or both
•
forming a %7%E wrapped P;$S obect• have a range of content-types=
– enveloped data
– signed data
– clear-signed data
– registration reBuest
– certicate only message
8/17/2019 SIC Module -4
17/78
S6%7%E $erticateProcessing
• S6%7%E uses ?*3.F v/ certicates
• managed using a hybrid of a strict?*3.F $ hierarchy : PGPs web oftrust
• each client has a list of trusted $scerts
• and own public6private key pairs :certs
• certicates must be signed bytrusted $s
8/17/2019 SIC Module -4
18/78
7P Security
• have a range of application specicsecurity mechanisms – eg* S6%7%E# PGP# ;erberos# SSH6,55PS
• however there are security concernsthat cut across protocol layers
• would like security implemented by
the network for all applications
8/17/2019 SIC Module -4
19/78
7PSec
• general 7P Security mechanisms
• provides – authentication
– condentiality
– key management
• applicable to use over H>s# acrosspublic : private I>s# : for the7nternet
8/17/2019 SIC Module -4
20/78
7PSec !ses
8/17/2019 SIC Module -4
21/78
9enets of 7PSec
• in a rewall6router provides strongsecurity to all traAc crossing theperimeter
• in a rewall6router is resistant tobypass
• is below transport layer# hence
transparent to applications• can be transparent to end users
• can provide security for individualusers
• secures routin architecture
8/17/2019 SIC Module -4
22/78
7P Security rchitecture
• specication is Buite comple"
• dened in numerous 0C$s – incl* 0C$ +2.6+2.+6+2.6+2.4
– many others# grouped by category
• mandatory in 7Pv# optional in 7Pv2
• have two security header e"tensions= – uthentication ,eader (,)
– Encapsulating Security Payload (ESP)
8/17/2019 SIC Module -4
23/78
7PSec Services
• ccess control
• $onnectionless integrity
• 8ata origin authentication
• 0eection of replayed packets – a form of partial seBuence integrity
• $ondentiality (encryption)
• Himited traAc Jow condentiality
8/17/2019 SIC Module -4
24/78
Security ssociations
• a one-way relationship betweensender : receiver that aKordssecurity for traAc Jow
• dened by / parameters= – Security Parameters 7nde" (SP7)
– 7P 8estination ddress
–
Security Protocol 7dentier• has a number of other parameters
– seB no# , : E, info# lifetime etc
• have a database of Securityssociations
8/17/2019 SIC Module -4
25/78
uthentication ,eader (,)
• provides support for data integrity :authentication of 7P packets – end system6router can authenticate
user6app – prevents address spoong attacks by
tracking seBuence numbers
•based on use of a %$ – ,%$-%83-F or ,%$-S,--F
• parties must share a secret key
8/17/2019 SIC Module -4
26/78
uthentication ,eader
8/17/2019 SIC Module -4
27/78
5ransport : 5unnel %odes
8/17/2019 SIC Module -4
28/78
Encapsulating Security Payload(ESP)
• provides message content condentiality: limited traAc Jow condentiality
• can optionally provide the same
authentication services as ,• supports range of ciphers# modes# padding
– incl* 8ES# 5riple-8ES# 0$3# 78E# $S5 etc
– $9$ : other modes
–
padding needed to ll blocksi
8/17/2019 SIC Module -4
29/78
Encapsulating SecurityPayload
8/17/2019 SIC Module -4
30/78
5ransport vs 5unnel %odeESP
• transport mode is used to encrypt :optionally authenticate 7P data – data protected but header left in clear
– can do traAc analysis but is eAcient
– good for ESP host to host traAc
• tunnel mode encrypts entire 7P
packet – add new header for ne"t hop
– good for LP>s# gateway to gateway
security
8/17/2019 SIC Module -4
31/78
Ieb Security
• Ieb now widely used by business#government# individuals
• but 7nternet : Ieb are vulnerable
• have a variety of threats – integrity
– condentiality
–
denial of service – authentication
• need added security mechanisms
8/17/2019 SIC Module -4
32/78
SSH (Secure Socket Hayer)
• transport layer security service
• originally developed by >etscape
• version / designed with public input
• subseBuently became 7nternetstandard known as 5HS (5ransportHayer Security)
• uses 5$P to provide a reliable end-to-end service
• SSH has two layers of protocols
8/17/2019 SIC Module -4
33/78
SSH rchitecture
8/17/2019 SIC Module -4
34/78
SSH rchitecture
• SSL connection – a transient# peer-to-peer#
communications link
– associated with SSH session
• SSL session – an association between client : server
– created by the ,andshake Protocol – dene a set of cryptographic
parameters
–
may be shared by multiple SSH
8/17/2019 SIC Module -4
35/78
SSH 0ecord ProtocolServices
• message integrity – using a %$ with shared secret key
– similar to ,%$ but with diKerent
padding• confdentiality
– using symmetric encryption with ashared secret key dened by ,andshake
Protocol – ES# 78E# 0$+-2.# 8ES-2.# 8ES# /8ES#
Corte
8/17/2019 SIC Module -4
36/78
SSH 0ecord Protocol&peration
8/17/2019 SIC Module -4
37/78
SSH $hange $ipher SpecProtocol
• one of / SSH specic protocols whichuse the SSH 0ecord protocol
• a single message
• causes pending state to becomecurrent
• hence updating the cipher suite inuse
8/17/2019 SIC Module -4
38/78
SSH lert Protocol
• conveys SSH-related alerts to peer entity• severity
• warning or fatal
•
specic alert• fatal= une"pected message# bad record mac#
decompression failure# handshake failure#illegal parameter
•
warning= close notify# no certicate# badcerticate# unsupported certicate#certicate revoked# certicate e"pired#certicate unknown
•
compressed : encrypted like all SSH data
8/17/2019 SIC Module -4
39/78
SSH ,andshake Protocol
• allows server : client to= – authenticate each other
– to negotiate encryption : %$
algorithms – to negotiate cryptographic keys to be
used
•
comprises a series of messages inphases
* Establish Security $apabilities
+* Server uthentication and ;ey E"change
/* $lient uthentication and ;e E"chan e
8/17/2019 SIC Module -4
40/78
SSH ,andshake Protocol
5HS (5 H
8/17/2019 SIC Module -4
41/78
5HS (5ransport HayerSecurity)
• 7E5C standard 0C$ ++2 similar toSSHv/
• with minor diKerences – in record format version number – uses ,%$ for %$
– a pseudo-random function e"pandssecrets
– has additional alert codes
– some changes in supported ciphers
– changes in certicate types :
negotiations
8/17/2019 SIC Module -4
42/78
Secure Electronic 5ransactions(SE5)
• open encryption : securityspecication
• to protect 7nternet credit cardtransactions
• developed in FF by %astercard#Lisa etc
• not a payment system
• rather a set of security protocols :formats – secure communications amongst parties
8/17/2019 SIC Module -4
43/78
SE5 $omponents
8/17/2019 SIC Module -4
44/78
SE5 5ransaction
* customer opens account+* customer receives a certicate/* merchants have their own certicates
2* customer places an order3* merchant is veried* order and payment are sent@* merchant reBuests payment authori
8/17/2019 SIC Module -4
45/78
8ual Signature
• customer creates dual messages – order information (&7) for merchant
– payment information (P7) for bank
• neither party needs details of other
• but must know they are linked
• use a dual signature for this – signed concatenated hashes of &7 : P7
DS=E(PRc, [H(H(PI)||H(OI))])
8/17/2019 SIC Module -4
46/78
SE5 Purchase 0eBuest
• SE5 purchase reBuest e"changeconsists of four messages
* 7nitiate 0eBuest - get certicates
+* 7nitiate 0esponse - signed response
/* Purchase 0eBuest - of &7 : P7
2* Purchase 0esponse - ack order
P h 0 t
8/17/2019 SIC Module -4
47/78
Purchase 0eBuest '$ustomer
P h 0 t
8/17/2019 SIC Module -4
48/78
Purchase 0eBuest '%erchant
* veries cardholder certicates using $sigs
+* veries dual signature using customer1spublic signature key to ensure order hasnot been tampered with in transit : thatit was signed using cardholder1s privatesignature key
/* processes order and forwards thepayment information to the paymentgateway for authori
8/17/2019 SIC Module -4
49/78
Purchase 0eBuest '%erchant
P t G t
8/17/2019 SIC Module -4
50/78
Payment Gatewayuthori
8/17/2019 SIC Module -4
51/78
Payment $apture
• merchant sends payment gateway apayment capture reBuest
• gateway checks reBuest
• then causes funds to be transferredto merchants account
• noties merchant using captureresponse
8/17/2019 SIC Module -4
52/78
$hapter +. ' Cirewalls
The function of a strong position is tomake the forces holding it practically
unassailable
—On War, Carl Von Clausewitz
8/17/2019 SIC Module -4
53/78
7ntroduction
• seen evolution of information systems
• now everyone want to be on the 7nternet
• and to interconnect networks
•
has persistent security concerns – cant easily secure every system in org
• typically use a Firewall• to provide perimeter deence• as part of comprehensive security strategy
8/17/2019 SIC Module -4
54/78
Ihat is a CirewallM
• a choke point of control andmonitoring
• interconnects networks with diKering
trust• imposes restrictions on network
services –
only authori5 : usa e monitorin
8/17/2019 SIC Module -4
55/78
Cirewall Himitations
• cannot protect from attacksbypassing it – eg sneaker net# utility modems# trusted
organisations# trusted services (egSSH6SS,)
• cannot protect against internal
threats – eg disgruntled or colluding employees
• cannot protect against transfer of all
virus infected programs or les
8/17/2019 SIC Module -4
56/78
Cirewalls ' Packet Cilters
• simplest# fastest rewall component
• foundation of any rewall system
• e"amine each 7P packet (no conte"t)and permit or deny according to rules
• hence restrict access to services(ports)
• possible default policies – that not e"pressly permitted is
prohibited
– that not e"pressly prohibited is
8/17/2019 SIC Module -4
57/78
Cirewalls ' Packet Cilters
8/17/2019 SIC Module -4
58/78
ttacks on Packet Cilters
• 7P address spoong – fake source address to be trusted
– add lters on router to block
• source routing attacks – attacker sets a route other than default
– block source routed packets
•
tiny fragment attacks – split header info over several tiny
packets
– either discard or reassemble before
check
Cirewalls Stateful Packet
8/17/2019 SIC Module -4
59/78
Cirewalls ' Stateful PacketCilters
• traditional packet lters do note"amine higher layer conte"t – ie matching return packets with
outgoing Jow• stateful packet lters address this
need
• they e"amine each 7P packet inconte"t – keep track of client-server sessions
– check each packet validly belongs to
one
Ci ll li ti H l
8/17/2019 SIC Module -4
60/78
Cirewalls - pplication HevelGateway (or Pro"y)
• have application specic gateway 6pro"y
• has full access to protocol – user reBuests service from pro"y
– pro"y validates reBuest as legal
– then actions reBuest and returns result
to user – can log 6 audit traAc at application level
• need separate pro"ies for each
service
Ci ll li ti H l
8/17/2019 SIC Module -4
61/78
Cirewalls - pplication HevelGateway (or Pro"y)
Cirewalls $ircuit Hevel
8/17/2019 SIC Module -4
62/78
Cirewalls - $ircuit HevelGateway
• relays two 5$P connections
• imposes security by limiting whichsuch connections are allowed
• once created usually relays traAcwithout e"amining contents
• typically used when trust internal
users by allowing general outboundconnections
• S&$;S is commonly used
Cirewalls $ircuit Hevel
8/17/2019 SIC Module -4
63/78
Cirewalls - $ircuit HevelGateway
8/17/2019 SIC Module -4
64/78
9astion ,ost
• highly secure host system
• runs circuit 6 application level gateways
• or provides e"ternally accessible services
• potentially e"posed to NhostileN elements• hence is secured to withstand this
– hardened &6S# essential services# e"tra auth
– pro"ies small# secure# independent# non-
privileged• may support + or more net connections
• may be trusted to enforce policy of trustedseparation between these net connections
8/17/2019 SIC Module -4
65/78
Cirewall $ongurations
8/17/2019 SIC Module -4
66/78
Cirewall $ongurations
8/17/2019 SIC Module -4
67/78
Cirewall $ongurations
8/17/2019 SIC Module -4
68/78
ccess $ontrol
•given system has identied a user
• determine what resources they canaccess
•general model is that of accessmatri" with – subject - active entity (user# process)
–
object - passive entity (le or resource) – access right ' way obect can be
accessed
• can decompose by–
8/17/2019 SIC Module -4
69/78
ccess $ontrol %atri"
8/17/2019 SIC Module -4
70/78
5rusted $omputer Systems
• information security is increasinglyimportant
• have varying degrees of sensitivity of
information – cf military info classications= condential#
secret etc
• subects (people or programs) have
varying rights of access to obects(information)
• known as multilevel security –
subects have maimum : current security
8/17/2019 SIC Module -4
71/78
9ell HaPadula (9HP) %odel
• one of the most famous security models• implemented as mandatory policies on
system
•
has two key policies=• no read up (simple security property)
– a subect can only read6write an obect if thecurrent security level of the subect dominates(O) the classication of the obect
• no write down (Q-property) – a subect can only append6write to an obect if
the current security level of the subect isdominated by (R) the classication of the
obect
8/17/2019 SIC Module -4
72/78
0eference %onitor
Evaluated $omputer
8/17/2019 SIC Module -4
73/78
Evaluated $omputerSystems
• governments can evaluate 75systems
• against a range of standards= – 5$SE$# 7PSE$ and now $ommon $riteria
• dene a number of levelsT ofevaluation with increasingly stringent
checking• have published lists of evaluated
products
– though aimed at government6defense
8/17/2019 SIC Module -4
74/78
$ommon $riteria
• international initiative specifying securityreBuirements : dening evaluation criteria
• incorporates earlier standards –
eg $SE$# 75SE$# $5$PE$ ($anadian)# Cederal(!S)
• species standards for – evaluation criteria
– methodology for application of criteria
– administrative procedures for evaluation#certication and accreditation schemes
8/17/2019 SIC Module -4
75/78
$ommon $riteria
• denes set of security reBuirements • have a 5arget &f Evaluation (5&E)
• reBuirements fall in two categories – functional
– assurance
• both organised in classes of families :
components
$ommon $riteria
8/17/2019 SIC Module -4
76/78
$ommon $riteria0eBuirements
• Cunctional 0eBuirements – security audit# crypto support#
communications# user data protection#
identication : authentication# securitymanagement# privacy# protection oftrusted security functions# resourceutili
8/17/2019 SIC Module -4
77/78
$ommon $riteria
i i
8/17/2019 SIC Module -4
78/78
$ommon $riteria