TCP/IP Protocol StackApplication Layer Transport Layer Network Layer Data Link Layer • Each layer interacts with neighboring layers above and below • Each layer can be defined independen
Trang 1Web Security
Network Systems Security
Trang 2Web Security
government, and individuals
Have a variety of threats
Trang 3TCP/IP Protocol Stack
Application Layer
Transport Layer Network Layer Data Link Layer
• Each layer interacts with neighboring layers above and below
• Each layer can be defined independently
• Complexity of the networking
is hidden from the application
Trang 4Security At What Level?
Secure traffic at various levels in the network
Where to implement security? Depends on
the security requirements of the application
and the user
Basic services need to be implemented:
Key management
Confidentiality
Nonrepudation
Integrity/authentication
Trang 5TCP/IP Protocol Stack
Application Layer Transport Layer Internetwork Layer Network Access Layer
Provides services to the
Trang 6Transport Layer Security
application
each transport protocol
Trang 7Transport Layer Security Protocols
Connectionless and connection-oriented transport
layer service:
Security Protocol 4 (SP4) – NSA, NIST
Transport Layer Security (TLSP) – ISO
Connection-oriented transport layer service:
Encrypted Session Manager (ESM) – AT&T Bell Labs.
Secure Socket Layer (SSL) – Netscape
Communications
Trang 8to public
attack) – in Netscape Navigator 1.0-2.x
Navigator 3.0 and higher, MS Explorer 3.0
and higher
Trang 9transport layer and the application layer
service (e.g., TCP)
TCP-based application protocol, e.g., HTTP,FTP,
TELNET, POP3, etc
Trang 10SSL Services
cryptography)
Trang 11SSL State Information
initialize and maintain session state
information on either side of the session
connections connection state information
Trang 12SSL Session State Information Elements
Session ID: chosen by the server to identify an
active or resumable session state
Peer certificate: certificate for peer entity (X.509 v
3)
Compression method: algorithm to compress data
before encryption
Cipher spec: specification of data encryption and
Message Authentication Code (MAC) algorithms
Master secret: 48-byte secret shared between
Trang 13SSL Connection State Information Elements
Server and client random: byte sequences that are
chosen by server and client for each connection
Server write MAC secret: secret used for MAC on data
Trang 14SSL Protocol Architecture
Trang 15SSL Protocol
Components:
reliable transport layer service
data confidentiality, and data integrity
SSL sub-protocols
Trang 17SSL Record Protocol
confidentiality
secret key defined by Handshake Protocol
RC4-40, RC4-128
(optional)
message integrity
Trang 18SSL Record Protocol
Operation
Trang 19SSL Sub-protocols
Alert Protocol
Used to transmit alerts via SSL Record Protocol
Alert message: (alert level, alert description)
Handshake Protocol
Used to mutually authenticate client and server and
exchange session key
ChangeCipherSpec Protocol
Used to change cipher specifications
Can be changed at the end of the handshake or later
Application Protocol
Trang 20SSL Alert Protocol
Use two-byte message to convey SSL-related
alerts to peer entity
First byte is severity level
warning(1) or fatal(2)
Second byte is specific alert
Always fatal: unexpected_message, bad_record_mac,
decompression_failure, handshake_failure, illegal_parameter
Other alerts: close_notify, no_certificate, bad_certificate,
unsupported_certificate, certificate_revoked,
certificate_expired, certificate_unknown
Trang 21SSL Handshake Protocol
Allow server and client to
authenticate each other
negotiate encryption and MAC algorithms
negotiate cryptographic keys to be used
Comprise a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Trang 22SSL Handshake Messages
Trang 24SSL Handshake
CLIENTHELLO message is sent by the client
When the client wants to establish a TCP connection to the server,
When a HELLOREQUEST message is received, or
When client wants to renegotiate security parameters of an existing connection
Message content:
Number of highest SSL understood by the client
Client’s random structure (32-bit timestamp and 28-byte pseudorandom number)
Session ID client wishes to use (ID is empty for existing
1. C S: CLIENTHELLO
Trang 25 Server processes CLIENTHELLO message
Server Respond to client with SERVERHELLO message:
Server version number: lower version of that suggested by the client and the highest supported by the server
Server’s random structure: 32-bit timestamp and byte pseudorandom number
28- Session ID: corresponding to this connection
Cipher suite: selected by the server for client’s list
Trang 26Optional messages:
CERTIFICATE:
If the server is using certificate-based authentication
May contain RSA public key good for key exchange
SERVERKEYEXCHANGE:
If the client does not have certificate, has certificate that can only be used to verify digital signatures, or uses FORTEZZA token-based key exchange
Trang 27 Client processing:
Verifies site certification
Valid site certification if the server’s name matches the host part of the URL the client wants
CHANGECIPHERSPEC
Trang 28 Diffie-Hellman: public parameters between server and client
in SERVERKEYEXCHANGE and CLIENTKEYEXCHANGE msgs.
FORTEZZA: token-based key exchange based on public and private parameters
SSL Handshake
3 C S: [CERTIFICATE]
CLIENTKEYEXCHANGE [CERTIFICATEVERIFY]
CHANGECIPHERSPEC FINISH
Trang 29 Client messages:
CERTIFICATEVERIFY
If client authentication is required
Provides explicit verification of the use’s identity (personal certificate)
CHANGECIPHERSPEC FINISH
Trang 30 Server finishes handshake by sending
CHANGECIPHERSPEC and FINISH messages
After SSL handshake completed a secure connection is
established to send application data encapsulated in
SSL Record Protocol
4. S C: CHANGECIPHERSPEC
FINISH
SSL Handshake
Trang 31SSL Handshake to Resume session
Trang 32SSL Change Cipher Spec
Protocol
updating the cipher suite in use
Trang 33Transport Layer Security
(TLS)
Specified as IETF standard RFC 2246
Similar to SSLv3 but with minor differences
in record format version number
use HMAC for MAC
a pseudo-random function expands secrets
has additional alert codes
some changes in supported ciphers
Trang 34Next Class