Network Security Network Security EssentialsEssentialsChapter 5Chapter 5

Fourth EditionFourth Edition

by William Stallingsby William Stallings

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Chapter 5 – Chapter 5 – Transport-Level SecurityTransport-Level Security

Use your mentalityUse your mentality

Wake up to realityWake up to reality

——From the song, "I've Got You under My From the song, "I've Got You under My Skin“ by Cole PorterSkin“ by Cole Porter

Web Web GüvenliğiGüvenliği

Web Artık yaygın iş, devlet, bireyler tarafından kullanılanılır

Fakat internet ve Web saldırılara açıktırFakat internet ve Web saldırılara açıktır Değişik tehtitler mevcutturDeğişik tehtitler mevcuttur

integrityintegrity confidentialityconfidentiality denial of servicedenial of service authenticationauthentication

Güvenlik mekanizmaları eklenmesi gerekirGüvenlik mekanizmaları eklenmesi gerekir

Web Web Trafiği Güvenlik önerileriTrafiği Güvenlik önerileri

SSL (Secure Socket Layer)SSL (Secure Socket Layer)

transport layer security transport layer security hizmetlerihizmetleri Netscape tarafından ilk olarak geliştirildiNetscape tarafından ilk olarak geliştirildi V3 halka açık girişler kabul ediyor.V3 halka açık girişler kabul ediyor. Sonradan TLS olarak internet standardı Sonradan TLS olarak internet standardı

haline geldi haline geldi (Transport Layer Security)(Transport Layer Security) TCP yi uçtan uca güvenli servis TCP yi uçtan uca güvenli servis

verebilmek için kullanırverebilmek için kullanır SSL in iki protokol katmanı vardır. SSL in iki protokol katmanı vardır.

SSL ArchitectureSSL Architecture

SSL ArchitectureSSL Architecture

SSL SSL Bağlantısı( connection)Bağlantısı( connection) a transient, peer-to-peer, communications linka transient, peer-to-peer, communications link associated with 1 SSL sessionassociated with 1 SSL session

SSL SSL oturumuoturumu an association between client & serveran association between client & server created by the Handshake Protocolcreated by the Handshake Protocol define a set of cryptographic parametersdefine a set of cryptographic parameters may be shared by multiple SSL connectionsmay be shared by multiple SSL connections

SSL SSL Kayıt Protokolü ve servisKayıt Protokolü ve servis

Gizlilik (Gizlilik (confidentialityconfidentiality)) using symmetric encryption with a shared using symmetric encryption with a shared

secret key defined by Handshake Protocolsecret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, AES, IDEA, RC2-40, DES-40, DES, 3DES,

Fortezza, RC4-40, RC4-128Fortezza, RC4-40, RC4-128 message is compressed before encryptionmessage is compressed before encryption

Mesaj BütünlüğüMesaj Bütünlüğü using a MAC with shared secret keyusing a MAC with shared secret key similar to HMAC but with different paddingsimilar to HMAC but with different padding

SSL Record Protocol SSL Record Protocol OperationOperation

MACMAC

The following encryptionThe following encryption algorithms are algorithms are permittedpermitted

SSL SSL Cipher özelliklerini değiştirme Cipher özelliklerini değiştirme protokolü protokolü

Change Chiper Spec Pro.Change Chiper Spec Pro. SSL Record protocol SSL Record protocol ı kullanan ve SSL has ı kullanan ve SSL has

kullanılan 3 protokolden birisikullanılan 3 protokolden birisi Tek bir mesaj içerir (1111 1111) Tek bir mesaj içerir (1111 1111) Bekleyen durumun aktif hale gelmesini sağlar. Bekleyen durumun aktif hale gelmesini sağlar. Bu şekilde kullanılacak chiper listesini belirlerBu şekilde kullanılacak chiper listesini belirler

Chiper Spec Protocol (devam)Chiper Spec Protocol (devam)

The sole purpose of this message is to The sole purpose of this message is to cause the pending state to be copied into cause the pending state to be copied into the current state,the current state,

which updates the cipher suite to be used which updates the cipher suite to be used on this connectionon this connection

SSL SSL Uyarı ProtokolüUyarı ProtokolüAlert ProtocolAlert Protocol

SSL ile alakalı uyarıları karşıdaki eşe bildirir SSL ile alakalı uyarıları karşıdaki eşe bildirir Şiddeti, ÖnemiŞiddeti, Önemi

• warning warning veya veya fatal fatal

Bazı uyarılarBazı uyarılar• fatal: unexpected message, bad record mac, fatal: unexpected message, bad record mac,

decompression failure, handshake failure, illegal decompression failure, handshake failure, illegal parameterparameter

• warning: close notify, no certificate, bad certificate, warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, unsupported certificate, certificate revoked, certificate expired, certificate unknowncertificate expired, certificate unknown

Tüm SSL verileri gibi şıkıştırılıp&şifrelenirTüm SSL verileri gibi şıkıştırılıp&şifrelenir

Fatal AlertsFatal Alerts

Diğer AlertlerDiğer Alertler

SSL SSL El sıkışma protokolüEl sıkışma protokolüHandshake ProtocolHandshake Protocol

İstemci ve sunucu arasında İstemci ve sunucu arasında :: Birbirlerini kimlik denetimi yaparBirbirlerini kimlik denetimi yapar to negotiate encryption & MAC algorithmsto negotiate encryption & MAC algorithms to negotiate cryptographic keys to be usedto negotiate cryptographic keys to be used

Fazlar halinde bir seri mesajlar içerirFazlar halinde bir seri mesajlar içerir1.1. Establish Security CapabilitiesEstablish Security Capabilities

2.2. Server Authentication and Key ExchangeServer Authentication and Key Exchange

3.3. Client Authentication and Key ExchangeClient Authentication and Key Exchange

4.4. FinishFinish

SSL SSL Handshake Handshake

ProtocolProtocol

Phase 1 Phase 1 ESTABLISH SECURITY ESTABLISH SECURITY CAPABILITIESCAPABILITIES

is used to initiate a logicalis used to initiate a logical connection and to establish connection and to establish the security capabilities that will be associated with itthe security capabilities that will be associated with it

Server Key ExchangeServer Key Exchange

RSARSA Fixed Diffie HellmanFixed Diffie Hellman Ephemeral D-HEphemeral D-H Ananoymous D-HAnanoymous D-H ForTezzaForTezza

PHASE 2. PHASE 2. SERVERAUTHENTICATION AND SERVERAUTHENTICATION AND

KEY EXCHANGEKEY EXCHANGE The server begins this phaseThe server begins this phase b by sending its y sending its

certificate if it needs to becertificate if it needs to be a authenticated; the uthenticated; the message contains one ormessage contains one or a chain of X.509 a chain of X.509 certificatescertificates

Next, a server_key_exchange message may Next, a server_key_exchange message may be sent if it is required. Itbe sent if it is required. It is not required in is not required in two instances: (1) The server has sent a two instances: (1) The server has sent a certificate with fixedcertificate with fixed Diffie-HellmanDiffie-Hellman parameters or (2) a parameters or (2) a RSA key exchange RSA key exchange is to is to be used. Thebe used. The server_key_exchange message server_key_exchange message is needed for the followingis needed for the following

PHASE 3. CLIENT PHASE 3. CLIENT AUTHENTICATION AND KEY AUTHENTICATION AND KEY

EXCHANGEEXCHANGE If the server has requested a certificate, If the server has requested a certificate,

the client begins this phase by sendingthe client begins this phase by sending a a certificate message . If no suitable certificate message . If no suitable CCertificate is available, the client sends aertificate is available, the client sends a no_certificateno_certificate alert instead. alert instead.

SSL SSL Handshake Handshake

ProtocolProtocol

Cryptographic Cryptographic Hesaplamalar Hesaplamalar

master secret creationmaster secret creation Tek seferlik Tek seferlik 48-byte value48-byte value generated using secure key exchange (RSA / generated using secure key exchange (RSA /

Diffie-Hellman) and then hashing infoDiffie-Hellman) and then hashing info Kriptografik parametrelerin üretimi Kriptografik parametrelerin üretimi

client write MAC secret, a server write MAC client write MAC secret, a server write MAC secret, a client write key, a server write key, a secret, a client write key, a server write key, a client write IV, and a server write IVclient write IV, and a server write IV

generated by hashing master secretgenerated by hashing master secret

TLS (Transport Layer TLS (Transport Layer Security)Security)

IETF IETF standardı,standardı, RFC 2246 RFC 2246,, SSLv3 SSLv3 e çok e çok benzerbenzer

küçük farklar vardırküçük farklar vardır in record format version numberin record format version number uses HMAC for MACuses HMAC for MAC a pseudo-random function expands secretsa pseudo-random function expands secrets

• based on HMAC using SHA-1 or MD5based on HMAC using SHA-1 or MD5 has additional alert codeshas additional alert codes some changes in supported cipherssome changes in supported ciphers changes in certificate types & negotiationschanges in certificate types & negotiations changes in crypto computations & paddingchanges in crypto computations & padding

HTTPSHTTPS HTTPS (HTTP over SSL) HTTPS (HTTP over SSL)

HTTP & SSL/TLS HTTP & SSL/TLS birlikte kullanılması bu birlikte kullanılması bu şekilde şekilde browser & serverbrowser & server arası güvenli iletişim arası güvenli iletişim• documented in RFC2818documented in RFC2818• no fundamental change using either SSL or TLSno fundamental change using either SSL or TLS

https:// URL rather than http://https:// URL rather than http:// and port 443 rather than 80and port 443 rather than 80

encryptsencrypts URL, document contents, form data, cookies, URL, document contents, form data, cookies,

HTTP headersHTTP headers

Secure Shell (SSH)Secure Shell (SSH) Güvenli ağ iletişimi için bir protokolGüvenli ağ iletişimi için bir protokol

designed to be simple & inexpensivedesigned to be simple & inexpensive İlk versiyon İlk versiyon SSH1 SSH1 güvenli ve uzaktan erişim güvenli ve uzaktan erişim

içeririçerir replace TELNET & other insecure schemesreplace TELNET & other insecure schemes also has more general client/server capabilityalso has more general client/server capability

SSH2 SSH2 bir çok güvenlik açıklarını giderirbir çok güvenlik açıklarını giderir documented in RFCs 4250 through 4254documented in RFCs 4250 through 4254 SSH clients & servers SSH clients & servers çok erişilebilir. çok erişilebilir. method of choice for remote login/ X tunnelsmethod of choice for remote login/ X tunnels

SSH Protocol StackSSH Protocol Stack

SSH Transport Layer ProtocolSSH Transport Layer Protocol server authentication occurs at transport server authentication occurs at transport

layer, based on server/host key pair(s)layer, based on server/host key pair(s) server authentication requires clients to know server authentication requires clients to know

host keys in advancehost keys in advance packet exchangepacket exchange

establish TCP connection establish TCP connection can then exchange datacan then exchange data

1.1. identification string exchange, identification string exchange, 2.2. algorithm algorithm negotiation,negotiation,3.3. key exchange, key exchange, 4.4. end of key exchange,end of key exchange,5.5. service requestservice request

using specified packet formatusing specified packet format

SSH User Authentication SSH User Authentication ProtocolProtocol

authenticates client to serverauthenticates client to server three message types:three message types:

SSH_MSG_USERAUTH_REQUESTSSH_MSG_USERAUTH_REQUEST SSH_MSG_USERAUTH_FAILURE SSH_MSG_USERAUTH_FAILURE SSH_MSG_USERAUTH_SUCCESSSSH_MSG_USERAUTH_SUCCESS

authentication methods usedauthentication methods used public-key, password, host-basedpublic-key, password, host-based

SSH Connection ProtocolSSH Connection Protocol runs on SSH Transport Layer Protocolruns on SSH Transport Layer Protocol assumes secure authentication connectionassumes secure authentication connection used for multiple logical channelsused for multiple logical channels

SSH communications use separate channelsSSH communications use separate channels either side can open with unique id numbereither side can open with unique id number flow controlledflow controlled have three stages:have three stages:

• opening a channel, data transfer, closing a channelopening a channel, data transfer, closing a channel four types:four types:

• session, x11, forwarded-tcpip, direct-tcpip.session, x11, forwarded-tcpip, direct-tcpip.

SSH SSH Connection Connection

Protocol Protocol ExchangeExchange

Port ForwardingPort Forwarding

convert insecure TCP connection into a convert insecure TCP connection into a secure SSH connectionsecure SSH connection SSH Transport Layer Protocol establishes a SSH Transport Layer Protocol establishes a

TCP connection between SSH client & serverTCP connection between SSH client & server client traffic redirected to local SSH, travels client traffic redirected to local SSH, travels

via tunnel, then remote SSH delivers to servervia tunnel, then remote SSH delivers to server supports two types of port forwardingsupports two types of port forwarding

local forwarding – hijacks selected trafficlocal forwarding – hijacks selected traffic remote forwarding – client acts for serverremote forwarding – client acts for server

SummarySummary

have considered:have considered: need for web securityneed for web security SSL/TLS transport layer security protocolsSSL/TLS transport layer security protocols HTTPSHTTPS secure shell (SSH)secure shell (SSH)