Post on 26-Aug-2018
1
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Ingeniería de servicios y protocolos Services and protocols engineering
NETWORK SECURITY PROTOCOLS AND SERVICES
Lourdes López Santidrián
lourdes.lopez@upm.es
2
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
NETWORK SECURITY SERVICES
3
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
System risk areas The big tree
Confidentiality
AAA Integrity
4
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Security services Authentication A receiver can verify that the data is really sent by the claimed sender It is mandatory if the net needs a barrier between external and internal members
Authorization It states that only authorized entities can be able to perform certain operations
Availability The users of a Network must be capable of accessing its services whenever they need them
5
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Security services
Confidentiality Only the desired recipients can understand the message May be not mandatory
Integrity If the data produced and sent over the network are altered, the receiver will have a proof In most cases it is a mandatory property
6
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Secret/Symmetric Key Algorithms Algorithm Time (ms) CPU Cycles Power (μJ) ROM Memory
(Kb)
SkipJack 2,16 (3) 15.925,2 (3) 51,4 (3) 19 (4)
RC5 1,50 (2) 11.059,2 (1) 36,00 (1) 16 (3)
RC6 10,78 (5) 79.478,7 (5) 258,72 (5) 16 (3)
TEA 2,56 (4) 18.874,4 (4) 61,44 (4) 15,5 (1)
XTEA 1,45 (1) 12.450,2 (2) 40,7 (2) 15,5 (1)
DES 608,00 (6) 4.482.662,4 (6) 14.592,00 (6) 31 (6)
7
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Public/Asymmetric Key Algorithm
Diffie-Hellman Algorithm TinyECC (Elliptic Curve Cryptography) ECC-based signature generation and verification (ECDSA) Encryption and decryption (ECIES) Key agreement (ECDH)
8
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
NETWORK SECURITY TRADITIONAL PROTOCOLS
9
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
SSH (Secure Shell) Telnet and other remote logins as Berkeley rsh and rexec: Send data in plaintext => login+password in clear
SSH is a protocol for secure remote login and other secure network services over an insecure network.
RFC 4251, 2006 Unix, Microsoft Windows, Apple's Mac OS X, and Linux. SSH uses the client-server model Other uses: Tunneling Forwarding TCP ports and X11 connections; it can transfer
files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols.
10
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
SSH (Secure Shell) It consists of three major components: The Transport Layer Protocol [SSH-TRANS] Provides server authentication, confidentiality, and
integrity. It may optionally also provide compression. Typically be run over a TCP/IP connection.
The User Authentication Protocol [SSH-USERAUTH] Authenticates the client-side user to the server. It runs over the transport layer protocol.
The Connection Protocol [SSH-CONNECT] Multiplexes the encrypted tunnel into several logical
channels. It runs over the user authentication protocol.
11
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
SSH (Secure Shell) Client Authentication: The client generate a key pair on its own computer Client copy its public key to the server When the server asks the client to prove who it is, client can
generate a signature using client private key. The server can verify that signature (since it has client
public key) and allow client to log in. Now if the server is hacked or spoofed, the attacker does
not gain client private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing.
12
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
SSL/TLS SSL (Secure Socket Layer) v3.0 Netscape
TLS (Transport Layer Security) IETF v1.2 RFC 5246
Protects any protocol built on sockets: telnet, ftp, HTTP.
Services provided: Session encryption (AES, DES, IDEA, RC4). Server authentication (RSA, DSS).
Client authentication (optional) (RSA, DSS).
Message integrity (SHA, MD5).
SSL/TLS uses certificates X.509 v3.
13
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
SSL/TLS architecture
Handshake Protocol
Alert Protocol
Change Cipher Spec Protocol
Record Protocol
14
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Handshake Protocol It is the responsible for establishing and terminate SSL/TLS
connections. It is the responsible for session negotiation. It is the responsible for keys negotiation. It is the responsible for server authentication and optionally
client authentication. It uses the sub-protocols: Change Cipher Spec Protocol. Alert Protocol.
15
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Handshake flow chart Client Server
ClientHello
ChangeCipherSpec Finished
ClientCertificate* ClientKeyExchange CertificateVerify* ChangeCipherSpec Finished
ServerHello ServerCertificate* ServerKeyExchange* CertificateRequest* ServerHelloDone
16
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Change cipher spec Protocol ChangeCipherSpec protocol is used to switch
between an encryption algorithm (called "strategies" in the specification) and other.
To change the encryption algorithm, the client and server first negotiate a new CipherSpec (encryptions especification) and their keys. Then each sends a message ChangeCipherSpec, which makes the receiving process to start using the new CipherSpec and their keys.
17
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Alert Protocol
The systems use the alert protocol to indicate an error or warning condition to the other entity in its communication.
It has two fields: AlertLevel: Warnings (1), indicate a non fatal problem Errors (2), terminate immediately the SSL session
AlertDescription: describe errors or warnings
18
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Record protocol
type version length fragment
SSLPlaintext
type version length fragment
SSLCompressed
type version length content SSLCiphertext
MAC padding padding length
19
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
IPSec IPSec (Internet Protocol Security) IETF RFC 4301 It is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a
communication session HMAC-SHA1, TripleDES-CBC, AES-CBC
IPsec also includes protocols for: establishing mutual authentication between agents at the
beginning of the session and negotiation of cryptographic keys to be used during the
session IPsec is an end-to-end security scheme : host-to-host, network-to-network or network-to-host
20
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
IPSec Protocols Authentication Headers (AH) Provides connectionless integrity and data origin
authentication for IP datagrams Provides protection against replay attacks
Encapsulating Security Payloads (ESP) Provides confidentiality, data origin authentication,
connectionless integrity Provides an anti-replay service (a form of partial sequence
integrity) Provides limited traffic flow confidentiality
Security Associations (SA) Provide the bundle of algorithms and data that provide the
parameters necessary to operate the AH and/or ESP operations.
21
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
IPSec modes of operation TRANSPORT MODEL Only the payload of the IP packet is usually encrypted
and/or authenticated. The routing is intact, since the IP header is neither modified
nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this will invalidate the hash value.
The transport and application layers are always secured by hash, so they cannot be modified in any way (for example by translating the port numbers).
Transport mode is used for host-to-host communications.
22
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
IPSec modes of operation TUNNEL MODEL The entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP
header. Tunnel mode is used to create virtual private networks
(VPN) for: network-to-network communications (e.g. between
routers to link sites) host-to-network communications (e.g. remote user
access) and host-to-host communications (e.g. private chat)
23
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
SECURITY PROTOCOLS FOR ADVANCED NETWORKS
24
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
WSN Security Obstacles of Sensor Security Very limited resources Limited memory and storage space => code must be small Power limitation => processing must be small
Unreliable communication Unreliable transfer (connectionless) => lost, damage packets Conflicts by broadcast nature => transfer will fail Latency. Multi-hop routing difficult to achieve synchronization
=> problems with key distribution and critical event reports Unattended operation Exposure to physical attacks Managed remotely No central management point
25
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Security requirements in WSN Data confidentiality Data integrity Data freshness Availability Self-organization Time synchronization Secure localization Authentication
26
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Attacks in WSN Denial of service attacks Jam a node o set of nodes. Transmission of a radio signal
that interferes the WSN radio frequencies Constant jamming Intermittent jamming
Violate the communication protocol (ZigBee or IEEE 801.11b) transmitting continually message to generate collisions
Attack the routing layer Refusing to route messages in a multihop network Routing message to incorrect node
Attack the transport layer Flooding by many connection request
27
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Attacks in WSN The Sybil attack Malicious device illegitimately takes on multiple identities Routing algorithms, data aggregation, voting, fair resource
allocation and foiling misbehavior detection Traffic analysis attack Attacker can monitor nodes closest to the base station
Node replication attacks Copy the node ID of an existing sensor node
Attack against privacy Monitor, eavesdropping, traffic analysis or camouflage
Physical attacks Node destruction, extract secrets, modify software
28
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
Defensive measures in WSN Key establishment Public key cryptography use to much resources Use of ECC 160 bits keys (8-bit CPU) TinyPK (use TinySec with DH)
Use of optimized symmetric cryptography: XTEA, RC5-32, MISTY1, AES
Random key pre-distribution schemes: Key ring LEAP protocol: 4 keys for different uses + distribution key
preloaded Common trust of a third node
29
Ingeniería de Servicios y Protocolos – Services and Protocols Engineering
References RFC 4251. The Secure Shell (SSH) Protocol Architecture. T.
Ylonen, SSH Communication Security Corp., C. Lonvick, Ed. Cisco Systems, Inc. January 2006. http://www.ietf.org/rfc/rfc4251.txt
RFC 5246. The Transport Layer Security (TLS) Protocol Version 1.2. T. Dierks , Independent, E. Rescorla RTFM, Inc. August 2008 http://tools.ietf.org/html/rfc5246
RFC 430. Security Architecture for the Internet Protocol. S. Kent, K. Seo, BBN Technologies. December 2005. http://tools.ietf.org/html/rfc4301