PROTOCOLSDr. Mikko Särelä

Discuss with your neighbors what is a

protocol?

The term protocol is derived from the Greek word protokollan (first

glue)

A protocol is a rule which describes how an

activity should be performed

Communications protocol, a set of rules and regulations that determine how data is

transmitted in telecommunications and computer networking

TLS

TLS HANDSHAKE SIMPLIFIED

C →S : {C, NC , C#}

TLS HANDSHAKE SIMPLIFIED

C →S : {C, NC , C#} Client sends to server S its name C, 28 bit random nonce NC and transaction serial number C# to server with a list of supported cipher suites (Client Hello)

TLS HANDSHAKE SIMPLIFIED

C →S : {C, NC , C#} Client sends to server S its name C, 28 bit random nonce NC and transaction serial number C# to server with a list of supported ciphersuites (Client Hello)

S →C :{S, NS , CS, S#} Server chooses cipher suite, replies to client with server's 28 bit random nonce and server certificate with either RSA or Diffie-Hellman public key (depends on chosen cipher suite) (Server Hello), Transaction serial number s#

client usually checks certificate validity using Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP)

C →S : {K0}KS Client sends key exchange-message to server. K0 is key material.

C → S : {finished,MAC(K1, everythingtodate)}KCS Client sends finished message containing message authentication code (MAC) computed on all the messages sent by client to date. This Mac is calculated using master-secret K1, which is computed by hashing pre-master —secret key with client and server nonces. K1 = h(KCS,NC,NS). All traffic after this is encrypted using KCS from clinet to server and KSC from server to Client

S→C:{finished,MAC(K1,everythingtodate)}KSC,{data}KSC Server sends finished message with MAC computed on all server to client send messages to date. Server starts to send data encrypted with KSC key.

MIDDLEBOXES AND PROTOCOL SECURITY

Mikko Särelä, Yki Kortesniemi

Perustuu osittain Markus Peuhkurin aineistoon

OVERVIEW

•Recap on certificates

•Denial of Service

•Middleboxes

•Security protocols

RECAP

CIA MODELReminder CIA =

- Confidentiality- Integrity- Availability

•Often amended with- Authentication- Non-Repudiation

KEYS ARE THE PROBLEM

Crypto algorithms are, in general, secure

The real problem is key management

All the security relies on keys being kept secure

How do we securely e.g. agree on/distribute, store and use keys?

CERTIFICATES...

Fixed form, signed

X.509, CA, validation, revocation, CRL

Authorization certificates

Delegation, chains, loops, chain recovery

Self-signed certificates, trust, reputation

Key Authorization

Name

Authorization certificate

e.g. SPKI

Name or identity certificate

e.g. X.509

ACL or attribute

certificate

Subject (person /

computer / software agent)

has

uses

MIDDLEBOXES

FIREWALL• Divides network into two (or more) parts with different security policy

- internal network ⇔ Internet- engineering ⇔ accounting: the other network need not be a less

secure one that the other one. They just have different security policies or different assets to protect.

- internal network ⇔ public servers ⇔ Internet - building automation ⇔ VoIP ⇔ surveillance system

• Enforces security policy - allowed traffic- prohibited traffic

• Refer to IPSec security policy database (SPD): traffic is bypassed, discarded, or bypassed as protected.

• May have additional roles, such as a VPN endpoint

FIREWALL TYPES•Packet-filtering

- router ACL

•Stateful keeps track on connections- Timeouts

•Application gateway interpret connection on application level

•Host-based

•Hybrid

FIREWALL TOPOLOGIES

– has to have some timeout mechanism as the state space is limited. Some attacksmay exhaust state space. � random disconnections

• possible to accept related connections: some protocols need an application gateway.

Application gateway interpret connection on application level

• checks if application tra⇤c is valid

• protects from a simple port changes like running ssh protocol on port 443 (https).

• may provide a payload inspection to detect malicious payload

• proxy servers

– call-out

– in-line (transparent)

Address-translation between internal numbering and external addresses

• using NAPT provides same security as prohibiting incoming TCP and UDP

• internal topology can be hidden

Host-based or software firewalls add on application security

• completes application security and access control

• possibly user- and application-level control

Hybrid use combination of di�erent types for performance

• check start of connection with application gateway, switch to stateful filtering� betterperformance as the bulk of tra⇤c is handled by the fast path.

Firewall topologies

Internet private network

packet filter

packet filter

Internet

bastion host

serverDMZ

packet filter

Internet

packet filter

bastion host

server

modem / WLAN

Internet

bastion host

server

Building firewall rules

• Defining default policy

– “everything not prohibited is allowed”

∗ “router” ACL

∗ enumerate vulnerable services and protect them

– “everything not allowed is prohibited”

∗ enumerate need and safe services and allow only those

2

WHAT FIREWALL PROTECTS AND WHAT NOT

• Protects - from known, vulnerable protocols- static network configuration

• Does not protect for / from- executable/active content, unless has integrated virus

scanner that detects it, often targeted attacks go undetected- malicious insider loopholes: modems, WLAN, mobile

networks - carry-in/out attacks such as notebooks, mass storage, rogue

WLAN APs - new attacks using applications previously considered safe - most DoS attacks

• “hard perimeter, mellow inside”

NAT

•Address-translation between internal numbering and external addresses- Internal topology can be hidden- using NAPT provides same security

as prohibiting incoming TCP and UDP

INTRUSION DETECTION/PREVENTION

• How to make sure that the firewall is not leaking?• How to detect internal attacks?• IDS (Intrusion Detection System) is designed to

- detect, - identify, and- report malicious activity

• IDS can be located different places- application - host - network

INTRUSION PREVENTION SYSTEMS (IPS)

•IDS with an automatic response

•Suffers from a large number of false alerts ⇒ may result denial of service

•A firewall with automatic ACL update

•Virus scanners are host-based IPS

•Still at early stages- does not stop vendors from marketing. . .

HONEYPOTS

•A false system similar to production system

•Used as part of IDS - to study how attacker behaves

•How to keep an attacker from telling the difference from a real system

SECURITY PROTOCOLS

SECURITY AND NETWORK LAYERS

1. Physical layer

2. Data link layer

3. Network layer

4. Transport layer

LAYER AFFECTS SECURITY

Data link layer can only offer secure links

Network layer and above can offer end-to-end security

SECURITY AND NETWORK LAYERS

Physical layer

Data link layerGSM A5, WPA2

Network layerIPSec

Transport layerTLS/SSL

ASSIGNMENTS

Write lecture log (1-2 pages) and ponder what you learned.

Read Hardin’s Tragedy of the Commons and write an essay where you consider how tragedy of the commons relates to information, network, and protocol security.