Cryptography and Network Security UNIT IV - NETWORK SECURITY.

132
Cryptography and Cryptography and Network Security Network Security UNIT IV - NETWORK UNIT IV - NETWORK SECURITY SECURITY

Transcript of Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Page 1: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Cryptography and Cryptography and Network SecurityNetwork Security

UNIT IV - NETWORK SECURITYUNIT IV - NETWORK SECURITY

Page 2: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Authentication FunctionsAuthentication Functions

Message authentication or digital signature mechanism Message authentication or digital signature mechanism can be viewed as having two levelscan be viewed as having two levels At lower level: there must be some sort of functions producing At lower level: there must be some sort of functions producing

an an authenticatorauthenticator – a – a valuevalue to be used to authenticate a to be used to authenticate a messagemessage

This lower level functions is used as primitive in a higher level This lower level functions is used as primitive in a higher level authentication protocolauthentication protocol

Authentication Functions

Page 3: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Authentication FunctionsAuthentication Functions Three classes of functions that may be used to produce Three classes of functions that may be used to produce

an authenticatoran authenticatorMessage encryptionMessage encryption

Ciphertext itself serves as authenticatorCiphertext itself serves as authenticatorMessage authentication code (MAC)Message authentication code (MAC)

A public function of the message and a secret A public function of the message and a secret key that produces a fixed-length value that serves key that produces a fixed-length value that serves as the authenticatoras the authenticator

Hash functionHash functionA public function that maps a message of any A public function that maps a message of any

length into a fixed-length hash value, which length into a fixed-length hash value, which serves as the authenticatorserves as the authenticator

Authentication Functions

Page 4: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

KERBEROSKERBEROS

In Greek mythology, a many headed dog, the In Greek mythology, a many headed dog, the guardian of the entrance of Hadesguardian of the entrance of Hades

Page 5: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

KERBEROSKERBEROS

Users wish to access services on servers.Users wish to access services on servers. Three threats exist:Three threats exist:

User pretends to be another user.User pretends to be another user.User alters the network address of a User alters the network address of a

workstation.workstation.User eavesdrops on exchanges and uses a User eavesdrops on exchanges and uses a

replay attack.replay attack.

Page 6: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

KERBEROSKERBEROS

Provides a centralized authentication Provides a centralized authentication server to authenticate users to servers and server to authenticate users to servers and servers to users.servers to users.

Relies on conventional encryption, making Relies on conventional encryption, making no use of public-key encryptionno use of public-key encryption

Two versions: version 4 and 5Two versions: version 4 and 5 Version 4 makes use of DESVersion 4 makes use of DES

Page 7: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 4Kerberos Version 4

Terms:Terms: C = ClientC = Client AS = authentication serverAS = authentication server V = serverV = server IDIDcc = identifier of user on C = identifier of user on C IDIDv v = identifier of V= identifier of V PPc c = password of user on C= password of user on C ADcADc = network address of C= network address of C KKvv = secret encryption key shared by AS and V= secret encryption key shared by AS and V TS = timestampTS = timestamp || = concatenation|| = concatenation

Page 8: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

A Simple Authentication A Simple Authentication DialogueDialogue

(1)(1) C C AS: AS: IIDDc c |||| PPc c || || IIDDvv

(2)(2) AS AS C: C: TicketTicket

(3)(3) CC V: V: IIDDc c |||| Ticket Ticket

Ticket = ETicket = EKKvv[[IIDDc c |||| ADADc c || || IIDDvv]]

Two problems The number of times a user has to enter a password Plaintext transmission of the password

Page 9: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

The Idea towards SolutionThe Idea towards Solution

Introducing a ticket-granting server (TGS)Introducing a ticket-granting server (TGS)The user first requests a ticket-granting ticket The user first requests a ticket-granting ticket

((TicketTickettgstgs) from the AS;) from the AS;

The user then authenticates itself to TGS for a The user then authenticates itself to TGS for a ticket (Ticketticket (Ticketvv) for accessing new service;) for accessing new service;

The user finally authenticate itself to V for The user finally authenticate itself to V for requesting a particular service.requesting a particular service.

Page 10: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 4 Kerberos Version 4 Authentication Dialogue Authentication Dialogue

Page 11: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 4 Kerberos Version 4 Authentication Dialogue Authentication Dialogue

Page 12: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 4 Kerberos Version 4 Authentication Dialogue Authentication Dialogue

Page 13: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Overview of KerberosOverview of Kerberos

Page 14: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Request for Service in Request for Service in Another RealmAnother Realm

Page 15: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Difference Between Difference Between Version 4 and 5Version 4 and 5

Encryption system dependence (Encryption system dependence (V.4 V.4 DES)DES) Internet protocol dependenceInternet protocol dependence Message byte orderingMessage byte ordering Ticket lifetimeTicket lifetime Authentication forwardingAuthentication forwarding Interrealm authenticationInterrealm authentication

Page 16: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Encryption Kerberos Encryption TechniquesTechniques

Page 17: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PCBC ModePCBC Mode

Page 18: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos - in practiceKerberos - in practice CCurrently have two Kerberos versionsurrently have two Kerberos versions::

4 : restricted to a single realm 4 : restricted to a single realm 5 : allows inter-realm authentication, in beta test 5 : allows inter-realm authentication, in beta test Kerberos v5 is an Internet standard Kerberos v5 is an Internet standard specified in RFC1510, and used by many utilities specified in RFC1510, and used by many utilities

TTo use Kerberoso use Kerberos:: need to have a KDC on your network need to have a KDC on your network need to have need to have Kerberised applications running on all participating Kerberised applications running on all participating

systems systems major problem - US export restrictions major problem - US export restrictions Kerberos cannot be directly distributed outside the US in source format Kerberos cannot be directly distributed outside the US in source format

(& binary versions must obscure crypto routine entry points and have no (& binary versions must obscure crypto routine entry points and have no encryption) encryption)

else crypto libraries must be reimplemented locally else crypto libraries must be reimplemented locally

Page 19: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 Authentication X.509 Authentication ServiceService

Distributed set of servers that maintains a database Distributed set of servers that maintains a database about users.about users.

Each certificate contains the public key of a user and Each certificate contains the public key of a user and is signed with the private key of a CA.is signed with the private key of a CA.

Is used in S/MIME, IP Security, SSL/TLS and SET.Is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use.RSA is recommended to use.

Page 20: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 Authentication X.509 Authentication ServiceService

Distributed set of servers that maintains a database Distributed set of servers that maintains a database about users.about users.

Each certificate contains the public key of a user and Each certificate contains the public key of a user and is signed with the private key of a CA.is signed with the private key of a CA.

Is used in S/MIME, IP Security, SSL/TLS and SET.Is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use.RSA is recommended to use.

Page 21: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 FormatsX.509 Formats

Page 22: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Obtaining a User’s Obtaining a User’s CertificateCertificate

Characteristics of certificates generated by Characteristics of certificates generated by CA:CA:Any user with access to the public key of the Any user with access to the public key of the

CA can recover the user public key that was CA can recover the user public key that was certified.certified.

No part other than the CA can modify the No part other than the CA can modify the certificate without this being detected.certificate without this being detected.

Page 23: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 CA HierarchyX.509 CA Hierarchy

Page 24: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Revocation of CertificatesRevocation of Certificates

Reasons for revocation:Reasons for revocation:The users secret key is assumed to be The users secret key is assumed to be

compromised.compromised.The user is no longer certified by this CA.The user is no longer certified by this CA.The CA’s certificate is assumed to be The CA’s certificate is assumed to be

compromised.compromised.

Page 25: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Authentication ProceduresAuthentication Procedures

Page 26: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SummarySummary

have considered:have considered:message authentication usingmessage authentication using

message encryptionmessage encryptionMACsMACshash functionshash functions

KerberosKerberosX.509 Authentication ServiceX.509 Authentication Service

Page 27: Cryptography and Network Security UNIT IV - NETWORK SECURITY.
Page 28: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Authentication ApplicationsAuthentication Applications Developed to support application-level Developed to support application-level

authentication and digital signaturesauthentication and digital signatures Most widely used services: Most widely used services:

Kerberos Kerberos X.509X.509

Kerberos – a private-key authentication Kerberos – a private-key authentication serviceservice

X.509 – a public-key directory authentication X.509 – a public-key directory authentication serviceservice

Page 29: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

KerberosKerberos

Page 30: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

KerberosKerberos Developed as part of Project Athena at Developed as part of Project Athena at

MITMIT Symmetric encryptionSymmetric encryption

using no public keysusing no public keys Provides centralised private-key third-party Provides centralised private-key third-party

authentication in a distributed networkauthentication in a distributed network Version 4 and 5Version 4 and 5

Page 31: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos MotivationKerberos Motivation Provide security in a distributed architecture Provide security in a distributed architecture

consisting of dedicated user workstations consisting of dedicated user workstations (clients), and distributed or centralized (clients), and distributed or centralized serversservers

Require the user to prove his identity for Require the user to prove his identity for each service invokedeach service invoked

Require that servers prove their identity to Require that servers prove their identity to clientsclients

SecureSecure, , ReliableReliable, , TransparentTransparent, and , and ScalableScalable

Page 32: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos SchemeKerberos Scheme Trusted third party authentication serviceTrusted third party authentication service Uses a protocol based on Needham and Uses a protocol based on Needham and

Schroeder [NEED78], see Chapter 7Schroeder [NEED78], see Chapter 7 Clients and servers trust Kerberos to Clients and servers trust Kerberos to

mediate their mutual authenticationmediate their mutual authentication

Page 33: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 4Kerberos Version 4 Uses DES, in a rather elaborate protocol, Uses DES, in a rather elaborate protocol,

to provide authenticationto provide authentication Uses an Authentication Server (AS)Uses an Authentication Server (AS)

Knows all user passwords, and stores in a DBKnows all user passwords, and stores in a DBShares a unique secret key with each serverShares a unique secret key with each serverSend an encrypted ticket granting ticketSend an encrypted ticket granting ticketTGT contains a lifetime and timestampTGT contains a lifetime and timestamp

Page 34: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 4Kerberos Version 4 Uses a Ticket Granting Server (TGS)Uses a Ticket Granting Server (TGS)

Issues tickets to users authenticated by ASIssues tickets to users authenticated by ASEncrypted with a key only known by AS and Encrypted with a key only known by AS and

TGSTGSReturns a service granting ticketReturns a service granting ticket

Service granting ticket contains timestamp Service granting ticket contains timestamp and lifetimeand lifetime

Page 35: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos DialogKerberos Dialog Problem: lifetime and no server Problem: lifetime and no server

authenticate to userauthenticate to user Uses a session keyUses a session key Message Exchanges (see table 14.1)Message Exchanges (see table 14.1)

AS exchange to obtain ticket-granting ticketAS exchange to obtain ticket-granting ticketTGS exchange to obtain service granting TGS exchange to obtain service granting

ticketticketClient/Server authentication exchange to Client/Server authentication exchange to

obtain serviceobtain service

Page 36: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos OverviewKerberos Overview

Page 37: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos OverviewKerberos Overview

Page 38: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Multiple KerberiMultiple Kerberi Kerberos server in each realm shares a Kerberos server in each realm shares a

secret key with one anothersecret key with one another There must be trust between the serversThere must be trust between the servers i.e. each server are registered with one i.e. each server are registered with one

anotheranother

Does not scale wellDoes not scale well

Page 39: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos RealmsKerberos Realms

Page 40: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Kerberos Version 5Kerberos Version 5 Fixes version 4 environmental Fixes version 4 environmental

shortcomingsshortcomings New elements for AS exchange:New elements for AS exchange:

Realm, Options, Times, NonceRealm, Options, Times, Nonce Client/server authentication exchangeClient/server authentication exchange

Subkey, sequence numberSubkey, sequence number

Kerberos Ticket Flags (see table 14.4)Kerberos Ticket Flags (see table 14.4)

Page 41: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509X.509 part of X.500 seriespart of X.500 series

distributed servers maintaining user distributed servers maintaining user information databaseinformation database

defines framework for authentication services defines framework for authentication services directory may store public-key certificatesdirectory may store public-key certificateswith public key of user signed by certification with public key of user signed by certification

authority authority also defines authentication protocols also defines authentication protocols

Page 42: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509X.509 uses public-key cryptology & digital signatures uses public-key cryptology & digital signatures

algorithms not standardised, but RSA algorithms not standardised, but RSA recommendedrecommended

X.509 certificates are widely used X.509 certificates are widely used

Public key certificate associated with each userPublic key certificate associated with each userGenerated by some trusted CAGenerated by some trusted CA

Certification Authority (CA) issues certificatesCertification Authority (CA) issues certificates The notation The notation CA<<A>>CA<<A>> represents a certificate for a represents a certificate for a

client A signed by CAclient A signed by CA

Page 43: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 CertificatesX.509 Certificates issued by a Certification Authority (CA), containing: issued by a Certification Authority (CA), containing:

version 1, 2, or 3 version 1, 2, or 3 serial number (unique within CA) identifying certificate serial number (unique within CA) identifying certificate signature algorithm identifier signature algorithm identifier issuer X.500 name (CA) issuer X.500 name (CA) period of validity (from - to dates) period of validity (from - to dates) subject X.500 name (name of owner) subject X.500 name (name of owner) subject public-key info (algorithm, parameters, key) subject public-key info (algorithm, parameters, key) issuer unique identifier (v2+) issuer unique identifier (v2+) subject unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) extension fields (v3) signature (of hash of all fields in certificate) signature (of hash of all fields in certificate)

Page 44: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 CertificatesX.509 Certificates

Page 45: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Obtaining a User CertificateObtaining a User Certificate Certificate notation: CA{…}Certificate notation: CA{…}

Any user with CA’s public key can verify Any user with CA’s public key can verify the user public key that was certifiedthe user public key that was certified

No party other than the CA can modify the No party other than the CA can modify the certificate without being detectedcertificate without being detected

because cannot be forged, certificates can because cannot be forged, certificates can be placed in a public directory be placed in a public directory

Page 46: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

CA HierarchyCA Hierarchy if both users share a common CA then they are if both users share a common CA then they are

assumed to know its public key assumed to know its public key otherwise CA's must form a hierarchy otherwise CA's must form a hierarchy use certificates linking members of hierarchy to use certificates linking members of hierarchy to

validate other CA's validate other CA's each CA has certificates for clients (forward) each CA has certificates for clients (forward)

and parent (backward) and parent (backward) each client trusts parents certificates each client trusts parents certificates enable verification of any certificate from one CA enable verification of any certificate from one CA

by users of all other CAs in hierarchy by users of all other CAs in hierarchy

Page 47: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

CA HierarchyCA Hierarchy

Page 48: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Certificate RevocationCertificate Revocation certificates have a period of validitycertificates have a period of validity may need to revoke before expiry:may need to revoke before expiry:

1.1. user's private key is compromiseduser's private key is compromised

2.2. user is no longer certified by this CAuser is no longer certified by this CA

3.3. CA's certificate is compromisedCA's certificate is compromised CA’s maintain list of revoked certificatesCA’s maintain list of revoked certificates

the Certificate Revocation List (CRL)the Certificate Revocation List (CRL) users should check certificates with CA’s CRLusers should check certificates with CA’s CRL

Page 49: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Authentication ProceduresAuthentication Procedures X.509 includes three alternative authentication X.509 includes three alternative authentication

procedures: procedures: One-Way Authentication One-Way Authentication Two-Way Authentication Two-Way Authentication Three-Way Authentication Three-Way Authentication all use public-key signaturesall use public-key signatures

See Figure 14.6 for Authentication ProceduresSee Figure 14.6 for Authentication Procedures

Page 50: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

One-Way AuthenticationOne-Way Authentication 1 message ( A->B) used to establish 1 message ( A->B) used to establish

the identity of A and that message is from A the identity of A and that message is from A message was intended for B message was intended for B integrity & originality of message integrity & originality of message

message must include timestamp, nonce, message must include timestamp, nonce, B's identity and is signed by AB's identity and is signed by A

may include additional info for Bmay include additional info for Beg session key eg session key

Page 51: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Two-Way AuthenticationTwo-Way Authentication 2 messages (A->B, B->A) which also 2 messages (A->B, B->A) which also

establishes in addition:establishes in addition:the identity of B and that reply is from B the identity of B and that reply is from B that reply is intended for A that reply is intended for A integrity & originality of reply integrity & originality of reply

reply includes original nonce from A, also reply includes original nonce from A, also timestamp and nonce from Btimestamp and nonce from B

may include additional info for Amay include additional info for A

Page 52: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Three-Way AuthenticationThree-Way Authentication 3 messages (A->B, B->A, A->B) which 3 messages (A->B, B->A, A->B) which

enables above authentication without enables above authentication without synchronized clocks synchronized clocks

has reply from A back to B containing has reply from A back to B containing signed copy of nonce from B signed copy of nonce from B

means that timestamps need not be means that timestamps need not be checked or relied upon checked or relied upon

Page 53: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

X.509 Version 3X.509 Version 3 has been recognised that additional has been recognised that additional

information is needed in a certificate information is needed in a certificate email/URL, policy details, usage constraintsemail/URL, policy details, usage constraints

rather than explicitly naming new fields rather than explicitly naming new fields defined a general extension methoddefined a general extension method

extensions consist of:extensions consist of:extension identifierextension identifiercriticality indicatorcriticality indicatorextension valueextension value

Page 54: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Certificate ExtensionsCertificate Extensions key and policy informationkey and policy information

convey info about subject & issuer keys, plus convey info about subject & issuer keys, plus indicators of certificate policyindicators of certificate policy

certificate subject and issuer attributescertificate subject and issuer attributessupport alternative names, in alternative support alternative names, in alternative

formats for certificate subject and/or issuerformats for certificate subject and/or issuer certificate path constraintscertificate path constraints

allow constraints on use of certificates by allow constraints on use of certificates by other CA’sother CA’s

Page 55: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Public Key InfrastructurePublic Key Infrastructure

Page 56: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Chapter 15 – Electronic Mail Chapter 15 – Electronic Mail SecuritySecurity

Despite the refusal of VADM Poindexter and LtCol North to Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources of appear, the Board's access to other sources of information filled much of this gap. The FBI provided information filled much of this gap. The FBI provided documents taken from the files of the National Security documents taken from the files of the National Security Advisor and relevant NSC staff members, including Advisor and relevant NSC staff members, including messages from the PROF system between VADM messages from the PROF system between VADM Poindexter and LtCol North. The PROF messages were Poindexter and LtCol North. The PROF messages were conversations by computer, written at the time events conversations by computer, written at the time events occurred and presumed by the writers to be protected occurred and presumed by the writers to be protected from disclosure. In this sense, they provide a first-hand, from disclosure. In this sense, they provide a first-hand, contemporaneous account of events.contemporaneous account of events.——The Tower Commission Report to President The Tower Commission Report to President Reagan on the Iran-Contra Affair, 1987Reagan on the Iran-Contra Affair, 1987

Page 57: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Email SecurityEmail Security

email is one of the most widely used and email is one of the most widely used and regarded network services regarded network services

currently message contents are not secure currently message contents are not secure may be inspected either in transit may be inspected either in transit or by suitably privileged users on destination or by suitably privileged users on destination

systemsystem

Page 58: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Email Security EnhancementsEmail Security Enhancements

confidentialityconfidentialityprotection from disclosureprotection from disclosure

authenticationauthenticationof sender of messageof sender of message

message integritymessage integrityprotection from modification protection from modification

non-repudiation of originnon-repudiation of originprotection from denial by senderprotection from denial by sender

Page 59: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)

widely used de facto secure emailwidely used de facto secure email developed by Phil Zimmermanndeveloped by Phil Zimmermann selected best available crypto algs to useselected best available crypto algs to use integrated into a single programintegrated into a single program on Unix, PC, Macintosh and other systems on Unix, PC, Macintosh and other systems originally free, now also have commercial originally free, now also have commercial

versions availableversions available

Page 60: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Operation – PGP Operation – AuthenticationAuthentication

1.1. sender creates messagesender creates message2.2. use SHA-1 to generate 160-bit hash of use SHA-1 to generate 160-bit hash of

message message 3.3. signed hash with RSA using sender's signed hash with RSA using sender's

private key, and is attached to messageprivate key, and is attached to message4.4. receiver uses RSA with sender's public receiver uses RSA with sender's public

key to decrypt and recover hash codekey to decrypt and recover hash code5.5. receiver verifies received message using receiver verifies received message using

hash of it and compares with decrypted hash of it and compares with decrypted hash codehash code

Page 61: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Operation – PGP Operation – ConfidentialityConfidentiality

1.1. sender generates message and 128-bit sender generates message and 128-bit random number as session key for itrandom number as session key for it

2.2. encrypt message using CAST-128 / IDEA / encrypt message using CAST-128 / IDEA / 3DES in CBC mode with session key3DES in CBC mode with session key

3.3. session key encrypted using RSA with session key encrypted using RSA with recipient's public key, & attached to msgrecipient's public key, & attached to msg

4.4. receiver uses RSA with private key to receiver uses RSA with private key to decrypt and recover session keydecrypt and recover session key

5.5. session key is used to decrypt messagesession key is used to decrypt message

Page 62: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Operation – Confidentiality PGP Operation – Confidentiality & Authentication & Authentication

can use both services on same messagecan use both services on same messagecreate signature & attach to messagecreate signature & attach to messageencrypt both message & signatureencrypt both message & signatureattach RSA/attach RSA/ElGamal encrypted session keyElGamal encrypted session key

Page 63: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Operation – PGP Operation – CompressionCompression

by default PGP compresses message by default PGP compresses message after signing but before encryptingafter signing but before encryptingso can store uncompressed message & so can store uncompressed message &

signature for later verificationsignature for later verification& because compression is non deterministic& because compression is non deterministic

uses ZIP compression algorithmuses ZIP compression algorithm

Page 64: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Operation – Email PGP Operation – Email CompatibilityCompatibility

when using PGP will have binary data to send when using PGP will have binary data to send (encrypted message etc)(encrypted message etc)

however email was designed only for texthowever email was designed only for text hence PGP must encode raw binary data into hence PGP must encode raw binary data into

printable ASCII charactersprintable ASCII characters uses radix-64 algorithmuses radix-64 algorithm

maps 3 bytes to 4 printable charsmaps 3 bytes to 4 printable chars also appends a CRCalso appends a CRC

PGP also segments messages if too bigPGP also segments messages if too big

Page 65: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Operation – SummaryPGP Operation – Summary

Page 66: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Session KeysPGP Session Keys

need a session key for each messageneed a session key for each messageof varying sizes: 56-bit DES, 128-bit CAST or of varying sizes: 56-bit DES, 128-bit CAST or

IDEA, 168-bit Triple-DESIDEA, 168-bit Triple-DES generated using ANSI X12.17 modegenerated using ANSI X12.17 mode uses random inputs taken from previous uses random inputs taken from previous

uses and from keystroke timing of useruses and from keystroke timing of user

Page 67: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Public & Private KeysPGP Public & Private Keys

since many public/private keys may be in use, since many public/private keys may be in use, need to identify which is actually used to encrypt need to identify which is actually used to encrypt session key in a messagesession key in a message could send full public-key with every messagecould send full public-key with every message but this is inefficientbut this is inefficient

rather use a key identifier based on keyrather use a key identifier based on key is least significant 64-bits of the keyis least significant 64-bits of the key will very likely be uniquewill very likely be unique

also use key ID in signaturesalso use key ID in signatures

Page 68: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Message FormatPGP Message Format

Page 69: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Key RingsPGP Key Rings

each PGP user has a pair of keyringseach PGP user has a pair of keyrings::public-key ring contains all the public-keys of public-key ring contains all the public-keys of

other PGP users known to this user, indexed other PGP users known to this user, indexed by key IDby key ID

private-key ring contains the public/private private-key ring contains the public/private key pair(s) for this user, indexed by key ID & key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed encrypted keyed from a hashed passphrasepassphrase

security of private keys thus depends on security of private keys thus depends on the pass-phrase securitythe pass-phrase security

Page 70: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Message GenerationPGP Message Generation

Page 71: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Message ReceptionPGP Message Reception

Page 72: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

PGP Key ManagementPGP Key Management

rather than relying on certificate authoritiesrather than relying on certificate authorities in PGP every user is own CAin PGP every user is own CA

can sign keys for users they know directlycan sign keys for users they know directly

forms a “web of trust”forms a “web of trust” trust keys have signedtrust keys have signed can trust keys others have signed if have a chain of can trust keys others have signed if have a chain of

signatures to themsignatures to them

key ring includes trust indicatorskey ring includes trust indicators users can also revoke their keysusers can also revoke their keys

Page 73: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

S/MIME (Secure/Multipurpose S/MIME (Secure/Multipurpose Internet Mail Extensions)Internet Mail Extensions)

security enhancement to MIME emailsecurity enhancement to MIME emailoriginal Internet RFC822 email was text onlyoriginal Internet RFC822 email was text onlyMIME provided support for varying content MIME provided support for varying content

types and multi-part messagestypes and multi-part messageswith encoding of binary data to textual formwith encoding of binary data to textual formS/MIME added security enhancementsS/MIME added security enhancements

have S/MIME support in many mail agentshave S/MIME support in many mail agentseg MS Outlook, Mozilla, Mac Mail etceg MS Outlook, Mozilla, Mac Mail etc

Page 74: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

S/MIME FunctionsS/MIME Functions

enveloped dataenveloped dataencrypted content and associated keysencrypted content and associated keys

signed datasigned dataencoded message + signed digestencoded message + signed digest

clear-signed dataclear-signed datacleartext cleartext message + encoded signed digestmessage + encoded signed digest

signed & enveloped datasigned & enveloped datanesting of signed & encrypted entitiesnesting of signed & encrypted entities

Page 75: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

S/MIME Cryptographic S/MIME Cryptographic AlgorithmsAlgorithms

digital signatures: DSS & RSAdigital signatures: DSS & RSA hash functions: SHA-1 & MD5hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSAsession key encryption: ElGamal & RSA message encryption: AES, Triple-DES, message encryption: AES, Triple-DES,

RC2/40 and othersRC2/40 and others MAC: HMAC with SHA-1MAC: HMAC with SHA-1 have process to decide which algs to usehave process to decide which algs to use

Page 76: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

S/MIME MessagesS/MIME Messages

S/MIME secures a MIME entity with a S/MIME secures a MIME entity with a signature, encryption, or bothsignature, encryption, or both

forming a MIME wrapped PKCS objectforming a MIME wrapped PKCS object have a range of content-types:have a range of content-types:

enveloped dataenveloped datasigned datasigned dataclear-signed dataclear-signed dataregistration requestregistration requestcertificate only messagecertificate only message

Page 77: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

S/MIME Certificate ProcessingS/MIME Certificate Processing

S/MIME uses X.509 v3 certificatesS/MIME uses X.509 v3 certificates managed using a hybrid of a strict X.509 managed using a hybrid of a strict X.509

CA hierarchy & PGP’s web of trustCA hierarchy & PGP’s web of trust each client has a list of trusted CA’s certseach client has a list of trusted CA’s certs and own public/private key pairs & certsand own public/private key pairs & certs certificates must be signed by trusted CA’scertificates must be signed by trusted CA’s

Page 78: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Certificate AuthoritiesCertificate Authorities

have several well-known CA’shave several well-known CA’s Verisign one of most widely usedVerisign one of most widely used Verisign issues several types of Digital IDsVerisign issues several types of Digital IDs increasing levels of checks & hence trustincreasing levels of checks & hence trust

ClassClass Identity ChecksIdentity Checks UsageUsage

11 name/email checkname/email check web browsing/emailweb browsing/email

22 + enroll/addr check+ enroll/addr check email, subs, s/w email, subs, s/w validatevalidate

33 + ID documents+ ID documents e-banking/service e-banking/service accessaccess

Page 79: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SummarySummary

have considered:have considered:secure emailsecure emailPGPPGPS/MIMES/MIME

Page 80: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

- -

IP SecurityIP Security

Page 81: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

OutlineOutline

Internetworking and Internet ProtocolsInternetworking and Internet Protocols IP Security OverviewIP Security Overview IP Security ArchitectureIP Security Architecture Authentication HeaderAuthentication Header Encapsulating Security PayloadEncapsulating Security Payload Combinations of Security AssociationsCombinations of Security Associations Key ManagementKey Management

Page 82: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

TCP/IP ExampleTCP/IP Example

Page 83: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IPv4 HeaderIPv4 Header

Page 84: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IPv6 HeaderIPv6 Header

Page 85: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IP Security OverviewIP Security Overview IPSec is not a single protocol. IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms Instead, IPSec provides a set of security algorithms

plus a general framework that allows a pair of plus a general framework that allows a pair of communicating entities to use whichever algorithms to communicating entities to use whichever algorithms to provide security appropriate for the communication.provide security appropriate for the communication.

Applications of IPSecApplications of IPSec Secure branch office connectivity over the InternetSecure branch office connectivity over the Internet Secure remote access over the InternetSecure remote access over the Internet Establsihing extranet and intranet connectivity with Establsihing extranet and intranet connectivity with

partnerspartners Enhancing electronic commerce securityEnhancing electronic commerce security

Page 86: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IP Security ScenarioIP Security Scenario

Page 87: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IP Security OverviewIP Security Overview

Benefits of IPSecBenefits of IPSec Transparent to applications - below transport layer Transparent to applications - below transport layer

(TCP, UDP)(TCP, UDP) Provide security for individual usersProvide security for individual users

IPSec can assure that:IPSec can assure that: A router or neighbor advertisement comes from an A router or neighbor advertisement comes from an

authorized routerauthorized router A redirect message comes from the router to A redirect message comes from the router to

which the initial packet was sentwhich the initial packet was sent A routing update is not forgedA routing update is not forged

Page 88: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IP Security ArchitectureIP Security Architecture IPSec documents: NEW updates in 2005!IPSec documents: NEW updates in 2005!

RFC 2401RFC 2401: : Security Architecture for the Internet Protocol.Security Architecture for the Internet Protocol.  S. Kent, R. Atkinson.  S. Kent, R. Atkinson.

November 1998. (November 1998. (An overview of security architecture)An overview of security architecture) RFC 4301RFC 4301 (12/2005) (12/2005) RFC 2402RFC 2402: : IP Authentication Header.IP Authentication Header. S. Kent, R. Atkinson. November 1998.  S. Kent, R. Atkinson. November 1998.

((Description of a packet encryption extension to IPv4 and IPv6)Description of a packet encryption extension to IPv4 and IPv6) RFC 4302RFC 4302 (12/2005)(12/2005)

RFC 2406RFC 2406: : IP Encapsulating Security Payload (ESP).IP Encapsulating Security Payload (ESP). S. Kent, R. Atkinson.  S. Kent, R. Atkinson.

November 1998.November 1998. (Description of a packet emcryption extension to IPv4 and IPv6) (Description of a packet emcryption extension to IPv4 and IPv6) RFC 4303RFC 4303 (12/2005) (12/2005)

RFC2407RFC2407 The Internet IP Security Domain of Interpretation for ISAKMP The Internet IP Security Domain of Interpretation for ISAKMP D. Piper. D. Piper.

November 1998. PROPOSED STANDARD.November 1998. PROPOSED STANDARD. (Obsoleted by (Obsoleted by RFC4306RFC4306)) RFC 2408RFC 2408: : Internet Security Association and Key Management Protocol Internet Security Association and Key Management Protocol

(ISAKMP).(ISAKMP). D. Maughan, M. Schertler, M. Schneider, J. Turner. November 1998. D. Maughan, M. Schertler, M. Schneider, J. Turner. November 1998.

(Specification of key managament capabilities) (Specification of key managament capabilities) (Obsoleted by (Obsoleted by RFC4306RFC4306)) RFC2409RFC2409 The Internet Key Exchange (IKE) The Internet Key Exchange (IKE) D. Harkins, D. Carrel. November 1998. D. Harkins, D. Carrel. November 1998.

PROPOSED STANDARD.PROPOSED STANDARD. (Obsoleted by (Obsoleted by RFC4306RFC4306, Updated by , Updated by RFC4109RFC4109) ) 

Page 89: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IP Security ArchitectureIP Security Architecture Internet Key Exchange (IKE)Internet Key Exchange (IKE)

A method for establishing a security association (SA) that A method for establishing a security association (SA) that authenticates usersauthenticates users, , negotiates the encryption methodnegotiates the encryption method and and exchanges the secret keyexchanges the secret key. IKE is used in the IPsec . IKE is used in the IPsec protocol. Derived from the ISAKMP framework for key protocol. Derived from the ISAKMP framework for key exchange and the Oakley and SKEME key exchange exchange and the Oakley and SKEME key exchange techniques, IKE uses public key cryptography to provide the techniques, IKE uses public key cryptography to provide the secure transmission of the secret key to the recipient so that secure transmission of the secret key to the recipient so that the encrypted data may be decrypted at the other end. the encrypted data may be decrypted at the other end. ((

http://computing-dictionary.thefreedictionary.com/IKEhttp://computing-dictionary.thefreedictionary.com/IKE)) RFC4306RFC4306 Internet Key Exchange (IKEv2) ProtocolInternet Key Exchange (IKEv2) Protocol C. Kaufman, Ed.  C. Kaufman, Ed.

December 2005 (Obsoletes December 2005 (Obsoletes RFC2407RFC2407, , RFC2408RFC2408, , RFC2409RFC2409) PROPOSED ) PROPOSED STANDARDSTANDARD

RFC4109RFC4109 Algorithms for Internet Key Exchange version 1 (IKEv1)Algorithms for Internet Key Exchange version 1 (IKEv1) P.  P. Hoffman. May 2005 (Updates Hoffman. May 2005 (Updates RFC2409RFC2409) PROPOSED STANDARD) PROPOSED STANDARD

Page 90: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IPSec Document OverviewIPSec Document Overview

Page 91: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

IPSec ServicesIPSec Services

Access ControlAccess Control Connectionless integrityConnectionless integrity Data origin authenticationData origin authentication Rejection of replayed packetsRejection of replayed packets Confidentiality (encryption)Confidentiality (encryption) Limited traffic flow confidentiallityLimited traffic flow confidentiallity

Page 92: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Security Associations (SA)Security Associations (SA)

A one way relationsship between a A one way relationsship between a sender and a receiver.sender and a receiver.

Identified by three parameters:Identified by three parameters:Security Parameter Index (SPI)Security Parameter Index (SPI)IP Destination addressIP Destination addressSecurity Protocol IdentifierSecurity Protocol Identifier

Page 93: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Transport Mode SATransport Mode SA Tunnel Mode SATunnel Mode SA

AHAH AuthenticatesAuthenticates IP payload IP payload and selected portions of IP and selected portions of IP header and IPv6 extension header and IPv6 extension headersheaders

AuthenticatesAuthenticates entire inner entire inner IP packet plus selected IP packet plus selected portions of outer IP headerportions of outer IP header

ESPESP EncryptsEncrypts IP payload and any IP payload and any IPv6 extesion headerIPv6 extesion header

EncryptsEncrypts inner IP packet inner IP packet

ESP with ESP with authenticationauthentication

EncryptsEncrypts IP payload and any IP payload and any IPv6 extesion header. IPv6 extesion header. AuthenticatesAuthenticates IP payload but IP payload but no IP headerno IP header

EncryptsEncrypts inner IP packet. inner IP packet.

AuthenticatesAuthenticates inner IP inner IP packet.packet.

Page 94: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Before applying AHBefore applying AH

Page 95: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Transport Mode Transport Mode (AH Authentication)(AH Authentication)

Page 96: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Tunnel Mode Tunnel Mode (AH Authentication)(AH Authentication)

Page 97: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Authentication HeaderAuthentication Header Provides support for data integrity and authentication Provides support for data integrity and authentication

(MAC code) of IP packets.(MAC code) of IP packets. Guards against replay attacks.Guards against replay attacks.

Page 98: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

End-to-end versus End-to-End-to-end versus End-to-Intermediate AuthenticationIntermediate Authentication

Page 99: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Encapsulating Security Encapsulating Security PayloadPayload

ESP provides confidentiality servicesESP provides confidentiality services

Page 100: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Encryption and Authentication Encryption and Authentication AlgorithmsAlgorithms

Encryption:Encryption: Three-key triple DESThree-key triple DES RC5RC5 IDEAIDEA Three-key triple IDEAThree-key triple IDEA CASTCAST BlowfishBlowfish

Authentication:Authentication: HMAC-MD5-96HMAC-MD5-96 HMAC-SHA-1-96HMAC-SHA-1-96

Page 101: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

ESP Encryption and ESP Encryption and AuthenticationAuthentication

Page 102: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

ESP Encryption and ESP Encryption and AuthenticationAuthentication

Page 103: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Combinations of Security Combinations of Security AssociationsAssociations

Page 104: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Combinations of Security Combinations of Security AssociationsAssociations

Page 105: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Combinations of Security Combinations of Security AssociationsAssociations

Page 106: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Combinations of Security Combinations of Security AssociationsAssociations

Page 107: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Key ManagementKey Management

Two types:Two types:ManualManualAutomatedAutomated

OakleyOakley Key Determination Protocol Key Determination ProtocolInternet Security Association and Key Internet Security Association and Key

Management Protocol (Management Protocol (ISAKMPISAKMP))

Page 108: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

OakleyOakley

Three authentication methods:Three authentication methods:Digital signaturesDigital signaturesPublic-key encryptionPublic-key encryptionSymmetric-key encryption (aka. Preshare Symmetric-key encryption (aka. Preshare

key)key)

Page 109: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

ISAKMPISAKMP

Page 110: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Cryptography and Cryptography and Network SecurityNetwork Security

Third EditionThird Edition

by William Stallingsby William Stallings

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Edited by Dick SteflikEdited by Dick Steflik

Page 111: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Web SecurityWeb Security

Web now widely used by business, government, Web now widely used by business, government, individualsindividuals

but Internet & Web are vulnerablebut Internet & Web are vulnerable have a variety of threatshave a variety of threats

integrityintegrity confidentialityconfidentiality denial of servicedenial of service authenticationauthentication

need added security mechanismsneed added security mechanisms

Page 112: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL (Secure Socket Layer)SSL (Secure Socket Layer)

transport layer security servicetransport layer security service originally developed by Netscapeoriginally developed by Netscape version 3 designed with public inputversion 3 designed with public input subsequently became Internet standard known subsequently became Internet standard known

as TLS (Transport Layer Security)as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end uses TCP to provide a reliable end-to-end

serviceservice SSL has two layers of protocolsSSL has two layers of protocols

Page 113: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Where SSL FitsWhere SSL Fits

HTTP SMTP POP3

80 25 110

HTTPS SSMTP SPOP3

443 465 995

Secure Sockets Layer

Transport

Network

Link

Page 114: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Uses Public Key SchemeUses Public Key Scheme Each client-server pair usesEach client-server pair uses

2 public keys 2 public keys one for client (browser)one for client (browser)

created when browser is installed on client machinecreated when browser is installed on client machine

one for server (http server)one for server (http server) created when server is installed on server hardwarecreated when server is installed on server hardware

2 private keys2 private keysone for client browserone for client browserone for server (http server)one for server (http server)

Page 115: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL ArchitectureSSL Architecture

Page 116: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL ArchitectureSSL Architecture

SSL sessionSSL sessionan association between client & serveran association between client & servercreated by the Handshake Protocolcreated by the Handshake Protocoldefine a set of cryptographic parametersdefine a set of cryptographic parametersmay be shared by multiple SSL connectionsmay be shared by multiple SSL connections

SSL connectionSSL connectiona transient, peer-to-peer, communications a transient, peer-to-peer, communications

linklinkassociated with 1 SSL sessionassociated with 1 SSL session

Page 117: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL Record ProtocolSSL Record Protocol

confidentialityconfidentiality using symmetric encryption with a shared secret using symmetric encryption with a shared secret

key defined by Handshake Protocolkey defined by Handshake Protocol IDEA, RC2-40, DES-40, DES, 3DES, IDEA, RC2-40, DES-40, DES, 3DES, FortezzaFortezza, ,

RC4-40, RC4-128RC4-40, RC4-128 message is compressed before encryptionmessage is compressed before encryption

message integritymessage integrity using a MAC (Message Authentication Code) using a MAC (Message Authentication Code)

created using a shared secret key and a short created using a shared secret key and a short messagemessage

Page 118: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL Change Cipher Spec SSL Change Cipher Spec ProtocolProtocol

one of 3 SSL specific protocols which one of 3 SSL specific protocols which use the SSL Record protocoluse the SSL Record protocol

a single messagea single message causes pending state to become currentcauses pending state to become current hence updating the cipher suite in usehence updating the cipher suite in use

Page 119: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL Alert ProtocolSSL Alert Protocol

conveys SSL-related alerts to peer entityconveys SSL-related alerts to peer entity severityseverity

warning or fatalwarning or fatal

specific alertspecific alert unexpected message, bad record mac, decompression unexpected message, bad record mac, decompression

failure, handshake failure, illegal parameterfailure, handshake failure, illegal parameter close notify, no certificate, bad certificate, unsupported close notify, no certificate, bad certificate, unsupported

certificate, certificate revoked, certificate expired, certificate, certificate revoked, certificate expired, certificate unknowncertificate unknown

compressed & encrypted like all SSL datacompressed & encrypted like all SSL data

Page 120: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL Handshake ProtocolSSL Handshake Protocol

allows server & client to:allows server & client to: authenticate each otherauthenticate each other to negotiate encryption & MAC algorithmsto negotiate encryption & MAC algorithms to negotiate cryptographic keys to be usedto negotiate cryptographic keys to be used

comprises a series of messages in phasescomprises a series of messages in phases Establish Security CapabilitiesEstablish Security Capabilities Server Authentication and Key ExchangeServer Authentication and Key Exchange Client Authentication and Key ExchangeClient Authentication and Key Exchange FinishFinish

Page 121: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SSL Handshake ProtocolSSL Handshake Protocol

Page 122: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

TLS (Transport Layer TLS (Transport Layer Security)Security)

IETF standard RFC 2246 similar to SSLv3IETF standard RFC 2246 similar to SSLv3 with minor differenceswith minor differences

in record format version numberin record format version number uses HMAC for MACuses HMAC for MAC a pseudo-random function expands secretsa pseudo-random function expands secrets has additional alert codeshas additional alert codes some changes in supported cipherssome changes in supported ciphers changes in certificate negotiationschanges in certificate negotiations changes in use of paddingchanges in use of padding

Page 123: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Secure Electronic Transactions Secure Electronic Transactions (SET)(SET)

open encryption & security specificationopen encryption & security specification to protect Internet credit card transactionsto protect Internet credit card transactions developed in 1996 by Mastercard, Visa developed in 1996 by Mastercard, Visa

etcetc not a payment system, rather a set of not a payment system, rather a set of

security protocols & formatssecurity protocols & formatssecure communications amongst partiessecure communications amongst partiestrust from use of X.509v3 certificatestrust from use of X.509v3 certificatesprivacy by restricted info to those who need itprivacy by restricted info to those who need it

Page 124: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SET ComponentsSET Components

Page 125: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SET TransactionSET Transaction

1.1. customer opens accountcustomer opens account2.2. customer receives a certificatecustomer receives a certificate3.3. merchants have their own certificatesmerchants have their own certificates4.4. customer places an ordercustomer places an order5.5. merchant is verifiedmerchant is verified6.6. order and payment are sentorder and payment are sent7.7. merchant requests payment authorizationmerchant requests payment authorization8.8. merchant confirms ordermerchant confirms order9.9. merchant provides goods or servicemerchant provides goods or service10.10. merchant requests paymentmerchant requests payment

Page 126: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Dual SignatureDual Signature

customer creates dual messagescustomer creates dual messagesorder information (OI) for merchantorder information (OI) for merchantpayment information (PI) for bankpayment information (PI) for bank

neither party needs details of otherneither party needs details of other but but mustmust know they are linked know they are linked use a dual signature for thisuse a dual signature for this

signed concatenated hashes of OI & PIsigned concatenated hashes of OI & PI

Page 127: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Purchase Request – Purchase Request – CustomerCustomer

Page 128: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Purchase Request – Purchase Request – MerchantMerchant

Page 129: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Purchase Request – Purchase Request – MerchantMerchant

1.1. verifies cardholder certificates using CA sigsverifies cardholder certificates using CA sigs2.2. verifies dual signature using customer's verifies dual signature using customer's

public signature key to ensure order has not public signature key to ensure order has not been tampered with in transit & that it was been tampered with in transit & that it was signed using cardholder's private signature signed using cardholder's private signature keykey

3.3. processes order and forwards the payment processes order and forwards the payment information to the payment gateway for information to the payment gateway for authorization (described later)authorization (described later)

4.4. sends a purchase response to cardholdersends a purchase response to cardholder

Page 130: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Payment Gateway Payment Gateway AuthorizationAuthorization

1.1. verifies all certificatesverifies all certificates2.2. decrypts digital envelope of authorization block to obtain decrypts digital envelope of authorization block to obtain

symmetric key & then decrypts authorization blocksymmetric key & then decrypts authorization block3.3. verifies merchant's signature on authorization blockverifies merchant's signature on authorization block4.4. decrypts digital envelope of payment block to obtain decrypts digital envelope of payment block to obtain

symmetric key & then decrypts payment blocksymmetric key & then decrypts payment block5.5. verifies dual signature on payment blockverifies dual signature on payment block6.6. verifies that transaction ID received from merchant verifies that transaction ID received from merchant

matches that in PI received (indirectly) from customermatches that in PI received (indirectly) from customer7.7. requests & receives an authorization from issuerrequests & receives an authorization from issuer8.8. sends authorization response back to merchantsends authorization response back to merchant

Page 131: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

Payment CapturePayment Capture

merchant sends payment gateway a merchant sends payment gateway a payment capture requestpayment capture request

gateway checks requestgateway checks request then causes funds to be transferred to then causes funds to be transferred to

merchants accountmerchants account notifies merchant using capture notifies merchant using capture

responseresponse

Page 132: Cryptography and Network Security UNIT IV - NETWORK SECURITY.

SummarySummary

have considered:have considered:need for web securityneed for web securitySSL/TLS transport layer security protocolsSSL/TLS transport layer security protocolsSET secure credit card payment protocolsSET secure credit card payment protocols