Cs490ns-cotter1 SSH / SSL Supplementary material.
-
Upload
verity-oliver -
Category
Documents
-
view
229 -
download
2
Transcript of Cs490ns-cotter1 SSH / SSL Supplementary material.
cs490ns-cotter 2
Secure Shell (SSH)
• One of the primary goals of the ARPANET was remote access
• Several different connections allowed– rlogin– rcp– rsh
• All data was unencrypted– This was a different world than exists
today.
cs490ns-cotter 3
SSH
• SSH is a UNIX-based command interface and protocol for securely accessing a remote computer
• Suite of four utilities—slogin, ssh, sftp, and scp
• Can protect against:– IP spoofing– DNS spoofing– Intercepting information
cs490ns-cotter 4
SSH Objectives
• Protect data sent over the network– Negotiate an encryption algorithm between
sender and receiver– Use that algorithm and a session key to
encrypt / decrypt data sent
• Provide site authentication– Use public key / fingerprint to ensure identity
of remote host. – Relies on locally generated keys, so no
certifying authority is generally available.
cs490ns-cotter 7
SSH CommunicationsUsing password
SSH Client SSH Server
SSH2?
SSH2Diffie-Helman, etc?
Diffie-Helman
Serv_Pub_key(S_key)OK
S_key(Uname,pwd)
OK
S_key(data)
Send Serv_Pub_Key
SSH CommunicationsSSH CommunicationsUsing Public KeyUsing Public Key
• Problems with Password Authentication– Passwords can be guessed. – Default allows multiple attempts against account– Only 1 account / password needs to be guessed– Alternate approach is to use public / private keys to authenticate
user
• Public Key Authentication– Create public / private keypair– Ensure that private– Upload public key to server user account: ~.ssh/authorized_keys– ssh –o PreferredAuthentications=publickey server.example.org
SSH CommunicationsSSH CommunicationsUsing Public KeyUsing Public Key
cs490ns-cotter
SSH Client SSH Server
SSH2?
SSH2Diffie-Helman, etc?
Diffie-Helman
Serv_Pub_key(S_key)
OK
S_key(Uname)
OK
S_key(data)
Send Serv_Pub_Key
Client_Pub_key(Random)Client_Pri_key(msg)
Hash(Random)
cs490ns-cotter 14
SSH Tunneling
• Use SSH to create an encrypted channel between remote host and server
• Use that encrypted channel to carry other traffic.
SSH Tunnel
www access
Web Server192.168.1.10
Local port12345
Internet
LAN
cs490ns-cotter 17
Secure Copy (scp)
• Allows encrypted transfer of files between machines
• Download files from server:– scp [email protected]:myfile1.txt myfile1.txt– [email protected]’s password: xxxxx
• Upload files to server– Scp myfile.txt [email protected]:myfile.txt– [email protected]’s password: xxxxx
cs490ns-cotter 18
SSH Passwordless Login
• On remote client: – Create key pair. Store in .ssh subdirectory
• On ssh server:– Modify sshd_config to allow shosts based
authentication– Create .shosts file in user’s subdirectory– Copy public key from remote client to .ssh
subdirectory/authorized_keys
cs490ns-cotter 19
SSH Passwordless LoginSSH Client SSH Server
SSH2?
SSH2Diffie-Helman, etc?
Diffie-Helman
Serv_Pub_key(S_key)
OK
S_key(Uname)
OK
S_key(data)
Send Serv_Pub_Key
Client_Pub_key(Random)Client_Pri_key(msg)
Hash(Random)
cs490ns-cotter 20
SecureSockets Layer (SSL)Transport Layer Security (TLS)• Originally developed by Netscape to support
encrypted access to web servers.• SSL v3 released 1996.• Served as the basis for IETF standard TLS
(1999)• Used by major financial institutions for secure
commerce over the Internet• Early problem with weak keys resolved with
longer (128-bit) keys
cs490ns-cotter 22
SSL/TLS Handshake SSL Client SSL Server
Client helloCiphers I have
Server HelloCipher I choose
Server certificate(S_Pub)
OK
OK
S_Pub(Session_key)
Session_key(data)
cs490ns-cotter 23
SSL/TLS Security
• Depends on integrity of public key certificate
• Public Key Infrastructure (PKI)– Components necessary to securely distribute
public keys– Certificate Authorities: Organizations that
certify the relationship between a public key and its owner.
– Verisign,Thawte
cs490ns-cotter 24
SSL/TLS Implementations
• SSL v2 – Still in use• SSL v3 – Most widely deployed• TLS v1 – Starting Deployment• OpenSSL – Linux/UNIX toolkit that supports all
3 protocols listed above.• Private Communication Technology (PCT)
– Developed by Microsoft– Compatible with SSL v2
• Versions are not completely compatible
SSL/TLS Vulnerability
• SSL/TLS supports the concept of session renegotiation due to errors, requests, etc.
• This feature assumes that the renegotiation is with the original party, and any requests or messages transmitted before the renegotiation are combined (pre-pended) with the requests after renegotiation
• This behavior can be abused to allow man-in-the-middle attacks
• Demonstrated with https, but the vulnerability exists with any application that uses SSL/TLS
SSL/TLS VulnerabilityClient MITM Server
TLS handshake session #1TLS handshake session #2
GET /ebanking/paymemoney.cgi?Acc=LU00000000?amount=1000
Ignore-what-comes-now;Trigger renegotiation
TLS handshake session #1 continuedwithin the encrypted session #2
Client has authenticated sessionAt app layer (with cookie)GET /ebanking/ Cookie: AS2398648756083745
X
Server receives:GET /ebanking/paymemoney.cgi?Acc=LU00000000?amount=1000Ignore-what-comes-now;GET /ebanking/ Cookie: AS2398648756083745
cs490ns-cotter 27
ReferencesReferences
• SSH– SSH Tutorial (http://www.suso.org/docs/shell/ssh.sdf)– www.openssh.org– UNIX Secure Shell – Carasik – McGraw-Hill, 1999– SSH Agent Forwarding
(unixwiz.net/techtips/ssh-agent-forwarding.html)
• SSL– www.openSSL.org– RFCs – 2246, 3546– SSL Authentication Gap (SSL Gap) (
http://www.phonefactor.com/sslgap )– TLS/SSL renegotiation vulnerability explained
(http://www.g-sec.lu/practicaltls.pdf )
SSH RFCs• 4250 The Secure Shell (SSH) Protocol Assigned Numbers.
– S. Lehtinen, C. Lonvick, Ed.. January 2006. (Format: TXT=44010 bytes) – (Status: PROPOSED STANDARD)
• 4251 The Secure Shell (SSH) Protocol Architecture. – T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=71750 bytes) – (Status: PROPOSED STANDARD)
• 4252 The Secure Shell (SSH) Authentication Protocol.– T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=34268 bytes) – (Status: PROPOSED STANDARD)
• 4253 The Secure Shell (SSH) Transport Layer Protocol.– T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=68263 bytes) – (Status: PROPOSED STANDARD)
• 4254 The Secure Shell (SSH) Connection Protocol.– T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=50338 bytes)– (Status: PROPOSED STANDARD)
• 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints.– J. Schlyter, W. Griffin. January 2006. (Format: TXT=18399 bytes) – (Status: PROPOSED STANDARD)
• 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). – F. Cusack, M. Forssen. January 2006. (Format: TXT=24728 bytes) – (Status: PROPOSED STANDARD)
• 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. – M. Bellare, T. Kohno, C. Namprempre. January 2006. (Format: TXT=27521 bytes) – (Status: PROPOSED STANDARD)
• 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol.– M. Friedl, N. Provos, W. Simpson. March 2006. (Format: TXT=18356 bytes) – (Status: PROPOSED STANDARD)
• 4716 The Secure Shell (SSH) Public Key File Format– . J. Galbraith, R. Thayer. November 2006. (Format: TXT=18395 bytes)– (Status: INFORMATIONAL)
• 4819 Secure Shell Public Key Subsystem. – J. Galbraith, J. Van Dyke, J. Bright. March 2007. (Format: TXT=32794 bytes) – (Status: PROPOSED STANDARD)
cs490ns-cotter 29
Summary
• SSH– Supports secure remote access to hosts– SSH – secure shell– SCP – secure copy– SFTP – secure file transfer
• SSL– Provides a framework for incorporating secure
communications into applications– Uses strong cryptography– Can rely on PKI for reliable sharing of public keys