Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
-
Upload
gopal-sakarkar -
Category
Education
-
view
1.073 -
download
7
description
Transcript of Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Mr. Gopal Sakarkar
Security ConceptPart-3
Mr.Gopal Sakarkar
Mr. Gopal Sakarkar
What is a Firewall?a choke point of control and monitoring
interconnects networks with differing trust
imposes restrictions on network services
– only authorized traffic is allowed
auditing and controlling access
– can implement alarms for abnormal behavior
implement VPNs using IPSec
must be immune to penetration
Mr. Gopal Sakarkar
Firewall Design Principles
Centralized data processing system , with a central
mainframe supporting number of directly connected
terminals.
LAN’s interconnected PCs and terminals to each
other and the mainframe.
Premises network that consisting of a number of
LANs, interconnecting PCs , servers .
Enterprise –wide network consisting of multiple ,
geographical distributed premises network
interconnected by private WAN.
Mr. Gopal Sakarkar
Characteristics of Firewall
All traffic from inside to outside and vice
versa must pass through the firewall.
Only authorize traffic as defined by the
local security policy will be allowed to pass.
Firewall itself is immune to penetration .
Mr. Gopal Sakarkar
Firewall Techniques for control
Access
Service control : the firewall may filter traffic on the
basis of IP address. It determines the types of Internet
services that can be accessed inbound or outbound.
Direction Control: It determiner the direction in which
particular service request may be initiated and allowed to
flow through the firewall.
User Control : Controls access to a service according
to which user is attempting to access it. It is typically
applied to local user only.
Behavior control : Controls how particular service are
used. The firewall may filter e-mail to eliminated spam or it
may enable external access to specific portion of the
infromation.
Mr. Gopal Sakarkar
Firewall Limitations
cannot protect from attacks bypassing it
cannot protect against internal threats– eg unhappy or plan employees
cannot protect against transfer of all virus
infected programs or files– because of huge range of O/S & file types
Mr. Gopal Sakarkar
Types of Firewalls
1.Packet filtering router
2.Application level gateways
3.Circuit- level gateways
Mr. Gopal Sakarkar
Firewalls – Packet Filters
Mr. Gopal Sakarkar
Firewalls – Packet Filters
simplest, fastest firewall component It applies a set of rule to each incoming and outgoing IP packetExamine each IP packet and permit or deny according to rules Filtering rules are for
1. Source IP address : the IP address of the system that originated the IP packet.
2. Destination IP address : the IP address of the systems that the IP packet is trying to reach
Mr. Gopal Sakarkar
Firewalls – 2. Application Level
Gateway (or Proxy)have application specific gateway also called a proxy serverhas a full access to protocol
– user requests service from proxy– proxy validates request as legal– then actions request and returns result to user– can log / audit traffic at application level
need separate proxies for each service
– some services naturally support proxyingEg. Feedback Application, online examination
Application ,MIS etc
Mr. Gopal Sakarkar
Firewalls – 2. Application Level
Gateway (or Proxy)Application level gateways tend to be more secure
than packet filters because it scrutinize a fewallowable applications.
Mr. Gopal Sakarkar
Firewalls – 3.Circuit Level
Gateway
This is for a stand-alone system.Imposes security by limiting which such connections are allowed.once created, usually relays traffic without examining contents.Typically used by trust internal users for allowing general outbound
connections
Mr. Gopal Sakarkar
Firewalls – 3.Circuit Level
Gateway
It has two TCP connection , one between itself and a TCP user on an
inner host and one between itself and a TCP user on an outside host.
Mr. Gopal Sakarkar
Data Access Control
• Through the user access control procedure
(log on), a user can be identified to the system
• There can be a profile that specifiespermissible operations and file accesses
• The operating system can enforce rules basedon the user profile.
Mr. Gopal Sakarkar
Data Access Control
• General models of access control:
– Access matrix
– Access control list
– Capability list
Mr. Gopal Sakarkar
Data Access Control• Access Matrix
Mr. Gopal Sakarkar
Data Access Control
• Access Matrix: Basic elements of the model
– Subject: An entity capable of accessing objects, the
concept of subject associate with that of process (e.g.
Application soft.)
– Object: Anything to which access is controlled (e.g. files,
programs)
– Access right: The way in which an object is accessed by a
subject (e.g. read, write, execute)
Mr. Gopal Sakarkar
Data Access Control
• Access Control List: Decomposition of the
matrix by columns.
• One process , many program. E.g. CD Writer is one process in which writing is one
program and data verification of write data is second program.
Mr. Gopal Sakarkar
Data Access Control
• Access Control List
– An access control list, lists users and their
permitted access right
– The list may contain a default or public entry
Mr. Gopal Sakarkar
Data Access Control
• Capability list: Decomposition of the matrix by rows
A capability list specifies authorized objects and operations for a user.
Mr. Gopal Sakarkar
Trusted Systems
• Trusted Systems
– Protection of data and resources on the basis of
levels of security (e.g. military)
– In military, information is categorize as
unclassified , confidential , secret , top secret .
– Users can be granted clearances to access certain
categories of data.
Mr. Gopal Sakarkar
Trusted Systems
• Multilevel security
– In which a subject at high level may not conveyinformation to a subject at low level
• A multilevel secure system must enforce:
– No read up: A subject can only read an object of less or equal security level (Simple Security Property)
– No write down: A subject can only write into an object of greater or equal security level (*-Property)
Mr. Gopal Sakarkar
Trusted Systems
• Reference Monitor Concept: Multilevel
security for a data processing system
Mr. Gopal Sakarkar
The Concept of
Trusted Systems
• Reference Monitor
– Controlling element in the hardware and operatingsystem of a computer that regulates the access ofsubjects to objects on basis of security parameters
– The Reference monitor has access to a file(security kernel database)
– The monitor enforces the security rules (no readup, no write down)
Mr. Gopal Sakarkar
Trusted Systems
• Properties of the Reference Monitor
– Complete mediation: Security rules are enforcedon every access
– Isolation: The reference monitor and database areprotected from unauthorized modification
– Verifiability: The reference monitor’s correctnessmust be provable (mathematically)
– i.e. it is possible to demonstrate mathematically that the referencemonitor enforce the security rules and provides complete mediation andisolation.
Mr. Gopal Sakarkar
Trusted Systems
• A system that can provide such verifications
(properties) is referred to as a trusted system
Mr. Gopal Sakarkar
Summary
Data Access Control is use to control procedure
by which user can be identified to the system.
Trusted Systems is a computer and operating system that can br verified to
implement a given security policy.
Mr. Gopal Sakarkar
Mr. Gopal Sakarkar
Outline
• IP Security Overview
• IP Security Architecture
• Authentication Header
• Encapsulating Security Payload
• Combinations of Security Associations
• Key Management
Mr. Gopal Sakarkar
IP Security Overview
IPSec is not a single protocol. Instead,
IPSec provides a set of security
algorithms plus a general framework
that allows a pair of communicating
entities to use whichever algorithms
provide security appropriate for the
communication.
Mr. Gopal Sakarkar
IP Security Overview
• Applications of IPSec
– Secure branch office connectivity over the
Internet
– Secure remote access over the Internet
– Establsihing extranet and intranet connectivity
with partners
– Enhancing electronic commerce security
Mr. Gopal Sakarkar
IP Security Scenario
Mr. Gopal Sakarkar
IP Security Overview
• Benefits of IPSec– When IP Sec is implemented in a firewall , it provide
strong security that can be applied to all trafficcrossing the perimeter.
– IPSec in a firewall is resistant to bypass, if all trafficfrom the outside must use IP.
– IPSec can be transparent to end user. No need totrian user on security mechanisms.
– IPSec can provide security for individual users ifneeded.
Mr. Gopal Sakarkar
IP Security Architecture
Mr. Gopal Sakarkar
IPSec Architecture Overview• Architecture : Cover the general concept , security
requirements, definitions and mechanisms defining IPSec
technology.
• Encapsulating Security Payload (ESP) :Cover the packet
format and general issues related to the use of the ESP.
• Authentication Header (AH): Cover the packet format and
general issues related to the use of AH for packet
authentication.
• Key management : A set of documents that describe how
various authentication algorithms are used for AH.
• Domain of Interpretation (DOI): Contains values needed for
the document to relate to each other.
Mr. Gopal Sakarkar
IPSec Services
• Access Control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
• Confidentiality (encryption)
• Limited traffic flow confidentiallity
Mr. Gopal Sakarkar
Security Associations (SA)
• It is a one way relationsship between a
sender and a receiver that provide security
services to a traffic.
• Identified by three parameters:
– Security Parameter Index (SPI)
– Destination IP address
– Security Protocol Identifier :– This indicate whether the association is an AH or ESP security
association
(SPI) is an identification tag
added to the header while using
IPsec for tunnelling the IP traffic.
This tag helps the kernel discern
between two traffic streams
where different encryption rules
and algorithms may be in use
Mr. Gopal Sakarkar
Authentication Header
• Provides support for data integrity and authentication
(MAC code) of IP packets.
• Guards against replay attacks.
Conti…
What are replay attacks?
• Replay attacks are the network attacks in which an attacker spies
the conversation between the sender and receiver and takes the
authenticated information e.g. sharing key and then contact to the
receiver with that key. In Replay attack the attacker gives the proof
of his identity and authenticity.
Example:
Suppose in the communication of two parties A and B; A is sharing
his key to B to prove his identity but in the meanwhile Attacker C
eavesdrop the conversation between them and keeps the
information which are needed to prove his identity to B. Later C
contacts to B and prove its authenticity.
Mr. Gopal Sakarkar
• Next header (8bits):
identifies the type of header immediately following this header.
• Payload length (8bits):
it is a length of Authentication Header in 32 bits words minus 2.
• Reserved (16bits) :
For future use.
• Security parameter index(SPI) (32 bits):
Identifies a security association.
• Sequence Number(32bits):
It is used to increase counter value.
• Authentication data (Variable) : A variable length field that contain the Integrity
Check Value. Mr. Gopal Sakarkar
Authentication Header
Mr. Gopal Sakarkar
End-to-end VS End-to-Intermediate
Authentication
Mr. Gopal Sakarkar
Encapsulating Security Payload• ESP provides confidentiality services
• ESP provides confidentiality of message contens
• ESP provide limited traffic flow confidentiality
• Designed to provide both confidentiality
and integrity protection
• Everything after the IP header is encrypted
• The ESP header is inserted after the IP
header
Mr. Gopal Sakarkar
Encapsulating Security Payload
Mr. Gopal Sakarkar
Encryption and Authentication
Algorithms• Encryption:
– Three-key triple DES
– RC5
– IDEA
– Three-key triple IDEA
– CAST
– Blowfish
• Authentication:– HMAC-MD5-96
– HMAC-SHA-1-96
Mr. Gopal Sakarkar
TCP/IP Example
Basics: OSI 7-Layer RM
Congratulation for selecting papers
in
National Conference, Pune
Mr. Gopal Sakarkar
Mr. Gopal Sakarkar
IPv4 Header
IPv4 Header
• Internet Protocol version 4 (IPv4) is the fourth version in the development of the
Internet Protocol (IP) and the first version of the protocol to be widely deployed.
• It is one of the core protocols of standards-based internetworking methods of the
Internet, and routes most traffic in the Internet.
• IPv4 is a connectionless protocol for use on packet-switched networks.
• A connectionless protocol describes the communication between two network end
points where a message is sent from one end point to another without a prior
arrangement.
• At one end, the device transmits data to the other before ensuring that the device on
the other end is ready to use.
Mr. Gopal Sakarkar
60
IPv4 Header Fields• Version: IP Version
– 4 for IPv4
– 6 for IPv6
• HLen: Header Length– 32-bit words
• TOS: Type of Service– Priority information
• Length: Packet Length– Bytes (including header)
• Header format can change with versions– First byte identifies version
– IPv6 header are very different – will see later
• Length field limits packets to 65,535 bytes– In practice, break into much smaller packets for network performance
considerations
0 4 8 12 16 19 24 28 31
version HLen TOS Length
Identifier Flags Offset
TTL Protocol Checksum
Source Address
Destination Address
Options (if any)
Data
61
IPv4 Header Fields• Identifier, flags, fragment
offset used primarily forfragmentation
• Time to live– Must be decremented
at each router
– Packets with TTL=0 are thrown away
– Ensure packets exit the network
• Protocol– Demultiplexing to higher layer protocols
– TCP = 6, ICMP = 1, UDP = 17…
• Header checksum– Ensures some degree of header integrity
– Relatively weak – only 16 bits
• Options– E.g. Source routing, record route, etc.
– Performance issues at routers• Poorly supported or not at all
0 4 8 12 16 19 24 28 31
version HLen TOS Length
Identifier Flags Offset
TTL Protocol Checksum
Source Address
Destination Address
Options (if any)
Data
62
IPv4 Header Fields• Source Address
– 32-bit IP address of
sender
• Destination Address
– 32-bit IP address of
destination
0 4 8 12 16 19 24 28 31
version HLen TOS Length
Identifier Flags Offset
TTL Protocol Checksum
Source Address
Destination Address
Options (if any)
Data
Why IPv6?
• Deficiency of IPv4
• Address space exhaustion
• New types of service Integration
–Multicast
–Quality of Service
– Security
–Mobility (MIPv6)
• Header and format limitations
Advantages of IPv6 over IPv4
• Larger address space
• Better header format
• New options
• Allowance for extension
• Support for resource allocation
• Support for more security
• Support for mobility
Mr. Gopal Sakarkar
IPv6 Header
Avoid Checksum Redundancy
Fragmentation at end-to-end
The following list describes the function of each header field.
• Version – 4-bit Version number of Internet Protocol = 6.
• Traffic Class – 8-bit traffic class field.
• Flow Label – 20-bit field.
• Payload Length – 16-bit unsigned integer, which is the rest of the packet
that follows the IPv6 header, in octets.
• Next Header – 8-bit selector. Identifies the type of header that immediately
follows the IPv6 header. Uses the same values as the IPv4 protocol field.
• Hop Limit – 8-bit unsigned integer. Decremented by one by each node that
forwards the packet. The packet is discarded if Hop Limit is decremented to
zero.
• Source Address – 128 bits. The address of the initial sender of the packet.
• Destination Address – 128 bits. The address of the intended recipient of
the packet. The intended recipient is not necessarily the recipient if an
optional Routing Header is present.
Mr. Gopal Sakarkar
Video OSI-7 Layer
Video Lectures
• Complete working of Internet
• OSI Model with packets, IPs, Firewalls
ect.
Mr. Gopal Sakarkar
Mr. Gopal Sakarkar
WEB Security
Mr. Gopal Sakarkar
Outline
• Web Security Considerations
• Secure Socket Layer (SSL) and Transport
Layer Security (TLS)
• Secure Electronic Transaction (SET)
• Recommended Reading and WEB Sites
Mr. Gopal Sakarkar
Web Security Considerations
• The WEB is very visible.
• Complex software hide many security
flaws.
• Web servers are easy to configure and
manage.
• Users are not aware of the risks.
Mr. Gopal Sakarkar
Security facilities in the TCP/IP
protocol stack
Mr. Gopal Sakarkar
SSL and TLS
• SSL was originated by Netscape
• TLS working group was formed within
IETF
• First version of TLS can be viewed as an
SSLv3.1
Mr. Gopal Sakarkar
SSL Architecture
Mr. Gopal Sakarkar
SSL Record Protocol Operation
Mr. Gopal Sakarkar
SSL Record Format
Mr. Gopal Sakarkar
SSL Record Protocol Payload
Mr. Gopal Sakarkar
Handshake Protocol
• The most complex part of SSL.
• Allows the server and client to
authenticate each other.
• Negotiate encryption, MAC algorithm and
cryptographic keys.
• Used before any application data are
transmitted.
Mr. Gopal Sakarkar
Handshake Protocol Action
Mr. Gopal Sakarkar
Transport Layer Security
• The same record format as the SSL record format.
• Defined in RFC 2246.
• Similar to SSLv3.
• Differences in the:– version number
– message authentication code
– pseudorandom function
– alert codes
– cipher suites
– client certificate types
– certificate_verify and finished message
– cryptographic computations
– padding
Mr. Gopal Sakarkar
Secure Electronic Transactions
• An open encryption and security specification.
• Protect credit card transaction on the Internet.
• Companies involved:– MasterCard, Visa, IBM, Microsoft, Netscape, RSA,
Terisa and Verisign
• Not a payment system.
• Set of security protocols and formats.
Mr. Gopal Sakarkar
SET Services
• Provides a secure communication channel
in a transaction.
• Provides trust by the use of X.509v3 digital
certificates.
• Ensures privacy.
Mr. Gopal Sakarkar
SET Overview
• Key Features of SET:
– Confidentiality of information
– Integrity of data
– Cardholder account authentication
– Merchant authentication
Mr. Gopal Sakarkar
SET Participants
Mr. Gopal Sakarkar
Sequence of events for
transactions1. The customer opens an account.
2. The customer receives a certificate.
3. Merchants have their own certificates.
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant request payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or service.
10. The merchant requests payments.
Mr. Gopal Sakarkar
Dual Signature
H(OI))]||)(([ PIHHEDScKR
Mr. Gopal Sakarkar
Payment processing
Cardholder sends Purchase Request
Mr. Gopal Sakarkar
Payment processing
Merchant Verifies Customer Purchase Request
Mr. Gopal Sakarkar
Payment processing
• Payment Authorization:
– Authorization Request
– Authorization Response
• Payment Capture:
– Capture Request
– Capture Response
Mr. Gopal Sakarkar
Recommended Reading and
WEB sites• Drew, G. Using SET for Secure Electronic
Commerce. Prentice Hall, 1999
• Garfinkel, S., and Spafford, G. Web Security &
Commerce. O’Reilly and Associates, 1997
• MasterCard SET site
• Visa Electronic Commerce Site
• SETCo (documents and glossary of terms)