Your SlideShare is downloading. ×
0
Applied IT Security
Applied Cryptography
Dr. Stephan Spitz
Stephan.Spitz@zv.fraunhofer.de




                            ...
• Overview & Basics
         • Network Protocols and the Internet
         • Operating Systems and Applications
• System S...
• Overview & Basics
          • Network Protocols and the Internet
          • Operating Systems and Applications
• System...
Overview Authentication and Security Protocols
    • Network and Transport Layer Security
       • Virtual Private Network...
Protocol Layers


                                                    Services for applications (E-Mail
SMTP, HTTP, SNMP, ...
Network Layer Security (Tunnel)

                         Application Data
Application Layer                              ...
Transport Layer Security

                         Application Data
Application Layer                                     ...
Virtual Private Networks (VPN)
• The basic VPN functionality is the provision of authentication,
  access control, confide...
IPSec

•   Tunnel Mode (Network Layer Security)
           IP     IPSec           IP          TCP/UDP           Applicatio...
Tunneling

•   Tunneling with L2TP or PPTP
       Layer 2      L2TP/PPTP        IP         TCP/UDP         Application
   ...
IPSec Network View

                                         IPSec Gateway

                                         •Phys...
Internet Key Exchange (IKE)
• IKE is the alternative to manual key configuartion to … :
        … agree between the commun...
Application Layer Security
                  Authenticated and privacy protected Application Data

Application Layer      ...
Overview

• SSL: Secure Socket Layer = Application level security built on
  the socket interface to support security in f...
SSL History
 SSL V1.0 (1993)
  •   Security on application level
  • Developed     by Netscape

 SSL V2.0 (1994)
  • First...
SSL Handshake
       Client                                                Server
                   Client Hello (ID, RND...
SSL Communication

SSL Record Layer

• Complete division of SSL Handshake and Record Layer Communication

• Record Layer p...
Programming with SSL-Sockets
Client side :
1. Define socket parameters in SSL_struct
2. Open socket socket() and connect t...
Resistance of SSL against Attacks
Replay attack
 • Random numbers inside SSL handshake prevent replay of
   handshake
 • E...
Security in Wireless Protocols


• General Security Aspects in Wireless LANs according to IEEE 802.1x


• WEP (Wired Equiv...
General WLAN Security Aspects

• Wireless LAN access point detection (war driving) via Netstumbler/
  Ministumbler or SSID...
Wired Equivalent Privacy (WEP)
• Wired Equivalent Privacy (WEP) is defined in IEEE 802.11Wireless
  LAN Medium Access Cont...
Extensible Authentication Protocol (EAP)
• RFC 2284 defines the PPP Extensible Authentication Protocol (EAP)
  for embeddi...
Bluetooth Security
• Bluetooth defines three modes Non Secure, Service Level Enforced
  Security and Link Level Enforced S...
Concerns on Bluetooth Security
• Usage of fixed Unit Key for authentication and key derivation
  causes security problems ...
Upcoming SlideShare
Loading in...5
×

8 Authentication Security Protocols

9,076

Published on

Published in: Technology, News & Politics
1 Comment
1 Like
Statistics
Notes
  • Alice and Bob share a secret key K. Suppose that someone suggests the
    following methods to allow Alice to securely authenticate to Bob.
    (a) (5 points) Bob generates a random message r, enciphers it using
    K under a secure block cipher scheme and sends the encrypted message
    to Alice. Alice decrypts it, adds 1 to it and sends the result encrypted
    with K under the same block cipher to Bob. Bob decrypts the message and
    compares it with r. If the difference is 1, then he is sure he is communicating
    with Alice; or else, as no one else knows the secret K, he is talking to an
    impersonator. Is this protocol secure? Why or why not.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
9,076
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
296
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "8 Authentication Security Protocols"

  1. 1. Applied IT Security Applied Cryptography Dr. Stephan Spitz Stephan.Spitz@zv.fraunhofer.de 8 Authentication/Security Protocols
  2. 2. • Overview & Basics • Network Protocols and the Internet • Operating Systems and Applications • System Security • Operating System Security • Security Threats on Networks • Firewalls and Intrusion Detection Systems • Applied Cryptography • Public Key Infrastructures • Authentication Protocols • Encryption and digital Signatures in topical Applications • Software Development & IT Security • Building Secure IT Systems • Use of Cryptographic Libraries and Devices • The Future of IT Security 8 Authentication/Security Protocols
  3. 3. • Overview & Basics • Network Protocols and the Internet • Operating Systems and Applications • System Security • Operating System Security • Security Threats on Networks • Firewalls and Intrusion Detection Systems • Applied Cryptography • Public Key Infrastructures Today • Authentication Protocols • Encryption and digital Signatures in topical Applications • Software Development & IT Security • Building Secure IT Systems • Use of Cryptographic Libraries and Devices • The Future of IT Security 8 Authentication/Security Protocols
  4. 4. Overview Authentication and Security Protocols • Network and Transport Layer Security • Virtual Private Networks • IPSec • Internet Key Exchange • Application Layer Security • SSL / TLS / HTTPS / SSH / SMIME • SSL in Detail • Example: Apache and SSL • Wireless Protocol Security • Wireless Security Protocols • Bluetooth Security • UMTS Security 8 Authentication/Security Protocols
  5. 5. Protocol Layers Services for applications (E-Mail SMTP, HTTP, SNMP, clients and server, WWW-Server), FTP, SOAP, etc. Application Layer SSL/TLS name resolution (DNS) Transmission Control SOCKET INTERFACE Protocol (TCP), UDP, Connetion-oriented, connectionless ICMP (Internet Control Transport Layer transport service for applications Message Protocol) for IPSec Transport Layer debugging Network Layer Routing, Adressing of packages Internet Protocol (IP) IPSec Network Layer (Tunnel) Ethernet, Token Ring, L2TP, PPTP Package Transmission on ATM, PPP, GPRS Data Link Layer physical media WEP, EAP 8 Authentication/Security Protocols
  6. 6. Network Layer Security (Tunnel) Application Data Application Layer Application Layer Transport Payload Transport Layer Transport Layer Security Network Payload in a Secure Tunnel Security enhanced enhanced Network Network Layer Layer Data Link Payload Data Link Data Link Layer Layer • Protected communication in an open network between secure systems e.g. firewalls, router 8 Authentication/Security Protocols
  7. 7. Transport Layer Security Application Data Application Layer Application Layer Secured Packet Transport Security Security enhanced enhanced Transport Layer Transport Layer Network Payload Network Network Layer Layer Data Link Payload Data Link Data Link Layer Layer • Communication inside a secure network with protected transport payload (AH or ESP) 8 Authentication/Security Protocols
  8. 8. Virtual Private Networks (VPN) • The basic VPN functionality is the provision of authentication, access control, confidentiality and data integrity • A process called „Tunneling“ enables the virtual part of a VPN. There are two tunneling protocols: PPTP Point to Point Tunneling Protocol L2TP Layer 2 Tunneling Protocol • IPSec security services keep the VPN (transport, network) payload private (optionally), integer and authenticated: IPSec AH Authentification Header IPSec ESP Encapsulating Security Payload 8 Authentication/Security Protocols
  9. 9. IPSec • Tunnel Mode (Network Layer Security) IP IPSec IP TCP/UDP Application Header Header Header Header Protocol Original Packet (AH, optionally kept secret with ESP) • Transport Mode (Transport Layer Security) IP IPSec TCP/UDP Application Header Header Header Protocol Original Packet (AH, optionally kept secret with ESP) 8 Authentication/Security Protocols
  10. 10. Tunneling • Tunneling with L2TP or PPTP Layer 2 L2TP/PPTP IP TCP/UDP Application Media Header Header Header Data Header Original Packet • Combination of IPSec and L2TP Layer 2 IP IPSec IP TCP/UDP L2TP/PPTP Application Media Header Header Header Header Header Data Header Original Packet 8 Authentication/Security Protocols
  11. 11. IPSec Network View IPSec Gateway •Physical NWI, IP known in INTERNET •Logical NWI inside VPN INTERNET •Physical NWI with IP known in LAN IPSec Host •Physical NWI (Network Interface) •Logical NWI with IPSec IP inside VPN Company LAN 8 Authentication/Security Protocols
  12. 12. Internet Key Exchange (IKE) • IKE is the alternative to manual key configuartion to … : … agree between the communicating parties on protocols, algorithms and keys. … ensure talking to the right person (authentication). … secure key management and exchange • IKE = Security Association (SA)+Key Management Protocol (KMP) • KMP can be done in … … main mode i.e. DH-agreement with identity and nonces, key derivation (deriv., auth., enc.) and identity prooving … aggressive mode i.e. main mode without DH identity protection … quick mode inside a SA 8 Authentication/Security Protocols
  13. 13. Application Layer Security Authenticated and privacy protected Application Data Application Layer Application Layer SSL/TLS/SSH SSL/TLS/SSH Transport Payload Transport Layer Transport Layer Network Payload Network Network Layer Layer Data Link Payload Data Link Data Link Layer Layer • Communication on application level is secured by cryptography 8 Authentication/Security Protocols
  14. 14. Overview • SSL: Secure Socket Layer = Application level security built on the socket interface to support security in ftp, telnet, http, etc. • TLS: Transport Layer Security eq. SSL (SSL 3.0 = TLS 1.0) • HTTPS: HTTP over TLS/SSL • SSH: Secure Shell supports authenticated and encrypted remote system logins also based on the socket interface (it´s a program and a protocol) • SMIME: Secure MIME (Multipurpose Internet Mail Extensions ) format for secure email exchange based on PKCS#7 8 Authentication/Security Protocols
  15. 15. SSL History SSL V1.0 (1993) • Security on application level • Developed by Netscape SSL V2.0 (1994) • First implementation in Netscape Navigator • Limitation on 40 bit keys SSL V3.0 (1995) • Bugfixes and new crypto algorithms • Unlimited key length SSL V3.1 TLS V1.0 (1999) • Authentic mode only with message digest and without encryption 8 Authentication/Security Protocols
  16. 16. SSL Handshake Client Server Client Hello (ID, RND1, CipherSuite) Server Hello (ID, RND2, CipherSuite) Certificate Certificate Request Hello Done Certificate ClientKeyExchange (Enc PubKey Server) Certificate Verify (Enc PrivKey Client) ChangeCiperSpec/Finished (Enc SessionKey) ChangeCiperSpec/Finished (Enc SessionKey) 8 Authentication/Security Protocols
  17. 17. SSL Communication SSL Record Layer • Complete division of SSL Handshake and Record Layer Communication • Record Layer provides encrypted communication (handshake keys!) • Fragmentation support for encrypted SSL records • Bandwith reduction due to compression in SSL records • Sequence counters ensure connection orientation on SSL level • Integrity of data is ensured by adding message digest 8 Authentication/Security Protocols
  18. 18. Programming with SSL-Sockets Client side : 1. Define socket parameters in SSL_struct 2. Open socket socket() and connect to server connect() 3. Connect Unix socket and SSL data SSL_ste_fd() 4. Start SSL handshake with SSL_connect() 5. Write and read data on SSL socket SSL_write(), SSL_read() Server side : Step 1-3 is like the client side without connect() 4. Wait on client request listen() and accept it accept() 5. Read the private server key SSL_use_RSAPrivateKey() 6. Select the server certificate again with SSL_use_RSAPrivateKey() 7. After SSL_connect() read and write data to client 8 Authentication/Security Protocols
  19. 19. Resistance of SSL against Attacks Replay attack • Random numbers inside SSL handshake prevent replay of handshake • Encrypted sequence numbers in SSL record layer prevent replay of „old“ SSL-Records. Man-in-the-Middle attack • Dynamic key agreement via challenge response technique in SSL handshake IP Spoofing • IP packages with faked source IP can not be prevented, because SSL provides no security for the network and the transport layer 8 Authentication/Security Protocols
  20. 20. Security in Wireless Protocols • General Security Aspects in Wireless LANs according to IEEE 802.1x • WEP (Wired Equivalent Privacy) and EAP (Extensible Authentication Protocol) security in Wireless LANs according to IEEE 802.1x • Bluetooth security architecture (three secure modes), authentification/key negotiation and encryption 8 Authentication/Security Protocols
  21. 21. General WLAN Security Aspects • Wireless LAN access point detection (war driving) via Netstumbler/ Ministumbler or SSIDsniff; sniffing via CENiffer, Kismet, Ethereal • Denial of service attacks based on jamming in the 2.4 GHz band or the 5 GHz band are possible • Secure Configuration: Don´t use default SSID (Service Set Identifier i.e. WLAN Name) Enable Hidden SSID (connection only with clients knowing SSID) Limit access only to certain MACs (be careful MAC can be faked!) Enable WEP and use EAP authentication 8 Authentication/Security Protocols
  22. 22. Wired Equivalent Privacy (WEP) • Wired Equivalent Privacy (WEP) is defined in IEEE 802.11Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Spec. • WEP defines a simple stream cipher based on an RC4 pseudo random generator seeded by an initialisation vector and the key. • WEP weaknesses have been announced by Fluhrer, Mantin and Shamir in 2001; meanwhile cracks are available (Airsnort, WEPCrack) based on: IV is first transmitted as plain text and only 24 bit (after 224 packets the key is repeated simple crypto analysis based on autocorrelation) Seed must not be used twice, which is often practiced, because of repetition of IV or using 0 as IV for the first packet 8 Authentication/Security Protocols
  23. 23. Extensible Authentication Protocol (EAP) • RFC 2284 defines the PPP Extensible Authentication Protocol (EAP) for embedding authentication in other protocols like WEP. • There are different ways for authentication: EAP-MD5 provides a username, password authentication, not advisable with the weaknesses of WEP encryption EAP-TLS uses an asymmetric challenge-response authentication based on X.509 certificates EAP-TLS SSL-Handshake without client certificate transmission EAP-SIM authentication based on mobile phones SIM (Subscriber Identity Module) 8 Authentication/Security Protocols
  24. 24. Bluetooth Security • Bluetooth defines three modes Non Secure, Service Level Enforced Security and Link Level Enforced Security and offers authentication and encryption services. • Bluetooth symmetric authentication steps: 1. Link Key negotiation based on Unit Key (fixed) or Combination Key 2. Challenge-response system authentication based on Link Key 3. Encryption key derivation based on Link Key, random number and a Ciphering Offset • Bluetooth encryption is based on a non „state of the art“ stream chipher using linear feedback shift registers (LFSR) with max. 128bit key length. 8 Authentication/Security Protocols
  25. 25. Concerns on Bluetooth Security • Usage of fixed Unit Key for authentication and key derivation causes security problems and narrows variety of authentication and encryption keys. • The quality of the pseudo random number generators can be very weak concerning different implementations. • Security depends on the knowledge of one PIN (personal identification number), because the random challenge and bluetooth adresses are known. • Cryptanalysis already reduced the complexity of the used stream cipher from 2128 (Brute Force) to 266. 8 Authentication/Security Protocols
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×