Information securityInformation security Pre computer ageRugged filing cabinets with combination lock Computer ageAutomated tools for security Computer securityCollection of tools to protect data Network security Internet security3
3 aspects of information security3 aspects of information security Security Attack: Any action that compromisesthe security of information. Security Mechanism: A mechanism that isdesigned to detect, prevent, or recover from asecurity attack. Security Service: A service that enhances thesecurity of data processing systems andinformation transfers. A security service makesuse of one or more security mechanisms.4
Web Security Considerations WWW is Client server application over Internetand TCP/IP intranets Web is vulnerable to attacks on web servers overthe Internet The WEB is visible outlet for corporates Web servers are easy to configure and manage. Complex software hide many security flaws. Subverted servers will provide access to intranetsystems Users are not aware of the risks.
Internet security issuesInternet security issues Requirements Confidentiality Authentication Nonrepudiation Integrity Selection of algorithms Services Security mechanisms Creation, distribution and protection of secret keys Dependence of protocol Placement of security mechanisms6
OSI security architecture ITU-T recommendations X.800Defines a systematic approach International standardFor managers to provide securityFor security products Focuses on services, mechanisms andattacks7
Security services Definition in RFC 2828A processing or communication service thatis provided by a system to give a specifickind of protection to system resources X.800 servicesFive categories and 14 specific services8
Categories Authentication Access control Data Confidentiality Data Integrity Nonrepudiation9
Specific services Authentication(1) Peer entity authentication(2) Data-origin authentication Data confidentiality(3) Connection confidentiality(4) Connectionless confidentiality(5) Selective-field confidentiality(6) Traffic flow confidentiality10
Specific services Data integrity(7) Connection integrity with recovery(8) Connection integrity without recovery(9) Selective-field Connection Integrity(10) Connectionless Integrity(11) Selective-field Connectionless Integrity11
Specific services Nonrepudiation(12) Nonrepudiation, origin(13) Nonrepudiation, destination(14) Availability serviceProtect to ensure availabilityDepends on- Proper management & control of system resources12
Security mechanisms(Specific) Encipherment Digital signature Access control Data integrity Authentication exchange Traffic padding Routing control Notarization13
Security AttacksSecurity Attacks Interruption: This is an attack onavailability Interception: This is an attack onconfidentiality Modification: This is an attack onintegrity Fabrication: This is an attack onauthenticity16
Methods of DefenceMethods of Defence Encryption Software Controls (access limitations ina data base, in operating system protecteach user from other users) Hardware Controls (smartcard) Policies (frequent changes ofpasswords) Physical Controls20
Placement of securitymechanisms Link to linkHardware deviceApplication unawareDistribution of keys a problem End to endApplication/software awareLarge no of keys involved
Security mechanisms in theTCP/IP protocol stack
Need for IPSec Application level security services Electronic mail○ S/MIME, PGP Client Server○ Kerberos, X.509 Web access○ SSL, TLS, SET Enterprises need security at IP layer To protect security ignorant applications Additional security to applications with securitymechanisms Establish private secure network
IP Security Overview IPSec is not a single protocol. IPSec provides a set of securityalgorithms IPSec provides a general securityframework for a pair of communicatingentities Across LAN, Private & Public WANs Across Internet
IP Security Overview Applications of IPSecSecure branch office connectivity over theInternetSecure remote access over the InternetEstablsihing extranet and intranetconnectivity with partnersEnhancing electronic commerce security
IP Security Overview Benefits of IPSecBetter firewall protectionTransparent to applications (below transportlayer (TCP, UDP)Provide security for individual users IPSec can assure that:A router or neighbor advertisement comes froman authorized routerA redirect message comes from the router towhich the initial packet was sentA routing update is not forged
IP Security Architectures Integrated architectureSupported in IPv6Difficult to implement in IPv4 Bump in The stack (BITS) for IPv4Between Data link and IP layers Bump in The Wire (BITW)Hardware implementation
IPSec RFCs IPSec documents:RFC 2401: An overview of security architectureRFC 2402: Description of a packetauthentication extension to IPv4 and IPv6RFC 2406: Description of a packet encryptionextension to IPv4 and IPv6RFC 2408: Specification of key managamentcapabilities
IPSec Services Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity
IPSec modes of operations TransportIPSec protects IP payloadIPSec headers added before IP payloadNo change in IP header TunnelIPSec protects total IP packetIPSec headers encapsulates IP packetNew IP header is created
DiscussiononTunnel and Transport mode Tunnel mode header orderNew IP hdr->IPsec hdr->old IP hdr->IP payloadBITS or BITW architectureChoice for VPN Transport mode header orderIP hdr->IPSec hdr->IP payloadIPSec integrated architectureEnd to End security
Protocols Transport ModeSATunnel ModeSAAH Authenticates IP payloadand selected portions ofIP header and IPv6extension headersAuthenticates entireinner IP packet plusselected portions ofouter IP headerESP Encrypts IP payload andany IPv6 extesion headerEncrypts inner IPpacketESP withauthenticationEncrypts IP payload andany IPv6 extesionheader. Authenticates IPpayload but no IP headerEncrypts inner IPpacket. Authenticatesinner IP packet.Security services
SSL connection A logical client/server link A peer-to-peer connection with twonetwork nodes. Transient. Every connection associated with onesession.
SSL session An association between a client and a server Defines a set of parameters such as algorithms used,session number etc. An SSL session is created by the Handshake Protocol that allows parameters to be shared among theconnections made between the server and the client Sessions are used to avoid negotiation of new parametersfor each connection. A single session is shared among multiple SSL connectionsbetween the client and the server. In theory, it may also be possible that multiple sessions areshared by a single connection, but this feature is not used inpractice.
SSL session state A session state is defined by the following parameters: session identifier: this is an identifier generated by the server toidentify a session with a chosen client, Peer certificate: X.509 certificate of the peer, compression method: a method used to compress data prior toencryption, CipherSpec: specifies the bulk data encryption algorithm (forexample DES) and the hash algorithm (for example MD5) usedduring the session, Master secret: 48-byte data being a secret shared between theclient and server “is resumable”: this is a flag indicating whether the session canbe used to initiate new connections.
SSL connection state The SSL connection state is defined by the followingparameters: Server and client random: random data generated by both theclient and server for each connection, Server write MAC secret: the secret key used for data written bythe server, Client write MAC secret: the secret used for data written by theclient, Server write key: the bulk cipher key for data encrypted by theserver and decrypted by the client, Client write key: the bulk cipher key for data encrypted by theclient and decrypted by the server, Initialisation vectors: for CBC mode of block cipher Sequence number: sequence numbers maintained separately bythe server for messages transmitted and received during thedata session.
Record protocol Services providedConfidentiality○ Encryption of payloads using sharedsecret key obtained from handshakeprotocolMessage Integrity○ MAC using shared secret key obtainedfrom handshake protocol
Change cipher spec protocol Payload of record protocol Consist of single messageSingle byte value = 1 Purpose of messageCause copy of pending state to current stateUpdates cipher suite to be used on thecurrent connection
Alert protocol Conveys SSL alerts to peer Payload of record Consists of two bytes1stbyte : warning or fatal2ndbyte: code for specific alerts
Handshake Protocol The most complex part of SSL. Allows the server and client toauthenticate each other. Negotiate encryption, MAC algorithmand cryptographic keys. Used before any application data aretransmitted.
handshake protocol phases 1stphaseEstablish security capabilities 2ndphaseServer authentication and key exchange 3rdphaseClient authentication and key exchange 4thphasefinish
Cryptographic computations Shared master secret : 48 byte Creation in 2 stages Pre-master secret exchanged○ RSA○ Diffie Hellman Master secret calculated at both ends Use of master secret at client end Client write MAC secret Client write key Client write IV Use of master secret at client end Server write MAC secret Server write key Client write IV
Transport Layer Security The same record format as the SSL record format. Defined in RFC 2246. Similar to SSLv3. Differences in the: version number (3.1) message authentication code (HMAC, TLScomressed.version) pseudorandom function ( different from SSL) alert codes ( more in TSL) cipher suites ( fortezza dropped) client certificate types ( fortezza schemes not included) certificate_verify and finished message ( calculation different) cryptographic computations ( different from SSL) Padding ( any amount for total length = Xblock length upto max 255 bytes )
Master secret in SSLMaster secret =MD5(pre_master_secret||SHA(“A”||pre_master_secret||ClientHello.random||serverHello.random))||MD5(pre_master_secret||SHA(“BB”||pre_master_secret||ClientHello.random||serverHello.random))||MD5(pre_master_secret||SHA(“CCC”||pre_master_secret||ClientHello.random||serverHello.random))||
Key block in SSLKey block =MD5(master_secret||SHA(“A”||master_secret||serverHello.random||ClientHello.random))||MD5(master_secret||SHA(“BB”||pre_master_secret|| serverHello.random||ClientHello.random))||MD5(master_secret||SHA(“CCC”||pre_master_secret|| serverHello.random||ClientHello.random))||…..
Secure Electronic Transactions An open encryption and securityspecification. Protect credit card transaction on theInternet. Companies involved:MasterCard, Visa, IBM, Microsoft,Netscape, RSA, Terisa and Verisign Not a payment system. Set of security protocols and formats.
SET Services Provides a secure communicationchannel in a transaction. Provides tust by the use of X.509v3digital certificates. Ensures privacy.
SET Overview Key Features of SET:Confidentiality of informationIntegrity of dataCardholder account authenticationMerchant authentication
SET participants Cardholder: authorised holder of credit card issuedby issuer. Interacts with merchants over internet Merchant : Seller of goods over internet Issuer : Bank which issues credit card to cardholder. Acquirer : Fin institution which has an account witha merchant, processes card authorisation andpayments. Payment gateway: Interfaces between SET andPayment network CA: Issues X.509 certificates to All players
Sequence of events fortransactions1. The customer opens an account.2. The customer receives a certificate.3. Merchants have their own certificates.4. The customer places an order.5. The merchant is verified.6. The order and payment are sent.7. The merchant request payment authorization.8. The merchant confirm the order.9. The merchant provides the goods or service.10. The merchant requests payments.
Payment Request Initiate request from card holder Request certificates to merchant Incl: Brand of cc, ID req/resp, nonce Initiate response by merchant Response signed by Kr of merchant Incl: Cust nonce, new nonce, trans ID, merchant’ssignature certificate, payment gateways key exchangecertificateCardholder verifies merchant and gateway’s certificates Generates○ OI- ref to order○ PI – card number, value etc
Payment Request Purchase request by card holderForwarded to payment gateway○ Incl: EKs[PI+Dual sig+OIMD], EKUch[Ks]To merchant○ OI+dual sig+PIMD, CH certificate Purchase response by merchantIncl: Trans ID, response block with order acksigned by merchant using Kr, merchant’ssignature certificateCard holderVerifies merchant’s signature on response block
Payment Authorization Authorization Request to payment gateway from merchant forwarded○ PI+dual sig+OIMD+EKUch[Ks] Generated○ Auth block: EKms[SignKrm[Trans ID]]○ EKUpg[EKms] Certificates○ Card holder signature key, merchant signature key and merchant key exchange certificatesPayment gateway Verifies all certificates, obtains EKms, decrypts auth block, verifies merchant’s sign, verifies dualsign, verifies trans ID, requests and receives an auth from issuer Authorisation response by payment gateway to merchant Auth block:○ EKpgs[SignKrpg[authorisation]]○ EKUm[EKpgs] Capture token info:○ EKpgs[SignKrpg[capture token]] Certificate○ Gateway’s signature key certifixcate
Payment capture Capture Request by merchant to paymentgatewayCapture req block○ Amount+Trand ID+token signed andencrypted by merchantThis is verified by payment gateway. Reqissuer to release payment Capture Response by payment gatewayto merchant confirmation of payment