Information Security

Van K Nguyen - HUT

Network Security
 Information Security by Van K Nguyen
Sep 2009 Hanoi University of Technology 2
 Attacks against TCP

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 3
Transmission Control Protocol - TCP

n Connection oriented protocol for a user

process
q Reliable, full-duplex channel: acknowledgem ents,
retransmissions, timeouts
q The packets are delivered in the same order
n Congestion control mechanisms

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 4
TCP 3-way handshake

n The sequence number

x and y are random
values that the other
side need to ack by
increment (x+1 or y+1)
n The connection only
fully opened when
server-side received
client’s ack
Information Security by Van K Nguyen
Sep 2009 Hanoi University of Technology 5
SYN Attack

n An attacker sends flood of SYNs with source

address spoofed packets to a target.
n If the limit is reached, target machine will refuse any
incoming connections till the timeout expires
q The server send the SYN-ACK to the falsified IP address,
and thus never receive the ACK
n Server wait for ACK for some time, as simple network
congestion could also be the cause of the missing ACK.
n Spoofed address chosen to be a non-existent one
q If the spoofed address belongs to a machine, then what ?

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 6
Why it works?

n There is no authentication of the source of

the packets
n Addresses can be easily spoofed
n Server needs to allocate a lot or resources
while client doesn’t

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 7
Some measurements to the SYN attack

n Configuration Optimization
q At the server
n Reduce the timeout to 10 seconds
n Increase the size of the queue
n Disable non-essential services, reducing the number of
ports to be attacked
q At all routers in the Internet
n Block packets to the outside that have source addresses
from outside the internal network

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 8
Some measurements to the SYN attack

n Using firewall as relay/gateway

q Firewall acts in between, receive then forward the SYN
packet to server
q Firewall send “fake” ACK to server, then wait a little timeout
then send RST to server if no real ACK coming.
n Active Monitoring
q Monitor the TCP traffic within a local area network and
figure out which ones are illegitimate connections.
q Send RST for the illegitimate connections to close them

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 9
TCP Congestion Control

n Source determines how much bandwidth is available

for it to send, it starts slow and increases the
window of send packet based on ACKS.
n ACKS are also used to control the transmission of
packets.
n Uses Additive Increase Multiplicative Decrease
(AIMD)
n Uses Retransmission Timeout (RTO) to avoid
congestion

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 10
TCP Congestion Control

n All the attacker needs to

do is generate a TCP
flow to force the targeted
TCP connection to
repeatedly enter a
retransmission timeout
state

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 11
 IPsec:
secure communication for the IP layer

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 12
Intro

n Internet Protocol Security (IPsec) is a protocol

suite for securing Internet Protocol (IP)
communications by authenticating and encrypting
each IP packet of a data stream.
q Authentication/integrity
q Confidentiality
q Protection against replayed packets
n Transparent to applications
q below transport layer (TCP, UDP)
n IETF IPSEC Working Group
q Documented in RFCs and Internet drafts

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 13
Basics on IPSec
n Protocols
q Internet key exchange (IKE): set up a security association (SA)
with encryption and authentication keys to be used.
q Authentication Header (AH): provides integrity and authentication
without confidentiality
q Encapsulating Security Payload (ESP): provides confidentiality
and can also provide integrity and authentication
n Both AH/ESP can operate on two different modes
q Transport-mode: encapsulates an upper-layer protocol (e.g. TCP
or UDP) and prepends an IP header in clear
q Tunnel-mode: encapsulates an entire IP datagram into new
packet adding a new IP header

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 14
Transport mode

n ESP in Transport Mode

q encrypts and optionally authenticates the IP payload
(data), but not the IP header.
n AH in Transport Mode
q authenticates the IP payload and selected portions of
the IP header

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 15
Tunnel Mode

n ESP in Tunnel Mode

q encrypts and optionally authenticates the entire
inner IP packet, including the inner IP header.
n AH in Tunnel Mode
q authenticates the entire inner IP packet and
selected portions of the outer IP header.

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 16
Security Associations
n SA- the basis for building security functions into IP.
n A security association is simply the bundle of algorithm
selection and parameters (such as keys) that is being
used to encrypt and authenticate a particular f low in one
direction.
q SPI + IP destination address uniquely identifies a particular
Security Association.
n Therefore, in normal bi -directional traf fic, the flows are
secured by a pair of security associations.
q SAs are unidirectional, sender supplies SPI to receiver.

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 17
Authentication Header
n Provides support f or data integrity and authentication
(MAC) of IP packets, using HMAC based on MD5 or
SHA1.
n Defends against replay attacks (sequence number)

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 18
AH: Preventing Replay
n When a SA is established, sender initializes sequence counter to 0.
n Every time a packet is sent the counter is incremented and is set in
the sequence number in the AH header.
n When sequence number 232 - 1 is reached, a new SA should be
negotiated.

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 19
AH Authentication: Transport Mode

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 20
AH Authentication: Tunnel Mode

n The new IP header contains different IP addresses than

the ultimate destination and source

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 21
Encapsulating Security Payload
n ESP provides conf identiality services, optionally can provide
the same services as AH
n Encryption: 3DES, Blowf ish, CAST, IDEA, 3IDEA

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 22
ESP Encryption and Authentication:
Transport Mode

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 23
ESP Encryption and Authentication:
Tunnel Mode

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 24
 TLS/SSL: SECURE END-TO-
END COMMUNICATION

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 25
History

n Netscape Communications developed the first three versions of

Secure Socket Layer (SSL) with significant assistance from the
Web community.
q Although SSL’s development was open, and Netscape encouraged others in the
industry to participate, the protocol technically belonged to Netscape.
n Beginning in May 1996, however, SSL development became the
responsibilit y of the Internet Engineering Task Force (IETF).
n The IETF renamed SSL to Transport Layer Security (TLS).
q The final version of the first official TLS specification was released in January
1999.
n Despite the change of names, TLS is nothing more than a new
version of SSL.
q In fact, there are far fewer differences between TLS 1.0 and SSL 3.0 than there
are between SSL 3.0 and SSL 2.0.

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 26
asic
b
S/L T L

n Protocol suite that allows to establish an end-to-end secure channel:

q Confidentiality: by encryption using DES, 3DES, RC2, RC4, IDEA.
q Integrity: by computing a MAC and send it with the mes sage; MD5,
SHA1.
q Key exchange: by publ ic key encryption
n Defines how the characteristics of the channel are negotiated
q key establishment, encryption cipher, authentication mechanism
n Requires reliable end-to-end protocol, so it runs on top of TCP
n Typically, used by other session protocols (HTTPS …)
n Several implementations:
q e.g. SSLeay, open source implementati on (www.openssl.org)

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 27
TLS: Protocol Architecture

} 2 layer protocol

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 28
Session and Connection

n Session
q association between a client and a server
q created by the Handshake Protocol
q defines secure cryptographic parameters that can
be shared by multiple connections.
n Connection
q end-to-end reliable secure communication
q every connection is associated with a session

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 29
n Session identifier: generated by the server to identify an
active or resumable session.
n Peer certificate: X 509v3 certif icate.
n Compression method: algorithm used to compress the
data before encryption.
n Cipher spec: encryption and hash algorithm, including
hash size.
n Master secret: 48 byte secret shared between the client
and server.
n Is resumable: indicates if the session can be used to
initiate new connections.
Information Security by Van K Nguyen
Sep 2009 Hanoi University of Technology 30
Connection

n Server and client random: chosen for each connection.

n Server write MAC secret: shared key used to compute
MAC on data sent by the server.
n Client write MAC secret: same as above f or the client
n Server write key: shared key used by encryption when
server sends data.
n Client write key: same as above f or the client.
n Initialization vector: initialization vectors required by
encryption.
n Sequence numbers: both server and client maintains
such a counter to prevent replay, cycle is 264 - 1.
Information Security by Van K Nguyen
Sep 2009 Hanoi University of Technology 31
TLS: SSL Record Protocol
n Provides confidentiality and message integrity using shared keys
established by the Handshake Protocol

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 32
TLS: Handshake Protocol

n Negotiate Cipher-Suite Algorithms to use

q Symmetric cipher
q Key exchange method
q Message digest function
n Establish the shared master secret
n Optionally authenticate server and/or client

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 33
Handshake:
At a glance

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 34
Handshake: Hellos messages

n Client_hello_message has parameters:

q Version
q Random: timestamp + 28-bytes random
q Session ID
q CipherSuite: cipher algorithms supported by the client, first is key
exchange
q Compression method
n Server responds with the same
n Client may request use of cached session
q Server chooses whether to accept or not

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 35
Handshake: Key Exchange

n Supported key exchange methods:

n RSA: shared key encrypted with RSA public key
n Fixed Diffie-Hellman; public paramet ers
provided in a certificate
n Ephemeral Dif fie-Hellman: the best; Diffie-
Hellman with temporary secret key, messages
signed using RSA or DSS
n Anonymous Dif fie-Hellman: vulnerable to man-
inthe-middle
Information Security by Van K Nguyen
Sep 2009 Hanoi University of Technology 36
TLS: Authentication

n Verify identities of participants

q Client authentication is optional
q Certificate is used to associate identity with public
key and other attributes

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 37
TLS: Change Cipher Spec/Finished

n Change Cipher Spec complet es the setup of the

connections.
n Announce swit ch to negotiated algorithms and
values
n The client sends a message under t he new
algorithms, allows verification of that the
handshake was successful

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 38
TLS vs. IPSEC

n Security goals are similar

n IPSec more flexible in services it provides,
decouples authentication from encryption
n Different granularity: IPSec operates between
hosts, TLS between processes

Information Security by Van K Nguyen

Sep 2009 Hanoi University of Technology 39