Internet security protocols

Ameer Sameer Hamood

 Outline

Secure Sockets Layer (SSL)

- SSL Protocol Stack
- SSL Record Protocol Operation
IP Security (IPsec)
- IP Security (IPsec) architecture
- Benefits of IPsec
Hypertext Transfer Protocol Secure (HTTPS)
Kerberos
- Drawbacks and limitations
- Kerberos Vulnerabilities
2
Transport Layer Security (TLS)
 Introduction

Network security protocols are a type network protocol that ensures the
security and integrity of data in transit over a network connection. Network
security protocols define the processes and methodology to secure network
data from any illegitimate attempt to review or extract the contents of data.
It consists of a set of protocols designed by Internet Engineering Task Force
(IETF). It provides security at network level and helps to create
authenticated and confidential packets for IP layer.

3
 Cont..

Network security protocols generally implement cryptography and

encryption techniques to secure the data so that it can only be decrypted
with a special algorithm, logical key, mathematical formula and/or a
combination of all of them. Some of the popular network security protocols
include Secure File Transfer Protocol (SFTP), Secure Hypertext
Transfer Protocol (HTTPS) and Secure Socket Layer (SSL).

4
 Security: at which layer?

Application layer
 closer to user
 more sophisticated/granular controls
 end-to-end
Lower layer
Application independent –hide traffic data –but vulnerable in middle points
•Combine?
5
 Security: at which layer?

Internet security threats impact the network, data security and other internet
connected systems. Cyber criminals have evolved several techniques to
threat privacy and integrity of bank accounts, businesses, and organizations.

6
 Common Internet Security Threats

Following are some of the internet security threats:

 Mobile worms
 Malware
 PC and Mobile ransomware
 Large scale attacks like Stuxnet that attempts to destroy infrastructure.
 Hacking as a Service
 Spam
 Phishing
7
 Secure File Transfer Protocol (SFTP)

In computing, the SSH File Transfer Protocol is a network protocol that

provides file access, file transfer, and file management over any reliable
data stream. It was designed by the Internet Engineering Task Force as an
extension of the Secure Shell protocol version 2.0 to provide secure file
transfer capabilities.

8
 Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) : one of the most widely

used security services
• general-purpose service implemented as a set of
protocols that rely on TCP
• subsequently became Internet standard RFC2246:
Transport Layer Security (TLS)

9
SSL Protocol Stack

10
Figure 1: SSL Protocol Stack
SSL Record Protocol Operation

11
Figure 2: SSL Record Protocol Operation
 How Does the SSL Certificate Create a Secure Connection?

When a browser attempts to access a website that is secured by SSL, the

browser and the web server establish an SSL connection using a process
called an “SSL Handshake” (see figure 3 next slide). Note that the SSL
Handshake is invisible to the user and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public,
private, and session keys. Anything encrypted with the public key can only
be decrypted with the private key, and vice versa.

12
How Does the SSL Certificate Create a Secure Connection?

Figure 3: SSL Handshake 13

 IP Security (IPsec)

In computing, Internet Protocol Security is a secure network protocol suite

that authenticates and encrypts the packets of data to provide secure
encrypted communication between two computers over an Internet Protocol
network. It is used in virtual private networks.
IPsec includes protocols for establishing mutual authentication between
agents at the beginning of a session and negotiation of cryptographic keys to
use during the session.

14
 IP Security (IPsec) Architecture

The IPsec is an open standard as a part of the IPv4 suite. IPsec uses the
following protocols to perform various functions:
Authentication Headers (AH) provides connectionless data integrity and
data origin authentication for IP datagrams and provides protection against
replay attacks.
Encapsulating Security Payloads (ESP) provides confidentiality,
connectionless data integrity, data-origin authentication, an anti-replay
service (a form of partial sequence integrity), and limited traffic-flow
confidentiality. 15
 IP Security (IPsec) Architecture

Security Associations (SA) provides the bundle of algorithms and data that
provide the parameters necessary for AH and/or ESP operations. The
Internet Security Association and Key Management Protocol (ISAKMP)
provides a framework for authentication and key exchange, with actual
authenticated keying material provided either by manual configuration with
pre-shared keys, Internet Key Exchange (IKE and IKEv2), Kerberized
Internet Negotiation of Keys (KINK), or IPSECKEY DNS records

16
 Benefits of IPsec

When implemented in a firewall or router, it provides strong security to all

traffic crossing the perimeter
• In a firewall it is resistant to bypass
• Below transport layer, hence transparent to applications
• Can be transparent to end users
• Can provide security for individual users
• Secures routing architecture

17
 Hypertext Transfer Protocol Secure (HTTPS)

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the

Hypertext Transfer Protocol (HTTP). It is used for secure communication
over a computer network, and is widely used on the Internet. In HTTPS, the
communication protocol is encrypted using Transport Layer Security
(TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore
also referred to as HTTP over TLS, or HTTP over SSL.

18
How does HTTPS work :SSL Explained

19
Figure 4: HTTPS work :SSL Explained
 Kerberos

Kerberos is a computer-network authentication protocol that works on the

basis of tickets to allow nodes communicating over a non-secure network to
prove their identity to one another in a secure manner. The protocol was
named after the character Kerberos (or Cerberus) from Greek mythology,
the ferocious three-headed guard dog of Hades.
Kerberos builds on symmetric key cryptography and requires a trusted third
party, and optionally may use public-key cryptography during certain phases
of authentication. Kerberos uses UDP port 88 by default.
20
 Drawbacks and limitations

 Single point of failure

 Kerberos has strict time requirements
 The administration protocol is not standardized and differs between
server implementations
 Each network service which requires a different host name will need its
own set of Kerberos keys.
 Kerberos requires user accounts and services to have a trusted
relationship to the Kerberos token server.
21
 Kerberos Vulnerabilities

The Data Encryption Standard (DES) cipher can be used in combination

with Kerberos, but is no longer an Internet standard because it is weak.
Security vulnerabilities exist in many legacy products that implement
Kerberos because they have not been updated to use newer ciphers like AES
instead of DES.
In November 2014, Microsoft released a patch (MS14-068) to rectify an
exploitable vulnerability in Windows implementation of the Kerberos Key
Distribution Center (KDC).The vulnerability purportedly allows users to
"elevate" (and abuse) their privileges, up to Domain level.
22
 Transport Layer Security (TLS)

Transport Layer Security, or TLS, is a widely adopted security protocol

designed to facilitate privacy and data security for communications over the
Internet. A primary use case of TLS is encrypting the communication
between web applications and servers, such as web browsers loading a
website. TLS can also be used to encrypt other communications such as
email, messaging, and voice over IP (VOIP). In this article we will focus on
the role of TLS in web application security.

23
 Why should you use TLS?

TLS encryption can help protect web applications from attacks such as data
breaches, and DDoS attacks. Additionally, TLS-protected HTTPS is
quickly becoming a standard practice for websites. For example, the Google
Chrome browser is cracking down on non-HTTPS sites, and everyday
Internet users are starting to become more wary of websites that don’t
feature the HTTPS padlock icon.

24
 How does TLS work?

TLS can be used on top of a transport-layer security protocol like TCP. There
are three main components to TLS: Encryption, Authentication, and Integrity.
Encryption: hides the data being transferred from third parties.
Authentication: ensures that the parties exchanging information are who
they claim to be.
Integrity: verifies that the data has not been forged or tampered with.

25
 What’s the difference between TLS and SSL?

Figure 5: The difference between

TLS and SSL

26
 What’s the difference between TLS and HTTPS?

HTTPS is an implementation of TLS encryption on top of the HTTP

protocol, which is used by all websites as well as some other web services.
Any website that uses HTTPS is therefore employing TLS encryption.

27
 Conclusion

Security protocols for the TCP/IP networks to provide security over a

network connection, typically crypto graphical mechanisms are applied.
When data (d) is sent from the sender (S) to the receiver (R), the following
must be provided: Confidentiality, Data integrity and Data origin integrity.

Security services may be provided at one or more layers: Application layer

security protocols, Transport layer, Network layer and Data link layer (aka.
network access layer), also, Corresponding layers at both the sender and the
receiver must implement compatible security protocols.
28
 References

1- "CS 356- Lecture 27 Internet Security Protocols ", 2013.

2- Mohsen Toorani,"Security Protocols in a Nutshell",2016.
3- Christopher Kruegel, "Internet Security", Automation Systems Group (E183-1)
4- Online teching :"INTERNET SECURITY PROTOCOL"
5- Radia Perlman, "Network Security Protocols:A Tutorial", May 2005.
6- Conrad Chung, BrightSparks , File Transfer Protocol (SFTP) Explained "
7- https://www.slideserve.com/elliot/internet-security-protocols
8- https://www.digicert.com/ssl/
29
Thank You