Professional Documents
Culture Documents
Security Requirements
Prof.Pranali G Chavhan,VIIT,Pune
IP Security (IPSec)
• IPSec is a framework of open standards
developed by the Internet Engineering Task
Force (IETF).
Prof.Pranali G Chavhan,VIIT,Pune
IP Security Architecture
• IPSec documents:
– RFC 2401: An overview of security architecture
– RFC 2402: Description of a packet authentication
extension to IPv4 and IPv6
– RFC 2406: Description of a packet encryption
extension to IPv4 and IPv6
– RFC 2408: Specification of key management
capabilities
Prof.Pranali G Chavhan,VIIT,Pune
IPV6
Prof.Pranali G Chavhan,VIIT,Pune
IPV4
Prof.Pranali G Chavhan,VIIT,Pune
IPSec Security Protocols
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
Prof.Pranali G Chavhan,VIIT,Pune
IPSec Security Protocols
• Authentication Header (AH) provides:
- Connectionless integrity
- Data origin authentication
- Protection against replay attacks
• Encapsulating Security Payload (ESP) provides:
- Confidentiality (encryption)
- Connectionless integrity
- Data origin authentication
- Protection against reply attacks
Prof.Pranali G Chavhan,VIIT,Pune
Encapsulated Security Payload (ESP)
• Must encrypt and/or authenticate in each
packet
• Encryption occurs before authentication
• Authentication is applied to data in the IPSec
header as well as the data contained as payload
Prof.Pranali G Chavhan,VIIT,Pune
IPSec Encapsulating Security Payload (ESP) in
Transport Mode
Insert Append
Orig IP Hdr ESP Hdr TCP Hdr Data ESP Trailer ESP Auth
Usually encrypted
IPHdr ESP Hdr IP Hdr TCP Hdr Data ESP Trailer ESP Auth
Usually encrypted
Prof.Pranali G Chavhan,VIIT,Pune
Authentication Header (AH)
• Authentication is applied to the entire packet,
with the mutable fields in the IP header zeroed
out
• If both ESP and AH are applied to a packet,
AH follows ESP
Prof.Pranali G Chavhan,VIIT,Pune
IPSec Authentication Header (AH)
in Transport Mode
Insert
Orig IP Hdr AH Hdr TCP Hdr Data
Prof.Pranali G Chavhan,VIIT,Pune
© 2000 Microsoft Corporation
IPSec AH Tunnel Mode
Prof.Pranali G Chavhan,VIIT,Pune
ISAKMP-Internet Security Association and Key
Management Protocol
• RFC 2408
• Internet Security Association & Key Management Protocol
• Protocol
– Establish, modify, and delete SAs
– Negotiate crypto keys
• Procedures
– Authentication of peers
– Threat mitigation
Prof.Pranali G Chavhan,VIIT,Pune
ISAKMP
Prof.Pranali G Chavhan,VIIT,Pune
ISAKMP
• Security Associations
• Authentication
• Public Key Cryptography
• Protection
• DoS – Anti-Clogging
• Hijacking a connection
• Man in the middle attacks
Prof.Pranali G Chavhan,VIIT,Pune
IISAKMP – Phases
Prof.Pranali G Chavhan,VIIT,Pune
ISAKMP
Header
Initiator Cookie
Responder Cookie
Major Minor
Next Payload Version Version Exchange Type Flags
Message ID
Length
Prof.Pranali G Chavhan,VIIT,Pune
Oakley key determination protocol
• problems with basic DH:
– it is subject to a man-in-the-middle type attack
– it is vulnerable to a clogging attack
• attacker sends fake DH messages to a victim from a forged IP address
• victim starts performing modular exponentiations to compute a secret key
• victim can be blocked with useless work
• added security features of Oakley
– cookie exchange to thwart clogging attacks
• hash(src IP addr, dst IP addr, src UDP port, dst UDP port, local secret)
• local secret is periodically changed
– uses nonces to detect replay attacks
– authenticates the DH exchange to thwart man-in-the-middle attacks
• based on digital signatures, public key encryption, or symmetric key
encryption
– enables the parties to negotiate the global parameters of the DH exchange
(e.g., the prime p that defines the group and the generator g of the group)
• few predefined groupsProf.Pranali G Chavhan,VIIT,Pune
Virtual Private Networks (VPNs)
• Used to connect two private networks together via the Internet
• Used to connect remote users to a private network via the
Internet
• This could be done by opening your firewall to the LAN
networking protocols (NETBIOS, NFS NetWare, AppleTalk))
– But… it would also make those protocols available to any one on the
Internet and they could come into your LAN at will
– Effectively make the whole Internet your LAN
• Exposes all of your data
• Anyone can easily take advantage of vulnerabilities in your internal hosts
• No privacy
• Better solution is to use a VPN in conjunction with your
firewall
Prof.Pranali G Chavhan,VIIT,Pune
VPNs
• Since we all understand that IP is used to transport information
between LANs if we add some security stuff to IP then this
transport can be made more secure
• Can be done two ways:
– At the network level using IPSec
• Currently the most widely used method
– But requires special client installation on each workstation (more IT $)
– At the Transport level using SSL
• Quickly gaining popularity because there are no special software
installation requirements for end user workstations
– All that’s required is a browser with SSL support
» Mozilla
» Internet Explorer
» Netscape
» Opera
Prof.Pranali G Chavhan,VIIT,Pune
SSL Change Cipher Spec Protocol
• one of 3 SSL specific protocols which use the
SSL Record protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use
Prof.Pranali G Chavhan,VIIT,Pune
SSL Alert Protocol
• conveys SSL-related alerts to peer entity
• severity
• warning or fatal
• specific alert
• unexpected message, bad record mac, decompression failure,
handshake failure, illegal parameter
• close notify, no certificate, bad certificate, unsupported certificate,
certificate revoked, certificate expired, certificate unknown
• compressed & encrypted like all SSL data
Prof.Pranali G Chavhan,VIIT,Pune
Web Security
Prof.Pranali G Chavhan,VIIT,Pune
Web Security
• Web now widely used by business,
government, individuals
• but Internet & Web are vulnerable
• have a variety of threats
– integrity
– confidentiality
– denial of service
– authentication
• need added security mechanisms
Prof.Pranali G Chavhan,VIIT,Pune
SSL Handshake Protocol
• allows server & client to:
– authenticate each other
– to negotiate encryption & MAC algorithms
– to negotiate cryptographic keys to be used
• comprises a series of messages in phases
– Establish Security Capabilities
– Server Authentication and Key Exchange
– Client Authentication and Key Exchange
– Finish
Prof.Pranali G Chavhan,VIIT,Pune
SSL Handshake Protocol
Prof.Pranali G Chavhan,VIIT,Pune
TLS (Transport Layer Security)
• IETF standard RFC 2246 similar to SSLv3
• with minor differences
– in record format version number
– uses HMAC for MAC
– a pseudo-random function expands secrets
– has additional alert codes
– some changes in supported ciphers
– changes in certificate negotiations
– changes in use of padding
Prof.Pranali G Chavhan,VIIT,Pune
Secure Electronic Transactions (SET)
• open encryption & security specification
• to protect Internet credit card transactions
• developed in 1996 by Mastercard, Visa etc
• not a payment system
• rather a set of security protocols & formats
– secure communications amongst parties
– trust from use of X.509v3 certificates
– privacy by restricted info to those who need it
Prof.Pranali G Chavhan,VIIT,Pune
SET Components
Prof.Pranali G Chavhan,VIIT,Pune
SET Transaction
1. customer opens account
2. customer receives a certificate
3. merchants have their own certificates
4. customer places an order
5. merchant is verified
6. order and payment are sent
7. merchant requests payment authorization
8. merchant confirms order
9. merchant provides goods or service
10. merchant requests payment
Prof.Pranali G Chavhan,VIIT,Pune
Dual Signature
• customer creates dual messages
– order information (OI) for merchant
– payment information (PI) for bank
• neither party needs details of other
• but must know they are linked
• use a dual signature for this
– signed concatenated hashes of OI & PI
Prof.Pranali G Chavhan,VIIT,Pune
Purchase Request – Customer
Prof.Pranali G Chavhan,VIIT,Pune
Purchase Request – Merchant
Prof.Pranali G Chavhan,VIIT,Pune
Purchase Request – Merchant
1. verifies cardholder certificates using CA sigs
2. verifies dual signature using customer's public
signature key to ensure order has not been tampered
with in transit & that it was signed using
cardholder's private signature key
3. processes order and forwards the payment
information to the payment gateway for
authorization (described later)
4. sends a purchase response to cardholder
Prof.Pranali G Chavhan,VIIT,Pune
Payment Gateway Authorization
1. verifies all certificates
2. decrypts digital envelope of authorization block to obtain
symmetric key & then decrypts authorization block
3. verifies merchant's signature on authorization block
4. decrypts digital envelope of payment block to obtain
symmetric key & then decrypts payment block
5. verifies dual signature on payment block
6. verifies that transaction ID received from merchant matches
that in PI received (indirectly) from customer
7. requests & receives an authorization from issuer
8. sends authorization response back to merchant
Prof.Pranali G Chavhan,VIIT,Pune
Payment Capture
• merchant sends payment gateway a payment
capture request
• gateway checks request
• then causes funds to be transferred to
merchants account
• notifies merchant using capture response
Prof.Pranali G Chavhan,VIIT,Pune
Electronic mail security
Pretty Good Privacy
• Philip R. Zimmerman is the creator of PGP.
• PGP provides a confidentiality and
authentication service that can be used for
electronic mail and file storage applications.
Prof.Pranali G Chavhan,VIIT,Pune
Why Is PGP Popular?
• It is availiable free on a variety of platforms.
• Based on well known algorithms.
• Wide range of applicability
• Not developed or controlled by governmental
or standards organizations
Prof.Pranali G Chavhan,VIIT,Pune
Operational Description
• Consist of five services:
– Authentication
– Confidentiality
– Compression
– E-mail compatibility
– Segmentation
Prof.Pranali G Chavhan,VIIT,Pune
Prof.Pranali G Chavhan,VIIT,Pune
Compression
• PGP compresses the message after applying
the signature but before encryption
• The placement of the compression algorithm is
critical.
• The compression algorithm used is ZIP
(described in appendix 5A)
Prof.Pranali G Chavhan,VIIT,Pune
Format of PGP Message
Prof.Pranali G Chavhan,VIIT,Pune
Prof.Pranali G Chavhan,VIIT,Pune
Prof.Pranali G Chavhan,VIIT,Pune
Prof.Pranali G Chavhan,VIIT,Pune
S/MIME
• Secure/Multipurpose Internet Mail Extension
• S/MIME will probably emerge as the industry
standard.
• PGP for personal e-mail security
Prof.Pranali G Chavhan,VIIT,Pune
Simple Mail Transfer Protocol (SMTP,
RFC 822)
• SMTP Limitations - Can not transmit, or has a problem
with:
– executable files, or other binary files (jpeg image)
– “national language” characters (non-ASCII)
– messages over a certain size
– ASCII to EBCDIC translation problems
– lines longer than a certain length (72 to 254 characters)
Prof.Pranali G Chavhan,VIIT,Pune
Header fields in MIME
• MIME-Version: Must be “1.0” -> RFC 2045, RFC 2046
• Content-Type: More types being added by developers
(application/word)
• Content-Transfer-Encoding: How message has been
encoded (radix-64)
• Content-ID: Unique identifying character string.
• Content Description: Needed when content is not readable
text (e.g.,mpeg)
Prof.Pranali G Chavhan,VIIT,Pune
S/MIME Functions
• Enveloped Data: Encrypted content and encrypted
session keys for recipients.
• Signed Data: Message Digest encrypted with private
key of “signer.”
• Clear-Signed Data: Signed but not encrypted.
• Signed and Enveloped Data: Various orderings for
encrypting and signing.
Prof.Pranali G Chavhan,VIIT,Pune
Secure Electronic Transactions
• An open encryption and security specification.
• Protect credit card transaction on the Internet.
• Companies involved:
– MasterCard, Visa, IBM, Microsoft, Netscape,
RSA, Terisa and Verisign
• Not a payment system.
• Set of security protocols and formats.
Prof.Pranali G Chavhan,VIIT,Pune
SET Services
• Provides a secure communication channel in a
transaction.
• Provides tust by the use of X.509v3 digital
certificates.
• Ensures privacy.
Prof.Pranali G Chavhan,VIIT,Pune
SET Overview
• Key Features of SET:
– Confidentiality of information
– Integrity of data
– Cardholder account authentication
– Merchant authentication
Prof.Pranali G Chavhan,VIIT,Pune
SET Participants
Prof.Pranali G Chavhan,VIIT,Pune
Sequence of events for transactions
1. The customer opens an account.
2. The customer receives a certificate.
3. Merchants have their own certificates.
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant request payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or service.
10. The merchant requests payments.
Prof.Pranali G Chavhan,VIIT,Pune