Intro to Internet-services from Security Standpoint

Download Report

Transcript Intro to Internet-services from Security Standpoint

Intro to Internet-services from
Security Standpoint, Part II
SOEN321-Information-Systems Security
Revision 1.1
Date: October 21, 2003
October 22, 2002
Serguei A. Mokhov,
[email protected]
1
Secure Communication
(Chapter 9 Summary)
• People need to “talk” over the network, they
got encryption and authentication keys all
set up.
• Now, how do they communicate securely?
– Precisely: Where to put security in the ISO
stack?
October 22, 2002
Serguei A. Mokhov,
[email protected]
2
ISO Stack
• Recall the 7-layer OSI model from the
networks course:
Application
Presentation
Session
Transport
Network
So, on which level(s)
can you possibly put
security mechanisms?
Link
Physical
October 22, 2002
Serguei A. Mokhov,
[email protected]
3
Which Layers?
• The layers in gray are the ones, on which
Internet security protocols are implemented.
Application
Presentation
Session
Transport
Network
There are a always
tradeoffs for each
level you decide to
secure.
Link
Physical
October 22, 2002
Serguei A. Mokhov,
[email protected]
4
Which Layers?
• Application?
• Network?
– App independent
• Between App and Transport?
– Greater flexibility to select different protection
levels depending on a type of comm used.
• Link?
– Makes media-tapping protection
October 22, 2002
Serguei A. Mokhov,
[email protected]
5
Packet Encapsulation
• Before we proceed to the layers …
• Encapsulation
– Encapsulation is a technique that is used to add
services to network protocols.
– Technique:
• Get the original packet
• Add new headers
• Apply desired service to the original packet
October 22, 2002
Serguei A. Mokhov,
[email protected]
6
Packet Encapsulation
• The service may include:
– Real-time data transfer over the Internet
– Security
• Encryption
• Authentication
–…
Original IP Datagram
IP header
TCP header
Payload
Encapsulated IP Datagram
New IP header ESP|AH IP header
October 22, 2002
TCP header
Serguei A. Mokhov,
[email protected]
Payload
7
ESP and AH
• Encapsulating Security Payload
– Goal: confidentiality of the payload
– Often used with AH
• IP Authentication Header
– Goal: authenticity of the data in IP packets
– MAC
• ESP and AH are often used together because use
of confidentially w/o authentication has been
shown to be vulnerable to crypto attacks.
October 22, 2002
Serguei A. Mokhov,
[email protected]
8
Application Layer
• Very specific security needs required by an
app.
• An app doesn’t trust underlying levels to
satisfy those requirements.
• No direct end-to-end communication exists.
• Examples:
– email; app: PGP
– SSH
October 22, 2002
Serguei A. Mokhov,
[email protected]
9
Transport Layer
• Between an app and networking
• Refers to TCP and UDP
• Transport layer security sits on top of the
Transport Layer:
– Does not alter TCP/UPD headers
– Security is maintained when apps perform socket calls,
which being replaced by their secure versions, i.e.
read(socketd) -> secure_read(socketd)
October 22, 2002
Serguei A. Mokhov,
[email protected]
10
Transport Layer (2)
• Examples - SSL
– Secure Socket Layer, SSL; was introduced by
Netscape, then standardized, became TLS – transport
layer security, RFC 2246.
– Typical example: Web browsers, and other Client sever
architectures (RDBMS, for example).
– Provides encryption and authentication
– Services can easily be configured on top of SSL, w/o
requiring much knowledge of it.
October 22, 2002
Serguei A. Mokhov,
[email protected]
11
Network Layer
• Natural place for security mechanisms.
• Applications should not be changed.
• Independent from other layers, so an
insecure version of an IP layer can be
replaced by a secure one with authentication
and encryption.
– Securing NFS
• Employs encapsulation.
October 22, 2002
Serguei A. Mokhov,
[email protected]
12
Network Layer (2)
• Examples of use:
– Virtual Private Network, VPN, between communicating
firewalls – a static route, a pipe or a tunnel, between
two or more organizations, providing confidentiality
and authentication using public networks (the Internet)
as a transport media. (This is very cost effective in
comparison with EDI) .
– Personal communication with insecure applications
(transparent security).
October 22, 2002
Serguei A. Mokhov,
[email protected]
13
Network Layer (3)
• Challenges and Disadvantages
– Challenge: setting the right policy for the right kind of
communication.
– The concept of layer independence complicates things
=> security associations to transport level port
numbers.
– Disadvantages: requires replacement of the TCP/IP
stack.
• On UNIX/Linux this requires kernel recompilation.
• On Windows update of its files and reboot. (That’s why it’s
easier just upgrade your browser to have SSL, then reinstall
OS).
October 22, 2002
Serguei A. Mokhov,
[email protected]
14
Link Layer
• The lowest level people ever consider
putting security on.
• Makes sense when there is a high-volume
traffic between two directly connected
nodes or if physical layer is not protected
well enough.
October 22, 2002
Serguei A. Mokhov,
[email protected]
15
Link Layer (2)
• Examples:
– School campus or an organization with a
network spanning across two or more
buildings: it is easier to install and maintain
antennas on top to link different building then
cables underground.
– Home or small organization wireless LAN, so
no one can get anything meaningful from the
radio waves it’s being run on.
October 22, 2002
Serguei A. Mokhov,
[email protected]
16
Link Layer (3)
• Advantages:
– Does not require any knowledge of routing,
networking, apps, etc.
– Key management relatively simple: two devices share a
long-term key, and periodically derive session keys
from them.
• Disadvantages:
– Not appropriate when there is no direct connection
between communicating parties (e.g.: need routing info,
which is encrypted otherwise)
October 22, 2002
Serguei A. Mokhov,
[email protected]
17