Securing Internet Communication CS 161 Computer Security Profs Vern Paxson David Wagner TAs John Bethencourt Erika Chin Matthew Finifter Cynthia Sturton Joel Weinberger http inst eecs berkeley edu cs161 March 15 2010 Today s Lecture Applying crypto technology in practice Goal 1 overview of the most prominent Internet security protocols SSL TLS transport level process to process ala TCP DNSSEC securing domain name lookups Others SSH and to a lesser extent IPSEC Issues that arising in securing these Goal 2 cement understanding of crypto building blocks how they re used together Building Secure End to End Channels End to end communication protections achieved all the way from originating client to intended server With no need to trust intermediaries Dealing with threats Eavesdropping Encryption including session keys Manipulation injection MITM Integrity use of a MAC replay protection Impersonation Signatures End to End Powerful Protections Attacker runs a sniffer to capture our WiFi session maybe by breaking crummy WEP security Encrypted communication is unreadable No problem DNS cache poisoning Client goes to wrong server Detects impersonation No problem Attacker hijacks our connection injects new traffic Data receiver rejects it due to failed integrity check No problem Powerful Protections con t DHCP spoofing Client goes to wrong server Detects impersonation No problem Attacker manipulates routing to run us by an eavesdropper or take us to the wrong server They can t read we detect impersonation No problem Attacker slips in as a Man In The Middle They can t read they can t inject They can t even replay previous encrypted traffic No problem Building A Secure End to End Channel SSL TLS SSL Secure Sockets Layer predecessor TLS Transport Layer Security standard Both terms used interchangeably Notion provide means to secure any application that uses TCP SSL TLS In Network Layering 7 Application 7 Application 7 SSL TLS 4 Transport 4 Transport TCP 3 Inter Network 3 Inter Network 2 Link 2 Link 1 Physical 1 Physical Building A Secure End to End Channel SSL TLS SSL Secure Sockets Layer predecessor TLS Transport Layer Security standard Both terms used interchangeably Notion provide means to secure any application that uses TCP Secure encryption confidentiality integrity authentication of server but not of client E g puts the s in https Regular web surfing http URL But if we click here Web surfing with TLS SSL https URL Note all of these images etc are now also fetched via https URLs Doing so gives the web page full integrity in keeping with end toend security Building A Secure End to End Channel SSL TLS SSL Secure Sockets Layer predecessor TLS Transport Layer Security standard Both terms used interchangeably Notion provide means to secure any application that uses TCP Secure encryption confidentiality integrity authentication of server but not of client E g puts the s in https API similar to socket interface used for regular network programming Fairly easy to convert an app to be secured HTTPS Connection SSL TLS Browser client connects via TCP to Amazon s HTTPS server Client sends over list of crypto protocols it supports Server picks protocols to use for this session Server sends over its certificate all of this is in the clear Client now validates cert Browser Amazon SY N SY N A CK ACK Hell o TLS I supp o SSL RSA A rt RS E A 3 S128 S DES MD HA1 or 5 or se HA1 S 8 2 1 Let s u A AES S R S TL cert y m s Here ta a d f B o K 3 2 HTTPS Connection SSL TLS con t Browser constructs a long 2048 bits random string R Browser y cert m s e Her Browser sends R encrypted using Amazon s public key KA From R browser server derive pairs of symm cipher keys CB CS and MAC integrity keys IB IS One pair to use in each direction Browser server exchange MACs computed over entire dialog so far Browser displays All subsequent communication encrypted w symmetric cipher e g AES128 cipher keys MACs Messages also numbered to thwart replay attacks Amazon R data f o KB 3 2 R K A M AC d ia lo R g IB lo g a i d C MA I S M M 1 A C M 1 IB C B I S C S M 2 C MA M 2 Inside the Server s Certificate Name associated with cert e g www amazon com Amazon s public key e g 2048 bits for RSA A bunch of auxiliary info physical address type of cert expiration time Name of certificate s issuer e g Verisign Optional URL to revocation center to check for revoked certs A public key signature of a hash SHA 1 of all this Constructed using the issuer s private RSA key Call this signature S Validating Amazon s Identity Browser compares name in cert with that in URL Note this provides an end to end property as opposed to say a cert associated with an IP address Browser accesses separate cert belonging to the issuer These are hardwired into the browser trusted Browser applies issuer s public key to invert signature S obtaining hash of what issuer signed Compares with its own SHA 1 hash of Amazon s cert Assuming hashes match now have high confidence it s indeed Amazon assuming didn t lose assuming signatory is trustworthy private key assuming didn t sign thoughtlessly Validating Amazon s Identity con t Browser retrieves cert belonging to the issuer These are hardwired into the browser trusted What if browser can t find a cert for the issuer Validating Amazon s Identity con t Browser retrieves cert belonging to the issuer These are hardwired into the browser trusted What if browser can t find a cert for the issuer If it can t find the cert then warns the user that site has not been verified Note can still proceed just without authentication Q Which end to end security properties do we lose if we incorrectly trust that the site is whom we think A All of them Goodbye confidentiality integrity authentication Attacker can read everything modify impersonate SSL TLS Limitations Properly used SSL TLS provides powerful endto end protections So why not use it for everything Issues Cost of public key crypto o Can buy hardware to accelerate but o Note symmetric key crypto on modern hardware is non issue Hassle of buying maintaining certs fairly minor DoS amplification o Client can force server to undertake public key operations o But requires established TCP connection and given that there are other juicy targets like back end databases Integrating with other sites that don t use HTTPS Latency extra round trips pages take longer to load SSL TLS Limitations con t Problems that SSL TLS does not take care of TCP level denial of service SYN flooding RST injection
View Full Document
Unlocking...