Raj Jain Washington University in Saint Louis Saint Louis MO 63130 Jain cse wustl edu Audio Video recordings of this lecture are available at http www cse wustl edu jain cse571 09 Washington University in St Louis CSE571S 13 1 2009 Raj Jain Overview Security Scheme Design Issues Perfect Forward Secrecy IP Concepts NAT Tunnel Firewall Proxy Servers IP Headers IPsec Concepts AH ESP AH ESP Version 3 Washington University in St Louis CSE571S 13 2 2009 Raj Jain Security Scheme Design Issues Perfect Forward Secrecy Denial of Service Protection End Point Identifier Hiding Live Partner Reassurance Washington University in St Louis CSE571S 13 3 2009 Raj Jain Perfect Forward Secrecy Attacker cannot decrypt a conversation even if he records the entire session and subsequently steals their long term secrets Use session keys not derivable from information stored at the node after session concludes Escrow Foilage Even if the long term private keys have been escrowed eavesdropper passive cannot decrypt Alice Bob Alice ga mod p Alice sig Bob gb mod p Bob sig Hash gab mod p Signed message to avoid MitM attack Hash 1 gab mod p Washington University in St Louis CSE571S 13 4 2009 Raj Jain Denial of Service Protection Rule Do not keep state until the response comes back All state in cookies sent back to the requester Adds a round trip delay Washington University in St Louis CSE571S 13 5 2009 Raj Jain End Point Identifier Hiding Hide the identities from eavesdroppers Anonymous DH and use the key to divulge identities Passive eavesdropper cannot learn identities but active Man in the Middle can learn one or both identities Authenticate Requester should divulge first Washington University in St Louis CSE571S 13 6 2009 Raj Jain Live Partner Reassurance DH operations are expensive g b a are not changed often Keys should be based on a gab and an nonce Can t replay previous sessions Washington University in St Louis CSE571S 13 7 2009 Raj Jain IP Concepts Private Addresses Network Address Translation Tunnel Firewalls Proxy Servers IPv4 IPv6 Washington University in St Louis CSE571S 13 8 2009 Raj Jain Private Addresses 32 bit Address 4 Billion addresses max Subnetting Limit is much lower Shortage of IP address Private addresses Frequent ISP changes Private address Private Not usable on public Internet RFC 1918 lists such addresses for private use Prefix 10 8 172 16 12 192 168 16 Example 10 207 37 234 Washington University in St Louis CSE571S 13 9 2009 Raj Jain 164 1 1 3 NAT NAT Router Router 164 1 1 2 10 1 1 3 Host 10 1 1 2 Network Address Translation NAT R2 Internet NAT Network Address Translation Like Dynamic Host Configuration Protocol DHCP Outgoing Packets Change Private source address Source Port to public address new Port Incoming Packets Change Public Destination Address Dest Port to Private IP address original Port Washington University in St Louis CSE571S 13 10 2009 Raj Jain Tunnel IP Land IP Not Spoken Here Non IP Header IP Header IP Land Payload Tunnel Encaptulation Used whenever some feature is not supported in some part of the network e g multicasting mobile IP Washington University in St Louis CSE571S 13 11 2009 Raj Jain Firewall Intranet R1 Firewall Firewall R2 Internet Enforce rules on what internal hosts applications can be accessed from outside and vice versa One point of entry Easier to manage security Discard based on IP TCP header Mainly port Firewall Friendly applications Use port 80 Washington University in St Louis CSE571S 13 12 2009 Raj Jain Proxy Servers R2 Client Proxy Proxy Server Server R1 Proxy Internet Real Specialized server programs on bastion host Take user s request and forward them to real servers Take server s responses and forward them to users Enforce site security policy Refuse some requests Also known as application level gateways With special Proxy client programs proxy servers are almost transparent Washington University in St Louis CSE571S 13 13 2009 Raj Jain IP Headers IPv6 Ver Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address IPv4 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding T Washington University in St Louis CSE571S 13 14 2009 Raj Jain IPsec Security at layer 3 Competition Layer 2 VPN Layer 4 SSL etc Advantages Applies to all applications Routers firewalls vendors can implement it Can t implement SSL Limitations Limited to IP Addresses Has no concept of application users Washington University in St Louis CSE571S 13 15 2009 Raj Jain Security Association One way relationship between sender and receiver For two way two associations are required Three SA identification parameters Security parameter index IP destination address Security protocol identifier Washington University in St Louis CSE571S 13 16 2009 Raj Jain IPsec Concepts IPsec Security Association One way Security Parameter Index Allows receiver to retrieve info from security association database Chosen by receiver SPI DA SA Washington University in St Louis CSE571S 13 17 2009 Raj Jain IPSec Secure IP A series of proposals from IETF Separate Authentication and privacy Authentication Header AH ensures data integrity and data origin authentication Encapsulating Security Protocol ESP ensures confidentiality data origin authentication connectionless integrity and antireplay service IP Header Original Original AH ESP IP Header Data Encrypted Authenticated Optional Washington University in St Louis CSE571S 2009 Raj Jain 13 18 Tunnel vs Transport Mode Gateway to gateway vs end to end Router Router Gateway to Gateway End to end Washington University in St Louis CSE571S 13 19 2009 Raj Jain Authentication Header Next Header TCP 6 UDP 17 IP 4 AH 51 Designed by IPv6 fans Payload Length Length of AH in 32 bit words 2 for IPv4 Length of AH in 64 bit words 1 for IPv6 SPI Identifies Security association 0 Local use 1 255 reserved Authentication data Integrity Check Value Washington University in St Louis CSE571S 13 20 2009 Raj Jain AH ICV Computation IP Header AH Header Old IP Header IP payload ICV coverage The AH ICV is computed over IP header fields that are either immutable in transit or that are predictable in value upon arrival at the endpoint for the AH SA e g source address immutable destination address with source routing mutable but predictable The AH header Next Header Payload Len Reserved SPI Sequence Number and the Authentication Data which