13-1©2009 Raj JainCSE571SWashington University in St. LouisRaj Jain Washington University in Saint LouisSaint Louis, MO [email protected]/Video recordings of this lecture are available at:http://www.cse.wustl.edu/~jain/cse571-09/13-2©2009 Raj JainCSE571SWashington University in St. LouisOverviewOverview Security Scheme Design Issues: Perfect Forward Secrecy IP Concepts: NAT, Tunnel, Firewall, Proxy Servers IP Headers IPsec: Concepts, AH, ESP AH, ESP Version 313-3©2009 Raj JainCSE571SWashington University in St. LouisSecurity Scheme Design IssuesSecurity Scheme Design Issues Perfect Forward Secrecy Denial of Service Protection End Point Identifier Hiding Live Partner Reassurance13-4©2009 Raj JainCSE571SWashington University in St. LouisPerfect Forward SecrecyPerfect Forward Secrecy Attacker cannot decrypt a conversation even if he records the entire session and subsequently steals their long term secrets Use session keys not derivable from information stored at the node after session concludes Escrow-Foilage: Even if the long-term private keys have been escrowed, eavesdropper (passive) cannot decrypt[“Alice”, gamod p]Alice_sig[“Bob”, gbmod p]Bob_sigHash(gabmod p)Hash(1|gabmod p)Alice BobSigned messageto avoid MitM attack13-5©2009 Raj JainCSE571SWashington University in St. LouisDenial of Service ProtectionDenial of Service Protection Rule: Do not keep state until the response comes back⇒ All state in cookies sent back to the requester Adds a round-trip delay13-6©2009 Raj JainCSE571SWashington University in St. LouisEnd Point Identifier HidingEnd Point Identifier Hiding Hide the identities from eavesdroppers Anonymous DH and use the key to divulge identities⇒ Passive eavesdropper cannot learn identitiesbut active Man-in-the-Middle can learn one or both identities⇒ Authenticate Requester should divulge first13-7©2009 Raj JainCSE571SWashington University in St. LouisLive Partner ReassuranceLive Partner Reassurance DH operations are expensive ⇒ g, b, a are not changed often Keys should be based on a gaband an nonce⇒ Can't replay previous sessions13-8©2009 Raj JainCSE571SWashington University in St. LouisIP ConceptsIP Concepts Private Addresses Network Address Translation Tunnel Firewalls Proxy Servers IPv4 IPv613-9©2009 Raj JainCSE571SWashington University in St. LouisPrivate AddressesPrivate Addresses 32-bit Address ⇒ 4 Billion addresses max Subnetting ⇒ Limit is much lower Shortage of IP address ⇒ Private addresses Frequent ISP changes ⇒ Private address Private ⇒ Not usable on public Internet RFC 1918 lists such addresses for private use Prefix = 10/8, 172.16/12, 192.168/16 Example: 10.207.37.23413-10©2009 Raj JainCSE571SWashington University in St. LouisNetwork Address Translation (NAT)Network Address Translation (NAT) NAT = Network Address TranslationLike Dynamic Host Configuration Protocol (DHCP) Outgoing Packets: Change <Private source address, Source Port> to <public address, new Port> Incoming Packets: Change <Public Destination Address, Dest Port> to <Private IP address, original Port #>InternetHost R2NATRouterNATRouter10.1.1.210.1.1.3164.1.1.2164.1.1.313-11©2009 Raj JainCSE571SWashington University in St. LouisTunnelTunnel Tunnel = Encaptulation Used whenever some feature is not supported in some part of the network, e.g., multicasting, mobile IPIP Land IP LandIP Not Spoken HereIP Header PayloadNon-IP Header13-12©2009 Raj JainCSE571SWashington University in St. LouisFirewallFirewall Enforce rules on what internal hosts/applications can be accessed from outside and vice versa One point of entry. Easier to manage security. Discard based on IP+TCP header. Mainly port #. Firewall-Friendly applications: Use port 80.Intranet InternetR1 R2FirewallFirewall13-13©2009 Raj JainCSE571SWashington University in St. LouisProxy ServersProxy Servers Specialized server programs on bastion host Take user's request and forward them to real servers Take server's responses and forward them to users Enforce site security policy ⇒ Refuse some requests. Also known as application-level gateways With special "Proxy client" programs, proxy servers are almost transparentInternetR1R2ProxyServerProxyServerClient ProxyReal13-14©2009 Raj JainCSE571SWashington University in St. LouisIP HeadersIP HeadersVer Traffic Class Flow LabelPayload Length Next Header Hop LimitSource AddressDestination AddressVersion IHL Type of Service Total LengthIdentification Flags Fragment OffsetTime to Live Protocol Header ChecksumSource AddressDestination AddressPaddingOptions IPv6:T IPv4:13-15©2009 Raj JainCSE571SWashington University in St. LouisIPsecIPsec Security at layer 3 Competition: Layer 2 VPN, Layer 4 SSL, etc Advantages:¾ Applies to all applications¾ Routers/firewalls vendors can implement it (Can't implement SSL) Limitations:¾ Limited to IP Addresses¾ Has no concept of application users13-16©2009 Raj JainCSE571SWashington University in St. LouisSecurity AssociationSecurity Association One way relationship between sender and receiver For two way, two associations are required Three SA identification parameters¾ Security parameter index¾ IP destination address¾ Security protocol identifier13-17©2009 Raj JainCSE571SWashington University in St. LouisIPsec ConceptsIPsec Concepts IPsec Security Association: One-way Security Parameter Index: Allows receiver to retrieve info from security association database. ¾ Chosen by receiver¾ SPI+[DA]+[SA]13-18©2009 Raj JainCSE571SWashington University in St. LouisIPSecIPSec Secure IP: A series of proposals from IETF Separate Authentication and privacy Authentication Header (AH) ensures data integrity and data origin authentication Encapsulating Security Protocol (ESP) ensures confidentiality, data origin authentication, connectionless integrity, and anti-replay serviceAuthenticatedEncryptedIPHeaderAH ESPOriginalIP Header*OriginalData* Optional13-19©2009 Raj JainCSE571SWashington University in St. LouisTunnel vs. Transport ModeTunnel vs. Transport Mode Gateway-to-gateway vs. end-to-endRouterRouterGateway-to-GatewayEnd-to-end13-20©2009 Raj JainCSE571SWashington University in St. LouisAuthentication HeaderAuthentication Header Next Header = TCP=6, UDP=17, IP=4, AH=51⇒ Designed by IPv6 fans Payload Length = Length of AH