New England Week 6 TLS Connection and a TLS Session Questions

Question Description

6.2 What protocols comprise TLS?

6.3 What is the difference between a TLS connection and a TLS session?

6.4 List and briefly define the parameters that define a TLS session state.

6.5 List and briefly define the parameters that define a TLS session connection.

6.6 What services are provided by the TLS Record Protocol?

6.7 What steps are involved in the TLS Record Protocol transmission?

6.8 What is the purpose of HTTPS?

6.9 For what applications is SSH useful?

6.10 List and briefly define the SSH protocols.

Unformatted Attachment Preview

Network Security Essentials: Applications and Standards Sixth Edition Chapter 6 Transport-Level Security Copyright © 2017 Pearson Education, Inc. All Rights Reserved Web Security Considerations • The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets • The following characteristics of Web usage suggest the need for tailored security tools: – Web servers are relatively easy to configure and manage – Web content is increasingly easy to develop • A Web server can be exploited as a launching pad into the corporation’s or agency’s entire computer complex • Casual and untrained (in security matters) users are common clients for Web-based services – Such users are not necessarily aware of the security risks that exist and do not have the tools or knowledge to take effective countermeasures – The underlying software is extraordinarily complex – May hide many potential security flaws Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-1 A Comparison of Threats on the Web (1 of 2) Blank Threats Consequences Countermeasures Integrity • Modification of user data • Loss of information • Trojan horse browser • Cryptographic checksums Compromise of machine • Modification of memory • • Vulnerability to all other threats Modification of message traffic in transit • Eavesdropping on the net • Loss of information • Theft of info from server • Loss of privacy • Theft of data from client • Info about network configuration • Info about which client talks to server Confidentiality Encryption, Web proxies Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-1 A Comparison of Threats on the Web (2 of 2) Blank Threats Consequences Countermeasures Denial of Service • Killing of user threads • Disruptive Difficult to prevent • Flooding machine with bogus requests • Annoying • Prevent user from getting work done • Misrepresentation of user • Belief that false information is valid Authentication • Filling up disk or memory • Isolating machine by DNS attacks • Impersonation of legitimate users • Data forgery Cryptographic techniques Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-1 Relative Location of Security Facilities in the TCP/IP Protocol Stack Copyright © 2017 Pearson Education, Inc. All Rights Reserved Transport Layer security (TSL) • One of the most widely used security services • TLS is an Internet standard that evolved from a commercial protocol known as Secure Sockets Layer (SSL) • TLS is a general purpose service implemented as a set of protocols that rely on TCP – TLS could be provided as part of the underlying protocol suite and therefore be transparent to applications – Alternatively, TLS can be embedded in specific packages Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-2 SSL/TLS Protocol Stack Copyright © 2017 Pearson Education, Inc. All Rights Reserved TLS Architecture (1 of 2) • Two important TLS concepts are TLS connection • A transport that provides a suitable type of service • For TLS such connections are peer-to-peer relationships • Connections are transient • Every connection is associated with one session Copyright © 2017 Pearson Education, Inc. All Rights Reserved TLS Architecture (2 of 2) TLS session • An association between a client and a server • Created by the Handshake Protocol • Define a set of cryptographic security parameters which can be shared among multiple connections • Are used to avoid the expensive negotiation of new security parameters for each connection Copyright © 2017 Pearson Education, Inc. All Rights Reserved A Session State Is Defined by the Following Parameters: (1 of 2) Session identifier • An arbitrary byte sequence chosen by the server to identify an active or resumable session state Peer certificate • An X509.v3 certificate of the peer; this element of the state may be null Compression method • The algorithm used to compress data prior to encryption Copyright © 2017 Pearson Education, Inc. All Rights Reserved A Session State Is Defined by the Following Parameters: (2 of 2) Cipher spec • Specifies the bulk data encryption algorithm and a hash algorithm used for MAC calculation; also defines cryptographic attributes such as the hash_size Master secret • 48-byte secret shared between the client and the server Is resumable • A flag indicating whether the session can be used to initiate new connections Copyright © 2017 Pearson Education, Inc. All Rights Reserved A Connection State is Defined by the Following Parameters: (1 of 3) Server and client random • Byte sequences that are chosen by the server and client for each connection Server write MAC secret • The secret key used in MAC operations on data sent by the server Client write MAC secret • The secret key used in MAC operations on data sent by the client Copyright © 2017 Pearson Education, Inc. All Rights Reserved A Connection State is Defined by the Following Parameters: (2 of 3) Server write key • The secret encryption key for data encrypted by the server and decrypted by the client Client write key • The symmetric encryption key for data encrypted by the client and decrypted by the server Initialization vectors • When a block cipher in CBC mode is used, an initialization vector (IV) is maintained for each key Copyright © 2017 Pearson Education, Inc. All Rights Reserved A Connection State is Defined by the Following Parameters: (3 of 3) • This field is first initialized by the SSL Handshake Protocol • The final ciphertext block from each record is preserved for use as the IV with the following record Sequence numbers • Each party maintains separate sequence numbers for transmitted and received messages for each connection • When a party sends or receives a change cipher spec message, the appropriate sequence number is set to zero • Sequence numbers may not exceed 264 − 1 Copyright © 2017 Pearson Education, Inc. All Rights Reserved TLS Record Protocol • The TLS Record Protocol provides two services for TLS connections – Confidentiality ▪ The Handshake Protocol defines a shared secret key that is used for conventional encryption of TLS payloads – Message integrity ▪ The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC) Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-3 TLS Record Protocol Operation Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-4 SSL Record Format Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-5 TLS Record Protocol Payload Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-2 TLS Handshake Protocol Message Types Message Type Parameters hello_request null client_hello version, random, session id, cipher suite, compression method server_hello version, random, session id, cipher suite, compression method certificate chain of X.509v3 certificates server_key_exchange parameters, signature certificate_request type, authorities server_done null certificate_verify signature client_key_exchange parameters, signature finished hash value Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-6 Handshake Protocol Action Copyright © 2017 Pearson Education, Inc. All Rights Reserved Cryptographic Computations (1 of 2) • Two further items are of interest: – The creation of a shared master secret by means of the key exchange ▪ The shared master secret is a one-time 48-byte value generated for this session by means of secure key exchange – The generation of cryptographic parameters from the master secret Copyright © 2017 Pearson Education, Inc. All Rights Reserved Cryptographic Computations (2 of 2) ▪ CipherSpecs require a client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV which are generated from the master secret in that order – These parameters are generated from the master secret by hashing the master secret into a sequence of secure bytes of sufficient length for all needed parameters Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-7 TLS Function P_hash (Secret, Seed) Copyright © 2017 Pearson Education, Inc. All Rights Reserved Heartbeat Protocol (1 of 2) • A heartbeat is a periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system • A heartbeat protocol is typically used to monitor the availability of a protocol entity • The heartbeat protocol runs on top of the TLS Record Protocol – Consists of two message types: heartbeat request and heartbeat response Copyright © 2017 Pearson Education, Inc. All Rights Reserved Heartbeat Protocol (2 of 2) • The heartbeat serves two purposes: – It assures the sender that the recipient is still alive, even though there may not have been any activity over the underlying TCP connection – It generates activity across the connection during idle periods, which avoids closure by a firewall that does not tolerate idle connections Copyright © 2017 Pearson Education, Inc. All Rights Reserved SSL/TLS Attacks Attack categories • Attacks on the handshake protocol • Attacks on the record and application data protocols • Attacks on the PKI • Other attacks Copyright © 2017 Pearson Education, Inc. All Rights Reserved HTTPS (HTTP over SSL) (1 of 2) • Refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server • The HTTPS capability is built into all modern Web browsers • A user of a Web browser will see URL addresses that begin with https:// rather than http:// • If HTTPS is specified, port 443 is used, which invokes SSL • Documented in RFC 2818, HTTP Over TLS – There is no fundamental change in using HTTP over either SSL or TLS and both implementations are referred to as HT TPS Copyright © 2017 Pearson Education, Inc. All Rights Reserved HTTPS (HTTP over SSL) (2 of 2) • When HTTPS is used, the following elements of the communication are encrypted: – URL of the requested document – Contents of the document – Contents of browser forms – Cookies sent from browser to server and from server to browser – Contents of HTTP header Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Initiation (1 of 3) For HTTPS, the agent acting as the HTTP client also acts as the TLS client • The client initiates a connection to the server on the appropriate port and then sends the TLS Client Hello to begin the TLS handshake • When the TLS handshake has finished, the client may then initiate the first HTTP request • All HTTP data is to be sent as TLS application data Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Initiation (2 of 3) There are three levels of awareness of a connection in H TTPS: • At the HTTP level, an HTTP client requests a connection to an HTTP server by sending a connection request to the next lowest layer – Typically the next lowest layer is TCP, but it may also be TLS/SSL • At the level of TLS, a session is established between a TL S client and a TLS server – This session can support one or more connections at any time Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Initiation (3 of 3) • A TLS request to establish a connection begins with the establishment of a TCP connection between the TCP entity on the client side and the TCP entity on the server side Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Closure (1 of 2) • An HTTP client or server can indicate the closing of a connection by including the line Connection: close in an H TTP record • The closure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connection Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Closure (2 of 2) • TLS implementations must initiate an exchange of closure alerts before closing a connection – A TLS implementation may, after sending a closure alert, close the connection without waiting for the peer to send its closure alert, generating an “incomplete close” • An unannounced TCP closure could be evidence of some sort of attack so the HTTPS client should issue some sort of security warning when this occurs Copyright © 2017 Pearson Education, Inc. All Rights Reserved Secure Shell (SSH) Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-8 SSH Protocol Stack Copyright © 2017 Pearson Education, Inc. All Rights Reserved Transport Layer Protocol (1 of 2) • Server authentication occurs at the transport layer, based on the server possessing a public/private key pair • A server may have multiple host keys using multiple different asymmetric encryption algorithms • Multiple hosts may share the same host key • The server host key is used during key exchange to authenticate the identity of the host Copyright © 2017 Pearson Education, Inc. All Rights Reserved Transport Layer Protocol (2 of 2) • RFC 4251 dictates two alternative trust models: – The client has a local database that associates each host name with the corresponding public host key – The host name-to-key association is certified by a trusted certification authority (CA); the client only knows the CA root key and can verify the validity of all host keys certified by accepted CAs Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-9 SSH Transport Layer Protocol Packet Exchanges Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-10 SSH Transport Layer Protocol Packet Formation Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-3 SSH Transport Layer Cryptographic Algorithms (1 of 4) Cipher Cipher 3des-cbc* Three-key 3DES in CBC mode blowfish-cbc Blowfish in CBC mode twofish256-cbc Two fish in CBC mode with a 256-bit key twofish192-cbc Two fish with a 192-bit key twofish128-cbc Two fish with a 128-bit key aes256-cbc AES in CBC mode with a 256-bit key Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-3 SSH Transport Layer Cryptographic Algorithms (2 of 4) Cipher Cipher aes192-cbc AES with a 192-bit key aes128-cbc** Serpent256-cbc AES with a 128-bit key Serpent in CBC mode with a 256-bit key Serpent with a 192-bit key Serpent192-cbc Serpent128-cbc arcfour cast128-cbc Serpent with a 128-bit key RC4 with a 128-bit key CAST-128 in CBC mode Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-3 SSH Transport Layer Cryptographic Algorithms (3 of 4) MAC Algorithm MAC Algorithm hmac-sha1* HMAC-SHA1; digest length = key length = 20 hmac-sha1-96** First 96 bits of HMACSHA1; digest length = 12; key length = 20 hmac-md5 HMAC-MD5; digest length = key length = 16 hmac-md5-96 First 96 bits of HMAC-MD5; digest length = 12; key length = 16 Copyright © 2017 Pearson Education, Inc. All Rights Reserved Table 6-3 SSH Transport Layer Cryptographic Algorithms (4 of 4) Compression algorithm Compression algorithm none* No compression zlib Defined in RFC 1950 and RFC 1951 Copyright © 2017 Pearson Education, Inc. All Rights Reserved Authentication Methods (1 of 2) Public key • The client sends a message to the server that contains the client’s public key, with the message signed by the client’s private key • When the server receives this message, it checks whether the supplied key is acceptable for authentication and, if so, it checks whether the signature is correct Password • The client sends a message containing a plaintext password, which is protected by encryption by the Transport Layer Protocol Copyright © 2017 Pearson Education, Inc. All Rights Reserved Authentication Methods (2 of 2) Hostbased • Authentication is performed on the client’s host rather than the client itself • This method works by having the client send a signature created with the private key of the client host • Rather than directly verifying the user’s identity, the SSH server verifies the identity of the client host Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Protocol (1 of 2) • The SSH Connection Protocol runs on top of the SSH Transport Layer Protocol and assumes that a secure authentication connection is in use – The secure authentication connection, referred to as a tunnel, is used by the Connection Protocol to multiplex a number of logical channels • Channel mechanism – All types of communication using SSH are supported using separate channels Copyright © 2017 Pearson Education, Inc. All Rights Reserved Connection Protocol (2 of 2) – Either side may open a channel – For each channel, each side associates a unique channel number – Channels are flow controlled using a window mechanism – No data may be sent to a channel until a message is received to indicate that window space is available – The life of a channel progresses through three stages: opening a channel, data transfer, and closing a channel Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-11 Example of SSH Connection Protocol Message Exchange Copyright © 2017 Pearson Education, Inc. All Rights Reserved Channel Types (1 of 2) • Four channel types are recognized in the SSH Connection Protocol specification Session • The remote execution of a program • The program may be a shell, an application such as file transfer or e-mail, a system command, or some built-in subsystem • Once a session channel is opened, subsequent requests are used to start the remote program Copyright © 2017 Pearson Education, Inc. All Rights Reserved Channel Types (2 of 2) X11 • Refers to the X Window System, a computer software system and network protocol that provides a graphical user interface (G UI) for networked computers • X allows applications to run on a network server but to be displayed on a desktop machine Forwarded-tcpip • Remote port forwarding Direct-tcpip • Local port forwarding Copyright © 2017 Pearson Education, Inc. All Rights Reserved Port Forwarding • One of the most useful features of SSH • Provides the ability to convert any insecure TCP connection into a secure SSH connection (also referred to as SSH tunneling) • Incoming TCP traffic is delivered to the appropriate application on the basis of the port number (a port is an identifier of a user of TCP) • An application may employ multiple port numbers Copyright © 2017 Pearson Education, Inc. All Rights Reserved Figure 6-12 SSH Transport Layer Packet Exchanges Copyright © 2017 Pearson Education, Inc. All Rights Reserved Summary (1 of 2) • Transport Layer Security – TLS architecture – TLS record protocol – Change cipher spec protocol – Alert protocol – Handshake protocol – Cryptographic computations – Heartbeat protocol – SSL/TLS attacks – TLSv1.3 Copyright © 2017 Pearson Education, Inc. All Rights Reserved Summary (2 of 2) • Web security considerations – Web security threats – Web traffic security approaches • HTTPS – Connection initiation – Connection closure • Secure shell (SSH) – Transport layer protocol – User authentication protocol – Communication protocol Copyright © 2017 Pearson Education, Inc. All Rights Reserved Copyright Copyright © 2017 Pearson Education, Inc. All Rights Reserved …

Place this order or similar order and get an amazing discount. USE Discount “GET12” for 12%