ISO/OSI Model SSL: Security at

Peer-to-peer Application Layer

Presentation Layer Network Security Session Layer

Assurance Transport Layer Transport Layer

Network Layer Network Layer

Lecture 9 Data Link Layer Data Link Layer

Physical Layer Physical Layer October 30, 2003 Flow of bits

Courtesy of Professors INFSCI 2935: Introduction of Computer Security 1 INFSCI 2935: Introduction to Computer Security 2 Chris Clifton & Matt Bishop

1 Security at the Transport Layer Secure Socket Layer (SSL) Secure Socket Layer (SSL) l Developed by Netscape to provide security in l Each party keeps session information ¡ Session identifier (unique) WWW browsers and servers ¡ The peer’s X.503(v3) certificate l SSL is the basis for the Internet standard ¡ Compression method used to reduce volume of data ¡ Cipher specification (parameters for cipher and MAC) protocol – (TLS) ¡ Master secret of 48 bits protocol (compatible with SSLv3) l Connection information ¡ Random data for the server & client l Key idea: Connections and Sessions ¡ Server and client keys (used for encryption) ¡A SSL session is an association between two peers ¡ Server and client MAC key ¡An SSL connection is the set of mechanisms used to ¡ Initialization vector for the cipher, if needed ¡ Server and client sequence numbers transport data in an SSL session l Provides a set of supported cryptographic mechanisms that are setup during negotiation (handshake protocol)

INFSCI 2935: Introduction to Computer Security 3 INFSCI 2935: Introduction to Computer Security 4

2 SSL Architecture SSL Record Protocol Operation

e.g., HTTP messages

Provides a basis for Secure communication Confidentiality + Message authenticity

Message type, version, length of block

INFSCI 2935: Introduction to Computer Security 5 INFSCI 2935: Introduction to Computer Security 6

3 Handshake Protocol Other protocols lThe most complex part of SSL lSSL Change Cipher Spec Protocol lAllows the server and client to ¡A single byte is exchanged authenticate each other ¡After new cipher parameters have been ¡Based on interchange cryptosystem (e.g., RSA) negotiated (renegotiated) lNegotiate encryption, MAC algorithm and lSSL Alert Protocol cryptographic keys ¡Signals an unusual condition ¡Four rounds ¡Closure alert : sender will not send anymore lUsed before any application data are ¡Error alert: fatal error results in disconnect transmitted

INFSCI 2935: Introduction to Computer Security 7 INFSCI 2935: Introduction to Computer Security 8

4 ISO/OSI Model IPSec IPSec: Security at Network Layer

Peer-to-peer l Set of protocols/mechanisms Application Layer Application Layer ¡ Encrypts and authenticates all traffic at the IP level l Protects all messages sent along a path Presentation Layer Presentation Layer l Intermediate host with IPSec mechanism (firewall, gateway) is called a security gateway Session Layer Session Layer ¡ Use on LANs, WANs, public, and private networks l Application independent (Transparent to user) Transport Layer Transport Layer ¡ Web browsing, , ftp… l Provides at the IP level Network Layer Network Layer Network Layer ¡ Access control ¡ Connectionless integrity Data Link Layer Data Link Layer Data Link Layer ¡ Data origin authentication Physical Layer Physical Layer Physical Layer ¡ Rejection of replayed packets ¡ Data confidentiality ¡ Limited traffic analysis confidentiality Flow of bits

INFSCI 2935: Introduction to Computer Security 9 INFSCI 2935: Introduction to Computer Security 10

5 Cases where IPSec can be used Cases where IPSec can be used (2)

SG Internet SG Internet/ Intranet Intranet Intranet

End-to -end security between two hosts End-to -end security between two hosts + two gateways

Internet SG SG Internet/ SG Intranet Intranet

End-to -end security between two security gateways End-to -end security between two hosts during dial-up

INFSCI 2935: Introduction to Computer Security 11 INFSCI 2935: Introduction to Computer Security 12

6 IPSec Protocols Security Association (SA) l Authentication header (AH) protocol l Unidirectional relationship between peers (a sender and ¡ Message integrity a receiver) ¡ Origin authentication l Specifies the security services provided to the traffic ¡ Anti-replay services carried on the SA l Encapsulating security payload (ESP) protocol ¡ Security enhancements to a channel along a path ¡ Confidentiality ¡ Message integrity l Identified by three parameters: ¡ Origin authentication ¡ IP Destination Address ¡ Anti-replay services ¡ Security Protocol Identifier l Internet Key Exchange (IKE) l Specifies whether AH or ESP is being used ¡ Exchanging keys between entities that need to communicate over the Internet ¡ Security Parameters Index (SPI) ¡ What authentication methods to use, how long to use the keys, etc. l Specifies the security parameters associated with the SA

INFSCI 2935: Introduction to Computer Security 13 INFSCI 2935: Introduction to Computer Security 14

7 Security Association (2) Security Association Databases lEach SA uses AH or ESP (not both) l IP needs to know the SAs that exist in order to provide security services ¡If both required two are SAs are created l Security Policy Database (SPD) lMultiple security associations may be used ¡ IPSec uses SPD to handle messages ¡ For each IP packet, it decides whether an IPSec service is to provide required security services provided, bypassed, or if the packet is to be discarded ¡A sequence of security associations is called l Security Association Database (SAD) ¡ Keeps track of the sequence number SA bundle ¡ AH information (keys, algorithms, lifetimes) ¡Example: We can have an AH protocol followed ¡ ESP information (keys, IVs, algorithms, lifetimes) by ESP or vice versa ¡ Lifetime of the SA ¡ Protocol mode ¡ MTU

INFSCI 2935: Introduction to Computer Security 15 INFSCI 2935: Introduction to Computer Security 16

8 IPSec Modes Authentication Header (AH)

parameters lTwo modes l Next header ¡ Identifies what protocol header follows Next Header ¡Transport mode l Payload length lEncapsulates IP packet data area ¡ Indicates the number of 32-bit words in Payload length the authentication header lIP Header is not protected l Security Parameters Index Security Parameters • Protection is provided for the upper layers ¡ Specifies to the receiver the algorithms, Index • Usually used in host-to-host communications type of keys, and lifetime of the keys used Sequence ¡Tunnel mode l Sequence number Number ¡ Counter that increases with each IP lEncapsulates entire IP packet in an IPSec Authentication Data packet sent from the same host to the envelope same destination and SA • Helps against traffic analysis l Authentication Data • The original IP packet is untouched in the Internet

INFSCI 2935: Introduction to Computer Security 17 INFSCI 2935: Introduction to Computer Security 18

9 Preventing replay Transport Mode AH

l Using 32 bit sequence numbers helps detect Internet/ replay of IP packets Intranet l The sender initializes a sequence number for every SA ¡Each succeeding IP packet within a SA increments Original IP TCP Payload Data Without IPSec the sequence number Header Header l Receiver implements a window size of W to keep track of authenticated packets Original IP Auth TCP Payload Data Header Header Header l Receiver checks the MAC to see if the packet is authentic Next Payload Seq. SPI MAC Header Length No.

INFSCI 2935: Introduction to Computer Security 19 INFSCI 2935: Introduction to Computer Security 20

10 ESP – Encapsulating Security Tunnel Mode AH Payload

l Creates a new header Security Parameters Internet SG in addition to the IP Index (SPI) – 32 bits Intranet header Sequence Number 32 bits l Creates a new trailer Original IP TCP Payload Data Without IPSec Payload Data Header Header l Encrypts the payload data Padding/ Next Header New IP Auth Original IP TCP Payload Data l Authenticates the Header Header Header Header security association Authentication Data

Next Payload Seq. l Prevents replay SPI MAC Header Length No.

INFSCI 2935: Introduction to Computer Security 21 INFSCI 2935: Introduction to Computer Security 22

11 Details of ESP Transport mode ESP l Security Parameters Index (SPI) ¡ Specifies to the receiver the algorithms, type of keys, and lifetime of the keys used l Sequence number Original IP TCP ¡ Counter that increases with each IP packet sent from the same host to Payload Data Without IPSec the same destination and SA Header Header l Payload ¡ Application data carried in the TCP segment Original IP ESP TCP ESP ESP Payload Data l Padding Header Header Header Trailer Auth ¡ 0 to 255 bytes of data to enable encryption algorithms to operate properly Encrypted ¡ To mislead sniffers from estimating the amount of data transmitted l Authentication Data Authenticated ¡ MAC created over the packet

INFSCI 2935: Introduction to Computer Security 23 INFSCI 2935: Introduction to Computer Security 24

12 Tunnel mode ESP Perimeter Defense

Original IP TCP lOrganization system consists of a network Payload Data Without IPSec Header Header of many host machines – ¡the system is as secure as the weakest link New IP ESP Original IP TCP ESP ESP Payload Data Header Header Header Header Trailer Auth lUse perimeter defense Encrypted ¡Define a border and use gatekeeper (firewall) Authenticated lIf host machines are scattered and need to use public network, use encryption ¡Virtual Private Networks (VPNs)

INFSCI 2935: Introduction to Computer Security 25 INFSCI 2935: Introduction to Computer Security 26

13 Perimeter Defense Firewalls lIs it adequate? l Total isolation of networked systems is undesirable ¡Locating and securing all perimeter points is ¡Use firewalls to achieve selective border control quite difficult l Firewall lLess effective for large border ¡Is a configuration of machines and software ¡Inspecting/ensuring that remote connections ¡Limits network access ¡Come “for free” inside many devices: routers, modems, are adequately protected is difficult wireless base stations etc. ¡Insiders attack is often the most damaging ¡Alternate: a firewall is a host that mediates access to a network, allowing and disallowing certain type of access based on a configured security policy

INFSCI 2935: Introduction to Computer Security 27 INFSCI 2935: Introduction to Computer Security 28

14 Virtual Private Networks What Firewalls can’t do What is it? lThey are not a panacea lIt is a private network that is configured ¡Only adds to defense in depth within a public network lIf not managed properly lA VPN “appears” to be a private national ¡Can provide false sense of security or international network to a customer lCannot prevent insider attack lThe customer is actually “sharing” trunks lFirewalls act a particular layer (or layers) and other physical infrastructure with other customers lSecurity?

INFSCI 2935: Introduction to Computer Security 29 INFSCI 2935: Introduction to Computer Security 30

15 What is a VPN? (2) Secure IP VPNs l A network that supports a closed community of l Use the public Internet as part of the virtual authorized users l The authorized users are allowed to access various private network network related resources and services l Provide security! l There is traffic isolation ¡Contents are secure ¡Confidentiality and integrity of data ¡Services and resources are secure ¡User authentication l Use the public Internet as part of the virtual private network ¡Network access control l Provide security! ¡ Confidentiality and integrity of data l IPSec can be used ¡ User authentication ¡ Network access control l IPSec

INFSCI 2935: Introduction to Computer Security 31 INFSCI 2935: Introduction to Computer Security 32

16 Tunneling in VPN “Typical” corporate network

Firewall Intranet Demilitarized Zone (DMZ) Mail forwarding DNS (DMZ) File Server Web Server Web Server

Mail server DNS (internal) Firewall

User machines User machines User machines Internet

INFSCI 2935: Introduction to Computer Security 33 INFSCI 2935: Introduction to Computer Security 34

17 Typical network: Issues Terms l Network Regions l IP: Intranet hidden from outside world ¡ Internet ¡Internal addresses can be real ¡ Intranet lProxy maps between real address and firewall ¡ DMZ ¡Fake private addresses l Network Boundaries lNetwork Address Translation protocol maps internal ¡ Firewall addresses to the Internet addresses (inner firewall) l Filtering firewall: Based on packet headers l Audit mechanism l Mail Forwarding ¡ Proxy ¡Hide internal addresses l Proxy firewall: Gives external view that hides intranet ¡Map incoming mail to “real” server l Contents of packets and messages besides attributes of packet headers ¡Additional incoming/outgoing checks

INFSCI 2935: Introduction to Computer Security 35 INFSCI 2935: Introduction to Computer Security 36

18 Firewalls: Configuration DMZ Administration lExternal Firewall lDirect console access required? ¡What traffic allowed ¡Real hassle lExternal source: IP restrictions lWhat type of traffic: Ports (e.g., SMTP, HTTP) l“Special” access ¡Proxy between DMZ servers and internet ¡SSH connections allowed from internal to DMZ lInternal Firewall “administration” connections ¡Traffic restrictions: Ports, From/to IP ¡Only from specified internal IPs ¡Proxy between intranet and outside ¡Only through internal firewall

INFSCI 2935: Introduction to Computer Security 37 INFSCI 2935: Introduction to Computer Security 38

19 Overview

lTrust lProblems from lack of assurance lTypes of assurance Assurance lLife cycle and assurance lWaterfall life cycle model lOther life cycle models

Courtesy of Professors INFSCI 2935: Introduction of Computer Security 39 INFSCI 2935: Introduction to Computer Security 40 Chris Clifton & Matt Bishop

20 Trust Relationships l Trustworthy entity has sufficient credible Statement of requirements that explicitly defines Policy evidence leading one to believe that the system the security expectations of the mechanism(s) will meet a set of requirements Provides justification that the mechanism meets policy l Trust is a measure of trustworthiness relying on Assurance through assurance evidence and approvals based on the evidence evidence Executable entities that are designed and implemented l Assurance is confidence that an entity meets its Mechanisms to meet the requirements of the policy security requirements based on evidence provided by the application of assurance Evaluation standards Trusted Computer System Evaluation Criteria techniques Information Technology Security Evaluation Criteria ¡Formal methods, design analysis, testing etc. Common Criteria

INFSCI 2935: Introduction to Computer Security 41 INFSCI 2935: Introduction to Computer Security 42

21 Problem Sources (Neumann) Examples

1. Requirements definitions, omissions, and mistakes l Challenger explosion (1986) 2. System design flaws ¡Sensors removed from booster rockets to meet 3. Hardware implementation flaws, such as wiring and chip accelerated launch schedule flaws l Deaths from faulty radiation therapy system 4. Software implementation errors, program bugs, and ¡Hardware safety interlock removed compiler bugs ¡Flaws in software design 5. System use and operation errors and inadvertent mistakes l Bell V22 Osprey crashes 6. Willful system misuse ¡Failure to correct for malfunctioning components; two 7. Hardware, communication, or other equipment malfunction faulty ones could outvote a third 8. Environmental problems, natural causes, and acts of God l Intel 486 chip bug (trigonometric function) 9. Evolution, maintenance, faulty upgrades, and ¡Cost a lot of time and money decommissions

INFSCI 2935: Introduction to Computer Security 43 INFSCI 2935: Introduction to Computer Security 44

22 Role of Requirements Types of Assurance lRequirements are statements of goals that l Policy assurance is evidence establishing must be met security requirements in policy is complete, consistent, technically sound ¡Vary from high-level, generic issues to low- level, concrete issues ¡To counter threats and meet objectives lSecurity objectives are high-level security l Design assurance is evidence establishing design sufficient to meet requirements of issues and business goals security policy lSecurity requirements are specific, l Implementation assurance is evidence concrete issues establishing implementation consistent with security requirements of security policy ¡Need to use good engineering practices

INFSCI 2935: Introduction to Computer Security 45 INFSCI 2935: Introduction to Computer Security 46

23 Types of Assurance Assurance steps lOperational assurance is evidence establishing system sustains the security policy requirements during installation, Security requirements 1 Design and configuration, and day-to-day operation implementation refinement ¡Also called administrative assurance 2 Design 3 ¡Example, Assurance justification Do a thorough review of product or system 4 documentation and procedures, to ensure that Implementation the system cannot accidentally be placed in a non-secure state.

INFSCI 2935: Introduction to Computer Security 47 INFSCI 2935: Introduction to Computer Security 48

24 Life Cycle Conception lConception l Idea ¡ Decisions to pursue it l Proof of concept lManufacture ¡ See if idea has merit ¡ Rapid prototyping, analysis, etc. l High-level requirements analysis ¡ What does “secure” mean for this concept? lDeployment l Identify threats ¡ Is it possible for this concept to meet this meaning of security? lFielded Product Life ¡ Is the organization willing to support the additional resources required to make this concept meet this meaning of security?

INFSCI 2935: Introduction to Computer Security 49 INFSCI 2935: Introduction to Computer Security 50

25 Manufacture Deployment l Develop detailed plans for each group involved lDelivery ¡May depend on use; internal product requires no sales ¡Assure that correct (assured) masters are ¡Plans : marketing, sales training, development, testing delivered to production and protected ¡Software development and engineering process ¡Distribute to customers, sales organizations l Implement the plans to create entity lInstallation and configuration ¡Includes decisions whether to proceed, for example due to market needs ¡Developers must ensure that the system l May be the longest stage operates properly in the production environment

INFSCI 2935: Introduction to Computer Security 51 INFSCI 2935: Introduction to Computer Security 52

26 Fielded Product Life Waterfall Life Cycle Model lRoutine maintenance, patching lRequirements definition and analysis ¡Responsibility of engineering in small ¡Functional and non-functional organizations ¡General (for customer), specifications ¡Responsibility may be in different group than one that manufactures product lSystem and software design lCustomer service, support organizations lImplementation and unit testing ¡Answering questions; recording bugs lIntegration and system testing lRetirement or decommission of product lOperation and maintenance ¡Migration plans for customers

INFSCI 2935: Introduction to Computer Security 53 INFSCI 2935: Introduction to Computer Security 54

27 Other Models of Relationship of Stages Software Development

l Exploratory programming ¡Develop working system quickly ¡Used when detailed requirements specification cannot Requirements definition and System and be formulated in advance, and adequacy is goal analysis software Implementation design and unit ¡No requirements or design specification, so low testing Integration assurance and system Operation testing and l Prototyping (Similar to Exploratory) maintenance ¡Objective is to establish system requirements ¡Future iterations (after first) allow assurance techniques

INFSCI 2935: Introduction to Computer Security 55 INFSCI 2935: Introduction to Computer Security 56

28 Models Models l Formal transformation l Extreme programming ¡Create formal specification ¡Rapid prototyping and “best practices” ¡Translate it into program using correctness- ¡Project driven by business decisions preserving transformations ¡Requirements open until project complete ¡Very conducive to assurance methods ¡Programmers work in teams l System assembly from reusable components ¡Components tested, integrated several times a day ¡Depends on whether components are trusted ¡Objective is to get system into production as quickly as ¡Must assure connections, composition as well possible, then enhance it ¡Very complex, difficult to assure ¡Evidence adduced after development needed for ¡This is common approach to building secure and assurance trusted systems

INFSCI 2935: Introduction to Computer Security 57 INFSCI 2935: Introduction to Computer Security 58

29 Key Points lAssurance critical for determining trustworthiness of systems lDifferent levels of assurance, from informal evidence to rigorous mathematical evidence lAssurance needed at all stages of system life cycle

INFSCI 2935: Introduction to Computer Security 59 INFSCI 2935: Introduction to Computer Security 60

30