Routing Overview

About This Presentation

Title:

Routing Overview

Description:

The problem of tampering and impersonation remains ... Impersonation can be addressed by certification and authentication. Digital Signature ... – PowerPoint PPT presentation

Number of Views:80

Avg rating:3.0/5.0

Slides: 52

Provided by: abhayp

Category:

more less

Transcript and Presenter's Notes

Title: Routing Overview

1
Web Computing Security CS587x Lecture
13 Department of Computer Science Iowa State
University
2
What to Cover

Internet security issues
Introduction to cryptography
Secured Socket Layer (SSL)

3
Internet Security Issues

A TCP/IP packet could go through many
intermediate computers and separate networks
Possible ways for communication interference
Eavesdropping
Information remains intact, but its privacy is
compromised. For example, someone could learn
your credit card number, etc.
Tampering
Information in transit is changed or replaced and
then sent on to the recipient. For example,
someone could alter an order of goods
Impersonation
Information passes to a person who poses as the
intended recipient. For example, a person can
pretend to have the email address
jdoe_at_mozilla.com or a computer can identify
itself as www.mozilla.com while it is not

4
Public-Key Cryptography

The goals of developing this standard
Encryption and decryption
Allow two communication parties to disguise
information they send to each other.
Tamper detection
Allows the recipient of information to verify
that it has not been modified in transit
Authentication
Allows the recipient of information to determine
its origin, i.e., confirm the senders identity
Nonrepudiation
Prevents the sender of information from claiming
at a later date that the information was never
sent

5
Encryption and Decryption

Encryption is a process of transforming
information so it is intelligible to anyone but
the intended recipient
Decryption is a process of transforming encrypted
information so it is intelligible again
A cryptography algorithm (also called cipher) is
a mathematical function used for encryption or
decryption.
In most cases, two related functions are
employed, one for encryption and the other for
decryption
Cryptography algorithms are widely known
The ability to keep encrypted information secret
is based not on the cryptography, but on a number
called key
Key is used with the algorithm to produce an
encrypted result or to decrypt previously
encrypted information

6
Symmetric-Key Encryption

With symmetric-key encryption, the encryption key
can be calculated from the decryption key and
vice versa
With most symmetric-key encryption, the same key
is used for both encryption and decryption

7
Symmetric-Key Encryption

Advantages
Highly efficient implementation
fast encryption and decryption
Provides some degree of authentication
information encrypted with one symmetric key
cannot be decrypted with any other symmetric key.
Disadvantages
Effective only if the key is kept secret by the
two parties involved
If anyone else discovers the key, it affects both
confidentiality and authentication
The person not only can decrypt messages sent
with that key, but can encrypt new messages and
send them as if they came from one of the two
parties who were originally using the key

8
Public-Key Encryption

Public-key encryption (also called asymmetric
encryption) involves a pair of keys public key
and private key
Public key is published and could be well-known
Private key is associated with an entity that
needs to authenticate its identity electronically
or to sign or encrypt data
Data encrypted with a public key can be decrypted
only with some corresponding private key
To send data to someone, you encrypt the data
with his public key, and the person receiving the
encrypted data decrypts it with the corresponding
private key
Data encrypted with private key can be decrypted
only with corresponding public key (more details
later)

9
Public-Key Encryption

Advantage
Allow to freely distribute public key to the
sender
Private key can be kept in secret
Disadvantage
Compared with symmetric-key encryption,
public-key encryption requires more computation
and is therefore not always appropriate for large
amounts of data
The way to leverage the advantage and minimize
the disadvantage
Use public-key encryption to send a symmetric
key, which can be then be used to encrypt
additional data. This is the approach used by
the SSL protocol

10
Temper Detection

Encryption and decryption solves only the problem
of eavesdropping
The problem of tampering and impersonation
remains
Tamper detection is done by using public-key
encryption for digital signature
Impersonation can be addressed by certification
and authentication

11
Digital Signature

Tamer detection replies on a mathematical
function called a one-way hash (also called a
message digest)
A one-way hash is a number of fixed length with
the following characteristics
Ideally, the value of the hash is unique for the
hashed data. Any change in the data, even
deleting or altering a single character, results
in different value
The content of the hashed data cannot, for all
practical purposes, be deduced from the hash
which is why it is called one-way

12
Digital Signature

Public-key encryption allows you to use your
private key for encryption and your public key
for decryption
This feature can be used to digitally signing any
data
The signing software creates a one-way hash of
the data, then uses your private key to encrypt
the hash
The encrypted hash, along with other information,
such as the hashing algorithm, is known as a
digital signature

13
Digital Signature

The source sends data as follows
One-way hash the original data is one-way hashed
Encrypt it with your private key
Send both the original data and digital signature
to the recipient
The recipient validates the data integrity as
follows
Decrypt the digital signature using the public
key
Use the same hash algorithm to one-way hash the
received data
The data has not been tempered if the two sets of
data are the same

14
A Certificate Identifies an Entity

What is certificate?
A certificate is an electronic document used to
identify an individual, a server, a company, or
some other entity
Just like a driver license identifies a person
Who issues certificate?
Certificate Authorities (CA)
can be either independent third party or
organizations running their certificate-issuing
server software
Before issuing a certificate, CA must go through
certain verification procedures, depending on the
CAs policies

15
Certificate Content

Each certificate always
binds a particular public key to the certified
entity
Only the public key certified by the certificate
will work with the corresponding private key
possessed by the owner of the certificate
includes the digital signature of the issuing CA
For tempering detection - you cannot change a
certificate
The signature allows the certificate to function
as a letter of introduction for users who know
and trust the CA but dont know the entity
identified by the certificate
Of course, a certificate also includes the name
of the entity it identifies, an expiration date,
the name the of CA that issued the certificate

16
Sample Certificate Content
Basic CA/Emailpersonal-basic_at_thawte.com
Subject Public Key Info Public Key
Algorithm rsaEncryption RSA Public Key
(1024 bit) Modulus (1024 bit)
00bcbc93536dc0504f8215e64894
a65abe6f42fa0f47ee777572dd8d49
9b9657a078d4ca3f51b3690b917617
2207976ac451934be08def3795a1
0c 4dda34901d178997e03538574
ac0f4 0870e93c447b507e619a90
e323d388 114627f50b070ebbddd1
7f200a88b9 560b2e1c80daf1e39
e29ef14bd0a44 fb1b5b18d1bf23
9321 Exponent 65537 (0x10001)
X509v3 extensions X509v3 Basic
Constraints critical CATRUE Signature
Algorithm md5WithRSAEncryption
2de2996bb03d7a89d759a294011f2bdd12
4b 53c2ad7faaa7005c914057254a38
aa8470b9 d9800fa57b5cfb73c6bdd7
8a615c03e32d27 a817e0848542dc5e
9bc6b7b26dbb74afe43f
cba7b7b0e05dbe78832594d2db810f7907
6d 4ff439155a52017bde32d64d38f6
125c0650 df055bbd144ba1df29ba3b
418df76356a1df 22b1
openssl x509 -noout -text -in thawte.
cer Certificate Data Version 3 (0x2)
Serial Number 0 (0x0) Signature Algorithm
md5WithRSAEncryption Issuer CZA, STWestern
Cape, LCape Town, OThawte Consulting,
OUCertification Services Division, CNThawte
Personal Basic CA/Emailpersonal-basic_at_thawte.com
Validity Not Before Jan 1 000000
1996 GMT Not After Dec 31 235959 2020
GMT Subject CZA, STWestern Cape, LCape
Town, OThawte Consulting, OUCertification
Services Division, CNThawte Personal
17
Authentication Confirms an Identity

Password-based authentication
A client submits user name and password
Server checks database to see if name and
password match
Certificate-based authentication
A client digitally signs some piece of data,
which are randomly generated based on the input
from server and client
Both client and server must know exactly the data
to be signed
The client sends both the certificate and the
signed data to the server
The server uses the public key in the certificate
to decode the signed data
The signed data is an evidence used to verify
if the client owns the private key corresponding
to the public key stored in its certificate

18
Certificate-based authentication
19
Types of Certificates

Client/server certificates
Used to authenticate client/server via SSL
S/MIMI certificates
Used for signed and encrypted email
Object certificates
Used to identify signers of Java code or other
signed files
CA certificates
Used to identify Certificate Authorities that can
be trusted

20
Establishing trust through CA Certificates

Any client/server software that supports
certificates maintains a collection of trusted CA
certificates
It is possible to delegate certificate-issuing
responsibility to subordinate CAs, thus, creating
CA hierarchies
The root CAs certificate is a self-signed
certificates, i.e., it is digitally signed by the
same entity
The CAs that are directly subordinate to the root
CA have CA certificate signed by the root CA
CAs under the subordinate CAs in the hierarchy
have their CA signed the higher-level subordinate
CAs

21
CA Hierarchies
Note each certificate is signed with the private
key of its issuer so that its authenticity can be
verified through its public key
22
Certificate Verification
23
Certificate Standards

X.509 Standard
Created to provide credentials for X.500
directory objects
V1 published as part of X.500 directory
recommendations
V3 (1996) added much flexibility
added provisions for extension fields (V3
extensions)
V3 use pretty much universal for Internet
applications
supports mail, c/s, IPsec
alternatives limited to special purposes, e.g PGP
certificates

24
Design Goals of Secure Sockets Layer

Negotiates and employs essential functions for
secure transactions
Mutual Authentication
Establish trust with intended recipients
Signed Digital Certificates
Server Authenticates to Client
Client Authenticates to Server (optional)
Data Encryption
Privacy and confidentiality
Support different algorithms for different
application needs
Data Integrity
Insure no one tampers with data transmissions
intentionally or not
Freshness of transactions to avoid replays
As simple and transparent as possible, seamlessly
integrated into existing protocols including
TCP/IP

25
Secure Sockets Layer (SSL)

Platform and Application Independent
Operates between application and transport layers

26
TCP over IP
IP Header
IP Data
Src
Dst
TCP Header
TypeTCP
TCP Data
SrcPort
DstPort
SeqNum
Application Data
27
SSL over TCP over IP
IP Header
IP Data
Src
Dst
TypeTCP
TCP Header
TCP Data
TLS
TLS Payload
SrcPort
DstPort
SeqNum
EncryptedApplicationData
28
SSL 3.0 Layers

Record Layer
Fragmentation
Compression
Message Authentication (MAC)
Encryption
Alert Layer
close errors
message sequence errors
bad MACs
certificate errors
Handshake Layer
All messages are MACd
Message order is absolute
Negotiation messages are created here and handed
to record layer

29
SSL Handshake

SSL protocol uses a combination of public-key and
symmetric key encryption
Symmetric key encryption is much faster than
public-key encryption
Public-key encryption provides better
authentication techniques
Each SSL session always begin with an exchange of
messages called SSL handshake
Allows the server to authenticate itself to the
client using public-key techniques
Allows the client and the server to cooperate in
the creation of symmetric keys used for rapid
encryption, decryption, and tamper detection
during the session that follows

30
Handshake Protocol

The client sends the server
the clients SSL version number, cipher settings,
randomly generated data, etc.
The server sends the client
The servers SSL version number, cipher settings,
randomly generated data, etc.
The servers own certificate
Request for the clients certificate if the
client is requesting a server resource that
requires client authentication
The client and the server selects a common cipher
Allows use of multiple ciphers because
Some countries disallow the use of strong ciphers
Strong ciphers may require too much computational
overhead
Some communications must be secured with a strong
cipher
SSL uses strongest commonly-allowed cipher suite

31
Handshake Protocol Summary

The client uses some of the information sent by
the server to authenticate the server
If the authentication fails, terminate the
connection
The client creates the premaster secret for the
session, using the data generated during the
handshake so far
The secret is sent to the server after encrypted
with the servers public key (obtained from the
servers certificate)
Only the corresponding private key can correctly
decrypts the secret, so the client has some
assurance that it is talking to the authentic
server
If the server requests client authentication
(optional), the client also signs another piece
of data and sends it with the clients
certificate
The data must be unique to this handshake and
known by both the client and the server (why?)
Terminate the connection if authentication fails

32
SSL Handshake Protocol

Both the server and client follow the same steps
to generate the master secret from the same
premaster secret
If the server does not have the right private
key, it cannot generate the right master secret
Both the client and the server use the master
secret to generate the session keys, which are
symmetric keys used to
encrypt and decrypt information exchanged during
the SSL session
verify data integrity, i.e., detect any changes
in the data between the time it was sent and the
time it was received
Finishing handshake
The client and the server send each other a
message informing that future messages from will
be encrypted with the session key

33
Session Key Generation
Premaster Secret
Master Secret
Session Key

Both server and client need to generate the
session key
The session key is not sent via network

34
A Simplified Way?
send its public key to the client
client
server
Use the public key to encrypt the session key

Server sends its public key to the client
Client generates the session key, encrypts it
with the public key and then sends the
encrypted session key to the server
The server decrypts the message and gets the key
Server and client now use the same session key to
encrypt and decrypt their communication

35
Man-In-The-Middle Attack
key
key
M
C
S
session key encrypted with key
session key encrypted with key

A simple scenario
When M receives the public key from S, M replaces
the public key with its own public key
M sends its own public key to C
C generates the session key, encrypts it with the
public key and then sends the encrypted session
key to M
M decrypts the message with its own private key
and gets the session key
M encrypts the session key with the public key
from S and forwards the result to S
M can now eavesdrop all communication between S
and C
How about verifying the digital signature of C?

36
Checking Server Certificate
37
Checking Client Certificate
38
Java SSL

Java 1.4 includes Java Secure Socket Extention
(JSSE)
JSSE can be downloaded and installed into
previous versions of Java
Obtain SSLSocket or SSLServerSocket objects via
javax.net.ssl's SSLServerSocketFactory and
SSLSocketFactory classes

39
JSSE API Client Socket Factory Methods

javax.net.ssl.SSLSocketFactory methods
static SocketFactory getDefault()
Socket createSocket(String host, int port)
Socket createSocket(String host, int port,
InetAddress localHost, int localPort)
Socket createSocket(InetAddress host, int port)
Socket createSocket(InetAddress host, int port,
InetAddress localHost, int localPort)
Socket createSocket(Socket socket, String host,
int port, boolean autoClose)
String getDefaultCipherSuite()
String getSupportedCipherSuites()

40
JSSE API Client Socket Methods

javax.net.ssl.SSLSocket methods (extends Socket)
Supported SSL cipher suites
String getEnabledCipherSuites()
String getSupportedCipherSuites()
void setEnabledCipherSuites(String suites)
SSL session creation enabled?
boolean getEnableSessionCreation()
void setEnableSessionCreation(boolean flag)
SSL client authentication required?
boolean getNeedClientAuth()
void setNeedClientAuth(boolean need)

41
JSSE API Client Socket Methods (2)

Change from SSL client to SSL server mode
boolean getUseClientMode()
void setUseClientMode(boolean mode)
Initiate the SSL handshake protocol
void startHandshake()
Add/remove SSL handshake listener (notified when
SSL handshake operations complete on the socket)
void addHandshakeCompletedListener
(HandshareCompletedListener listener)
void removeHandshakeCompletedListener
(HandshareCompletedListener listener)

42
JSSE API Server Socket Factory Methods

javax.net.ssl.SSLServerSocketFactory methods
static ServerSocketFactory getDefault()
ServerSocket createServerSocket(int port)
ServerSocket createServerSocket(int port, int
LQsize)
ServerSocket createServerSocket(int port, int
LQsize, InetAddress localAddress)
String getDefaultCipherSuites()
String getSupportedCipherSuites()

43
JSSE API Server Socket Methods

javax.net.ssl.SSLServerSocket methods
Supported SSL cipher suites
String getEnabledCipherSuites()
String getSupportedCipherSuites()
void setEnabledCipherSuites(String suites)
SSL session creation enabled?
boolean getEnableSessionCreation()
void setEnableSessionCreation(boolean flag)
SSL client authentication required on accepted
sockets?
boolean getNeedClientAuth()
void setNeedClientAuth(boolean need)
Switch accepted sockets from SSL client mode to
SSL server mode
boolean getUseClientMode()
void setUseClientMode(boolean mode)

44
Example Server

import java.io.
import javax.net.ssl.
public class EchoServer
public static void main(String arstring)
try
SSLServerSocketFactory sslserversocketfactor
y
(SSLServerSocketFactory)SSLServerSocketFac
tory.getDefault()
SSLServerSocket sslserversocket
(SSLServerSocket)sslserversocketfactory.cr
eateServerSocket(9999)
SSLSocket sslsocket (SSLSocket)sslserverso
cket.accept()
InputStream inputstream
sslsocket.getInputStream()
InputStreamReader inputstreamreader new
InputStreamReader(inputstream)
BufferedReader bufferedreader new
BufferedReader(inputstreamreader)
String string null
while ((string bufferedreader.readLine())
! null)
System.out.println(string)
System.out.flush()

45
Example Client

import java.io.
import javax.net.ssl.
public class EchoClient
public static void main(String arstring)
try
SSLSocketFactory sslsocketfactory
(SSLSocketFactory)SSLSocketFactory.getDefault()
SSLSocket sslsocket (SSLSocket)sslsocketfa
ctory.createSocket("localhost", 9999)
InputStream inputstream System.in
InputStreamReader inputstreamreader new
InputStreamReader(inputstream)
BufferedReader bufferedreader new
BufferedReader(inputstreamreader)
OutputStream outputstream
sslsocket.getOutputStream()
OutputStreamWriter outputstreamwriter new
OutputStreamWriter(outputstream)
BufferedWriter bufferedwriter new
BufferedWriter(outputstreamwriter)
String string null
while ((string bufferedreader.readLine())
! null)
bufferedwriter.write(string '\n')

46
Running the Samples

java -Djavax.net.ssl.keyStorekeystore
-Djavax.net.ssl.keyStorePasswordkeystorePassword
EchoServer
java -Djavax.net.ssl.trustStoretruststore
-Djavax.net.ssl.trustStorePasswordtruststorePassw
ord EchoClient

47
Java Certificate Classes

java.security.cert
Certificate (abstract class)
CRL (abstract class)
CertificateFactory
To obtain instances of Certificates and CRLs
X509Certificate extends Certificate
X509CRL extends CRL

48
CertificateFactory Class

public static CertificateFactory
getInstance(String stringType)
Type is, e.g., X.509
public static CertificateFactory
getInstance(String stringType, String
stringProvider)
public final Certificate generateCertificate(Input
Stream inputstream)
public final Collection generateCertificates(Input
Stream inputstream)
public final CRL generateCRL(InputStream
inputstream)
public final Collection generateCRLs(InputStream
inputstream)

49
Certificate Interface