Part III-b
Werbung
Part III-b Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Contents Part III-b Secure Applications and Security Protocols n Practical Security Measures n Internet Security n IPSEC, IKE n SSL/TLS n Virtual Private Networks n Firewall n Kerberos n SET Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Security Measures (1) n Smart-Cards Siemens Corporate Smartcard, SICRYPT n Biometry FingerTip Mouse n Crypto Chips n Secured PC SCENIC PC Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Security Measures (2) n Security Protocols Netscape TLS n Crypto Algorithms and Toolkits DES/AES, Crypto Library ACRYL n Secured Applications Trusted MIME n Secure Operating Systems Windows2000, SINIX Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Security Measures (3) n Crypto Boxes TopSec, optiSet Privacy Module n Firewalls n Anti Virus Software n Security Audit, Security Threat Analysis n Security Infrastructure Trusted CA Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Internet Security Protocol Layers Electronic ElectronicCommerce CommerceLayer Layer SET, SET, Ecash, Ecash, ... ... S-HTTP S-HTTP PGP PGP PEM PEM Transport Transport Layer Layer Security Security (SSH, SSL, TLS) (SSH, SSL, TLS) Datagram Datagram Security SecurityProtocol Protocol (WTLS, DSP) (WTLS, DSP) Transmission TransmissionControl Control Protocol Protocol (TCP) (TCP) User User Datagram DatagramProtocol Protocol (UDP) (UDP) IP/ IP/ IPSec IPSec(Internet (InternetProtocol Protocol Security) Security) n S/MIME S/MIME PKIX PKIX Public-Key Public-Key Infrastructure Infrastructure The security services provided by security mechanisms or protocols depend on the layer of integration: ð the mechanisms can only protect the payload and/or header information available at this layer ð header information of lower layers is not protected Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Placement of Security Functions n Higher Layers K K K K application specific, technology independent, end-to-end security possible usually software implementations higher layer security does not protect lower layers n Middle Layers K attractive when balancing security concepts from higher and lower layers n Lower Layers K K K K link/point-to-point security suited for crypto hardware lower layer can provide security services for and protect higher layers security functions inside the operating systems Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Internet Protocol Security (IPSEC) n IP Authentication Header (AH) ð for IP packet integrity and partial replay protection n Encapsulating Security Payload (ESP) ð for IP packet confidentiality and integrity Application Application // IKE IKE n AH, ESP can operate in a Transport and in a Tunnel mode ð application for Transport mode is secure host-to-host transport ð application for Tunnel mode is secure Virtual private networking (VPN) with security gateways TCP/UDP TCP/UDP n IKE is the default key-management protocol for IPSEC ð various key-exchange/keyestablishment protocols defined based on Diffie-Hellman Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 Application Data SA SAEstablishment Establishment Authentication Authentication Key KeyEstablishment Establishment Handshake IP/IPSec IP/IPSec Encapsulation Encapsulation Decapsulation Decapsulation Protected Data See IETF RFC 2401 - 2409 © Siemens AG 2001, ICN M NT IPSEC Transport and Tunnel mode Original IP packet IP Header TCP Header Data encrypted Transport Mode protected packet IP ESP Header header TCP Header ESP trailer Data Authenticated encrypted Tunnel Mode protected packet IP ESP Header header IP Header TCP Header Data ESP trailer Authenticated Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Internet Key Management (IKE) Peer A IKE IKE phase 1: Create secure IKE channel IKE phase 2: Create IPSEC SA supply IPsec SA AH/ESP Peer B IKE supply IPsec SA AH/ESP protected channel Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 AH/ESP © Siemens AG 2001, ICN M NT IKE Phases n IKE operates in two phases ð Phase 1 sets up a secure channel (referenced as ISAKMP SA). This requires a key exchange (Diffie-Hellman algorithm) with authentication (based on preshared symmetric keys, public key encryption or digital signatures). ð Phase 2 negotiates IPsec SAs over this secure channel. Derivation of several IPsec SAs or re-negotiation is possible without a new Phase 1 exchange. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Transport Layer Security (TLS) Secure Socket Layer (SSL) Secure WWW Server Browser Application Data Application Application http:// TLS TLS Negotiation Encapsulation Encapsulation Authentication Decapsulation DecapsulationKey Establishment TCP TCP https:// SSL SSL Transport System Protected Data Transport System Handshake HTTP IP IP HTTP over SSL n SSL/TLS provide optional client and server authentication with keymanagement and connection-oriented data confidentiality and integrity.. n There are only minor differences between SSL and TLS but they are not interoperable. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT SSL/TLS Handshake protocol Client Handshake: ClientHello(supported ciphers, Random) Server Handshake: ServerHello(chosen cipher, Random) Handshake: Certificate Handshake: ServerHelloDone Compute session keys Handshake: ClientKeyExchange ChangeCipherSpec(encrypted Master Secret) Handshake: Finished (session MAC) Compute session keys ChangeCipherSpec(encrypted Master Secret) Handshake: Finished(session MAC) application_data application_data Alert: warning, close_notify Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Some SSL/TLS applications n secure WWW communication (HTML/XML over TLS) n secure LDAP (LDAPS) n secure mobile WAP communication with WTLS n secured network management (SNMP over TLS) n secure e-commerce transactions (protected credit-card number) n secure login (server certificate + user password or with client certificate) n other secured Internet Applications (IMAP/POP3, NNTP, FTP, over TLS, ...) n secured multimedia/Voice-over-IP signaling (H.235) Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT SSL/TLS building blocks Application layer protocol SSL/TLS SSL/TLS SSL/TLS handshake change alert cipher protocol layer spec protocol protocol SSL/TLS record layer protocol TCP/IP layer protocol lower layer protocol Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT SSL/TLS record layer encapsulation Plaintext application layer PDU Content TLS/ SSL Type version length Application layer PDU CBC CBC MAC padding padding length encrypted protected SSL/TLS record layer PDU Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT SSL/TLS References n IETF RFC 2246 “The TLS Protocol Version 1.0”, 1999. n IETF RFC 2487 “SMTP Service Extension for Secure SMTP over TLS”, 1999. n IETF RFC 2595 “Using TLS with IMAP, POP3 and ACAP”, 1999. n IETF RFC 2817 “Upgrading to TLS Within HTTP/1.1”, 2000. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Virtual Private Networks (VPN) Intranet FW (Corporate Network) Secured VPN FW Client Intranet FW (Corporate Network) Internet Intranet Client (Corporate Network) Client Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT VPN n are secure, private overlay networks over the Internet. n secure tunneling protects any transmitted traffic between secure islands. n IPSEC, L2TP, PPP and SSL are the most widely used VPN techniques. n a VPN can be built on its own or be provided externally as a network service. n Firewalls or cryptoboxes can provide VPNs. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Firewall Mail Authentication Logging NEWS Accounting Client Anti Virus WWW Proxy Intranet Internet NAT DNS IPSEC Crypto box other Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 (Corporate Network) Client VPN © Siemens AG 2001, ICN M NT Firewall n are security gateways that are placed at the perimeter of a security domain. n control in/outgoing access to/from Intranet, Extranets and the Internet. n help enforcing a security policy. n Policies rules can be built using K packet filter K stateful inspection K application level gateway (ALG) n typically provide auxiliary security functions such as remote authentication, VPN, Anti Virus filter, proxies, logging/accounting and network address translation (NAT). n are a potential bottleneck. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Kerberos Architecture Ticket Granting Server Kerberos Server 2. TGS ticket 4. Server ticket 3. Request a server ticket 1. Request a TGS TGS ticket 5. Service Request Client Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 Application Server © Siemens AG 2001, ICN M NT Kerberos n was developed by MIT in 1970s for large campus computer networks. n uses a central, trusted key management center for authentication and as a key distribution facility. n is based entirely on symmetric keys (master keys, authentication keys, session keys) and synchronized time clocks. n Tickets convey shielded session keys and granted permission. n provides (authenticated) single-sign on and access control services to authorized resources. n supports reliable accounting for used services. n the core crypto protocols had several weaknesses, some caution is still necessary. n there is also a public-key variant of Kerberos. n there is a UNIX version in the public-domain. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT Secure Electronic Transaction (SET) Scenario Bank accepts and processes payment offer from Merchant Secure financial network Bank issues a credit card for the customer Issuer (Customer’s bank) Customer relationship Certification Authority (CA) Payment Gateway (PG) Issues certificates Processes payment offer owns a credit card purchases and pays digitally Acquirer (Merchant’s bank) Cardholder (customer) Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 Internet Monetary transfer Customer relationship Merchant (shop) sells goods via Internet accepts digital payments © Siemens AG 2001, ICN M NT SET Transaction 1. Customer queries shop 2. Merchant sends order form 3. Customer chooses payment method Issuer (Customer’s bank) 4. Customer sends purchase order and payment authorization (SET) SET Payment Gateway (PG) 8 7. Merchant delivers goods 10. Customer’s bank sends bill to customer. 6a 6 6. Authorization Request, acquirer bank confirms customer’s payment authorization (SET) 9. Acquirer bank performs clearing with customer’s bank Acquirer (Merchant’s bank) 10 5. Merchant confirms purchase order (SET) 8. Merchant requests payment from acquirer bank (SET) 9 1 2 3 Cardholder (customer) SET Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 4 5 7 Merchant (shop) SET © Siemens AG 2001, ICN M NT SET Certificate Hierarchy Root Signature SET Brand Signature Visa, MasterCard, ... Geopolitical Signature Deutsche Bank, ... Issuer Signature Jochen Müller, ... Cardholder Signature Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 Deutschland, USA, ... Acquirer Signature ASK, ... Merchant Signature Commerzbank, ... Payment GW Signature © Siemens AG 2001, ICN M NT SET Security n Hash-Algorithms ð SHA-1 (160 bit has length) n Encryption ð DES-56 in CBC mode, exportable DES-40 (CDMF) ð RSA (1024 bit key length, Root CA 2048 bit) n X.509 certificates n RSA for digital envelopes and digital signatures (PKCS#7) n Dual signatures: Sign (MD (MD (payment auth.) ° MD (offer desc.))) n idempotent messages, multiple send possible ð nonces allow detection of duplicates Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001 © Siemens AG 2001, ICN M NT