Chapter 6

Network
communications Security

1
Outline

 Network security concepts

Protocol architecture and security services
Example security protocols :
Transport Layer Security (TLS)
IP Layer Security (IPSec)

2
Network Security Concepts

 Any organization/entity having its own local network should conceive and

implement security services and mechanisms to protect its network.

Network security is composed of two main axis:

1. Communication Security: aims to protect the data transmitted across

networks between organizations and end users
2. Perimeter security: aims to protect an organization’s network from
unauthorized access

3
Digital communication Security Analogy

4
Reminder: Communication Layered Model

Layered structure of hardware and software that supports

the exchange of data between systems
Two standards:
 OSI Reference model: never lived up to early promises
 TCP/IP protocol suite: most widely used

5
Communication across OSI model

6
OSI vs TCP/IP model

7
OSI Security Architecture

Originally specified as ISO 7498-2

Republished as X.800 “Security Architecture for OSI”
Defines a systematic set of security requirements and
options for the ISO communication protocol stack
Also applicable to the TCP/IP protocol stack

8
Possible placement of security services in
OSI protocol layers (X.800)

9
Security Protocols
 Many different security protocols have been specified and
implemented for different purposes such as CIA, Key
establishment/Exchange,…
 This lecture discusses the operation of two network-related
protocols that are in common use:
 Transport Layer Security (TLS): used extensively on the web, email, VoIP
 IP Security (IPSec): provides security services at the IP level and is used to provide
Virtual Private Network (VPN) services.

10
Transport Layer Security
(TLS)

11
TLS: Overview

TLS is a cryptographic services protocol based on the Browser PKI, and

is commonly used on the Internet. Most often used to allow browsers to
establish secure sessions with web servers.

 Port 443 is reserved for HTTP over TLS/SSL and the protocol https is
used with this port.
 http://www.xxx.com implies using standard HTTP using port 80.
 https://www.xxx.com implies HTTP over TLS/SSL with port 443.

12
 TLS operates at the layer 4 of the OSI model.
TLS is the successor of SSL

13
History: SSL/TLS
1994: Netscape Communications developed the network authentication protocol Secure
Sockets Layer, SSLv2. Badly broken
1995: Netscape release their own improvements SSLv3. Widely used for many years.
1996: SSLv3 was submitted to the IETF as an Internet draft, and an IETF working group was
formed to develop a recommendation.
In January 1999, RFC 2246 was issued by the IETF, Transport Layer Security Protocol: TLS
1.0 Similar to, but incompatible with SSLv3
Currently TLS 1.2 (2008) (allows backwards compatibility with SSL)
Draft TLS 1.3 (2016) (totally bans SSL)
Firefox browser enabled TLS 1.3 by default in February 2017

14
TLS: Architecture Overview

Designed to provide secure reliable end-to-end services over TCP.

Consists of 3 higher level protocols:
 TLS Handshake Protocol
 TLS Alert Protocol
 TLS Change Cipher Spec Protocol

 The TLS Record Protocol provides the practical encryption and integrity
services to various application protocols.

16
TLS: Protocol Stack

17
TLS: Handshake Protocol
The handshake protocol:
 Negotiates the encryption to be used
 Establishes a shared session key
 Authenticates the server
 Authenticates the client (optional)
 Completes the session establishment

After the handshake, application data is transmitted securely

 Several variations of the handshake exist: RSA variants, Diffie-Hellman
variants,…

18
 TLS: Handshake Four phases

Phase 1: Initiates the logical connection and establishes its

security capabilities
Phases 2 and 3: Performs key exchange. The messages and
message content used in this phase depends on the handshake
variant negotiated in phase 1.
Phase 4: Completes the setting up of a secure connection.

19
Simplified RSA-based Handshake

20
Elements of Handshake
 Client hello: Advertises available cipher suites (e.g. RSA, AES, SHA256)

 Server hello:
 Returns the selected cipher suite
 Server adapts to client capabilities

 RSA and Server Certificate

 X.509 digital certificate sent to client, assumes RSA algorithm
 Client verifies the certificate including that the certificate signer is in its acceptable
Certificate Authority (CA) list. Now the client has the server’s certified public key.

 RSA and Client Certificate: Optionally, the client can send its X.509 certificate to
server, in order to provide mutual authentication, assumes RSA algorithm

 Anonymous Diffie-Hellman :Optionally, the client and server can establish session
key using the Diffie-Hellman algorithm
21
Record Protocol Overview

Provides two services for TLS connections.

1. Message Confidentiality:
 Ensure that the message contents cannot be read in transit.
 The Handshake Protocol establishes a symmetric key used to encrypt
TLSpayloads.

2. Message Integrity:
 Ensure that the receiver can detect if a message is modified in transmission.
 The Handshake Protocol establishes a shared secret key used to construct a
MAC.

22
SSL/TLS Challenges

Many vulnerabilities exist for SSL/TLS.

 People are easily tricked
 Changing between http and https causes vulnerability to SSL stripping attacks
 SSL/TLS only as secure as the cryptographic algorithms used in handshake
protocol: hashing, symmetric and asymmetric crypto.

Relies on Browser PKI which has many security issues

 Fake server certificates are difficult to detect
 Fake root server certificates can be embedded in platform, see e.g. Lenovo
Komodia adware scam

23
SSL Stripping Attack

 MitM server can connect to client over https in msg (6) with server certificate that has
similar domain name as real server.
 Attacker can leave the connection after stealing credentials, then the client connects
directly to real server with https 24
Preventing SSL Stripping with HSTS
 A secure server can instruct browsers to only use https

 When requesting website that uses HTTP Strict Transport Security (HSTS), the
browser automatically forces connect with https.

 Users are not able to override policy

 Two ways of specifying HSTS websites

 List of HSTS websites can be preloaded into browsers
 HSTS policy initially specified over a https connection

 Disadvantages
 HSTS websites can not use both http and https
 Difficult for a website to stop using https
 Can cause denial of service, e.g. no fallback to http in case of expired server certificate.
25
Preventing SSL Stripping with HSTS

Limitation of HSTS:
 Requires first visit to secure website to set HSTS policy in browser
 Can be solved by browser having preloaded list of HSTS websites

 Browsers would be vulnerable if attacker could delete HSTS cache 26

Market position of HTTP Strict Transport
Security in terms of popularity and traffic

27
Popular sites using HTTP Strict Transport
Security
 Google.com
 Youtube.com
 Facebook.com
 Wikipedia.org
 Reddit.com
 Yahoo.com
 Google.co.in
 Amazon.com
 Tmall.com
 Twitter.com
28
Phishing and failed authentication

29
30
IPSec and VPN

31
IPSec Overview
Internet Protocol security (IPSec) is standard for secure communications
over Internet Protocol (IP) networks, through the use of cryptographic
security services.
 Uses encryption, authentication and key management algorithms
 Based on an end-to-end security model at the IP level
 Provides a security architecture for both IPv4 and IPv6
 Mandatory for IPv6
 Optional for IPv4

 Requires operating system support, not application support.

Available in most operating systems/devices. E.g., Windows, OS X, Linux,
BSD*, …
32
33
Security Services provided by IPSec
Selectively provides ….

 Message Confidentiality
 Protects against unauthorized data disclosure.
 Accomplished by the use of encryption mechanisms.

 Message Integrity
 IPsec can determine if data has been changed (intentionally or unintentionally) during
transit.
 Integrity of data can be assured by using a MAC.

 Traffic Analysis Protection

 A person monitoring network traffic cannot know which parties are communicating,
how often, or how much data is being sent.
 Provided by concealing IP datagram details such as source and destination address.

34
Security Services provided by IPSec (2)
Selectively provides ….

 Message Replay Protection

 The same data is not delivered multiple times, and data is not delivered grossly out of
order.
 However, IPsec does not ensure that data is delivered in the exact order in which it is
sent.
 Peer Authentication
 Each IPsec endpoint confirms the identity of the other IPsec endpoint with which it
wishes to communicate.
 Ensures that network traffic is being sent from the expected host.

 Network Access Control

 Filtering can ensure users only have access to certain network resources and can only
use certain types of network traffic.

35
 IPsec and the IP protocol stack
IPsec puts the two main protocols in between IP and the other
protocols: AH and ESP

Authentication Header (AH) Encapsulating Security Payload

Authentication, integrity (ESP)
and replay protection. Confidentiality,
no confidentiality authentication, integrity and
replay protection
36
Modes of operation

37
IPSEC Protocol Suite

38
Internet Key Exchange (IKE)

Two phase protocol used to establish parameters and keys for session

 Phase 1: authenticate peers, establish secure channel

 Phase 2: negotiate parameters, establish a security association (SA)

Key exchange is largely automated after initial manual configuration

39
Phase 1
Sample of a key establishment based on DH

Alice and Bob have common (long term) secret s

 DH exchange is authenticated (MITM not possible)
After each session, session key is destroyed

40
Security Association (Phase2)
A security association (SA) contains info needed by an
IPSec endpoint to support one end of an IPSec
connection.
Can include cryptographic keys and algorithms, key
lifetimes, security parameter index (SPI), and security
protocol identifier (ESP or AH).
 The SPI is included in the IPSec header to associate a
packet with the appropriate SA.
 Security Associations are simplex
 need one for each direction of connection
 stored in a security association database (SAD).

41
Authentication Header (AH)

 Authenticity and integrity

 via HMAC
 over IP headers and data

 Advantage: the authenticity of data and IP header

information is protected
 Confidentiality of data is not preserved
 Replay protection via AH sequence numbers

43
Modifications to the packet format
(AH Mode)

44
IPSec Authentication
Authentication data
 Hash of packet contents include IP header as as specified by SPI
 Treat transient fields (TTL, header checksum) as zero

Keyed MD5 Hash is default

45
 Encapsulating Security Payload (ESP)
Confidentiality, authenticity and integrity
 via encryption and HMAC
 over IP payload (data)

Advantage: the security manipulations are done solely on user data

TCP packet is fully secured
 simplifies processing
 Use “null” encryption to get authenticity/integrity only

Note that the TCP ports are hidden when encrypted

 good: better security, less is known about traffic
 bad: impossible for FW to filter/traffic based on port

46
Modifications to the packet format
(ESP Mode)

47
Transport Mode ESP

48
 ESP in Transport Mode
 The data after the original IP header is padded by adding an ESP trailer and
the result is then encrypted using the symmetric cipher and key in the SA.
 An ESP header is prepended.
 If an SA uses the authentication service, an ESP MAC is calculated over the
data prepared so far and appended.
 The original IP header is prepended.
 However, some fields in the original IP header must be changed. For example,
 Protocol field changes from TCP to ESP.
 Total Length field must be changed to reflect the addition of the AH header.
 Checksums must be recalculated.
49
Tunnel Mode ESP

50
 ESP in Tunnel Mode
 The entire original packet is padded by adding an ESP trailer and the result is
then encrypted using the symmetric cipher and key agreed in the SA.
 An ESP header is prepended.
 If an SA uses the authentication service, an ESP MAC is calculated over the data
prepared so far and appended.
A new ‘outer’ IP header is prepended.
 The ‘inner’ IP header of the original IP packet carries the ultimate source and destination
addresses.
 The ‘outer’ IP header may contain distinct IP addresses such as addresses of security gateways.
 The ‘outer’ IP header Protocol field is set to ESP.
51
VPN: Typical usage of IPSec

52
IPSec: Common Architectures

1. Gateway-to-Gateway Architecture
2. Host-to-Gateway Architecture
3. Host-to-Host Architecture
(NIST Special Publication 800-77)

53
Gateway to Gateway architecture

54
Host to Gateway Architecture

55
Host to Host Architecture

56
Comparison of VPN Architecture Models

57
Risks of using VPN
IPSec typically used for VPN (Virtual Private Networks)
 A VPN client at external location may be connected to the Internet (e.g.
from hotel room or café) while at the same time being connected to home
network via VPN.
 VPN gives direct access to resources in home network.
 Internet access from external location may give high exposure to cyber
threats: No network firewall, no network IDS
 Attacks against the VPN client at external location can directly access the
home network through VPN tunnel.

58
Risks of VPN

59
Conclusion
 Communication security enables to protect traffic moving on unprotected
networks.
 In this chapter we focused on two security protocols present at the
application and network layers respectively TLS and IPSec.
 The next chapter deals with network perimeter security which presents the
second axis of network security.

60