Network Security Applications

Kerberos

Many real-life systems use an authentication protocol called Kerberos the Needham - Shroeder is the basis of Kerberos.

Version 4 of Kerberos is found in most practical implementation also version 5 is in use.

Working of Kerberos

There are four parties involved in Kerberos protocol. 1. Alice - the client workstation. 2. Authentication saver (AS) - Verifies (authenticates) the user during login. 3. Ticket Granting Server (TGS) - issues tickets to certify proof of identity.

-The job of AS is to authenticate every user at the login time. AS shares a unique secret password with every user, The job of TGS is to certify to the servers in the network that a user is really who he/she claims to be for proving this, the mechanism pf tickets(which allows entry into server, just as ticket allows parking a car or entering a music concert) is used.

-following are the three primary steps in Kerberos Protocol :

Step 1: Login

• The user uses public workstation & enters his name the workstation sends his name in plaintext to AS.

• In response , the AS performs several actions. It first creates a package of the username (Alice) & a randomly generated session key (KS). It encrypts this package with the symmetric key that the AS shares with the Ticket Granting Server (TGS). The output pf this step is called the Ticket Granting Ticket (TGT) which can be opened only by the TGS, since only it possesses the corresponding symmetric key for decryption. The AS then continues the TGT with the session key (KS) & encrypts the two together using a symmetric key derived from the password of Alice (KA) thus final output can be opened by Alice.

• After this message is received Alice’s workstation asks him for the password, When Alice enters it, the workstation generates the Symmetric Key (KA) derived from the password (uses that key to extract the session key(KS)) & the TGT. The workstation destroys the password of Alice from its memory immediately to prevent an attacker from stealing it, (Alice cannot open the TGT as it is encrypted with the key of the TFS) refer fig in step 1 diagram.

Step 2 : Obtaining a service granting ticket (SGT)

• Assume that after a successful login, Alice wants to make the use of Bob – the email server for some email communication for this Alice would inform his workstation that he needs to contact Bob, Thus Alice needs a ticket to communicate with Bon. At this stage, Alice’s workstation creates a message intended for the Ticket granting server(TGS), which contains the following items :

  a) the TGS in Step 1

  b) the id of the server(Bob) whose service Alice is interested in.

  c)The current timestamp, encrypted with the same session key (Ks) ( shown in the fig A )

• The TGT is encrypted with the secret key of TGS, the TGT, KS were encrypted together by the as with the secret key derived from the password of Alice. Therefore, only Alice could have opened that package & retrieved the TGT

• Once the TGS is satisfied of the credentials of Alice, the TGS creates a session key KAB, for Alice to have a secure communication with Bob, TGS sends it twice to Alice to have secure communication with Bob, TGS sends it twice to Alice once completed with Bob’s id (Bob) & encrypted with Bob’s secret key (KB) (shown in fig(B))

Step 3 : User contacts Bob for Accessing the server :

• Alice can now send KAB TO Bob in order to enter into a session with him, Since this exchange is also desired to be secure, Alice can simply forward KABA encrypted with Bob’s secret Key (which was received from TGS in Step 2) to Bob. This will ensure that only Bob can access KAB, to guard against replay attacks, Alice also sends the time stamp encrypted with KAB to Bob.

• To know whether Bob received KAB correctly or not? Bob adds 1 to timestamp sent by Alice, encrypts the result with KAB & sends it back to Alice.

• Since only Alice & Bob know KAB, Alice can open this packet & verify that the timestamp incremented by Bob was indeed the one sent by him to Bob in the 1st place.

• Now Alice & Bo can communicate securely with each other. They would use the shared secret key KAB to encrypt messages before sending & also to decrypt the encrypted message received from each other.

SSL ( Secure socket Layer )

This protocol is used for secure communication between the web browser & web server.

SSL protocol is located between the application layer & transport layer of the TCP/IP protocol suite i.e the application layer does not forward the data directly to the transport layer but it forwards to the SSL layer & the SSL layer performs encryption.

There are three protocols which are used by SSL :

1. Handshake Protocol
2. Record Protocol

3. Alert Protocol

   1. Handshake Protocol

• This is the 1st protocol which is used between the client & the server for communications.

• The handshake protocol messages are shown below :

• Type indicated the type of message exchanged between the client & server

• Length indicates the length of the message

• Content indicates the actual message or the parameters

• The handshake protocol consists of four phases :

  i. Establish security capabilities

  ii. Server authentication 7 key exchange

  iii. Client authentication & key exchange

  iv. Finish

  Step 1: Establishing security capabilities

  

  This phase is limited by the client by sending a client Hello Message

  Step 2 : Server authentication & Key exchange

  

  In this phase the server initiated the communication :

  1. There server first sends its own digital certificates to the client
  2. If the server does not send its own digital certificates to the client in step 1
  3. The server requires for client’s digital certificate, however this request id optional.
  4. There server Hello done message indicated the client that the server portion of Hello message is complete After sending all these messages, the server waits for the client’s response.

  Step 3 : Client authenticated & key exchange

  

  This phase is initiated by the client,

  1. The client sends its own certificate to the server, if & only if the server has requested it.

  2. The client generated a symmetric key which both the parties will use during the session, It is called as master key secret & the client encrypts it with the server’s public key & then it sends to the server.

     1. This step is for client authentication for this client continues the master key secret with the random no which was agreed by the client & server earlier to generate a has & the client signs it with its own private key.

  Step 4: Finish

  

  • This phase is initiated by the client.

    • The client sends a finish message to the server & the server replies finish message to the client.

TLS: (Transport Layer Security )

• TLS protocol is the IETF standard version of SSL protocol. Whose goal is to come out with an internet version of

• SSL & TLS are very similar with slight difference. Following are the differences between TLS & SSL

1. Version : the current version of SSL is 3.0 & TLS is 1.0.

2. Cipher suite : SSL supports an algorithm called Fortezza whereas TLS does not support Fortezza.

3. Generation of Cryptographic secrets : TLS has more complex process of generation of cryptographic secrets than SSL. TLS uses pseudorandom function to create master secret.

4. Alert protocol : TLS supports all of the alerts defined in SSL except for no certificate, TLS also added some new ones like decryption failed, export restriction, protocol version, insufficient security, internal error.

5. Handshake protocol : TLS has made some changes in Handshake protocol, The details of the certificate verify message & the finished message have been changed.

   • Certificate verify message in SSL . The hash used in the certificate verify message is the two step hash of the handshake message plus a pad and the master secret, TLS has simplified the process by using hashes only over the handshake messages.

   • Finished messages: Hash calculation for the finished message has also been changed, TLS uses the PRF (pseudorandom function) to calculate two hashed used for finished message.

6. Record protocol : The only change in this protocol is the use of HMAC, instead of MAC for signing the message.

Pseudorandom Function (PRF)

• PRF is the combination of two date expansion functions, one using MD5 & the other SHA -1

• PRF takes three input, a secret a label and a seed.

• The label & the seed are concatenated & serves as the seed for each date- expansion function The secret is divided into two halves ; each half is used as the secret for each data expansion function. The output of two data expansion function is exclusive – ored together to create the final expanded secret.

• As the hashes created froMD5 & SHA-1 are of different sized, extra section of md5 – based function must be created to make the two outputs the same size.

IP SECURITY: ( IPSEC )

• IPSEC is a protocol to provide security for a packet at a Network layer which is often referred to as the Internet Protocol or IP layer.

• IPSEC helps to create confidential & authenticated packets for the IP layer.

• It can enhance the security of those client / server programs such as electronic mail, that use their own security protocol.

• It can enhance the security of those client / server programs such as HTTP, that use the security services provided at the transport layer.

• It can also be used to provide security to those client /server programs that do not use the security services provided at the transport layer.

• It can provide security for node to node communication programs such as routing protocols.

Model of IPSEC

1. Transport mode: - (it only protects the information coming from Transport layer)
2. In this mode, IPSEC protects only the packet from the transport layer not the whole IP packet. Here the IPSEC header & trader are added to the information coming from the transport layer. The IP header is added later.
3. This mode is normally used when we need host to host (end to end protection of data)

1. Tunnel Mode : ( IPSEC in this mode protects the original IP header )

• In this mode, IPSEC protects the entire IP packet. It takes an IP packet, including the header , applies IPSEC security methods to the entire packet & then adds a new IP header.

• The new IP header, has different information than the original IP header.

• Tunnel mode is normally used between two route, between a host & a router or between a router & a host.

Protocols of IPSEC :

• IPSEC defines two protocols

  • a. the Authentication Header (AH)

  • b. Encapsulation Security Payload (ESP)

  to provide authentication and for encryption for the packets at the IP level.

1.Authentication Header (AH) (provide source authentication & data integrity but not privacy)

• AH protocol is designed to authenticate the source host & to ensure the integrity of the payload carried in the IP packet.

• This protocol uses a hash function & a symmetric key to create a message digest; the digest is inserted via the authentication header.

• The AH is then placed on the appropriate location , based on the mode i .e transport or tunnel.

• 

• When an IP datagram carries an authentication header, the original value in the protocol of the IP header is replaced by the value 51.

• The addition of an authentication header follows following steps :

  1. An AH is added to the payload with authentication data field set to 0.

  2. Padding may be added to make the total length ever for a particular hashing algorithm.

  3. Hashing is based on the total packet. However only those fields of the IP header that do not change during transmission are included in the calculation of the message digest i.e authentication data.

  4. The authentication data are inserted in the authentication header.

  5. The IP header is added after changing the value of the protocol filed to 51.

  Description of every field of AH protocol

  1.Next header : The 8 bit header field defines the type of payload carried by the IP datagrams (such as TCP , UDP, ICMP ). The process copies the value of the protocol field in the IP datagram to this field. The value of the protocol field in the new IP datagram is now set to 51 to show that the packet carried an AH.

  2.Payload length : It defined the length of the AH in 4 -byte multiples, but it does not include the first 8 bytes.

  3.Security Parameter index : The 32 but SPI field plays the role of a virtual circuit identifier & is the same for all packets sent during a connection called Security Association.

  4.Sequence Number : A 32 bit sequence number provides ordering information for a sequence of datagrams. It prevents a playback. Sequence number is not repeated even if a packet is retransmitted.

  5.Authentication data : This field is the result of applying a hash function to the entire IP datagram except for the fields that are changed during transit.

2. Encapsulating Security Protocol (ESP) (privacy achieved here)

• As AH protocol does not provide privacy , IPSEC comes up with ESP protocol.

• It provides source authentication , integrity & privacy.

• It adds a header & trailer.

• ESP's authentication data are added at the the end of the packet which makes its calculation easier.

• When an IP datagram carries an ESP header & trailer, the value of the protocol field in the IP header is 50.

• A field inside the ESP trailer ( next header field) holds the original value of the protocol field ( the type of payload being carried by the IP datagram such as TCP or UDP ).

• ESP procedure follows the following steps :

• An ESP trailer is added to the payload.
• The payload & the trailer are encrypted.
• The ESP header is added.
• The ESP header, payload & ESP trailer are used to create the authentication data.
• The authentication data are added to the end of the ESP trailer.
• The IP header is added after changing the protoco value of 50.

Description for the fields of ESP are as follow :

a. Security parameter index : - The 32 bit security parameter index field is similar to that defined for the AH protocol. b. Sequence number : - 32 bit sequence number is also similar to AH protocol. This variable lenth field (0 to 25 bytes) of 0s. c.Padding : Serves as padding. d.Pad length : The 8 bit pad length field defines the number of padding bytes, the value is between 0 & 255, the max value is rare. e. Next header : - The 8 bit next header field is similar to that defined in AH protocol. It serves the same purpose as the protocol field in the IP header before encapsulation. f.Authentication data: Finally authentication data field is the result of applying an Authentication scheme to parts of the datagram. In AH part of IP header is included in the calculation of the authentication data whereas in ESP it is not.

Secure Email : 1. PGP : - (Pretty Good Privacy)

• It provide email with privacy, integrity &authentication.
• It can be used to create a secure e-mail message or to store a file securely for future retrieval.

PGP provides following services : a. Message integrity b. Message compression. c. Confidentiality with one time session key. d. Code conversion. e. Segmentation

• Most email systems allow the message to consist of only ASCII characters. To translate other characters not in the ASCII set , PGP uses Radix 64 conversion. Each character to be sent (after encryption) is converted to Radix 64 code.

• PGP allows segmentation of the message after it has been converted to Radix 64 to make each transmitted unit the uniform size as allowed by underlying e-mail protocol.

PGP uses following algorithms : a.Public Key Algorithms : RSA ( for signing, encryption ) , Elgamel for encryption only, DSS. b.Symmetric - Key ALgorithm : Blowfish, triple DES. c.Hash Algorithm : MD5, SHA -1. d.Compression Algorithm : ZIP

PGP Packets:

-A message in PGP consists of one or more packets -PGP has generic header that applies to every packets

a.Tag : - This field defines a tag as an 8-bit flag, the 1st bit that is the most sygnificant is always 1, 2nd bit is 1 if we are using the latest version. The remaining six bits can define upto 64 different packet types.

b.Length: The length field defines the length of the entire packet in bytes. The size of this field is variable, it can be 1,2,or 5 bytes. The receiver can determine the number of bytes of the length field by looking at the value of the byte immediately following tag field. Case 1: if the value of the byte after the tag field is <192, the length of the field is only byte. Case 2: If the value of the byte after tag field is between 192 to 223 (inclusive ) the length field is two bytes. Case 3: If the value of the byte after tag field is between 224 & 254 (inclusive) the length field is one byte. THis type of length field defines only the length of part of the body o .e partial body length. Case 4: If it is 255, then length field is of 5 bytes.