Internet Security CSCE 813 Network Access Layer Security Protocols

dingdongboomΔίκτυα και Επικοινωνίες

27 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

110 εμφανίσεις

Internet Security

CSCE 813


Network Access Layer
Security Protocols

CSCE 813
-

Farkas

2

Reading


Frequently Asked Questions
--

Microsoft's PPTP
Implementation,
http://www.schneier.com/pptp
-
faq.html



CISCO, How Virtual Private Networks Work,
http://www.cisco.com/en/US/tech/tk583/tk372/tec
hnologies_tech_note09186a0080094865.shtml




CSCE 813
-

Farkas

3

TCP/IP Protocol Stack

Application Layer

Transport Layer

Intern
etwork Layer

Network Access Layer



Each layer interacts with


neighboring layers above


and below



Each layer can be defined


independently



Complexity of the networking


is hidden from the application

Network Access Layer


Roughly corresponds to OSI Physical and Data
Link layers


Least uniform of TCP/IP layers


Services and functionalities to prepare data for he
physical network


Interfacing with computer network adapter,
coordinating data transmission, formatting data,
checking for errors acknowledging receipts, etc.


LAN technologies: ethernet and token ring


Diverse, complex, invisible

CSCE 813
-

Farkas

4

CSCE 813
-

Farkas

5

Security
--

At What Level?


Secure traffic at various levels in the
network


Where to implement security?

--

Depends
on the security requirements of the
application and the user

CSCE 813
-

Farkas

6

Security at Network Access Layer


Dedicated link between hosts/routers


hardware
devices for encryption


Advantages:


Speed


Disadvantages:


Not scaleable


Works well only on dedicates links


Two hardware devices need to be physically connected

CSCE 813
-

Farkas

7

SILS


1980s: IEEE security for LAN and MAN


Standard for Interoperable LAN/MAN
Security

(compatible with IEEE 802 and
OSI specifications)


Has not been commercially successful


Recent work on secure dial
-
up connections
using PPP

CSCE 813
-

Farkas

8

Virtual Private Network (VPN)


Private network, constructed within the pubic
Internet


Goals:


Connect private networks, using public infrastructure


Simplify distributed network creation


Requirements:


Security

(confidentiality, authentication, integrity)


Quality of Service

Without VPN

CSCE 813
-

Farkas

9

Client

Main office

Internet

PSTN/ISDN to set up PPP connection

RAS

Security?

CSCE 813
-

Farkas

10

With VPN

Client

Main office

Internet

L2TP Tunnel

PSTN

LAC

LNS

Virtual Private Network


L2TP: combines Layer 2 Forwarding (L2F) and
Point
-
to
-
Point Tunneling Protocol (PPTP)


Terms:


CHAP: Challenge Handshake Authentication
protocol


L2TP Access Concentrator (LAC)


L2TP Network Server (LNS)


Virtual Private Dial Network (VPDN)

CSCE 813
-

Farkas

11

CSCE 813
-

Farkas

12

Security Support


Message confidentiality


Encryption supported by IPSec, PPTP/MPPE,
or L2TP/IPSec protocols


Message integrity


Integrity verification in IPSec, origin
authentication


Data origin authentication

Security Support


Anti Replay


Traffic flow Confidentiality


Data tunneling to hide traffic


Non
-
repudiation


AAA: Authentication, Authorization and
accountability


Key management



CSCE 813
-

Farkas

13

CSCE 813
-

Farkas

14

Secure Dial
-
Up Connection

Copyright: Oppliger, eSecurity

CSCE 813
-

Farkas

15

Network Services


Tunneling and Encapsulation


Tunneling uses encapsulation where data transfer units
of one protocol are enclosed inside a different kind of
protocol


Advantage
:


Allows transmission of incompatible frames over
existing network


Allows cryptographic protection


Disadvantage
:


Need extra software to allow encapsulation


slower performance

CSCE 813
-

Farkas

16

L2TP
-

Terminology


Remote system (dial
-
up client):

computer system
that is either the initiator or recipient of the a layer
2 tunnel


L2TP Access Concentrator (LAC):

node that acts
as one side of the layer 2 tunnel an peer to the
L2TP server


L2TP Network server (LNS):

node that acts as one
side of the layer 2 tunnel an peer to the LAC


CSCE 813
-

Farkas

17

Tunneling Establishment


Voluntary tunneling:


Tunnel is created by the client (user)


User sends packets encapsulated in the tunneling
protocol (L2TP, PPTP)


Compulsory tunneling:


Tunnel is created without any action from the client


Client sends PPP packets to LAC (e.g., ISP), which
encapsulates them in the tunneling protocol (L2TP,
PPTP)


Level of protection of the packets differ!

CSCE 813
-

Farkas

18

Layer 2 Tunneling Protocol
(L2TP)


Goal: Tunnel PPP frames between remote system (LAC
client) and LNS located at LAN.


Encapsulate a given network layer protocol (e.g., IP,
IPX
)
inside
PPP

to cryptographically protect the PPP frames
(
L2TP
) and to encapsulate the data inside a tunneling
protocol (e.g.,
IP
)





Most popular


Applicable over the internet



IPX

PPP

L2TP

IP

CSCE 813
-

Farkas

19

L2TP Protocol


Tunnel components


Control channel (reliable): control sessions and tunnel


Data channel (unreliable): created for each call


Multiple tunnels may exist been LAC
-
LNS pair to
support different QoS needs

Control

Session 1 (Call ID 1)

Session 2 (Call ID 2)

LAC

LNS

Copyright: G. Chaffee, UCA/Berkley

CSCE 813
-

Farkas

20

L2TP Protocol Structure

PPP Frames

L2TP Data Messages

L2TP Data channel


(unreliable)

L2TP Control channel


(reliable)

L2TP Contr. msgs

Packet Transport (IP,UDP, ATM, etc.)

CSCE 813
-

Farkas

21

Control Messages


Establishment, maintenance and clearing of
tunnels and calls


Utilize a reliable Control Channel within
L2TP to guarantee delivery


Control message types:


Control Connection Management


Call Management


Error Reporting


PPP Session Control

CSCE 813
-

Farkas

22

Data Messages


Encapsulate PPP frames being carried over
the tunnel


Not retransmitted when packet loss occurs


Sequence numbers (optional):


Optional data message sequencing


May be used to detect lost packets


No fragmentation avoidance

CSCE 813
-

Farkas

23

Security Considerations

Tunnel Endpoint Security


Endpoints
may optionally perform an
authentication

procedure of one another during
tunnel establishment (CHAP)


Reasonable protection against
replay and snooping



Designed to provide authentication for
tunnel
establishment only


LAC and LNS MUST share a
single secret key


Each side uses this same secret when acting as
authenticate as well as authenticator

CSCE 813
-

Farkas

24

Security Considerations

Packet Level Security


L2TP requires that the
underlying transport make
available encryption, integrity and authentication
services

for all L2TP traffic


Secure transport operates on the entire L2TP
packet and is
functionally independent of PPP and
the protocol being carried by PPP



L2TP is only concerned with confidentiality,
authenticity, and integrity of the L2TP packets
between tunnel endpoints


CSCE 813
-

Farkas

25

Security Considerations

End to End Security



Secure transport in tunnel
protects the data

within the tunneled PPP packets while
transported from the LAC to the LNS


Need: security between

communicating
hosts

or applications (IPSec)

CSCE 813
-

Farkas

26

L2TP and IPSec

Attacks to consider:


Packet snooping: discover user identity


Packet modification (both control and data
messages)


Denial of Service by terminating PPP
connections or L2TP tunnels


Disrupt L2TP tunnel establishment


CSCE 813
-

Farkas

27

PPTP


Designed to create and maintain VNP
tunnels over public TCP/IP networks using
PPP


Joint effort of Microsoft and product
vendors


Server in Windows NT 4.0


Clients for Win 95, NT 4.0

Copyright: G. Chaffee, UCA/Berkley

CSCE 813
-

Farkas

28

Copyright: Oppliger, eSecurity

CSCE 813
-

Farkas

29

PPTP


Data channel:


Encapsulates PPP over IP using Generic
Routing Encapsulation (GRE)


Encapsulates link layer (PPP), communicates at
network layer (IP)


IP

PPP

GRE

IP

Media spec.

header

CSCE 813
-

Farkas

30

PPTP


Signaling (control) channel:


Uses TCP connection for signaling


Query status and convey signaling information
between LAC and LNS


Always initiated by the PPTP client to the
PPTP server via port 1723


Bidirectional


CSCE 813
-

Farkas

31

Copyright: Oppliger, eSecurity

CSCE 813
-

Farkas

32

Authentication


MS
-
PPTP


Three methods:


Clear password: client authenticates to the
server


Hashed password: client authenticates to the
server


Challenge
-
response: client and server
authenticate each other

CSCE 813
-

Farkas

33

Hashed authentication


LAN manager: DES encryption



Password is turned into a 14 character string


All converted to upper case


String is splint into two 7
-
character strings and used as
the key to encrypt a fixed constant


two 8
-
byte strings


Concatenate strings


16
-
byte string = hash value


Windows NT hash function: MD4 hash


Password converted to unicode


Hashed using MD4


16 byte hash value



CSCE 813
-

Farkas

34

Security Problems with
Hashed Authentication


Dictionary attack


LAN Manager is easier to break


Windows NT: better (mixed case)


Neither supports password salt


Both hash values are sent together

CSCE 813
-

Farkas

35

Encryption


Assume existence of secret key shared
between client and server


RC4 stream cipher: encrypt data traffic


Need key agreement:


Diffie
-
Hellman key exchange


Generate deterministically from LAN
Manager’s hash value (NOT SECURE!)

Summary of L2TP


Not secure without the support of IPSec


CSCE 813
-

Farkas

36

Next Class


Transport layer security

CSCE 813
-

Farkas

37