communication systems
play

Communication Systems SSL University of Freiburg Computer Science - PowerPoint PPT Presentation

Aug 24, 2022 •308 likes •557 views

Communication Systems SSL University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

  1. Communication Systems SSL University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer

  2. Organization ‣ I. Data and voice communication in IP networks ‣ II. Security issues in networking ‣ III. Digital telephony networks and voice over IP Communication Systems Computer Networks and Telematics 2 Prof. Christian Schindelhauer University of Freiburg

  3. Network Security Goals ‣ Confidentiality : only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message • Privacy: hide `who is doing what with whom` ‣ Authentication : sender, receiver want to confirm identity of each other ‣ Integrity : sender, receiver want to ensure messages are not altered (in transit, or afterwards) without detection ‣ Access and Availability : services must be accessible and available to users Communication Systems Computer Networks and Telematics 3 Prof. Christian Schindelhauer University of Freiburg

  4. Network Security on Different Layers ‣ Security measures could be hooked to different layers of the stack • Link layer: one `hop` (e.g. wireless link) • IP Layer (IP-Sec): transparent to application (next Friday) • Transport Layer (SSL/TLS): easy, widely used • Application Layer (PGP, S/MIME) Communication Systems Computer Networks and Telematics 4 Prof. Christian Schindelhauer University of Freiburg

  5. SSL (Secure Socket Layer) ‣ Transport layer security service, yields secure channel • Secure byte stream • Optional public-key server authentication • Optional client authentication ‣ Development started by Netscape to offer secure Internet business • Used/Implemented with HTTP first (HTTPS, port 443) • Hash: combined MD5 & SHA • Encryption: Diffie Helman, RSA & DES, RC4 ‣ Version 3 designed with public input; subsequently became Internet standard TLS (Transport Layer Security) Communication Systems Computer Networks and Telematics 5 Prof. Christian Schindelhauer University of Freiburg

  6. SSL (Secure Socket Layer) ‣ Uses TCP to provide a reliable end-to-end service • Not restricted for secure web (HTTP) transactions • Useful for any TCP based service to be secured: HTTP, IMAP, POP, NNTP, telnet, telephony signaling ‣ SSL implements two layers of protocols ‣ SSL session • Association between client & server • Created by the Handshake Protocol • Define a set of cryptographic parameters • May be shared by multiple SSL connections Communication Systems Computer Networks and Telematics 6 Prof. Christian Schindelhauer University of Freiburg

  7. SSL (Secure Socket Layer) ‣ SSL connection • A transient, peer-to-peer, communications link • Associated with one SSL session Communication Systems Computer Networks and Telematics 7 Prof. Christian Schindelhauer University of Freiburg

  8. SSL record protocol ‣ Confidentiality – the handshake protocol defines a shared key for encryptions of SSL payloads • Using symmetric encryption with a shared secret key defined by Handshake Protocol • stateful protocol ‣ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 ‣ Message is compressed before encryption Communication Systems Computer Networks and Telematics 8 Prof. Christian Schindelhauer University of Freiburg

  9. SSL record protocol and format ‣ The record format leads to ‣ Message Integrity – the handshake protocol defines a shared key used to form message authentication code (MAC) • Similar to HMAC but with different padding Communication Systems Computer Networks and Telematics 9 Prof. Christian Schindelhauer University of Freiburg

  10. SSL MAC calculation ‣ Hash(MAC_secret_key || pad2 || hash(MAC_secret_key || pad1 || seqNum || SSLcompressed.type || SSLcompressed.length || SSLcompressed.fragment)) ‣ Where: • Mac_secret_key – • pad1 = 0x36 repeated 48 times for MD5 40 times for SHA-1 • pad2 = 0x5C repeated … • SSLcompressed.type = the higher level protocol used to process this fragment Communication Systems Computer Networks and Telematics 10 Prof. Christian Schindelhauer University of Freiburg

  11. SSL encryption ‣ Fragment size 2 14 = 16384 bytes • Compression must be lossless and must not increase length more than 1024 • No compression algorithm specified in SSLv3 – default no compression • Block Cipher Encryption Methods - IDEA (128) RC2-40, DES-40, DES (56), 3DES (168) • Stream Cipher Encryption choices - RC4-40, RC4-128 Communication Systems Computer Networks and Telematics 11 Prof. Christian Schindelhauer University of Freiburg

  12. SSL payload / Change Cipher Specification Protocol ‣ Change Cipher Spec Protocol • consists of a single message of a single byte with value 1 • it means copy pending state to current state Communication Systems Computer Networks and Telematics 12 Prof. Christian Schindelhauer University of Freiburg

  13. SSL Alert Protocol ‣ Conveys SSL-related alerts to peer entity ‣ Severity • Warning or fatal: 1=warning, 2=fatal ‣ Specific alert • Unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter • Close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown ‣ Compressed and encrypted like all SSL data Communication Systems Computer Networks and Telematics 13 Prof. Christian Schindelhauer University of Freiburg

  14. SSL Handshake Protocol ‣ Most complex part of SSL • Allows the server and client to authenticate each other • Negotiate encryption, MAC algorithm and cryptographic keys • Used before any application data are transmitted ‣ Message Fields • Type (8) • Length (24) • Content ( ≥ 1 byte) parameters ‣ Several Message types Communication Systems Computer Networks and Telematics 14 Prof. Christian Schindelhauer University of Freiburg

  15. SSL Handshake Protocol – message types ‣ Message types (name (value)): • Hello-request (null) • Client-hello (version,random(32B), sessionID, cipher suite, compression method) • Server_hello (same as Client-hello) • Certificate (chain of X.509v3 certificates) • Server_key_exchange (parameters, signature) • Certificate_request (type, authorities) • Server_done (null) • Certificate_verify (signature) • Client_key_exchange (parameters, signature) • Finished (hash value) Communication Systems Computer Networks and Telematics 15 Prof. Christian Schindelhauer University of Freiburg

  16. SSL Handshake Protocol ‣ Colored messages are optional ‣ Phase 1-3 messages are plaintext Communication Systems Computer Networks and Telematics 16 Prof. Christian Schindelhauer University of Freiburg

  17. SSL Handshake Protocol – Phase 1 ‣ Establish security capabilities • Client_hello - Version = highest SSL understood by client - Random 32 bit time stamp + 28 random bytes (secure random number generator) - sessionID: 0 to establish new connection, non-zero means update parameters of an existing session - Ciphersuite: sequence of cryptographic algorithms in decreasing order of preference (key exchange + CipherSpec) - Compression methods: sequence of compression methods Communication Systems Computer Networks and Telematics 17 Prof. Christian Schindelhauer University of Freiburg

  18. SSL Handshake Protocol – Phase 1 ‣ Establish security capabilities • Server_hello is sent back - same as from client but confirmation to suggested values: - Highest common version, new random field, same sessionID if nonzero, new sessionID otherwise, the selected ciphersuite and the selected compression technique ‣ Key Exchange methods • RSA – secret key is encrypted with receiver’s RSA public key • Fixed Diffie-Hellman • Ephemeral Diffie Hellman • Anonymous Diffie-Hellman • Fortezza Communication Systems Computer Networks and Telematics 18 Prof. Christian Schindelhauer University of Freiburg

  19. SSL Handshake Protocol – Phase 1 ‣ CipherSpec follows containing the fields • Cipher algorithm • MAC algorithm • CipherType: block or stream • Hash size: 0, 16 for MD5 or 20 for SHA-1 bytes • Key material – sequence of bytes used to generate keys • IV size of Initial Value for Cipher Block Chaining (CBC) Communication Systems Computer Networks and Telematics 19 Prof. Christian Schindelhauer University of Freiburg

  20. SSL Handshake Protocol – Phase 2 ‣ Server Authentication and Key Exchange ‣ Server sends • Certificate: X.509 certificate chain (not required for anonymous Diffie-Hellman) • Server_key_exchange (not always need e.g. fixed Diffie-Hellman) - Hash(Client_hello.random|| ServerHello.random||ServerParms) • Certificate_request: certificate type and certificate authorities • Server_hello_done: I’m done and I’ll wait on response Communication Systems Computer Networks and Telematics 20 Prof. Christian Schindelhauer University of Freiburg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems

Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems

Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems Multi Zang Li Wade Trappe Roy Yates WINLAB, Rutgers University 1 Outline Information theory background on information security Problem

511 views • 22 slides
Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented Communication Remote Procedure Calls Transparency but poor for passing references Remote Method Invocation RMIs are essentially RPCs

246 views • 9 slides
Optimizing MPI Communication on Multi-GPU Systems using CUDA Inter-Process Communication Sreeram

Optimizing MPI Communication on Multi-GPU Systems using CUDA Inter-Process Communication Sreeram

Optimizing MPI Communication on Multi-GPU Systems using CUDA Inter-Process Communication Sreeram Potluri* Hao Wang* Devendar Bureddy* Ashish Kumar Singh* Carlos Rosales + Dhabaleswar K. Panda* *Network-Based Computing Laboratory

779 views • 22 slides
Digital Communication Syst Digital Communication Systems ems ECS 452 ECS 452 Asst. Prof. Dr.

Digital Communication Syst Digital Communication Systems ems ECS 452 ECS 452 Asst. Prof. Dr.

Digital Communication Syst Digital Communication Systems ems ECS 452 ECS 452 Asst. Prof. Dr. Prapun Suksompong prapun@siit.tu.ac.th Fading Channels Office Hours: Rangsit Library: Tuesday 16:20-17:20 BKD3601-7: Thursday 16:00-17:00 1

470 views • 22 slides
= + 2 cos (2 ) 0.5 (1 cos(2 2 )) 0.5( ) ft dt ft dt b

= + 2 cos (2 ) 0.5 (1 cos(2 2 )) 0.5( ) ft dt ft dt b

Backgorund: Digital Communication Systems In this note, we will review the basic transmitter and receiver principles in digital communication systems. The discussions will provide useful background for this course. Binary phase shift keying

537 views • 10 slides
Lecture 01 Introduction to Communication Systems I-Hsiang Wang ihwang@ntu.edu.tw National

Lecture 01 Introduction to Communication Systems I-Hsiang Wang ihwang@ntu.edu.tw National

Principle of Communications, Fall 2017 Lecture 01 Introduction to Communication Systems I-Hsiang Wang ihwang@ntu.edu.tw National Taiwan University 2017/9/13 Outline The basic architecture of communication systems Source-channel

213 views • 9 slides
Operating Systems Inter-Process Communication ENCE 360 Outline Introduction Examples

Operating Systems Inter-Process Communication ENCE 360 Outline Introduction Examples

Operating Systems Inter-Process Communication ENCE 360 Outline Introduction Examples Shared Memory Files Pipes Signals Pages 43-45, 733-734 MODERN OPERATING SYSTEMS (MOS) By Andrew Tanenbaum Interprocess Communication

741 views • 29 slides
CHAPTER 8: AGENT COMMUNICATION An Introduction to Multiagent Systems

CHAPTER 8: AGENT COMMUNICATION An Introduction to Multiagent Systems

CHAPTER 8: AGENT COMMUNICATION An Introduction to Multiagent Systems http://www.csc.liv.ac.uk/mjw/pubs/imas/ Chapter 8 An Introduction to Multiagent Systems 1 Agent Communication In this lecture, we cover macro-aspects of intelligent

485 views • 21 slides
A Privacy-preserving Pseudonym Acquisition Scheme for Vehicular Communication Systems Andreas

A Privacy-preserving Pseudonym Acquisition Scheme for Vehicular Communication Systems Andreas

A Privacy-preserving Pseudonym Acquisition Scheme for Vehicular Communication Systems Andreas Messing amessing@kth.se 1 Vehicular Communication Systems Smart Cities Self-driving Transportation Systems Vehicle-to-Vehicle

198 views • 19 slides
Information, Computation, and Communication Networks 1 ICC Module Systems Networks

Information, Computation, and Communication Networks 1 ICC Module Systems Networks

ICC Module Systems Networks Information, Computation, and Communication Networks 1 ICC Module Systems Networks Computer Networks 2 ICC Module Systems Networks Outline Communication protocols Packet switching Protocol

1.17k views • 82 slides
Distributed Systems Group Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Group Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Group Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Modes of communication

961 views • 46 slides
Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking

Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking

Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking Quality, Finance, and Daily Improvement (MDI) Metrics Dina Aper, BSMLS (ASCP), CIC November 1, 2018 2 Objectives Define Communication Tactics

416 views • 19 slides
# Comm. ! Params * ! Optimizing Communication Spark 1.0.1 6 ! Performance: Hadoop 1.0.4 10 !

# Comm. ! Params * ! Optimizing Communication Spark 1.0.1 6 ! Performance: Hadoop 1.0.4 10 !

Varys Efficient Coflow Scheduling ! Mosharaf Chowdhury, ! Yuan Zhong, Ion Stoica ! UC#Berkeley# Communication is Crucial ! Performance Facebook analytics jobs spend 33% of their runtime in communication 1 ! As in-memory systems proliferate, ! the

781 views • 25 slides
Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Communication systems for vehicle electronics Presentation overview Background automotive electronics as an application area for real-time communication Real time protocols LIN Local

724 views • 38 slides
Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Presentation overview Background automotive

2014-05-05 Communication systems for vehicle electronics Communication systems for vehicle electronics Presentation overview Background automotive electronics as an application area for real-time communication Real time protocols LIN

582 views • 19 slides
Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Where to put the

Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Where to put the

Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu Network Security Reading Assignment: chapters 16, 19 Network Security SSL TLS 1 Some Issues with Real-time Communication Session key establishment

312 views • 8 slides
A Framework for Effective Alert Visualization Uday Banerjee Jon Ramsey SecureWorks The

A Framework for Effective Alert Visualization Uday Banerjee Jon Ramsey SecureWorks The

A Framework for Effective Alert Visualization Uday Banerjee Jon Ramsey SecureWorks The Information Security Experts Visualization Visualization has always been used but mostly from a reporting standpoint We need to start pushing

538 views • 26 slides
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security (TLS)

604 views • 42 slides
Chapter 16 Cryptography and Network Transport Level Security Security Chapter 16 Use your

Chapter 16 Cryptography and Network Transport Level Security Security Chapter 16 Use your

Chapter 16 Cryptography and Network Transport Level Security Security Chapter 16 Use your mentality Wake up to reality From the song, "I've Got You under My Skin Fifth Edition by Cole Porter by William Stallings Lecture slides by

300 views • 5 slides
Resources for Controlled Languages for Alert Messages and Protocols in the European Perspective

Resources for Controlled Languages for Alert Messages and Protocols in the European Perspective

Resources for Controlled Languages for Alert Messages and Protocols in the European Perspective Sylviane Cardey 1 , Krzysztof Bogacki 2 , Xavier Blanco 3 , Ruslan Mitkov 4 1 Centre Tesnire, Universit de Franche-Comt (FR) 2 Uniwersytet

491 views • 22 slides
Advances in Suricata Eric Leblond @Regiteric http://home.regit.org/ Victor Julien

Advances in Suricata Eric Leblond @Regiteric http://home.regit.org/ Victor Julien

Advances in Suricata Eric Leblond @Regiteric http://home.regit.org/ Victor Julien @inliniac http://www.inliniac.net/ Content of this talk Introduction to Suricata, OISF Eric Leblond will speak about recent

580 views • 47 slides
Lecture for February 10, 2016 ECS 235A UC Davis Matt Bishop February 10, 2016 ECS 235A, Matt

Lecture for February 10, 2016 ECS 235A UC Davis Matt Bishop February 10, 2016 ECS 235A, Matt

Lecture for February 10, 2016 ECS 235A UC Davis Matt Bishop February 10, 2016 ECS 235A, Matt Bishop Slide #1 Supporting Crypto All parts of SSL use them Initial phase: public key system exchanges keys Messages enciphered using

856 views • 63 slides
A Formal TLS Handshake Model in LNT Josip Bozic, Franz Wotawa Lina Marsso, Radu Mateescu Graz

A Formal TLS Handshake Model in LNT Josip Bozic, Franz Wotawa Lina Marsso, Radu Mateescu Graz

0 0 A Formal TLS Handshake Model in LNT Josip Bozic, Franz Wotawa Lina Marsso, Radu Mateescu Graz University of Technology Univ. Grenoble Alpes, Inria, Institute of Software Technology CNRS, Grenoble INP, LIG 38000 Grenoble, France 8010

603 views • 31 slides

More recommend