network 4 transport layer security most slides stolen
play

Network #4: Transport Layer Security (Most Slides stolen from - PowerPoint PPT Presentation

Jul 14, 2023 •136 likes •704 views

Computer Science 161 Fall 2016 Popa and Weaver Network #4: Transport Layer Security (Most Slides stolen from Dave Wagner) 1 Theme of This Lecture Computer Science 161 Fall 2016 Popa and Weaver 2 But Trust Can Be Delegated

  1. Computer Science 161 Fall 2016 Popa and Weaver Network #4: 
 Transport Layer Security (Most Slides stolen from 
 Dave Wagner) 1

  2. Theme of This Lecture Computer Science 161 Fall 2016 Popa and Weaver 2

  3. But Trust Can Be Delegated… Computer Science 161 Fall 2016 Popa and Weaver 3

  4. Today’s Lecture Computer Science 161 Fall 2016 Popa and Weaver • Applying crypto technology in practice • Two simple abstractions cover 80% of the use cases for crypto: – “Sealed blob”: Data that is encrypted and authenticated under a particular key – Secure channel: Communication channel that can’t be eavesdropped on or tampered with • Today: TLS – a secure channel • In network parlance, this is an “application layer” protocol but… • designed to have any application over it, so really “layer 6.5” is a better description 4

  5. Building Secure End-to-End Channels Computer Science 161 Fall 2016 Popa and Weaver • End-to-end = communication protections achieved all the way from originating client to intended server • With no need to trust intermediaries • Dealing with threats: • Eavesdropping? • Encryption (including session keys) • Manipulation (injection, MITM)? • Integrity (use of a MAC); replay protection • Impersonation? ( What’s missing? ) • Signatures Availability … 5

  6. Building A Secure End-to-End Channel: SSL/TLS Computer Science 161 Fall 2016 Popa and Weaver • SSL = Secure Sockets Layer (predecessor) • TLS = Transport Layer Security (standard) • Both terms used interchangeably • Security for any application that uses TCP • Secure = encryption/confidentiality + integrity + 
 authentication (of server, but not of client) • Multiple uses • Puts the ‘s’ in “https” • Secures mail sent between servers (STARTTLS) • Virtual Private Networks 6

  7. An “Insecure” Web Page Computer Science 161 Fall 2016 Popa and Weaver 7

  8. A “Secure” Web Page People think lock icon means Computer Science 161 Fall 2016 Popa and Weaver “Hey, I can trust this site” 
 Lock Icon means: 
 (no matter where the lock icon 
 itself actually appears). “Your communication between 
 your computer and the site 
 is encrypted and authenticated” “Some other third party attests that 
 this site belongs to Amazon” “These properties hold not just for the 
 main page, but any image or script is 
 also fetched from a site with attestation 
 and encryption” 8

  9. Basic idea Computer Science 161 Fall 2016 Popa and Weaver • Browser (client) picks some Amazon Browser Server symmetric keys for encryption + E KA (keys) authentication MAC k1 (…) • Client sends them to server, encrypted using RSA public-key MAC k2 (…) encryption E k3 ( m e s • Both sides send MACs s a g e ) , M A C k1 ( … ) • Now they use these keys to encrypt and authenticate all subsequent messages, using symmetric-key crypto 9

  10. HTTPS Connection (SSL / TLS) Computer Science 161 Fall 2016 Popa and Weaver Amazon • Browser (client) connects via TCP to Browser Server Amazon’s HTTPS server SYN • Client picks 256-bit random number SYN ACK R B , sends over list of crypto protocols it supports ACK H • Server picks 256-bit random number e l l o . M y ( T r L n S d + # R R S , selects protocols to use for this = S ( R B S A S + L . A I + E R s S u S 1 p A 2 p 8 + o + 3 r S t D session H E A S + 1 M ) o D r 5 ) o r … • Server sends over its certificate My rnd # = R S . Let ’ s use TLS+RSA+AES128+SHA1 • (all of this is in the clear) Here ’ s my cert • Client now validates cert ~2-3 KB of data 10

  11. HTTPS Connection (SSL / TLS), cont. Computer Science 161 Fall 2016 Popa and Weaver • For RSA, browser constructs Amazon Browser “Premaster Secret” PS Server Here ’ s my cert • Browser sends PS encrypted using ~2-3 KB of data Amazon’s public RSA key K Amazon PS {PS} K Amazon • Using PS, R B , and R S , browser & PS server derive symettric cipher keys 
 (C B , C S ) & MAC integrity keys (I B , I S ) • One pair to use in each direction • Done by seeding a pRNG in common between the browser and the server: 
 Repeated calls to the pRNG then create the common keys 11

  12. HTTPS Connection (SSL / TLS), cont. Computer Science 161 Fall 2016 Popa and Weaver • For RSA, browser constructs “Premaster Secret” PS Amazon Browser Server • Browser sends PS encrypted using Amazon’s public Here ’ s my cert RSA key KAmazon ~2-3 KB of data • Using PS, R B , and R S , browser & server derive symm. PS cipher keys 
 {PS} K Amazon (C B , C S ) & MAC integrity keys (I B , I S ) M A C ( PS d i • One pair to use in each direction a l o g , I B ) • Browser & server exchange MACs computed over MAC( dialog ,I S ) entire dialog so far • If good MAC, Browser displays { M 1 , M A C ( M 1 • All subsequent communication encrypted w/ , I B ) } CB symmetric cipher (e.g., AES128) cipher keys, MACs {M 2 , MAC(M 2 ,I S )} CS • Sequence #’s thwart replay attacks 12

  13. Alternative: Key Exchange via Di ffi e-Hellman Computer Science 161 Fall 2016 Popa and Weaver • For Di ffi e-Hellman, server generates random Amazon Browser Server a mod p a, sends public parameters and g Here ’ s my cert • Signed with server’s private key ~2-3 KB of data • Browser verifies signature {g, p, g a mod p} K-1 n o a z m A • Browser generates random b, computes PS = PS g b mod p ab mod p, sends g b mod p to server g M A C • Server also computes 
 ( PS d i a l o g , I B ) ab mod p PS = g MAC( dialog ,I S ) • Remainder is as before: from PS, R B , and R S , browser & server derive symm. cipher keys { M 1 , M A C ( M 1 , I B (C B , C S ) and MAC integrity keys (I B , I S ), etc… ) } CB … 13

  14. Big Changes for TLS 1.3 
 Di ffi e/Hellman and ECDHE only Computer Science 161 Fall 2016 Popa and Weaver • The RSA key exchange has a substantial vulnerability • If the attacker is ever able to compromise the server and obtain its RSA key… 
 the attacker can decrypt any tra ffi c captured • RSA lacks forward secrecy • So TLS 1.3 uses DHE/ECDHE only • TLS 1.3 also speeds things up: • In the client hello, the client includes {g b mod p} for preferred parameters • If the server finds it suitable, the server returns {g a mod p} • Saves a round-trip time 14

  15. But What About that 
 “Certificate Validation” Computer Science 161 Fall 2016 Popa and Weaver • Certificate validation is used to establish a chain of “trust” • It actually is an attempt to build a scalable trust framework • This is commonly known as a Public Key Infrastructure (PKI) • Your browser is trusting the “Certificate Authority” to be responsible… 15

  16. Certificates Computer Science 161 Fall 2016 Popa and Weaver • Cert = signed statement about someone’s public key • Note that a cert does not say anything about the identity of who gives you the cert • It simply states a given public key K Bob belongs to Bob … • … and backs up this statement with a digital signature made using a di ff erent public/private key pair, say from Verisign (a “Certificate Authority”) • Bob then can prove his identity to you by you sending him something encrypted with K Bob … • … which he then demonstrates he can read • … or by signing something he demonstrably uses • Works provided you trust that you have a valid copy of Verisign’s public key … • … and you trust Verisign to use prudence when she signs other people’s keys 16

  17. Validating Amazon’s Identity Computer Science 161 Fall 2016 Popa and Weaver • Browser compares domain name in cert w/ URL • Note: this provides an end-to-end property 
 (as opposed to say a cert associated with an IP address) • Browser accesses separate cert belonging to issuer • These are hardwired into the browser – and trusted ! • There could be a chain of these … • Browser applies issuer’s public key to verify signature S , obtaining the hash of what the issuer signed • Compares with its own SHA-1 hash of Amazon’s cert • Assuming hashes match, now have high confidence it’s indeed Amazon’s public key … • assuming signatory is trustworthy, didn’t lose private key, wasn’t tricked into signing someone else’s certificate, and that Amazon didn’t lose their key either… 17

  18. End-to-End ⇒ Powerful Protections Computer Science 161 Fall 2016 Popa and Weaver • Attacker runs a sni ff er to capture our WiFi session? • But: encrypted communication is unreadable • No problem! • DNS cache poisoning? • Client goes to wrong server • But: detects impersonation • No problem! • Attacker hijacks our connection, injects new tra ffi c • But: data receiver rejects it due to failed integrity check since all communication has a mac on it • No problem! • Only thing a full man-in-the-middle attacker can do is inject RSTs, inject invalid packets, or drop packets: limited to a denial of service 18

  19. Validating Amazon’s Identity, cont. Computer Science 161 Fall 2016 Popa and Weaver • Browser retrieves cert belonging to the issuer • These are hardwired into the browser – and trusted! • But what if the browser can’t find a cert for the issuer? 19

  20. Computer Science 161 Fall 2016 Popa and Weaver 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

Transport Layer Transport Layer Chapter 3: Transport Layer Mobile network Our goals: Global ISP understand principles learn about transport Chapter 3 behind transport layer protocols in the Transport Layer Internet: layer

678 views • 5 slides
1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

Transport Layer Transport Layer Outline Mobile network Transport-layer Connection-oriented Global ISP services transport: TCP Transport Layer Multiplexing and segment structure Home network demultiplexing reliable data

264 views • 5 slides
Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

528 views • 31 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.91k views • 168 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.96k views • 165 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Three-Way Handshake (3) Suppose delayed, duplicate Active

709 views • 50 slides
Introduction to Network Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson -

Introduction to Network Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson -

Introduction to Network Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data. TCP

912 views • 64 slides
SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common standards for securing network applications in Internet E.g., web browsing Essentially, standards to negotiate, set up, and apply crypto

2.93k views • 13 slides
Transport Where we are in the Course Moving on up to the Transport Layer! Application

Transport Where we are in the Course Moving on up to the Transport Layer! Application

Transport Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSEP 561 University of Washington 2 Recall Transport layer provides end-to-end connectivity across the network

1.5k views • 148 slides
Network layer (IP) Network layer Transport segment from sending to receiving host Network

Network layer (IP) Network layer Transport segment from sending to receiving host Network

Network layer (IP) Network layer Transport segment from sending to receiving host Network layer protocols in every host, router Many historical examples, but only one really matters Network layer functions 1. Connection setup 5.

1.56k views • 113 slides
1 Network Layer Network Layer Recall: Circuit Switching vs. Packet Interplay between routing

1 Network Layer Network Layer Recall: Circuit Switching vs. Packet Interplay between routing

Network Layer Network Layer Chapter 4: Network Layer Mobile network Chapter goals: Global ISP understand principles behind network layer Network Layer services: Home network network layer service models Regional ISP forwarding

550 views • 3 slides
ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition

ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition

ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition Application Layer Transport Layer Network Layer Link Layer Physical Layer 2 Application Layer Transport Layer Network Layer Link Layer

903 views • 51 slides
5 Network Layer Network Layer Network Layer Network Layer Example: Choosing among multiple ASes

5 Network Layer Network Layer Network Layer Network Layer Example: Choosing among multiple ASes

Network Layer Network Layer Network Layer Network Layer Network Layer Comparison of LS and DV algorithms Message complexity Robustness: what happens 1 Introduction 5 Routing algorithms if router malfunctions? LS: with n nodes, E

325 views • 4 slides
Network Layer Where we are in the Course Moving on up to the Network Layer! Application

Network Layer Where we are in the Course Moving on up to the Network Layer! Application

Network Layer Where we are in the Course Moving on up to the Network Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Topics Network service models Datagrams (packets), virtual circuits

524 views • 28 slides
OVERVIEW OF DATA EXPLORATION TECHNIQUES Stratos Idreos, Olga

OVERVIEW OF DATA EXPLORATION TECHNIQUES Stratos Idreos, Olga

OVERVIEW OF DATA EXPLORATION TECHNIQUES Stratos Idreos, Olga Papaemmanouil, Surajit Chaudhuri SIGMOD 2015, Melbourne USER INTERACTION express collaborate

1.26k views • 86 slides
OpenWrt: 10 years of fun with Embedded Devices Felix Fietkau <nbd@openwrt.org> December 27,

OpenWrt: 10 years of fun with Embedded Devices Felix Fietkau <nbd@openwrt.org> December 27,

10 years of OpenWrt Current development OpenWrt and the Embedded Linux Ecosystem OpenWrt: 10 years of fun with Embedded Devices Felix Fietkau <nbd@openwrt.org> December 27, 2013 Felix Fietkau <nbd@openwrt.org> OpenWrt: 10 years of

219 views • 17 slides
IAPT Demand and Capacity Workshop 12 th May 2016 Andy Wright, IAPT Clinical Advisor, Rebecca

IAPT Demand and Capacity Workshop 12 th May 2016 Andy Wright, IAPT Clinical Advisor, Rebecca

Yorkshire and the Humber Mental Health Network IAPT Demand and Capacity Workshop 12 th May 2016 Andy Wright, IAPT Clinical Advisor, Rebecca Campbell, Quality Improvement Manager and Sarah Boul, Quality Improvement Lead

1.01k views • 83 slides
A GROPEDIA : AN EXAMPLE BACKEND Indian Institute of Technology Kanpur Commonwealth of Learning

A GROPEDIA : AN EXAMPLE BACKEND Indian Institute of Technology Kanpur Commonwealth of Learning

A GROPEDIA : AN EXAMPLE BACKEND Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver MOOC on M4D 2013 T.V. Prabhakar IIT Kanpur MOOC on M4D 2013 What is agropedia? The Backend of services related to agriculture

367 views • 13 slides
No Reservations: A First Look at Amazons Reserved Instance Marketplace Pradeep Ambati, David

No Reservations: A First Look at Amazons Reserved Instance Marketplace Pradeep Ambati, David

No Reservations: A First Look at Amazons Reserved Instance Marketplace Pradeep Ambati, David Irwin, and Prashant Shenoy University of Massachusetts Amherst Cost vs. Risk Tradeoffs in IaaS Clouds Expensive Cost ( per hour ) On-Demand

676 views • 21 slides
An Empirical Analysis of Algorithmic Pricing on Amazon Marketplace Le Chen, Alan Mislove, Christo

An Empirical Analysis of Algorithmic Pricing on Amazon Marketplace Le Chen, Alan Mislove, Christo

An Empirical Analysis of Algorithmic Pricing on Amazon Marketplace Le Chen, Alan Mislove, Christo Wilson Northeastern University The rise of e-commerce E-commerce Sales over time (US Commerce Department) 400B 300B Sales in Dollar 200B 100B

1.26k views • 111 slides
Amazon Basin-wide fluxes of CO 2 and CH 4 from aircraft vertical profiles ( with support from CO

Amazon Basin-wide fluxes of CO 2 and CH 4 from aircraft vertical profiles ( with support from CO

Amazon Basin-wide fluxes of CO 2 and CH 4 from aircraft vertical profiles ( with support from CO and SF 6 ) John B. Miller, Luciana Gatti, Manuel Gloor, and Luana Basso Amazonian (and tropical) C-cycle is critical to understanding the global

819 views • 24 slides
Probabilistic Forecasting with DeepAR and AWS SageMaker EuroPython 2020 - Probabilistic

Probabilistic Forecasting with DeepAR and AWS SageMaker EuroPython 2020 - Probabilistic

Probabilistic Forecasting with DeepAR and AWS SageMaker EuroPython 2020 - Probabilistic Forecasting 1 with DeepAR and AWS SageMaker DeepAR Yet Another Forecasting Algorithm? EuroPython 2020 - Probabilistic Forecasting 2 with DeepAR and

285 views • 17 slides

More recommend