CSEN 1001
Computer
and
Network
Security
Amr El Mougy
Alaa Gohar
Heba Anwar
**Slides are attributed to William Stallings
Lecture (10)
Internet Security
Internet Security Protocols
and Standards
Secure Sockets Layer (SSL) / Transport Layer
Security (TLS)
IPv4 and IPv6 Security
Secure Sockets Layer (SSL)
Transport layer security service
• originally developed by Netscape
• version 3 designed with public input
Subsequently became Internet standard RFC2246:
Transport Layer Security (TLS)
Use TCP to provide a reliable end-to-end service
May be provided in underlying protocol suite
 Or embedded in specific packages
Secure Sockets Layer (SSL)
SSL identifies two main concepts:
• Session: an association between client
and server that defines security
parameters. Created by the Handshake
Protocol
Handshake
Protocol
Change
Cipher Spec
Protocol
Alert
Protocol
SSL Record Protocol
• Connection: A transport within a
session supporting particular services.
Every connection is associated with one
session
TCP
A client and a server may have more than one connections
within a session
They may also have several sessions but this is not common
HTTP
SSL Record Protocol Services
Message integrity
• using a MAC with shared secret key
Confidentiality
• using symmetric encryption with a shared secret
key defined by Handshake Protocol
• AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza,
RC4-40, RC4-128
• message is compressed before encryption
Record Protocol Operation
SSL Handshake Protocol
Allows server & client to:
• authenticate each other
• to negotiate encryption & MAC algorithms
• to negotiate cryptographic keys to be used
Comprises a series of
messages in phases
1. Establish Security Capabilities
2. Server Authentication and
Key Exchange
3. Client Authentication and Key
Exchange
4. Finish
SSL Handshake
Protocol
Change Cipher Spec Protocol
One of 3 SSL specific protocols which use the
SSL Record protocol
A single message
Causes pending state to become current
Hence updating the cipher suite in use
SSL Alert Protocol
Conveys SSL-related alerts to peer entity
Severity
• warning or fatal
Specific alert
• fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
• warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked, certificate
expired, certificate unknown
Compressed & encrypted like all SSL data
HTTPS
HTTP over SSL or TLS
Uses port 443 instead of port 80
When HTTPS is used, the following are encrypted:
• URL of requested object
•
•
•
•
Contents of object
Contents of browser forms (filled in by user)
Cookies
HTTP header
The client initiates the SSL/TLS session and connection
Once the handshake is complete, the HTTP request can be sent
Multiple TCP connections can be established in one session
IPSec
Scheduled to be integral component of IPv6, optional in
IPv4
Supports strong authentication and encryption at layer 3
Bi-directional tunnel
Packet filtering is
primary access control
method
Requires Public Key
Infrastructure (PKI)
IPSec Uses
IPSec Functionality
 Functionality
• AH (Authentication Header): integrity and authenticity
• ESP (Encrypted Security Payload): confidentiality, optional
authentication & integrity
 Security Association (for each pair of hosts):
determined by destination IP address and the SPI
(Security Parameters Index)
• Specification of the crypto methods to be used by SPI
• Keys to be used by the crypto methods for that SPI
• The hosts and other entities associated with this traffic
 Key Management
• Manual Keying (required)
• Key Management Protocols (in flux)
IPSec Modes

Transport Mode:
•
•
Provides protection to the payload of the packet (everything that
comes after the IP header). Thus, headers are not encrypted
Typically used for end-to-end communications between hosts

Tunnel mode:
•
Provides protection to the whole packet
After AH or ESP headers are added, the entire packet plus the
new headers are encrypted
New outer IP header is then added
Routers in the middle do not read the internal headers
Used when one or both ends of the security association is a
gateway, not a host
•
•
•
•
Security Policy (SP) and Security
Association (SA)
SA is a one-way relationship between sender & receiver
that affords security for traffic flow
Defined by 3 parameters:
• Security Parameters Index (SPI)
• IP Destination Address
• Security Protocol Identifier
Has a number of other
parameters
• seq no, AH & EH info,
lifetime etc.
SP determines how
traffic in an SA is
handled
IP Traffic Processing
IPSec Architecture
Outbound Packets
Inbound Packets
Authentication Header
Provides data integrity and authentication
 Prevents source address spoofing
 Based on MAC
 Scope covers payload and parts of the IP header

Encapsulating Security Payload Header



Provides confidentiality and optional integrity
Based on symmetric encryption techniques (AES)
Scope depends on transport or tunnel modes
Combining Security Associations
Whatsapp End-to-End Encryption
Link encryption: data is visible to the server
End-to-end encryption: data is encrypted in the server
Whatsapp End-to-End Encryption
New encryption system supports regular and
group chats, images, videos, voice messages,
files, and voice calls
At the center of this system is the new “Signal
Protocol” developed by Open Whisper Systems
Even if a user’s key is physically compromised
from a device, an attacker cannot decrypt
previously encrypted messages
The Signal Protocol: Keys
Each user has three types of public keys:
• Long-term identity key generated at installation
• Medium-term key generated at installation and rotated periodically. The
medium-term key is signed by the identity key
• One-time key: generated as needed
In addition, there are three types of session keys:
• Root key: 32-byte value used to create chain keys
• Chain key: 32-byte value used to create message keys
• Message key: 80-byte value used to encrypt messages. Out of these 80
bytes, 32 are used for AES 256, another 32 are used for HMAC-SHA256,
and 16 bytes IV
The Signal Protocol: Operation
At registration time, the client sends the public
identity key, public medium-term key (signed by
the private identity key) , and a set of one-time
keys
The private keys are never sent
To chat with someone you need to establish a
session (any open whatsapp chat is a session)
A session does not need to be re-established
unless the app is re-installed
The Signal Protocol: Operation
To establish a session, the initiator requests the public
keys of the recipient from the server (identity key,
signed medium term key, and one of the stored onetime keys)
Once the server returns those keys, the initiator
generates a new key and uses its own identity key in
addition to the recipient’s public keys to calculate a
master secret.
The master secret is then used to create a root key and
a chain key (using an algorithm similar to Diffie Hellman)
The Signal Protocol: Operation
Now, the initiator can start sending messages to the
recipient, even if he/she is offline
To establish the session at the receiving end, the
initiator inserts all values necessary for the receiver to
calculate the root and chain keys in the header of all
messages
The receiver uses this information together with its own
private keys to calculate the master secret
The master secret is used as input to the key-derivation
function to calculate the root and chain keys
The Signal Protocol: Operation
Each message is encrypted with a message key that
includes AES256 encryption and HMAC-SHA256 for
integrity and authentication
Each time a new message needs to be sent, a new
message key is derived from the chain key
The message key cannot be derived from the message
The chain key is also rotated every time a message is
sent
The Signal Protocol: Special Functions
 To transmit media, the sender first saves it in an encrypted cloud
store
 The sender then sends an encrypted pointer to the receiver to
download the media
 Group messages in whatsapp are disseminated using server-side
fan out (message is copied N times)
 Pairwise sessions are created between all members of the group
 Each of these session has a different chain key used to create
message keys
 Thus, the sender encrypts the message N times (one for each
member) and the server sends them
 Calls are established using encrypted RTP