CS G254/U645 11/20/07
IPSec & Secure Email
Problem one server emulating many hosts
Q. How does a server hosting many different pages differentiate between them in http?
A. Host headers. Host headers have the host name inside of them. Http GET (host www.google.com). Server uses this to respond.
How does this work in https? SSL/TLS is broken
Browser Server
(Cert 1, Cert 2, etc.)
SSL Handshake ----------->
The SSL handshake requires a cert, but the hostname isn't given until HTTP, so the server doesn't know which cert to send back. This is solved by having different ip addresses on the same computer. Appropriate IP addresses are handed out at dns time.
SSL/TLS Stack:
IPSec Stack:
VPN (Virtual Private Network)
Allows computers to send packets as if on a local area network.
VPNs can be based on IPSec or SSL/TLS
IPSec requires a change to the operating system, whereas SSL/TLS requires applications to have SSL/TLS support.
SSL/TLS packet: IP Header (src IP, dst IP, TTL, Protocol:TCP, TCP seqnum), Payload
IPSec packet: IP Header (src IP, dst ip, TTL), IPSec (encrypted header), Encrypted Payload
Because of the TCP SeqNum, SSL/TLS is vulnerable to Rogue Packet DoS. If an attacker imitates a TCP packet with the next SeqNum, the SSL/TLS layer will throw away the byte-sequence, of which the rogue packet is a part, because it isn't encrypted properly and so will fail integrity checks, however when the real packet arrives TCP will throw it away since it had already processed a packet with the same sequence number.
This wouldn't work in IPSec, because the rogue packet would fail integrity checks in the IPSec layer and so would get thrown away at that layer, and never make it to the TCP layer, and so wouldn't affect valid conversations.
This attack is rather rare due to it being complicated, and not maliciously harmful (it only is a DoS, it doesn't get any private information, or change anything).
IPSec
vs. SSL/TLs
|
Below TCP |
Above TCP |
|
Requires OS Modification |
Only App modification |
|
Checks integrity on per-packet basis |
Vulnerable to rogue packet DoS |
|
Current API broken only passes applications IP information, not user information. |
App Level auth certs/login |
|
Cheap outboard device |
Expensive outboard device |
IPSec -> IKE (Internet key exchange) used for handshaking
-> AH/ESP (Authentication Headers/ Encapsulating Security Payload) used for encryption of packet.
Advantages of IPSec:
IKE supports a much richer suite
IPSec supports puzzles
Modes:
Transport mode (end to end mode), used by road warriors.
[ IP header ] [ IPSec header ] [ Encrypted payload]
Tunnel mode (VPNs between branch offices).
[ new IP header ] [ IPSec header ] [ Encapsulation: ( IP header | Payload ) ]
Secure Email
~ 80 billion emails a day. 60% of which is spam
Mechanics:
MTA (Mail Transfer Agents) Relays: (Open Relays)
provides fault tolerance
provide anonymity
provide translation services
provide trust chains
Mail lists:
Local explosion: sender contacts mailserver, gets list & sends to each one on the list.
Remote explosion: sender sends mail to mail server, and then mail server sends to everyone in the list.
Advantages:
|
Local |
Remote |
|
Less load on server |
Can have private/anonymous emails |
|
Don't need to rely on server to do right thing |
Maintains fresh list |
|
Can avoid cyclic lists |
Saves bandwidth |
Secure Email:
A is sending to B
{ } - encryption
[ ] = signing
{M [M]A}B (public key way)
Efficient way:
{S}B [h(M)]A
{M}S
But this can be used (against A) by B in a court of law.
Puzzle: how can A get plausible deniability?
Consider {S, [S]A}B {M}S, B has the secret key S, and could insert his own message and encrypt it using S, thus giving A plausible deniability.
Models of key distribution:
|
PGP (Pretty good privacy) |
SMIME (Secure Multimedia) |
|
Anarchy model. Keys/roots installed by user |
Web model |
|
Trust chaining |
CA (Verisign)'s key embedded in client & everyone uses certs |