16

Cyber Security and Cryptography

Hashing1.1 Cyber Security1.2 Intrusion Detection and Prevention Systems1.3 Firewalls2.1 Encoding Formats2.1 Ciphers and Fundamentals2.1 Public key, private key and key exchange2.2 Authentication and Hashing2.3 Digital Certificates3.1 Network Forensics3.2 Penetration Testing3.3 Malware Analysis3.3 Attack Analysis4.1 Tunneling4.2 Authentication, Identity and TrustBotnet Coursework

4.1 Tunneling

Week 4 Day 1 - Tunneling

Last Update Unknown

Tunneling

  • Most of the communications channels are not secure (the Internet included)
  • Various protocols exist to make them more secure
  • The terminology is that they establish a secure “tunnel” (Going through an otherwise insecure medium)
  • The most successful so far are IPSec and SSL/TLS (there used to be others like PPTP and L2TP)


The general operation is:

  1. Establish a connection
  2. Exchange a key securely, through the insecure communication medium (that’s the challenge)
  3. Use the key to encrypt subsequent communication

SSL/TLS

  • Secures communication at the “Transport Layer”
    • This is Layer 6/7 (Session/Application) of the OSI model
  • Does not protect headers of lower layers
  • Uses a PKI (x.509) to agree a shared key
  • Requires compatible applications
  • Offers end-to-end security for a single application/program
  • Does not (typically) protect DNS
    • Eve can know which websites were visited
  • Has two names:
    • SSL: Secure Sockets Layer (the original name)
    • TLS: Transport Layer Security (current name)
  • HTTPS, SSH, SFTP and others are TLS-enabled L7 protocols of equivalent plaintext protocols (HTTP, Telnet, FTP)

VPNs & IPSec

PPTP (Point-to-point Tunneling Protocol). Created by Microsoft and is routable. It uses MPPE (Microsoft Point-to-point Encryption) and user authentication.


L2TP (Layer 2 Tunneling Protocol). Works at Layer 2 to Forward IP, IPX and AppleTalk (RFC2661). Cisco, Microsoft, Ascent and 3Com developed it. User and machine authentication, but no encryption (but can be used with L2TP over IPSec).


IPSec. An open standard. Includes both encryption and Authentication.

Warning: PPTP and L2TP are potentially insecure. They definitely need careful configuration, especially on the selection of ciphers.

For IPSec (one of the most popular tunnelling methods):

  • UDP Port 500 is the key exchange port. If it is blocked there can be no tunnel.
  • TCP Port 50 for IPSec ESP (Encapsulated Security Protocol).
  • TCP Port 51 for IPSec AH (Authentication Header)

IPSec

  • Secures communication at the Network Layer (OSI L3)
  • Protects plenty of layers above it (L4, L5, L6, L7)
  • Does not require a PKI
  • Does not require compatible applications
  • Creates a route-level tunnel
    • A whole IP range is protected (possibly the whole internet)
  • It cannot be passed through NAT firewalls
    • TCP headers are needed by NAT but are encrypted by IPSec
  • The L3 itself is not always fully encrypted

VPN does not cover everything.

IPSec vs TLS

The two have quite a few differences, the main one is a different “scope”.

The protected layers above them are different.

The fact that a connection to the VPN server is made is given away. The network layer is not fully protected.

Other tunnels

VPN to internet gateway

Connect to a VPN server routing traffic to the internet

Popular with home users

  • For accessing restricted sites and content
  • For hiding their activity (only the VPN server knows)

Note that an adversary can still sniff traffic after the VPN.

Tor

Tor: Onion Routing

Onion Routing, used by Tor, was developed in mid-1990s by US Naval Research Lab. Packets are tunneled through onion nodes who also employ successive layers of encryption (with keys exchanged at route set-up time). Tor nodes do not log any information and may belong to different jurisdictions, making it extremely difficult for the authorities to trace packets. In contrast with typical VPN providers.

There is a very important vulnerability due to:

  1. Anyone can be a node
  2. Exit nodes have access to the original communication

If the original comm is plaintext, Eve can sniff data just by setting up an exit node and a sniffer.


Summary:

- Being an exit node can get you in trouble

- Do not use Tor protocols without end-to-end encryption

Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).


The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.