Dr.

B Lakshmi Narayana Reddy/Cryptography and Network Security

UNIT-V: Transport Level Security and Firewalls

PART-A
Transport Level Security: Web Security Requirements, Transport Layer Security (TLS), HTTPS, Secure Shell (SSH).
PART-B
Firewalls: Firewall Characteristics and Access Policy, Types of Firewalls, Firewall Location and Configurations.
5.1 Transport Level Security
Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a computer network. It ensures the privacy and
integrity of data exchanged between two systems, typically a client (such as a web browser) and a server (such as a website). TLS is the successor to
the older Secure Sockets Layer (SSL) protocol.
5.1.1 Web Security Requirements
Web security is crucial for safeguarding websites, web applications, and user data from unauthorized access, modification, or breaches.
Top Web Security Threats:
Web security threats are constantly emerging and evolving, but many threats consistently appear at the top of the list of web security threats. These
include:
 Cross-site scripting (XSS)
 SQL Injection
 Phishing
 Ransomware
 Code Injection
 Viruses and worms
 Spyware
 Denial of Service
Security Considerations:
 Keep software updated: This prevents hackers from exploiting known vulnerabilities.
 Beware of SQL injection: Don't insert raw code into queries.
 Prevent cross-site scripting (XSS): Validate and sanitize user inputs.
 Handle error messages carefully: Avoid revealing sensitive information.
 Validate data on both server and client: Ensure data integrity and prevent malicious input.
 Use strong passwords: Enforce complexity requirements to prevent brute-force attacks.
Table below provides a summary of the types of security threats faced when using the Web.

Web Traffic Security Approaches:

A number of approaches to provide Web security are possible. The various approaches that have been considered are similar in the services they
provide and, to some extent, in the mechanisms that they use, but they differ with respect to their scope of applicability and their relative location
within the TCP/IP protocol stack.
One way to provide Web security is to use IP Security. The advantage of using IPsec is that it is transparent to end users and applications and provides
a general-purpose solution. Further, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing.
Location of Security Facilities in the TCP/IP Protocol Stack

Another relatively general-purpose solution is to

implement security just above TCP. The foremost
example of this approach is the Secure Sockets
Layer (SSL) and the follow-on Internet standard
known as Transport Layer Security (TLS). At this
level, there are two implementation choices. For full
generality, SSL (or TLS) could be provided as part of
the underlying protocol suite and therefore be
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
transparent to applications. Alternatively, SSL can be embedded in specific packages. For example, Netscape and Microsoft Explorer
browsers come equipped with SSL, and most Web servers have implemented the protocol.
5.1.2 Transport Layer Security (TLS)
Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication between a client and a server on the
Internet. TLS is the successor to Secure Sockets Layer (SSL), and it is the most widely used security protocol for web traffic.
TLS is an IETF standardization initiative whose goal is to produce an Internet standard version of SSL.
Version Number: The TLS Record Format is the same as that of the SSL Record Format, and the fields in the header have the same meanings.

Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment.
Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3.
Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0.
Compressed Length (16 bits): The length in bytes of the plaintext fragment (or compressed fragment if
compression is used). The maximum value is 214 + 2048.
The content types that have been defined are change_cipher_spec, alert, handshake, and application_data.
The one difference is in version values. For the current version of TLS, the major version is 3 and
the minor version is 3.

Message Authentication Code: There are two differences between the SSLv3 and TLS MAC schemes: the actual algorithm and the scope of the MAC
calculation. TLS makes use of the HMAC algorithm.
HMACK(M)= H[(K+ ⊕ opad)||H[(K+ ⊕ ipad)||M]]
Where,
H = embedded hash function (for TLS, either MD5 or SHA-1).
M = message input to HMAC.
K+ = secret key padded with zeros on the left so that the result is equal to the block length of the hash code
(for MD5 and SHA-1, block length = 512 bits).
ipad = 00110110 (36 in hexadecimal) repeated 64 times (512 bits).
opad = 01011100 (5C in hexadecimal) repeated 64 times (512 bits).
SSLv3 uses the same algorithm, except that the padding bytes are concatenated with the secret key rather than being XORed with the secret key
padded to the block length.
For TLS, the MAC calculation encompasses the fields indicated in the following expression:
MAC(MAC_write_secret,seq_num||TLSCompressed.type||TLSCompressed.version||TLSCompressed.length||TLSCompressed.fragment).

The MAC calculation covers all of the fields covered by the SSLv3 calculation, plus the field TLSCompressed.version,
which is the version of the protocol being employed.
Pseudorandom Function: TLS makes use of a pseudorandom function referred to as PRF to expand secrets into blocks of data for purposes of key
generation or validation.
The PRF is based on the data expansion function given as,
P_hash(secret,seed)= HMAC_hash(secret,A(1)||seed)||HMAC_hash(secret, A(2)||seed)|| HMAC_hash(secret,
A(3) || seed) ||...
where A() is defined as
A(0) = seed
A(i) = HMAC_hash(secret, A(i – 1))
Figure below shows TLS Function P_hash(secret, seed):

The data expansion function makes use of the HMAC algorithm with either MD5 or
SHA-1 as the underlying hash function.
To make PRF as secure as possible, it uses two hash algorithms in a way that should
guarantee its security if either algorithm remains secure. PRF is defined as:
PRF(secret, label, seed) = P_hash(S1,label || seed)
PRF takes as input a secret value, an identifying label, and a seed value and
produces an output of arbitrary length.
Alert Codes: TLS supports all of the alert codes defined in SSLv3 with the exception
of no_certificate. A number of additional codes are defined in TLS;
 record_overflow: A TLS record was received with a payload (ciphertext) whose
length exceeds 214+2048 bytes, or the ciphertext decrypted to a length of greater
than 214+2048 bytes.
 unknown_ca: A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not be located or
could not be matched with a known, trusted CA.

 access_denied: A valid certificate was received, but when access control was applied, the sender decided not to proceed with the
negotiation.
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
 decode_error: A message could not be decoded, because either a field was out of its specified range or the length of the message was
incorrect.
 protocol_version: The protocol version the client attempted to negotiate is recognized but not supported.
 insufficient_security: Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers
more secure than those supported by the client.
 unsupported_extension: Sent by clients that receive an extended server hello containing an extension not in the corresponding client
hello.
 internal_error: An internal error unrelated to the peer or the correct ness of the protocol makes it impossible to con nue.
 decrypt_error: A handshake cryptographic operation failed, including being unable to verify a signature, decrypt a key exchange, or validate
a finished message.
The remaining alerts include the following.
 user_canceled: This handshake is being canceled for some reason unre lated to a protocol failure.
 no_renegotiation: Sent by a client in response to a hello request or by the server in response to a client hello after initial handshaking.
Either of these messages would normally result in renegotiation, but this alert indicates that the sender is not able to renegotiate. This
message is always a warning.
Cipher Suites:
There are several small differences between the cipher suites available under SSLv3 and under TLS:
 Key Exchange: TLS supports all of the key exchange techniques of SSLv3 with the exception of Fortezza.
 Symmetric Encryption Algorithms: TLS includes all of the symmetric encryption algorithms found in SSLv3, with the exception of Fortezza
Client Certificate Types: TLS defines the following certificate types to be requested in a certificate_request
message: rsa_sign, dss_sign, rsa_fixed_dh, and dss_fixed_dh. These are all defined in SSLv3. In addition, SSLv3 includes
rsa_ephemeral_dh, dss_ephemeral_dh, and fortezza_kea.
certificate_verify and Finished Messages: In the TLS certificate_verify message, the MD5 and SHA-1 hashes are calculated only over
handshake_messages.
As with the finished message in SSLv3, the finished message in TLS is a hash based on the shared master_secret, the previous handshake messages,
and a label that identifies client or server. The calculation is somewhat different. For TLS, we have
PRF (master_secret,finished_label, MD5(handshake_messages)|| SHA-1(handshake_messages))
where finished_label is the string “client finished” for the client and “server finished” for the server.

Cryptographic Computations: The pre_master_secret for TLS is calculated in the same way as in SSLv3.As in SSLv3, the master_secret in TLS is
calculated as a hash function of the pre_master_secret and the two hello random numbers. The form of the TLS calculation is different from that of
SSLv3 and is defined as
master_secret= PRF(pre_master_secret,"master secret",ClientHello.random||ServerHello.random)
The algorithm is performed until 48 bytes of pseudorandom output are produced. The calculation of the key block material (MAC secret keys, session
encryption keys, and IVs) is defined as
key_block = PRF(master_secret, "key expansion", SecurityParameters.server_random || SecurityParameters.client_random)

until enough output has been generated.

As with SSLv3, the key_block is a function of the master_secret and the client and server random numbers, but for TLS, the actual algorithm
is different.

5.1.3 HTTPS
HTTPS stands for Hyper Text Transfer Protocol Secure. HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server. HTTPS uses the Secure Socket Layer (SSL) and Transport Layer Security (TLS).
When HTTPS is used, the following elements of the communication are encrypted:
 URL of the requested document
 Contents of the document
 Contents of browser forms (filled in by browser user)
 Cookies sent from browser to server and from server to browser
 Contents of HTTP header
5.1.3.1 Connection Initiation:
1. Client Initiation:
a. The client initiates a connection to the server on the appropriate port (usually port 443 for HTTPS).
b. Sends the TLS ClientHello message to begin the TLS handshake.
2. TLS Handshake:
a. This is a process where the client and server establish a secure connection.
b. It involves a series of messages exchanged between the client and server to negotiate parameters, exchange cryptographic
information, and agree on a shared secret key.
c. Once the TLS handshake is complete, the communication channel is secured.
 Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
3. HTTP Request:
a. After the TLS handshake, the client can initiate the first HTTP request.
b. All subsequent HTTP data is sent as TLS application data.
c. Normal HTTP behavior, including retained connections, should be followed within the secured TLS connection.
4. Levels of Awareness:
a. At the HTTP level, an HTTP client requests a connection to an HTTP server.
b. This request is sent to the next lowest layer, which can be TCP or TLS/SSL.
c. At the TLS level, a session is established between the TLS client and server, supporting one or more connections.
5. TCP Connection:
a. The TLS request to establish a connection begins with the establishment of a TCP connection between the client and server's TCP
entities.
5.1.3.2 Connection Termination:
1. HTTP Record: Connection: close:
 An HTTP record may include the header Connection: close.
 This indicates that the connection should be closed after the current request/response cycle.
2. Close_notify Alert:
 This is a specific TLS alert message.
 Indicates that the sender is going to close the connection.
 Part of the TLS protocol to gracefully close the secure connection.
3. Connection: close Header:
 An HTTP header that can be used to signal that the connection should be closed.
HTTPS involves the initiation of a secure connection through the TLS handshake after the client initiates a connection. The secured connection
follows normal HTTP behaviour. Connection closure can be indicated through HTTP headers and TLS alerts, ensuring a graceful termination of the
secure connection.

5.1.4 Secure Shell (SSH)

Secure Shell (SSH) is a cryptographic network protocol used for secure remote access and file transfer over a network.

SSH1 was the first version of the Secure Shell protocol, released in 1996. It was designed to provide a secure remote logon facility to replace TELNET,
which was considered to be insecure. SSH1 uses a number of cryptographic algorithms, including RSA, DSS, and Blowfish. However, SSH1 has some
known security vulnerabilities, and it is no longer considered to be secure for most purposes.

SSH2 is the current version of the Secure Shell protocol, released in 2006. It was designed to address the security vulnerabilities of SSH1. SSH2 uses a
number of stronger cryptographic algorithms, including Diffie-Hellman key exchange, AES, and SHA-2. SSH2 is also more flexible than SSH1, and it
supports a wider range of features, such as port forwarding and X11 forwarding.

SSH is organized as three protocols that typically run on top of TCP. Figure below shows SSH Protocol stack:

1. SSH Transport Layer Protocol (SSH-TRANS): This protocol is responsible for providing a
secure communication channel between the client and server. It establishes a secure connection
using public-key cryptography and symmetric encryption.
2. SSH User Authentication Protocol (SSH-AUTH): This protocol is responsible for
authenticating the client to the server. It supports a variety of authentication methods, including
passwords, public-key authentication, and keyboard-interactive authentication.
3. SSH Connection Protocol (SSH-CONNECT): This protocol is responsible for multiplexing
multiple logical channels over the secure connection established by SSH-TRANS. This allows for
multiple concurrent sessions, such as a remote shell session and a file transfer session, to be run
over a single TCP connection.

SSH Packet Format: Each SSH packet consists of a header and a payload.
->SSH Header Format: The header contains information about the packet type, length, and other control fields, while the payload carries the actual
message content.
 Header Structure:
1. Packet length (4 bytes): Indicates the total length of the packet, including the header, payload, and MAC.
2. Packet type (1 byte): Identifies the type of message being conveyed, such as SSH_MSG_KEX_INIT for key exchange initiation or
SSH_MSG_USERAUTH_REQUEST for user authentication.
3. Padding length (1 byte): Specifies the amount of padding added to the packet to ensure a minimum packet size for efficient data transfer.
4. Payload (variable length): Contains the actual message content, which is specific to the packet type.
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
5. MAC (variable length): A message authentication code generated using a shared secret key, ensuring data integrity and preventing
tampering.
->SSH Message Format: Within the payload of each packet, SSH messages follow a structured format to encapsulate specific information for various
communication tasks. The format typically includes fields for message type, sequence number, and message-specific data.
 Message Structure:
1. Message type (1 byte): Identifies the type of message within the payload, such as SSH_MSG_DISCONNECT for connection termination
or SSH_MSG_CHANNEL_EOF for closing a channel.
2. Sequence number (4 bytes): A unique identifier for the message, ensuring message order and preventing duplicate or out-of-order
messages.
3. Message-specific data (variable length): Contains the message-specific data relevant to the message type, such as user authentication
credentials or channel data.
Figure below shows SSH Transport Layer Protocol Packet Formation: Figure below shows SSH Transport Layer Protocol Packet Exchanges:

Figure below shows SSH Transport Layer Cryptographic Algorithms:

Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
Figure below shows SSH Transport Layer Packet Exchanges:

Figure illustrates the basic concept behind port forwarding. We have a client
application that is identified by port number x and a server application
identified by port number y.

To secure this connection, SSH is configured so that the SSH Transport Layer
Protocol establishes a TCP connection between the SSH client and server
entities with TCP port numbers and, respectively. A secure SSH tunnel is
established over this TCP connection.
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
5.2 Firewalls
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts
as a barrier between a trusted network, such as a corporate or home network, and an untrusted network, such as the Internet. Firewalls can be
hardware devices, software applications, or a combination of both. They are designed to prevent unauthorized access to a network, protect against
malicious software, and filter out unwanted traffic.

5.2.1 Need for Firewalls:

Information systems in corporations, government agencies, and other organizations have undergone a steady evolution. The following are notable
developments:
 Centralized data processing system, with a central mainframe supporting a number of directly connected terminals
 Local area networks (LANs) interconnecting PCs and terminals to each other and the mainframe
 Premises network, consisting of a number of LANs, interconnecting PCs, servers, and perhaps a mainframe or two
 Enterprise-wide network, consisting of multiple, geographically distributed premises networks interconnected by a private wide area network
(WAN)
 Internet connectivity, in which the various premises networks all hook into the Internet and may or may not also be connected by a private
WAN

Firewalls are essential for protecting networks for several reasons:

 Unauthorized Access: Firewalls can prevent unauthorized users from accessing a network and its resources. They can block malicious attacks,
such as phishing attempts and hacking attempts, that aim to gain unauthorized access to sensitive data.
 Malicious Software: Firewalls can filter out malicious software, such as viruses, worms, and Trojan horses, that can infect computers and
spread through a network. They can block traffic associated with known malicious software and prevent it from reaching devices on the
network.
 Unwanted Traffic: Firewalls can filter out unwanted traffic, such as spam emails, advertisements, and pop-up windows, that can clog up a
network and slow down its performance. They can block traffic based on its source, destination, or content.

5.2.2 Firewall Characteristics and Access Policy

Design goals for a firewall:
 All traffic must flow through the firewall.
 Only authorized traffic, defined by policy, can pass.
 The firewall must be resistant to penetration.
Following is the list of four general techniques that firewalls use to control access and enforce the site’s security policy.
1. Service control: Regulates the types of internet services that can be accessed inbound or outbound. This can be done by:
 Filtering: Funnelling traffic based on IP address, protocol, or port number.
 Proxying: Using proxy software to receive and interpret each service request before passing it on.
 Hosting: Hosting the server software itself, such as a web or mail server.
2. Direction control: Determines the direction in which service requests may be initiated and allowed to flow through the firewall. This includes:
 Inbound traffic control: Blocking or allowing incoming requests based on their source and service requested.
 Outbound traffic control: Limiting the types of traffic that can be sent from the internal network to the outside world.
3. User control: Manages or authorizes access to specific services based on the user attempting to access them. This can involve:
 Authentication: Requiring users to provide credentials before accessing certain services.
 Authorization: Granting access based on user roles, permissions, and other factors.
4. Behaviour control: Monitors and regulates how particular services are used. This includes:
 Content filtering: Blocking specific content, such as malware, phishing attempts, or inappropriate websites.
 Application control: Limiting the functionality of specific applications to prevent unauthorized activities.
 Resource control: Managing the amount of resources that users can consume, such as bandwidth or CPU time.
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
The following capabilities are within the scope of a firewall:
1. A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable
services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks. The use
of a single choke point simplifies security management because security capabilities are consolidated on a single system or set of
systems.
2. A firewall provides a location for monitoring security-related events. Audits and alarms can be implemented on the firewall system.
3. A firewall is a convenient platform for several Internet functions that are not security related. These include a network address
translator, which maps local addresses to Internet addresses, and a network management function that audits or logs Internet usage.
4. A firewall can serve as the platform for IPsec. Using the tunnel mode capability described in Chapter 19, the firewall can be used to
implement virtual private networks.

Firewalls have their limitations, including the following:

1. The firewall cannot protect against attacks that bypass the firewall. Internal systems may have dial-out capability to connect to an ISP.
An internal LAN may support a modem pool that provides dial-in capability for traveling employees and telecommuters.
2. The firewall may not protect fully against internal threats, such as a disgruntled employee or an employee who unwittingly cooperates
with an external attacker.
3. An improperly secured wireless LAN may be accessed from outside the organization. An internal firewall that separates portions of an
enterprise network cannot guard against wireless communications between local systems on different sides of the internal firewall.
4. A laptop, PDA, or portable storage device may be used and infected outside the corporate network, and then attached and used
internally.

5.2.3 Types of Firewalls

A firewall may act as a packet filter. It can operate as a positive filter, allowing to pass only packets that meet specific criteria, or as a negative filter,
rejecting any packet that meets certain criteria. Depending on the type of firewall, it may examine one or more protocol headers in each packet, the
payload of each packet, or the pattern generated by a sequence of packets.
Figure below shows different types of Firewalls:

1. Packet Filtering Firewall:

 Examines individual packets based on their source IP, destination IP, protocol, and port number.
 Allows or denies packets based on predefined rules (positive or negative filtering).
 Simple and efficient, but may not be able to detect complex attacks.
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security
2. Stateful Inspection Firewall:
 Tracks the state of network connections and analyses the entire flow of packets, not just individual packets.
 Can detect and block more sophisticated attacks, such as denial-of-service attacks and application-layer attacks.
 More complex and resource-intensive than packet filtering firewalls.
3. Application Proxy Firewall:
 Acts as an intermediary for all application traffic.
 Intercepts and analyses application data before allowing it to pass through the firewall.
 Provides the highest level of security, but can be expensive and may impact performance.
4. Circuit-Level Proxy Firewall:
 Creates a secure tunnel between the internal network and the external network.
 Forwards only data packets, not control information.
 Provides a good balance of security and performance, but may not be able to detect all types of attacks.

5.2.4 Firewall Location and Configurations

Firewalls are an essential part of any network security strategy. They act as a barrier between your trusted internal network and the untrusted
external network, like the internet.
5.2.4.1 DMZ Network: Internal Firewall and External Firewall
An external firewall sits at the edge of your network, just inside the router that connects to the internet. This firewall protects your entire network
from external threats.

One or more internal firewalls further protect your sensitive data and applications. Between these two firewalls is a DMZ (demilitarized zone) network.

The DMZ network typically hosts devices that need to be

accessible from outside your network, such as web servers or
email servers. These devices are placed in the DMZ to provide
an extra layer of security and prevent attackers from directly
accessing your internal network.

5.2.4.2 Virtual Private Networks (VPNs)

A VPN allows you to securely connect to a remote network over the internet. This is often used by businesses to allow employees to work remotely or
to connect to branch offices.

Firewalls play a crucial role in securing Virtual Private Networks (VPNs). They act as gatekeepers, controlling
and filtering traffic entering and exiting the VPN tunnel. The location of firewalls within a VPN setup can vary
depending on the specific architecture and security requirements. Here are some common locations:
Client-side: In this scenario, a firewall is installed directly on the client device (e.g., laptop, smartphone)
connecting to the VPN. This provides a basic level of protection by filtering traffic before it enters the VPN
tunnel.
Dr. B Lakshmi Narayana Reddy/Cryptography and Network Security

Network Access Server (NAS): The firewall is installed on the NAS, the server that manages user access and authentication for the VPN. This allows for
centralized control and filtering of all VPN traffic.

VPN Gateway: The firewall is integrated into the VPN gateway itself, which acts as the entry point for all VPN traffic. This provides the highest level of
security and control.
Some organizations may choose to implement a hybrid approach,
combining different firewall locations. For example, a client-side
firewall could be used for basic filtering, while a network-based
firewall on the NAS or VPN gateway provides additional security.

5.2.4.3 Distributed Firewalls: Distributed firewalls are a type of firewall that is spread across multiple devices in your network. This provides greater
flexibility and scalability than traditional firewalls.

Distributed firewalls are typically used in large networks with multiple locations. They can be used to improve
performance and reliability, and to make it easier to manage security policies across the entire network.