Applying security principles to networking applications
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

Applying Security Principles to Networking Applications PowerPoint PPT Presentation


  • 42 Views
  • Uploaded on
  • Presentation posted in: General

Applying Security Principles to Networking Applications. Mark Enright [email protected] Dec 08, 2005. What is Security in Computer Development Projects. What are you protecting Why are you protecting it From whom are you protecting it How are you going to protect it

Download Presentation

Applying Security Principles to Networking Applications

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Applying security principles to networking applications

Applying Security Principles to Networking Applications

Mark Enright

[email protected]

Dec 08, 2005


What is security in computer development projects

What is Security in Computer Development Projects

  • What are you protecting

  • Why are you protecting it

  • From whom are you protecting it

  • How are you going to protect it

  • What is the cost of protecting it


Wired access topology

V

V

Wired Access Topology

Internet

Access Device

Local Area Network (LAN)

Wide Area Network (WAN)


Wireless access topology

Wireless Access Topology

Internet

Access Device

Local Area Network (LAN)

Wide Area Network (WAN)


Wireless access topology1

Wireless Access Topology

Internet

Access Device

Local Area Network (LAN)

Wide Area Network (WAN)


Wireless access security complication

Wireless Access Security Complication

  • Physical Access to Local Area Network no longer exists

    • Anyone can intercept your conversations

    • Anyone can utilize your network resources


Security solution for wireless access

Security Solution For Wireless Access

  • Authentication

  • Encryption


Typical solution for wireless access

Typical Solution for Wireless Access

Internet

1) Where is Access Point “MyAP”

2) I am here. Prove you know my secret


Typical solution for wireless access1

Typical Solution for Wireless Access

Internet

3) Here is my proof

4) OK. Here are session keys


So whats the problem

So Whats The Problem?

  • Wireless Access is a huge Consumer Market

  • People are beoming concerned with Wireless Security

  • My GrandMother cant use it


What can we do to help

What Can We Do To Help

  • Make it easy for Grandma to set up Wireless Security


Applying security principles to networking applications

Internet

Step 1. Configure Security Parameters Automatically

SSID: [email protected] 55ID

WPA-PSK: [email protected][email protected]

When Access Point is booted 1st time:

  • Configures Random Secure SSID

  • Configures Random WPA Shared Secret

  • Waits for Wireless Association on Secure SSID


Step 2

Step 2.

  • How Can We Transfer Security Parameters Securely?


Step 2 trial one

Step 2. Trial One

1) Where is my Access Point “Well Known SSID”

SSID: Well Known SSID

Open Authentication

2) Here I am. Come on in


Step 2 trial one1

Step 2. Trial One

3) Give me Security Parameters

SSID: Well Known SSID

Open Authentication

4) Here They Are


Step 2 trial one2

Step 2. Trial One

1) Where is my Access Point [email protected] 55ID”

SSID: [email protected] 55ID

WPA-PSK: [email protected][email protected]

2) I am here. Prove you know my secret


Step 2 trial one3

Step 2. Trial One

3) Here is my proof

SSID: [email protected] 55ID

WPA-PSK: [email protected][email protected]

4) OK. Here are session keys


Step 2 trial one attack

Step 2. Trial One Attack

SSID: Well Known SSID

Open Authentication

1) Where is my Access Point “Well Known SSID”

2) Here I am. Come on in


Step 2 trial one attack1

Step 2. Trial One Attack

SSID: Well Known SSID

Open Authentication

3) Give me Security Parameters

4) Here they are


Step 2 trial two

Step 2. Trial Two

  • What Authentication is possible given constraints

    • something we know

    • something we have

    • something we are

    • something we do

  • If we can’t be sure, at least be safe


Step 2 trial two1

Step 2. Trial Two

SSID: Well Known SSID

Open Authentication

Where is my Access Point “Well Known SSID”

Where is my Access Point “Well Known SSID”

Here I am. Come on in

Here I am. Come on in


Step 2 trial two2

Step 2. Trial Two

SSID: Well Known SSID

Open Authentication

1) Give Me Security Parameters

Give Me Security Parameters

Hang on a sec

Unable to guarantee unique access

Access to all denied


Step 2 trial 2 attack

Step 2. Trial 2 Attack

  • Attacker just Associates and Listens


Trial 3

Trial 3.

  • Use Trial 2 Method for Authentication

  • Use SSL for Encryption


So whats the problem with ipsec

So Whats The Problem with IPSec?

  • Network Protection is a huge Consumer Market

  • People are beoming concerned with Security and look to IPSec for help

  • My GrandMother cant use it


Network address translation

Network Address Translation

192.168.1.100

192.168.1.101

172.204.19.32

Internet

192.168.1.100

192.168.1.101

62.2.12.17

Local Area Network (LAN)

Wide Area Network (WAN)


The roadwarrior ipsec problem

The RoadWarrior IPSec Problem

  • With common implementations the IP Address need to be known a priori or else a global shared secret is used for Authentication

  • Mobility and NAT make it hard to predict the IP Address


Roadwarrior solution

2. Client configured

Web Install client software

Configure address of Home Gateway

3. Client software connects

Logs on to HTTPS

Initiates the IPSec VPN

1. Gateway configured

SSL Username, password

4. Gateway accepts

Authenticates Client by password

Figures out current Client IP Address

Provisions IPSec for Client IP Address

Joins Client to Protected Network using IPSec VPN

IPSec VPN Tunnel

RoadWarrior Solution

HTTPS

Protected Network

Home

Gateway

Internet

Road Warrior Client


  • Login