Cryptographic Tunneling and the OSI Model
Write a paper consisting of 500-1,000 words (double-spaced) on the security effects of cryptographic tunneling based on an understanding of the OSI (Open Systems Interconnect) model (Review the OSI Simulation in the Week 3 Lecture).
Provide input on the type of cryptographic tunneling protocols (e.g., L2TP, IPSEC, SSL, etc.) that may be used, the layer(s) of the OSI at which each operates, and also recommend how they may be implemented. Cryptographic tunneling is inherent in building any common virtual private network (VPN).
This is the lecture material that was provided.
Cryptography and Telecommunications
|The History of Cryptography|
It must be that as soon as a culture has reached a certain level, probably measured largely by its literacy, cryptography appears spontaneously–as its parents, language, and writing probably also did. The multiple human needs and desires that demand privacy among two or more people in the midst of social life must inevitably lead to cryptology wherever men thrive and wherever they write (Kahn, 1996, p. 84).
Cryptography: Cryptography is a discipline that embodies principles and methods for the transformation of data to hide its meaning, establish its authenticity; and prevent its undetected modification, repudiation, and unauthorized use. Cryptography is an old art. We know that the ancient Egyptians were using cryptographic techniques in 1900 B.C. The oldest known example is on the tomb of the Egyptian nobleman Khnumhotep II. For more of this history, you might find a tour of the National Security Agency’s National Cryptologic Museum interesting, but this is not required for this class. The National Cryptologic Museum tour can be accessed at the following link:
Forms of cryptography: There are two basic forms of cryptography: secret-key cryptography and public-key cryptography. These forms of cryptography are different because they use cryptographic keys in different ways.
Secret-key cryptography: Secret key cryptography is the original form of cryptography. Let us deal with text at this point, and think of text as a string of characters. An understandable string of characters is called a plaintext. If we have a plaintext and we want to hide its meaning, there are basically two things we can do: We can rearrange the letters in the plaintext, or we can substitute the letters in the plaintext with other letters. These are the two forms of secret writing. They are called transposition and substitution methods, respectively. The text that results from encryption, which is the application of cryptography, is called the ciphertext.
|Note of Interest – Codes and Ciphers|
The discussion here is about ciphers. Another form of cryptography uses codes which substitute words for words or words for phrases. Codes use some sort of codebook that has the translation between plaintext and code. Encoding is a very powerful form of cryptography and is used with information technology, but is not the primary form of cryptography that we find in commercial products.
Elements of cryptography: You can probably see that the transposition produces a ciphertext that has the same letters as the plaintext, while the substitution produces a ciphertext that has the same number of letters, but the letters are changed (in this case, to the next letter in the alphabet).
Cryptographic key: It might seem from this simple example that substitution produces a better ciphertext than transposition, but that is not the case at all. Regardless, the bottom line is that any good encryption method will use both substitution and transposition several times. The methods used in encryption are called cryptographic algorithms. Essentially, a cryptographic algorithm is a series of substitutions and transpositions performed in a particular sequence according to a key. A key is a bit of secret text that is used to drive the substitutions and the transpositions within the algorithm. That is, for a single algorithm, if the key is changed, the resulting ciphertext produced from the same starting plaintext will be different.
Shared secret: So if two people want to communicate with one another and do not want anyone else to be able to understand their communication, they need to use the same algorithm and the same key; the real problem is to ensure that they are the only people who know that key. That is, cryptography is based on the idea of a shared secret. A very important factor in cryptography, then, is to keep that shared secret a secret by only sharing it with those who are part of the group.
Decryption and cryptanalysis: By the way, cryptography consists of encryption and decryption. We just learned about encryption, which produces a ciphertext from a given plaintext. Decryption reverses encryption to produce the original plaintext from a given ciphertext. You can think of it as a reverse process. As an aside, decryption without knowing the key, that is through analytic processes, is called cryptanalysis.
Symmetric cryptography: As you have probably already realized, the case of two people wanting to communicate privately is not the normal situation, although that is sometimes the case, especially when the communication is through magnetic, optical, or solid-state media rather than through network communications. It is more likely, and more common, that groups of people want to communicate privately with other groups of people. So while secret-key cryptography can certainly be used for one-to-one communication, it is more commonly used to protect information between secure sites or secure computers that share information, rather than between individuals. The U.S. government standard for shared secret cryptography, more commonly called symmetric cryptography, is the Advanced Encryption Standard (AES).
Blocks and streams: One final point is that symmetric cryptography can operate on streams of data or on blocks of data. Stream ciphers, as they are called, use algorithms that encrypt each character as it passes through the cryptographic algorithm and decrypt the resulting ciphertext in the same way. Block ciphers, as they are called, use algorithms that encrypt blocks of characters all at the same time as those blocks pass through the algorithm, and decrypt blocks as well. You might consider where symmetric cryptography fits and where it does not fit in the OSI model that you have been studying, and particularly what the overall effect of that cryptography would be.
Public-key cryptography: In the late 1960s, a new form of cryptography became public knowledge through the work of Diffie and Hellman. Their idea was to split the shared secret into two parts: a shared part and a secret part. In this way, the shared part could be shared widely, while the secret part could be kept secret. The shared part was (and is) called a public key, while the secret part was (and is) called a private key.
- Every subject who is an authorized user would be assigned a unique public key, and all of those public keys would all be stored in a repository to which all authorized users have access.
- Every user would generate a private key from his or her assigned public key (together with a specially chosen password known only to that user). The private key is formed in such a manner that it will convert ciphertext produced with the public key to plaintext (and vice versa). Note that each public key and private key form a pair, and are not related to any other public key or private key.
Digital signing: Now, it is also the case for many public-key cryptosystems that a text string encrypted with a private key can also be decrypted with the corresponding public key. This is the idea behind digital signing. Let us say that Jack wants to make sure that Jill can tell that the message is from Jack. So Jack uses his own private key to encrypt a special text string. When Jill receives Jack’s message, she still decrypts the message using her private key, but now she also can ask the cryptographic system to find Jack’s public key in the key repository and use it to decrypt that text string. In most systems, Jill does not have to ask to have this done; rather, the signature is checked automatically. This text string is specially constructed as will be discussed below, but the fact that Jill can decrypt this text string using Jack’s public key means that it could only have been encrypted using Jack’s private key, which only Jack has, and therefore the message must be from Jack. Notice that digital signing uses the sender’s private key and the sender’s public key.
The hash value: The text string that Jack encrypts with his private key to form his digital signature is a special text string. It contains a value that is calculated from the message that Jack is sending to Jill. That value is called the hash of the message, or digest for the message. The hash value is calculated as a function of the message, and that value is encrypted with Jack’s private key. This means that if Jack’s public key can correctly decrypt the digital signature, and the resulting hash value matches a new hash value calculated for the same message, then the message is from Jack and it has not been changed since Jack signed it. This hash value therefore validates the integrity of the message, and the authenticity of the message.
Time: The time that Jack signed the message is sometimes (usually) very important, so messages can also be time-stamped with the time of creation of the digital signature so that Jill can tell that the message from Jack is a current message, and not an old one that has been resent for some reason.
|Messages and Data|
We have been looking at the OSI model throughout this class. If you go back to the OSI simulation from Week 3, you will notice that messages pass between protocol layers and between the corresponding layers on the sending and receiving side of the protocol stack (corresponding layers on sending and receiving sides of the protocol stack are called
apposite). These messages are contained in headers, and those headers contain information or messages for the apposite layer, as well as for the next higher layer in the protocol stack. Within the whole protocol package, though, there is data that was sent into the protocol stream from an application–that might be the actual text message sent by Jack to Jill.
Symmetric cryptography again: You should now understand that asymmetric cryptography is used to encrypt and decrypt messages and symmetric cryptography is used to encrypt and decrypt data. In fact, one of the functions of a public-key system is to distribute symmetric keys to recipients so that they can use those symmetric keys to privately encrypt and decrypt data, but that is beyond the scope of this class. In the normal case, for reasons of efficiency, data is normally encrypted using symmetric cryptography and messages with asymmetric cryptography.
|A Note of Interest – Secure Socket Layer (SSL)|
Secure Socket Layer: The question seems to arise as to whether a particular security solution is a public-key solution or a private-key solution. The answer is usually that either it is a shared secret-key solution alone, or it is a combination public-key and secret-key solution.
You see, symmetric cryptography is the better choice for encryption and decryption of data because it is efficient. Asymmetric cryptography is the better choice for encryption of messages because it is very flexible. In fact, a standard use of public-key cryptography is to distribute secret keys to entities that have been authenticated through public-key encrypted messages. Let us look at a particular solution in a little more detail.
Secure Socket Layer (SSL) is actually two protocols that reside between TCP and HTTP (or FTP or SMTP). We will assume HTTP for simplicity.
The SSL handshake protocol expects to accept an X.509 certificate from each user of the SSL session (that contains a public key for that user). These public keys are used to calculate a
Public-Key Infrastructure (PKI): Public-key cryptography is usually called asymmetric cryptography. As you can probably tell, the use of such a cryptographic system for a large organization requires that keys be managed carefully–both public and private keys. But public keys must be made available to every authorized user, while private keys are made available only to individual users. An infrastructure is needed to manage such a capability, and that infrastructure is quite naturally called a Public-Key Infrastructure (PKI). The following Flash presentation provides an introduction to PKI and asymmetric cryptography.
Click below to open the Flash presentation (required viewing). This tutorial instructs on the use of a Public-Key Infrastructure in order to allow parties to communicate via the Internet in a more secure fashion. Both encrypted and unencrypted messages are addressed, along with a discussion of the OSI model and link-level encryption.
Public-Key Infrastructure (PKI)
|A Note of Interest – PKI and Symmetric Keys|
You may have been mildly surprised that SSL uses symmetric keys that are generated from public keys (or through a Diffie-Hellman exchange) to encrypt the actual data sent through an SSL session. The same is true for most asymmetric exchanges using Public-Key Infrastructures. The infrastructure guarantees, using asymmetric cryptography, that the public keys found in certificates belong to the user to whom the certificate is assigned. However, when data of more than a few characters are to be exchanged across a PKI-supported session, it is common practice for a
symmetric secret master key to be generated by the system and delivered to the participants in a session encrypted under their public keys. The user’s system decrypts the secret master key using the individual’s private key. This symmetric secret master key is then actually used to encrypt the data content of the packages that are exchanged, while the public key is used to encrypt the messages.
The secret master key is active for the duration of a session, and when the session is terminated, the key is destroyed. This means that it is technically feasible to have several simultaneous sessions on a single connection with assurance that they will not leak information to each other. This capability is rarely (if ever) used, however, due to concerns about interference, reliability, and availability.
Telecommunications and Firewalls
Providing reliable and secure access to computing resources is a serious charge for security professionals.
|Note of Interest – A Very Large Domain, Indeed!|
The study of telecommunications security fills many volumes, but here we will concentrate on the nature and use of firewalls for network security (see Objective 10). You have also learned about cryptography, the OSI model, and virtual private networks in this class. It is highly recommended that you continue your study of telecommunications security with introductions to e-mail security, Internet Protocol security, web security, and network security management for a complete understanding of the Telecommunications, Networks, and Internet Security Domain.
A firewall is a set of security controls with four distinct goals.
- All network traffic that enters or exits an entity, such as a network, a host, a device, or an application, must pass through the firewall. This means that all other possible access to the entity is blocked.
- Only authorized traffic, as defined by security policy, will be allowed to pass into or out of the firewall.
- The firewall is simple enough to be thoroughly evaluated.
- The firewall cannot be tampered with.
You might note that the security goals of a firewall are exactly the goals of the Reference Monitor discussed in Week 3, though the language is slightly different.
Every firewall also uses some specific techniques to meet its goals. They are as follows:
- Object control: A firewall allows certain objects to pass through it once it is shown to meet the security policy, and blocks others even though they may have been able to meet the security policy.
- Direction control: A firewall determines the direction in which a particular object request will be honored. This can allow, for example, e-mail to be sent but not received.
- Subject control: Controls access to the entity it is protecting, based on authenticated identification of the subject.
- Behavior control: Controls how particular objects are used. For example, the firewall may filter spam from an e-mail message, or allow access to only a portion of a protected object.
A firewall is essentially a choke point that controls access between subjects and objects that it protects. There are several types, some of which are listed below.
- A packet-filtering bridge is an OSI Layer 2 mechanism. A firewall can apply data-link controls to permit or deny an association between data-link layer devices.
- A packet-filtering router is an OSI Layer 3 mechanism. The firewall can apply a security policy to each IP packet that enters the router and either allow that packet to pass, or discard it based on information contained in the packet, including the source address, the destination address, port numbers, and other information.
- Application-level gateway is an OSI Layer 4 mechanism. Also commonly called a proxy server, a gateway can relay application-level traffic (such as File Transfer or Telnet), or block it, based on a security policy. An application-level gateway is also a very nice place to audit incoming and outgoing application traffic.
- A circuit-level gateway is a specialized OSI Layer 4 mechanism. It interposes itself into a transport-layer connection, splitting it into two separate connections, and manages the flow of information through the Transport protocol (nominally TCP in real networks) as two separate connections. A circuit level gateway is said to “break the circuit.”
- A bastion host is an OSI seven-layer mechanism that can support either an application-level gateway (proxy), a circuit-level gateway (circuit breaker), or both. A bastion host is a minimal host, stripped of applications and utilities that are normally delivered with a computer system. It may even resemble a security kernel, as mentioned in Week 3.
- A proxy is a software server that substitutes itself for a subject and can be used in a variety of different ways. A proxy is often referred to as an application-level firewall. It is a mechanism that protects a specific application or service from unauthorized use. It is built in to, or for, the application interface, protocol, or service to control incoming and outgoing access requests. A proxy server is generally an application-level firewall that will only support the connections and services allowed by the security policy, and will block all others. The proxy is also minimized to the smallest bit of software needed to carry out its functions, and is able to be thoroughly evaluated. For example, a firewall might well support an HTTP proxy and no others. In that case, only the HTTP protocol would be able to pass through the firewall, and it would pass through the proxy server for validation of content.
It is standard practice to combine these mechanisms in various ways to achieve the intended policy for the firewall. That is, it should not be the case that a company installs a firewall; a firewall is put into place to enforce a policy. Let us look at a couple of configurations that seem to be common.
- A screened host firewall consists of a packet-filtering router that sits on the network side (the external side) of a bastion host. The bastion host controls access to an information server, which contains information to be shared through the screened host firewall. The bastion host may also permit certain requests to pass to the internal infrastructure of the organization.
- A screened-subnet firewall, or demilitarized zone, consists of two routers with a bastion host between them. The bastion host has access to an information server. The bastion host allows an external subject access to the information server, but does not allow internal subjects to exit the external router and does not allow external subjects to enter the internal router.
- A dual homed, screened host firewall is also a demilitarized zone, but in this case, the bastion host does not allow internal subjects to access the information server except for the process that updates the information in the information server. The bastion host does allow external subjects to access the information server.
You might consider the overall policy each of these configurations implements, and think through how you might implement other policies using Layer 2, Layer 3, Layer 4, and application firewalls.
Virtual Private Networks (VPN): Traditional virtual private networks are Layer 2 controls. They can be used to establish multiple logical networks on a single communication medium, using cryptographic isolation. This allows, for example, an encrypted virtual private network to be secured on a commercial, nonsecured communications medium. These VPNs have been in existence for many years. Newer forms of virtual private networking operate between Layers 3 and 4, and between Layers 4 and 7. VPNs can be established from firewalls and are often part of the solution to specific security policies.
|Note of Interest – VPNs|
L2TP: Protecting a network at Layer 2 is possible if the owner has installed or leased a dedicated communications facility between sites. The security services that one can achieve at Layer 2 are strong site-to-site authentication, confidentiality, a continuously authenticated channel, antispoof protection, and traffic flow security. If a firewall or equivalent function is used for traffic flow security, it is inserted before the link cryptography. Many refer to Layer 2 VPNs as
IPSEC: At Layer 3, networks support dynamic routing and switching of information and may offer more affordable communications than Layer 2 solutions. With a layer-protected system, one only has to enable access control features to allow new connectivity. Layer 3 VPNs allow superior cost control (volume control) and continuous site-to-site authentication, and they provide flexibility for adding new nodes. Many refer to Layer 3 VPNs as
SSL: Layer 4, the Transport Layer, is the first layer in which security services can be broken out per application. Layer 4/7 VPNs are used to control access by actual users to applications such as portals and databases. Layer 4/7 solutions are very good for control of remote user access. But Layer 4 security services must be implemented in end systems and are subject to all the invocation concerns of application-layer services. This means that an SSL solution may need to be supported with
Firewalls and security operations: Regardless of the type of firewall and the mechanisms used, a firewall is a particularly good place from which to collect readiness information for the operations center that we discussed in Week 4. We can look at a firewall as a sensor, or a set of sensors, that can detect and prevent possible intrusions. Reporting on rejection rates for particular access requests should be made part of the firewall mechanism. We will talk more about this next week when we discuss intrusion detection and prevention systems. You also might notice that the purpose of a firewall is to maintain the known good state of the entities that it protects, and that a firewall is an element of defense-in-depth.
That’s it for this week. Next week, we will talk about some of the more futuristic aspects of Information Security, though we will find that the future is coming ever more quickly, and by the time you read this, the future may be the present!