Introduction

On Monday, we introduced the topic of network security.
We discussed some capabilities that we'd like for a secure network communication protocol:
- confidentiality - scramble data so eavesdropper can't read (encrypt), but so still can be read by receiver (decrypt),
- traffic confidentiality - scramble who is the intended receiver or other header details of the traffic,
- integrity - make sure the same data arrives as was sent (bad guys don't insert or change stuff),
- authentication - make sure the receiver and sender know who they are really communicating with (bad guys can't fake being one or the other).
We also mentioned we'd like control over who accesses what on our networks, so bad guys don't get to do bad things (access control).
We mentioned we'd like to keep our networks available for their intended uses by preventing denial of service (DoS) attacks.
As we only have a fraction of a lecture to talk about network security, we will talk today about the SSL/TLS protocol as an example of a system to ensure confidentiality, integrity, and authentication and discuss firewalls as an example of an access control system. Firewalls could also be part of a strategy to avoid DoS attacks.
We begin by going into more detail about the last topic of Monday: Ciphers.

Secret-Key Ciphers, Block Ciphers

On Monday, we said a (secret-key) cipher was a pair of two argument functions: `E(m, k) = c` and `D(c, k) = m` with the property `D(E(m,k), k) = m`.
Here `E` is an encryption function which takes a message string (aka plaintext) `m` and a (secret) key `k`, and outputs a string `c` called the ciphertext. In the above, `D` is a decryption function which takes a ciphertext `c` and a key `k` and outputs a message. The property `D(E(m,k), k) = m` means encrypting and decrypting with the same key results in the original message.
There are many choices of `E` and `D` so that if we encrypt with `E(m,k)` to make `c`, it is hard to find `m`, even knowing `D`, unless we know the key `k`. For example, DES (Digital Encryption Standard), AES (Advanced Encryption Standard).
Given a fixed number of bits key, these standards operate on message blocks of a fixed size (64 bit message blocks, 56 bit key for DES, 128, 192, or 256 bit blocks for AES) and output ciphertext of a fixed number of bits. I.e., they are block ciphers.
To encrypt longer strings with a block cipher, we break a message `m` into blocks `m_1, ..., m_n`, each of suitable length for the block cipher. Then:
- To avoid replay attacks (using the fact that someone sent the same message twice), we pick a random initialization vector (a random string of the block length) IV and output:
  `E(IV, k) = c_0`, `E(m_1\ XOR\ c_0, k) = c_1`, `E(m_2\ XOR\ c_1, k)`, ... `E(m_n\ XOR\ c_{n-1}, k)`
  in a process called cipher block chaining (CBC).
- Alternatively, we could use some kind of counter such as:
  `E(IV, k) = c_0`, `E(m_1\ XOR\ IV+1, k) = c_1`, `E(m_2\ XOR\ IV+2, k)`, ... `E(m_n\ XOR\ IV+n, k)`
  if we don't want to depend on previous blocks. This is called counter mode.
Secret-key block ciphers are fast and can be used for confidentiality.

Public-Key Ciphers, Signatures

To perform authentication, and to achieve data integrity, public-key ciphers are often used.
Such a cipher consists a function `E(m, k)` that works with pair of keys: `(s_k, p_k)`, where `s_k` is the private key, and `p_k` is the public key, such that
`E(E(m, s_k), p_k) = m` and `E(E(m, p_k), s_k) = m`.
To be useful, we want for such a cipher that it is hard to find `m` knowing only `E(m, p_k)` and `p_k`.
Several public-key ciphers have been proposed which seem to be able to achieve this: RSA, discrete log systems, elliptic curve cryptography systems, McCliece, Shortest Lattice Vector Problems systems, etc.
All of these ciphers are much slower than block ciphers, so they typically play an auxiliary role in securing network traffic.
For a given user, say Alice, the public key, `p_A`, is made available to world (different ways to do this, but if you know where Alice is you can just ask for her for it), while the `s_A`, is kept private to herself.
If Bob wants to get Alice to sign some document `m`, at a simple level, he can compute `E(m, p_A)`, send it to Alice and Alice could decrypt this to get `m`.
Given `m`, she can apply a cryptographic hash function `h(m)` (MD5, SHA-256) to make a short string of fixed length based on `m`. A cryptographic hash function is a function `h` such that given `h(m)` it is hard to find an `m' ne m` such that `h(m)=h(m')`. She could then compute E(m concat E(h(m), `s_A), p_B)`.
Bob can decode this using his secret to see the original message `m`, and can use Alice's public to key to find `h(m)`, and finally, the check the hash. This is an example of a digital signature scheme.
Notice a signature can help sure the integrity of a message. Another approach to integrity is to take the message m and concatenate of a secret string s (known to sender and receiver) then hash the result. The result is called an HMAC (hashed message authentication code).
Public Key Infrastructure (PKI) is build up using a certificates.
A certificate typically contains encrypted details of a person or business like address, etc. For some well known companies (root authorities, for example, Verisign), this certificate is just encrypted using that authority's secret key. Using their public key it can be verified that the certificate contains details about the given company.
Second tier and higher tier certificates are made by first making a document with business details, a certificate signing request, then getting a lower tier certificate authority to sign it, then finally encrypting the result with the business' secret key.

Transport Layer Security (TLS)

TLS is a series of standards beginning with the Secure Socket Layer (SSL) 1.0 around 1993-1994 to the most recent standard TLS 1.3 (2018) specifying how two hosts can agree on a secret key and a block cipher to encrypt communication with.
It operates at the level just below the application layer. A similar protocol known as IPSec (usuable with IPv4 and baked into IPv6) operates at the network level.
Often TLS is called by the original name SSL.
TLS is typically used to secure HTTP (called HTTPS) traffic and to secure email traffic.
Here are the rough sequence of messages used to choose a secret key and a block cipher:
- First, a socket connection is made to the server.
- Then the client attempts to establish an SSL connection with the server:
- The client sends a cipher list, and a random string RA (nonce).
- The server replies with a certificate signed by some certificate authority, a cipher its willing to use from clients list, and a nonce RB.
- The client checks if the certificate has been signed by a certificate authority it knows by applying public keys of known authorities to the certificate, if it checks, a pre-session key is created and encrypted with the server's public key, this is sent with encryptions of hashes of previous messages, making use of the nonces and a client literal string.
- The server replies with a hash of the previous messages, a server literal, and a key made from a hash of the pre-session key and the nonces.
- Secure communication is then done using the hash of the pre-session key and the two nonces, as the session key.

Firewalls

Another important issue in configuring a network is setting up and maintaining a firewall.
A firewall is a network appliance or application that controls access to a network, or a host on a network, based on inspecting the network traffic flowing through it.
There are two common styles of firewall, those that look at the packet headers and determine if the packet should be allowed; and those that look at the target application of the packet and determine if it should be allowed.
The firewalls built-in to Windows and Macos are mainly of the latter type and usually have a relatively easy to use GUI interface.
We will look at the packet-based firewalls which tend to be a little more sophisticated and are often run from the command line.
Sometimes one further sub-divides packet filters into plain packet filters (operating more at the network layer) and stateful ones (can track TCP connections and some UDP traffic, but slower).
Macos comes with one such tool called pf; Linux has iptables which is based off of the earlier ipchains.
Both of these support both static and dynamic rules. They also support the ability to do traffic shaping.

Running a Firewall

To use pf and iptables, you usually need to run commands as either root or use sudo.
In this short intro, we will only hint at their capabilities.
The main configuration file for pf is in:
/etc/pf.conf .
We can add to this file the following two lines which create a new table badhosts which is specified by the ip addresses in a file and then block all the ip addresses in that table:
```
table <badhosts> persist file "/etc/pf.anchors/badhosts"
block on en0 from <badhosts> to any
```
The folder /etc/pf.anchors contains some of Apple's pre-defined firewall rules.
The command that controls what pf is doing is pfctl.

Here are some examples of its use:

To turn on/enable pf:
 sudo pfctl -e
To turn off/disable pf:
 sudo pfctl -d
To see current content of the badhosts table:
 sudo pfctl -t badhosts -T show
To reload the rules pf uses:
 sudo pfctl -f /etc/pf.conf
To see info about what pf is doing:
 sudo pfctl -s all

For iptables (note there is also an ip6tables for ipv6 traffic), to see all of the rules that are currently being used by your firewall you can do a command like:
```
iptables --list  (or iptables -L)
```

To add a basic rule in iptables you might do:

iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT

The command to delete a rule for iptables -D or --delete followed by the whole rule.
Notice for both we specify the protocol. In the example above, it was tcp. You could also say udp.
We could have say DROP rather than accept for iptables.
-s is for sourceid; -d is for destination address in iptables.
To keep your rules between system restarts you can use a package like iptables-persistent.

Application Layer

For the rest of today, we will talk about the top layer in the OSI model: the Application Layer.
We will look at four traditional network applications which are built on top of TCP: SMTP, POP, IMAP, and HTTP.
We will see that these applications can often be used over TLS security.
We will then conclude the semester by talking about one infrastructure application: DNS.
As DNS is built over UDP, this will serve to illustrate how when developing network applications we should follow a systems approach and choose the underlying networking protocols based on the system we are developing.

E-mail

E-mail is distributed using a collection of application layer protocols:
- SMTP (for sending e-mail between servers). The typical thing to imagine is that Server A has a set of users and Server B has a set of users. Then a mail message from a user on A can be sent to one on B, and put into a "drop-box" there.
- A user A wanting to send email to a user B can use SMTP either directly to the server that user B uses or can send it to their mail server who then relays to user B's server.
- SMTP can also be used to relay messages. When Server A and B cannot directly communicate, but Server A knows Server C is allowed to talk to B and is willing to relay, then you could go from A to C to B.
- POP3, IMAP for reading e-mail. These are used from a client on a machine different than the mail server and allow a user of a Server to read and manipulate the contents of their drop-boxes.
sendmail and postfix are some examples of open-source SMTP servers.
courier and dovecot is an example of mail transfer agent which supports POP3 and IMAP as well as several other protocols.

SMTP

Stands for Simple Mail Transport Protocol.
It uses port 25.
A sample session with an SMTP server might look like:

S: 220 myname.edu
C: HELO client.domain 
S: 250 Hello client.domain, pleased to meet you 
C: MAIL FROM: bob@client.domain 
S: 250 bob@client.domain ... Sender ok 
C: RCPT TO: sally@myname.edu 
S: 250 sally@client.domain ... Receiver ok 
C: DATA 
S:354 Enter mail, end with "." on a line by itself 
C: How about lunch? 
C: . 
S: 250 Message accepted for delivery 
C: QUIT
S: 221 myname.edu closing connection

Format of Mail Messages

E-mail messages consist of a header followed by a blank line followed by the contents of the message.
A E-mail header consists of a sequence of lines the form
something: value
A header must have a From: and To: line.

An example might be

From: bob@client.domain 
To: sally@client.domain 
Subject: lunch?
How about lunch?

For non-ASCII data one can specify MIME header -- Multipurpose Internet Mail Extension header, such as Content-Type: and Content-Transfer- Encoding:
The receiver server will often append to the header Received: lines saying when the letter got to the server and whether it was forwarded through any other servers.

Additional SMTP Command

Although all server support HELO, if you want to signal to the server that you are a more modern sender of mail, you use:
```
ELHO client.domain
```
instead.
To use encryption, before issuing the HELO/ELHO command, a client can issue
```
STARTTLS
```
command.
Many email servers only accept mail when encryption is used. If, as a human, you want to try to send mail to such a machine, you can use:
```
openssl s_client -starttls smtp -crlf -quiet -connect pollett.org:25

or

openssl s_client -starttls smtp -crlf -quiet -connect pollett.org:587
```
Here 25 and 587 are port numbers. 587 usually defaults to secure mail. Once connected you can issue usual SMTP commands.
The flag -debug can be added to the above if you want to see a complete hex dump of the transmissions that are sent back and forth in addition to the text.

If you need to authenticate before sending mail for some server, you can try to use plain authentication or login authentication:

C: AUTH LOGIN
S: 334 some_base64_string
C: my_base_64_login_for_machine
S: 334 some_other_base64_string
C: my_base_64_password_for_machine
S: 235 Authentication successful

POP3

POP (Post Office Protocol) is a very simple protocol for a mail client to communicate with a mail server to find retrieve the mail for a particular user.
A POP server listens to port 110.

A client connecting to such a server might do:

telnet mailserver 110 
+OK POP3 server ready 
user bob
+OK 
pass secret 
+OK user successfully logged on

The client can then issue commands such as:
- list - which returns what messages are available and how big they are;
- retr n -- retrieves message n,
- dele n -- deletes message n, and
- quit -- ends the session.

IMAP

IMAP (Internet Mail Access Protocol) is a more sophisticated protocol which has the same role as POP3.
Beyond the functionality of POP, it supports marking messages as read, multiple folders, moving messages between folders.

HTTP

HTTP stand for hypertext transfer protocol.

One can connect to a web server using HTTP as follows:

C: telnet www.cs.sjsu.edu 80
S: Trying 130.65.86.46... 
   Connected to www.cs.sjsu.edu. Escape character is '^]'.
C: GET /index.html HTTP/1.1 
   Host: www.cs.sjsu.edu
   [blank line]
S: HTTP/1.1 200 OK 
   Date: Thu, 10 May 2007 18:37:34 GMT 
   Server: Apache/2.2.2 (Fedora)
   Last-Modified: Mon, 07 May 2007 22:38:22 GMT 
   Accept-Ranges: bytes
   Content-Length: 9700
   Connection: close
   Content-Type: text/html 
   [blank line]
   document

The client always sends the first message.
Besides the command GET (which requests a web document), a client can also issue commands such as POST, HEAD, etc.
After the command line, the client can provide additional lines of the form "field:value". If HTTP/1.1 is being used, at least one of these fields must be the Host field.
Then the client has a blank line and the server can start its response.
The first line back says a status code for the response. In the above HTTP/1.1 200 OK means the request was successful.
Then, as with client, the server can have one or "field:value", followed by a blank line followed by any document data that will be sent back.
HTTP/1.0 and HTTP/1.1 protocols are plain text like the above and are still supported by all major web servers.
HTTP/2.0 and HTTP/3.0 (like HTTP/2.0 but over QUIC) use a binary format for commands and headers, but the commands and headers themselves are the same.

In-Class Exercise

Using openssl make an HTTP/1.1 request on port 443 for the Yahoo homepage and get the response.
Since you are using HTTP not SMTP, don't need -starttls smtp. Record the transcript.
Please post your solution to the May 10 In-Class Exercise Thread.

The Domain Name System (DNS)

To refer to a process on the internet we need to give an IP address and a port.
These numbers are not very convenient for people to use, ASCII names would be better.
An Arpanet scheme to solve this problem was to have a file hosts.txt in which host names in ASCII together with IP addresses were listed. Then if a connection was attempted to the ASCII name, a look up of the IP address was done.
As the internet grew it became impractical for each machine to maintain a complete list of all hosts.
Instead a hierarchical system called the Domain Name System (DNS) was developed to solve this problem.
To map a host name onto an IP address an application layer program calls a library procedure known as a resolver (for example, InetAddress method getHostAddress() in Java).
The resolver sends UDP packets to a local DNS server (Port 53), which then looks up the name and address and returns the IP address to the resolver.

Still More on DNS

Every domain can have a set of resource records associated with it.
The most common resource record is just its IP address, but many other resource records also exist.
When a resolver gives a domain name to a DNS server what it gets back are the resource records associated with the name.
A resource records has the format:
Domain_name Time_to_live Class Type Value
This is the domain name to which the record applies, how many seconds the record is good for, for internet information the class will always be IN, and the type says what kind of records it is: SOA -(start of authority) parameters for this zone, A - IP address, MX - mail exchange, NS- name server of the domain, CNAME -- domain name (used for aliases), PTR -- alias for an IP address, HINFO -- host CPU and OS, TXT -- anything the register wanted to add
It is completely possible for the domain name to be the same for an A record and an MX records, but to have different IP addresses. So the mail server for that entry would be different than where the rest of the traffic would go to.

Name Servers

The DNS name space is divided into non-overlapping zones.
Each zone contains part of the name tree and has name servers holding information about that zone.
A zone will typically have a primary name server which gets information about that zone on disk, as well as one or more secondary servers.
Zone boundaries are set-up by the given zone's administrators.
When a host does a DNS lookup, it first checks its cache, if it misses it contacts the local DNS server, which in turn acts as a resolver as follows.
When the local DNS server/resolver has a query it looks in its local cache, if the cache misses, it asks a root name server.
The resolver then gets the name server for the domain requested (the NS record). It also gets the A record corresponding to this NS record. It then queries that to find the name server for the subdomain, and so on, until the name is finally resolved.

Finish Security - The Application Layer

Outline