Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Ip Sec Rev1

Download as PPT, PDF
Ram Dutt Shukla
Ram Dutt Shukla

IPSec provides a framework for securing communications over IP networks by authenticating and encrypting IP packets. It includes protocols for authentication headers and encapsulating security payloads to provide integrity, authentication, and confidentiality. Key management protocols like Oakley and ISAKMP are used to securely establish security associations between communicating parties to protect data flows.

1 of 54
IP Security
Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations of Security Associations Key Management
TCP/IP Example
Security facilities in the TCP/IP protocol stack
Need for IPSec Application level security services Electronic mail S/MIME, PGP Client Server Kerberos, X.509 Web access SSL, TLS, SET Enterprises need security at IP layer To protect security ignorant applications Additional security to applications with security mechanisms Establish private secure network
IPv4 Header
IPv6 Header
IP Security Overview IPSec is not a single protocol. IPSec provides a set of security algorithms IPSec provides a general security framework for a pair of communicating entities Across LAN, Private & Public WANs Across Internet
IP Security Overview Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establsihing extranet and intranet connectivity with partners Enhancing electronic commerce security
IP Security Overview Benefits of IPSec Better firewall protection Transparent to applications (below transport layer (TCP, UDP) Provide security for individual users IPSec can assure that: A router or neighbor advertisement comes from an authorized router A redirect message comes from the router to which the initial packet was sent A routing update is not forged
IP Security Scenario
IP Security Architectures Integrated architecture Supported in IPv6 Difficult to implement in IPv4 Bump in The stack (BITS) for IPv4 Between Data link and IP layers Bump in The Wire (BITW) Hardware implementation
IPSec RFCs IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 RFC 2408: Specification of key managament capabilities
IPSec Document Overview
IPSec Services Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity
IPSec protocols Authentication header (AH) Encapsulating security payload (ESP) ESP with Authentication
Protocols vs services ESP(encryption and authentication) ESP(encryption only) AH yes yes no Limited traffic flow confidentiality yes yes no confidentiality yes yes yes Rejection of replay attacks yes yes Data origin authentication yes yes Connectionless integrity yes yes yes Access control
IPSec modes of operations Transport IPSec protects IP payload IPSec headers added before IP payload No change in IP header Tunnel IPSec protects total IP packet IPSec headers encapsulates IP packet New IP header is created
Discussion onTunnel and Transport mode Tunnel mode header order New IP hdr->IPsec hdr->old IP hdr->IP payload BITS or BITW architecture Choice for VPN Transport mode header order IP hdr->IPSec hdr->IP payload IPSec integrated architecture End to End security
Security services Encrypts inner IP packet. Authenticates inner IP packet. Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header ESP with authentication Encrypts inner IP packet Encrypts IP payload and any IPv6 extesion header ESP Authenticates entire inner IP packet plus selected portions of outer IP header Authenticates IP payload and selected portions of IP header and IPv6 extension headers AH Tunnel Mode SA Transport Mode SA Protocols
Security Associations (SA) One SA for one way relationship between a sender and a receiver Two SAs for two way relationship One SA for one protocol Uniquely Identified by three parameters: Security Parameter Index (SPI) Each SA identified by a bit string Carried in Ah & ESP headers IP Destination address Security Protocol Identifier
SA: Other parameters Seq num cntr : 32 bit value Seq cntr overflow: overflow flag Anti replay window: to find if incoming AH or ESP is a replay AH info: algo, keys etc ESP info: algo, keysetc Life time of this SA IPSec mode: transport, tunnel Path MTU:
Security Policy database (SPD) Each entry in SPD define a subset of IP traffic Selectors for IP and UL protocol values Points to an SA for that traffic Multiple entries -> single SA Multiple SAs -> single entry
SPD selector entries Dest IP address SRC IP address UserID Data sensitivity level ( Classification) Transport layer protocol:IPv4/IPv6 IPSec protocol: AH or ESP or both SRC dest ports IPv6 class IPv6 flow label IPv4 TOS
Authentication Header Provides support for data integrity and authentication (MAC code) of IP packets. Guards against replay attacks.
Anti-replay service Use of seq number field- 32 bits On each SA it is initialised to 0 Incremented for each packet When seq number > 2 32 -1 new SA Anti replay window
Authentication data Holds integrity check value HMAC-MD5-96, HMAC-SHA-1-96 MAC calculated over IP header field that unchange in transit Fields that are predictable Others set to zero for MAC AH header Other than authentication data which is set to 0 Entire UL protocol data Immutable IHL, src address Mutable but predictable Destination address Mutable TTL, hdr checksum
Before applying AH
Transport Mode (AH Authentication)
Tunnel Mode (AH Authentication)
End-to-end versus End-to-Intermediate Authentication
Encapsulating Security Payload ESP provides confidentiality services
Encryption and Authentication Algorithms Encryption: Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish Authentication: HMAC-MD5-96 HMAC-SHA-1-96
ESP Encryption and Authentication
ESP Encryption and Authentication
Combinations of Security Associations
Combinations of Security Associations
Combinations of Security Associations
Combinations of Security Associations
Key Management Ipsec management determination of keys Distribution of keys Typical requirements 4 keys between communicating applications Transmit and receive pairs Two types: Manual Automated on demand Oakley Key Determination Protocol Internet Security Association and Key Management Protocol (ISAKMP)
Diffie Hellman key exchange Attractive features Secret keys created only when needed No pre-existing infrastructure required Weaknesses No information about identities of parties Man-in-the-middle attack Clogging attack
Oakley Based on Diffie Hellman algo Exchange of DH PK values Providing added security Cookies to thwart clogging attacks Two parties to negotiate a group Selection of global parameters Nonces to prevent replay attacks Authentication of DH exchange to prevent MITM attack Generic no specific format
Oakley : Use of Cookies exchange Each side send a PRN (cookie) initially Each side ack other This ack repeated in the first DH key exchange If the src address was forged opponent does not get ack Cannot make user calculate DH
Oakley : Use of Groups Each group define Global parameters q and α Modular expo with a 768 bit modulus Modular expo with a 1024 bit modulus Modular expo with a 1536 bit modulus Elliptical curve over 2 155 Elliptical curve over 2 185 Identity of algorithm DH Elliptical curve
Oakley: Authentication Three authentication methods: Digital signatures Eks[ H [Nonces, ID]] Public-key encryption EKra [ ID, Nonces] Symmetric-key encryption Eksym [ ID, Nonces]
ISAKMP Set of procedures, messages for SAs Establish, negotiate, modify and delete ISAKMP message Header + payloads Payload format independent of Key exchange protocol, encryption algo, authentication mechanism Uses UDP
ISAKMP
ISAKMP: payload types SA : SA initiation Proposal, Transform, KE ID Certificate Certificate request Hash Signature Nonce Notification Delete
ISAKMP: Exchange types Base exchange I->R: SA;Nonce R->I: SA:Nonce I->R: KE;IDi;Auth R->I: KE:IDr;Auth 4 messages; no ID protection
ISAKMP: Exchange types ID protection exchange I->R: SA R->I: SA I->R: KE;Nonce R->I: KE:Nonce * I->R: IDi;Auth * R->I: IDr;Auth 6 messages; ID protected
ISAKMP: Exchange types Authentication only exchange I->R: SA: Nonce R->I: SA; Nonce;IDr;Auth I->R: IDi;Auth 3 messages; authentication wo key exchange
ISAKMP: Exchange types Aggressive exchange I->R: SA: KE; Nonce;IDi R->I: SA; KE; Nonce;IDr;Auth * I->R: Auth 3 messages; Express SA set up wo ID protection
ISAKMP: Exchange types Informational exchange * I->R: N/D 1 message; Error or Status notification or deletion
Recommended Reading Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture . Prentic Hall, 1995 Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols . Addison-Wesley, 1994

More Related Content

Ip Sec Rev1

  • 2. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations of Security Associations Key Management
  • 4. Security facilities in the TCP/IP protocol stack
  • 5. Need for IPSec Application level security services Electronic mail S/MIME, PGP Client Server Kerberos, X.509 Web access SSL, TLS, SET Enterprises need security at IP layer To protect security ignorant applications Additional security to applications with security mechanisms Establish private secure network
  • 8. IP Security Overview IPSec is not a single protocol. IPSec provides a set of security algorithms IPSec provides a general security framework for a pair of communicating entities Across LAN, Private & Public WANs Across Internet
  • 9. IP Security Overview Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establsihing extranet and intranet connectivity with partners Enhancing electronic commerce security
  • 10. IP Security Overview Benefits of IPSec Better firewall protection Transparent to applications (below transport layer (TCP, UDP) Provide security for individual users IPSec can assure that: A router or neighbor advertisement comes from an authorized router A redirect message comes from the router to which the initial packet was sent A routing update is not forged
  • 12. IP Security Architectures Integrated architecture Supported in IPv6 Difficult to implement in IPv4 Bump in The stack (BITS) for IPv4 Between Data link and IP layers Bump in The Wire (BITW) Hardware implementation
  • 13. IPSec RFCs IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 RFC 2408: Specification of key managament capabilities
  • 15. IPSec Services Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity
  • 16. IPSec protocols Authentication header (AH) Encapsulating security payload (ESP) ESP with Authentication
  • 17. Protocols vs services ESP(encryption and authentication) ESP(encryption only) AH yes yes no Limited traffic flow confidentiality yes yes no confidentiality yes yes yes Rejection of replay attacks yes yes Data origin authentication yes yes Connectionless integrity yes yes yes Access control
  • 18. IPSec modes of operations Transport IPSec protects IP payload IPSec headers added before IP payload No change in IP header Tunnel IPSec protects total IP packet IPSec headers encapsulates IP packet New IP header is created
  • 19. Discussion onTunnel and Transport mode Tunnel mode header order New IP hdr->IPsec hdr->old IP hdr->IP payload BITS or BITW architecture Choice for VPN Transport mode header order IP hdr->IPSec hdr->IP payload IPSec integrated architecture End to End security
  • 20. Security services Encrypts inner IP packet. Authenticates inner IP packet. Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header ESP with authentication Encrypts inner IP packet Encrypts IP payload and any IPv6 extesion header ESP Authenticates entire inner IP packet plus selected portions of outer IP header Authenticates IP payload and selected portions of IP header and IPv6 extension headers AH Tunnel Mode SA Transport Mode SA Protocols
  • 21. Security Associations (SA) One SA for one way relationship between a sender and a receiver Two SAs for two way relationship One SA for one protocol Uniquely Identified by three parameters: Security Parameter Index (SPI) Each SA identified by a bit string Carried in Ah & ESP headers IP Destination address Security Protocol Identifier
  • 22. SA: Other parameters Seq num cntr : 32 bit value Seq cntr overflow: overflow flag Anti replay window: to find if incoming AH or ESP is a replay AH info: algo, keys etc ESP info: algo, keysetc Life time of this SA IPSec mode: transport, tunnel Path MTU:
  • 23. Security Policy database (SPD) Each entry in SPD define a subset of IP traffic Selectors for IP and UL protocol values Points to an SA for that traffic Multiple entries -> single SA Multiple SAs -> single entry
  • 24. SPD selector entries Dest IP address SRC IP address UserID Data sensitivity level ( Classification) Transport layer protocol:IPv4/IPv6 IPSec protocol: AH or ESP or both SRC dest ports IPv6 class IPv6 flow label IPv4 TOS
  • 25. Authentication Header Provides support for data integrity and authentication (MAC code) of IP packets. Guards against replay attacks.
  • 26. Anti-replay service Use of seq number field- 32 bits On each SA it is initialised to 0 Incremented for each packet When seq number > 2 32 -1 new SA Anti replay window
  • 27. Authentication data Holds integrity check value HMAC-MD5-96, HMAC-SHA-1-96 MAC calculated over IP header field that unchange in transit Fields that are predictable Others set to zero for MAC AH header Other than authentication data which is set to 0 Entire UL protocol data Immutable IHL, src address Mutable but predictable Destination address Mutable TTL, hdr checksum
  • 29. Transport Mode (AH Authentication)
  • 30. Tunnel Mode (AH Authentication)
  • 32. Encapsulating Security Payload ESP provides confidentiality services
  • 33. Encryption and Authentication Algorithms Encryption: Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish Authentication: HMAC-MD5-96 HMAC-SHA-1-96
  • 34. ESP Encryption and Authentication
  • 35. ESP Encryption and Authentication
  • 36. Combinations of Security Associations
  • 37. Combinations of Security Associations
  • 38. Combinations of Security Associations
  • 39. Combinations of Security Associations
  • 40. Key Management Ipsec management determination of keys Distribution of keys Typical requirements 4 keys between communicating applications Transmit and receive pairs Two types: Manual Automated on demand Oakley Key Determination Protocol Internet Security Association and Key Management Protocol (ISAKMP)
  • 41. Diffie Hellman key exchange Attractive features Secret keys created only when needed No pre-existing infrastructure required Weaknesses No information about identities of parties Man-in-the-middle attack Clogging attack
  • 42. Oakley Based on Diffie Hellman algo Exchange of DH PK values Providing added security Cookies to thwart clogging attacks Two parties to negotiate a group Selection of global parameters Nonces to prevent replay attacks Authentication of DH exchange to prevent MITM attack Generic no specific format
  • 43. Oakley : Use of Cookies exchange Each side send a PRN (cookie) initially Each side ack other This ack repeated in the first DH key exchange If the src address was forged opponent does not get ack Cannot make user calculate DH
  • 44. Oakley : Use of Groups Each group define Global parameters q and α Modular expo with a 768 bit modulus Modular expo with a 1024 bit modulus Modular expo with a 1536 bit modulus Elliptical curve over 2 155 Elliptical curve over 2 185 Identity of algorithm DH Elliptical curve
  • 45. Oakley: Authentication Three authentication methods: Digital signatures Eks[ H [Nonces, ID]] Public-key encryption EKra [ ID, Nonces] Symmetric-key encryption Eksym [ ID, Nonces]
  • 46. ISAKMP Set of procedures, messages for SAs Establish, negotiate, modify and delete ISAKMP message Header + payloads Payload format independent of Key exchange protocol, encryption algo, authentication mechanism Uses UDP
  • 48. ISAKMP: payload types SA : SA initiation Proposal, Transform, KE ID Certificate Certificate request Hash Signature Nonce Notification Delete
  • 49. ISAKMP: Exchange types Base exchange I->R: SA;Nonce R->I: SA:Nonce I->R: KE;IDi;Auth R->I: KE:IDr;Auth 4 messages; no ID protection
  • 50. ISAKMP: Exchange types ID protection exchange I->R: SA R->I: SA I->R: KE;Nonce R->I: KE:Nonce * I->R: IDi;Auth * R->I: IDr;Auth 6 messages; ID protected
  • 51. ISAKMP: Exchange types Authentication only exchange I->R: SA: Nonce R->I: SA; Nonce;IDr;Auth I->R: IDi;Auth 3 messages; authentication wo key exchange
  • 52. ISAKMP: Exchange types Aggressive exchange I->R: SA: KE; Nonce;IDi R->I: SA; KE; Nonce;IDr;Auth * I->R: Auth 3 messages; Express SA set up wo ID protection
  • 53. ISAKMP: Exchange types Informational exchange * I->R: N/D 1 message; Error or Status notification or deletion
  • 54. Recommended Reading Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture . Prentic Hall, 1995 Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols . Addison-Wesley, 1994