3. IIPP iiss nnoott SSeeccuurree!!
• IP protocol was designed in the late 70s to
early 80s
o Part of DARPA Internet Project
o Very small network
• All hosts are known!
• So are the users!
• Therefore, security was not an issue
3
4. SSeeccuurriittyy IIssssuueess iinn IIPP
• source spoofing - DOS Attack
• replay packets - Replay Attack
• No data integrity - Modification
• No confidentiality - Spying
4
5. WWhhaatt iiss IIPPSSeecc
• A set of protocol and algorithm used to secure IP
data and network layer
• Open standard for VPN implementation
• Inbuilt in IPV6 and compatible with IPV4
5
6. GGooaallss ooff IIPPSSeecc
• to verify sources of IP packets
o authentication
• to prevent replaying of old packets
• to protect integrity and/or confidentiality of packets
o data Integrity/Data Encryption
6
9. IIPPSSeecc AArrcchhiitteeccttuurree
9
ESP AH
IPSec Security Policy
IKE
Encapsulating Security
Payload
Authentication Header
The Internet Key Exchange
10. IIPPSSeecc AArrcchhiitteeccttuurree
• IPSec provides security in three situations:
o Host-to-host, host-to-gateway and gateway-to-gateway
• IPSec operates in two modes:
o Transport mode (for end-to-end)
o Tunnel mode (for VPN)
10
12. VVaarriioouuss PPaacckkeettss
12
IP header
Original
IP header
IP header
TCP header
TCP header
TCP header
data
data
data
IPSec header
IPSec header IP header
Transport
mode
Tunnel
mode
14. IISSAAKKMMPP
14
• Defines the procedure for security association
• SA and Key Management
15. IIPPSSeecc
• A collection of protocols (RFC 2401)
o Authentication Header (AH)
• RFC 2402
o Encapsulating Security Payload (ESP)
• RFC 2406
o Internet Key Exchange (IKE)
• RFC 2409
o IP Payload Compression (IPcomp)
• RFC 3137
15
16. AAuutthheennttiiccaattiioonn HHeeaaddeerr
((AAHH))
• Provides source authentication
o Protects against source spoofing
• Provides data integrity
• Protects against replay attacks
o Use monotonically increasing sequence numbers
o Protects against denial of service attacks
• NO protection for confidentiality!
16
17. AAHH DDeettaaiillss
• Use 32-bit monotonically increasing sequence
number to avoid replay attacks
• Use cryptographically strong hash algorithms to
protect data integrity (96-bit)
o Use symmetric key cryptography
o HMAC-SHA-96, HMAC-MD5-96
17
18. AAHH PPaacckkeett DDeettaaiillss
18
New IP header
Security Parameters Index (SPI)
Sequence Number
Authentication Data
Next
header
Payload
length Reserved
Old IP header (only in Tunnel mode)
TCP header
Authenticated
Data
Encapsulated
TCP or IP packet
Hash of everything
else
20. EESSPP DDeettaaiillss
• Same as AH:
o Use 32-bit sequence number to counter replaying attacks
o Use integrity check algorithms
• Only in ESP:
o Data confidentiality:
• Uses symmetric key encryption algorithms to encrypt packets
20
21. EESSPP PPaacckkeett DDeettaaiillss
21
Security Parameters Index (SPI)
Sequence Number
Authentication Data
Next
header
Payload
length Reserved
TCP header
Authenticated
IP header
Initialization vector
Data
Pad Pad length Next
Encrypted TCP
packet
23. IInntteerrnneett KKeeyy EExxcchhaannggee
((IIKKEE))
• Exchange and negotiate security policies
• Establish security sessions
o Identified as Security Associations
• Key exchange
• Key management
• Can be used outside IPsec as well
23
24. HHooww IItt WWoorrkkss
• IKE operates in two phases
o Phase 1: negotiate and establish an auxiliary
end-to-end secure channel
• Used by subsequent phase 2 negotiations
• Only established once between two end points!
o Phase 2: negotiate and establish custom secure
channels
• Occurs multiple times
o Both phases use Diffie-Hellman key exchange to
establish a shared key
24
25. IIKKEE PPhhaassee 11
• Goal: to establish a secure channel between two
end points
o This channel provides basic security features:
• Source authentication
• Data integrity and data confidentiality
• Protection against replay attacks
25
26. IIKKEE PPhhaassee 11
• Rationale: each application has different security
requirements
• But they all need to negotiate policies and
exchange keys!
• So, provide the basic security features and allow
application to establish custom sessions
26
27. EExxaammpplleess
• All packets sent to address mybank.com must be
encrypted using 3DES with HMAC-MD5 integrity
check
• All packets sent to address www.forum.com must
use integrity check with HMAC-SHA1 (no encryption
is required)
27
28. PPhhaassee 11 EExxcchhaannggee
• Can operate in two modes:
o Main mode
• Six messages in three round trips
• More options
o Quick mode
• Four messages in two round trips
• Less options
28
36. PPhhaassee 11 ((QQuuiicckk MMooddee))
36
Initiator Responder
[Header, SA1, KE, Ni, IDi]
[Header, SA2, KE, Nr,
IDr, [Cert]sig]
[Header, [Cert]sig]
First two messages combined into one
(combine Hello and DH key exchange)
37. IIPPSSeecc ((PPhhaassee 11))
• Four different way to authenticate (either
mode)
o Digital signature
o Two forms of authentication with public key encryption
o Pre-shared key
• NOTE: IKE does use public-key based
cryptography for encryption
37
38. IIPPSSeecc ((PPhhaassee 22))
• Goal: to establish custom secure channels
between two end points
o End points are identified by <IP, port>:
• e.g. <www.mybank.com, 8000>
o Or by packet:
• e.g. All packets going to 128.124.100.0/24
o Use the secure channel established in Phase 1 for communication
38
39. IIPPSSeecc ((PPhhaassee 22))
• Only one mode: Quick Mode
• Multiple quick mode exchanges can be
multiplexed
• Generate SAs for two end points
• Can use secure channel established in phase 1
39
42. IIPPsseecc PPoolliiccyy
• Phase 1 policies are defined in terms of protection suites
• Each protection suite
o Must contain the following:
• Encryption algorithm
• Hash algorithm
• Authentication method
• Diffie-Hellman Group
o May optionally contain the following:
• Lifetime
• …
42
43. IIPPSSeecc PPoolliiccyy
• Phase 2 policies are defined in terms of
proposals
• Each proposal:
o May contain one or more of the following
• AH sub-proposals
• ESP sub-proposals
• IPComp sub-proposals
• Along with necessary attributes such as
o Key length, life time, etc
43
44. IIPPSSeecc PPoolliiccyy EExxaammppllee
• In English:
o All traffic to 128.104.120.0/24 must be:
• Use pre-hashed key authentication
• DH group is MODP with 1024-bit modulus
• Hash algorithm is HMAC-SHA (128 bit key)
• Encryption using 3DES
• In IPSec:
o [Auth=Pre-Hash;
DH=MODP(1024-bit);
HASH=HMAC-SHA;
ENC=3DES]
44
45. IIPPsseecc PPoolliiccyy EExxaammppllee
• In English:
o All traffic to 128.104.120.0/24 must use one of the
following:
• AH with HMAC-SHA or,
• ESP with 3DES as encryption algorithm and
(HMAC-MD5 or HMAC-SHA as hashing algorithm)
• In IPsec:
o [AH: HMAC-SHA] or,
o [ESP: (3DES and HMAC-MD5) or
(3DES and HMAC-SHA)]
45
46. VViirrttuuaall PPrriivvaattee NNeettwwoorrkkss
((VVPPNNss))
• Protocol
o Data Link Later – PPTP , L2F , L2TF
o Network Layer - IPSec
• Virtual
o It is not a physically distinct network
• Private
o Tunnels are encrypted to provide confidentiality
• Computer dept might have a VPN
o I can be on this VPN while traveling
46
48. DDiissccuussssiioonn
• IPSec is not the only solution!
o Security features can be added on top of IP!
• e.g. Kerberos, SSL
o IP, IPSec protocols are very complex!
• Two modes, three sub protocols
o Complexity is the biggest enemy of security
48
49. DDiissccuussssiioonn
• Has it been used?
o Yes—primarily used by some VPN vendors
• But not all routers support it
o No—it is not really an end-to-end solution
• Authentication is too coarse (host based)
• Default encryption algorithm too weak (DES)
• Too complex for applications to use
49
50. RReessoouurrcceess
• IP, IPsec and related RFCs:
o http://www.ietf.org/html.charters/ipsec-charter.html
o IPsec: RFC 2401, IKE: RFC 2409
o www.freeswan.org
• Google search
50
Editor's Notes
Many security associations are passed in VPN, ISAKMP manages it.