Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ip Sec


Published on

Unit 5

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Ip Sec

  1. 1. IP Security
  2. 2. Outline <ul><li>Internetworking and Internet Protocols (Appendix 6A) </li></ul><ul><li>IP Security Overview </li></ul><ul><li>IP Security Architecture </li></ul><ul><li>Authentication Header </li></ul><ul><li>Encapsulating Security Payload </li></ul><ul><li>Combinations of Security Associations </li></ul><ul><li>Key Management </li></ul>
  3. 3. TCP/IP Example
  4. 4. Security facilities in the TCP/IP protocol stack
  5. 5. Need for IPSec <ul><li>Application level security services </li></ul><ul><ul><li>Electronic mail </li></ul></ul><ul><ul><ul><li>S/MIME, PGP </li></ul></ul></ul><ul><ul><li>Client Server </li></ul></ul><ul><ul><ul><li>Kerberos, X.509 </li></ul></ul></ul><ul><ul><li>Web access </li></ul></ul><ul><ul><ul><li>SSL, TLS, SET </li></ul></ul></ul><ul><li>Enterprises need security at IP layer </li></ul><ul><ul><li>To protect security ignorant applications </li></ul></ul><ul><ul><li>Additional security to applications with security mechanisms </li></ul></ul><ul><ul><li>Establish private secure network </li></ul></ul>
  6. 6. IPv4 Header
  7. 7. IPv6 Header
  8. 8. IP Security Overview <ul><li>IPSec is not a single protocol. </li></ul><ul><li>IPSec provides a set of security algorithms </li></ul><ul><li>IPSec provides a general security framework for a pair of communicating entities </li></ul><ul><ul><li>Across LAN, Private & Public WANs </li></ul></ul><ul><ul><li>Across Internet </li></ul></ul>
  9. 9. IP Security Overview <ul><li>Applications of IPSec </li></ul><ul><ul><li>Secure branch office connectivity over the Internet </li></ul></ul><ul><ul><li>Secure remote access over the Internet </li></ul></ul><ul><ul><li>Establsihing extranet and intranet connectivity with partners </li></ul></ul><ul><ul><li>Enhancing electronic commerce security </li></ul></ul>
  10. 10. IP Security Overview <ul><li>Benefits of IPSec </li></ul><ul><ul><li>Better firewall protection </li></ul></ul><ul><ul><li>Transparent to applications (below transport layer (TCP, UDP) </li></ul></ul><ul><ul><li>Provide security for individual users </li></ul></ul><ul><li>IPSec can assure that: </li></ul><ul><ul><li>A router or neighbor advertisement comes from an authorized router </li></ul></ul><ul><ul><li>A redirect message comes from the router to which the initial packet was sent </li></ul></ul><ul><ul><li>A routing update is not forged </li></ul></ul>
  11. 11. IP Security Scenario
  12. 12. IP Security Architectures <ul><li>Integrated architecture </li></ul><ul><ul><li>Supported in IPv6 </li></ul></ul><ul><ul><li>Difficult to implement in IPv4 </li></ul></ul><ul><li>Bump in The stack (BITS) for IPv4 </li></ul><ul><ul><li>Between Data link and IP layers </li></ul></ul><ul><li>Bump in The Wire (BITW) </li></ul><ul><ul><li>Hardware implementation </li></ul></ul>
  13. 13. IPSec RFCs <ul><li>IPSec documents: </li></ul><ul><ul><li>RFC 2401: An overview of security architecture </li></ul></ul><ul><ul><li>RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 </li></ul></ul><ul><ul><li>RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 </li></ul></ul><ul><ul><li>RFC 2408: Specification of key managament capabilities </li></ul></ul>
  14. 14. IPSec Document Overview
  15. 15. IPSec Services <ul><li>Access Control </li></ul><ul><li>Connectionless integrity </li></ul><ul><li>Data origin authentication </li></ul><ul><li>Rejection of replayed packets </li></ul><ul><li>Confidentiality (encryption) </li></ul><ul><li>Limited traffic flow confidentiallity </li></ul>
  16. 16. IPSec protocols <ul><li>Authentication header (AH) </li></ul><ul><li>Encapsulating security payload (ESP) </li></ul><ul><li>ESP with Authentication </li></ul>
  17. 17. Protocols vs services ESP(encryption and authentication) ESP(encryption only) AH yes yes no Limited traffic flow confidentiality yes yes no confidentiality yes yes yes Rejection of replay attacks yes yes Data origin authentication yes yes Connectionless integrity yes yes yes Access control
  18. 18. IPSec modes of operations <ul><li>Transport </li></ul><ul><ul><li>IPSec protects IP payload </li></ul></ul><ul><ul><li>IPSec headers added before IP payload </li></ul></ul><ul><ul><li>No change in IP header </li></ul></ul><ul><li>Tunnel </li></ul><ul><ul><li>IPSec protects total IP packet </li></ul></ul><ul><ul><li>IPSec headers encapsulates IP packet </li></ul></ul><ul><ul><li>New IP header is created </li></ul></ul>
  19. 19. Discussion onTunnel and Transport mode <ul><li>Tunnel mode header order </li></ul><ul><ul><li>New IP hdr->IPsec hdr->old IP hdr->IP payload </li></ul></ul><ul><ul><li>BITS or BITW architecture </li></ul></ul><ul><ul><li>Choice for VPN </li></ul></ul><ul><li>Transport mode header order </li></ul><ul><ul><li>IP hdr->IPSec hdr->IP payload </li></ul></ul><ul><ul><li>IPSec integrated architecture </li></ul></ul><ul><ul><li>End to End security </li></ul></ul>
  20. 20. Security services Encrypts inner IP packet. Authenticates inner IP packet. Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header ESP with authentication Encrypts inner IP packet Encrypts IP payload and any IPv6 extesion header ESP Authenticates entire inner IP packet plus selected portions of outer IP header Authenticates IP payload and selected portions of IP header and IPv6 extension headers AH Tunnel Mode SA Transport Mode SA Protocols
  21. 21. Security Associations (SA) <ul><li>One SA for one way relationship between a sender and a receiver </li></ul><ul><li>Two SAs for two way relationship </li></ul><ul><li>One SA for one protocol </li></ul><ul><li>Uniquely Identified by three parameters: </li></ul><ul><ul><li>Security Parameter Index (SPI) </li></ul></ul><ul><ul><ul><li>Each SA identified by a bit string </li></ul></ul></ul><ul><ul><ul><li>Carried in Ah & ESP headers </li></ul></ul></ul><ul><ul><li>IP Destination address </li></ul></ul><ul><ul><li>Security Protocol Identifier </li></ul></ul>
  22. 22. SA: Other parameters <ul><li>Seq num cntr : 32 bit value </li></ul><ul><li>Seq cntr overflow: overflow flag </li></ul><ul><li>Anti replay window: to find if incoming AH or ESP is a replay </li></ul><ul><li>AH info: algo, keys etc </li></ul><ul><li>ESP info: algo, keysetc </li></ul><ul><li>Life time of this SA </li></ul><ul><li>IPSec mode: transport, tunnel </li></ul><ul><li>Path MTU: </li></ul>
  23. 23. Security Policy database (SPD) <ul><li>Each entry in SPD </li></ul><ul><ul><li>define a subset of IP traffic </li></ul></ul><ul><ul><ul><li>Selectors for IP and UL protocol values </li></ul></ul></ul><ul><ul><li>Points to an SA for that traffic </li></ul></ul><ul><li>Multiple entries -> single SA </li></ul><ul><li>Multiple SAs -> single entry </li></ul>
  24. 24. SPD selector entries <ul><li>Dest IP address </li></ul><ul><li>SRC IP address </li></ul><ul><li>UserID </li></ul><ul><li>Data sensitivity level ( Classification) </li></ul><ul><li>Transport layer protocol:IPv4/IPv6 </li></ul><ul><li>IPSec protocol: AH or ESP or both </li></ul><ul><li>SRC dest ports </li></ul><ul><li>IPv6 class </li></ul><ul><li>IPv6 flow label </li></ul><ul><li>IPv4 TOS </li></ul>
  25. 25. Authentication Header <ul><li>Provides support for data integrity and authentication (MAC code) of IP packets. </li></ul><ul><li>Guards against replay attacks. </li></ul>
  26. 26. Anti-replay service <ul><li>Use of seq number field- 32 bits </li></ul><ul><li>On each SA it is initialised to 0 </li></ul><ul><li>Incremented for each packet </li></ul><ul><li>When seq number > 2 32 -1 new SA </li></ul><ul><li>Anti replay window </li></ul>
  27. 27. Authentication data <ul><li>Holds integrity check value </li></ul><ul><li>HMAC-MD5-96, HMAC-SHA-1-96 </li></ul><ul><li>MAC calculated over </li></ul><ul><ul><li>IP header </li></ul></ul><ul><ul><ul><li>field that unchange in transit </li></ul></ul></ul><ul><ul><ul><li>Fields that are predictable </li></ul></ul></ul><ul><ul><ul><li>Others set to zero for MAC </li></ul></ul></ul><ul><ul><li>AH header </li></ul></ul><ul><ul><ul><li>Other than authentication data which is set to 0 </li></ul></ul></ul><ul><ul><li>Entire UL protocol data </li></ul></ul><ul><li>Immutable </li></ul><ul><ul><li>IHL, src address </li></ul></ul><ul><li>Mutable but predictable </li></ul><ul><ul><li>Destination address </li></ul></ul><ul><li>Mutable </li></ul><ul><ul><li>TTL, hdr checksum </li></ul></ul>
  28. 28. Before applying AH
  29. 29. Transport Mode (AH Authentication)
  30. 30. Tunnel Mode (AH Authentication)
  31. 31. End-to-end versus End-to-Intermediate Authentication
  32. 32. Encapsulating Security Payload <ul><li>ESP provides confidentiality services </li></ul>
  33. 33. Encryption and Authentication Algorithms <ul><li>Encryption: </li></ul><ul><ul><li>Three-key triple DES </li></ul></ul><ul><ul><li>RC5 </li></ul></ul><ul><ul><li>IDEA </li></ul></ul><ul><ul><li>Three-key triple IDEA </li></ul></ul><ul><ul><li>CAST </li></ul></ul><ul><ul><li>Blowfish </li></ul></ul><ul><li>Authentication: </li></ul><ul><ul><li>HMAC-MD5-96 </li></ul></ul><ul><ul><li>HMAC-SHA-1-96 </li></ul></ul>
  34. 34. ESP Encryption and Authentication
  35. 35. ESP Encryption and Authentication
  36. 36. Combinations of Security Associations
  37. 37. Combinations of Security Associations
  38. 38. Combinations of Security Associations
  39. 39. Combinations of Security Associations
  40. 40. Key Management <ul><li>Ipsec management </li></ul><ul><ul><li>determination of keys </li></ul></ul><ul><ul><li>Distribution of keys </li></ul></ul><ul><li>Typical requirements </li></ul><ul><ul><li>4 keys between communicating applications </li></ul></ul><ul><ul><li>Transmit and receive pairs </li></ul></ul><ul><li>Two types: </li></ul><ul><ul><li>Manual </li></ul></ul><ul><ul><li>Automated on demand </li></ul></ul><ul><ul><ul><li>Oakley Key Determination Protocol </li></ul></ul></ul><ul><ul><ul><li>Internet Security Association and Key Management Protocol (ISAKMP) </li></ul></ul></ul>
  41. 41. Diffie Hellman Key Exchange
  42. 42. Example <ul><ul><li>Alice and Bob agree to use a prime number p =23 and base g =5. </li></ul></ul><ul><ul><li>Alice chooses a secret integer a =6, then sends Bob ( g a mod p ) 5 6 mod 23 = 8. </li></ul></ul><ul><ul><li>Bob chooses a secret integer b =15, then sends Alice ( g b mod p ) 5 15 mod 23 = 19. </li></ul></ul><ul><ul><li>Alice computes ( g b mod p ) a mod p </li></ul></ul><ul><ul><ul><li>19 6 mod 23 = 2. </li></ul></ul></ul><ul><ul><li>Bob computes ( g a mod p ) b mod p </li></ul></ul><ul><ul><ul><li>8 15 mod 23 = 2. </li></ul></ul></ul>
  43. 43. Issues in Diffie Hellman key exchange <ul><li>Attractive features </li></ul><ul><ul><li>Secret keys created only when needed </li></ul></ul><ul><ul><li>No pre-existing infrastructure required </li></ul></ul><ul><li>Weaknesses </li></ul><ul><ul><li>No information about identities of parties </li></ul></ul><ul><ul><li>Man-in-the-middle attack </li></ul></ul><ul><ul><li>Clogging attack </li></ul></ul>
  44. 44. Oakley <ul><li>Based on Diffie Hellman algo </li></ul><ul><ul><li>Exchange of DH PK values </li></ul></ul><ul><li>Providing added security </li></ul><ul><ul><li>Cookies to thwart clogging attacks </li></ul></ul><ul><ul><li>Two parties to negotiate a group </li></ul></ul><ul><ul><ul><li>Selection of global parameters </li></ul></ul></ul><ul><ul><li>Nonces to prevent replay attacks </li></ul></ul><ul><ul><li>Authentication of DH exchange to prevent MITM attack </li></ul></ul><ul><li>Generic no specific format </li></ul>
  45. 45. Oakley : Use of Cookies exchange <ul><li>Each side send a PRN (cookie) initially </li></ul><ul><li>Each side ack other </li></ul><ul><li>This ack repeated in the first DH key exchange </li></ul><ul><li>If the src address was forged opponent does not get ack </li></ul><ul><li>Cannot make user calculate DH </li></ul>
  46. 46. Oakley : Use of Groups <ul><li>Each group define </li></ul><ul><ul><li>Global parameters q and α </li></ul></ul><ul><ul><ul><li>Modular expo with a 768 bit modulus </li></ul></ul></ul><ul><ul><ul><li>Modular expo with a 1024 bit modulus </li></ul></ul></ul><ul><ul><ul><li>Modular expo with a 1536 bit modulus </li></ul></ul></ul><ul><ul><ul><li>Elliptical curve over 2 155 </li></ul></ul></ul><ul><ul><ul><li>Elliptical curve over 2 185 </li></ul></ul></ul><ul><ul><li>Identity of algorithm </li></ul></ul><ul><ul><ul><li>DH </li></ul></ul></ul><ul><ul><ul><li>Elliptical curve </li></ul></ul></ul>
  47. 47. Oakley: Authentication <ul><li>Three authentication methods: </li></ul><ul><ul><li>Digital signatures </li></ul></ul><ul><ul><ul><li>Eks[ H [Nonces, ID]] </li></ul></ul></ul><ul><ul><li>Public-key encryption </li></ul></ul><ul><ul><ul><li>EKra [ ID, Nonces] </li></ul></ul></ul><ul><ul><li>Symmetric-key encryption </li></ul></ul><ul><ul><ul><li>Eksym [ ID, Nonces] </li></ul></ul></ul>
  48. 48. ISAKMP <ul><li>Set of procedures, messages for SAs </li></ul><ul><ul><li>Establish, negotiate, modify and delete </li></ul></ul><ul><li>ISAKMP message </li></ul><ul><ul><li>Header + payloads </li></ul></ul><ul><li>Payload format independent of </li></ul><ul><ul><li>Key exchange protocol, encryption algo, authentication mechanism </li></ul></ul><ul><li>Uses UDP </li></ul>
  49. 49. ISAKMP
  50. 50. ISAKMP: payload types <ul><li>SA : SA initiation </li></ul><ul><ul><li>Proposal, Transform, KE </li></ul></ul><ul><li>ID </li></ul><ul><li>Certificate </li></ul><ul><li>Certificate request </li></ul><ul><li>Hash </li></ul><ul><li>Signature </li></ul><ul><li>Nonce </li></ul><ul><li>Notification </li></ul><ul><li>Delete </li></ul>
  51. 51. ISAKMP: Exchange types <ul><li>Base exchange </li></ul><ul><ul><li>I->R: SA;Nonce </li></ul></ul><ul><ul><li>R->I: SA:Nonce </li></ul></ul><ul><ul><li>I->R: KE;IDi;Auth </li></ul></ul><ul><ul><li>R->I: KE:IDr;Auth </li></ul></ul><ul><li>4 messages; no ID protection </li></ul>
  52. 52. ISAKMP: Exchange types <ul><li>ID protection exchange </li></ul><ul><ul><li>I->R: SA </li></ul></ul><ul><ul><li>R->I: SA </li></ul></ul><ul><ul><li>I->R: KE;Nonce </li></ul></ul><ul><ul><li>R->I: KE:Nonce </li></ul></ul><ul><ul><li>* I->R: IDi;Auth </li></ul></ul><ul><ul><li>* R->I: IDr;Auth </li></ul></ul><ul><li>6 messages; ID protected </li></ul>
  53. 53. ISAKMP: Exchange types <ul><li>Authentication only exchange </li></ul><ul><ul><li>I->R: SA: Nonce </li></ul></ul><ul><ul><li>R->I: SA; Nonce;IDr;Auth </li></ul></ul><ul><ul><li>I->R: IDi;Auth </li></ul></ul><ul><li>3 messages; authentication wo key exchange </li></ul>
  54. 54. ISAKMP: Exchange types <ul><li>Aggressive exchange </li></ul><ul><ul><li>I->R: SA: KE; Nonce;IDi </li></ul></ul><ul><ul><li>R->I: SA; KE; Nonce;IDr;Auth </li></ul></ul><ul><ul><li>* I->R: Auth </li></ul></ul><ul><li>3 messages; Express SA set up wo ID protection </li></ul>
  55. 55. ISAKMP: Exchange types <ul><li>Informational exchange </li></ul><ul><ul><li>* I->R: N/D </li></ul></ul><ul><li>1 message; Error or Status notification or deletion </li></ul>
  56. 56. Recommended Reading <ul><li>Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture . Prentic Hall, 1995 </li></ul><ul><li>Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols . Addison-Wesley, 1994 </li></ul>