I psec


Published on

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

I psec

  1. 1. 11IP Sec An OverviewIP Sec An Overview why IPSec?why IPSec? IPSec ArchitectureIPSec Architecture Internet Key Exchange (IKE)Internet Key Exchange (IKE) IPSec PolicyIPSec Policy discussiondiscussion
  2. 2. 22IP is not Secure!IP is not Secure! IP protocol was designed in the lateIP protocol was designed in the late70s to early 80s70s to early 80s– Part of DARPA Internet ProjectPart of DARPA Internet Project– Very small networkVery small network All hosts are known!All hosts are known! So are the users!So are the users! Therefore, security was not an issueTherefore, security was not an issue
  3. 3. 33Security Issues in IPSecurity Issues in IP source spoofingsource spoofing replay packetsreplay packets no data integrity orno data integrity orconfidentialityconfidentiality• DOS attacks• Replay attacks• Spying• and more…Fundamental Issue:Networks are not (and will never be)fully secure
  4. 4. 44Goals of IPSecGoals of IPSec to verify sources of IP packetsto verify sources of IP packets– authenticationauthentication to prevent replaying of old packetsto prevent replaying of old packets to protect integrity and/orto protect integrity and/orconfidentiality of packetsconfidentiality of packets– data Integrity/Data Encryptiondata Integrity/Data Encryption
  5. 5. 55OutlineOutline Why IPsec?Why IPsec? IPSec ArchitectureIPSec Architecture Internet Key Exchange (IKE)Internet Key Exchange (IKE) IPsec PolicyIPsec Policy DiscussionDiscussion
  6. 6. 66The IPSec Security ModelThe IPSec Security ModelSecureInsecure
  7. 7. 77IPSec ArchitectureIPSec ArchitectureESP AHIKEIPSec Security PolicyEncapsulating SecurityPayloadAuthentication HeaderThe Internet Key Exchange
  8. 8. 88IPSec ArchitectureIPSec Architecture IPSec provides security in threesituations:– Host-to-host, host-to-gateway andgateway-to-gateway IPSec operates in two modes:– Transport mode (for end-to-end)– Tunnel mode (for VPN)
  9. 9. 99IPsec ArchitectureIPsec ArchitectureTunnel ModeRouter RouterTransport Mode
  10. 10. 1010Various PacketsVarious PacketsIP headerIP headerIP headerTCP headerTCP headerTCP headerdatadatadataIPSec headerIPSec header IP headerOriginalTransportmodeTunnelmode
  11. 11. 1111IPSecIPSec A collection of protocols (RFC 2401)A collection of protocols (RFC 2401)– Authentication Header (AH)Authentication Header (AH) RFC 2402RFC 2402– Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP) RFC 2406RFC 2406– Internet Key Exchange (IKE)Internet Key Exchange (IKE) RFC 2409RFC 2409– IP Payload Compression (IPcomp)IP Payload Compression (IPcomp) RFC 3137RFC 3137
  12. 12. 1212Authentication HeaderAuthentication Header(AH)(AH) Provides source authenticationProvides source authentication– Protects against source spoofingProtects against source spoofing Provides data integrityProvides data integrity Protects against replay attacksProtects against replay attacks– Use monotonically increasing sequenceUse monotonically increasing sequencenumbersnumbers– Protects against denial of service attacksProtects against denial of service attacks NO protection for confidentiality!NO protection for confidentiality!
  13. 13. 1313AH DetailsAH Details Use 32-bit monotonically increasingUse 32-bit monotonically increasingsequence number to avoid replaysequence number to avoid replayattacksattacks Use cryptographically strong hashUse cryptographically strong hashalgorithms to protect data integrityalgorithms to protect data integrity(96-bit)(96-bit)– Use symmetric key cryptographyUse symmetric key cryptography– HMAC-SHA-96, HMAC-MD5-96HMAC-SHA-96, HMAC-MD5-96
  14. 14. 1414AH Packet DetailsAH Packet DetailsAuthentication DataSequence NumberSecurity Parameters Index (SPI)NextheaderPayloadlengthReservedOld IP header (only in Tunnel mode)TCP headerNew IP headerAuthenticatedDataEncapsulatedTCP or IP packetHash of everythingelse
  15. 15. 1515Encapsulating SecurityEncapsulating SecurityPayload (ESP)Payload (ESP) Provides all that AH offers, andProvides all that AH offers, and in addition providesin addition provides datadataconfidentialityconfidentiality– Uses symmetric key encryptionUses symmetric key encryption
  16. 16. 1616ESP DetailsESP Details Same as AH:Same as AH:– Use 32-bit sequence number to counterUse 32-bit sequence number to counterreplaying attacksreplaying attacks– Use integrity check algorithmsUse integrity check algorithms Only in ESP:Only in ESP:– Data confidentiality:Data confidentiality: Uses symmetric key encryption algorithmsUses symmetric key encryption algorithmsto encrypt packetsto encrypt packets
  17. 17. 1717ESP Packet DetailsESP Packet DetailsAuthentication DataSequence NumberSecurity Parameters Index (SPI)NextheaderPayloadlengthReservedTCP headerAuthenticatedIP headerInitialization vectorDataPad Pad length NextEncrypted TCPpacket
  18. 18. 1818Question?Question?1.1. Why have both AH and ESP?Why have both AH and ESP?2.2. Both AH and ESP use symmetricBoth AH and ESP use symmetrickey based algorithmskey based algorithms– Why not public-key cryptography?Why not public-key cryptography?– How are the keys being exchanged?How are the keys being exchanged?– What algorithms should we use?What algorithms should we use?– Similar to deciding on the ciphersuiteSimilar to deciding on the ciphersuitein SSLin SSL
  19. 19. 1919OutlineOutline Why IPsec?Why IPsec? IPsec ArchitectureIPsec Architecture Internet Key Exchange (IKE)Internet Key Exchange (IKE) IPsec PolicyIPsec Policy DiscussionDiscussion
  20. 20. 2020Internet Key ExchangeInternet Key Exchange(IKE)(IKE) Exchange and negotiate securityExchange and negotiate securitypoliciespolicies Establish security sessionsEstablish security sessions– Identified asIdentified as Security AssociationsSecurity Associations Key exchangeKey exchange Key managementKey management Can be used outside IPsec as wellCan be used outside IPsec as well
  21. 21. 2121IPsec/IKE AcronymsIPsec/IKE Acronyms Security Association (SA)Security Association (SA)– Collection of attribute associated with aCollection of attribute associated with aconnectionconnection– IsIs asymmetric!asymmetric! One SA for inbound traffic, another SA forOne SA for inbound traffic, another SA foroutbound trafficoutbound traffic Similar to ciphersuites in SSLSimilar to ciphersuites in SSL Security Association Database (SADB)Security Association Database (SADB)– A database of SAsA database of SAs
  22. 22. 2222IPsec/IKE AcronymsIPsec/IKE Acronyms Security Parameter Index (SPI)Security Parameter Index (SPI)– A unique index for each entry in theA unique index for each entry in theSADBSADB– Identifies the SA associated with aIdentifies the SA associated with apacketpacket Security Policy Database (SPD)Security Policy Database (SPD)– Store policies used to establish SAsStore policies used to establish SAs
  23. 23. 2323How They Fit TogetherHow They Fit TogetherSPDSADBSA-2SPISPISA-1
  24. 24. 2424SPD and SADB ExampleSPD and SADB ExampleFromFrom ToTo ProtocolProtocol PortPort PolicyPolicyAA BB AnyAny AnyAny AH[HMAC-MD5]AH[HMAC-MD5]Tunnel ModeTransport ModeACBA’s SPDFromFrom ToTo ProtocolProtocol SPISPI SA RecordSA RecordAA BB AHAH 1212 HMAC-MD5 keyHMAC-MD5 keyA’s SADBDFromFrom ToTo ProtocolProtocol PortPort PolicyPolicy Tunnel DestTunnel DestAnyAny AnyAny ESP[3DES]ESP[3DES] DDC’s SPDFromFrom ToTo ProtocolProtocol SPISPI SA RecordSA RecordESPESP 1414 3DES key3DES keyC’s SADBAsub BsubAsub Bsub
  25. 25. 2525How It WorksHow It Works IKE operates in two phasesIKE operates in two phases– Phase 1:Phase 1: negotiate and establish an auxiliarynegotiate and establish an auxiliaryend-to-end secure channelend-to-end secure channel Used by subsequent phase 2 negotiationsUsed by subsequent phase 2 negotiations Only established once between two end points!Only established once between two end points!– Phase 2:Phase 2: negotiate and establish customnegotiate and establish customsecure channelssecure channels Occurs multiple timesOccurs multiple times– Both phases use Diffie-Hellman key exchangeBoth phases use Diffie-Hellman key exchangeto establish a shared keyto establish a shared key
  26. 26. 2626IKE Phase 1IKE Phase 1 Goal:Goal: to establish a secure channelto establish a secure channelbetween two end pointsbetween two end points– This channel provides basic securityThis channel provides basic securityfeatures:features: Source authenticationSource authentication Data integrity and data confidentialityData integrity and data confidentiality Protection against replay attacksProtection against replay attacks
  27. 27. 2727IKE Phase 1IKE Phase 1 Rationale:Rationale: each application haseach application hasdifferent security requirementsdifferent security requirements But they all need to negotiationBut they all need to negotiationpolicies and exchange keys!policies and exchange keys! So, provide the basic securitySo, provide the basic securityfeatures and allow application tofeatures and allow application toestablish custom sessionsestablish custom sessions
  28. 28. 2828ExamplesExamples All packets sent to addressAll packets sent to addressmybank.commybank.com must be encrypted usingmust be encrypted using3DES with HMAC-MD5 integrity3DES with HMAC-MD5 integritycheckcheck All packets sent to addressAll packets sent to addresswww.forum.comwww.forum.com must use integritymust use integritycheck with HMAC-SHA1 (nocheck with HMAC-SHA1 (noencryption is required)encryption is required)
  29. 29. 2929Phase 1 ExchangePhase 1 Exchange Can operate in two modes:Can operate in two modes:– Main modeMain mode Six messages in three round tripsSix messages in three round trips More optionsMore options– Quick modeQuick mode Four messages in two round tripsFour messages in two round trips Less optionsLess options
  30. 30. 3030Phase 1 (Main Mode)Phase 1 (Main Mode)Initiator Responder[Header, SA1]
  31. 31. 3131Phase 1 (Main Mode)Phase 1 (Main Mode)Initiator Responder[Header, SA1][Header, SA2]Establish vocabulary for further communication
  32. 32. 3232Phase 1 (Main Mode)Phase 1 (Main Mode)Initiator Responder[Header, SA1][Header, SA2][Header, KE, Ni, {Cert_Reg} ]
  33. 33. 3333Phase 1 (Main Mode)Phase 1 (Main Mode)Initiator ResponderHeader, SA1[Header, SA1][Header, KE, Ni { , Cert_Req} ][Header, KE, Nr {, Cert_Req}]Establish secret key using Diffie-Hellman key exchangeUse nonces to prevent replay attacks
  34. 34. 3434Phase 1 (Main Mode)Phase 1 (Main Mode)Initiator Responder[Header, SA1][Header, SA1][Header, KE, Ni {,Cert_Req} ][Header, KE, Nr {,Cert_Req}][Header, IDi, {CERT} sig]
  35. 35. 3535Phase 1 (Main Mode)Phase 1 (Main Mode)Initiator Responder[Header, SA1][Header, SA1][Header, KE, Ni {, Cert_req}][Header, KE, Nr {, Cert_req}][Header, IDi, {CERT} sig][Header, IDr, {CERT} sig]Signed hash of IDi (without Cert_req , just send the hash)
  36. 36. 3636Phase 1 (Aggressive Mode)Phase 1 (Aggressive Mode)Initiator Responder[Header, SA1, KE, Ni, IDi]
  37. 37. 3737Phase 1 (Aggressive Mode)Phase 1 (Aggressive Mode)Initiator Responder[Header, SA1, KE, Ni, IDi][Header, SA2, KE, Nr,IDr, [Cert]sig][Header, [Cert]sig]First two messages combined into one(combine Hello and DH key exchange)
  38. 38. 3838IPSec (Phase 1)IPSec (Phase 1) Four different way to authenticateFour different way to authenticate(either mode)(either mode)– Digital signatureDigital signature– Two forms of authentication withTwo forms of authentication withpublic key encryptionpublic key encryption– Pre-shared keyPre-shared key NOTE:NOTE: IKE does use public-keyIKE does use public-keybased cryptography for encryptionbased cryptography for encryption
  39. 39. 3939IPSec (Phase 2)IPSec (Phase 2) Goal:Goal: to establish custom secureto establish custom securechannels between to end pointschannels between to end points– End points are identified by <IP, port>:End points are identified by <IP, port>: e.g.e.g. <www.mybank.com, 8000><www.mybank.com, 8000>– Or by packet:Or by packet: e.g. All packets going toe.g. All packets going to– Use the secure channel established inUse the secure channel established inPhase 1 for communicationPhase 1 for communication
  40. 40. 4040IPSec (Phase 2)IPSec (Phase 2) Only one mode:Only one mode: Quick ModeQuick Mode Multiple quick mode exchanges canMultiple quick mode exchanges canbe multiplexedbe multiplexed Generate SAs for two end pointsGenerate SAs for two end points Can use secure channel establishedCan use secure channel establishedin phase 1in phase 1
  41. 41. 4141IP Payload CompressionIP Payload Compression Used for compressionUsed for compression Can be specified as part of theCan be specified as part of theIPSec policyIPSec policy Will not cover!Will not cover!
  42. 42. 4242OutlineOutline Why IPsec?Why IPsec? IPsec ArchitectureIPsec Architecture Internet Key Exchange (IKE)Internet Key Exchange (IKE) IPSec PolicyIPSec Policy DiscussionDiscussion
  43. 43. 4343IPsec PolicyIPsec Policy Phase 1 policies are defined in terms ofPhase 1 policies are defined in terms ofprotection suitesprotection suites Each protection suiteEach protection suite– Must contain the following:Must contain the following: Encryption algorithmEncryption algorithm Hash algorithmHash algorithm Authentication methodAuthentication method Diffie-Hellman GroupDiffie-Hellman Group– May optionally contain the following:May optionally contain the following: LifetimeLifetime ……
  44. 44. 4444IPSec PolicyIPSec Policy Phase 2 policies are defined in terms ofPhase 2 policies are defined in terms ofproposalsproposals Each proposal:Each proposal:– May contain one or more of the followingMay contain one or more of the following AH sub-proposalsAH sub-proposals ESP sub-proposalsESP sub-proposals IPComp sub-proposalsIPComp sub-proposals Along with necessary attributes such asAlong with necessary attributes such as– Key length, life time, etcKey length, life time, etc
  45. 45. 4545IPSec Policy ExampleIPSec Policy Example In English:In English:– All traffic to must be:All traffic to must be: Use pre-hashed key authenticationUse pre-hashed key authentication DH group is MODP with 1024-bit modulusDH group is MODP with 1024-bit modulus Hash algorithm is HMAC-SHA (128 bit key)Hash algorithm is HMAC-SHA (128 bit key) Encryption using 3DESEncryption using 3DES In IPSec:In IPSec:– [Auth=Pre-Hash;[Auth=Pre-Hash;DH=MODP(1024-bit);DH=MODP(1024-bit);HASH=HMAC-SHA;HASH=HMAC-SHA;ENC=3DES]ENC=3DES]
  46. 46. 4646IPsec Policy ExampleIPsec Policy Example In English:In English:– All traffic to must use oneAll traffic to must use oneof the following:of the following: AH with HMAC-SHA or,AH with HMAC-SHA or, ESP with 3DES as encryption algorithm andESP with 3DES as encryption algorithm and(HMAC-MD5 or HMAC-SHA as hashing algorithm)(HMAC-MD5 or HMAC-SHA as hashing algorithm) In IPsec:In IPsec:– [AH: HMAC-SHA] or,[AH: HMAC-SHA] or,– [ESP: (3DES and HMAC-MD5) or[ESP: (3DES and HMAC-MD5) or(3DES and HMAC-SHA)](3DES and HMAC-SHA)]
  47. 47. 4747Virtual Private NetworksVirtual Private Networks(VPNs)(VPNs) VirtualVirtual– It is not a physically distinct networkIt is not a physically distinct network PrivatePrivate– Tunnels are encrypted to provideTunnels are encrypted to provideconfidentialityconfidentiality CS dept might have a VPNCS dept might have a VPN– I can be on this VPN while travelingI can be on this VPN while traveling
  48. 48. 4848Alice is TravelingAlice is Traveling AliceAlice works for the mergers andworks for the mergers andacquisitions (M&A) department ofacquisitions (M&A) department oftakeover.comtakeover.com She is atShe is at HicktownHicktown taking over ataking over ameat-packing plantmeat-packing plant She wants to access the M&AShe wants to access the M&Aserver at her companyserver at her company(confidentially of course)(confidentially of course)
  49. 49. 4949Alice is TravelingAlice is Traveling
  50. 50. 5050OutlineOutline Why IPsec?Why IPsec? IPsec ArchitectureIPsec Architecture Internet Key Exchange (IKE)Internet Key Exchange (IKE) IPsec PolicyIPsec Policy DiscussionDiscussion
  51. 51. 5151DiscussionDiscussion IPSec is not the only solution!IPSec is not the only solution!– Security features can be added on topSecurity features can be added on topof IP!of IP! e.g. Kerberos, SSLe.g. Kerberos, SSL Confused?Confused?– IP, IPSec protocols are very complex!IP, IPSec protocols are very complex! Two modes, three sub protocolsTwo modes, three sub protocols– Complexity is the biggest enemy ofComplexity is the biggest enemy ofsecuritysecurity
  52. 52. 5252DiscussionDiscussion Has it been used?Has it been used?– Yes—primarily used by some VPNYes—primarily used by some VPNvendorsvendors But not all routers support itBut not all routers support it– No—it is not really an end-to-endNo—it is not really an end-to-endsolutionsolution Authentication is too coarse (host based)Authentication is too coarse (host based) Default encryption algorithm too weakDefault encryption algorithm too weak(DES)(DES) Too complex for applications to useToo complex for applications to use
  53. 53. 5353ResourcesResources IP, IPsec and related RFCs:IP, IPsec and related RFCs:– http://www.ietf.org/html.charters/ipsec-charter.htmlhttp://www.ietf.org/html.charters/ipsec-charter.html– IPsec: RFC 2401, IKE: RFC 2409IPsec: RFC 2401, IKE: RFC 2409– www.freeswan.orgwww.freeswan.org Google searchGoogle search