Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ipsec

4,656 views

Published on

IPSec us a network security protocol

Published in: Software
  • Be the first to comment

Ipsec

  1. 1. IIPPSSeecc -- OOvveerrvviieeww Mr. Rupesh Mishra St. Francis Institute of Tech 1
  2. 2. OOuuttlliinnee • Introduction • IPSec Architecture • Internet Key Exchange (IKE) • IPSec Policy • Discussion 2
  3. 3. IIPP iiss nnoott SSeeccuurree!! • IP protocol was designed in the late 70s to early 80s o Part of DARPA Internet Project o Very small network • All hosts are known! • So are the users! • Therefore, security was not an issue 3
  4. 4. SSeeccuurriittyy IIssssuueess iinn IIPP • source spoofing - DOS Attack • replay packets - Replay Attack • No data integrity - Modification • No confidentiality - Spying 4
  5. 5. WWhhaatt iiss IIPPSSeecc • A set of protocol and algorithm used to secure IP data and network layer • Open standard for VPN implementation • Inbuilt in IPV6 and compatible with IPV4 5
  6. 6. GGooaallss ooff IIPPSSeecc • to verify sources of IP packets o authentication • to prevent replaying of old packets • to protect integrity and/or confidentiality of packets o data Integrity/Data Encryption 6
  7. 7. OOuuttlliinnee • Why IPsec? • IPSec Architecture • Internet Key Exchange (IKE) • IPsec Policy • Discussion 7
  8. 8. TThhee IIPPSSeecc SSeeccuurriittyy MMooddeell 8 Secure Insecure
  9. 9. IIPPSSeecc AArrcchhiitteeccttuurree 9 ESP AH IPSec Security Policy IKE Encapsulating Security Payload Authentication Header The Internet Key Exchange
  10. 10. IIPPSSeecc AArrcchhiitteeccttuurree • IPSec provides security in three situations: o Host-to-host, host-to-gateway and gateway-to-gateway • IPSec operates in two modes: o Transport mode (for end-to-end) o Tunnel mode (for VPN) 10
  11. 11. IIPPsseecc AArrcchhiitteeccttuurree 11 Transport Mode Router Router Tunnel Mode
  12. 12. VVaarriioouuss PPaacckkeettss 12 IP header Original IP header IP header TCP header TCP header TCP header data data data IPSec header IPSec header IP header Transport mode Tunnel mode
  13. 13. SSeeccuurriittyy AAssssoocciiaattiioonn ((SSAA)) 13 • Specification of security for the communication • Specification of key , algorithm , policy , etc • Unidirectional • SADB
  14. 14. IISSAAKKMMPP 14 • Defines the procedure for security association • SA and Key Management
  15. 15. IIPPSSeecc • A collection of protocols (RFC 2401) o Authentication Header (AH) • RFC 2402 o Encapsulating Security Payload (ESP) • RFC 2406 o Internet Key Exchange (IKE) • RFC 2409 o IP Payload Compression (IPcomp) • RFC 3137 15
  16. 16. AAuutthheennttiiccaattiioonn HHeeaaddeerr ((AAHH)) • Provides source authentication o Protects against source spoofing • Provides data integrity • Protects against replay attacks o Use monotonically increasing sequence numbers o Protects against denial of service attacks • NO protection for confidentiality! 16
  17. 17. AAHH DDeettaaiillss • Use 32-bit monotonically increasing sequence number to avoid replay attacks • Use cryptographically strong hash algorithms to protect data integrity (96-bit) o Use symmetric key cryptography o HMAC-SHA-96, HMAC-MD5-96 17
  18. 18. AAHH PPaacckkeett DDeettaaiillss 18 New IP header Security Parameters Index (SPI) Sequence Number Authentication Data Next header Payload length Reserved Old IP header (only in Tunnel mode) TCP header Authenticated Data Encapsulated TCP or IP packet Hash of everything else
  19. 19. EEnnccaappssuullaattiinngg SSeeccuurriittyy PPaayyllooaadd ((EESSPP)) • Provides all that AH offers, and • in addition provides data confidentiality o Uses symmetric key encryption 19
  20. 20. EESSPP DDeettaaiillss • Same as AH: o Use 32-bit sequence number to counter replaying attacks o Use integrity check algorithms • Only in ESP: o Data confidentiality: • Uses symmetric key encryption algorithms to encrypt packets 20
  21. 21. EESSPP PPaacckkeett DDeettaaiillss 21 Security Parameters Index (SPI) Sequence Number Authentication Data Next header Payload length Reserved TCP header Authenticated IP header Initialization vector Data Pad Pad length Next Encrypted TCP packet
  22. 22. OOuuttlliinnee • Why IPsec? • IPsec Architecture • Internet Key Exchange (IKE) • IPsec Policy • Discussion 22
  23. 23. IInntteerrnneett KKeeyy EExxcchhaannggee ((IIKKEE)) • Exchange and negotiate security policies • Establish security sessions o Identified as Security Associations • Key exchange • Key management • Can be used outside IPsec as well 23
  24. 24. HHooww IItt WWoorrkkss • IKE operates in two phases o Phase 1: negotiate and establish an auxiliary end-to-end secure channel • Used by subsequent phase 2 negotiations • Only established once between two end points! o Phase 2: negotiate and establish custom secure channels • Occurs multiple times o Both phases use Diffie-Hellman key exchange to establish a shared key 24
  25. 25. IIKKEE PPhhaassee 11 • Goal: to establish a secure channel between two end points o This channel provides basic security features: • Source authentication • Data integrity and data confidentiality • Protection against replay attacks 25
  26. 26. IIKKEE PPhhaassee 11 • Rationale: each application has different security requirements • But they all need to negotiate policies and exchange keys! • So, provide the basic security features and allow application to establish custom sessions 26
  27. 27. EExxaammpplleess • All packets sent to address mybank.com must be encrypted using 3DES with HMAC-MD5 integrity check • All packets sent to address www.forum.com must use integrity check with HMAC-SHA1 (no encryption is required) 27
  28. 28. PPhhaassee 11 EExxcchhaannggee • Can operate in two modes: o Main mode • Six messages in three round trips • More options o Quick mode • Four messages in two round trips • Less options 28
  29. 29. PPhhaassee 11 ((MMaaiinn MMooddee)) 29 Initiator Responder [Header, SA1]
  30. 30. PPhhaassee 11 ((MMaaiinn MMooddee)) 30 Initiator Responder [Header, SA1] [Header, SA2] Establish vocabulary for further communication
  31. 31. PPhhaassee 11 ((MMaaiinn MMooddee)) 31 Initiator Responder [Header, SA1] [Header, SA2] [Header, KE, Ni, {Cert_Reg} ]
  32. 32. PPhhaassee 11 ((MMaaiinn MMooddee)) 32 Initiator Responder Header, SA1 [Header, SA1] [Header, KE, Ni { , Cert_Req} ] [Header, KE, Nr {, Cert_Req}] Establish secret key using Diffie-Hellman key exchange Use nonces to prevent replay attacks
  33. 33. PPhhaassee 11 ((MMaaiinn MMooddee)) 33 Initiator Responder [Header, SA1] [Header, SA1] [Header, KE, Ni {,Cert_Req} ] [Header, KE, Nr {,Cert_Req}] [Header, IDi, {CERT} sig]
  34. 34. PPhhaassee 11 ((MMaaiinn MMooddee)) 34 Initiator Responder [Header, SA1] [Header, SA1] [Header, KE, Ni {, Cert_req}] [Header, KE, Nr {, Cert_req}] [Header, IDi, {CERT} sig] [Header, IDr, {CERT} sig] Signed hash of IDi (without Cert_req , just send the hash)
  35. 35. PPhhaassee 11 ((QQuuiicckk MMooddee)) 35 Initiator Responder [Header, SA1, KE, Ni, IDi]
  36. 36. PPhhaassee 11 ((QQuuiicckk MMooddee)) 36 Initiator Responder [Header, SA1, KE, Ni, IDi] [Header, SA2, KE, Nr, IDr, [Cert]sig] [Header, [Cert]sig] First two messages combined into one (combine Hello and DH key exchange)
  37. 37. IIPPSSeecc ((PPhhaassee 11)) • Four different way to authenticate (either mode) o Digital signature o Two forms of authentication with public key encryption o Pre-shared key • NOTE: IKE does use public-key based cryptography for encryption 37
  38. 38. IIPPSSeecc ((PPhhaassee 22)) • Goal: to establish custom secure channels between two end points o End points are identified by <IP, port>: • e.g. <www.mybank.com, 8000> o Or by packet: • e.g. All packets going to 128.124.100.0/24 o Use the secure channel established in Phase 1 for communication 38
  39. 39. IIPPSSeecc ((PPhhaassee 22)) • Only one mode: Quick Mode • Multiple quick mode exchanges can be multiplexed • Generate SAs for two end points • Can use secure channel established in phase 1 39
  40. 40. IIPP PPaayyllooaadd CCoommpprreessssiioonn • Used for compression • Can be specified as part of the IPSec policy 40
  41. 41. OOuuttlliinnee • Why IPsec? • IPsec Architecture • Internet Key Exchange (IKE) • IPSec Policy • Discussion 41
  42. 42. IIPPsseecc PPoolliiccyy • Phase 1 policies are defined in terms of protection suites • Each protection suite o Must contain the following: • Encryption algorithm • Hash algorithm • Authentication method • Diffie-Hellman Group o May optionally contain the following: • Lifetime • … 42
  43. 43. IIPPSSeecc PPoolliiccyy • Phase 2 policies are defined in terms of proposals • Each proposal: o May contain one or more of the following • AH sub-proposals • ESP sub-proposals • IPComp sub-proposals • Along with necessary attributes such as o Key length, life time, etc 43
  44. 44. IIPPSSeecc PPoolliiccyy EExxaammppllee • In English: o All traffic to 128.104.120.0/24 must be: • Use pre-hashed key authentication • DH group is MODP with 1024-bit modulus • Hash algorithm is HMAC-SHA (128 bit key) • Encryption using 3DES • In IPSec: o [Auth=Pre-Hash; DH=MODP(1024-bit); HASH=HMAC-SHA; ENC=3DES] 44
  45. 45. IIPPsseecc PPoolliiccyy EExxaammppllee • In English: o All traffic to 128.104.120.0/24 must use one of the following: • AH with HMAC-SHA or, • ESP with 3DES as encryption algorithm and (HMAC-MD5 or HMAC-SHA as hashing algorithm) • In IPsec: o [AH: HMAC-SHA] or, o [ESP: (3DES and HMAC-MD5) or (3DES and HMAC-SHA)] 45
  46. 46. VViirrttuuaall PPrriivvaattee NNeettwwoorrkkss ((VVPPNNss)) • Protocol o Data Link Later – PPTP , L2F , L2TF o Network Layer - IPSec • Virtual o It is not a physically distinct network • Private o Tunnels are encrypted to provide confidentiality • Computer dept might have a VPN o I can be on this VPN while traveling 46
  47. 47. OOuuttlliinnee • Why IPsec? • IPsec Architecture • Internet Key Exchange (IKE) • IPsec Policy • Discussion 47
  48. 48. DDiissccuussssiioonn • IPSec is not the only solution! o Security features can be added on top of IP! • e.g. Kerberos, SSL o IP, IPSec protocols are very complex! • Two modes, three sub protocols o Complexity is the biggest enemy of security 48
  49. 49. DDiissccuussssiioonn • Has it been used? o Yes—primarily used by some VPN vendors • But not all routers support it o No—it is not really an end-to-end solution • Authentication is too coarse (host based) • Default encryption algorithm too weak (DES) • Too complex for applications to use 49
  50. 50. RReessoouurrcceess • IP, IPsec and related RFCs: o http://www.ietf.org/html.charters/ipsec-charter.html o IPsec: RFC 2401, IKE: RFC 2409 o www.freeswan.org • Google search 50

×