IPSec provides authentication, confidentiality, and key management. It uses Authentication Header (AH) and Encapsulating Security Payload (ESP) to provide integrity, authentication, and encryption for transport and tunnel mode. Combining security associations allows applying multiple protocols like AH followed by ESP. Oakley key exchange negotiates keys securely while addressing man-in-the-middle and clogging attacks.

1. IPSecurity

2. IP Security..___...____...._____.....______...........
Functional Areas
Authentication Confidentiality Key Management

3. Applications of IP Security..___...___....____...........
Provide Secure
Connection Across
LAN
MAN
WAN
1

4. Applications of IP Security..___...___....____...........
Secure Remote Access
over the Internet
2

5. Applications of IP Security..___...___....____...........
Establish Extranet and
Intranet connectivity
3

6. Applications of IP Security..___...___....____...........
Enhancing Electronic
commerce security
4

7. Applications of IP Security..___...___....____...........
Router Applications Router Advertisement (new)
Router Advertisement (maintenances)
Not forged update

8. Benefits of IP Security..___..._____....______...........
• IPsec in Router
• IPsec in Firewall
• Its below transport layer, so no need to change existing security mechanism
• Transparent to End-user
• IPsec for individual users

9. IPSecirity Scenario

10. • Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
• Confidentiality (encryption)
• Limited traffic flow confidentiality
IP Security Architecture..___..._____...._____...........
• RFC 2401: An overview of security architecture
• RFC 2402: Packet Authentication Extension
• RFC 2406: Packet Encryption Extension
• RFC 2408: Key Management capabilities
Two security Header Extension
Encapsulating Security Payload
(ESP)
Authentication Header (AH)
services

11. Security Association…___...._____.....______...........
Security Association
A one-way relationship between sender & receiver
Uniquely identified by:
SA Parameters
Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier
A bit string assigned to this
SA.
The address of the
destination endpoint
of the SA.
Indicates whether the
association is an AH or
ESP Security
Association.
Sequence Number Counter Sequence Counter Overflow
Anti-Replay WindowAH Information ESP Information
Lifetime of this Security AssociationIP Security Mode
Path MTU

12. Transport Mode…___....____.....______...........
• Provide protection for upper layer protocols. (TCP/UDP/ICMP)
• Used for end to end communication
• ESP
• Encrypts IP payload,
• Optionally authenticate IP Payload but not IP header
• AH
• Authenticate IP payload and selected portion of IP Header

13. Tunnel Mode…___......____........_______...........
• Provide protection for entire IP packet by encrypting the packet with AH/ESP and an additional IP header
• Tunnel mode could be used in Three different configuration.
• Gateway to Gateway
• One endpoint
• Third party Firewall

14. Tunnel Mode…___......____........_______...........
•Gateway to Gateway

15. Tunnel Mode…___......____........_______...........
•One End-Point

16. Tunnel Mode…___......____........_______...........
•Third Party Firewall

17. Authentication Header…__......___........_____...........
• Provides support for Data Integrity and Authentication
Ensures that modification to a packet content in transit is not possible.
Enables End-System to Authenticate the User or Application
Prevents Address Spoofing Attack
Guards against reply attack

18. Authentication Header…__......___........_____...........
Data integrity
Authentication
Reply Protection
MAC
Secret shared key
Sequence Number

19. Authentication Header…__......___........_____...........
Fields:
• Next Header: Identify the type of header immediately following this header
(could be TCP or UDP header, based on application)
• Payload Length: Length of authentication header in 32 bit word minus 2
• Reserved: For future use (set to 0)
• Security Parameter index: Identifies Security Association Rules
• Sequence Number: Monotonically increasing counter value(number of messages
Sent using the current SA)
• Authentication Data: Contains Integrity Check Value(ICV), Eg. MAC

20. Authentication Header…__......___........_____...........

21. Authentication Header…__......___........_____...........
ICV (Integrity Check Value)
• It’s a Message Authentication Code
• First 96 bits are used as MAC as it’s the default size for the
authentication data field.
• MAC is calculated over
• Immutable ip-header fields
• Predictable fields upon arrival at the endpoint.
• Mutable and unpredictable fields are set to Zero
• Authentication Header other than authentication data field.
• Entire upper level data

22. Internet header length
Source Address
Version
Authentication Header…__......___........_____...........
Immutable Fields Mutable but Predictable Fields
Destination Address
Mutable Fields that are Zeroed
Time to live and Header checksum
Flow Label

23. Authentication Header…__......___........_____...........
Anti-Reply Service
• Protects against Reply Attack
• Based on Sequence Number
• Sequence number cycle : 232 – 1
• When this limit is reached, negotiate new SA
• Inbound processing when a packet is received

24. Authentication Header…__......___........_____...........
Transport Mode
IP Header TCP Data
IP Header AH TCP Data

25. Authentication Header…__......___........_____...........
Tunnel Mode
IP Header TCP Data
New IP
Header
AH
Original IP
Header
TCP Data

26. Encapsulating Security Payload.....__......___..........
Fields:
• Next Header: Identify the type of header immediately following this header
(could be TCP or UDP header, based on application)
• Security Parameter index: Identifies Security Association Rules
• Sequence Number: Monotonically increasing counter value(number of messages
Sent using the current SA)
• Payload Data: Transport level data or IP packet
• Padding: 0-255 Bytes
• Pad Length: number of pad bytes
• Authentication Data: Contains Integrity Check Value(ICV)

27. Encapsulating Security Payload.....__......___..........

28. Encapsulating Security Payload.....__......___..........
Transport Mode
IP Header TCP Data
IP
Header
ESP TCP Data ESP Trailer
ESP
Authentication
Encrypted

29. Combining Security Association.....__......___..........
Individual SA can implement either the AH or ESP protocol but not both.
Some traffic flow require services provided by both AH & ESP
Security Association Bundle: It refers to a sequence of SAs through which traffic must be processed
to provide a desired set of IPSec services.
The SAs in a bundle may terminate at different or same end-points
Security Association Bundle
Transport Adjacency:
Refers to applying more than one security
protocol to the same IP packet, without
invoking tunneling.
Iterated tunneling:
Refers to the application of multiple layers of
security protocols effected through IP tunneling.
Each tunnel can originate or terminate at a
different IPSec site along the path.

30. Combining Security Association.....__......___..........
Transport Adjacency:

31. Combining Security Association.....__......___..........
Iterated tunneling:

32. Combining Security Association.....__......___..........
Iterated tunneling with different End Point:

33. Combining Security Association.....__......___..........
Case 1: Security is provided between end systems
Case 2: Security is provided only between Gateways
Case 3: Builds on Case 2 by adding end-to-end security
Case 4: Provides support for a remote host

34. Combining Security Association.....__......___..........

35. Combining Security Association.....__......___..........
Authentication Plus Confidentiality
Transport mode ESP:
Authentication and Encryption apply to the IP
payload,
IP header is not protected.
Tunnel mode ESP:
Applies to entire IP packet.
Possible Combinations:
a: AH in transport mode
b: ESP in transport mode
c: ESP followed by AH in transport mode
d: a, b, c inside an AH or ESP in tunnel mode

36. Key Management......_____.........______..........
Manual Automatic
Small
Static
environment
Every Where

37. Key Management......_____.........______..........
Oakley Key Determination Protocol
Refinement over Diffie-Hellman key exchange algorithm
Features:
Secret keys are created only when needed
Requires no pre-existing infracture
Weaknesses:
Doesn’t provide any info regarding identity of parties
Subject to man in the middle attack

38. Key Management......_____.........______..........
Man in the
Middle Attack
CloggingAttack

39. Key Management......_____.........______..........
Oakley
Features
Cookies to thwart clogging attack
Enables two parties to negotiate group
Use nonces to ensure against reply attack

40. Key Management......_____.........______..........
Oakley
Authentication Methods
Digital Signature
Public key Encryption
Symmetric key Encryption