Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
I psec
1. 11
IP Sec An OverviewIP Sec An Overview
why IPSec?why IPSec?
IPSec ArchitectureIPSec Architecture
Internet Key Exchange (IKE)Internet Key Exchange (IKE)
IPSec PolicyIPSec Policy
discussiondiscussion
2. 22
IP is not Secure!IP is not Secure!
IP protocol was designed in the lateIP protocol was designed in the late
70s to early 80s70s to early 80s
– Part of DARPA Internet ProjectPart of DARPA Internet Project
– Very small networkVery small network
All hosts are known!All hosts are known!
So are the users!So are the users!
Therefore, security was not an issueTherefore, security was not an issue
3. 33
Security Issues in IPSecurity Issues in IP
source spoofingsource spoofing
replay packetsreplay packets
no data integrity orno data integrity or
confidentialityconfidentiality
• DOS attacks
• Replay attacks
• Spying
• and more…
Fundamental Issue:
Networks are not (and will never be)
fully secure
4. 44
Goals of IPSecGoals of IPSec
to verify sources of IP packetsto verify sources of IP packets
– authenticationauthentication
to prevent replaying of old packetsto prevent replaying of old packets
to protect integrity and/orto protect integrity and/or
confidentiality of packetsconfidentiality of packets
– data Integrity/Data Encryptiondata Integrity/Data Encryption
10. 1010
Various PacketsVarious Packets
IP header
IP header
IP header
TCP header
TCP header
TCP header
data
data
data
IPSec header
IPSec header IP header
Original
Transport
mode
Tunnel
mode
12. 1212
Authentication HeaderAuthentication Header
(AH)(AH)
Provides source authenticationProvides source authentication
– Protects against source spoofingProtects against source spoofing
Provides data integrityProvides data integrity
Protects against replay attacksProtects against replay attacks
– Use monotonically increasing sequenceUse monotonically increasing sequence
numbersnumbers
– Protects against denial of service attacksProtects against denial of service attacks
NO protection for confidentiality!NO protection for confidentiality!
13. 1313
AH DetailsAH Details
Use 32-bit monotonically increasingUse 32-bit monotonically increasing
sequence number to avoid replaysequence number to avoid replay
attacksattacks
Use cryptographically strong hashUse cryptographically strong hash
algorithms to protect data integrityalgorithms to protect data integrity
(96-bit)(96-bit)
– Use symmetric key cryptographyUse symmetric key cryptography
– HMAC-SHA-96, HMAC-MD5-96HMAC-SHA-96, HMAC-MD5-96
14. 1414
AH Packet DetailsAH Packet Details
Authentication Data
Sequence Number
Security Parameters Index (SPI)
Next
header
Payload
length
Reserved
Old IP header (only in Tunnel mode)
TCP header
New IP header
Authenticated
Data
Encapsulated
TCP or IP packet
Hash of everything
else
15. 1515
Encapsulating SecurityEncapsulating Security
Payload (ESP)Payload (ESP)
Provides all that AH offers, andProvides all that AH offers, and
in addition providesin addition provides datadata
confidentialityconfidentiality
– Uses symmetric key encryptionUses symmetric key encryption
16. 1616
ESP DetailsESP Details
Same as AH:Same as AH:
– Use 32-bit sequence number to counterUse 32-bit sequence number to counter
replaying attacksreplaying attacks
– Use integrity check algorithmsUse integrity check algorithms
Only in ESP:Only in ESP:
– Data confidentiality:Data confidentiality:
Uses symmetric key encryption algorithmsUses symmetric key encryption algorithms
to encrypt packetsto encrypt packets
17. 1717
ESP Packet DetailsESP Packet Details
Authentication Data
Sequence Number
Security Parameters Index (SPI)
Next
header
Payload
length
Reserved
TCP header
Authenticated
IP header
Initialization vector
Data
Pad Pad length Next
Encrypted TCP
packet
18. 1818
Question?Question?
1.1. Why have both AH and ESP?Why have both AH and ESP?
2.2. Both AH and ESP use symmetricBoth AH and ESP use symmetric
key based algorithmskey based algorithms
– Why not public-key cryptography?Why not public-key cryptography?
– How are the keys being exchanged?How are the keys being exchanged?
– What algorithms should we use?What algorithms should we use?
– Similar to deciding on the ciphersuiteSimilar to deciding on the ciphersuite
in SSLin SSL
20. 2020
Internet Key ExchangeInternet Key Exchange
(IKE)(IKE)
Exchange and negotiate securityExchange and negotiate security
policiespolicies
Establish security sessionsEstablish security sessions
– Identified asIdentified as Security AssociationsSecurity Associations
Key exchangeKey exchange
Key managementKey management
Can be used outside IPsec as wellCan be used outside IPsec as well
21. 2121
IPsec/IKE AcronymsIPsec/IKE Acronyms
Security Association (SA)Security Association (SA)
– Collection of attribute associated with aCollection of attribute associated with a
connectionconnection
– IsIs asymmetric!asymmetric!
One SA for inbound traffic, another SA forOne SA for inbound traffic, another SA for
outbound trafficoutbound traffic
Similar to ciphersuites in SSLSimilar to ciphersuites in SSL
Security Association Database (SADB)Security Association Database (SADB)
– A database of SAsA database of SAs
22. 2222
IPsec/IKE AcronymsIPsec/IKE Acronyms
Security Parameter Index (SPI)Security Parameter Index (SPI)
– A unique index for each entry in theA unique index for each entry in the
SADBSADB
– Identifies the SA associated with aIdentifies the SA associated with a
packetpacket
Security Policy Database (SPD)Security Policy Database (SPD)
– Store policies used to establish SAsStore policies used to establish SAs
23. 2323
How They Fit TogetherHow They Fit Together
SPD
SADB
SA-2
SPI
SPI
SA-1
24. 2424
SPD and SADB ExampleSPD and SADB Example
FromFrom ToTo ProtocolProtocol PortPort PolicyPolicy
AA BB AnyAny AnyAny AH[HMAC-MD5]AH[HMAC-MD5]
Tunnel Mode
Transport Mode
A
C
B
A’s SPD
FromFrom ToTo ProtocolProtocol SPISPI SA RecordSA Record
AA BB AHAH 1212 HMAC-MD5 keyHMAC-MD5 key
A’s SADB
D
FromFrom ToTo ProtocolProtocol PortPort PolicyPolicy Tunnel DestTunnel Dest
AnyAny AnyAny ESP[3DES]ESP[3DES] DD
C’s SPD
FromFrom ToTo ProtocolProtocol SPISPI SA RecordSA Record
ESPESP 1414 3DES key3DES key
C’s SADB
Asub Bsub
Asub Bsub
25. 2525
How It WorksHow It Works
IKE operates in two phasesIKE operates in two phases
– Phase 1:Phase 1: negotiate and establish an auxiliarynegotiate and establish an auxiliary
end-to-end secure channelend-to-end secure channel
Used by subsequent phase 2 negotiationsUsed by subsequent phase 2 negotiations
Only established once between two end points!Only established once between two end points!
– Phase 2:Phase 2: negotiate and establish customnegotiate and establish custom
secure channelssecure channels
Occurs multiple timesOccurs multiple times
– Both phases use Diffie-Hellman key exchangeBoth phases use Diffie-Hellman key exchange
to establish a shared keyto establish a shared key
26. 2626
IKE Phase 1IKE Phase 1
Goal:Goal: to establish a secure channelto establish a secure channel
between two end pointsbetween two end points
– This channel provides basic securityThis channel provides basic security
features:features:
Source authenticationSource authentication
Data integrity and data confidentialityData integrity and data confidentiality
Protection against replay attacksProtection against replay attacks
27. 2727
IKE Phase 1IKE Phase 1
Rationale:Rationale: each application haseach application has
different security requirementsdifferent security requirements
But they all need to negotiationBut they all need to negotiation
policies and exchange keys!policies and exchange keys!
So, provide the basic securitySo, provide the basic security
features and allow application tofeatures and allow application to
establish custom sessionsestablish custom sessions
28. 2828
ExamplesExamples
All packets sent to addressAll packets sent to address
mybank.commybank.com must be encrypted usingmust be encrypted using
3DES with HMAC-MD5 integrity3DES with HMAC-MD5 integrity
checkcheck
All packets sent to addressAll packets sent to address
www.forum.comwww.forum.com must use integritymust use integrity
check with HMAC-SHA1 (nocheck with HMAC-SHA1 (no
encryption is required)encryption is required)
29. 2929
Phase 1 ExchangePhase 1 Exchange
Can operate in two modes:Can operate in two modes:
– Main modeMain mode
Six messages in three round tripsSix messages in three round trips
More optionsMore options
– Quick modeQuick mode
Four messages in two round tripsFour messages in two round trips
Less optionsLess options
37. 3737
Phase 1 (Aggressive Mode)Phase 1 (Aggressive Mode)
Initiator Responder
[Header, SA1, KE, Ni, IDi]
[Header, SA2, KE, Nr,
IDr, [Cert]sig]
[Header, [Cert]sig]
First two messages combined into one
(combine Hello and DH key exchange)
38. 3838
IPSec (Phase 1)IPSec (Phase 1)
Four different way to authenticateFour different way to authenticate
(either mode)(either mode)
– Digital signatureDigital signature
– Two forms of authentication withTwo forms of authentication with
public key encryptionpublic key encryption
– Pre-shared keyPre-shared key
NOTE:NOTE: IKE does use public-keyIKE does use public-key
based cryptography for encryptionbased cryptography for encryption
39. 3939
IPSec (Phase 2)IPSec (Phase 2)
Goal:Goal: to establish custom secureto establish custom secure
channels between to end pointschannels between to end points
– End points are identified by <IP, port>:End points are identified by <IP, port>:
e.g.e.g. <www.mybank.com, 8000><www.mybank.com, 8000>
– Or by packet:Or by packet:
e.g. All packets going toe.g. All packets going to 128.124.100.0/24128.124.100.0/24
– Use the secure channel established inUse the secure channel established in
Phase 1 for communicationPhase 1 for communication
40. 4040
IPSec (Phase 2)IPSec (Phase 2)
Only one mode:Only one mode: Quick ModeQuick Mode
Multiple quick mode exchanges canMultiple quick mode exchanges can
be multiplexedbe multiplexed
Generate SAs for two end pointsGenerate SAs for two end points
Can use secure channel establishedCan use secure channel established
in phase 1in phase 1
41. 4141
IP Payload CompressionIP Payload Compression
Used for compressionUsed for compression
Can be specified as part of theCan be specified as part of the
IPSec policyIPSec policy
Will not cover!Will not cover!
43. 4343
IPsec PolicyIPsec Policy
Phase 1 policies are defined in terms ofPhase 1 policies are defined in terms of
protection suitesprotection suites
Each protection suiteEach protection suite
– Must contain the following:Must contain the following:
Encryption algorithmEncryption algorithm
Hash algorithmHash algorithm
Authentication methodAuthentication method
Diffie-Hellman GroupDiffie-Hellman Group
– May optionally contain the following:May optionally contain the following:
LifetimeLifetime
……
44. 4444
IPSec PolicyIPSec Policy
Phase 2 policies are defined in terms ofPhase 2 policies are defined in terms of
proposalsproposals
Each proposal:Each proposal:
– May contain one or more of the followingMay contain one or more of the following
AH sub-proposalsAH sub-proposals
ESP sub-proposalsESP sub-proposals
IPComp sub-proposalsIPComp sub-proposals
Along with necessary attributes such asAlong with necessary attributes such as
– Key length, life time, etcKey length, life time, etc
45. 4545
IPSec Policy ExampleIPSec Policy Example
In English:In English:
– All traffic to 128.104.120.0/24 must be:All traffic to 128.104.120.0/24 must be:
Use pre-hashed key authenticationUse pre-hashed key authentication
DH group is MODP with 1024-bit modulusDH group is MODP with 1024-bit modulus
Hash algorithm is HMAC-SHA (128 bit key)Hash algorithm is HMAC-SHA (128 bit key)
Encryption using 3DESEncryption using 3DES
In IPSec:In IPSec:
– [Auth=Pre-Hash;[Auth=Pre-Hash;
DH=MODP(1024-bit);DH=MODP(1024-bit);
HASH=HMAC-SHA;HASH=HMAC-SHA;
ENC=3DES]ENC=3DES]
46. 4646
IPsec Policy ExampleIPsec Policy Example
In English:In English:
– All traffic to 128.104.120.0/24 must use oneAll traffic to 128.104.120.0/24 must use one
of the following:of the following:
AH with HMAC-SHA or,AH with HMAC-SHA or,
ESP with 3DES as encryption algorithm andESP with 3DES as encryption algorithm and
(HMAC-MD5 or HMAC-SHA as hashing algorithm)(HMAC-MD5 or HMAC-SHA as hashing algorithm)
In IPsec:In IPsec:
– [AH: HMAC-SHA] or,[AH: HMAC-SHA] or,
– [ESP: (3DES and HMAC-MD5) or[ESP: (3DES and HMAC-MD5) or
(3DES and HMAC-SHA)](3DES and HMAC-SHA)]
47. 4747
Virtual Private NetworksVirtual Private Networks
(VPNs)(VPNs)
VirtualVirtual
– It is not a physically distinct networkIt is not a physically distinct network
PrivatePrivate
– Tunnels are encrypted to provideTunnels are encrypted to provide
confidentialityconfidentiality
CS dept might have a VPNCS dept might have a VPN
– I can be on this VPN while travelingI can be on this VPN while traveling
48. 4848
Alice is TravelingAlice is Traveling
AliceAlice works for the mergers andworks for the mergers and
acquisitions (M&A) department ofacquisitions (M&A) department of
takeover.comtakeover.com
She is atShe is at HicktownHicktown taking over ataking over a
meat-packing plantmeat-packing plant
She wants to access the M&AShe wants to access the M&A
server at her companyserver at her company
(confidentially of course)(confidentially of course)
51. 5151
DiscussionDiscussion
IPSec is not the only solution!IPSec is not the only solution!
– Security features can be added on topSecurity features can be added on top
of IP!of IP!
e.g. Kerberos, SSLe.g. Kerberos, SSL
Confused?Confused?
– IP, IPSec protocols are very complex!IP, IPSec protocols are very complex!
Two modes, three sub protocolsTwo modes, three sub protocols
– Complexity is the biggest enemy ofComplexity is the biggest enemy of
securitysecurity
52. 5252
DiscussionDiscussion
Has it been used?Has it been used?
– Yes—primarily used by some VPNYes—primarily used by some VPN
vendorsvendors
But not all routers support itBut not all routers support it
– No—it is not really an end-to-endNo—it is not really an end-to-end
solutionsolution
Authentication is too coarse (host based)Authentication is too coarse (host based)
Default encryption algorithm too weakDefault encryption algorithm too weak
(DES)(DES)
Too complex for applications to useToo complex for applications to use
53. 5353
ResourcesResources
IP, IPsec and related RFCs:IP, IPsec and related RFCs:
– http://www.ietf.org/html.charters/ipsec-charter.htmlhttp://www.ietf.org/html.charters/ipsec-charter.html
– IPsec: RFC 2401, IKE: RFC 2409IPsec: RFC 2401, IKE: RFC 2409
– www.freeswan.orgwww.freeswan.org
Google searchGoogle search