This document provides an overview of IPSec, including: - IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes. - The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints. - IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.

1. IIPPSSeecc -- OOvveerrvviieeww
Mr. Rupesh Mishra
St. Francis Institute of Tech
1

2. OOuuttlliinnee
• Introduction
• IPSec Architecture
• Internet Key Exchange (IKE)
• IPSec Policy
• Discussion
2

3. IIPP iiss nnoott SSeeccuurree!!
• IP protocol was designed in the late 70s to
early 80s
o Part of DARPA Internet Project
o Very small network
• All hosts are known!
• So are the users!
• Therefore, security was not an issue
3

4. SSeeccuurriittyy IIssssuueess iinn IIPP
• source spoofing - DOS Attack
• replay packets - Replay Attack
• No data integrity - Modification
• No confidentiality - Spying
4

5. WWhhaatt iiss IIPPSSeecc
• A set of protocol and algorithm used to secure IP
data and network layer
• Open standard for VPN implementation
• Inbuilt in IPV6 and compatible with IPV4
5

6. GGooaallss ooff IIPPSSeecc
• to verify sources of IP packets
o authentication
• to prevent replaying of old packets
• to protect integrity and/or confidentiality of packets
o data Integrity/Data Encryption
6

7. OOuuttlliinnee
• Why IPsec?
• IPSec Architecture
• Internet Key Exchange (IKE)
• IPsec Policy
• Discussion
7

8. TThhee IIPPSSeecc SSeeccuurriittyy MMooddeell
8
Secure
Insecure

9. IIPPSSeecc AArrcchhiitteeccttuurree
9
ESP AH
IPSec Security Policy
IKE
Encapsulating Security
Payload
Authentication Header
The Internet Key Exchange

10. IIPPSSeecc AArrcchhiitteeccttuurree
• IPSec provides security in three situations:
o Host-to-host, host-to-gateway and gateway-to-gateway
• IPSec operates in two modes:
o Transport mode (for end-to-end)
o Tunnel mode (for VPN)
10

11. IIPPsseecc AArrcchhiitteeccttuurree
11
Transport Mode
Router Router
Tunnel Mode

12. VVaarriioouuss PPaacckkeettss
12
IP header
Original
IP header
IP header
TCP header
TCP header
TCP header
data
data
data
IPSec header
IPSec header IP header
Transport
mode
Tunnel
mode

13. SSeeccuurriittyy AAssssoocciiaattiioonn ((SSAA))
13
• Specification of security for the communication
• Specification of key , algorithm , policy , etc
• Unidirectional
• SADB

14. IISSAAKKMMPP
14
• Defines the procedure for security association
• SA and Key Management

15. IIPPSSeecc
• A collection of protocols (RFC 2401)
o Authentication Header (AH)
• RFC 2402
o Encapsulating Security Payload (ESP)
• RFC 2406
o Internet Key Exchange (IKE)
• RFC 2409
o IP Payload Compression (IPcomp)
• RFC 3137
15

16. AAuutthheennttiiccaattiioonn HHeeaaddeerr
((AAHH))
• Provides source authentication
o Protects against source spoofing
• Provides data integrity
• Protects against replay attacks
o Use monotonically increasing sequence numbers
o Protects against denial of service attacks
• NO protection for confidentiality!
16

17. AAHH DDeettaaiillss
• Use 32-bit monotonically increasing sequence
number to avoid replay attacks
• Use cryptographically strong hash algorithms to
protect data integrity (96-bit)
o Use symmetric key cryptography
o HMAC-SHA-96, HMAC-MD5-96
17

18. AAHH PPaacckkeett DDeettaaiillss
18
New IP header
Security Parameters Index (SPI)
Sequence Number
Authentication Data
Next
header
Payload
length Reserved
Old IP header (only in Tunnel mode)
TCP header
Authenticated
Data
Encapsulated
TCP or IP packet
Hash of everything
else

19. EEnnccaappssuullaattiinngg SSeeccuurriittyy
PPaayyllooaadd ((EESSPP))
• Provides all that AH offers, and
• in addition provides data confidentiality
o Uses symmetric key encryption
19

20. EESSPP DDeettaaiillss
• Same as AH:
o Use 32-bit sequence number to counter replaying attacks
o Use integrity check algorithms
• Only in ESP:
o Data confidentiality:
• Uses symmetric key encryption algorithms to encrypt packets
20

21. EESSPP PPaacckkeett DDeettaaiillss
21
Security Parameters Index (SPI)
Sequence Number
Authentication Data
Next
header
Payload
length Reserved
TCP header
Authenticated
IP header
Initialization vector
Data
Pad Pad length Next
Encrypted TCP
packet

22. OOuuttlliinnee
• Why IPsec?
• IPsec Architecture
• Internet Key Exchange (IKE)
• IPsec Policy
• Discussion
22

23. IInntteerrnneett KKeeyy EExxcchhaannggee
((IIKKEE))
• Exchange and negotiate security policies
• Establish security sessions
o Identified as Security Associations
• Key exchange
• Key management
• Can be used outside IPsec as well
23

24. HHooww IItt WWoorrkkss
• IKE operates in two phases
o Phase 1: negotiate and establish an auxiliary
end-to-end secure channel
• Used by subsequent phase 2 negotiations
• Only established once between two end points!
o Phase 2: negotiate and establish custom secure
channels
• Occurs multiple times
o Both phases use Diffie-Hellman key exchange to
establish a shared key
24

25. IIKKEE PPhhaassee 11
• Goal: to establish a secure channel between two
end points
o This channel provides basic security features:
• Source authentication
• Data integrity and data confidentiality
• Protection against replay attacks
25

26. IIKKEE PPhhaassee 11
• Rationale: each application has different security
requirements
• But they all need to negotiate policies and
exchange keys!
• So, provide the basic security features and allow
application to establish custom sessions
26

27. EExxaammpplleess
• All packets sent to address mybank.com must be
encrypted using 3DES with HMAC-MD5 integrity
check
• All packets sent to address www.forum.com must
use integrity check with HMAC-SHA1 (no encryption
is required)
27

28. PPhhaassee 11 EExxcchhaannggee
• Can operate in two modes:
o Main mode
• Six messages in three round trips
• More options
o Quick mode
• Four messages in two round trips
• Less options
28

29. PPhhaassee 11 ((MMaaiinn MMooddee))
29
Initiator Responder
[Header, SA1]

30. PPhhaassee 11 ((MMaaiinn MMooddee))
30
Initiator Responder
[Header, SA1]
[Header, SA2]
Establish vocabulary for further communication

31. PPhhaassee 11 ((MMaaiinn MMooddee))
31
Initiator Responder
[Header, SA1]
[Header, SA2]
[Header, KE, Ni, {Cert_Reg} ]

32. PPhhaassee 11 ((MMaaiinn MMooddee))
32
Initiator Responder
Header, SA1
[Header, SA1]
[Header, KE, Ni { , Cert_Req} ]
[Header, KE, Nr {, Cert_Req}]
Establish secret key using Diffie-Hellman key exchange
Use nonces to prevent replay attacks

33. PPhhaassee 11 ((MMaaiinn MMooddee))
33
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {,Cert_Req} ]
[Header, KE, Nr {,Cert_Req}]
[Header, IDi, {CERT} sig]

34. PPhhaassee 11 ((MMaaiinn MMooddee))
34
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {, Cert_req}]
[Header, KE, Nr {, Cert_req}]
[Header, IDi, {CERT} sig]
[Header, IDr, {CERT} sig]
Signed hash of IDi (without Cert_req , just send the hash)

35. PPhhaassee 11 ((QQuuiicckk MMooddee))
35
Initiator Responder
[Header, SA1, KE, Ni, IDi]

36. PPhhaassee 11 ((QQuuiicckk MMooddee))
36
Initiator Responder
[Header, SA1, KE, Ni, IDi]
[Header, SA2, KE, Nr,
IDr, [Cert]sig]
[Header, [Cert]sig]
First two messages combined into one
(combine Hello and DH key exchange)

37. IIPPSSeecc ((PPhhaassee 11))
• Four different way to authenticate (either
mode)
o Digital signature
o Two forms of authentication with public key encryption
o Pre-shared key
• NOTE: IKE does use public-key based
cryptography for encryption
37

38. IIPPSSeecc ((PPhhaassee 22))
• Goal: to establish custom secure channels
between two end points
o End points are identified by <IP, port>:
• e.g. <www.mybank.com, 8000>
o Or by packet:
• e.g. All packets going to 128.124.100.0/24
o Use the secure channel established in Phase 1 for communication
38

39. IIPPSSeecc ((PPhhaassee 22))
• Only one mode: Quick Mode
• Multiple quick mode exchanges can be
multiplexed
• Generate SAs for two end points
• Can use secure channel established in phase 1
39

40. IIPP PPaayyllooaadd CCoommpprreessssiioonn
• Used for compression
• Can be specified as part of the IPSec policy
40

41. OOuuttlliinnee
• Why IPsec?
• IPsec Architecture
• Internet Key Exchange (IKE)
• IPSec Policy
• Discussion
41

42. IIPPsseecc PPoolliiccyy
• Phase 1 policies are defined in terms of protection suites
• Each protection suite
o Must contain the following:
• Encryption algorithm
• Hash algorithm
• Authentication method
• Diffie-Hellman Group
o May optionally contain the following:
• Lifetime
• …
42

43. IIPPSSeecc PPoolliiccyy
• Phase 2 policies are defined in terms of
proposals
• Each proposal:
o May contain one or more of the following
• AH sub-proposals
• ESP sub-proposals
• IPComp sub-proposals
• Along with necessary attributes such as
o Key length, life time, etc
43

44. IIPPSSeecc PPoolliiccyy EExxaammppllee
• In English:
o All traffic to 128.104.120.0/24 must be:
• Use pre-hashed key authentication
• DH group is MODP with 1024-bit modulus
• Hash algorithm is HMAC-SHA (128 bit key)
• Encryption using 3DES
• In IPSec:
o [Auth=Pre-Hash;
DH=MODP(1024-bit);
HASH=HMAC-SHA;
ENC=3DES]
44

45. IIPPsseecc PPoolliiccyy EExxaammppllee
• In English:
o All traffic to 128.104.120.0/24 must use one of the
following:
• AH with HMAC-SHA or,
• ESP with 3DES as encryption algorithm and
(HMAC-MD5 or HMAC-SHA as hashing algorithm)
• In IPsec:
o [AH: HMAC-SHA] or,
o [ESP: (3DES and HMAC-MD5) or
(3DES and HMAC-SHA)]
45

46. VViirrttuuaall PPrriivvaattee NNeettwwoorrkkss
((VVPPNNss))
• Protocol
o Data Link Later – PPTP , L2F , L2TF
o Network Layer - IPSec
• Virtual
o It is not a physically distinct network
• Private
o Tunnels are encrypted to provide confidentiality
• Computer dept might have a VPN
o I can be on this VPN while traveling
46

47. OOuuttlliinnee
• Why IPsec?
• IPsec Architecture
• Internet Key Exchange (IKE)
• IPsec Policy
• Discussion
47

48. DDiissccuussssiioonn
• IPSec is not the only solution!
o Security features can be added on top of IP!
• e.g. Kerberos, SSL
o IP, IPSec protocols are very complex!
• Two modes, three sub protocols
o Complexity is the biggest enemy of security
48

49. DDiissccuussssiioonn
• Has it been used?
o Yes—primarily used by some VPN vendors
• But not all routers support it
o No—it is not really an end-to-end solution
• Authentication is too coarse (host based)
• Default encryption algorithm too weak (DES)
• Too complex for applications to use
49

50. RReessoouurrcceess
• IP, IPsec and related RFCs:
o http://www.ietf.org/html.charters/ipsec-charter.html
o IPsec: RFC 2401, IKE: RFC 2409
o www.freeswan.org
• Google search
50