17. Outbound Processing Is it for IPSec? If so, which policy entry to select? Determine the SA and its SPI IPSec processing … SPD (Policy) … SA Database IP Packet Outbound packet (on A) A B SPI & IPSec Packet Send to B
18. Inbound Processing Use SPI to index the SAD Original IP Packet Was packet properly secured? “ un-process” … SA Database SPI & Packet Inbound packet (on B) A B From A … SPD (Policy)
19.
20.
21. IPSec Authenticated Header SPI Sequence Number ICV Next Header (TCP/UDP) Payload Length Reserved Length of the authentication header … SAD
22.
23.
24.
25.
26.
27. ESP Transport Example SPI Sequence Number Original IP Header Integrity Check Value Authentication coverage Encrypted Payload (TCP Header and Data) Variable Length Pad Length Padding (0-255 bytes) Next Header
28.
29.
30.
31.
32. NAT Example IAP’s Point of Presence Router with NAT External IP: 68.40.162.3 Internal IP: 192.168.0.0 Router assigns internal IPs to hosts on LAN : A: 192.168.0.100 B: 192.168.0.101 C: 192.168.0.102 A B C Messages sent between host B to another host on the Internet Host B original source socket: 192.168.0.101 port 1341 Host B translated socket: 68.40.162.3 port 5280
The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets Layer), and others. However users have some security concerns that cut across protocol layers. By implementing security at the IP level, an organization can ensure secure networking not only for applications that have security mechanisms but also for the many security-ignorant applications.
IP-level security encompasses three functional areas: authentication, confidentiality, and key management. The authentication mechanism assures that a received packet was transmitted by the party identified as the source in the packet header, and that the packet has not been altered in transit. The confidentiality facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. The key management facility is concerned with the secure exchange of keys. IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet.
Stallings Figure 16.1 illustrates a typical IP Security scenario. An organization maintains LANs at dispersed locations. Nonsecure IP traffic is conducted on each LAN. For traffic offsite, through some sort of private or public WAN, IPSec protocols are used. These protocols operate in networking devices, such as a router or firewall, that connect each LAN to the outside world. The IPSec networking device will typically encrypt and compress all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN; these operations are transparent to workstations and servers on the LAN. Secure transmission is also possible with individual users who dial into the WAN. Such user workstations must implement the IPSec protocols to provide security. Security Associations A one-way relationship between sender & receiver that affords security for traffic flow Can be between A pair of hosts A host and a security gateway A pair of security gateways
[MARK97] lists the benefits shown for IPSec. It also plays a vital role in the routing architecture required for internetworking.
The IPSec specification has become quite complex. The IPSec specification consists of numerous documents. The most important of these,issued in November of 1998, are • RFC 2401: An overview of a security architecture • RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 • RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 • RFC 2408: Specification of key management capabilities In addition to these four RFCs, a number of additional drafts have been published by the IP Security Protocol Working Group set up by the IETF. The documents are divided into seven groups. Support for these features is mandatory for IPv6 and optional for IPv4. In both cases, the security features are implemented as extension headers that follow the main IP header. The extension header for authentication is known as the Authentication Header (AH); that for encryption is known as the Encapsulating Security Payload (ESP) header.
Stallings Figure 16.5 shows the difference between end-to-end (transport) mode and end-to-intermediate (tunnel) mode. Transport mode provides protection primarily for upper-layer protocol payloads, by inserting the AH after the original IP header and before the IP payload. Typically, transport mode is used for end-to-end communication between two hosts. Tunnel mode provides protection to the entire IP, after the AH or ESP fields are added to the IP packet, the entire packet plus security fields is treated as the payload of new “outer”IP packet with a new outer IP header. Tunnel mode is used when one or both ends of an SA are a security gateway, such as a firewall or router that implements IPSec.
Dest IP can be a security gateway.
See page 168, Stallings
See page 169, Stallings
Doraswamy & Harkins, page 45
Doraswamy & Harkins, page 46
SA Selectors figure out which policy in SPD applies to traffic
Stallings Figure 16.3 shows the Authentication Header fields: • Next Header (8 bits): Identifies the type of header immediately following this header • Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2. • Reserved (16 bits): For future use • Security Parameters Index (32 bits): Identifies a security association • Sequence Number (32 bits): A monotonically increasing counter value • Authentication Data (variable): A variable-length field (must be an integral number of 32-bit words) that contains the Integrity Check Value (ICV), or MAC,for this packet
No, no matter transport mode, tunnel mode, AH or ESP.
Transport mode, AH, no ESP, no (b/c port # and checksum need to be changed) IPsec ESP transport mode is imcompatible with NAT. In the case of TCP/UDP packets, NAT would need to update the checksum in TCP/UDP headers, when an address in IP header is changed. However, as the TCP/UDP header is encrypted by the ESP, NAT would not be able to make this checksum update. As a result, TCP/UDP packets encrypted in transport mode ESP, traversing a NAT device will fail the TCP/UDP checksum validation on the receiving end and will simply not reach the target application. For tunnel modes. For config a: yes for both AH and ESP For config b: No for both AH and ESP (b/c port # cannot be changed), unless specific reasons are given for ESP tunnel modes, e.g., UDP encapsulation. But for NAT w/o port #, config b can work w/ ESP.
An individual SA can implement either the AH or ESP protocol but not both. Sometimes a particular traffic flow will call for the services provided by both AH and ESP. Further, a particular traffic flow may require IPSec services between hosts and ,for that same flow, separate services between security gateways, such as firewalls. In all of these cases, multiple SAs must be employed for the same traffic flow to achieve the desired IPSec services. The term security association bundle refers to a sequence of SAs through which traffic must be processed to provide a desired set of IPSec services. The SAs in a bundle may terminate at different endpoints or at the same endpoints. Security associations may be combined into bundles in two ways: • Transport adjacency: more than one security protocol on same IP packet, without invoking tunneling • Iterated tunneling: application of multiple layers of security protocols effected through IP tunneling One interesting issue is the order in which authentication and encryption may be applied between a given pair of endpoints.
The IPSec Architecture document lists four examples of combinations of SAs that must be supported by compliant IPSec hosts or security gateways. These are illustrated in Stallings Figure 16.10. Note the *’d devices implement IPSec. The cases are: Case 1 security is provided between end systems that implement IPSec. Case 2 security is provided only between gateways (routers,firewalls,etc.) and no hosts implement IPSec. Case 3 builds on Case 2 by adding end-to-end security .The same combinations discussed for cases 1 and 2 are allowed here. Case 4 provides support for a remote host that uses the Internet to reach an organization’s firewall and then to gain access to some server or workstation behind the firewall. Only tunnel mode is required between the remote host and the firewall.