Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | joel-burns |
View: | 220 times |
Download: | 0 times |
1
IP Security
Behzad AkbariFall 2009
In the Name of the Most High
Outline
Need for Internet Security Internetworking and Internet Protocols
(Appendix 6A) IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations of Security Associations Key Management
Need for Internet Security
Based on public-domain standards Potential intruders know how things work
The Internet is ever-increasingly pervasive No need for specialist tools to get access
Applications (e.g. web servers and browsers) are extensible Now used for much more than protocol designers
envisaged originally TCP/IP weaknesses
e.g. easy to masquerade as someone else
Why secure at the IP layer?
Can put security in place once, in a consistent manner, for multiple applications
All applications are secured, without the need for the user to be involved
Central management of security, including access policy, keys, algorithms, etc.
Secured IP
Diverse Apps
WebEmail GameDB
queriesFTPSNMP IM
TCP UDP Other Transport
Independent of Applications and Transport
Internet Protocols
Internet Protocol (IP)provides functionality for interconnecting end systems across multiple networks.
IPv4 and IPv6 Routers provide connections between
networks Data is encapsulated in an IP Protocol Data
Unit (PDU) for transmission
Uses of IPsec Virtual Private Network (VPN) establishment
For connecting remote offices and users using public Internet
Low-cost remote access e.g. teleworker gains secure access to company
network via local call to ISP Extranet connectivity
Secure communication with partners, suppliers, etc.
OSI 7 Layer Model 7 Application
HTTP, SMTP, SNMP, FTP, Telnet, SIP, SSH, NFS,, Whois,
6 Presentation XDR, ASN.1, SMB, AFP, NCP
5 Session ASAP, TLS, SSH,RPC, NetBIOS, ASP, Winsock, BSD sockets
4 Transport TCP, UDP, RTP, SCTP, SPX, ATP,
3 Network IP, ICMP, IPX, BGP, OSPF, RIP, ARP, X.25
2 Data Link Ethernet, Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi, FDDI, PPP
1Physical wire, radio, fiber optic
5 Layer Internet Protocol Model
1 .Physical
2 .Network Interface)like Data Link(
3 .Internet
4 .Transport
5 .Application
Logical Link Control (LLC)
Media Access Control (MAC)
IP
TCP, UDP
TCP/IP Example
IP Security Overview
Application–specific security mechanisms E-mail (S/MIME, PGP) Client-server (Kerberos) Web Access ( Secure sockets)
IP level security (IPSec) Authentication (received unaltered from source in header) Confidentiality (encrypted to prevent eavesdropping) Key Management (secure exchange of keys)
IP Security Overview
IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
IP Security Overview
Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity
with partners Enhancing electronic commerce security
IP Security Scenario
IP Security Overview
Benefits of IPSec Transparent to applications (below transport layer
(TCP, UDP) Provide security for individual users
IPSec can assure that: A router or neighbor advertisement comes from an
authorized router A redirect message comes from the router to which
the initial packet was sent A routing update is not forged
IP Security Architecture
IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet encryption
extension to IPv4 and IPv6 RFC 2406: Description of a packet emcryption
extension to IPv4 and IPv6 RFC 2408: Specification of key managament
capabilities
IPsec Architecture
Two alternative protocols: Authentication Header (AH)
Provides authentication but not confidentiality Adds extra field to traditional IP packet; used to verify
authenticity of the packet
Encapsulating Security Payload (ESP) Provides packet encryption and, optionally, authentication Content of IP packet is encrypted and encapsulated between
header and trailer fields
IPSec Document Overview
IPSec Services
IPSec provides security services at the IP layer by enabling a system to select required protocols, determine the algorithm(s) to use, and to put in place the cryptographic keys.
Two protocols are needed: Authentication Header (AH) Encapsulating Security Payload (ESP)
IPSec Services
Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity
Security Association (SA)
In order to communicate, each pair of hosts must set up SA with each other
Acts as virtual connection for which various parameters are set: Type of protection Algorithms Keys …
Specifies one-way relationship For either AH or ESP, but not both
Security Associations (SA)
A one way relationship between a sender and a receiver.
Identified by three parameters: Security Parameter Index (SPI) IP Destination address Security Protocol Identifier
Security Association (SA) Each SA uniquely identified by:
Security Parameters Index (SPI) 32-bit string assigned to this SA (local meaning only)
IP destination address of packets May be end user system, or firewall or router
Choice of AH or ESP For each IP packet, governing SA is identified by:
Destination IP address in packet header SPI in extension header (AH or ESP)
Before applying AH
IPsec modes
Transport Mode: Protects payload only
i.e. protects original data and upper-level protocols
Typically used for end-to-end communication
Transport Mode Security
Transport Mode (AH Authentication)
IPsec modes
Tunnel Mode: Protects entire IP packet
Including the IP header Typically used for connecting secure
gateways (firewalls or routers that implement IPsec)
Hosts don’t need to be IPsec-enabled
Tunnel Mode Security
Tunnel Mode (AH Authentication)
• Adds extra field to traditional IP packet• This is used to verify authenticity &
integrity of the packet
Before applying AH:
Transport Mode:data is authenticated, as
well as parts of IP header
Tunnel Mode:entire original packet
is authenticated + parts of new header
Authenticated (Data + orig IP header + parts of new header)
Authentication Header (AH)
Authenticated (Data + parts of IP header)
Authentication Header Provides support for data integrity and authentication
(MAC code) of IP packets. Guards against replay attacks. Parties share a secret key, K
Authentication Header (AH)
Protection against replay attack with use of sequence number
Why have an Authentication-only protocol (AH)? May be used where export/import/use of encryption is
restricted Faster implementation Receiver can choose whether to expend the effort to
verify authenticity/integrity
Encapsulating Security Payload (ESP) Content of IP packet is encrypted and
encapsulated between header and trailer fields.
Authentication data optionally added
Original IP packet:
Transport Mode:only data is encrypted &
authenticated
Tunnel Mode:entire packet encrypted &
authenticated
Authenticated
(optionally)
Encrypted
Authenticated
(optionally)
Encrypted
Encapsulating Security Payload (ESP)
ESP Format
Encrypts inner IP packet. Authenticates inner IP packet.
Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header
ESP with authentication
Encrypts inner IP packet
Encrypts IP payload and any IPv6 extesion header
ESP
Authenticates entire inner IP packet plus selected portions of outer IP header
Authenticates IP payload and selected portions of IP header and IPv6 extension headers
AH
Tunnel Mode SA
Transport Mode SA
Main difference is that Tunnel mode secures the IP header as well as the payload
End-to-end versus End-to-Intermediate Authentication
Encapsulating Security Payload ESP provides confidentiality services
Encryption and Authentication Algorithms Encryption:
Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish
Authentication: HMAC-MD5-96 HMAC-SHA-1-96
ESP Encryption and Authentication
ESP Encryption and Authentication
Combinations of Security Associations
Combinations of Security Associations
Combinations of Security Associations
Combinations of Security Associations
Key Management
Two types: Manual Automated
Oakley Key Determination Protocol( a refinement of the Difffie-HellProject Objectives and Plans man exchange algorithm)
Internet Security Association and Key Management Protocol (ISAKMP)
Key Management in IPsec
Generation and distribution of secret keys Manual
System admin configures keys (doesn’t scale well) Automated
Oakley Key Determination Protocol based on Diffie-Hellman
ISAKMP & IKE – Internet Security Association and Key Management Protocol & Internet Key Exchange
Default is referred to as ISAKMP/Oakley
Oakley
Key determination protocol, based on Diffie-Hellman algorithm with added security
Secret keys are created only when needed Key exchange requires no pre-exisitng structure, only an
agreement on global parameters Three authentication methods:
Digital signatures Public-key encryption Symmetric-key encryption
Oakley Algorithm
Characteristics: uses a method known as cookies to thwart clogging
attacks (See next slide) enables two parties to negotiate a group uses nonces to ensure against replay attacks enables the exchange of Diffie-Hellman public key
values authenticates Diffie-Hellman exchange to thwart
“man-in-the-middle” attack
Clogging Attacks
An opponent forges the source address of a legitimate user and send a public key to the victim.
The victim computes the secret key. Repeated messages can clog the victim’s system with
useless work. Cookie exchange requires that each side send a
pseudorandom number (cookie) in the initial message, which the other side acknowledges and repeats in the first message of the Diffie-Hellman key exchange.
If the source address was forged, the opponent gets no answer.
ISAKMP Internet Security Association and Key
Management Protocol (ISAKMP) provides framework for key management and specific
protocol supports defines procedures and packet formats to establish,
modify and delete security associations. Provides consistent independent of the key exchange
protocol, encryption algorithm and authentication mechanism
ISAKMP
IPsec Benefits Provides a level of security for all applications.
Allows deployment of new/emerging applications that may not have their own security.
Transparent to transport layer Transparent to end-users
No need for training, key issue, key revocation, etc. Can be provided to individual users where needed (e.g. off-
site workers) Extensible to new, stronger, cryptographic methods as these
become available
IPsec Drawbacks
Processing performance overhead Protection is applied to all traffic, though only a small
portion may be security-sensitive Blocks access to non-IPsec hosts Hosts must have security association
Not great for short-lived connections Requirement for pair-wise SA limits usefulness for
arbitrary Internet-based transactions Not practical for broadcast
Note on VPN concept
Private Network A set of computers connected together and
protected from the Internet (usually with a firewall)
Traditionally made up of LAN(s) within individual locations. If needed, wide area (e.g. inter-branch) connection is made by secure leased telecommunications lines.
Virtual Private Networks
(a) A leased-line private network. )b( A virtual private network.
Recommended Reading
Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995
Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley, 1994