Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security CSCE 813 IPsec

Published byDesirae Fagg Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Security CSCE 813 IPsec"— Presentation transcript:

1 Internet Security CSCE 813 IPsec
Can be added to either current version of IP IPv4 or IPv6 Provides security across protocol layers Security for many security ignorant applications

2 Reading Oppliger: Chapter 14 CSCE Farkas

3 Benefits of IPSec When implemented in a firewall or router, IPSec provides strong security to ALL TRAFFIC crossing the perimeter. Traffic within the perimeter does not incur security overhead. Cannot be bypassed (if all traffic must go through the firewall implementing IPSec) Transparent to applications Transparent to end users CSCE Farkas

4 IP Security Architecture
IPsec module 1 IPsec module 2 SPD SAD IKE IPsec SA Key functional areas: authentication, confidentiality and key management Very complex Support for these features is mandatory for IPv6 (optional for IPv4) Security features are implemented as extension headers that follow main IP header RFC 2401: Overview of Security Architecture RFC 2402: Desc. Of packet authentication extension to IPv4 and IPv6 RFC 2406: Desc. Of packet encryption extension to IPv4 and IPv6 RFC 2408: Specification of key management capabilities CSCE Farkas

5 IPSec Document Overview RFC 2401
Architecture Key Management DOI Authentication algs. Enryption algs. AH ESP Domain of Interpretation: contains values needed for the other documents to relate to each other. Includes indentifiers of approved enryption and authentication algs. Opeational paramenters CSCE Farkas

6 IPSec Services  AH ESP (encrypt.) ESP (Encrypt. & Auth.)
Access Control Connectionless integrity Data origin auth. Replay protection Confidentiality Traffic flow confidentiality CSCE Farkas

7 Security Association One-way relationship Identified by:
Security parameters index (SPI) IP destination address Security protocol identifier Security Association Database: SA parameters: sequence number counter, sequence number overflow, anti-replay window, AH information, ESP information, lifetime of SA, IPSec protocol mode, path MTU Security Policy Database: SA selectors: destination IP address, source IP address, UserID, Data Sensitivity Level, transport layer protocol, source and destination port SPI: a bit string assigned to SA and having local significance only. Carried in AH and ESP headers. Enables receiving system to select which SA to use with incoming traffic. IP destL currently only unicast addresses . Address of destination endpoint of SA (may be enuser, may be proxy, firewall, etc.) Sec. prot. identifierL whether AH or ESP SA. Path MTUL maximum transmissio unitL max. size of packet that can be transmitted without fragmentation SPD: compare values in IP packet to find appropriate entry in SPD, Find SA, Do required IPSEc processing. CSCE Farkas

8 Modes Transport Mode Tunnel Mode AH
Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet (inner header plus IP payload) plus selected portions of outer IP header and outer IPv6 extension headers ESP (encrypt. only) Encrypts IP payload and any IPv6 extension headers following the ESP header Encrypts entire inner IP packet ESP with Authentication (see above) plus authenticates IP payload but not IP header (see above) plus authenticates inner IP packet. Transport mode: protection for upper layer protocols Used for end-to-end connection between two hosts Payload: data following IP header or (IPv6: following Ip and extension headers) ESP: payload authentication but NOT IP Header AH ;both Tunnel mode: Protection to the entire IP packet. After AH or ESP fields are added, the entire packets plus security fields are treated as palyload. New outer IP header – needed for processing. One or both ends of SA are security gateways. (firewall or router implements IPSec. May serve number of hosts behind the firewal. Show msg. from host A to Host B CSCE Farkas

9 Encapsulating Security Payload (ESP)

10 ESP Confidentiality: Encryptor Integrity: Authenticator
Algorithm is determined by the Security Association (SA) Each ESP has at most: One cipher and one authenticator or One cipher and zero authenticator or Zero cipher and one authenticator or Disallowed: zero cipher and zero authenticator or CSCE Farkas

11 ESP Processing Depends on mode in which ESP is employed Both modes:
Cipher is authenticated Authenticated plain text is not encrypted Outbound: encryption happens first Inbound: authentication happens first CSCE Farkas

12 Protected Data Depends on the mode of ESP
Transport mode: Upper-layer protocol packet Tunnel mode: entire IP packet is protected CSCE Farkas

13 Scope of ESP Encryption and Authentication
Transport mode Authenticate Encrypt Orig. IP hdr ESP hdr. TCP Data ESP ESP auth. IPv4 Tunnel mode Authenticate Encrypt New IP hdr ESP hdr Orig. IP hdr TCP Data ESP trlr ESP auth CSCE Farkas

14 Outbound Processing ESP header inserted into the outgoing IP packet
Protocol field of IP header copied into Next header field of ESP Remaining fields of ESP filled (SPI, sequence number, pad, pad length) Protocol number of IP header is given the value ESP (50) Encrypt packet from the beginning of payload data to the next header field Authenticate packet form the ESP header, through the encrypted ciphertext to the ESP trailer and insert authentication data into ESP trailer Packet is routed to the destination CSCE Farkas

15 Inbound Processing Check for SA of the packet If no SA  drop packet
Otherwise: use valid SA to process the packet Check sequence number Invalid number  drop packet Authenticate cipher text Entire packet (without the authentication data) is processed by the authenticator Match generated data with authentication data No match  drop packet CSCE Farkas

16 Inbound Processing Decrypt ESP packet (from beginning on payload to the next header field) Check pad integrity Validate ESP mode using Next header field and decrypted payload CSCE Farkas

17 Authentication Header

18 Authentication Header (AH)
Does NOT provide confidentiality Provides: Data origin authentication Connectionless data integrity Prevents spoofing attack May provide: Non-repudiation (depends on cryptographic alg.) Anti-replay protection Precision of authentication: granularity of SA Protocol number: 51 CSCE Farkas

19 Authentication Data AH protects outer IP header (unlike ESP)
Computed by using Authentication algorithm (MD5, SHA-1) Cryptographic key (secret key) Sender: computes authentication data Recipient: verifies data CSCE Farkas

20 Scope of Authentication
Transport Mode Authenticates except for mutable fields IPv4 Orig. IP hdr AH TCP Data Tunnel Mode Authenticates except for mutable fields in NEW IP hdr New IP hdr AH Orig. IP hdr TCP data IPv4 CSCE Farkas

21 Integrity Check Values
Message Authentication Code is Calculated from: IP header fields that either do not change in transit or are predictable upon arrival – Fields that change and cannot be predicted are set to zero for the MAC calculation AH header -- other than the authentication data field Entire upper level protocol data Note: both source and destination address fields are protected CSCE Farkas

22 Combining Security Associations
CSCE Farkas

23 SA Bundle Individual SA: either AH or ESP but NOT BOTH
Some traffic flow needs both – HOW? Some traffic between host and security gateway requires different services than flow between security gateways Security Association Bundle: sequence of SAs through which traffic must be processed to provide a desired set of IPSec services SAs within a bundle may terminate at different end points CSCE Farkas

24 SA Combinations Transport adjacency: Iterated tunneling:
Applying more than one security protocol to the same IP packet without invoking tunneling. Allows 1 level of combination (all IPSec processing are performed at one IPSec instance) Iterated tunneling: Multiple layers of security protocols efected through IP tunneling Multiple levels of nesting (each tunnel may originate and terminate at different IPSec site) Combination of the two approaches above. CSCE Farkas

25 Transport Adjacency Two bundled transport Sas
Inner SA: ESP transport SA without authentication (encrypted IP payload) Outer SA: AH transport SA (covers ESP and the original IP header) CSCE Farkas

26 Transport-Tunnel Bundle
Authenticate before encrypting Inner SA: AH transport SA (authenticates the entire IP payload + IP header) Outer SA: ESP tunnel SA (entire authenticated packet is encrypted + new IP header) Advantages: Authentication data is protected by encryption Can store authentication information with the message (convenience) CSCE Farkas

27 Combining Security Associations
Possible combinations: AH in transport ESP in transport ESP followed by AH in transport Any 1,2,3 inside an AH or ESP tunnel Combining Security Associations Case 1: between end-systems Internet local intranet one or more SAs Figure from L. Buttyan CSCE Farkas

28 Combining Security Associations
Security provided: Only between gateways No host security Only single tunnel SA AH, ESP or ESP with authentication Combining Security Associations Case 2: between gateways only Internet local intranet single tunnel SA Figure from L. Buttyan CSCE Farkas

29 Combining Security Associations
End-to-end protection: Combinations for case 1 &2 allowed Gateway tunnel: authentication and confidentiality 3. Hosts: application specific IPSec Case 3: host-to-gateway (Case 2 + end-to-end security) Internet local intranet single tunnel SA One or two SAs Figure from L. Buttyan CSCE Farkas

30 Combining Security Associations
Remote host: Host: tunnel mode to firewall Combining Security Associations Case 4: remote host Internet local intranet Tunnel SA One or two SAs Figure from L. Buttyan CSCE Farkas

31 Next Class: Key Management ISAKMP Exchanges
CSCE Farkas

Download ppt "Internet Security CSCE 813 IPsec"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
Cryptography and Network Security

Cryptography and Network Security
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec

Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: email – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.

IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google