Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security CSCE 813 IPsec. CSCE 813 - Farkas2 Reading Oppliger: Chapter 14.

Similar presentations

Presentation on theme: "Internet Security CSCE 813 IPsec. CSCE 813 - Farkas2 Reading Oppliger: Chapter 14."— Presentation transcript:

1 Internet Security CSCE 813 IPsec

2 CSCE Farkas2 Reading Oppliger: Chapter 14

3 CSCE Farkas3 Benefits of IPSec When implemented in a firewall or router, IPSec provides strong security to ALL TRAFFIC crossing the perimeter. Traffic within the perimeter does not incur security overhead. Cannot be bypassed (if all traffic must go through the firewall implementing IPSec) Transparent to applications Transparent to end users

4 CSCE Farkas4 IP Security Architecture IPsec module 1 IPsec module 2 SPD SAD SPD IKE IPsec SA RFC 2401: Overview of Security Architecture RFC 2402: Desc. Of packet authentication extension to IPv4 and IPv6 RFC 2406: Desc. Of packet encryption extension to IPv4 and IPv6 RFC 2408: Specification of key management capabilities

5 CSCE Farkas5 IPSec Document Overview RFC 2401 Architecture Key Management DOI Authentication algs. Enryption algs. AH ESP

6 CSCE Farkas6 IPSec Services AHESP (encrypt.) ESP (Encrypt. & Auth.) Access Control  Connectionless integrity  Data origin auth.  Replay protection  Confidentiality  Traffic flow confidentiality 

7 CSCE Farkas7 Security Association One-way relationship Identified by: – Security parameters index (SPI) – IP destination address – Security protocol identifier Security Association Database: – SA parameters: sequence number counter, sequence number overflow, anti-replay window, AH information, ESP information, lifetime of SA, IPSec protocol mode, path MTU Security Policy Database: – SA selectors: destination IP address, source IP address, UserID, Data Sensitivity Level, transport layer protocol, source and destination port

8 CSCE Farkas8 Modes Transport ModeTunnel Mode AHAuthenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet (inner header plus IP payload) plus selected portions of outer IP header and outer IPv6 extension headers ESP (encrypt. only) Encrypts IP payload and any IPv6 extension headers following the ESP header Encrypts entire inner IP packet ESP with Authenticati on (see above) plus authenticates IP payload but not IP header (see above) plus authenticates inner IP packet.

9 Encapsulating Security Payload (ESP)

10 CSCE Farkas10 ESP Confidentiality: Encryptor Integrity: Authenticator Algorithm is determined by the Security Association (SA) Each ESP has at most: – One cipher and one authenticator or – One cipher and zero authenticator or – Zero cipher and one authenticator or – Disallowed: zero cipher and zero authenticator or

11 CSCE Farkas11 ESP Processing Depends on mode in which ESP is employed Both modes: – Cipher is authenticated – Authenticated plain text is not encrypted Outbound: encryption happens first Inbound: authentication happens first

12 CSCE Farkas12 Protected Data Depends on the mode of ESP – Transport mode: Upper-layer protocol packet – Tunnel mode: entire IP packet is protected

13 CSCE Farkas13 Scope of ESP Encryption and Authentication Orig. IP hdr ESP hdr. TCPDataESPESP auth. IPv4 Transport mode Authenticate Encrypt New IP hdr ESP hdr Orig. IP hdr TCPDataESP trlrESP auth Encrypt Authenticate Tunnel mode

14 CSCE Farkas14 Outbound Processing 1. ESP header inserted into the outgoing IP packet a. Protocol field of IP header copied into Next header field of ESP b. Remaining fields of ESP filled (SPI, sequence number, pad, pad length) c. Protocol number of IP header is given the value ESP (50) 2. Encrypt packet from the beginning of payload data to the next header field 3. Authenticate packet form the ESP header, through the encrypted ciphertext to the ESP trailer and insert authentication data into ESP trailer 4. Packet is routed to the destination

15 CSCE Farkas15 Inbound Processing 1. Check for SA of the packet a. If no SA  drop packet b. Otherwise: use valid SA to process the packet 2. Check sequence number a. Invalid number  drop packet 3. Authenticate cipher text a. Entire packet (without the authentication data) is processed by the authenticator b. Match generated data with authentication data c. No match  drop packet

16 CSCE Farkas16 Inbound Processing 4. Decrypt ESP packet (from beginning on payload to the next header field) a. Check pad integrity 5. Validate ESP mode using Next header field and decrypted payload

17 Authentication Header

18 CSCE Farkas18 Authentication Header (AH) Does NOT provide confidentiality Provides: – Data origin authentication – Connectionless data integrity – Prevents spoofing attack May provide: – Non-repudiation (depends on cryptographic alg.) – Anti-replay protection Precision of authentication: granularity of SA Protocol number: 51

19 CSCE Farkas19 Authentication Data AH protects outer IP header (unlike ESP) Computed by using – Authentication algorithm (MD5, SHA-1) – Cryptographic key (secret key) Sender: computes authentication data Recipient: verifies data

20 CSCE Farkas20 Scope of Authentication Orig. IP hdrAHTCPData IPv4 Authenticates except for mutable fields in NEW IP hdr Transport Mode Tunnel Mode IPv4 New IP hdr AHOrig. IP hdr TCPdata Authenticates except for mutable fields

21 CSCE Farkas21 Integrity Check Values Message Authentication Code is Calculated from: – IP header fields that either do not change in transit or are predictable upon arrival – Fields that change and cannot be predicted are set to zero for the MAC calculation – AH header -- other than the authentication data field – Entire upper level protocol data Note: both source and destination address fields are protected

22 CSCE Farkas22 Combining Security Associations

23 CSCE Farkas23 SA Bundle Individual SA: either AH or ESP but NOT BOTH Some traffic flow needs both – HOW? Some traffic between host and security gateway requires different services than flow between security gateways Security Association Bundle: – sequence of SAs through which traffic must be processed to provide a desired set of IPSec services – SAs within a bundle may terminate at different end points

24 CSCE Farkas24 SA Combinations Transport adjacency: – Applying more than one security protocol to the same IP packet without invoking tunneling. – Allows 1 level of combination (all IPSec processing are performed at one IPSec instance) Iterated tunneling: – Multiple layers of security protocols efected through IP tunneling – Multiple levels of nesting (each tunnel may originate and terminate at different IPSec site) Combination of the two approaches above.

25 Transport Adjacency Two bundled transport Sas 1. Inner SA: ESP transport SA without authentication (encrypted IP payload) 2. Outer SA: AH transport SA (covers ESP and the original IP header) CSCE Farkas25

26 Transport-Tunnel Bundle Authenticate before encrypting 1. Inner SA: AH transport SA (authenticates the entire IP payload + IP header) 2. Outer SA: ESP tunnel SA (entire authenticated packet is encrypted + new IP header) Advantages: Authentication data is protected by encryption Can store authentication information with the message (convenience) CSCE Farkas26

27 CSCE Farkas27 Combining Security Associations Case 1: between end-systems Internet local intranet local intranet one or more SAs Figure from L. Buttyan Possible combinations: 1.AH in transport 2.ESP in transport 3.ESP followed by AH in transport 4.Any 1,2,3 inside an AH or ESP tunnel

28 CSCE Farkas28 Combining Security Associations Case 2: between gateways only Internet local intranet local intranet single tunnel SA Figure from L. Buttyan Security provided: 1.Only between gateways 2.No host security 3.Only single tunnel SA 4.AH, ESP or ESP with authentication

29 CSCE Farkas29 Combining Security Associations Case 3: host-to-gateway (Case 2 + end-to-end security) Internet local intranet local intranet single tunnel SA One or two SAs Figure from L. Buttyan End-to-end protection: 1.Combinations for case 1 &2 allowed 2.Gateway tunnel: authentication and confidentiality 3.Hosts: application specific IPSec

30 CSCE Farkas30 Combining Security Associations Case 4: remote host Internet local intranet Tunnel SA One or two SAs Figure from L. Buttyan Remote host: 1.Host: tunnel mode to firewall

31 CSCE Farkas31 Next Class: Key Management ISAKMP Exchanges

Download ppt "Internet Security CSCE 813 IPsec. CSCE 813 - Farkas2 Reading Oppliger: Chapter 14."

Similar presentations

Ads by Google