Presentation is loading. Please wait.

Presentation is loading. Please wait.

406 NW’98 1 © 1998, Cisco Systems, Inc. IPSec Loss of Privacy Security Threats Impersonation Loss of Integrity Denial of Service m-y-p-a-s-s-w-o-r-d.

Published byTrevor Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "406 NW’98 1 © 1998, Cisco Systems, Inc. IPSec Loss of Privacy Security Threats Impersonation Loss of Integrity Denial of Service m-y-p-a-s-s-w-o-r-d."— Presentation transcript:

1

2 406 NW’98 1 © 1998, Cisco Systems, Inc. IPSec

3 Loss of Privacy Security Threats Impersonation Loss of Integrity Denial of Service m-y-p-a-s-s-w-o-r-d d-a-n Deposit $ 1000 Bank Customer Deposit $ 100 I’m Bob, Send Me all Corporate Correspondence with Cisco Bob CPU telnet foo.bar.org username: dan password: 2 © 1998, Cisco Systems, Inc. 406 NW’98

4 406 NW’98 3 © 1998, Cisco Systems, Inc. Challenges of Data Confidentiality Protect confidentiality of data over an untrusted network Ensure identity of users and systems Scale from small to very large networks Implement a manageable public key infrastructure

5 406 NW’98 4 © 1998, Cisco Systems, Inc. What Is IPSec? Network layer encryption and authentication Open standards for ensuring secure private communications Provides a necessary component of a standards-based, flexible solution for deploying a network-wide security policy

6 406 NW’98 5 © 1998, Cisco Systems, Inc. Benefits of IPSec Standard for privacy, integrity and authenticity for networked commerce Implemented transparently in the network infrastructure End-to-end security solution including routers, firewalls, PCs and servers

7 406 NW’98 6 © 1998, Cisco Systems, Inc. IPsec Everywhere! Router to Router PC to Router PC to Server Router to Firewall PC to Firewall

8 406 NW’98 7 © 1998, Cisco Systems, Inc. Keyed Hashing for Authentication Message “Secret Key” Hash Function Hash Function Secret key and message are hashed together Recomputation of digest verifies that message originated with peer and that message was not altered in transit Hash

9 406 NW’98 8 © 1998, Cisco Systems, Inc. Diffie-Hellman Key Exchange (1976) By Openly Exchanging Non-Secret Numbers, Two People Can Compute a Unique Shared Secret Number Known Only to Them

10 406 NW’98 9 © 1998, Cisco Systems, Inc. Grounds of Diffie-Hellman gone large prime number (generator) g is made public g Rcomputing g R is fast Rg Rcomputing R from g R is much more difficult modulus (prime), p Rmodular arithmetic (mod p) actually used => nearly impossible to get back R

11 406 NW’98 10 © 1998, Cisco Systems, Inc. Diffie-Hellman Public Key Exchange X A Private Value, X A Y A Public Value, Y A X B Private Value, X B Y B Public Value, Y B (shared secret) AliceBob Y B X A X B X A X B X A X A X B X B X A Y A X B Y B X A = (g X B ) X A = g X B X A = g X A X B = (g X B ) X A = Y A X B mod p YAYAYAYA YBYBYBYB Y B Y B = g mod p XBXBXBXB Y A Y A =g mod p XAXAXAXA

12 406 NW’98 11 © 1998, Cisco Systems, Inc. Using Certificates Certificate Authority (CA) verifies identity CA signs digital certificate containing device’s public key Certificate equivalent to an ID card Internet B A N K

13 406 NW’98 12 © 1998, Cisco Systems, Inc. A digital certificate contains: Serial number of the certificate Issuer algorithm information Valid to/from date User public key information Signature of issuing authority Digital Certificate 0000123 RSA, 3837829… 1/1/93 to 12/31/98 Alice Smith, Acme Corp RSA, 3813710… Acme Corporation, Security Dept. RSA, 2393702347… 0000123 RSA, 3837829… 1/1/93 to 12/31/98 Alice Smith, Acme Corp RSA, 3813710… Acme Corporation, Security Dept. RSA, 2393702347…

14 406 NW’98 13 © 1998, Cisco Systems, Inc. How peers work with CA ? CA’s own certificate signed by CA 0. peer generates public/private key pair 1. peer fetches CA’s certificate 2. peer transmits its public key 3. peer’s certificate signed by CA 4. peer fetches its certificate Strong or human authentication needed for steps 1. and 2. Strong or human authentication needed for steps 1. and 2.

15 406 NW’98 14 © 1998, Cisco Systems, Inc. Certification Authority CA is a software main purpose of CA = sign certificates after valid authentication private key of CA is the ‘most secret’ key CA can be offline or online CA is used only: –on installation –public key changes –renewal of certificates

16 406 NW’98 15 © 1998, Cisco Systems, Inc. How to scale CA ? a root CA can delegate authentication to lower CA root CA own certificate signed by root CA lower CA certificate signed by root CA router certificate signed by lower CA certificates chain of router root lower CA

17 406 NW’98 16 © 1998, Cisco Systems, Inc. How to scale CA ? beside this hierarchical scheme there is a meshed one CA role can be split: publication authority: CRL storage local registration authority: very similar to lower CA

18 406 NW’98 17 © 1998, Cisco Systems, Inc. What worth is a certificate ? certificate are signed by CA private key ==> secure the private key own key pairs can be compromised ==> corresponding certificate must be revocated (black list = CRL Certificate Revocation List)

19 406 NW’98 18 © 1998, Cisco Systems, Inc. Certificate Revocation List List of revoked certificates signed by CA Stored on CA or directory service No requirement on devices to ensure CRL is current Revoked Cert 12345 Cert 12241 Cert 22333

20 406 NW’98 19 © 1998, Cisco Systems, Inc. Defining the Terms PKCS—Public Key Cryptography Standards PKIX—Public Key Infrastructure Working group CEP—Certificate enrollment protocol. Used by Cisco to enroll certificates

21 406 NW’98 20 © 1998, Cisco Systems, Inc. PKCS Standards Created by RSA to ensure interoperability Important PKCS for IPSec: PKCS #1: RSA signature definition PKCS #7: Digitally signed or enveloped messages PKCS #10: Certification requests

22 406 NW’98 21 © 1998, Cisco Systems, Inc. IETF Public Key Infrastructure Working Group (PKIX) Facilitate the use of X.509 certificates in multiple applications, including IPSec, S/Mime, Web Promote interoperability

23 406 NW’98 22 © 1998, Cisco Systems, Inc. Certificate Enrollment Protocol Lightweight protocol to support certificate life cycle operations Uses PKCS #7 and #10 Transaction-oriented request / response protocol Transport-mechanism independent Requires manual authentication during enrollment

24 406 NW’98 23 © 1998, Cisco Systems, Inc. IPSec Description

25 406 NW’98 24 © 1998, Cisco Systems, Inc. IPSec Security Services Data integrity Data origin authentication Replay prevention Confidentiality Limited traffic flow confidentiality

26 406 NW’98 25 © 1998, Cisco Systems, Inc. Tunnel and Transport Modes Transport mode for end-to-end session Tunnel mode for everything else Transport Mode Tunnel Mode

27 406 NW’98 26 © 1998, Cisco Systems, Inc. IPsec Modes IP HDR may be encrypted IP HDR Data IPsec HDR Data IP HDR Data IPsec HDR IP HDR New IP HDR may be encrypted Data Tunnel Mode Transport Mode

28 406 NW’98 27 © 1998, Cisco Systems, Inc. IPsec: Authentication Header RFC 1826 Aug ‘95 without anti-replay RFC 2085 Feb ‘97 with anti-replay Authentication Header, AH additional header inside the IP datagram MD5 can be used (RFC 1828), or … (currently IETF drafts)

29 406 NW’98 28 © 1998, Cisco Systems, Inc. IPsec AH (Cont.) IP header Auth. headerother headers and payloads IP header other headers and payloads secret key Digital signature (RFC 1828 = MD5) Original IP datagram Authenticated IP datagram

30 406 NW’98 29 © 1998, Cisco Systems, Inc. IPsec Encapsulating Security Payload RFC 1827 Aug ‘95 Encapsulation Security Payload, ESP confidentiality of whole IP datagram (tunnel) TCP or UDP payload only (transport) DES can be used (RFC1829) or … (currently IETF drafts) also with authentication in ESP

31 406 NW’98 30 © 1998, Cisco Systems, Inc. IPsec ESP Transport (Cont.) Can be used end to end, between host ESP Transport ‘tunnel’ Sniffers are defeated

32 406 NW’98 31 © 1998, Cisco Systems, Inc. IPsec ESP Transport IP header ESP headerother headers and payloads IP header other headers and payloads secret key Original IP datagram IP datagram with transport ESP Encryption algorithm ESP trailer

33 406 NW’98 32 © 1998, Cisco Systems, Inc. IPsec ESP Tunnel (Cont.) Usually between firewalls for VPN ESP Transport ‘tunnel’ Sniffers are defeated Sniffing possible

34 406 NW’98 33 © 1998, Cisco Systems, Inc. IPsec ESP Tunnel (Cont.) Or between client and firewall mainly for VPDN ESP Transport ‘tunnel’ Sniffers are defeated Sniffing possible

35 406 NW’98 34 © 1998, Cisco Systems, Inc. IPsec ESP Tunnel IP header other headers and payloads secret key Original IP datagram IP datagram with tunnel ESP Encryption algorithm new IP header ESP header IP header other headers and payloads new IP header New IP header built by tunnel end ESP trailer

36 406 NW’98 35 © 1998, Cisco Systems, Inc. Security Association (SA) Agreement between two entities on a security policy, including: Encryption algorithm Authentication algorithm Shared session keys SA lifetime Unidirectional. Two-way communication consists of two SAs Router Firewall

37 406 NW’98 36 © 1998, Cisco Systems, Inc. Internet Key Exchange (IKE) AKA: ISAKMP + Oakley

38 406 NW’98 37 © 1998, Cisco Systems, Inc. IPsec needs IKE IPsec SA needs for all peers: - which transform - which key IKE IKE IPsec protocols ESP, AH IKE protocol Transform, key material

39 406 NW’98 38 © 1998, Cisco Systems, Inc. IKE Negotiates policy to protect communication Authenticated Diffie-Hellman key exchange Negotiates (possibly multiple) security associations for IPSec

40 406 NW’98 39 © 1998, Cisco Systems, Inc. Perfect Forward Secrecy (PFS) Compromise of a single key will permit access to only data protected by that particular keyCompromise of a single key will permit access to only data protected by that particular key IKE provides PFS if required by using Diffie-Hellman for each rekey If PFS not required, can refresh key material without using Diffie Hellman

41 406 NW’98 40 © 1998, Cisco Systems, Inc. IKE Authentication Signatures Encrypted nonce’s Pre-shared key

42 406 NW’98 41 © 1998, Cisco Systems, Inc. Initiating New Connections Establish IKE SA—“Main mode” IKE Establish IPSec SA—“Quick mode” Multiple quick modes for each main mode IPSec Send protected data Data

43 406 NW’98 42 © 1998, Cisco Systems, Inc. How IPSec Uses IKE Alice’s router 1. Outbound packet from Alice to Bob. No IPSec SA 2. Alice’s IKE begins negotiation with Bob’s IKE IPSec Bob’s router 4. Packet is sent from Alice to Bob protected by IPSec SA IPSec 3. Negotiation complete. Alice and Bob now have complete set of SAs in place IKE IKE Tunnel

44 406 NW’98 43 © 1998, Cisco Systems, Inc. Creating an IKE SA Negotiate IKE parameters DES MD5 RSA Sig DH1 DES MD5 RSA Sig DH1 DES MD5 RSA Sig DH1 DES MD5 RSA Sig DH1 DES SHA Pre-shared DH1 DES SHA Pre-shared DH1 Exchange DH Numbers YBYBYBYB YAYAYAYA Exchange Certificates and check CRL Home-gw 10.1.2.3 Pent-gw 26.9.0.26 CRL Exchange signed data for authentication

45 406 NW’98 44 © 1998, Cisco Systems, Inc. Creating IPSec SA—Quick Mode Requires IKE SA to be in place IKE SA Negotiate IPSec parameters DES MD5 DH1 DES MD5 DH1 DES MD5 DH1 DES MD5 DH1 DES SHA DH1 DES SHA DH1 Local Policy { Create shared session key Exchange DH numbers for PFS or Exchange nonces for quick rekey YAYAYAYA YBYBYBYB Data

46 406 NW’98 45 © 1998, Cisco Systems, Inc. Overlapping Security Associations Multiple, overlapping security associations Selectable with extended access lists SA-1 protects Net A to B Bob Alice SA-2 protects Alice to IBM Net B Net A

47 406 NW’98 46 © 1998, Cisco Systems, Inc. Dynamic Crypto Maps Enables easy configuration for remote clients Crypto map template created without defining a peer If incoming IPSec SA request is accepted, then a temporary crypto map entry is created

48 406 NW’98 47 © 1998, Cisco Systems, Inc. Different Keys Everywhere Ensure Confidential Communications in an unsecured Network U N I V E R S I T Y

49 406 NW’98 48 © 1998, Cisco Systems, Inc. Define Sensitive Traffic for Each

50 406 NW’98 49 © 1998, Cisco Systems, Inc. Enable Mobile Users with L2TP and IPSec anyIPSec protects traffic from remote sites to the enterprise using any application IPSec may be combined with L2TP or L2F Travelers can access the network as securely as they would in the office IPSec L2TP or L2F

Download ppt "406 NW’98 1 © 1998, Cisco Systems, Inc. IPSec Loss of Privacy Security Threats Impersonation Loss of Integrity Denial of Service m-y-p-a-s-s-w-o-r-d."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Virtual Private Networks

Virtual Private Networks
Secure Mobile IP Communication

Secure Mobile IP Communication
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

Similar presentations

Ads by Google