IPSecurity

Overview The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets Layer), and others. However, users have some security concerns that cut across protocol layers. For example, an enterprise can run a secure, private TCP/IP network by disallowing links to untrusted sites, encrypting packets that leave the premises, and authenticating packets that enter the premises. By implementing security at the IP level, an organization can ensure secure networking not only for applications that have security mechanisms but also for the many security-ignorant applications.

IP Security..___...____...._____.....______........... Functional Areas Authentication Confidentiality Key Management

IP Security Authentication mechanism assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header. In addition, this mechanism assures that the packet has not been altered in transit. Confidentiality facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. The key management facility is concerned with the secure exchange of keys.

Applications of IP Security..___...___....____........... Provide Secure Connection Across 1 MAN LAN WAN

Applications of IP Security..___...___....____........... Secure Remote Access over the Internet 2

Applications of IP Security..___...___....____........... Establish Extranet and Intranet connectivity 3

Applications of IP Security..___...___....____........... Enhancing Electronic commerce security 4

Applications of IP Security..___...___....____........... Router Applications Router Advertisement (new) Router Advertisement (maintenances) Not forged update

Benefits of IP Security..___..._____....______........... IPsec in Router IPsec in Firewall Its below transport layer, so no need to change existing security mechanism Transparent to End-user IPsec for individual users

IPSecirity Scenario

IP Security Architecture..___..._____...._____........... RFC 2401: An overview of security architecture RFC 2402: Packet Authentication Extension RFC 2406: Packet Encryption Extension RFC 2408: Key Management capabilities Two security Header Extension Encapsulating Security Payload (ESP) Authentication Header (AH) services Access control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiality

IPSec Services IPSec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. Two protocols are used to provide security: An authentication protocol designated by the header of the protocol, Authentication Header (AH); and A combined encryption/authentication protocol designated by the format of the packet for that protocol, Encapsulating Security Payload (ESP).

Security Association…___...._____.....______........... A one-way relationship between sender & receiver Uniquely identified by: SA Parameters Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier A bit string assigned to this SA. Carried in AH and ESP to enable the receiver to select SA. The address of the destination endpoint of the SA. Indicates whether the association is an AH or ESP Security Association. Sequence Number Counter Sequence Counter Overflow Path MTU AH Information ESP Information Anti-Replay Window IP Security Mode Lifetime of this Security Association

IPSec Modes Transport Mode Transport Mode provides a secure connection between two endpoints as it encapsulates IP's payload. Tunnel Mode Tunnel Mode encapsulates the entire IP packet to provide a virtual "secure hop" between two gateways. Used to form a traditional VPN, where the tunnel generally creates a secure tunnel across an un-trusted Internet.

Authentication Header…__......___........_____........... Provides support for Data Integrity and Authentication Ensures that modification to a packet content in transit is not possible. Enables End-System to Authenticate the User or Application Prevents Address Spoofing Attack Guards against reply attack

Authentication Header…__......___........_____........... Data integrity Authentication Reply Protection MAC Secret shared key Sequence Number

Authentication Header…__......___........_____........... Fields: Next Header: Identify the type of header immediately following this header (could be TCP or UDP header, based on application) Payload Length: Length of authentication header in 32 bit word minus 2 Reserved: For future use (set to 0) Security Parameter index: Identifies Security Association Rules Sequence Number: Monotonically increasing counter value(number of messages Sent using the current SA) Authentication Data: Contains Integrity Check Value(ICV), Eg. MAC

Authentication Header…__......___........_____...........

Authentication Header…__......___........_____........... ICV (Integrity Check Value) It’s a Message Authentication Code Calculated over the entire packet — including most of the headers. The recipient recomputes the same hash; Mismatched values mark the packet as either damaged in transit, or not having the proper secret key. These are discarded.

Authentication Header…__......___........_____........... Anti-Reply Service Protects against Reply Attack Based on Sequence Number Sequence number cycle : 232 – 1 When this limit is reached, negotiate new SA Inbound processing when a packet is received

Authentication Header…__......___........_____........... Transport Mode IP Header TCP Data IP Header AH TCP Data

Authentication Header…__......___........_____........... Tunnel Mode IP Header TCP Data New IP Header AH Original IP Header TCP Data

Encapsulating Security Payload.....__......___.......... Fields: Next Header: Identify the type of header immediately following this header (could be TCP or UDP header, based on application) Security Parameter index: Identifies Security Association Rules Sequence Number: Monotonically increasing counter value(number of messages Sent using the current SA) Payload Data: Transport level data or IP packet Padding: 0-255 Bytes Pad Length: number of pad bytes Authentication Data: Contains Integrity Check Value(ICV)

Encapsulating Security Payload.....__......___..........

Encapsulating Security Payload.....__......___.......... Transport Mode IP Header TCP Data IP Header ESP TCP Data ESP Trailer ESP Authentication Encrypted

Encapsulating Security Payload.....__......___.......... Tunnel Mode

Combining Security Association.....__......___.......... Individual SA can implement either the AH or ESP protocol but not both. Some traffic flow require services provided by both AH & ESP Security Association Bundle: It refers to a sequence of SAs through which traffic must be processed to provide a desired set of IPSec services. The SAs in a bundle may terminate at different or same end-points Security Association Bundle Transport Adjacency: Refers to applying more than one security protocol to the same IP packet, without invoking tunneling. Iterated tunneling: Refers to the application of multiple layers of security protocols effected through IP tunneling. Each tunnel can originate or terminate at a different IPSec site along the path.

Combining Security Association.....__......___.......... Transport Adjacency:

Combining Security Association.....__......___.......... Iterated tunneling:

Combining Security Association.....__......___.......... Iterated tunneling with different End Point:

Combining Security Association.....__......___.......... Authentication Plus Confidentiality Transport mode ESP: Authentication and Encryption apply to the IP payload, IP header is not protected. Tunnel mode ESP: Applies to entire IP packet. Possible Combinations: a: AH in transport mode b: ESP in transport mode c: ESP followed by AH in transport mode d: a, b, c inside an AH or ESP in tunnel mode

Key Management......_____.........______.......... Oakley Key Determination Protocol Refinement over Diffie-Hellman key exchange algorithm Features: Secret keys are created only when needed Requires no pre-existing infrastructure Weaknesses: Doesn’t provide any info regarding identity of parties Subject to man in the middle attack

Key Management......_____.........______.......... Man in the Middle Attack Clogging Attack

Key Management......_____.........______.......... Oakley Features Cookies to thwart clogging attack Enables two parties to negotiate group Use nonces to ensure against reply attack

Key Management......_____.........______.......... Oakley Authentication Methods Digital Signature Public key Encryption Symmetric key Encryption