Chapter 16 – IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom the secret was told. —The Art of War, Sun Tzu

IP Security have considered some application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that cut across protocol layers would like security implemented by the network for all applications

IPSec general IP Security mechanisms provides authentication confidentiality key management applicable to use over LANs, across public & private WANs, & for the Internet

Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity with partners Enhancing electronic commerce security

Features of IPSec Encrypt and /or authenticate all traffic at the IP level

IPSec Uses Stallings Fig 16-1.

Benefits of IPSec in a firewall/router provides strong security to all traffic crossing the perimeter resistant to bypass if all traffic from the outside must use IP, and the firewall is the only means of entrance from the Internet into organization is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users if desired

Routing Benefits Router advertisement comes from an authorized router Neighbor advertisement comes from authorized router Redirect message comes from the router to which the initial packet was sent Routing update is not forged

IP Security Architecture specification is quite complex defined in numerous RFC’s incl. RFC 2401/2402/2406/2408 many others, grouped by category mandatory in IPv6, optional in IPv4

IPSec Documents RFC 2401 – An overview of a security architecture RFC 2402 – Description of a packet authentication extension to IPv4 and IPv6 RFC 2406 – Description of a packet encryption extension to IPv4 and IPv6 RFC 2408 – Specification of Key Management capabilities

Security features are implemented as extension headers that follow main IP header Extension header for authentication – Authentication Header For encryption – Encapsulating Security Payload

Seven Groups of Document Architecture Encapsulating Security Payload Authentication Header Encryption Algorithm Authentication Algorithm Key Management Domain of Interpretation (DOI)

Architecture – Covers the general concepts, security requirements, definitions, and mechanisms defining the IPSec technology Encapsulating Security Payload (ESP) – Covers the packet format and general issues related to the use of the ESP for packet encryption Authentication Header (AH) – Covers the packet format and general issues related to the use of AH

Encryption Algorithm – A set of documents that describe how various encryption algorithms are used for ESP Authentication Algorithm - A set of documents that describe how various authentication algorithms are used for AH and for authentication option of ESP Key Management – Documents that describe key management schemes Domain of Interpretation (DOI) – Contains values needed for the other documents related to each other. Include identifiers for approved encryption and authentication algorithm, as well as operational parameters such as key life time

IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality (encryption) Limited traffic flow confidentiality

Security Associations a one-way relationship between sender & receiver that affords security services identified by 3 parameters: Security Parameters Index (SPI) IP Destination Address – Unicast Address Security Protocol Identifier – association is an AH or ESP has a number of other parameters seq no, AH & EH info, lifetime etc have a database of Security Associations

Security Parameter Index (SPI) A bit string Carried in AH and ESP headers to enable the receiving system to select the SA

SA Parameters Sequence Number Counter: A 32-bit value used to generate the sequence Number field in AH or ESP header. Sequence Counter Overflow: A flag indicating whether overflow of the Sequence Number Counter should generate an auditable event and prevent further transmission of packets on this SA. Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay

AH Information: Authentication Algorithm, keys, key lifetimes, and related parameters being used with AH ESP Information: Encryption and Authentication Algorithm, keys, initialization values, key lifetimes, and related parameters being used with ESP Lifetime of this Security Association: A time interval or byte count after which an SA must be replaced with a new SA or terminated, plus an indication of which of these actions should occur

IPSec Protocol Mode: Tunnel, transport, or wildcard Path MTU: Any observed path maximum transmission unit and aging variable.

Transport Mode Provides protection for upper-layer protocol Protection extends to the payload of an IP packet Example: TCP, UDP, and ICMP Used for end-to-end communication

ESP – encrypts and optionally authenticates the IP payload but not the IP header AH – authenticates the IP payload and selected portions of the IP header

Tunnel Mode Protection to the entire IP packet After the AH or ESP fields are added to the IP packet, the entire packet plus security fields is treated as the payload of new “outer” IP packet with a new outer IP header Entire packet travels through a tunnel from one point of an IP network to another

Transport and Tunnel Mode

Authentication Header (AH) provides support for data integrity & authentication of IP packets end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers based on use of a MAC HMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret key

Authentication Header Stallings Fig 16-3.

Transport & Tunnel Modes Stallings Fig 16-5.

Encapsulating Security Payload (ESP) provides message content confidentiality & limited traffic flow confidentiality can optionally provide the same authentication services as AH supports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC most common pad to meet block size, for traffic flow

Encapsulating Security Payload Stallings Fig 16-7.

Transport vs Tunnel Mode ESP transport mode is used to encrypt & optionally authenticate IP data data protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic tunnel mode encrypts entire IP packet add new header for next hop good for VPNs, gateway to gateway security

Combining Security Associations SA’s can implement either AH or ESP to implement both need to combine SA’s form a security bundle have 4 cases (see next)

Combining Security Associations Stallings Fig 16-10.

Key Management handles key generation & distribution typically need 2 pairs of keys 2 per direction for AH & ESP manual key management System admin manually configures every system automated key management automated system for on demand creation of keys for SA’s in large systems has Oakley & ISAKMP elements

Oakley a key exchange protocol based on Diffie-Hellman key exchange adds features to address weaknesses cookies, groups (global params), nonces, DH key exchange with authentication can use arithmetic in prime fields or elliptic curve fields

ISAKMP Internet Security Association and Key Management Protocol provides framework for key management defines procedures and packet formats to establish, negotiate, modify, & delete SA’s independent of key exchange protocol, encryption alg, & authentication method

ISAKMP Stallings Fig 16-12.