Encapsulation Security Payload Protocol Lan Vu

OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet processing 7.Why ESP? 8.Security Considerations 9.ESP Performance Impacts 10.Conclusion

INTRODUCTION AND TERMS Internet Protocol Security (IPSec): a security function implemented at the IP level of the protocol stack. Security Association (SA): is used to track a given communication session. It defines the information about the traffic security protocol, the authentication algorithm, and the encryption algorithm to be used. Also, it gives the information on data flow, lifetime of the SA and sequence numbering to guard against replay attacks.

ESP OVERVIEW ESP protocol (i.e. traffic security protocol) is used in an IPsec transmitted over IP. ESP is identified by protocol number 50. ESP provides optional services to provide the protection for anything such as authentication, encryption, and integrity check for IP datagrams. It operates on a per-packet basis. + Encryption scrambles the data packet to prevent unauthorized people from reading the message. + Authentication verifies that the source address was not forged. + Anti replay mechanism ensures the packet was not tampered while in route to its destination.

ESP OVERVIEW (cont.) The desired services to be used are selectable upon establishment of the security association (SA). Encryption is selectable independent of any other services. If encryption is enabled, then integrity check and authentication should be turned on as well. If only encryption is used, intruders could forge packets in order to mount a cryptanalytic attack.

ESP PACKET FORMAT There is an ESP header, an ESP trailer, and ESP authentication data. The payload is located (encapsulated) between the header and the trailer, which gives the protocol its name.

PACKET FIELDS The ESP packet contains the following fields: Security Parameter Index (SPI) This field is 32 bits in length Sequence Number This 32-bit field is an increasing counter, and again follows the AH definitions. It is used to prevent replay attacks. Payload Data + This field is mandatory. + It consists of a variable number of bytes of data described by the Next Header field. + PD is encrypted with the cryptographic algorithm selected during SA establishment. If the algorithm requires initialization vectors (CBC), they will be included here as well. + Algorithms supported: –DES (CBC) – TDEA (three key) –IDEA – Three key triple IDEA –CAST – Blowfish –RC5

PACKET FIELDS (CONT.) Padding: ie. to ensure that the bits to be encrypted are a multiple of blocksize Authentication Data + This optional field is variable in length. + Authenticate packet using MD5 or SHA-1 with a key (i.e. HMAC) or without a key to create a unique “hash” or “digest” of the contents of the packet. + IP header is not covered in the AD + The AD is calculated from the SPI to the Next Header field inclusive.

ESP MODES Transport Mode Here the ESP header is inserted immediately after the IP header. The ESP trailer and the optional authentication data are appended to the payload. In transport mode, ESP neither authenticates nor encrypts the IP header. But this mode has a low computational overhead.

ESP MODES (CONT.) Tunnel Mode Here, a new IP packet is made with a new IP header. ESP/Transport is then applied and the original datagram is the payload for the new packet. If authentication and encryption have been initiated, the packet is protected. However, the new IP header is not protected.

ESP PACKET PROCESSING Sender Processes: 1.Look up SA 2.Packet encryption and authentication data +Encapsulate the original next layer protocol information or the entire original IP datagram +Add necessary padding +Encrypt the result using the key and encryption algorithm mode specified in SA +Compute the authenticate data over the ESP packet using hash functions. 3.Generate sequence number

ESP PACKET PROCESSING Receiver Processes: 1.Determines the appropriate SA 2.Verify sequence number 3.Verify the decryption and authentication + Decrypts and integrity check the ESP payload data, padding, pad length, and next header using the key, algorithm, algorithm mode indicated by SA + If the check fail, discard the packet and log the SPI value, date/time received, source address, destination address, the sequence number. + Process any padding + Check the next header field, if the value is “59”, the packet is discard. + Extract the original IP datagram or transport-layer fram from the ESP Payload Data field.

WHY ESP? Data origin authentication is a security service that verifies the identity of the claimed source of data Confidentiality is the security service that protects data from unauthorized parties. + the disclosure of application level data is protected by encrypting the payload data. + the disclosure of external characteristics of communication, also known as the traffic-flow confidentiality that is support by concealing source and destination addresses, message length, or frequency of communication. Anti-replay detects arrival of duplicate IP datagram (using sliding receive window). It is supported by the sequence number which is an unsigned 32-bit field contains a monotonically increasing counter value in ESP header

SECURITY CONSIDERATIONS The quality of the security provides by this ESP mechanism depends on -The strength of the implemented cryptographic algorithms - The strength of the key being used -The correct implementation of the cryptographic algorithms -The security of the key management protocol -The correct implementation of IP -Several security mechanisms in all of the participating systems. The ESP protocol is described as a security service focuses only on the IP layer. Not solve the secure of the system.

SECURITY CONSIDERATIONS (cont.) Advantage: + Higher-level services protect a single protocol. + Lower level services protect a single medium. Therefore, Can protect any protocol running above IP and any medium which IP runs over. + Attacks on higher-level protocols more difficult. Limitations + Not end-to-end + Authenticate machine not users + Does not stop traffic analysis In general, to provide an effective security environment, one should consider the combination of different mechanisms and algorithms as well as weight the strength and weakness for each of them to meet his or her needs.

PERFORMANCE IMPACTS The encapsulating security approach used by ESP can noticeably impact network performance in participating systems 1.Protocol processing in participating systems will be more complex when encapsulating security is used, requiring both more time and more processing power. 2.Use of encryption will also increase the communications latency. The increased latency is primarily due to the encryption and decryption required for each IP datagram containing an Encapsulating Security Payload

Conclusion Encapsulating Security Payload covers packet format and general issues for packet encryption. It offers the security service at the IP layer. Hence, it could be used in the conjunction with other security mechanisms in designing robust distributed systems.

REFERENCES 1. R. Atkinson. IP encapsulating security payload (ESP). Request for Comments (Proposed Standard) RFC 1827, Internet Engineering Task Force, August FreeS/Wan Project S. Kent and R. Atkinson. IP Encapsulating Security Payload. Request for Comments (2406), Internet Engineering Task Force, November R. Anderson. Security Engineering. A Guide to Building Dependable Distributed Systems. Wiley, p.378, IPSEC and Windows 2000: a step by step guide