Internet Security CSCE 813 IPsec. CSCE 813 - Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Internet Protocol Security (IP Sec)
Internet Security CSCE 813 IPsec
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Header and Payload Formats
Security at the Network Layer: IPSec
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec – IKE CS 470 Introduction to Applied Cryptography
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.
Internet Key Exchange. IPSec – Reminder SPI SA1 2 3 …… SAD.
Cryptography and Network Security
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.
CSCE 715: Network Systems Security
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
1 Lecture 16: IPsec IKE history of IKE Photurus IKE phases –phase 1 aggressive mode main mode –phase 2.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
IPSEC : KEY MANAGEMENT PRESENTATION BY: SNEHA A MITTAL(121427)
IPSec VPN: How does it really work? Yasushi Kono (ComputerLinks Frankfurt)
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
1 Internet Key Exchange Rocky K. C. Chang 20 March 2007.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
CSE 4905 IPsec II.
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
Cryptography and Network Security
Presentation transcript:

Internet Security CSCE 813 IPsec

CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition, Chapter 6 Related readings (not required) – IPSec Architecture RFC 2401 – ISAKMP RFC 2408 – IKE RFC 2409 – HMAC RFC 2104

IPSec Overview IPSec can be added to either IPv4 or IPv6 Supported functionalities: authentication, confidentiality, and key management Scope of authentication: entire packet (tunnel mode) or entire packet minus the IP header (transport mode) Confidentiality: can be supported in either mode. Flexible Key Management CSCE Farkas3

Internet Key Exchange

CSCE Farkas5 IKE Goal: create security association between 2 hosts Two phases: – 1st phase establishes security association (IKE-SA) for the 2nd phase Always by authenticated Diffie-Hellman (expensive) – 2nd phase uses IKE-SA to create actual SAs to be used by AH and ESP Use keys derived in the 1st phase to avoid DH exchange Operates only in “quick” mode –To create a fresh key, hash old DH value and new nonces

CSCE Farkas6 Properties What properties are needed? – Authentication – Secrecy – Forward Secrecy (Perfect FS) – Prevent replay of old key material – Prevent denial of service – Protect identities from eavesdroppers

CSCE Farkas7 Key Management in IPSec Manual key management System administrator manually configures each system with its own keys – not scalable Automated key management On-demand creation of keys for the SAs – scalable for large, distributed systems

CSCE Farkas8 Internet Key Exchange ISAKMP/Oakley – Oakley key determination protocol Based on Diffie-Hellman Added security (e.g., authentication) Does not dictated specific format – ISAKMP – Internet Security Association and Key Management Protocol Framework for key management Specific protocol support (format, negotiation, etc.)

CSCE Farkas9 Diffie-Hellman Key Exchange Prior agreement of two parameters: g and p A selects random integer a, B selects random integer b Protocol g a mod p g b mod p A B Alice, Bob compute g ab mod p not known to anyone else

CSCE Farkas10 Problems with DH No information about identities Subject to a man-in-the-middle type attack Computationally extensive: vulnerable to a clogging attack – Attacker sends fake DH messages to a victim from a forged IP address – Victim starts performing modular exponentiations to compute a secret key – Victim can be blocked with useless work

CSCE Farkas11 Added Security Features of Oakley Cookie exchange: thwart clogging attacks – Properties: depends on specific parties, impossible to anyone else to generate cookies, fast – hash(src IP addr, dst IP addr, src UDP port, dst UDP port, local secret) Ensure that the responder is stateless until initiator produced at least 2 messages – Responder’s state (IP addresses and ports) is stored in an un- forgeable cookie and sent to initiator – After initiator responds, cookie is regenerated and compared with the cookie returned by the initiator – The cost is 2 extra messages in each execution

CSCE Farkas12 Added Security Features of Oakley Nonces: detect replay attacks Authenticates the DH exchange – Digital signatures, public key encryption, or symmetric key encryption Support negotiation of the global parameters for the DH exchange – DH groups: global parameters and identity of algorithms

Key Exchange Identities: not secret Derived key: PFS Two modes: – Main mode: 5 messages, protects IDs – Aggressive mode: 3 messages, does not protect IDs Multiple variations, see The OAKLEY Key Determination Protocol, CSCE Farkas13

CSCE Farkas14 Aggressive Oakley Example – CKY I : I’s cookie – OK_KEYX: key exchange message type – GRP: DH group, g x, g y : public key of init. and resp., g xy : session key – EHAO/EHAS: encryption, hash, authentication alg. offered/selected – NIDP: indicates encryption is not used for remainder of this message – N: nonce, ID: identifier, – S KI [X] I  R: CKY I,OK_KEYX, GRP, g x, EHAO, NIDP, ID I, ID R, N I, S KI [ ID I || ID R || N I || GRP || g x || EHAO] R  I: CKY R, CKY I, OK_KEYX, GRP, g y, EHAS, NIDP, ID R, ID I, N R, N I, S KR [ ID R || ID I || N R || N I || GRP || g x || g y || EHAS] I  R: CKY I, CKY R, OK_KEYX, GRP, g x, EHAS, NIDP, ID I, ID R, S KI [ ID I || ID R || N I || N R || GRP || g x || g y || EHAS]

CSCE Farkas15 ISAKMP Defines procedures and packet formats to – Establish – Negotiate – Modify – Delete security associations

CSCE Farkas16 ISAKMP Header Format Next payload Mj ver Mn Ver Exchange type Flags Message ID Length Initiator cookie Responder cookie Next payload ReservedPayload length payload ISAKMP header Generic payload header

CSCE Farkas17 Payload Types Security Association (SA) Proposal (P) – info used during SA negotiation, e.g., protocol type, sender’s SPI, # of transforms Transform (T) – defines the security transform to be used, transform # (ids the payload), transform id (specific transforms) Key exchange (KE) – key exchange techniques Identification (ID) – identity of the communicating peers Certificate (CR) – public-key certificate (X.509. Kerberos, etc.) Hash (HASH) Signature (SIG) Nonce (NONCE) Notification (N) Delete (D)

CSCE Farkas18 Base Exchange Allows key exchange and authentication material to be transmitted together Minimizes number of exchanges Does not provide ID protection Protocol: 1. I  R : SA; NONCE 2. R  I : SA; NONCE 3. I  R : KE; ID I ; AUTH 4. R  I : KE; ID R ; AUTH 1-2: cookies + SA establish; nonce: replay protection 3-4: key materials and IDs

CSCE Farkas19 Identity Protection Exchange Expands the Base exchange to protect user IDs. Protocol: 1. I  R : SA 2. R  I : SA 3. I  R : KE; NONCE 4. R  I : KE; NONCE 5. I  R : ID I ; AUTH 6. R  I : ID R ; AUTH 1-2: establish SA 3-4: key exchange + replay protection 5-6: authentication + optional certificate

CSCE Farkas20 Authentication Only Exchange Perform mutual authentication without key exchange Protocol: 1. I  R : SA; NONCE 2. R  I : SA; NONCE; ID R ; AUTH 3. I  R : ID I ; AUTH 1-2: establish SA + responder send his/her ID + authenticate the msg. 3: I’s authenticated ID

CSCE Farkas21 Aggressive Exchange Minimize number of exchanges Does not provide ID protection Protocol: 1. I  R : SA; KE; NONCE; ID I 2. R  I : SA; KE; NONCE; ID R ; AUTH 3. I  R : AUTH 1:I proposes an SA + begins key exchange + I’s ID. 2: R indicates acceptance of SA + completes key exchange + authentication 3: Authentication

CSCE Farkas22 Informational Exchange One-way transmittal of information for SA management Error or status notification – Invalid payload type, invalid protocol ID, payload malformed, authentication failed, invalid signature, etc. – Connected, responder-lifetime, replay status, initial contact Protocol 1. I  R : N/D

CSCE Farkas23 Next Class: Transport layer security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.