1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

2

3 IPsec usage  Host to host  May use transport mode  May use tunnel mode  Security Gateway to Security Gateway  Must use tunneling  Host to/from security gateway  For traffic destined to security gateway (for example SNMP message) the gateway is operating as a host and transport mode may be used  Otherwise, if the gateway is operating as a gateway tunneling mode must be used

© Janice Regan,  IPv4 packet: Transport mode Authentication  IPv4 packet: Tunnel mode Authentication IPv4 AH Authentication authenticated Partially authenticated IPv4 header TCP header TCP data Authentication header IPv4 tunnel header authenticated Partially authenticated IPv4 header TCP header TCP data Authentication header

© Janice Regan, AH authentication algorithms HMAC with MD5RFC 2403 HMAC with SHA-1RFC 2404

© Janice Regan, Transport Mode Tunnel Mode IPsec: ESP New IP header TCP header TCP data IP header ESP header ESP trailer ESP auth encrypted authenticated Not encrypted or authenticated TCP header TCP data IP header ESP header ESP trailer ESP auth

© Janice Regan, ESP authentication algorithms HMAC with MD5RFC 2403 HMAC with SHA-1RFC 2404 Null Authentication

© Janice Regan, ESP encryption algorithms DES in CBC modeRFC 2405 Null Encryption

© Janice Regan, Security Associations (1)  An SA describes one simplex connection.  If you are using both AH and ESP you need one SA for each.  For two way communication you need one SA for each direction  Three parameters used to uniquely define a security association (SA).  destination address  security protocol (AH or ESP)  Security parameters index (SPI)

© Janice Regan, Security Association (2)  SAs are stored in a database The SAD (Security Associations Database) also includes the following information:  Mode of communication (transport or tunnel)  Sequence Number Counter  Anti-Replay Window: to determine whether an inbound AH or ESP packet is a replay.  AH Authentication algorithm type, keys, etc. OR ESP Encryption algorithm and / or authentication, algorithm types, keys etc.  Lifetime of this Security Association

© Janice Regan, Encryption  Source uses an encryption key and a particular encryption algorithm to encrypt the data  The data is inserted into a packet and sent to the receiver  The receiver uses a decryption key to decrypt the data. If the keys match the decrypted data is readable otherwise it is not.  The keys may be secret or private keys, or public keys  Private key encryption is often used for long messages public key encryption for short messages. Short messages may include sending private keys in preparation for transmission of longer messages.

© Janice Regan, Secret or private keys  Private or secret keys are known only by the sender and receiver. The decryption key is the same as or derivable from the encryption key.  Secret key encryption may also be called symmetric encryption because the same key can be used in both directions  High security, difficult to decrypt without the key.

© Janice Regan, Secret or private keys  Requires many keys (one for each pair of users)  Uses an efficient encryption algorithm  Popular example DES, data encryption standard  How do you distribute keys?  Use public key encryption  A central distribution centre

© Janice Regan, Public keys (1)  Each user has a public key and a private key  Fewer keys needed (pair for each user, not each pairing of users).  Public key is used to encrypt the message, private key is used to decrypt the message. Private key is not easily derivable from the public key  Sender encrypts using the receiver’s public key  Only receiver can decrypt using its own private key  RSA is an example of this approach.

© Janice Regan, Public keys (2)  Encryption/Decryption process is more computationally intensive than private key encryption  Must verify (authenticate) announced public key of a user  Verification may be done by a central authority (pairs users and keys and issues certificates)

© Janice Regan, Digital Signature  Used for authentication, integrity and non repudiation (anti replay)  Use private key encryption to sign (encrypt the document or digest) the packet.  Use public key to verify signature (decrypt the document). Since only the sender knows its private key this provides authentication

© Janice Regan, Digital Signature  A message signed using a senders private key (known only by that user) indicates that the message comes from that user  Changes to the message between the sender and the receiver require knowledge of the private key, or they will in all likelihood render the message unreadable at the destination  Signature alone does not provide confidentiality, anyone can decrypt using the senders public key

© Janice Regan, Digital Signature  Used for authentication, integrity and non repudiation  Can sign entire document or digest of the document.  Algorithms such as SHA1 and MD5 are used to make digests of the document  Can sign the digest rather than the whole document

© Janice Regan, Digital Signature  To sign the digest rather than the whole document  The sender uses a hash function to produce a digest of the document with a fixed size  Usually use MD5 (message digest 5) or SHA-1 (secure hash algorithm 1)  The sender encrypts the digest with her private key  The sender sends the document including the encrypted digest

© Janice Regan, Digital Signature  To sign the digest rather than the whole document  The receiver creates a digest of the document using the same algorithm as the sender  The receiver decrypts the digest appended to the document using the senders public key  The receiver compares the calculated digest to the decrypted digest from the received message. They must match for the signature to be valid

© Janice Regan, With VPN  New encapsulation  Shared keys (all users behind VPN use same key)  Dangerous (one user can hijack traffic, can have man in the middle attack)