2. Chapter 16 – IP Security
If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom the secret was told.
—The Art of War, Sun Tzu

3. IP Security
have considered some application specific security mechanisms
eg. S/MIME, PGP, Kerberos, SSL/HTTPS
however there are security concerns that cut across protocol layers
would like security implemented by the network for all applications

4. IPSec general IP Security mechanisms provides authentication
confidentiality
key management
applicable to use over LANs, across public & private WANs, & for the Internet

5. Applications of IPSec
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security

6. Features of IPSec
Encrypt and /or authenticate all traffic at the IP level

7. IPSec Uses
Stallings Fig 16-1.

8. Benefits of IPSec
in a firewall/router provides strong security to all traffic crossing the perimeter
resistant to bypass if all traffic from the outside must use IP, and the firewall is the only means of entrance from the Internet into organization
is below transport layer, hence transparent to applications
can be transparent to end users
can provide security for individual users if desired

9. Routing Benefits Router advertisement comes from an authorized router
Neighbor advertisement comes from authorized router
Redirect message comes from the router to which the initial packet was sent
Routing update is not forged

10. IP Security Architecture
specification is quite complex
defined in numerous RFC’s
incl. RFC 2401/2402/2406/2408
many others, grouped by category
mandatory in IPv6, optional in IPv4

11. IPSec Documents RFC 2401 – An overview of a security architecture
RFC 2402 – Description of a packet authentication extension to IPv4 and IPv6
RFC – Description of a packet encryption extension to IPv4 and IPv6
RFC 2408 – Specification of Key Management capabilities

12. Security features are implemented as extension headers that follow main IP header
Extension header for authentication – Authentication Header
For encryption – Encapsulating Security Payload

13. Seven Groups of Document
Architecture
Encapsulating Security Payload
Authentication Header
Encryption Algorithm
Authentication Algorithm
Key Management
Domain of Interpretation (DOI)

14. Architecture – Covers the general concepts, security requirements, definitions, and mechanisms defining the IPSec technology
Encapsulating Security Payload (ESP) – Covers the packet format and general issues related to the use of the ESP for packet encryption
Authentication Header (AH) – Covers the packet format and general issues related to the use of AH

15. Encryption Algorithm – A set of documents that describe how various encryption algorithms are used for ESP
Authentication Algorithm - A set of documents that describe how various authentication algorithms are used for AH and for authentication option of ESP
Key Management – Documents that describe key management schemes
Domain of Interpretation (DOI) – Contains values needed for the other documents related to each other. Include identifiers for approved encryption and authentication algorithm, as well as operational parameters such as key life time

17. IPSec Services Access control Connectionless integrity
Data origin authentication
Rejection of replayed packets
a form of partial sequence integrity
Confidentiality (encryption)
Limited traffic flow confidentiality

19. Security Associations
a one-way relationship between sender & receiver that affords security services
identified by 3 parameters:
Security Parameters Index (SPI)
IP Destination Address – Unicast Address
Security Protocol Identifier – association is an AH or ESP
has a number of other parameters
seq no, AH & EH info, lifetime etc
have a database of Security Associations

20. Security Parameter Index (SPI)
A bit string
Carried in AH and ESP headers to enable the receiving system to select the SA

21. SA Parameters
Sequence Number Counter: A 32-bit value used to generate the sequence Number field in AH or ESP header.
Sequence Counter Overflow: A flag indicating whether overflow of the Sequence Number Counter should generate an auditable event and prevent further transmission of packets on this SA.
Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay

22. AH Information: Authentication Algorithm, keys, key lifetimes, and related parameters being used with AH
ESP Information: Encryption and Authentication Algorithm, keys, initialization values, key lifetimes, and related parameters being used with ESP
Lifetime of this Security Association: A time interval or byte count after which an SA must be replaced with a new SA or terminated, plus an indication of which of these actions should occur

23. IPSec Protocol Mode: Tunnel, transport, or wildcard
Path MTU: Any observed path maximum transmission unit and aging variable.

24. Transport Mode Provides protection for upper-layer protocol
Protection extends to the payload of an IP packet
Example: TCP, UDP, and ICMP
Used for end-to-end communication

25. ESP – encrypts and optionally authenticates the IP payload but not the IP header
AH – authenticates the IP payload and selected portions of the IP header

26. Tunnel Mode Protection to the entire IP packet
After the AH or ESP fields are added to the IP packet, the entire packet plus security fields is treated as the payload of new “outer” IP packet with a new outer IP header
Entire packet travels through a tunnel from one point of an IP network to another

27. Transport and Tunnel Mode

29. Authentication Header (AH)
provides support for data integrity & authentication of IP packets
end system/router can authenticate user/app
prevents address spoofing attacks by tracking sequence numbers
based on use of a MAC
HMAC-MD5-96 or HMAC-SHA-1-96
parties must share a secret key

30. Authentication Header
Stallings Fig 16-3.

31. Transport & Tunnel Modes
Stallings Fig 16-5.

34. Encapsulating Security Payload (ESP)
provides message content confidentiality & limited traffic flow confidentiality
can optionally provide the same authentication services as AH
supports range of ciphers, modes, padding
incl. DES, Triple-DES, RC5, IDEA, CAST etc
CBC most common
pad to meet block size, for traffic flow

35. Encapsulating Security Payload
Stallings Fig 16-7.

36. Transport vs Tunnel Mode ESP
transport mode is used to encrypt & optionally authenticate IP data
data protected but header left in clear
can do traffic analysis but is efficient
good for ESP host to host traffic
tunnel mode encrypts entire IP packet
add new header for next hop
good for VPNs, gateway to gateway security

38. Combining Security Associations
SA’s can implement either AH or ESP
to implement both need to combine SA’s
form a security bundle
have 4 cases (see next)

39. Combining Security Associations
Stallings Fig

40. Key Management handles key generation & distribution
typically need 2 pairs of keys
2 per direction for AH & ESP
manual key management
System admin manually configures every system
automated key management
automated system for on demand creation of keys for SA’s in large systems
has Oakley & ISAKMP elements

41. Oakley a key exchange protocol based on Diffie-Hellman key exchange
adds features to address weaknesses
cookies, groups (global params), nonces, DH key exchange with authentication
can use arithmetic in prime fields or elliptic curve fields

42. ISAKMP Internet Security Association and Key Management Protocol
provides framework for key management
defines procedures and packet formats to establish, negotiate, modify, & delete SA’s
independent of key exchange protocol, encryption alg, & authentication method

43. ISAKMP
Stallings Fig