6 IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
7 IP Security Overview Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity with partners Enhancing electronic commerce security
9 IP Security Overview Benefits of IPSec Transparent to applications (below transport layer (TCP, UDP) Provide security for individual users Additionally, IPSec can assure that: A router or neighbour advertisement comes from an authorized router A redirect message comes from the router to which the initial packet was sent A routing update is not forged
10 IP Security Architecture IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 RFC 2408: Specification of key management capabilities
12 IPSec Services Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiality
13 Security Associations (SA) A one way relationship between a sender and a receiver. Identified by three parameters: Security Parameter Index (SPI) IP Destination address Security Protocol Identifier
14 Transport Mode SATunnel Mode SA AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header ESP Encrypts IP payload and any IPv6 extension header Encrypts inner IP packet ESP with authentication Encrypts IP payload and any IPv6 extension header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet.
28 Key Management Two types: Manual Automated Oakley Key Determination Protocol Internet Security Association and Key Management Protocol (ISAKMP)
29 Internet Key Exchange (IKE) IKE=ISAKMP+Oakley automated system for on-demand creation and distribution of keys for enabling SA’s in large systems in a protected manner Typically SAs need 2 pairs of keys 2 per direction for AH & ESP Perfect forward secrecy desired D-H
30 Oakley A key exchange protocol based on Diffie- Hellman key exchange Adds features to address weaknesses cookies, groups (global parameters), nonces, DH key exchange with authentication Cookie generation criteria: must depend on the specific parties must not be possible for anyone other than the issuing entity to generate cookies that will be accepted by that entity cookie generation function must be fast to thwart attacks intended to sabotage CPU resources a hash over the IP source & destination address, the UDP source and destination ports and a locally generated secret random value
31 Oakley Three authentication methods: Digital signatures Public-key encryption Symmetric-key encryption
32 ISAKMP Internet Security Association and Key Management Protocol Provides framework for key management Defines procedures and packet formats to establish, negotiate, modify, & delete SAs Independent of key exchange protocol, encryption alg., & authentication method Phase 1: ISAKMP peers establish bi-directional secure channel using main mode or aggressive mode Phase 2: negotiation of security services for IPSec (maybe for several SAs) using quick mode; can have multiple Phase 2 exchanges, e.g., to change keys