IPsec: Internet Protocol Security

Chong, Luon, Prins, Trotter

What is IPsec?

• A collection of protocols for securing Internet Protocol (IP) communications by encrypting and authenticating all IP packets1

• Progressive standard• Defined in RFC 2401 thru 2409• Purpose:

– To protect IP packets– To provide defense against network

attacks1: From wikipedia.org

What is IPsec? (cont)

• Created November 1998• Created by the Internet Engineering Task

Force (IETF)• Deployable on all platforms

– Windows– Unix– Etc..

• Can be implemented and deployed on:– End hosts– Gateways– Routers– Firewalls

Protection Against Attacks

• Layer 3 (network) protection• Protects from:

– sniffers by encrypting data– data modifications by using

cryptography based checksums– identity spoofing, denial of service,

application layer, and password based attacks through mutual authentication

– man in the middle attacks by mutual authentication and cryptography based keys

How IPsec Works

• Services• Protocol Types• Key Protection• Components• Policy Based Security• Model Example

How IPsec Works: Services

• Security Properties– Non-repudiation & Authentication

• Public key certificate based authentication• Pre-shared key authentication

– Anti-replay• Key management• Diffie-Hellman Algorithm, Internet Key Exchange

(IKE)

– Integrity• Hash message authentication codes (HMAC)

– Confidentiality• Public key cryptography

How IPsec Works: Protocol Types

• Authentication header (AH)– Authentication, integrity, and anti-

replay– Placed between the IP layer and the

transport layer

Header Fields

Protection

How IPsec Works: Protocol Types (cont.)

• Encapsulating security payload (ESP)– Provides confidentiality in addition to

what AH provides– Has:

• Header• Trailer• Authentication Trailer

Header Fields

Protection

How IPsec Works: Components

• IPsec Policy Agent Service• Diffie-Hellman Algorithm• Internet Key Exchange (IKE)• Security Association (SA)

– Phase 1 SA– Phase 2 SA

• IPsec Driver

How IPsec Works: Key Protection

• Key lifetimes• Session key refresh limit• Perfect forward security (PFS)

How IPsec Works: Policy Based Security

• Rules• Filter list• Filter actions• Policy Inheritance• Authentication

How IPsec Works: Model Example

Practical Implementations

• LANs, WANs, and remote connections– VPNs for remote access– Dial-up setting to private networks– Where data security is critical

• Example: Hospital with patient data• Businesses with multiple sites

Suggested Readings

• http://en.wikipedia.org/wiki/IPSEC• http://www.ietf.org/rfc/rfc2401.txt• http://www.webopedia.com/TERM/I/IPsec.html• http://www.microsoft.com/windows2000/techinf

o/planning/security/ipsecsteps.asp

• Microsoft Windows 2000 Server TCP/IP Core Networking Guide