Embed Size (px)
Citation preview
IPS
ec and VP
N
INF
O 404 –
Lecture 1706/05/2009
Protecting D
ata with IP
Sec (1)
•IP
Sec
–S
tands for Internet Protocol S
ecurity •
For IP
v4 and IPv6 ⇨
Netw
ork layer –
Provides authentication and encryption of data
–P
rovides authentication and encryption of data across IP
-based networks
–A
security framew
ork that allows secure
comm
unication between 2 entities using
appropriate algorithms
–M
anages and secures authentication, authorization, confidentiality, packet anti-replay
7 –A
pplication
6 –P
resentationA
pplication
5-
Session
4 -Transport
Transport
3 -N
etwork
←
IPS
ec →Internetw
ork
IPS
ec in OS
I Reference M
odel (left) vs. TC
P/IP
M
odel (right)
←
IPS
ec →
2 -D
ata LinkN
etwork Interface
1 -P
hysical
Protecting D
ata with IP
Sec (2)
•IP
Security (IP
Sec)
to avoid unauthorized captured data–
Com
promising keys: shared key
–S
poofing: IP @
, packet sequence numbers,
other personal information to create new
other personal inform
ation to create new
packets appear coming from
actual user com
puter–
Modifying
data–
Attacking
applications: attackers add own
software to packets and use packets to
introduce software into destination com
puter
Protecting D
ata with IP
Sec (3)
•D
igitally signingand encrypting
data before transm
ission•
IPS
ec encrypts the information in IP
datagrams
by encapsulating
it so that even if the packets are captured, none of the data inside can be readcaptured, none of the data inside can be read
•IP
based-protocol, it provides end-to-end encryption
•Interm
ediatesystem
s, such as routers, treat the encrypted partof the packets purely as payload
•P
rotocols besides IPS
ec, such as SS
L or TLS
, application-layer protocols that can encrypt only specific types of traffic (W
eb)
IPS
ecS
ervices (1)
–IE
TF
(Internet Engineering T
ask Force )
security architecture & a set of protocols (see
references) and algorithms that provide
security services for IP traffic
•S
ecurity protocols : Authentication H
eader &
Encapsulating S
ecurity Payload
•S
ecurity Associations
•K
ey Managem
ent Service
•A
uthentication and encryption algorithms
IPS
ecS
ervices (2)
•A
uthentication Header (A
H)
–E
stablishes identity of the message sender
and ensures that the transmitted data has not
been tampered w
ithbeen tam
pered with
–E
ncapsulating Security P
ayload (ES
P)
•S
ame as A
H +
defines data encryption methods
IPS
ecS
ervices (3)
•S
ecurity Association
–C
ontract or negotiation between 2
comm
unicating entities defining security param
eters to use during IPS
ec param
eters to use during IPS
ec com
munication
•C
iphering algorithms &
IPS
ec protocols•
Keys &
key validity•
…
–O
ne way =
Sim
plex
IPS
ecS
ervices (4)
•K
ey Managem
ent Service
–U
sually Internet Key E
xchange (IKE
) securely establishes and passes shared keys betw
een sitesbetw
een sites–
Keys can also be passed m
anually
IPS
ecA
rchitecture
Takenfrom
: http://technet.m
icrosoft.com/en-us/library/bb726946
.aspx
IPS
ecA
pplication
•U
sed for LAN
s, WA
Ns, Internet
–U
sed to build secure tunnel over open netw
ork such as Virtual P
rivate Netw
ork (V
PN
s)(V
PN
s)–
Branch office connectivity
–R
emote access
–C
onnectivity with partners: Intranet
•U
sually in border routers and/or firewalls
IPS
ec Functions (1)
•K
ey generation–
2 C both m
ust access to shared encryption key: D
iffie–Hellm
analgorithm
to compute shared key
•C
ryptographic checksums
–cryptographic keys to calculate checksum
for –
cryptographic keys to calculate checksum for
data in each packet, called a Hash M
essage A
uthentication Code
(HM
AC
)–
HM
AC
in combination w
ith Message D
igest 5(M
D5) and H
MA
C in com
bination with S
ecure H
ash Algorithm
-1(S
HA
1): •
SH
A1 160-bit key and M
D5 128-bit key
•S
HA
1 in US
A for high-level security requirem
ent
IPS
ec Functions (2)
•M
utual authentication–
C authenticate e/o to establish a trust relationship
–K
erberos in Window
s, digital certificates, or pre-shared key
•R
eplay prevention•
Replay prevention
–R
eplay even when data in packets is encrypted
–IP
Sec prevents replay by assigning a sequence
number to each packet: anti-replay services
•IP
packet filtering–
IPS
ec includes its own packet filtering m
echanism:
prevent DoS
attacks: port, @, protocol
Detail of A
H and E
SP
Protocols (1)
•T
wo protocols that provide different types
of security for network com
munications
–IP
Authentication H
eader(A
H)
–IP
Encapsulating S
ecurity Payload
(ES
P)
–IP
Encapsulating S
ecurity Payload
(ES
P)
Detail of A
H and E
SP
Protocols (2)
IP A
uthentication Header
(AH
)•
Does not encrypt the data in IP
packets, but it does provide authentication, anti-replay, and integrity servicesreplay, and integrity services
•A
H by itself or in com
bination with E
SP
•A
H alone provides basic security services,
with relatively low
overhead
Detail of A
H and E
SP
Protocols (3)
IP A
uthentication Header
Detail of A
H and E
SP
Protocols (4)
•N
ext Header
–code specifying the protocol that generated header im
mediately follow
ing the A
H header,
–codes specified by the Internet A
ssigned Num
bers Authority ( IA
NA
).–
IPS
ec is using AH
alone, this field contains the code for the protocol that generated the datagram
’s payload. Which ones?
•P
ayload LengthS
pecifies the length of the AH
header•
Reserved U
nused•
Reserved U
nused•
Security P
arameters Index
–defines the datagram
’s security association = a list of security m
easures, negotiated by the com
municating C
s•
Sequence N
umber
–form
1 in first packet using a particular security association, and increm
ented by 1 in every subsequent packet using the same security
association–
the same sequence num
bers are discarded•
Authentication D
ata–
integrity check value (ICV
) that the sending computer calculates, based
on selected IP header fields, the A
H header, and the datagram
’s IP
payload
Detail of A
H and E
SP
Protocols (5)
IP E
ncapsulating Security P
ayload(E
SP
)•
Actually encrypts the data in an IP
datagram
•E
SP
also provides authentication, integrity, •
ES
P also provides authentication, integrity,
and anti-replay services•
Inserts header and trailer, surround the datagram
’s payload: encrypts all data follow
ing the ES
P header, up to and
including ES
P trailer
Detail of A
H and E
SP
Protocols (6)
ES
P•
By itself or in com
bination with A
H•
Maxim
um possible security for a data
transmission
transmission
•IC
V, it calculates the value only on the
information betw
een the ES
P header and
trailer; no IP header fields
Detail of A
H and E
SP
Protocols (7)
IP E
ncapsulating Security P
ayload
Detail of A
H and E
SP
Protocols (8)
Security P
arameters Index
–value that com
bine packet’s destination IP @
and its security protocol (AH
or ES
P),
defines datagram’s security association.
Sequence N
umber
–value that starts at 1 in the first packet using a particular security association, and is increm
ented by 1 in every subsequent packet using the same security association.
–D
uplicates are discardedP
ayload Data
–C
ontains TC
P, U
DP
, or ICM
P inform
ation carried inside the original IP datagram
–C
ontains TC
P, U
DP
, or ICM
P inform
ation carried inside the original IP datagram
Padding
–added to P
ayload Data field to ensure P
ayload Data has a boundary required by the
encryption algorithmP
ad Length–
Specifies the num
ber of bytes of padding the system added to the P
ayload Data field to
fill out 32-bit word
Next H
eader –
code specifying the protocol generated the header imm
ediately following the E
SP
header, specified by IA
NA
–A
lmost all cases, code for the protocol that generated the datagram
’s payload: which
ones?A
uthentication Data
–IC
V based on the inform
ation after the ES
P header, up to and including the E
SP
trailer.
Transport M
ode (1)
•T
ransport Mode: protect com
munications
between com
puters on NW
–T
wo end system
s must support IP
Sec but
intermediate system
s (such as routers) need interm
ediate systems (such as routers) need
not–
All of A
H and E
SP
protocols applies to transport m
ode
Transport M
ode (2)
Takenfrom
: http://technet.m
icrosoft.com/en-us/library/bb726946
.aspx#EC
AA
Tunnel M
ode (1)
•T
unnel mode designed provide security for W
AN
connections–
particularly Virtual P
rivate Netw
ork(V
PN
) connections, via the Internet as a com
munications m
edium–
tunnel mode connection, end system
s do not support and implem
ent the IP
Sec protocols
–B
ut routers at both ends of the WA
N connection
–B
ut routers at both ends of the WA
N connection
–T
he tunnel mode com
munications process proceeds as follow
s:
1.C
on one of PN
transmit data using standard, unprotected IP
datagrams
2.P
ackets reach router that provides access to WA
N, encapsulates using
IPS
ec, encrypting and hashing data3.
Router transm
its encapsulated packets to destination router at end of the W
AN
connection4.
Destination router verifies packets by calculating and com
paring ICV
s, and decrypts it if necessary
5.D
estination router repackages information in packet into standard,
unprotected IP datagram
s and transmits to destination(s) on P
N
Tunnel M
ode (2)
•IP
Sec uses a different packet structure in
tunnel mode
–C
reate entirely new datagram
and use it to encapsulate the existing datagram
.encapsulate the existing datagram
.–
Original datagram
, inside new datagram
, rem
ains unchanged. The IP
Sec headers are
part of the outer datagram, w
hich exists only to get the inner datagram
from one router to
the other.Tunnel M
ode (3)
Takenfrom
: http://technet.m
icrosoft.com/enus/library/bb726946.
aspx#EC
AA
Virtual P
rivate Netw
ork (1)•
VP
N objectives
–S
ecurity•
End-to-end security (authentication and, optionally, privacy) for host
connecting to a private network over untrusted public interm
ediate N
Ws
•S
ecurity for private NW
-to-NW
comm
unication over un-trusted interm
ediate NW
sinterm
ediate NW
s
–C
onnectivity: authorized sites, new users, m
obile users
–S
implicity and cost effective: transparency for user, sim
ple for use of application via V
PN
–Q
uality: Can provide Q
oS via S
LAs
•V
PN
basic functions–
Mem
bership discovery (identity, authorization)
–E
stablishment of secure tunnel (path) in netw
ork
Virtual P
rivate Netw
ork (2)
•T
unnelling–
encapsulating data of one protocol inside the data field of another protocol at:
–layer 2 (E
thernet @ across LA
N): P
ortion of VP
N connecting
internal sites (Intranet)–
layer 3 (routers for IP inform
ation): Portion of V
PN
connecting –
layer 3 (routers for IP inform
ation): Portion of V
PN
connecting external sites (E
xtranet)
–P
oint-to-Point T
unneling Protocol(P
PT
P)
•P
PP
for tuneling IP and non-IP
packets
–Layer 2 T
unneling Protocol(L2T
P)
•M
erge PP
TP
and the Layer 2 Forw
arding Protocol (L2F
P)
•IP
and non-IP packets over IP
NW
–IP
Security
(IPS
ec)
Different V
PN
s (1)
•T
wo types
–R
emote-A
ccess–
Site-to-S
ite
29
Different V
PN
s (2)
••R
emote
Rem
ote--Access
Access
–U
se the local dialup infrastructures of Internet S
ervice Providers. A
llows m
obile workers to
take advantage of broadband connectivity
30
take advantage of broadband connectivity and secure rem
ote comm
unication
Different V
PN
s (3)••
Site
Site--toto--S
iteS
ite–
Alternative to W
AN
infrastructure to connect branch offices, hom
e offices, or business partners' sites to all or portions of a com
pany's network
31
company's netw
ork–
WA
N requirem
ents-(multiple protocols, high
reliability, and extensive scalability—but)
more cost-effectively and m
ore flexible–
Public Internet or IS
P netw
orks
Rem
ote-Access and S
ite-to-Site
VP
N (4)
32Taken from: http://computer.howstuffworks.com/vpn3.htm
Advantages of V
PN
•Inexpensive alternative to W
AN
over leased lines
•P
rovide security support––
privacyprivacy
over the Internet.
33 ––encapsulateencapsulate
different insecure protocols: IP, 802.1
•E
asy to use–
Mobile user should understand protocol ->
transparent S
SH
tunnel with an internal IP
address
•R
esource consolidation
Disadvantage of V
PN
•N
eed time and expertise for setup
•D
ifficult to troubleshoot•
Sm
all performance overhead
–encapslation/decapsulation
34
–encapslation/decapsulation
•V
PN
Interoperability
Security provided by V
PN
•C
onfidentiality, Integrity, Authenticity
•E
ncryption to secure comm
unications–
IPS
ec–
SS
H
35
–S
SH
–O
ther
•S
ecurity depends on underlying protocols
Design C
hoice
•H
ardware vs. S
oftware
•A
ll hardware
•A
ll software
•B
oth
•E
xamples
36 •E
xamples
–G
ateway to gatew
ay–
Softw
are (end user) to gateway
VP
N C
onfiguration: SS
H over P
PP
(1)
•P
oint-to-Point P
rotocol over Secure S
hellS
ecure Shell
–S
SH
connection client to server–
PP
P daem
ons comm
unicates through SS
H
37VP
N C
onfiguration: SS
L over PP
P
(2)•
Point-to-P
oint Protocol over S
ecure S
ocket Layer••
Secure S
ocket LayerS
ecure Socket Layer
(SS
LS
SL)
–H
ost Authentication +
Certification
38
–H
ost Authentication +
Certification
VP
N C
onfiguration: SS
L over PP
P
(3)•
Initial Handshake
–“H
ello”: SS
L Version, C
ipher choices, …
•S
ession Key determ
ined •
SS
L Connection established
39 •S
SL C
onnection established–
Data transferred over P
PP
VP
N C
onfiguration: Other (4)
•V
ia Concentrator
–A
ccepts connections from V
PN
peer concentrator
–S
uppress overhead in gateways
40
–S
uppress overhead in gateways
••Layer 2 T
unneling Protocol
Layer 2 Tunneling P
rotocol(L2TP
L2TP
)–
If supported by router–
Often com
bined with IP
Sec for highest security
References
1.R
FC
2401: Security A
rchitecture for the Internet Protocol
:http://ww
w.ietf.org/rfc/rfc2401.txt
2.R
FC
2402: IP A
uthentication Header
3.R
FC
2406: IP E
ncapsulating Security P
ayload (ES
P)
4.R
FC
2408: Internet Security A
ssociation and Key
4.R
FC
2408: Internet Security A
ssociation and Key
Managem
ent Protocol (IS
AK
MP
) 5.
RF
C 2409: T
he Internet Key E
xchange (IKE
)6.
http://technet.microsoft.com
/en-us/library/bb726946.aspx#E
CA
A7.
http://ww
w.tldp.org/H
OW
TO
/VP
N-H
OW
TO
/8.
http://ww
w.cisco.com
/en/US
/tech/tk583/tk372/technologies_tech_note09186a0080094865.shtm
l
