Upload
rupesh-mishra
View
340
Download
3
Tags:
Embed Size (px)
DESCRIPTION
IPSec us a network security protocol
Citation preview
IPSec - IPSec - OverviewOverview
Mr. Rupesh Mishra St. Francis Institute of Tech
1
OutlineOutline• Introduction
• IPSec Architecture
• Internet Key Exchange (IKE)
• IPSec Policy
• Discussion
2
IP is not Secure!IP is not Secure!• IP protocol was designed in the late
70s to early 80s
o Part of DARPA Internet Project
o Very small network
• All hosts are known!
• So are the users!
• Therefore, security was not an issue
3
Security Issues in IPSecurity Issues in IP
• source spoofing - DOS Attack
• replay packets - Replay Attack
• No data integrity - Modification
• No confidentiality - Spying
4
What is IPSecWhat is IPSec
• A set of protocol and algorithm used to
secure IP data and network layer
• Open standard for VPN implementation
• Inbuilt in IPV6 and compatible with IPV4
5
Goals of IPSecGoals of IPSec• to verify sources of IP packets
o authentication
• to prevent replaying of old packets
• to protect integrity and/or confidentiality of
packetso data Integrity/Data Encryption
6
OutlineOutline• Why IPsec?
• IPSec Architecture
• Internet Key Exchange (IKE)
• IPsec Policy
• Discussion
7
The IPSec Security The IPSec Security ModelModel
8
Secure
Insecure
IPSec ArchitectureIPSec Architecture
9
ESP AH
IKE
IPSec Security Policy
Encapsulating SecurityPayload
Authentication Header
The Internet Key Exchange
IPSec ArchitectureIPSec Architecture
• IPSec provides security in three
situations:o Host-to-host, host-to-gateway and gateway-to-gateway
• IPSec operates in two modes:o Transport mode (for end-to-end)
o Tunnel mode (for VPN)
10
IPsec ArchitectureIPsec Architecture
11
Tunnel ModeRouter Router
Transport Mode
Various PacketsVarious Packets
12
IP header
IP header
IP header
TCP header
TCP header
TCP header
data
data
data
IPSec header
IPSec header IP header
Original
Transportmode
Tunnelmode
Security Association Security Association (SA)(SA)
13
• Specification of security for the
communication
• Specification of key , algorithm , policy , etc
• Unidirectional
• SADB
ISAKMPISAKMP
14
• Defines the procedure for security
association
• SA and Key Management
IPSecIPSec• A collection of protocols (RFC 2401)
o Authentication Header (AH)
• RFC 2402
o Encapsulating Security Payload (ESP)
• RFC 2406
o Internet Key Exchange (IKE)
• RFC 2409
o IP Payload Compression (IPcomp)
• RFC 3137
15
Authentication Header Authentication Header (AH)(AH)
• Provides source authentication
o Protects against source spoofing
• Provides data integrity
• Protects against replay attacks
o Use monotonically increasing sequence
numbers
o Protects against denial of service attacks
• NO protection for confidentiality!16
AH DetailsAH Details• Use 32-bit monotonically increasing
sequence number to avoid replay attacks
• Use cryptographically strong hash
algorithms to protect data integrity (96-bit)
o Use symmetric key cryptography
o HMAC-SHA-96, HMAC-MD5-96
17
AH Packet DetailsAH Packet Details
18
Authentication Data
Sequence Number
Security Parameters Index (SPI)
Nextheader
Payloadlength Reserved
Old IP header (only in Tunnel mode)
TCP header
New IP header
Authenticated
Data
EncapsulatedTCP or IP packet
Hash of everythingelse
Encapsulating Encapsulating Security Payload Security Payload
(ESP)(ESP)• Provides all that AH offers, and
• in addition provides data confidentialityo Uses symmetric key encryption
19
ESP DetailsESP Details• Same as AH:
o Use 32-bit sequence number to counter replaying attacks
o Use integrity check algorithms
• Only in ESP:o Data confidentiality:
• Uses symmetric key encryption algorithms to encrypt
packets
20
ESP Packet DetailsESP Packet Details
21
Authentication Data
Sequence Number
Security Parameters Index (SPI)
Nextheader
Payloadlength Reserved
TCP header
Authenticated
IP header
Initialization vector
Data
Pad Pad length Next
Encrypted TCP packet
OutlineOutline• Why IPsec?
• IPsec Architecture
• Internet Key Exchange (IKE)
• IPsec Policy
• Discussion
22
Internet Key Exchange Internet Key Exchange (IKE)(IKE)
• Exchange and negotiate security policies
• Establish security sessionso Identified as Security Associations
• Key exchange
• Key management
• Can be used outside IPsec as well
23
How It WorksHow It Works• IKE operates in two phases
o Phase 1: negotiate and establish an auxiliary end-to-end secure channel• Used by subsequent phase 2 negotiations• Only established once between two end points!
o Phase 2: negotiate and establish custom secure channels• Occurs multiple times
o Both phases use Diffie-Hellman key exchange to establish a shared key
24
IKE Phase 1IKE Phase 1• Goal: to establish a secure channel between
two end points
o This channel provides basic security features:
• Source authentication
• Data integrity and data confidentiality
• Protection against replay attacks
25
IKE Phase 1IKE Phase 1• Rationale: each application has different
security requirements
• But they all need to negotiate policies and
exchange keys!
• So, provide the basic security features and
allow application to establish custom
sessions
26
ExamplesExamples• All packets sent to address mybank.com
must be encrypted using 3DES with HMAC-
MD5 integrity check
• All packets sent to address www.forum.com
must use integrity check with HMAC-SHA1
(no encryption is required)
27
Phase 1 ExchangePhase 1 Exchange• Can operate in two modes:
o Main mode
• Six messages in three round trips
• More options
o Quick mode
• Four messages in two round trips
• Less options
28
Phase 1 (Main Mode)Phase 1 (Main Mode)
29
Initiator Responder
[Header, SA1]
Phase 1 (Main Mode)Phase 1 (Main Mode)
30
Initiator Responder
[Header, SA1]
[Header, SA2]
Establish vocabulary for further communication
Phase 1 (Main Mode)Phase 1 (Main Mode)
31
Initiator Responder
[Header, SA1]
[Header, SA2]
[Header, KE, Ni, {Cert_Reg} ]
Phase 1 (Main Mode)Phase 1 (Main Mode)
32
Initiator Responder
Header, SA1
[Header, SA1]
[Header, KE, Ni { , Cert_Req} ]
[Header, KE, Nr {, Cert_Req}]
Establish secret key using Diffie-Hellman key exchangeUse nonces to prevent replay attacks
Phase 1 (Main Mode)Phase 1 (Main Mode)
33
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {,Cert_Req} ]
[Header, KE, Nr {,Cert_Req}]
[Header, IDi, {CERT} sig]
Phase 1 (Main Mode)Phase 1 (Main Mode)
34
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {, Cert_req}]
[Header, KE, Nr {, Cert_req}]
[Header, IDi, {CERT} sig]
[Header, IDr, {CERT} sig]
Signed hash of IDi (without Cert_req , just send the hash)
Phase 1 (Quick Mode)Phase 1 (Quick Mode)
35
Initiator Responder
[Header, SA1, KE, Ni, IDi]
Phase 1 (Quick Mode)Phase 1 (Quick Mode)
36
Initiator Responder
[Header, SA1, KE, Ni, IDi]
[Header, SA2, KE, Nr, IDr, [Cert]sig]
[Header, [Cert]sig]
First two messages combined into one(combine Hello and DH key exchange)
IPSec (Phase 1)IPSec (Phase 1)• Four different way to authenticate
(either mode)o Digital signature
o Two forms of authentication with public key encryption
o Pre-shared key
• NOTE: IKE does use public-key based
cryptography for encryption
37
IPSec (Phase 2)IPSec (Phase 2)• Goal: to establish custom secure
channels between two end pointso End points are identified by <IP, port>:
• e.g. <www.mybank.com, 8000>
o Or by packet:
• e.g. All packets going to 128.124.100.0/24
o Use the secure channel established in Phase 1 for
communication
38
IPSec (Phase 2)IPSec (Phase 2)• Only one mode: Quick Mode
• Multiple quick mode exchanges can be
multiplexed
• Generate SAs for two end points
• Can use secure channel established in
phase 1
39
IP Payload IP Payload CompressionCompression
• Used for compression
• Can be specified as part of the IPSec policy
40
OutlineOutline• Why IPsec?
• IPsec Architecture
• Internet Key Exchange (IKE)
• IPSec Policy
• Discussion
41
IPsec PolicyIPsec Policy• Phase 1 policies are defined in terms of
protection suites
• Each protection suite
o Must contain the following:
• Encryption algorithm
• Hash algorithm
• Authentication method
• Diffie-Hellman Group
o May optionally contain the following:
• Lifetime
• …
42
IPSec PolicyIPSec Policy• Phase 2 policies are defined in terms of
proposals
• Each proposal:o May contain one or more of the following
• AH sub-proposals
• ESP sub-proposals
• IPComp sub-proposals
• Along with necessary attributes such as
o Key length, life time, etc
43
IPSec Policy ExampleIPSec Policy Example• In English:
o All traffic to 128.104.120.0/24 must be:
• Use pre-hashed key authentication
• DH group is MODP with 1024-bit modulus
• Hash algorithm is HMAC-SHA (128 bit key)
• Encryption using 3DES
• In IPSec:
o [Auth=Pre-Hash;
DH=MODP(1024-bit);
HASH=HMAC-SHA;
ENC=3DES]
44
IPsec Policy ExampleIPsec Policy Example• In English:
o All traffic to 128.104.120.0/24 must use one of the following:• AH with HMAC-SHA or,• ESP with 3DES as encryption algorithm and
(HMAC-MD5 or HMAC-SHA as hashing algorithm)
• In IPsec:o [AH: HMAC-SHA] or, o [ESP: (3DES and HMAC-MD5) or
(3DES and HMAC-SHA)]
45
Virtual Private Virtual Private Networks (VPNs)Networks (VPNs)
• Protocolo Data Link Later – PPTP , L2F , L2TF
o Network Layer - IPSec
• Virtualo It is not a physically distinct network
• Privateo Tunnels are encrypted to provide confidentiality
• Computer dept might have a VPNo I can be on this VPN while traveling
46
OutlineOutline• Why IPsec?
• IPsec Architecture
• Internet Key Exchange (IKE)
• IPsec Policy
• Discussion
47
DiscussionDiscussion• IPSec is not the only solution!
o Security features can be added on top of IP!
• e.g. Kerberos, SSL
o IP, IPSec protocols are very complex!
• Two modes, three sub protocols
o Complexity is the biggest enemy of security
48
DiscussionDiscussion• Has it been used?
o Yes—primarily used by some VPN vendors
• But not all routers support it
o No—it is not really an end-to-end solution
• Authentication is too coarse (host based)
• Default encryption algorithm too weak (DES)
• Too complex for applications to use
49
ResourcesResources• IP, IPsec and related RFCs:
o http://www.ietf.org/html.charters/ipsec-charter.
html
o IPsec: RFC 2401, IKE: RFC 2409
o www.freeswan.org
• Google search
50