Upload
ram-dutt-shukla
View
1.403
Download
2
Embed Size (px)
DESCRIPTION
Unit 5 Of ACN
Citation preview
IP Security
TCP/IP ExampleTCP/IP Example
Security facilities in the Security facilities in the TCP/IP protocol stackTCP/IP protocol stack
Need for IPSecNeed for IPSec
• Application level security services– Electronic mail
• S/MIME, PGP– Client Server
• Kerberos, X.509– Web access
• SSL, TLS, SET
• Enterprises need security at IP layer– To protect security ignorant applications– Additional security to applications with security
mechanisms– Establish private secure network
IPv4 HeaderIPv4 Header
IPv6 HeaderIPv6 Header
IP Security OverviewIP Security Overview
• IPSec is not a single protocol. • IPSec provides a set of security
algorithms• IPSec provides a general security
framework for a pair of communicating entities
– Across LAN, Private & Public WANs– Across Internet
IP Security OverviewIP Security Overview
• Applications of IPSec– Secure branch office connectivity over
the Internet– Secure remote access over the
Internet– Establsihing extranet and intranet
connectivity with partners– Enhancing electronic commerce
security
IP Security OverviewIP Security Overview
• Benefits of IPSec– Better firewall protection– Transparent to applications (below transport
layer (TCP, UDP)– Provide security for individual users
• IPSec can assure that:– A router or neighbor advertisement comes
from an authorized router– A redirect message comes from the router
to which the initial packet was sent– A routing update is not forged
IP Security ScenarioIP Security Scenario
IP Security IP Security ArchitecturesArchitectures
• Integrated architecture– Supported in IPv6– Difficult to implement in IPv4
• Bump in The stack (BITS) for IPv4– Between Data link and IP layers
• Bump in The Wire (BITW)– Hardware implementation
IPSec RFCsIPSec RFCs
• IPSec documents:– RFC 2401: An overview of security
architecture– RFC 2402: Description of a packet
authentication extension to IPv4 and IPv6– RFC 2406: Description of a packet
encryption extension to IPv4 and IPv6– RFC 2408: Specification of key managament
capabilities
IPSec ServicesIPSec Services
• Access Control• Connectionless integrity• Data origin authentication• Rejection of replayed packets• Confidentiality (encryption)• Limited traffic flow confidentiallity
IPSec protocolsIPSec protocols
• Authentication header (AH)• Encapsulating security payload
(ESP)• ESP with Authentication
Protocols vs servicesProtocols vs servicesAH ESP(encryption
only)ESP(encryption and authentication)
Access control yes yes yes
Connectionless integrity
yes yes
Data origin authentication
yes yes
Rejection of replay attacks
yes yes yes
confidentiality no yes yes
Limited traffic flow confidentiality
no yes yes
IPSec modes of IPSec modes of operationsoperations
• Transport– IPSec protects IP payload– IPSec headers added before IP payload– No change in IP header
• Tunnel– IPSec protects total IP packet– IPSec headers encapsulates IP packet– New IP header is created
DiscussionDiscussiononTunnel and Transport onTunnel and Transport
mode mode • Tunnel mode header order
– New IP hdr->IPsec hdr->old IP hdr->IP payload
– BITS or BITW architecture– Choice for VPN
• Transport mode header order– IP hdr->IPSec hdr->IP payload– IPSec integrated architecture– End to End security
Protocols Transport Mode SA
Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers
Authenticates entire inner IP packet plus selected portions of outer IP header
ESP Encrypts IP payload and any IPv6 extesion header
Encrypts inner IP packet
ESP with authentication
Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header
Encrypts inner IP packet. Authenticates inner IP packet.
Security services
Security Associations Security Associations (SA)(SA)
• One SA for one way relationship between a sender and a receiver
• Two SAs for two way relationship• One SA for one protocol• Uniquely Identified by three
parameters:– Security Parameter Index (SPI)
• Each SA identified by a bit string• Carried in Ah & ESP headers
– IP Destination address– Security Protocol Identifier
SA: Other parametersSA: Other parameters
• Seq num cntr : 32 bit value• Seq cntr overflow: overflow flag • Anti replay window: to find if incoming
AH or ESP is a replay• AH info: algo, keys etc• ESP info: algo, keysetc• Life time of this SA• IPSec mode: transport, tunnel• Path MTU:
Security Policy database Security Policy database (SPD)(SPD)
• Each entry in SPD– define a subset of IP traffic
• Selectors for IP and UL protocol values
– Points to an SA for that traffic
• Multiple entries -> single SA• Multiple SAs -> single entry
SPD selector entriesSPD selector entries
• Dest IP address• SRC IP address• UserID• Data sensitivity level ( Classification)• Transport layer protocol:IPv4/IPv6• IPSec protocol: AH or ESP or both• SRC dest ports• IPv6 class• IPv6 flow label• IPv4 TOS
Authentication HeaderAuthentication Header
• Provides support for data integrity and authentication (MAC code) of IP packets.
• Guards against replay attacks.
Anti-replay serviceAnti-replay service
• Use of seq number field- 32 bits• On each SA it is initialised to 0• Incremented for each packet• When seq number > 232-1 new SA• Anti replay window
Authentication dataAuthentication data• Holds integrity check value• HMAC-MD5-96, HMAC-SHA-1-96• MAC calculated over
– IP header • field that unchange in transit• Fields that are predictable• Others set to zero for MAC
– AH header• Other than authentication data which is set to 0
– Entire UL protocol data• Immutable
– IHL, src address• Mutable but predictable
– Destination address• Mutable
– TTL, hdr checksum
Before applying AHBefore applying AH
Transport Mode (AH Transport Mode (AH Authentication)Authentication)
Tunnel Mode (AH Tunnel Mode (AH Authentication)Authentication)
End-to-end versus End-End-to-end versus End-to-Intermediate to-Intermediate AuthenticationAuthentication
Encapsulating Security Encapsulating Security PayloadPayload
• ESP provides confidentiality services
Encryption and Encryption and Authentication Authentication
AlgorithmsAlgorithms• Encryption:
– Three-key triple DES– RC5– IDEA– Three-key triple IDEA– CAST– Blowfish
• Authentication:– HMAC-MD5-96– HMAC-SHA-1-96
ESP Encryption and ESP Encryption and AuthenticationAuthentication
ESP Encryption and ESP Encryption and AuthenticationAuthentication
Combinations of Combinations of Security AssociationsSecurity Associations
Combinations of Combinations of Security AssociationsSecurity Associations
Combinations of Combinations of Security AssociationsSecurity Associations
Combinations of Combinations of Security AssociationsSecurity Associations
Key ManagementKey Management• Ipsec management
– determination of keys– Distribution of keys
• Typical requirements– 4 keys between communicating applications– Transmit and receive pairs
• Two types:– Manual– Automated on demand
• Oakley Key Determination Protocol• Internet Security Association and Key
Management Protocol (ISAKMP)
Diffie Hellman key Diffie Hellman key exchangeexchange
• Attractive features– Secret keys created only when needed– No pre-existing infrastructure required
• Weaknesses– No information about identities of
parties– Man-in-the-middle attack– Clogging attack
OakleyOakley• Based on Diffie Hellman algo
– Exchange of DH PK values
• Providing added security– Cookies to thwart clogging attacks– Two parties to negotiate a group
• Selection of global parameters
– Nonces to prevent replay attacks– Authentication of DH exchange to prevent
MITM attack
• Generic no specific format
OakleyOakley: Use of Cookies : Use of Cookies exchangeexchange
• Each side send a PRN (cookie) initially
• Each side ack other• This ack repeated in the first DH key
exchange• If the src address was forged
opponent does not get ack • Cannot make user calculate DH
OakleyOakley: Use of Groups: Use of Groups
• Each group define – Global parameters q and α
• Modular expo with a 768 bit modulus• Modular expo with a 1024 bit modulus• Modular expo with a 1536 bit modulus• Elliptical curve over 2155
• Elliptical curve over 2185
– Identity of algorithm• DH• Elliptical curve
Oakley: AuthenticationOakley: Authentication
• Three authentication methods:– Digital signatures
• Eks[ H [Nonces, ID]]
– Public-key encryption• EKra [ ID, Nonces]
– Symmetric-key encryption• Eksym [ ID, Nonces]
ISAKMPISAKMP
• Set of procedures, messages for SAs– Establish, negotiate, modify and delete
• ISAKMP message– Header + payloads
• Payload format independent of– Key exchange protocol, encryption algo,
authentication mechanism• Uses UDP
ISAKMPISAKMP
ISAKMP: payload typesISAKMP: payload types
• SA : SA initiation– Proposal, Transform, KE
• ID• Certificate• Certificate request• Hash• Signature• Nonce• Notification• Delete
ISAKMP: Exchange ISAKMP: Exchange typestypes
1. Base exchange– I->R: SA;Nonce– R->I: SA:Nonce– I->R: KE;IDi;Auth– R->I: KE:IDr;Auth
• 4 messages; no ID protection
ISAKMP: Exchange ISAKMP: Exchange typestypes
2. ID protection exchange– I->R: SA– R->I: SA– I->R: KE;Nonce– R->I: KE:Nonce– * I->R: IDi;Auth– * R->I: IDr;Auth
• 6 messages; ID protected
ISAKMP: Exchange ISAKMP: Exchange typestypes
3. Authentication only exchange– I->R: SA: Nonce– R->I: SA; Nonce;IDr;Auth– I->R: IDi;Auth
• 3 messages; authentication wo key exchange
ISAKMP: Exchange ISAKMP: Exchange typestypes
4. Aggressive exchange– I->R: SA: KE; Nonce;IDi– R->I: SA; KE; Nonce;IDr;Auth– * I->R: Auth
• 3 messages; Express SA set up wo ID protection
ISAKMP: Exchange ISAKMP: Exchange typestypes
4. Informational exchange– * I->R: N/D
• 1 message; Error or Status notification or deletion