1

IP Security

Behzad AkbariFall 2009

In the Name of the Most High

Outline

Need for Internet Security Internetworking and Internet Protocols

(Appendix 6A) IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations of Security Associations Key Management

Need for Internet Security

Based on public-domain standards Potential intruders know how things work

The Internet is ever-increasingly pervasive No need for specialist tools to get access

Applications (e.g. web servers and browsers) are extensible Now used for much more than protocol designers

envisaged originally TCP/IP weaknesses

e.g. easy to masquerade as someone else

Why secure at the IP layer?

Can put security in place once, in a consistent manner, for multiple applications

All applications are secured, without the need for the user to be involved

Central management of security, including access policy, keys, algorithms, etc.

Secured IP

Diverse Apps

WebEmail GameDB

queriesFTPSNMP IM

TCP UDP Other Transport

Independent of Applications and Transport

Internet Protocols

Internet Protocol (IP)provides functionality for interconnecting end systems across multiple networks.

IPv4 and IPv6 Routers provide connections between

networks Data is encapsulated in an IP Protocol Data

Unit (PDU) for transmission

Uses of IPsec Virtual Private Network (VPN) establishment

For connecting remote offices and users using public Internet

Low-cost remote access e.g. teleworker gains secure access to company

network via local call to ISP Extranet connectivity

Secure communication with partners, suppliers, etc.

OSI 7 Layer Model 7 Application

HTTP, SMTP, SNMP, FTP, Telnet, SIP, SSH, NFS,, Whois,

6 Presentation XDR, ASN.1, SMB, AFP, NCP

5 Session ASAP, TLS, SSH,RPC, NetBIOS, ASP, Winsock, BSD sockets

4 Transport TCP, UDP, RTP, SCTP, SPX, ATP,

3 Network IP, ICMP, IPX, BGP, OSPF, RIP, ARP, X.25

2 Data Link Ethernet, Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi, FDDI, PPP

1Physical wire, radio, fiber optic

5 Layer Internet Protocol Model

1 .Physical

2 .Network Interface)like Data Link(

3 .Internet

4 .Transport

5 .Application

Logical Link Control (LLC)

Media Access Control (MAC)

IP

TCP, UDP

TCP/IP Example

IP Security Overview

Application–specific security mechanisms E-mail (S/MIME, PGP) Client-server (Kerberos) Web Access ( Secure sockets)

IP level security (IPSec) Authentication (received unaltered from source in header) Confidentiality (encrypted to prevent eavesdropping) Key Management (secure exchange of keys)

IP Security Overview

IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.

IP Security Overview

Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity

with partners Enhancing electronic commerce security

IP Security Scenario

IP Security Overview

Benefits of IPSec Transparent to applications (below transport layer

(TCP, UDP) Provide security for individual users

IPSec can assure that: A router or neighbor advertisement comes from an

authorized router A redirect message comes from the router to which

the initial packet was sent A routing update is not forged

IP Security Architecture

IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet encryption

extension to IPv4 and IPv6 RFC 2406: Description of a packet emcryption

extension to IPv4 and IPv6 RFC 2408: Specification of key managament

capabilities

IPsec Architecture

Two alternative protocols: Authentication Header (AH)

Provides authentication but not confidentiality Adds extra field to traditional IP packet; used to verify

authenticity of the packet

Encapsulating Security Payload (ESP) Provides packet encryption and, optionally, authentication Content of IP packet is encrypted and encapsulated between

header and trailer fields

IPSec Document Overview

IPSec Services

IPSec provides security services at the IP layer by enabling a system to select required protocols, determine the algorithm(s) to use, and to put in place the cryptographic keys.

Two protocols are needed: Authentication Header (AH) Encapsulating Security Payload (ESP)

IPSec Services

Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity

Security Association (SA)

In order to communicate, each pair of hosts must set up SA with each other

Acts as virtual connection for which various parameters are set: Type of protection Algorithms Keys …

Specifies one-way relationship For either AH or ESP, but not both

Security Associations (SA)

A one way relationship between a sender and a receiver.

Identified by three parameters: Security Parameter Index (SPI) IP Destination address Security Protocol Identifier

Security Association (SA) Each SA uniquely identified by:

Security Parameters Index (SPI) 32-bit string assigned to this SA (local meaning only)

IP destination address of packets May be end user system, or firewall or router

Choice of AH or ESP For each IP packet, governing SA is identified by:

Destination IP address in packet header SPI in extension header (AH or ESP)

Before applying AH

IPsec modes

Transport Mode: Protects payload only

i.e. protects original data and upper-level protocols

Typically used for end-to-end communication

Transport Mode Security

Transport Mode (AH Authentication)

IPsec modes

Tunnel Mode: Protects entire IP packet

Including the IP header Typically used for connecting secure

gateways (firewalls or routers that implement IPsec)

Hosts don’t need to be IPsec-enabled

Tunnel Mode Security

Tunnel Mode (AH Authentication)

• Adds extra field to traditional IP packet• This is used to verify authenticity &

integrity of the packet

Before applying AH:

Transport Mode:data is authenticated, as

well as parts of IP header

Tunnel Mode:entire original packet

is authenticated + parts of new header

Authenticated (Data + orig IP header + parts of new header)

Authentication Header (AH)

Authenticated (Data + parts of IP header)

Authentication Header Provides support for data integrity and authentication

(MAC code) of IP packets. Guards against replay attacks. Parties share a secret key, K

Authentication Header (AH)

Protection against replay attack with use of sequence number

Why have an Authentication-only protocol (AH)? May be used where export/import/use of encryption is

restricted Faster implementation Receiver can choose whether to expend the effort to

verify authenticity/integrity

Encapsulating Security Payload (ESP) Content of IP packet is encrypted and

encapsulated between header and trailer fields.

Authentication data optionally added

Original IP packet:

Transport Mode:only data is encrypted &

authenticated

Tunnel Mode:entire packet encrypted &

authenticated

Authenticated

(optionally)

Encrypted

Authenticated

(optionally)

Encrypted

Encapsulating Security Payload (ESP)

ESP Format

Encrypts inner IP packet. Authenticates inner IP packet.

Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header

ESP with authentication

Encrypts inner IP packet

Encrypts IP payload and any IPv6 extesion header

ESP

Authenticates entire inner IP packet plus selected portions of outer IP header

Authenticates IP payload and selected portions of IP header and IPv6 extension headers

AH

Tunnel Mode SA

Transport Mode SA

Main difference is that Tunnel mode secures the IP header as well as the payload

End-to-end versus End-to-Intermediate Authentication

Encapsulating Security Payload ESP provides confidentiality services

Encryption and Authentication Algorithms Encryption:

Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish

Authentication: HMAC-MD5-96 HMAC-SHA-1-96

ESP Encryption and Authentication

ESP Encryption and Authentication

Combinations of Security Associations

Combinations of Security Associations

Combinations of Security Associations

Combinations of Security Associations

Key Management

Two types: Manual Automated

Oakley Key Determination Protocol( a refinement of the Difffie-HellProject Objectives and Plans man exchange algorithm)

Internet Security Association and Key Management Protocol (ISAKMP)

Key Management in IPsec

Generation and distribution of secret keys Manual

System admin configures keys (doesn’t scale well) Automated

Oakley Key Determination Protocol based on Diffie-Hellman

ISAKMP & IKE – Internet Security Association and Key Management Protocol & Internet Key Exchange

Default is referred to as ISAKMP/Oakley

Oakley

Key determination protocol, based on Diffie-Hellman algorithm with added security

Secret keys are created only when needed Key exchange requires no pre-exisitng structure, only an

agreement on global parameters Three authentication methods:

Digital signatures Public-key encryption Symmetric-key encryption

Oakley Algorithm

Characteristics: uses a method known as cookies to thwart clogging

attacks (See next slide) enables two parties to negotiate a group uses nonces to ensure against replay attacks enables the exchange of Diffie-Hellman public key

values authenticates Diffie-Hellman exchange to thwart

“man-in-the-middle” attack

Clogging Attacks

An opponent forges the source address of a legitimate user and send a public key to the victim.

The victim computes the secret key. Repeated messages can clog the victim’s system with

useless work. Cookie exchange requires that each side send a

pseudorandom number (cookie) in the initial message, which the other side acknowledges and repeats in the first message of the Diffie-Hellman key exchange.

If the source address was forged, the opponent gets no answer.

ISAKMP Internet Security Association and Key

Management Protocol (ISAKMP) provides framework for key management and specific

protocol supports defines procedures and packet formats to establish,

modify and delete security associations. Provides consistent independent of the key exchange

protocol, encryption algorithm and authentication mechanism

ISAKMP

IPsec Benefits Provides a level of security for all applications.

Allows deployment of new/emerging applications that may not have their own security.

Transparent to transport layer Transparent to end-users

No need for training, key issue, key revocation, etc. Can be provided to individual users where needed (e.g. off-

site workers) Extensible to new, stronger, cryptographic methods as these

become available

IPsec Drawbacks

Processing performance overhead Protection is applied to all traffic, though only a small

portion may be security-sensitive Blocks access to non-IPsec hosts Hosts must have security association

Not great for short-lived connections Requirement for pair-wise SA limits usefulness for

arbitrary Internet-based transactions Not practical for broadcast

Note on VPN concept

Private Network A set of computers connected together and

protected from the Internet (usually with a firewall)

Traditionally made up of LAN(s) within individual locations. If needed, wide area (e.g. inter-branch) connection is made by secure leased telecommunications lines.

Virtual Private Networks

(a) A leased-line private network. )b( A virtual private network.

Recommended Reading

Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995

Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley, 1994