IPSec

Sheng-Liang Song

ssl@cisco.com

•Access control•Connectionless integrity•Data origin authentication•Rejection of replayed packets•Confidentiality

IPSec

Sheng-Liang Song

ssl@cisco.com

•Complexity •Security worst “enemy”

•“best practice”

Agenda

IPSec Overview IPSec (Network Layer) Modes (Tunnel/Transport) Protocols (ESP/AH) IKE (Internet Key Exchange) IPSec Cases

IPSec Discussion Q&A

Key Words

ISAKMP (Internet Security Association and Key Management Protocol) SA (Security Associations) SPD (Security Policy Database) IKE (Internet Key Exchange) AH (Authentication Header) ESP (Encapsulating Security Payload) HMAC (Keyed-Hashing for Message Authentication)

H(K XOR opad_5C, H(K XOR ipad_36, text))

IPSec (Network Layer)

lives at the network layer

transparent to applications

application

transport

network

link

physical

SSL

OS

User

NIC

IPSec

IPv4 Header Format

Mutable, predictable, Immutable

IPv6 Header Format

IPSec Modes (Tunnel and Transport) Transport Mode

Tunnel Mode

IP header data

IP header ESP/AH data

IP header data

new IP hdr ESP/AH IP header data

Tunnel Mode Transport Mode

IPSec Protocols (ESP and AH) ESP (Encapsulating Security Payload)

Integrity and confidentiality (HMAC/DES-CBC)

Integrity only by using NULL encryption AH (Authentication Header)

Integrity only

IP HDR Data

IP HDR Data

IP HDR Data

IPSec TunnelOriginal IP Layer Original IP Layer

DataIP HDR

encrypted

IPSec Encrypted sessionOriginal IP Layer Original IP Layer

encrypted

Data

IPSec Authenticated sessionOriginal IP Layer Original IP Layer

IP HDR DataAH HDR IP HDR Data

IP HDR ESP HDR

ESP HDR

IP HDR Data

IP HDR DataNew IP HDR

AH Format

The sender's counter is initialized to 0 when an SA is established.

AH/Transport

AH/Transport

ESP Format

The sender's counter is initialized to 0 when an SA is established.

ESP/Transport

ESP/Tunnel

IPSec Tunnels

IP new hdrNew IP header built by tunnel entry pointTOS byte is copiedTOS byte is copied

IP header IP Payload

Original IP Packet

TOS

IP header IP Payload

Classified IP packet

Set TOSSet TOS

TOS

TOS copyTOS copy

TOS

IP new hdr ESP header

IPSec packet

IP IP PayloadTOS

Anti-Replay in IPSec

Both ESP and AH have an anti-reply mechanism based on sequence numbers sender increment the sequence number after

each transmission receiver optionally checks the sequence

number and rejects if it is out of window

How IPSec uses IKE

IPSec and IKE in Practice

Certificate Authority

Digita

l Cer

tifica

te

SA

Authenticated Encrypted Tunnel

EncryptedClear Text

Internal Network

Internal Network

Digital Certificate

ISAKMP S

ession

Sets up a keying channel

Sets up data channels

ISAKMP (Internet Security Association and Key Management Protocol)SA (Security Associations)SPD (Security Policy Database)Discard,bypass IPsec, apply IPSec(Overhead)

IPSec (IKE1 Phase1)

Authenticated with Signatures Authenticated with Shared key Authenticated with Public Key Encryption Authenticated with Public Key Encryption

(Revised)

IPSec (Cases)

IPSec Case1

IPSec Case2

IPSec Case3

IPSec Case4

IPSec Discussion

1. IPSec authenticates machines, not users

2. Does not stop denial of service attacks1. Easier to do DoS

3. Order of operations: Encryption/Authentication

4.Q & A

Reference

Information Security: Principles and Practice, Mark Stamp, Jan 29,2005

http://www.ietf.org/ Cisco IOS IPsec www.cisco.com/go/ipsec/ Cisco White Paper, IPsec,

http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm

N. Ferguson and B. Schneier, A Cryptographic Evaluation of IPsec, http://www.schneier.com/paper-ipsec.html

IPsec, Security for the Internet Protocol, http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/intro.html