Download Internet Security: IPsec and Encryption Protocols and more Study notes Computer Science in PDF only on Docsity!
IP LAYER SECURITY: IPSEC
Internet Protocols
CSC / ECE 573
Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves (^) 2
Announcements
I. Figures for HW
copyright 2005 Douglas S. Reeves (^) 3
Today’s Lecture
I. Security Basics
II. IPSec
III. Authentication Header (AH)
IV. Encapsulating Security Payload (ESP)
SECURITY BASICS
copyright 2005 Douglas S. Reeves (^) 5
Security Risks
• Why do they attack…?
- curiosity
- fun, a challenge
- financial gain
- personal (revenge, etc.)
- political, national
• Targets
- data
- infrastructure, operations
- assets that are accessible electronically copyright 2005 Douglas S. Reeves (^) 6
Internet Threats
• Internet protocols were not really designed with
security in mind
- originally: a small community of researchers with a shared mission
• Is “retrofitting” security to TCP/IP protocols
viable?
- some examples: DNSSEC, Secure BGP, …
• In distributed systems, who is reponsible for
monitoring, detection, and enforcement?
- no one entity “owns” or controls the Internet
copyright 2005 Douglas S. Reeves (^) 7
Internet Under Attack!
Source: http://www.cert.org
# of Security Incidents copyright 2005 Douglas S. Reeves (^) 8
Trust (Risk)
- There will always be a need for some servers
and communications to be regarded as
inherently trustworthy and reliable
- Examples
- passwords are needed to authenticate individuals, but password server knows all the keys!
- information provided by a trusted user may turn out to be false
- Goal of security: minimize the amount of trust
that is necessary
copyright 2005 Douglas S. Reeves (^) 9
Where Does Security Belong?
- At…
- link layer: link encryption
- network layer: firewalls, IPSec, intrusion detection systems
- application layer: SSL, authentication protocols
- Advantages / disadvantages of each? copyright 2005 Douglas S. Reeves (^) 10
Four Security Goals
Secrecy of information
Authentication of identity
Non-repudiation (of information previously
exchanged)
Message integrity (protection from forgery /
modification)
copyright 2005 Douglas S. Reeves (^) 11
Basic Concepts
- Terminology
- intruder or attacker
- ciphers
- plaintext
- ciphertext
- Kerchoff's principle: all cryptographic algorithms
must be assumed to be public; only keys are
secret
copyright 2005 Douglas S. Reeves (^) 12
Encryption
- Transformation of data from plaintext into
ciphertext
- Strength of encryption
- casual
- commercial
- military
- "alien"
- Necessary components
- one or more keys (e.g., password or passphrase)
- encryption function
- decryption function
copyright 2005 Douglas S. Reeves (^) 19
Security Policies
- Security policies : which traffic is processed by
which security association
- Traffic mapping
- selectors (classification patterns) identify traffic types
- may include "wildcard" entries matching any value
- The Security Policy Database (SPD) specifies
the policies that apply to all IP traffic from/to a
host or security gateway
- selectors for two entries may overlap (i.e., ambiguous matching)
- order is important: the first matching entry is selected copyright 2005 Douglas S. Reeves (^) 20
Types of Classification Filters
**Field Traffic Value Possible Filter Values
src addr single IP addr single,range,wildcard dst addr single IP addr single,range,wildcard xpt protocol* xpt protocol single,wildcard src port* single src port single,wildcard dst port* single dst port single,wildcard user ID* single user ID single,wildcard security label single value single,wildcard
- entries for these fields could be “OPAQUE” because the traffic value is encrypted** copyright 2005 Douglas S. Reeves (^) 21
Transport vs. Tunnel Modes
- Each protocol (AH or ESP) supports two modes:
transport or tunnel mode
- Transport mode headers
- IP header
- IPSec header
- transport-layer header copyright 2005 Douglas S. Reeves (^) 22
Transport vs. Tunnel Modes (cont’d)
- Tunnel mode headers
- an outer IP header specifies endpoint of the SA
- IPSec header
- an inner IP header specifies the ultimate destination for the packet
- transport layer header
- Steps in tunnel mode processing
- Encryption / authentication
- Encapsulation
- Delivery
- Decapsulation
- Decryption / verification copyright 2005 Douglas S. Reeves (^) 23
Tunnel Mode (cont’d)
- Levels of protection
- AH: portions of the outer IP header are afforded protection, as well as all of the tunneled IP packet
- ESP: protection afforded only to the tunneled packet, not to the outer header
- Inner IP header is not changed during
transmission, except to decrement the TTL
copyright 2005 Douglas S. Reeves (^) 24
Security Associations Between Hosts
- SA is directly between two hosts
- either transport mode, or tunnel mode, is allowed Security Association Internet H1 H IP1 + AH + ESP (not allowed)
IP1 + ESP IP2 + ESP + IP
IP1 + AH IP2 + AH + IP
Tunnel Mode Headers Transport Mode Headers
copyright 2005 Douglas S. Reeves (^) 25 H2 (^) Gateway^ Security Security Association^ Security Gateway H IP2 + ESP + IP
IP2 + AH + IP
Tunnel Mode Headers Internet H H1 H H
Security Associations Between GatewaysSecurity Associations Using Gateways
- A security gateway is a device implementing
IPSec on behalf of a set of internal hosts
- provides security services for these hosts when communicating with external hosts
AUTHENTICATION WITH IPSEC
copyright 2005 Douglas S. Reeves (^) 27
Authentication Header Protocol
(RFC 2402)
- AH provides
- data origin authentication
- anti-replay service
- message integrity
- Provides authentication for as much of the IP
header as possible, as well as for higher layer
protocol data
- some IP header fields may change in transit, so cannot be protected by AH
- called mutable fields copyright 2005 Douglas S. Reeves (^) 28
AH: Transport Mode
- Before applying AH: ---------------------------- |orig IP hdr | | | |(any options)| TCP | Data | **----------------------------
|orig IP hdr | | | | |(any options)| AH | TCP | Data | ---------------------------------** |<------- authenticated ------->| except for mutable fields in IP hdr
- After applying AH: copyright 2005 Douglas S. Reeves (^) 29
AH: Tunnel Mode
- After applying AH: ------------------------------------------------ | new IP hdr | | orig IP hdr | | |* |(+any options)| AH |(+any options)|TCP | Data | ------------------------------------------------ |<- authenticated except for mutable fields -->| | in the new IP hdr | copyright 2005 Douglas S. Reeves (^) 30
The AH Header
**1 2 0 8 6 4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Payload Len | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number Field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
- Authentication Data (variable) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+**
copyright 2005 Douglas S. Reeves (^) 37
Fragmentation (cont’d)
- Tunnel mode: AH or ESP applies to IP packets,
which may be fragments
- May have to…
- first reassemble a packet fragmented by the local IP layer
- then apply IPsec
- then re-fragment the resulting packet (!)
ENCRYPTION WITH IPSEC
copyright 2005 Douglas S. Reeves (^) 39
IP Encapsulating Security Payload
(RFC 2406)
- ESP provides
- data origin authentication (with authentication)
- anti-replay service
- message integrity (with authentication)
- confidentiality
- limited traffic analysis confidentiality (via tunnel mode) copyright 2005 Douglas S. Reeves (^) 40
ESP: Transport Mode
- Before applying ESP: ----------------------------- |orig IP hdr | | | |(+any options)| TCP | Data | **-----------------------------
|orig IP hdr | ESP | | | ESP | ESP| |(+any options)| Hdr | TCP | Data | Trailer |Auth| --------------------------------------------------** | < ----- encrypted ---->| | < - ---- authenticated ----->|
- After applying ESP: copyright 2005 Douglas S. Reeves (^) 41
ESP: Tunnel Mode
- ESP does not protect any IP header fields
unless tunnel mode is used
- After applying ESP: ------------------------------------------------------------- | new IP hdr | | orig IP hdr | | | ESP | ESP| |(+any options)| ESP | (+any options) |TCP|Data|Trailer|Auth| -------------------------------------------------------------** |<--------- encrypted ----------->| |<----------- authenticated ----------->|
ESP Header and Trailer
*0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | Authentication +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Coverage | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Data (variable) | ~ ~ | | Encryption
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Coverage | | Padding (0-255 bytes) | +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Pad Length | Next Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Data (variable) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+**
copyright 2005 Douglas S. Reeves (^) 43
ESP Header and Trailer Fields
- SPI uniquely identifies SA (along with destination
IP address and ESP)
- Sequence Number
- initialized to 0 when SA established
- no wraparound; must be reset (i.e., establish new SA) prior to transmitting 2^32 nd packet
- Next Header identifies the type of data
contained in the Payload Data field
- how can you find Next Header and Pad Length if they come after the Payload Data and Padding fields, which are variable length? copyright 2005 Douglas S. Reeves (^) 44
ESP Header and Trailer Fields (cont’d)
- Payload Data = contents of upper layer
protocol
- Authentication Data included only if
authentication service has been selected
- computed over the ESP packet minus the Authentication Data
- contains ICV
- variable-length, length is specified by the security association
- Padding if required by cryptographic algorithm copyright 2005 Douglas S. Reeves (^) 45
ESP Packet Encryption
- Encrypts the result using the <key, encryption
algorithm, algorithm mode> indicated in the
security association
- If authentication is selected...
- encryption is performed first, before the authentication
- encryption does not encompass the Authentication Data field copyright 2005 Douglas S. Reeves (^) 46
ESP Packet Input Processing
1. Packet reassembly occurs if needed
2. Determine the appropriate SA based on
Destination IP Address , SPI , and
protocol (ESP)
3. SA specifies
- whether to check sequence number
- whether to expect authentication data
- what algorithms and keys to use for decryption and authentication copyright 2005 Douglas S. Reeves (^) 47
ESP Cryptographic Algorithms
- DES (in CBC mode)
- HMAC with MD
- HMAC with SHA-
- NULL Authentication algorithm
- NULL Encryption algorithm
- authentication and encryption must not both be NULL copyright 2005 Douglas S. Reeves (^) 48
Summary
1. IPSec is not perfect, but widely supported and
used
2. Provides general encryption and authentication
functions for all applications using IP
3. Does not solve the problems of key
management and exchange
