Multilayer Security Architecture for Internet Protocols
1. Multilayer Security Architecture for
Internet Protocol (ML-IPSec)
1 October, 2010
Muhammad Nasir Mumtaz Bhutta
Centre for Communication Systems Research
University of Surrey
Guildford, Surrey
GU2 7XH
Email: m.bhutta@surrey.ac.uk,
Tel: 01483 68 3036
www.surrey.ac.uk
2. Objectives
β’ Demonstrate βSecurity Architecture for
Internet Protocolβ (IPSec) protection model.
β’ Highlight the limitations of IPSec.
β’ Demonstrate the working or ML-IPSec.
β’ Demonstrate the detailed experiment plans.
2 www.ee.surrey.ac.uk/CCSR
3. Introduction
β’ Security Architecture for Internet Protocol
(IPSec) provides security services at IP
layer in protocol stack.
β’ All upper layers than IP layer can get
security services without reengineering the
applications.
β’ IPSec operates in two modes, tunnel and
transport, to secure path(s) between
communicating nodes.
3 www.ee.surrey.ac.uk/CCSR
4. Path(s) Security
β’ Between Pairs of Gateways
β Gateways need to implement IPSec.
β Works in Tunnel Mode (complete IP packet is
protected & new IP header is appended).
β Different source and destination addresses in
dual IP headers.
Un Protected Subnet Protected Subnet
Protected Subnet
IPSec Tunnel
Tunnel Endpoint Tunnel Endpoint
Gateway Gateway
4 www.ee.surrey.ac.uk/CCSR
5. Path(s) Security
β’ Between Pair of Hosts
β End nodes need to implement IPSec.
β Works in Transport Mode (Upper layers
headers and IP data are protected).
β IP addresses are unchanged.
Un Protected Subnet
IPSec Tunnel OR
Transport mode
Protected Endpoint
Protected Endpoint
5 www.ee.surrey.ac.uk/CCSR
6. Path(s) Security
β’ Between Host and Gateway
β Both end hosts and gateways implement
IPSec.
β Usually works in tunnel mode to take benefits
of hiding external characteristics of
communication.
Protected Subnet
Un Protected Subnet AND/OR
IPSec Tunnel Internet
Protected Endpoint Protected Endpoint
6 www.ee.surrey.ac.uk/CCSR
7. Security Goals
β’ Access Control
β Prevent unauthorized access to resources.
β’ Connectionless Integrity
β Check any modifications in IP datagram
without caring about the arrival order of IP
datagrams.
β’ Origin Authentication
β Identify claimed source of data.
7 www.ee.surrey.ac.uk/CCSR
8. Security Goals (continued..)
β’ Partial Sequence Integrity
β Check for duplicate packets (Replay attacks).
β’ Data Confidentiality
β Protect against disclosure of data to
unauthorized entities.
β’ Limited Traffic Flow Confidentiality
β Protect external characteristics of
communications (e.g. source and destination
addresses etc.).
8 www.ee.surrey.ac.uk/CCSR
9. Major IPSec Components
β’ Security Policies
β Provides rules for user access and control level.
β’ Security Protocols
β Authentication Header (AH)
β’ Provides origin authentication, connectionless integrity and
optional partial sequence integrity.
β Encapsulating Security Payload (ESP)
β’ Provides all services provided by AH, data confidentiality and
limited traffic flow confidentiality as well.
9 www.ee.surrey.ac.uk/CCSR
10. Major IPSec Components
(continued..)
β’ Cryptographic Algorithms
β Helps to achieve integrity and confidentiality.
β’ Key Management
β All security operations are provided by
cryptographic means, so keys are required.
β Internet Key Exchange (IKE v2) is used to
provide key management.
10 www.ee.surrey.ac.uk/CCSR
11. Assumptions
β’ To achieve high quality of security
services, certain assumptions need to be
met:
β Good implementation of IPSec.
β Security is dependent on many things in over
all system (e.g. personnel & physical
procedures, security policies etc.), so IPSec
just play its role as a part.
β Good Implementation of Operating System
(OS) security services.
11 www.ee.surrey.ac.uk/CCSR
12. IPSec Components to Help in
Achieving Security Goals
β’ Security Association (SA)
β SA is a one way traffic secure connection
between communicating parties.
β For Bidirectional communication, two SAs are
established.
β SA, providing actually all security services, is
setup by IKE.
β Functionality is dependent upon security
protocols, mode of IPSec working, endpoints
of SA and chosen security services.
12 www.ee.surrey.ac.uk/CCSR
13. IPSec Components to Help in
Achieving Security Goals
(continued..)
β’ Security Policy Database (SPD)
β Stores security policies.
β Provides information about security policy rules to be
applied.
β At least one SPD implementation must be supported
in IPSec.
β Three logical components
β’ SPD-Secure (S) contains rules for all IPSec protected traffic.
β’ SPD-Outbound (O) contains rules for all outbound traffic
β’ SPD-Inbound (I) contains rules for all inbound traffic or
bypassed.
13 www.ee.surrey.ac.uk/CCSR
14. IPSec Components to Help in
Achieving Security Goals
(continued..)
β’ Security Association Database (SAD)
β Stores SAs.
β Provides information about security associations.
β For outbound processing SAD is pointed by SPD-S
part.
β For inbound processing SAD is pointed by SPD-I part.
β’ Peer Authorization Database (PAD)
β Stores information about links between SPD and
SAD.
β Helps IPSec components in security services
practice.
14 www.ee.surrey.ac.uk/CCSR
15. IPSec Working & Role of IKE
β’ IKE helps in setup of security associations
(SAs).
β The functionality of all cryptographic protocols is
dependent on these SAs.
β Control information exchange also requires SA setup.
β’ IKE provides this setup by message exchanges.
β IKE_SA_INIT, IKE_AUTH
β IKE_CHILD_SA
β Informational Exchanges
15 www.ee.surrey.ac.uk/CCSR
16. IPSec Working & Role of ESP
β’ ESP provides origin authentication,
connectionless and sequence integrity,
data and limited traffic flow confidentiality.
β’ Security services are offered in three
modes by ESP.
β Confidentiality Only (may be supported)
β Integrity Only (must be supported)
β Confidentiality and Integrity (must be
supported)
16 www.ee.surrey.ac.uk/CCSR
17. IPSec Working & Role of ESP
(continued..)
β’ Data Confidentiality
β Data confidentiality is provided via encryption.
β Encryption scheme selection is dependent upon SA
out of various encryption algorithms.
β’ Origin Authentication and Connectionless
Integrity
β Integrity of IP datagram is validated via Message
Authentication Code (MAC).
β Origin authentication is provided indirectly by binding
of the key with the holding entity (origin).
17 www.ee.surrey.ac.uk/CCSR
18. IPSec Working & Role of ESP
(continued..)
β’ Anti-Replay Service (Partial Sequence
Integrity)
β This is service to detect arrival of duplicate
packets.
β Provides sequential integrity and may be
supported in ESP.
β’ Limited Traffic Flow Confidentiality
β This service hides source and destination
addresses and usually employed in Tunnel
Mode.
18 www.ee.surrey.ac.uk/CCSR
19. Limitations of IPSec
β’ IPSec follows very strict layering and
protection model works end-to-end.
β’ With advancement in wireless technology
according to characteristics of networks,
certain cross-layer optimizations are
performed.
β’ Some examples of wireless technology
highlights the functionality of new network
applications.
19 www.ee.surrey.ac.uk/CCSR
20. Limitations of IPSec (continued..)
β’ Conflicts between IPSec and TCP PEPs
β TCP PEPs work on two pieces of information,
TCP flow identification and sequence
numbers.
β IPSec encapsulate whole TCP packet.
β’ Traffic Analysis
β For functioning of upper layers, some
information from headers is required at
intermediate nodes.
β IPSec hides all upper layer headers.
20 www.ee.surrey.ac.uk/CCSR
21. Limitations of IPSec (continued..)
β’ Traffic Engineering
β Flow classification is essential in providing rich
classes of service and QoS (RED, RSVP).
β The flow information present in upper layers such ac
TCP is hidden by IPSec.
β’ Application Layer Agents/Proxies
β Some modern routers can serve the HTTP requests
from their local cache in order to improve
performance.
β They need information from upper layers like HTTP
but, that is hidden by IPSec.
21 www.ee.surrey.ac.uk/CCSR
22. Summary of IPSec Limitations and
Conclusion
β’ All above defined mechanisms, try to
access upper layers information for their
working.
β’ IPSec works on end-to-end basis and
encrypts all the upper layer information.
β’ So IPSec has basic functioning conflict
with many intermediate devices.
β’ Need to resolve these issues for optimal
performance.
22 www.ee.surrey.ac.uk/CCSR
23. Problem Statement for ML-IPSec
β’ Develop a security scheme with below
defined features:
β Supports the services and applications which
have conflict with IPsec working.
β Should grant trusted intermediate nodes a
secure, controlled and limited access to a
selected portion of IP datagram.
β Should preserve the end-to-end security
protection for user data.
23 www.ee.surrey.ac.uk/CCSR
24. Approaches - Transport Layer
Security
β’ Using a transport-layer security mechanism as an
alternative to IPsec to provide security services.
β’ The transport-layer mechanism, such as secure
sockets layer (SSL) or transport layer security
(TLS) operates above TCP and works well with
TCP PEP:
β it encrypts the TCP data while leaving the TCP header
in unencrypted and unauthenticated form
β’ Limitations:
β Vulnerable to traffic analysis attack
β SSL/TLS only works on TCP but not on UDP so the
range of applications is limited
24 www.ee.surrey.ac.uk/CCSR
25. Approaches β
Tunnelling one security protocol
β’ This approach tries to use transport layer
security protocols, SSL/TLS, inside IPsec.
β’ SSL/TLS will protect the TCP data and
IPSec will protect TCP header information
β’ Limitations:
β wastage of resources because TCP data will
be encrypted twice by SSL/TLS and IPsec,
β IPsec still encrypts the whole TCP information
including header and data part
25 www.ee.surrey.ac.uk/CCSR
26. Approaches - Using a Transport
Friendly ESP Format
β’ The transport-friendly ESP (TF-ESP)
protocol format was proposed:
β The TCP state information (such as flow
identifications and sequence numbers) are in a
disclosure header outside the encryption
scope, bbut authenticated.
β’ Limitations:
β Vulnerable to traffic analysis attack
β it does not work well with TCP spoofing when a
write access is needed
26 www.ee.surrey.ac.uk/CCSR
27. Approaches β Splitting IPsec into
Two Segments
β’ IPsec protection can be applied twice, once
between sender and security gateway and
second time between security gateway and
destination.
β’ Limitations:
β It exposes the information to intermediate
nodes while confidentiality is only meant for
end-to-end
27 www.ee.surrey.ac.uk/CCSR
28. Approaches β Multi - Layer IP
Security Protocol
β’ ML-IPsec breaks the IP datagram into
different parts and apply different security
mechanisms on different parts:
β one security mechanism for transport header
β different security mechanism for application
data
β’ This approach allows the intermediate
nodes to co-exist with end-to-end IPsec
β’ Limitations:
β More complex than IPsec
28 www.ee.surrey.ac.uk/CCSR
29. Standardization & Issues
β’ Many meetings were attended at IETF to
present the idea of IPSec and internet draft was
written.
β’ IETF Concerns:
β Application domains is limited (Satellite Networks
only).
β Implementation complexity is increased. (shown
feasible via implementation in IPSec).
β Two more implementations required to prove the
points.
β’ Key Management Complexity is major issue.
29 www.ee.surrey.ac.uk/CCSR
31. Principle of ML-IPSec Security
Protection
β’ Multilayer protection model:
β’ Divides IP datagram into zones
β’ Different protection schemes for different zones
(e.g. SA, public/private keys, access control rules
etc.)
31 www.ee.surrey.ac.uk/CCSR
32. General Model of IPSec Processing
β’ .
Multicast
Key Exchange
32 www.ee.surrey.ac.uk/CCSR
33. Composite Security Association
(CSA)
β’ Security Association
β’ one-way relationship
between sender and
receiver.
β’ defines set of
parameters (e.g.
sequence number, anti-
replay window, lifetime
of SA, Path MTU etc).
β’ Controls outbound,
inbound processing.
33 www.ee.surrey.ac.uk/CCSR
34. CSA Continued..
β’ CSA has two elements:
β Zone Map: defines coverage of each zone in
IP datagram.
β Zone List: is a list of all SAs for all zones. (all
stored in βSecurity Association Database
(SAD)β).
34 www.ee.surrey.ac.uk/CCSR
35. Zones and Zone Map
β’ A zone is any portion of IP datagram under same security
protection.
β’ Entire IP datagram can be broken into zones.
β’ Zones can not overlap.
β’ A zone can be split into multiple sub zones (continuous part of
IP datagram).
β’ A zone map is a mapping
relationship between IP octets
and zones.
β’ Remains Constant for a
security relationship.
β’ zones that covers last part
of IP datagram (data) should
35
be variable according to size. www.ee.surrey.ac.uk/CCSR
36. Composite Security Association
(CSA)
β’ Zone Map
β’ Zone List
β In zone list area we show the SAs, their
36 parameters and access control. www.ee.surrey.ac.uk/CCSR
37. Zone List continued
β’ SA (designated)
β Sequence Number Counter (64 bit)
β Sequence Counter Overflow
β Anti-Replay Window (64 bit)
β Protocol mode (Transport or Tunnel)
β Path MTU
β Lifetime
β Encryption algorithm (DES-CBC)
β Encryption Key
β Authentication algorithm (HMAC-MD5-32)
β Authentication Key
37 www.ee.surrey.ac.uk/CCSR
38. Outbound Processing (zone by
zone)
Outbound: IP datagram
Zone map
Plain Text (masked and concatenated)
Encryption (using ESP)
AH
SA
Cipher Text (ESP)
Authentication
ICV
AH or ESP authentication data
ESP paylod data
38 www.ee.surrey.ac.uk/CCSR
39. Inbound Processing (zone by zone)
Outbound: IP datagram
Zone map
Plain Text (masked and concatenated)
Decryption (using ESP)
AH
SA
Cipher Text (ESP)
Authentication
ICV
AH or ESP authentication data
ESP paylod data
39 www.ee.surrey.ac.uk/CCSR
40. ESP Header
β’ Security Parameter Index:
Identifies Security Association
(SA).
β’ Sequence Number: Counts the
packet sent.
β’ Encrypted Payload Data for
Zone: contains the encrypted
payload data (IP payload data,
padding, pad length, Next
Header).
β’ Authentication Data for Zone:
Contains the Integrity Check
Values (ICV) for each zone.
40 www.ee.surrey.ac.uk/CCSR
41. Implementation and Evaluation
β’ Two different evaluations of ML-IPSec
shall be performed.
β Simulations based, to see the scalability and
reliability behaviour.
β’ Impact of network bandwidth on Performance ( SA
establishment latency, TCP throughput and delay).
β’ Impact of different data packet size on
performance and security protocol behaviour.
β Reference Implementation of ML-IPSec to
see the overhead on real network.
41 www.ee.surrey.ac.uk/CCSR
42. Testbed Experiment
Requirements
β’ Use Cases
β IP Only: running standard IP with no security.
β IPSec: running IPSec using ESP with authentication
mode enabled.
β ML-IPSec (1 Zone) = IPSec
β ML-IPSec (2 Zone)
β ML-IPSec (3 Zones)
β’ The ML-IPSec experiment will be evaluated for
processing delays, CPU overload and bandwidth
overhead
42 www.ee.surrey.ac.uk/CCSR
43. Testbed Experiment
Requirements
Processing Delay β Network speed will be fixed.
β’ The processing delay will be β Throughput and protocol
measured by taking following overhead relationship will be
studied
parameters into consideration:
β One Host pinging other Comparing CPU Overload
β Packet size will be fixed. β’ For evaluation of CPU
β Processing Time will be overhead environment will be
evaluated. configured as given below:
Bandwidth Overhead β One host generate and send
packets as fast as it can and
β One host generate and send
other counting after receiving.
packets as fast as it can and
other counting after receiving. β CPU speed will be fixed.
β Network speed will be fixed. .
β CPU speed will be fixed.
β Throughput and CPU load
relationship will be studied.
43 www.ee.surrey.ac.uk/CCSR
44. ML-IPSec Testbed
β’ Current Status
β Fedora 13 Installed
β Computers are
configured as shown
in diagram.
β’ Future Plans
β Need to configure
networkβs speed.
β Need to configure
NIST Net according
to requirements.
44 www.ee.surrey.ac.uk/CCSR
45. Simulations & Standalone
Implementation Plans
β’ NIST has performed IPSec simulations as part
of project βNIIST(NIST IPSec and IKE Simulation
Toolβ.
β’SPD: Security Policy
Database
β’SAD: Security
Association Database
β’PF_Key: Generic
Socket Key
Management API
45 www.ee.surrey.ac.uk/CCSR
47. Conclusion
β’ Intermediate gateways can have access to
partial IP datagram (e.g. TCP header) by partial
keys.
β’ Can solve the conflict between IPSec and TCP
PEPs being used in satellite networks.
β’ The current new and future networks can
improve quality of service using fair queuing,
differential services etc.
β’ IPSec problems are solved.
47 www.ee.surrey.ac.uk/CCSR