7. IP Security (Ipsec) Overview
• General framework that allows a pair of communicating entities to
use a set of algorithm for secure communication.
• Not a single protocol but Protocol suite for securing Internet Protocol
(IP) communications by
authenticating
encrypting
each IP packet of a communication session.
• includes protocols for establishing mutual authentication between a
pair of communicating entities at the
beginning of the session
negotiation of cryptographic keys to be used during the session.
Blekinge Institute of Technology
Network Security
7
8. IP Security Overview
• Encrypt and/or authenticate all traffic at IP level. Thus, applications,
e-mail, file transfer, WEB access can be secured.
Applications do not need to be specifically designed to use IPsec.
• Applications of IPSec/VPN
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing connectivity with partners
Enhancing electronic commerce security
Blekinge Institute of Technology
Network Security
8
10. IP Security Overview
• Benefits of IPSec
Transparent to applications (below transport layer (TCP, UDP))
Provide security for individual users
• IPSec can assure that:
A router or neighbor advertisement comes from an authorized router
A redirect message comes from the router to which the initial packet was
sent
A routing update is not forged
Blekinge Institute of Technology
Network Security
10
11. IP Security Architecture
• IPSec documents:
RFC 2401: An overview of security architecture
RFC 2402: Description of a packet authentication extension to IPv4 and
IPv6
RFC 2406: Description of a packet encryption extension to IPv4 and
IPv6
RFC 2408: Specification of key management capabilities
• IPsec uses the following protocols to perform various functions
Authentication Headers (AH)
Encapsulating Security Payloads (ESP)
Security associations (SA)
Blekinge Institute of Technology
Network Security
11
12. IPSec modes of operation
• IPSec can be implemented in a
host-to-host transport mode
– Only the payload of the IP packet is encrypted and/or authenticated.
– The routing is intact, since the IP header is neither modified nor encrypted.
– Transport mode is used for host-to-host communications.
network tunnel mode
– The entire IP packet is encrypted and/or authenticated. It is then encapsulated
into a new IP packet with a new IP header.
– Tunnel mode is used to create virtual private networks (VPN) for network-to-
network communications (e.g. between routers to link sites), host-to-network
communications (e.g. remote user access), and host-to-host communications
(e.g. private chat).
Blekinge Institute of Technology
Network Security
12
13. Security associations (SA)
• A security association is simply the bundle of algorithms and
parameters (such as keys)
used to encrypt and authenticate a particular flow in one direction (AH and/or ESP
operations).
In bi-directional traffic, the flows are secured by a pair of security associations.
• Security associations are established using the ISAKMP (Internet
Security Association and Key Management Protocol)
ISAKMP defines the procedures for authenticating a communicating peer, creation
and management of Security Associations, key generation techniques, and threat
mitigation (e.g. denial of service and replay attacks).(From Wikipedia)
Blekinge Institute of Technology
Network Security
13
14. Security Associations (SA)
• A one way relationship between a sender and a receiver.
• To decide what protection - for an outgoing packet, Ipsec is
identified by three parameters:
Security Parameter Index (SPI)
IP Destination address
Security Protocol Identifier (is it an AH or an ESP?)
(Similar procedure for an incoming packet)
Blekinge Institute of Technology
Network Security
14
15. SA Parameters
• A SA is defined by the following parameters:
Sequence Number Counter
Sequence Counter Overflow
Anti-replay Window
AH Information
ESP Information
Lifetime of this SA
IPSec protocol mode (Tunnel or Transport?)
Path MTU
Blekinge Institute of Technology
Network Security
15
26. Encapsulating Security Payload
• Provides
origin authenticity
integrity
confidentiality protection of packets.
• ESP supports encryption-only and authentication-only
using encryption without authentication is strongly discouraged
because it is insecure
• ESP does not protect the IP packet header.
• Tunnel Mode :
the entire original IP packet is encapsulated with a new packet
header added
ESP protection is afforded to the whole inner IP packet (including
the inner header) while the outer header remains unprotected.
• ESP provides confidentiality services
Blekinge Institute of Technology
Network Security
26
28. Encryption and Authentication Algorithms
• Encryption:
Three-key triple DES
RC5
IDEA
Three-key triple IDEA
CAST
Blowfish
AES
NULL
• Authentication:
HMAC-MD5-96
HMAC-SHA-1-96
Blekinge Institute of Technology
Network Security
28
29. ESP Encryption and Authentication
Blekinge Institute of Technology
Network Security
29
30. ESP Encryption and Authentication
Blekinge Institute of Technology
Network Security
30
31. IPsec Operation Matrix
Transport Mode SA Tunnel Mode SA
AH Authenticates IP payload Authenticates entire inner
and selected portions of IP IP packet plus selected
header and IPv6 extension portions of outer IP header
headers
ESP Encrypts IP payload and any Encrypts inner IP packet
IPv6 extension header
ESP with Encrypts IP payload and any Encrypts inner IP packet .
authentication IPv6 extension header. Authenticates inner IP
Authenticates IP payload but packet
no IP header
Blekinge Institute of Technology
Network Security
31
32. Internet Key Exchange
• Involves the determination and distribution of secret keys
Require four keys : transmit and recieve pairs for both integrity and
confidentiality.
• Two types:
Manual : System administrator manually configures each system with its
own keys and with keys of other communicating system
Automated : Enables on-demand creation of keys for SAs
– Oakley Key Determination Protocol
– Internet Security Association and Key Management Protocol (ISAKMP)
Blekinge Institute of Technology
Network Security
32
33. Internet Key Exchange
• Key Management Protocols
• Oakley Key Determination Protocol : (Reading Assignment)
The Oakley Key Determination Protocol is a key-agreement protocol that
allows authenticated parties to exchange keying material across an
insecure connection using the Diffie-Hellman key exchange algorithm.
Based on Diffie-Hellman algorithm
Generic : doesn’t provide specific format
• Internet Security Association and Key Management Protocol
(ISAKMP)
The ISAKMP provides a framework for authentication and key exchange,
with actual authenticated keying material
Provides a framework for Internet Key management
Provides specific protocol support such as formats
Blekinge Institute of Technology
Network Security
33
34. ISAKMP
• A protocol defined for establishing Security Associations (SA) and
cryptographic keys in an Internet environment.
• ISAKMP only provides a framework for authentication and key
exchange and is designed to be key exchange independent;
protocols
• ISAKMP defines the procedures
for authenticating a communicating peer
creation and management of Security Associations
key generation techniques,
threat mitigation (e.g. denial of service and replay attacks).
Blekinge Institute of Technology
Network Security
34
35. ISAKMP
• ISAKMP defines payloads for exchanging key generation and
authentication data.
• ISAKMP is distinct from key exchange protocols
There may be many different key exchange protocols, each with
different security properties.
– common framework is required for agreeing to the format of SA attributes, and
for negotiating, modifying, and deleting SAs.
ISAKMP serves as this common framework.
Blekinge Institute of Technology
Network Security
36. ISAKMP
• A Preliminary SA is formed using this protocol; later a fresh keying is
done.
• ISAKMP can be implemented over any transport protocol.
• All implementations must include send and receive capability for
ISAKMP using UDP on port 500.
Blekinge Institute of Technology
Network Security
38. ISAKMP Payload Types
• Key Exchange Payload
• Certificate Payload (transfers a public key certificate)
• Notification Payload (error messages)
• Responder-Lifetime
• Hash Payload
• Signature Payload
Blekinge Institute of Technology
Network Security
38
39. Internet Key Exchange
• Three authentication methods
Digital signatures :(Reading Assignment)
– a mathematical scheme for demonstrating the authenticity of a
digital message or document
• Exchange is authenticated by signing a mutually obtainable hash
• Each party encrypts the hash with its private key
• Hash is generated over important parameters such as user ID
Public Key Encryption
– The exchange is authenticated by encrypting parameters such as
Ids with senders private key
Symmetric Key Encryption
– A key derived by some mechanism can be used to authenticate the
exchange by symmetric encryption of exchange parameters.
Blekinge Institute of Technology
Network Security
39
40. Public-Key Encryption
Public-key encryption
– involves the use of asymmetric key algorithms
– does not require a secure initial exchange of one or more secret
keys to both sender and receiver.
– related key pair: a secret private key and a published public key.
Blekinge Institute of Technology
Network Security
43. Symmetric Key Cryptography
Symmetric-key encryption
– Uses identical, cryptographic keys for both decryption and encryption
etc.
– shared secret between two or more parties that can be used to
maintain a private information link.
– Other terms for symmetric-key encryption are single-key, shared-key,
one-key encryption.
– Symmetric-key algorithms can be divided into
• stream ciphers: Stream ciphers encrypt the bits of the message one at a
time
• block ciphers: block ciphers take a number of bits and encrypt them as a
single unit. Blocks of 64 bits have been commonly used.
Blekinge Institute of Technology
Network Security
43
45. Interesting Research Areas
• DoS attacks
Resource exhaustion
• Policy conflicts
SA bundles
• Additional Readings
http://www.unixwiz.net/techtips/iguide-ipsec.html
http://technet.microsoft.com/en-us/network/bb531150
http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm
http://technet.microsoft.com/en-us/library/bb742429.aspx (If you are
interested in practical)
Blekinge Institute of Technology
Network Security
45