1 IP SECURITY. 2 IPSec Three Functional Areas zIPSec encompasses three functions, yAuthentication...
-
Upload
blaze-ford -
Category
Documents
-
view
218 -
download
0
Transcript of 1 IP SECURITY. 2 IPSec Three Functional Areas zIPSec encompasses three functions, yAuthentication...
1
IP SECURITYIP SECURITY
2
IPSec Three Functional Areas IPSec encompasses three functions,
Authentication Identify the Source address, i.e., against the forgers. Against alteration (Plaintext transmit only)
Confidentiality Prevent eavesdropping by 3rd party (ciphertext transmit)
Key management Exchange the secret keys securely.
3
IPSec Overview
Flexibility Not a sigle protocol
(Security algorithms decided by the pair of comm. entites) + (General framework)
Transparent to applications Encrypt and/or all traffic at the IP level. All the distributed applications could be secured.
4
Applications Secure branch office connectivity over the Internet Secure remote access over the Internet Establsihing extranet and intranet connectivity with
partners Enhancing electronic commerce security
5
IPSec Scenario
Encrypt and compress
Individual user is available
6
IPSec Document Overview
Domain of Interpretation
RFC-2406 RFC-2402
RFC-2401
RFC-2403,4HMAC-SHA-1HMAC-MD5
RFC-2403~53DES-CBCCAST
7
Security Association (SA)
A one-way relationsship between a sender and a receiver that specifies the parameters to the traffic carried.
Who to protect the traffic, what traffic to be protected and with whom the protection is performed.
Typically, SAs exist in pairs, one in each direction.
SAs reside in the Security Association Database.
8
Identified by three parameters:
Security Parameter Index (SPI) Bit string assigned to the certain SA, local sinificant
only. Carried in AH or ESP heades
IP Destination address Unicast addresses only
Security Protocol Identifier Indicate whether it’s a AH or ESP.
9
Security Association Database (SAD) Defines the parameters associated within each
SA.
The functionality provided by a SAD must be present in IPSec, however, the way it presents is depends on the implementor.
10
SA 8-Parameter in SAD
Sequence Number Counter 32-bit value Use to generate the sequence number in AH or ESP
header
Sequence Counter overflow If overflow, generate an auditable event and
terminate such a SA.
Anti-Replay Window Determine whether an inbound AH or ESP packet is
replay.
11
AH Information All the details of authentication algorithm within this
SA.
ESP Information All the details of the Encryption algorithm within this
SA.
Lifetime of this Security Association
IPSec protocol Mode Tunnel, Transport, or wildcard.
Path MTU
12
Anti-Replay Mechanism
Sequence number (Sender) 1. The sender initialized a sequence number counter
once a new SA is established.
2. The sender will increase the sequence number by one once a packet is sent on this SA till the limit, (232 – 1), is reached.
3. The sender should terminate a SA in which the sequence number is maximum and negotiate a new SA with a new key.
13
Sliding receive window (Receiver)Advance the window if the validpacket to the “right” is received
Fixed window size
Unmarked if valid packet not yet received
irretrievably lost
14
Security Policy Database (SPD)
Maintain the IPSec policies.
Each entry defines, Which IP traffic to be protected,
IP traffic selectors IPSec policy. (SPD)
How to protect it. One of three actions to take upon IP traffic match
Discard Bypass Apply An SA or a bundle of SAs.
With whom the protection is shared
15
Map to the SAD. (per packet or per SPD entry). In other words, points to an SA for a certain IP traffic.
16
SA 10-Selector in SPD
Destination IP address Source IP address UserID Data Sensitivity level Transport layer protocol IPSec protocol Source and Destination ports IPv6 class IPv6 Flow label IPv4 Type of Service(TOS)
17
IPSec
SA AH or ESP or ESP/AH
AH Authenticated only, i.e., the payload of the IP packet
will be transmitted in “plaintext”.
ESP Authentication is an option. Ciphertext
Each AH and ESP has two modes Transport Tunnel
18
Transport Mode vs. Tunnel Mode
Transport mode Only the IP payload will be protected. Origin IP address is the outbound address.
Tunnel mode The entire IP packet (including IP address) will be
protected. A router or firewall’s IP address will be the destination
address instead.
19
Authentication Header (AH)
Design to provide Integrity Authentication
Does not support Confidentiality
Guards against the replay attack
20
AH Fields
Next header: Identify the type of the next header. IP protocol number for AH is 51.
Payload length: {[Total length of AH (in word) ] – 2 } In default case, the length is 4.
Reserved For future usage.
SPI: Identifies a SA
Sequence number: a monotonically increasing counter for anti-replay.
21
Authentication data: contains Integrity check value (ICV) or message
authentication code (MAC) HMAC-MD5-96 HMAC-SHA-1-96
22
MAC Calculation
IP header immutable : available mutable but predictable : available mutable but unpredictable : set to zero
TOS, Flags, TTL, IP hdr checksum, fragment offset
AH header Other than the Authentication Data field. Namely, set that field to zero.
IP payload immutabel.
23
Mutable Field in IPv4 Format
Total length
Fragment Offset
0 4 8 16 19 31
Flag
Ver TOSIHL
Identification
ProtocolTTL Header Checksum
Source Address
Destination Address
Options + Padding
24
Mutable Fields in IPv6 Format
Flow Label
Next hdr
Traffic ClassVer
Payload length Hop limit
Source Address
Destination Address
0 4 8 16 19 31
4-word
4-word
Extension Header
25
IPv6 with Extension Headers
IPv6 Header
Hop-by-Hop opt. hdr
Destination Opt. hdr
Routing Header
Fragment Header
AH
ESP
Destination Opt. hdr
26
AH Format
Payload LengthNext Header
Security Parameters Index (SPI)
Sequence Number
Authentication Data (variable)
0 8 16 31
Reserved
27
Origin IPv4 and IPv6
Orig IPhdr
TCP DataIPv4
Orig IPhdr
TCP DataExtension headers
(If present)IPv6
28
Transport Mode AH
Authenticated except for mutable fields
Orig IPhdr
AH TCP DataIPv4
Orig IPhdr
dest TCP DataAHHop-by-hop, dest,routing, fragment
IPv6
Authenticated except for mutable fields
29
Tunnel Mode AH
Orig IPhdr
AH TCP Data
Authenticated except formutable fields in the new IP hdr
IPv4New IP
hdr
IPv6
Authenticated except for mutable fieldsin the new IP hdr and its extension hdrs
Orig IPhdr
TCP DataAHExtensionheaders
New IPhdr
Extensionheaders
IP TCP DataIPv4
30
AH Approach
Transport SA
Tunnel SA
Transport SA
31
Encapsulating Security Payload (ESP)
ESP Provide confidentiality only.
ESP/AH Support both encryption and authentication
32
ESP Fields
Security parameters index (SPI) Identifies a certain SA
Sequence number The same as in AH
Payload data protected by encryption
Padding Encryption algorithm
Next header Identifies the type of data contained in the payload. IP protocol number is 50.
Authentication data MAC computes over the (ESP packet – Authentication Data)
33
ESP Format
Payload Data (variable)
Pad Length Next Header
Security Parameters Index (SPI)
Sequence Number
Padding (0-255 bytes)
Authentication Data (variable)
0 16 24 31
Aut
hent
icat
ion
cove
rage
Con
fide
ntia
lity
cov
erag
e
34
Encryption and Authentication in ESP
Encryption algorithm The cryptographic synchronization (IV) may be
carried at the beginning of the payload Although being part of the ciphertext, IV won’t, in
general, be encrypted. Essential : DES in CBC mode Others : 3DES, RC5, IDEA, 3IDEA, CAST, Blowfish
symmetric key encryption
Authentication algorithm The same as in AH. Ciphertext+ ESP tailer
35
Transport Mode ESP
Orig IPhdr
ESPhdr
TCP DataESPtrlr
ESPauth
Orig IPhdr
dest TCP DataESPtrlr
ESPauth
ESPhdr
Hop-by-hop, dest,routing, fragment
IPv4
IPv6
Authenticated
Encrypted
Authenticated
Encrypted
IP TCP DataIPv4
36
Tunnel Mode ESP
Orig IPhdr
ESPhdr
TCP DataESPtrlr
ESPauth
new IPhdr
extheaders TCP Data
ESPtrlr
ESPauth
ESPhdr
extheaders
IPv4
IPv6
Authenticated
Encrypted
Authenticated
Encrypted
new IPhdr
orig IPhdr
IP TCP DataIPv4
37
ESP Approach
VPN via Tunnel Mode
Transport-level security
38
Functionality of Tunnel and Transport Mode
Transport Mode SA Tunnel Mode SA
AHAuthenticates IP payload and selected portions of IP header and IPv6 extension headers
Authenticates entire inner IP packet plus selected portions of outer IP header and outer IPv6 extension headers
ESPEncrypts IP payload and any IPv6 extesion header following the ESP header
Encrypts inner IP packet
ESP/AH
Encrypts IP payload and any IPv6 extesion header following the ESP header. Authenticates IP payload but no IP header
Encrypts inner IP packet. Authenticates inner IP packet.
39
IPSec Services Summary
AH ESP ESP/AH
Access control
Integrity
Authentication
Anti-replay
Confidentiality
Limited traffic flow confidentiality