09-09-16

1

1

Ola Flygt Växjö University, Sweden

http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security

2

Outline

 Internetworking and Internet Protocols (Appendix 6A)

 IP Security Overview  IP Security Architecture  Authentication Header  Encapsulating Security Payload  Combinations of Security Associations  Key Management

09-09-16

2

3

TCP/IP Example

4

IPv4 Header

09-09-16

3

5

IPv6 Header

6

IP Security Overview

IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms the decide will provide the security appropriate for the communication.

09-09-16

4

7

IP Security Overview

 Applications of IPSec  Secure branch office connectivity over the

Internet  Secure remote access over the Internet  Establishing extranet and intranet

connectivity with partners  Enhancing electronic commerce security

8

IP Security Scenario

09-09-16

5

9

IP Security Overview

 Benefits of IPSec  Transparent to applications (below transport

layer (TCP, UDP)  Provide security for individual users

 Additionally, IPSec can assure that:  A router or neighbour advertisement comes from

an authorized router  A redirect message comes from the router to

which the initial packet was sent  A routing update is not forged

10

IP Security Architecture

 IPSec documents:  RFC 2401: An overview of security

architecture  RFC 2402: Description of a packet

authentication extension to IPv4 and IPv6  RFC 2406: Description of a packet

encryption extension to IPv4 and IPv6  RFC 2408: Specification of key

management capabilities

09-09-16

6

11

IPSec Document Overview

12

IPSec Services

 Access Control  Connectionless integrity  Data origin authentication  Rejection of replayed packets  Confidentiality (encryption)  Limited traffic flow confidentiality

09-09-16

7

13

Security Associations (SA)

 A one way relationship between a sender and a receiver.

 Identified by three parameters:  Security Parameter Index (SPI)  IP Destination address  Security Protocol Identifier

14

Transport Mode SA Tunnel Mode SA

AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers

Authenticates entire inner IP packet plus selected portions of outer IP header

ESP Encrypts IP payload and any IPv6 extension header

Encrypts inner IP packet

ESP with authentication

Encrypts IP payload and any IPv6 extension header. Authenticates IP payload but no IP header

Encrypts inner IP packet. Authenticates inner IP packet.

09-09-16

8

15

Before applying AH

16

Transport Mode (AH Authentication)

09-09-16

9

17

Tunnel Mode (AH Authentication)

18

Authentication Header

  Provides support for data integrity and authentication (MAC code) of IP packets.

 Guards against replay attacks.

09-09-16

10

19

End-to-end versus End-to-Intermediate Authentication

20

Encapsulating Security Payload

 ESP provides confidentiality services

09-09-16

11

21

Encryption and Authentication Algorithms

 Encryption:  Three-key triple DES  RC5  IDEA  Three-key triple IDEA  CAST  Blowfish

 Authentication:  HMAC-MD5-96  HMAC-SHA-1-96

22

ESP Encryption and Authentication

09-09-16

12

23

ESP Encryption and Authentication

24

Combinations of Security Associations

09-09-16

13

25

Combinations of Security Associations

26

Combinations of Security Associations

09-09-16

14

27

Combinations of Security Associations

28

Key Management

 Two types:  Manual  Automated

 Oakley Key Determination Protocol  Internet Security Association and Key

Management Protocol (ISAKMP)

09-09-16

15

29

Internet Key Exchange (IKE)

 IKE=ISAKMP+Oakley  automated system for on-demand creation and

distribution of keys for enabling SA’s in large

systems in a protected manner

 Typically SAs need 2 pairs of keys  2 per direction for AH & ESP

 Perfect forward secrecy desired D-H

30

Oakley

 A key exchange protocol based on Diffie-Hellman key exchange

 Adds features to address weaknesses   cookies, groups (global parameters), nonces, DH key exchange

with authentication   Cookie generation criteria:

  must depend on the specific parties   must not be possible for anyone other than the issuing entity to

generate cookies that will be accepted by that entity   cookie generation function must be fast to thwart attacks

intended to sabotage CPU resources   a hash over the IP source & destination address, the UDP source

and destination ports and a locally generated secret random value

09-09-16

16

31

Oakley

 Three authentication methods:  Digital signatures  Public-key encryption  Symmetric-key encryption

32

ISAKMP Internet Security Association and Key Management Protocol

  Provides framework for key management   Defines procedures and packet formats to establish,

negotiate, modify, & delete SAs   Independent of key exchange protocol, encryption

alg., & authentication method

  Phase 1: ISAKMP peers establish bi-directional secure channel using main mode or aggressive mode

  Phase 2: negotiation of security services for IPSec (maybe for several SAs) using quick mode; can have multiple Phase 2 exchanges, e.g., to change keys

09-09-16

17

33

ISAKMP

34

ISAKMP Payload Types

09-09-16

18

35

ISAKMP Exchange Types