IPSec general IP Security mechanisms provides authentication confidentiality key management Applications include Secure connectivity over internet, office VPNs, across organizations e-commerce IP Security Scenario Benefits of IPSec in a firewall/router provides strong security to all traffic crossing the perimeter is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users if desired IP Security Architecture It involves various aspects such as. IPSec Document IPSec Services Security Association(SA) IPSec Documents-7groups Architecture ESP AH Encryption Algorithm Authentication Algorithm Key Management Doman of Interpretation(DoI) IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality (encryption) Limited traffic flow confidentiality Security Associations a one-way relationship between sender & receiver that affords security for traffic flow defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier has a number of other parameters seq no, AH & EH info, lifetime etc SA selectors Security policy database(SPD) contains entries each of which defines a subset of IP traffic and points to an SA Each SPD entry is defined by a set of IP and upper protocol field values called selectors The following selectors determine an SPD entry: Destination IP address, Source IP address, UserID, Datasensitivity level, Transport Layer protocol etc Transport and tunnel modes AH and ESP support two modes tunnel and transport mode Transport mode provides security for mainly upper layer protocols. Example :TCP,UDP,ICMP packet Tunnel mode provides protection for the entire packet. The entire packet travels through a tunnel from one IP to another, no routers are able to examine the inner IP. Authentication Header (AH) provides support for data integrity & authentication of IP packets end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers based on use of a MAC HMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret key Authentication Header IPSec Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len RsrvSecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert 2000 Microsoft Corporation IPSec AH Tunnel ModeData TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr AH HdrData TCP Hdr Orig IP Hdr New IP header with source & destination IP address 2000 Microsoft Corporation Encapsulating Security Payload (ESP) provides message content confidentiality & limited traffic flow confidentiality can optionally provide the same authentication services as AH supports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC most common pad to meet blocksize, for traffic flow Encapsulating Security Payload Transport vs Tunnel Mode ESP transport mode is used to encrypt & optionally authenticate IP data data protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic tunnel mode encrypts entire IP packet add new header for next hop good for VPNs, gateway to gateway security IPSec Encapsulating Security Payload (ESP) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PaddingPadLengthNextHdr Seq# Keyed Hash bytes total InitVector ESP is IP protocol 50 Insert Append 2000 Microsoft Corporation IPSec ESP Tunnel ModeData TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IP HdrIPHdr New IP header with source & destination IP address 2000 Microsoft Corporation ESP Trailer Combining Security Associations SAs can implement either AH or ESP to implement both need to combine SAs form a security bundle Security associations can be bundled in two ways : transport adjacency and iterated tunneling Authentication + confidentiality ESP with authentication option Transport mode ESP Tunnel mode ESP There are 4 basic combinations of SAs(next slide) Combining Security Associations Oakley a key exchange protocol based on Diffie-Hellman key exchange adds features to address weaknesses cookies, groups (global params), nonces, DH key exchange with authentication ISAKMP Internet Security Association and Key Management Protocol provides framework for key management defines procedures and packet formats to establish, negotiate, modify, & delete SAs independent of key exchange protocol, encryption alg, & authentication method ISAKMP ISAKMP Payload Types Hash-{Hash Data} Proposal-{Proposal#,Protocol ID,SPI size,# of transform} Transform-{Transform #, Transform ID,SA attribute} Key Exchange-{Key Exchange Data} Identification-{ID Type,ID Data} Signature(SIG)-{Signature Data} etc. ISAKMP Exchanges-5 default exchanges Base Exchange min imizes no: of exchanges no ID protection use nounce-replay attack Identity Protection Exchange session keys-encrypted message containing authentication information. ie,DS and certificates validating public keys Authentication only Exchange Mutual authentication without key exchange Aggressive Exchange min imizes no: of exchanges no ID protection Informational Exchange-Error/status notification/deletion Summary have considered: IPSec security framework AH ESP key management & Oakley/ISAKMP