IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security: Security Across the Protocol Stack
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.
Karlstad University IP security Ge Zhang
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 IPv6 Security & QoS Babu Ram Dawadi. 2 Outline IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 IPSec: Security at the IP Layer Rocky K. C. Chang 15 March 2007.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
IP Security (IPSec) Authentication Header (AH) Dr Milan Marković.
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
CSE 4905 IPsec.
Chapter 16 – IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom.
IT443 – Network Security Administration Instructor: Bo Sheng
IPSec IPSec is communication security provided at the network layer.
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
IP Security and VPN Most of the slides are derived from the slides (Chapter-8) by the authors of «Computer Networking: A Top Down Approach», and from the.
CSCE 815 Network Security Lecture 13
Virtual Private Networks (VPNs)
IP Security Using IPSec in Windows 2000 and XP, Part 1 Chris Weber
CSE 5/7349 – February 15th 2006 IPSec.
Cryptography and Network Security
Presentation transcript:

IP Security

n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that cut across protocol layers n Would like security implemented by the network for all applications

IPSec n General IP Security mechanisms n Provides u authentication u confidentiality u key management n Applicable to use over LANs, across public & private WANs, & for the Internet

IPSec Uses Transparency

Benefits of IPSec n In a firewall/router provides strong security to all traffic crossing the perimeter n In a firewall/router is resistant to bypass n Is below transport layer, hence transparent to applications n Can be transparent to end users n Can provide security for individual users n Secures routing architecture

IP Security Architecture n Specification is quite complex n Defined in numerous RFC’s u incl. RFC 2401/2402/2406/2408 u many others, grouped by category n Mandatory in IPv6, optional in IPv4 n Have two security header extensions:  Authentication Header (AH)  Encapsulating Security Payload (ESP)

Architecture & Concepts n Tunnel vs. Transport mode n Security association (SA) u Security parameter index (SPI) u Security policy database (SPD) u SA database (SAD) n Authentication header (AH) n Encapsulating security payload (ESP) n Practical Issues w/ NAT

AB Encrypted Tunnel Gateway 1Gateway 2 New IP Header AH or ESP Header TCPDataOrig IP Header Encrypted Unencrypted Transport Mode vs. Tunnel Mode n Transport mode: host -> host n Tunnel mode: host->gateway or gateway->gateway

Transport Mode n ESP protects higher layer payload only n AH can protect IP headers as well as higher layer payload IP header IP options IPSec header Higher layer protocol ESP AH Real IP destination

Tunnel Mode n ESP applies only to the tunneled packet n AH can be applied to portions of the outer header Outer IP header Inner IP header IPSec header Higher layer protocol ESP AH Real IP destination Destination IPSec entity

Security Association - SA n Defined by 3 parameters: u Security Parameters Index (SPI) u IP Destination Address u Security Protocol Identifier n Have a database of Security Associations n Determine IPSec processing for senders n Determine IPSec decoding for destination n SAs are not fixed! Generated and customized per traffic flows

Security Parameters Index - SPI n Can be up to 32 bits large n The SPI allows the destination to select the correct SA under which the received packet will be processed u According to the agreement with the sender u The SPI is sent with the packet by the sender n SPI + Dest IP address + IPSec Protocol (AH or ESP) uniquely identifies a SA

SA Database - SAD n Holds parameters for each SA u Lifetime of this SA u AH and ESP information u Tunnel or transport mode n Every host or gateway participating in IPSec has their own SA database

Security Policy Database - SPD n What traffic to protect? n Policy entries define which SA or SA bundles to use on IP traffic n Each host or gateway has their own SPD n Index into SPD by Selector fields u Dest IP, Source IP, Transport Protocol, IPSec Protocol, Source & Dest Ports, …

SPD Entry Actions n Discard u Do not let in or out n Bypass u Outbound: do not apply IPSec u Inbound: do not expect IPSec n Protect – will point to an SA or SA bundle u Outbound: apply security u Inbound: check that security must have been applied

SPD Protect Action n If the SA does not exist… u Outbound processing: use IKE to generate SA dynamically u Inbound processing: drop packet

Is it for IPSec? If so, which policy entry to select? … SPD (Policy) … SA Database IP Packet Outbound packet (on A) AB SPI & IPSec Packet Send to B Determine the SA and its SPI IPSec processing Outbound Processing

Use SPI to index the SAD … SA Database Original IP Packet SPI & Packet Inbound packet (on B) AB From A Inbound Processing … SPD (Policy) Was packet properly secured? “un-process”

Architecture & Concepts n Tunnel vs. Transport mode n Security association (SA) u Security parameter index (SPI) u Security policy database (SPD) u SA database (SAD) n Authentication header (AH) n Encapsulating security payload (ESP) n Practical Issues w/ NAT

Authenticated Header n Data integrity u Entire packet has not been tampered with n Authentication u Can “trust” IP address source u Use MAC to authenticate F Symmetric encryption, e.g, DES F One-way hash functions, e.g, HMAC-MD5-96 or HMAC- SHA-1-96 n Anti-replay feature n Integrity check value

… SAD SPI Sequence Number ICV Next Header (TCP/UDP) Payload Length Reserved IPSec Authenticated Header Length of the authentication header

Integrity Check Value - ICV n Keyed Message authentication code (MAC) calculated over u IP header field that do not change or are predictable F Source IP address, destination IP, header length, etc. F Prevent spoofing F Mutable fields excluded: e.g., time-to-live (TTL), IP header checksum, etc. u IPSec protocol header except the ICV value field u Upper-level data n Code may be truncated to first 96 bits

AH: Tunnel and Transport Mode n Original n Transport Mode u Cover most of the original packet n Tunnel Mode u Cover entire original packet

Encapsulating Security Payload (ESP) n Provide message content confidentiality n Provide limited traffic flow confidentiality n Can optionally provide the same authentication services as AH n Supports range of ciphers, modes, padding u Incl. DES, Triple-DES, RC5, IDEA, CAST etc u A variant of DES most common u Pad to meet blocksize, for traffic flow

ESP: Tunnel and Transport Mode n Original n Transport Mode u Good for host to host traffic n Tunnel Mode u Good for VPNs, gateway to gateway security

Outbound Packet Processing n Form ESP header u Security parameter index (SPI) u Sequence number n Pad as necessary n Encrypt result [payload, padding, pad length, next header] n Apply authentication (optional) u Allow rapid detection of replayed/bogus packets u Integrity Check Value (ICV) includes whole ESP packet minus authentication data field

SPI Sequence Number Original IP Header Integrity Check Value Authentication coverage Encrypted Payload (TCP Header and Data) Variable Length Pad Length Padding (0-255 bytes) Next Header ESP Transport Example

Inbound Packet Processing... n Sequence number checking u Duplicates are rejected! n Packet decryption u Decrypt quantity [ESP payload,padding,pad length,next header] per SA specification u Processing (stripping) padding per encryption algorithm u Reconstruct the original IP datagram n Authentication verification (optional) u Allow potential parallel processing - decryption & verifying authentication code

Architecture & Concepts n Tunnel vs. Transport mode n Security association (SA) u Security parameter index (SPI) u Security policy database (SPD) u SA database (SAD) n Authentication header (AH) n Encapsulating security payload (ESP) n Practical Issues w/ NAT

NATs n Network address translation = local, LAN-specific address space translated to small number of globally routable IP addresses n Motivation: u Scarce address space u Security: prevent unsolicited inbound requests n Prevalence of NATs u Claim: 50% of broadband users are behind NATs u All Linksys/D-Link/Netgear home routers are NATs

NAT types n All use net-10/8 (10.*.*.*) or /16 n Address translation n Address-and-port translation (NAPT) u most common form today, still called NAT u one external (global) IP address n Change IP header and TCP/UDP headers

NAT Example IAP’s Point of Presence Router with NAT External IP: Internal IP: Router assigns internal IPs to hosts on LAN : A: B: C: ABC Messages sent between host B to another host on the Internet Host B original source socket: port 1341 Host B translated socket: port 5280

Will IPSec Work with NAT ? n Consider both AH and ESP protocols. n Consider both transport and tunnel modes. For tunnel mode, consider the following two cases u Sender – NAT – IPSec Gateway 1 – IPSec Gateway 2 – Receiver u Sender – IPSec Gateway 1 – NAT – IPSec Gateway 2 – Receiver n What about w/o port # translation?

Backup Slides

Combining Security Associations n SA’s can implement either AH or ESP n to implement both need to combine SA’s  form a security association bundle  may terminate at different or same endpoints  combined by  transport adjacency  iterated tunneling n issue of authentication & encryption order

Combining Security Associations

SA Bundle n More than 1 SA can apply to a packet n Example: ESP does not authenticate new IP header. How to authenticate? u Use SA to apply ESP w/o authentication to original packet u Use 2 nd SA to apply AH

Outbound Packet Processing... n Integrity Check Value (ICV) calculation u ICV includes whole ESP packet minus authentication data field u Implicit padding of ‘0’s between next header and authentication data is used to satisfy block size requirement for ICV algorithm

Inbound Packet Processing n Sequence number checking u Anti-replay is used only if authentication is selected u Sequence number should be the first ESP check on a packet upon looking up an SA u Duplicates are rejected! 0 Sliding Window size >= 32 reject Check bitmap, verify if new verify

Anti-replay Feature n Optional n Information to enforce held in SA entry n Sequence number counter - 32 bit for outgoing IPSec packets n Anti-replay window u 32-bit u Bit-map for detecting replayed packets

Anti-replay Sliding Window n Window should not be advanced until the packet has been authenticated n Without authentication, malicious packets with large sequence numbers can advance window unnecessarily u Valid packets would be dropped!

ESP Processing - Header Location... n Tunnel mode IPv4 and IPv6 New IP hdr Orig IP hdr TCPData ESP trailer ESP Auth ESP hdr New ext hdr New IP hdr TCPData ESP trailer ESP Auth Orig IP hdr ESP hdr Orig ext hdr IPv4 IPv6

Key Management n Handles key generation & distribution n Typically need 2 pairs of keys u 2 per direction for AH & ESP n Manual key management u Sysadmin manually configures every system n Automated key management u Automated system for on demand creation of keys for SA’s in large systems