1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
IPSec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Cryptography and Network Security
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
IP Security: Security Across the Protocol Stack
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
IP Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
IPSecurity.
INF526: Secure Systems Administration
CSE 4905 IPsec.
Chapter 18 IP Security  IP Security (IPSec)
Somesh Jha University of Wisconsin
CSE 4905 IPsec II.
CSE 5/7349 – February 15th 2006 IPSec.
Presentation transcript:

1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin

2 Outline why IPSec? why IPSec? IPSec Architecture IPSec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPSec Policy IPSec Policy discussion discussion

3 IP is not Secure! IP protocol was designed in the late 70s to early 80s IP protocol was designed in the late 70s to early 80s –Part of DARPA Internet Project –Very small network All hosts are known! All hosts are known! So are the users! So are the users! Therefore, security was not an issue Therefore, security was not an issue

4 Security Issues in IP source spoofing source spoofing replay packets replay packets no data integrity or confidentiality no data integrity or confidentiality DOS attacks Replay attacks Spying and more… Fundamental Issue: Networks are not (and will never be) fully secure

5 Goals of IPSec to verify sources of IP packets to verify sources of IP packets –authentication to prevent replaying of old packets to prevent replaying of old packets to protect integrity and/or confidentiality of packets to protect integrity and/or confidentiality of packets –data Integrity/Data Encryption

6 Outline Why IPsec? Why IPsec? IPSec Architecture IPSec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPsec Policy IPsec Policy Discussion Discussion

7 The IPSec Security Model Secure Insecure

8 IPSec Architecture ESPAH IKE IPSec Security Policy Encapsulating Security Payload Authentication Header The Internet Key Exchange

9 IPSec Architecture IPSec provides security in three situations: – – Host-to-host, host-to-gateway and gateway-to-gateway IPSec operates in two modes: – –Transport mode (for end-to-end) – –Tunnel mode (for VPN)

10 IPsec Architecture Tunnel Mode Router Transport Mode

11 Various Packets IP header TCP header data IPSec header IP header Original Transport mode Tunnel mode

12 IPSec A collection of protocols (RFC 2401) A collection of protocols (RFC 2401) –Authentication Header (AH) RFC 2402 RFC 2402 –Encapsulating Security Payload (ESP) RFC 2406 RFC 2406 –Internet Key Exchange (IKE) RFC 2409 RFC 2409 –IP Payload Compression (IPcomp) RFC 3137 RFC 3137

13 Authentication Header (AH) Provides source authentication Provides source authentication –Protects against source spoofing Provides data integrity Provides data integrity Protects against replay attacks Protects against replay attacks –Use monotonically increasing sequence numbers –Protects against denial of service attacks NO protection for confidentiality! NO protection for confidentiality!

14 AH Details Use 32-bit monotonically increasing sequence number to avoid replay attacks Use 32-bit monotonically increasing sequence number to avoid replay attacks Use cryptographically strong hash algorithms to protect data integrity (96-bit) Use cryptographically strong hash algorithms to protect data integrity (96-bit) –Use symmetric key cryptography –HMAC-SHA-96, HMAC-MD5-96

15 AH Packet Details Authentication Data Sequence Number Security Parameters Index (SPI) Next header Payload length Reserved Old IP header (only in Tunnel mode) TCP header New IP header Authenticated Data Encapsulated TCP or IP packet Hash of everything else

16 Encapsulating Security Payload (ESP) Provides all that AH offers, and Provides all that AH offers, and in addition provides data confidentiality in addition provides data confidentiality –Uses symmetric key encryption

17 ESP Details Same as AH: Same as AH: –Use 32-bit sequence number to counter replaying attacks –Use integrity check algorithms Only in ESP: Only in ESP: –Data confidentiality: Uses symmetric key encryption algorithms to encrypt packets Uses symmetric key encryption algorithms to encrypt packets

18 ESP Packet Details Authentication Data Sequence Number Security Parameters Index (SPI) Next header Payload length Reserved TCP header Authenticated IP header Initialization vector Data PadPad lengthNext Encrypted TCP packet

19 Question? 1. Why have both AH and ESP? 2. Both AH and ESP use symmetric key based algorithms –Why not public-key cryptography? –How are the keys being exchanged? –What algorithms should we use? –Similar to deciding on the ciphersuite in SSL

20 Outline Why IPsec? Why IPsec? IPsec Architecture IPsec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPsec Policy IPsec Policy Discussion Discussion

21 Internet Key Exchange (IKE) Exchange and negotiate security policies Exchange and negotiate security policies Establish security sessions Establish security sessions –Identified as Security Associations Key exchange Key exchange Key management Key management Can be used outside IPsec as well Can be used outside IPsec as well

22 IPsec/IKE Acronyms Security Association (SA) Security Association (SA) –Collection of attribute associated with a connection –Is asymmetric! One SA for inbound traffic, another SA for outbound traffic One SA for inbound traffic, another SA for outbound traffic Similar to ciphersuites in SSL Similar to ciphersuites in SSL Security Association Database (SADB) Security Association Database (SADB) –A database of SAs

23 IPsec/IKE Acronyms Security Parameter Index (SPI) Security Parameter Index (SPI) –A unique index for each entry in the SADB –Identifies the SA associated with a packet Security Policy Database (SPD) Security Policy Database (SPD) –Store policies used to establish SAs

24 How They Fit Together SPD SADB SA-2 SPI SA-1

25 SPD and SADB Example FromToProtocolPortPolicy ABAnyAnyAH[HMAC-MD5] Tunnel Mode Transport Mode A C B A’s SPDFromToProtocolSPI SA Record ABAH12 HMAC-MD5 key A’s SADB DFromToProtocolPortPolicy Tunnel Dest AnyAnyESP[3DES]D C’s SPDFromToProtocolSPI SA Record ESP14 3DES key C’s SADB A sub B sub A sub B sub

26 How It Works IKE operates in two phases IKE operates in two phases –Phase 1: negotiate and establish an auxiliary end-to-end secure channel Used by subsequent phase 2 negotiations Used by subsequent phase 2 negotiations Only established once between two end points! Only established once between two end points! –Phase 2: negotiate and establish custom secure channels Occurs multiple times Occurs multiple times –Both phases use Diffie-Hellman key exchange to establish a shared key

27 IKE Phase 1 Goal: to establish a secure channel between two end points Goal: to establish a secure channel between two end points –This channel provides basic security features: Source authentication Source authentication Data integrity and data confidentiality Data integrity and data confidentiality Protection against replay attacks Protection against replay attacks

28 IKE Phase 1 Rationale: each application has different security requirements Rationale: each application has different security requirements But they all need to negotiate policies and exchange keys! But they all need to negotiate policies and exchange keys! So, provide the basic security features and allow application to establish custom sessions So, provide the basic security features and allow application to establish custom sessions

29 Examples All packets sent to address mybank.com must be encrypted using 3DES with HMAC-MD5 integrity check All packets sent to address mybank.com must be encrypted using 3DES with HMAC-MD5 integrity check All packets sent to address must use integrity check with HMAC-SHA1 (no encryption is required) All packets sent to address must use integrity check with HMAC-SHA1 (no encryption is required)

30 Phase 1 Exchange Can operate in two modes: Can operate in two modes: –Main mode Six messages in three round trips Six messages in three round trips More options More options –Quick mode Four messages in two round trips Four messages in two round trips Less options Less options

31 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ]

32 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, SA 2 ] Establish vocabulary for further communication

33 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, SA 2 ] [Header, KE, Ni, {Cert_Reg} ]

34 Phase 1 (Main Mode) InitiatorResponder Header, SA 1 [Header, SA 1 ] [Header, KE, Ni {, Cert_Req} ] [Header, KE, Nr {, Cert_Req}] Establish secret key using Diffie-Hellman key exchange Use nonces to prevent replay attacks

35 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, KE, Ni {,Cert_Req} ] [Header, KE, Nr {,Cert_Req}] [Header, IDi, {CERT} sig]

36 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, KE, Ni {, Cert_req}] [Header, KE, Nr {, Cert_req}] [Header, IDi, {CERT} sig] [Header, IDr, {CERT} sig] Signed hash of IDi (without Cert_req, just send the hash)

37 Phase 1 (Aggressive Mode) InitiatorResponder [Header, SA 1, KE, Ni, IDi]

38 Phase 1 (Aggressive Mode) InitiatorResponder [Header, SA 1, KE, Ni, IDi] [Header, SA 2, KE, Nr, IDr, [Cert]sig] [Header, [Cert]sig] First two messages combined into one (combine Hello and DH key exchange)

39 IPSec (Phase 1) Four different way to authenticate (either mode) Four different way to authenticate (either mode) –Digital signature –Two forms of authentication with public key encryption –Pre-shared key NOTE: IKE does use public-key based cryptography for encryption NOTE: IKE does use public-key based cryptography for encryption

40 IPSec (Phase 2) Goal: to establish custom secure channels between two end points Goal: to establish custom secure channels between two end points –End points are identified by : e.g. e.g. –Or by packet: e.g. All packets going to /24 e.g. All packets going to /24 –Use the secure channel established in Phase 1 for communication

41 IPSec (Phase 2) Only one mode: Quick Mode Only one mode: Quick Mode Multiple quick mode exchanges can be multiplexed Multiple quick mode exchanges can be multiplexed Generate SAs for two end points Generate SAs for two end points Can use secure channel established in phase 1 Can use secure channel established in phase 1

42 IP Payload Compression Used for compression Used for compression Can be specified as part of the IPSec policy Can be specified as part of the IPSec policy Will not cover! Will not cover!

43 Outline Why IPsec? Why IPsec? IPsec Architecture IPsec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPSec Policy IPSec Policy Discussion Discussion

44 IPsec Policy Phase 1 policies are defined in terms of protection suites Phase 1 policies are defined in terms of protection suites Each protection suite Each protection suite –Must contain the following: Encryption algorithm Encryption algorithm Hash algorithm Hash algorithm Authentication method Authentication method Diffie-Hellman Group Diffie-Hellman Group –May optionally contain the following: Lifetime Lifetime …

45 IPSec Policy Phase 2 policies are defined in terms of proposals Phase 2 policies are defined in terms of proposals Each proposal: Each proposal: –May contain one or more of the following AH sub-proposals AH sub-proposals ESP sub-proposals ESP sub-proposals IPComp sub-proposals IPComp sub-proposals Along with necessary attributes such as Along with necessary attributes such as –Key length, life time, etc

46 IPSec Policy Example In English: In English: –All traffic to /24 must be: Use pre-hashed key authentication Use pre-hashed key authentication DH group is MODP with 1024-bit modulus DH group is MODP with 1024-bit modulus Hash algorithm is HMAC-SHA (128 bit key) Hash algorithm is HMAC-SHA (128 bit key) Encryption using 3DES Encryption using 3DES In IPSec: In IPSec: –[Auth=Pre-Hash; DH=MODP(1024-bit); HASH=HMAC-SHA; ENC=3DES]

47 IPsec Policy Example In English: In English: –All traffic to /24 must use one of the following: AH with HMAC-SHA or, AH with HMAC-SHA or, ESP with 3DES as encryption algorithm and (HMAC-MD5 or HMAC-SHA as hashing algorithm) ESP with 3DES as encryption algorithm and (HMAC-MD5 or HMAC-SHA as hashing algorithm) In IPsec: In IPsec: –[AH: HMAC-SHA] or, –[ESP: (3DES and HMAC-MD5) or (3DES and HMAC-SHA)]

48 Virtual Private Networks (VPNs) Virtual Virtual –It is not a physically distinct network Private Private –Tunnels are encrypted to provide confidentiality CS dept might have a VPN CS dept might have a VPN –I can be on this VPN while traveling

49 Alice is Traveling Alice works for the mergers and acquisitions (M&A) department of takeover.com Alice works for the mergers and acquisitions (M&A) department of takeover.com She is at Hicktown taking over a meat-packing plant She is at Hicktown taking over a meat-packing plant She wants to access the M&A server at her company (confidentially of course) She wants to access the M&A server at her company (confidentially of course)

50 Alice is Traveling

51 Outline Why IPsec? Why IPsec? IPsec Architecture IPsec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPsec Policy IPsec Policy Discussion Discussion

52 Discussion IPSec is not the only solution! IPSec is not the only solution! –Security features can be added on top of IP! e.g. Kerberos, SSL e.g. Kerberos, SSL Confused? Confused? –IP, IPSec protocols are very complex! Two modes, three sub protocols Two modes, three sub protocols –Complexity is the biggest enemy of security

53 Discussion Has it been used? Has it been used? –Yes—primarily used by some VPN vendors But not all routers support it But not all routers support it –No—it is not really an end-to-end solution Authentication is too coarse (host based) Authentication is too coarse (host based) Default encryption algorithm too weak (DES) Default encryption algorithm too weak (DES) Too complex for applications to use Too complex for applications to use

54 Resources IP, IPsec and related RFCs: IP, IPsec and related RFCs: – –IPsec: RFC 2401, IKE: RFC 2409 – Google search Google search

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.