IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter
What is IPsec? A collection of protocols for securing Internet Protocol (IP) communications by encrypting and authenticating all IP packets 1 Progressive standard Defined in RFC 2401 thru 2409 Purpose: –To protect IP packets –To provide defense against network attacks 1: From wikipedia.org
What is IPsec? (cont) Created November 1998 Created by the Internet Engineering Task Force (IETF) Deployable on all platforms –Windows –Unix –Etc.. Can be implemented and deployed on: –End hosts –Gateways –Routers –Firewalls
Protection Against Attacks Layer 3 (network) protection Protects from: –sniffers by encrypting data –data modifications by using cryptography based checksums –identity spoofing, denial of service, application layer, and password based attacks through mutual authentication –man in the middle attacks by mutual authentication and cryptography based keys
How IPsec Works Services Protocol Types Key Protection Components Policy Based Security Model Example
How IPsec Works: Services Security Properties –Non-repudiation & Authentication Public key certificate based authentication Pre-shared key authentication –Anti-replay Key management Diffie-Hellman Algorithm, Internet Key Exchange (IKE) –Integrity Hash message authentication codes (HMAC) –Confidentiality Public key cryptography
How IPsec Works: Protocol Types Authentication header (AH) –Authentication, integrity, and anti-replay –Placed between the IP layer and the transport layer
Header Fields Protection
How IPsec Works: Protocol Types (cont.) Encapsulating security payload (ESP) –Provides confidentiality in addition to what AH provides –Has: Header Trailer Authentication Trailer
Header Fields Protection
How IPsec Works: Components IPsec Policy Agent Service Diffie-Hellman Algorithm Internet Key Exchange (IKE) Security Association (SA) –Phase 1 SA –Phase 2 SA IPsec Driver
How IPsec Works: Key Protection Key lifetimes Session key refresh limit Perfect forward security (PFS)
How IPsec Works: Policy Based Security Rules Filter list Filter actions Policy Inheritance Authentication
How IPsec Works: Model Example
Practical Implementations LANs, WANs, and remote connections –VPNs for remote access –Dial-up setting to private networks –Where data security is critical Example: Hospital with patient data Businesses with multiple sites
Suggested Readings lanning/security/ipsecsteps.asphttp:// lanning/security/ipsecsteps.asp Microsoft Windows 2000 Server TCP/IP Core Networking Guide