Implementing and Testing IPsec: NIST’s Contributions and Future Developments Sheila Frankel Systems and Network Security Group NIST

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Cryptography and Network Security
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
IP Security: Security Across the Protocol Stack
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.
Advanced Unix 25 Oct 2005 An Introduction to IPsec.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
Karlstad University IP security Ge Zhang
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
Internet Key Exchange IKE ● RFC 2409 ● Services – Constructs shared authenticated keys – Establishes shared security parameters – Common SAs between IPSec.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
NIST’s IPsec Web-Based Interoperability Tester (IPsec-WIT) Sheila Frankel NIST Computer Security Division
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
Securing Access to Data Using IPsec Josh Jones Cosc352.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
IT443 – Network Security Administration Instructor: Bo Sheng
Sheila Frankel Systems and Network Security Group, ITL
Presentation transcript:

Implementing and Testing IPsec: NIST’s Contributions and Future Developments Sheila Frankel Systems and Network Security Group NIST

RSA Jan. 20, IPsec : Security a) foundation : house b) hammer : nail c) electron : chemistry d) government : progress An SAT-type Analogy: The Question

RSA Jan. 20, Topics Overview of IPsec NIST’s IPsec Reference Implementations NIST’s IPsec Web-Based Interoperability Tester (IPsec-WIT) Current Status of IPsec Future Directions of IPsec

RSA Jan. 20, At Which Network Layer Should Security Be Provided? Application Layer Transport (Sockets) Layer Internet Layer

RSA Jan. 20, Why Internet Layer Security? Implement once, in a consistent manner, for multiple applications Centrally-controlled access policy Enable multi-level, layered approach to security

RSA Jan. 20, Internet Packet Format IP Header Upper Protocol Headers and Packet Data

RSA Jan. 20, Types of Security Provided by IPsec Data Origin Authentication Connectionless Integrity Replay Protection Confidentiality (Encryption) Traffic Flow Confidentiality

RSA Jan. 20, Authentication Header (AH) Data origin authentication Connectionless integrity Replay protection (optional) Transport or tunnel mode Mandatory algorithms: –HMAC-MD5 –HMAC-SHA1 –Other algorithms optional

RSA Jan. 20, Internet Packet Format with AH IP Header AH Header Upper Protocol Headers and Packet Data Tunnel Mode New IP Header Old IP Header AH Header Upper Protocol Headers and Packet Data Transport Mode

RSA Jan. 20, Encapsulating Security Payload (ESP) Confidentiality Limited traffic flow confidentiality (tunnel mode only) Data origin authentication Connectionless integrity Replay protection (optional) Transport or tunnel mode

RSA Jan. 20, Encapsulating Security Payload (ESP) (continued) Mandatory algorithms: –DES-CBC –HMAC-MD5 –HMAC-SHA1 –Null Authentication algorithm –Null Encryption algorithm –Other algorithms optional

RSA Jan. 20, Internet Packet Format with ESP IP Header ESP Header Upper Protocol Headers and Packet Data Tunnel Mode New IP Header Old IP Header ESP Header Upper Protocol Headers and Packet Data Transport Mode

RSA Jan. 20, Transport vs. Tunnel Mode

RSA Jan. 20, Constructs Underlying IP Security Security Association (SA) Security Association Database (SAD) Security Parameter Index (SPI) Security Policy Database (SPD)

RSA Jan. 20, Internet Key Exchange (IKE) Negotiate: –Communication Parameters –Security Features Authenticate Communicating Peer Protect Identity Generate, Exchange, and Establish Keys in a Secure Manner Delete Security Associations

RSA Jan. 20, Internet Key Exchange (IKE) (continued) Threat Mitigation –Denial of Service –Replay –Man in Middle –Perfect Forward Secrecy Usable by IPsec and other domains

RSA Jan. 20, Internet Key Exchange (IKE) (continued) Components: –Internet Security Association and Key Management Protocol (ISAKMP) –Internet Key Exchange (IKE, aka ISAKMP/Oakley) –IP Security Domain of Interpretation (IPsec DOI)

RSA Jan. 20, IKE Negotiations - Phase 1 Purpose: Establish ISAKMP SA (“Secure Channel”) Steps (4-6 messages exchanged): –Negotiate Security Parameters –Diffie-Hellman Exchange –Authenticate Identities Main Mode vs. Aggressive Mode

RSA Jan. 20, IKE Negotiations - Phase 2 Purpose: Establish IPsec SA Steps (3-5 messages exchanged): –Negotiate Security Parameters –Optional Diffie-Hellman Exchange –Final Verification Quick Mode

RSA Jan. 20, NIST’s Contributions to IPsec Cerberus - Linux-based reference implementation of Ipsec PlutoPlus - Linux-based reference implementation of IKE IPsec-WIT - Web-based IPsec interoperability test facility

RSA Jan. 20, NIST’s Contributions to Ipsec (continued) Goals: –Enable smaller industry vendors to jump-start their entry into IPsec –Facilitate ongoing interoperability testing of multiple IPsec implementations

RSA Jan. 20, IPsec-WIT: Motivation Inter-operability of multiple implementations essential for IPsec to succeed Existing test modalities –Interoperability “Bake-offs” –Pre-planned Web-based interoperability testing Needed: spontaneous Web-based testing

RSA Jan. 20, User-Related Objectives Accessible from remote locations Available at any time Require no modification to the tester’s IPsec implementation Allow testers to resume testing at a later time Configurable Well-documented Easy to use

RSA Jan. 20, Implementation Objectives Simultaneous access by multiple users Rapid, modular implementation Easily modified and expanded as IPsec/IKE specifications evolve Built around NIST’s IPsec/IKE Reference Implementations, Cerberus and PlutoPlus

RSA Jan. 20, Implementation Objectives (continued) Require minimal changes to Cerberus and PlutoPlus Operator intervention not required

RSA Jan. 20, IPsec-WIT Architecture IUT WWW-based Tester Control (HTML/CGI) IPsec Encapsulated IP Packets Local IUT Configuration IPsec WIT Linux Kernel HTML Docs., Forms, and HTTP Server IP + NIST Cerberus PERL CGI Test Engine TestSuites Manual SAs and IP/IPsec Packet TracesNISTPlutoPlus Negotiated SAs and SA mgmt. messages Message logging and IKE Configuration Web Browser IKE Negotiation StateFiles

RSA Jan. 20, Implementation Perl cgi-bin tester HTML forms Executable test cases Output –PlutoPlus: tracing the IKE negotiation –Cerberus: dumping the ping packets – expect command: color-coded output

RSA Jan. 20, Implementation (continued) Individual tester files –Tester-specific parameters –Tester’s individual output –Storage and expiration

RSA Jan. 20, Current Capabilities Key establishment: manual or IKE negotiation IKE negotiation: Initiator or Responder Peer authentication: pre-shared secrets ISAKMP hash: MD5 or SHA ISAKMP encryption: DES or 3DES Diffie-Hellman exchange: 1st Oakley group

RSA Jan. 20, Current Capabilities (continued) Configurable port for IKE negotiation IPsec AH algorithms: HMAC-MD5 or HMAC-SHA1 IPsec ESP algorithms: –Encryption: DES, 3DES, IDEA, RC5, Blowfish, or ESP-Null –Authentication (optional): HMAC-MD5 or HMAC-SHA1 –Variable key length for RC5 and Blowfish

RSA Jan. 20, Current Capabilities (continued) IPsec encapsulation mode: transport or tunnel Perfect Forward Secrecy (PFS) Verbosity of IKE/IPsec output configurable IPsec SA tested using “ping” command Transport-mode SA: host-to-host

RSA Jan. 20, Current Capabilities (continued) Tunnel-mode SA:host-to-host or host-to- gateway –Host-to-gateway SA tests communications with tester’s host behind gateway Sample test cases for testers without a working IKE/IPsec implementation Current/cumulative test results can be viewed via browser or ed to tester

RSA Jan. 20, Limitations Re-keying Crash/disaster recovery Complex policy-related scenarios

RSA Jan. 20, Lessons Learned Voluntary interoperability testing is useful and used Interoperability tests can also serve as conformance tests Stateful protocols can be tested using a Web-based tester “Standard” features are more useful than “cutting edge”

RSA Jan. 20, Lessons Learned (continued) Some human intervention is required Productive and informative multi-protocol interaction is challenging Users do the “darnedest” - and most unexpected - things

RSA Jan. 20, Future Horizons - PlutoPlus Additional Diffie-Hellman groups More complex policy options –Multiple proposals –Adjacent SA’s –Nested SA’s Peer authentication: public key PKI interaction and certificate exchanges

RSA Jan. 20, Future Horizons - IPsec-WIT Test IPsec SA’s with UDP/TCP connections, rather than ICMP Better diagnostics from underlying protocols

RSA Jan. 20, Futuristic Horizons Negative testing Robustness testing

RSA Jan. 20, Current Status of IPsec Basic IPsec and IKE functionality defined in RFC’s Add-ons and additional functionality defined in Internet Drafts Numerous IPsec implementations in hardware and software Periodic interoperability/conformance testing at IPsec “Bake-offs”

RSA Jan. 20, Current Status of IPsec (continued) Deployed in Auto Industry Networks (ANX and ENX) Used for Virtual Private Networks (VPNs)

RSA Jan. 20, Future Directions of IPsec PKI profiles for IPsec Policy configuration and control (IPSP) Secure remote access (IPSRA) Transport-friendly ESP (TF-ESP)

RSA Jan. 20, An SAT-type Analogy: The Answer ?? To Be Announced ??

RSA Jan. 20, Contact/Usage Information IPsec-WIT: Cerberus documentation: PlutoPlus documentation: For further information, contact: –Sheila Frankel: –Rob Glenn:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.