Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

IPSec Isaac Ghansah.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Internet Networking Spring 2004 Tutorial 2 IP Checksum, Fragmentation.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Cryptography and Network Security

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

IP Security: Security Across the Protocol Stack

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

1 Network Security Lecture 8 IP Sec Waleed Ejaz

CSCE 715: Network Systems Security

TCP/IP Protocols Contains Five Layers

Karlstad University IP security Ge Zhang

March 7, 2008Security Proposal 1 CCSDS Link Security Proposal Ed Greenberg Greg Kazz Howard Weiss March 7, 2008.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.

Internet Security and Firewall Design Chapter 32.

Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Lecture 6 W.Lilakiatsakun.  Internet Protocol  IPv4 /IPv6  IPsec  ICMP  Routing Protocol  RIP/OSPF  BGP  Attack on Layer3 Layer 3 Technology.

Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.

Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

1 IPSec: Security at the IP Layer Rocky K. C. Chang 15 March 2007.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Network Layer Security Network Systems Security Mort Anvari.

K. Salah1 Security Protocols in the Internet IPSec.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

IPSec Detailed Description and VPN

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

CSE 4905 IPsec.

IT443 – Network Security Administration Instructor: Bo Sheng

Internet Protocol Formats

Topic #1 & #5 “All that has to do with header formats”

Virtual Private Networks (VPNs)

What does this packet do?

Internet Protocol Formats

Presentation transcript:

Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research

Layer Violations for Fun and Profit Steven M. Bellovin AT&T Labs Research

Assumptions l It is reasonable for some authorized parties to look at some packet header fields. –It is relatively harmless if unauthorized parties see the same fields. l These authorized parties should not participate in the key management dialog, nor should they be given keying material. l Packet examination should be context-free. l Packet modification is not necessary (or desirable).

Is this Necessary? Safe? l Many reasons already given for packet header inspection. l (Unauthorized) eavesdropper primarily learns IP addresses and port numbers. –The former are very hard to conceal; the latter are probably discernable by traffic analysis. l Don’t share keys, so monitoring station subversion not a serious problem.

Principles for Proposed Scheme l Packets specify amount of leading portion that is in the clear. –Exposure amount optional and negotiated. –Don’t change integrity check boundary at all. l Add padding, for boundary alignment and cipher blocksize match. l Move protocol number to the start, in the clear.

Proposed TF-ESP Format clearlenProtoFlags (Reserved) SPI Anti-replay counter Cleartext payload Cleartext padding IV (if needed) Encrypted padding Encrypted payload padlenPadding Encrypted Integrity

Features l Flag bit -- “replayable”. l Possibly move integrity check boundary, to permit modifiable fields. –Are there any safe ones? l Header fields at fixed offsets from start (unless, of course, there are IP options). l Cleartext boundary is dangerous -- better not expose TCP checksum on short packets!

“Disclosure” Header Protolendiff Source PortDest Port Sequence Number Dest Address Acknowledegment Source Address Window

A Cleaner Solution? l Contains copies of interesting encrypted fields. –Must be truthful or zero. l Leaks almost as much information. –But easier to avoid mistakes. l Possibly larger than TF-ESP scheme. l Provides high-quality plaintext/ciphertext pairs. –Could we just use a stronger cipher?

Suggested Alternatives l SSL –Must change every application. –Vulnerable to active denial-of-service attack. –Doesn’t handle UDP. l SSL plus AH –Must still change every application. –Still doesn’t handle UDP.