01/29/2001Policy'2001, Bristol, UK, January 29-31, 20011 IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution Zhi Fu S. Felix Wu He.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Internet Security CSCE 813 IPsec

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

SECURITY-AWARE AD-HOC ROUTING FOR WIRELESS NETWORKS Seung Yi, Prasad Naldurg, Robin Kravets Department of Computer Science University of Illinois at Urbana-Champaign.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

IP Security: Security Across the Protocol Stack

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Virtual Private Networking Irfan Khan Myo Thein Nick Merante.

CSCE 715: Network Systems Security

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.

Karlstad University IP security Ge Zhang

Network Security David Lazăr.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Internet Security and Firewall Design Chapter 32.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Network Layer Security Network Systems Security Mort Anvari.

K. Salah1 Security Protocols in the Internet IPSec.

Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu DARPA FTN PI Meeting August 2, 2001 NC State /

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

CSE 4905 IPsec.

IT443 – Network Security Administration Instructor: Bo Sheng

IPSec IPSec is communication security provided at the network layer.

Cryptography and Network Security

Virtual Private Networks (VPNs)

Introduction to Network Security

Virtual Private Networks (VPNs)

Cryptography and Network Security

Presentation transcript:

01/29/2001Policy'2001, Bristol, UK, January 29-31, IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution Zhi Fu S. Felix Wu He Huang James Loh Motorola UC Davis NortelNetworks Fengmin Gong Ilia Baldine Chong Xu IntruVert MCNC Cosine * Many of us were with NCSU while the work was done.

01/29/2001Policy'2001, Bristol, UK, January 29-31, l Motivation/Conflict Examples l Security Requirements l Conflict Detection and Analysis l Example l Remarks Content Content IPSec: Policy and Requirement

01/29/2001Policy'2001, Bristol, UK, January 29-31, l Policy: –if then l IPSec policy: –Condition: src,dst,src-port,dst-port, protocol, … –Action: Deny | Allow | ipsec (entry, exit, mode, sec-prot, alg) l Example: –Condition: src=A, dst=B, port=*, prot=TCP –Action: ipsec ( Rb, Rd, tun, ESP, 3DES ) BARcRbRd Rb,Rd, ESPA, B IPSec Policy: IPSec Policy: Implementation Policy

01/29/2001Policy'2001, Bristol, UK, January 29-31, Conflict #1: Conflict #1: Privacy and Content Examination ASG-1SG-2B XY

01/29/2001Policy'2001, Bristol, UK, January 29-31, Firewall-- drop any incoming IPSec/ESP encrypted packet if then IPSec Gateway--all packets from A to B should be encrypted with 3DES if <src = , dst = , prot=*> then <ipsec( , , transport, esp, 3des) > All Packets Dropped !!

01/29/2001Policy'2001, Bristol, UK, January 29-31, ASG-1SG-2B Conflict #2: Conflict #2: Selector Confusion XY

01/29/2001Policy'2001, Bristol, UK, January 29-31, Security Policies: A: All packets from A to B must authenticate to SG-2 SG-1: All packets from A to B will be allowed, but otherwise denied. The src and dst changed to be A and SG-2 thus the policy at SG-1 will drop the traffic from A to B. One way or the other, we loss…...

01/29/2001Policy'2001, Bristol, UK, January 29-31, A SG-1 A A

01/29/2001Policy'2001, Bristol, UK, January 29-31, SG-1.1, SG-2A, B B SG-2 SG-1SG-2.1 SG-1,SG-2.1 Conflict #3: Conflict #3: Tunnel Overlapping SG-1.1, SG-2A, B SG-1.1 SG-1.1, SG-2A, B A

01/29/2001Policy'2001, Bristol, UK, January 29-31, l A set of (implementation) policies does not quite work well together such that the packets (information bits) are either dropped or revealed/sent unsafely. l Requirement(s): Intention(s) behind the implementation-level policies: l e.g., I want to maintain the privacy of certain flows: –IPSec ESP Tunnels. l Conflicts: l a set of policies together does not support the requirements l requirements conflict among themselves. Policy Conflict Policy Conflict IPSec/VPN Policy

01/29/2001Policy'2001, Bristol, UK, January 29-31, Policy versus Requirement l Policy: (implementation, low-level) l How should a network entity or a policy domain handle a particular flow of packets? l Currently, the processing is based on the selector (i.e., the packet header information). l Requirement: (intention, high-level) l End-to-end, flow-based policy + access control + content examination + pairing. l If I want to send a sequence of information bits from A to B, how should they be handled, regardless of any packet header transformation (e.g., tunnel/NAT)

01/29/2001Policy'2001, Bristol, UK, January 29-31, IPSec Security Requirements (1) l Access Control Requirement (ACR) –Restrict access only to trusted traffic l E.g. Deny all telnet traffic l Security Coverage Requirement (SCR) –Apply security functions to prevent traffic from being compromised during transmission across certain area. +who can be trusted? H2H1RbRd Encryption or Authentication trusted

01/29/2001Policy'2001, Bristol, UK, January 29-31, IPSec Security Requirement (2) l Content Access Requirement (CAR) –Specify the needs to access content of certain traffic I will examine the content for intrusion detection l Security Association Requirement (SAR) –Specify trust/distrust relationship in SA setup X Can not set up SA CMR: modify CER : examine

01/29/2001Policy'2001, Bristol, UK, January 29-31, Security Requirement Satisfaction (1) H2H1RcRbRd H2H1RcRbRd l Access Control Requirement - deny or allow l Security Coverage Requirement –All the links and nodes in the area will need to be covered by specified security No! Yes! Encryption

01/29/2001Policy'2001, Bristol, UK, January 29-31, Security Requirement Satisfaction (2) H2H1RcRbRd l Content Access Requirement –Certain node needs to access the content, Rb? Rc? Rb: No! Rc: Yes! l Security Association Requirement –Some nodes are not allowed to set up SA

01/29/2001Policy'2001, Bristol, UK, January 29-31, IPSec Requirement Spec. l Formal specification: l ACR-SCR-CAR-SAR l Conflict Detection in Requirements: l Requirement Satisfiability Problem (RSP): given a set of requirements, an algorithm to check whether at all possible to find a set of policies to satisfy all the requirements. l Completeness Proof l Policy Determination: l Transformation: if possible, an algorithm to find the “optimal” set of policies. l Correctness and Efficiency

01/29/2001Policy'2001, Bristol, UK, January 29-31, IPSec Policy Analysis l Policy Conflict Analysis: l whether a set of policies satisfy all the specified requirements. l Policy Conflict Resolution: l if conflicts detected, how can we resolve them, if possible? l E.g., Tunnel breaking on trusted nodes.

01/29/2001Policy'2001, Bristol, UK, January 29-31, Example (per flow): SCR#1: ENC 2-4 trusted 3 SCR#2: AUTH 1-4 trusted 3 SCR#3: ENC 3-5 trusted 4 CAR#1: (ENC, AUTH) by 4 SAR#1: not-ENC 2-5 SAR#2: not-ENC 1-5 SAR#3: not-AUTH 1-4 Coverage: Content: SA relation:

01/29/2001Policy'2001, Bristol, UK, January 29-31, Solution: ENC AUTH SCR#1: ENC 2-4 trusted 3 SCR#2: AUTH 1-4 trusted 3 SCR#3: ENC 3-5 trusted 4 CAR#1: (ENC, AUTH) by 4 SAR#1: not-ENC 2-5 SAR#2: not-ENC 1-5 SAR#3: not-AUTH 1-4 Coverage: Content: SA relation:

01/29/2001Policy'2001, Bristol, UK, January 29-31, Remarks l IPSec Security Requirement Specification. l Developed algorithms to detect and analyze conflicts among policies and requirements in polynomial time l some of the results are in our new paper. l Future Works: l Implementation and Empirical Evaluation l Transformation from Policies to Requirements l General Topology (integrated with Routing) l Inter-domain & Distributed Policy Analysis l Other Policies (QoS and Routing)