IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over internet, office VPN’s, across organizations e-commerce

IP Security Scenario

Benefits of IPSec  in a firewall/router provides strong security to all traffic crossing the perimeter  is resistant to bypass  is below transport layer, hence transparent to applications  can be transparent to end users  can provide security for individual users if desired

IP Security Architecture It involves various aspects such as….  IPSec Document  IPSec Services  Security Association(SA)

IPSec Documents-7groups  Architecture  ESP  AH  Encryption Algorithm  Authentication Algorithm  Key Management  Doman of Interpretation(DoI)

IPSec Services  Access control  Connectionless integrity  Data origin authentication  Rejection of replayed packets  a form of partial sequence integrity  Confidentiality (encryption)  Limited traffic flow confidentiality

Security Associations  a one-way relationship between sender & receiver that affords security for traffic flow  defined by 3 parameters:  Security Parameters Index (SPI)  IP Destination Address  Security Protocol Identifier  has a number of other parameters  seq no, AH & EH info, lifetime etc

SA selectors  Security policy database(SPD) contains entries each of which defines a subset of IP traffic and points to an SA  Each SPD entry is defined by a set of IP and upper protocol field values called selectors  The following selectors determine an SPD entry: Destination IP address, Source IP address, UserID, Datasensitivity level, Transport Layer protocol etc

Transport and tunnel modes  AH and ESP support two modes tunnel and transport mode  Transport mode provides security for mainly upper layer protocols. Example :TCP,UDP,ICMP packet  Tunnel mode provides protection for the entire packet. The entire packet travels through a tunnel from one IP to another, no routers are able to examine the inner IP.

Authentication Header (AH)  provides support for data integrity & authentication of IP packets  end system/router can authenticate user/app  prevents address spoofing attacks by tracking sequence numbers  based on use of a MAC  HMAC-MD5-96 or HMAC-SHA-1-96  parties must share a secret key

Authentication Header

IPSec Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len RsrvSecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert © 2000 Microsoft Corporation

IPSec AH Tunnel ModeData TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr AH HdrData TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation

Encapsulating Security Payload (ESP)  provides message content confidentiality & limited traffic flow confidentiality  can optionally provide the same authentication services as AH  supports range of ciphers, modes, padding  incl. DES, Triple-DES, RC5, IDEA, CAST etc  CBC most common  pad to meet blocksize, for traffic flow

Encapsulating Security Payload

Transport vs Tunnel Mode ESP  transport mode is used to encrypt & optionally authenticate IP data  data protected but header left in clear  can do traffic analysis but is efficient  good for ESP host to host traffic  tunnel mode encrypts entire IP packet  add new header for next hop  good for VPNs, gateway to gateway security

IPSec Encapsulating Security Payload (ESP) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PaddingPadLengthNextHdr Seq# Keyed Hash bytes total InitVector ESP is IP protocol 50 Insert Append © 2000 Microsoft Corporation

IPSec ESP Tunnel ModeData TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IP HdrIPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation ESP Trailer

Combining Security Associations  SA’s can implement either AH or ESP  to implement both need to combine SA’s  form a security bundle  Security associations can be bundled in two ways : transport adjacency and iterated tunneling

Authentication + confidentiality  ESP with authentication option  Transport mode ESP  Tunnel mode ESP  There are 4 basic combinations of SA’s(next slide)

Combining Security Associations

Oakley  a key exchange protocol  based on Diffie-Hellman key exchange  adds features to address weaknesses  cookies, groups (global params), nonces, DH key exchange with authentication

ISAKMP  Internet Security Association and Key Management Protocol  provides framework for key management  defines procedures and packet formats to establish, negotiate, modify, & delete SAs  independent of key exchange protocol, encryption alg, & authentication method

ISAKMP

ISAKMP Payload Types  Hash-{Hash Data}  Proposal-{Proposal#,Protocol ID,SPI size,# of transform}  Transform-{Transform #, Transform ID,SA attribute}  Key Exchange-{Key Exchange Data}  Identification-{ID Type,ID Data}  Signature(SIG)-{Signature Data}  etc……….

ISAKMP Exchanges-5 default exchanges  Base Exchange min imizes no: of exchanges –no ID protection use nounce-replay attack  Identity Protection Exchange session keys-encrypted message containing authentication information. ie,DS and certificates validating public keys  Authentication only Exchange Mutual authentication without key exchange

 Aggressive Exchange min imizes no: of exchanges –no ID protection Informational Exchange-Error/status notification/deletion

Summary  have considered:  IPSec security framework  AH  ESP  key management & Oakley/ISAKMP