1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002
2 Security problems with IP Forge the IP addresses. –Source authentication problem Modify IP datagram’s content. –Data integrity problem Replay old IP datagrams. –Sequence integrity problem –Used for replay attack, a type of denial-of-service attack Inspect IP datagram’s content. –Data confidentiality problem Source authentication refers to the changing of IP address by intermediate nodes, rather than forging IP addresses by the source.
3 Security services provided by IPSec IPSec provides security services between a pair of hosts or a pair of security gateways or between a host and a security gateway on the IP level. –A security gateway is an intermediate system that implements IPSec, e.g. router or firewall. –For both IPv4 and IPv6. Security services: –Data origin authentication: verify the identity of the claimed source of data. This service is usually bundled with connectionless integrity service. –Integrity: ensure that modifications of data are detectable. Connectionless integrity: detect modification of an individual IP datagram, without regard of the packet ordering.
4 Security services provided by IPSec Partial sequence integrity (or anti-replay integrity): detect arrival of duplicate IP datagrams within a constrained window. –Confidentiality (encryption): protects data from unauthorized disclosure. Data confidentiality: conceal application data. Limited traffic flow confidentiality: conceal source and destination addresses, message length, or frequency of communication. –Access control to a host’s data and/or computing cycles network or network resources behind a security gateway.
5 IPSec’s two main security protocols The IP Authentication Header (AH) in RFC 2402 provides –data origin authentication, –connectionless message integrity, and –an optional anti-replay protection. The Encapsulating Security Payload (ESP) protocol in RFC 2406 provides –all the services provided by AH, plus –data confidentiality, and limited traffic flow confidentiality. These two protocols can be used individually or together to provide different security services. Why two?
6 IPSec’s two main security protocols ESP AH IP header ESP header ESP trailer upper layer data encrypted authenticated IP header AH header upper layer data authenticated
7 Two modes: transport and tunnel Each protocol, AH or ESP, supports two modes of use: transport and tunnel. –In transport mode, the protocols provide protection primarily for upper layer protocols. –In tunnel mode, the protocols are applied for tunneled IP packets. Transport mode applies to host-to-host IPSec, while tunnel mode applies to host-to-gateway, gateway-to- host, and gateway-to-gateway.
8 Two modes: transport and tunnel The previous diagrams are for transport mode. For tunnel mode: –ESP –AH Outer IP header ESP header ESP trailer upper layer data encrypted authenticated Outer IP header AH header upper layer data authenticated Inner IP header
9 Security associations in IPSec Before two nodes can use IPSec to protect their traffic, a security association must be established between them. A security association (SA) is a simplex “connection” that affords security services to the traffic carried by it. –To secure bi-directional communications between two nodes, two SAs are required. –SAs are security protocol specific, i.e., each SA is associated with either AH or ESP, but not both. An SA is uniquely identified by a triple: –A security parameter index (SPI), –Destination’s IP address (unicast, multicast, broadcast), and –A security protocol identifier (AH or ESP).
10 Security associations in IPSec Transport mode and tunnel mode SAs: –A transport mode SA: An SA between two hosts –A tunnel mode SA: An SA applied to an IP tunnel When either end is a security gateway, the SA must be tunnel mode. Two hosts may also establish a tunnel mode SA between themselves. SA management: –Creation of SAs: manually or automatically through a key exchange protocol, such as IKE. –Management of SAs –Deletion of SAs Nested SAs
11 Security policies and selectors A Security Policy Database (SPD) specifies what services to be offered to IP datagrams and in what fashion. –The SPD contains an ordered list of policy entries. –Each entry is keyed by one or more selectors that define the set of IP traffic encompassed by this policy entry. –Each entry includes also an indication of whether traffic matching this policy will be bypassed, discarded, or subject to IPSec processing. –In the last case, the entry includes an SA (or SA bundle) specification, listing the IPSec protocols, modes, and algorithms to be employed.
12 Security policies and selectors Example one: Two security gateways in /16 and /16 may form an opaque tunnel between them, forming a VPN. –The security gateway in /16 may have this policy entry: Source address: /16 Destination address: /16 Protocol: any Ports: any Algorithms: tunnel ESP with 3DES with tunnel destination equal to the other security gateway’s external IP address.
13 Security policies and selectors Example two: Two hosts with IP addresses and require authentication services between them. –The host with address may have this policy entry: Source address: Destination address: Protocol: any Ports: any Algorithms: transport AH with HMAC MD5
14 Security policies and selectors Valid selectors: –Source and destination IP addresses –Names, such as DNS name, X.500 Distinguished Name. –Transport layer protocol –Source and destination port numbers The SPD must be consulted during the processing of inbound and outbound traffic, including nonIPSec traffic.
15 Outbound packet processing Match the outbound packet’s selector fields against the outbound policies in the SPD. –If no policy defined for the packet, it is discarded. –IPSec processing is not required by the policy (normal IP). –IPSec processing is required by the policy. In the last case, locate the first entry for the packet. If there is no SA or SA bundle specified in the entry, –Use Internet Key Exchange (IKE) to establish the SA. –The newly established SA is then stored in the node’s SA Database (SAD).
16 Outbound packet processing Each SA in the SAD is specified by: –IPSec protocol mode: tunnel or transport; AH or ESP. –Algorithms and parameters: AH authentication algorithms, keys, etc ESP encryption algorithm, keys, IV mode, IV, etc ESP authentication algorithm, keys, etc –Lifetime of this SA –Anti-replay attack related parameters: sequence number counter sequence counter overflow flag anti-replay window If there is an SA or SA bundle specified in the entry, –go to the corresponding SA entry in the SAD, and –perform the required IPSec processing specified there.
17 Inbound packet processing If the inbound packet does not contain any IPSec headers, the IPSec layer checks with its SPD to determine how to process the packet. If the inbound packet contains an IPSec header, –Use the packet’s destination IP address, IPSec protocol, and SPI to look up the SA in the SAD. Drop the packet if not found. –Perform appropriate IPSec processing according to the SA found for this packet. –Find an incoming policy in the SPD that matches the packet (using backpointers from the SAs to the SPD or by matching the packet's selectors). –Deliver the packet to the transport layer or forward the packet.
18 IPSec document roadmap
19 Acknowledgements These lecture notes are based on –S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol,” RFC2401, Nov –N. Doraswamy and D. Harkins, IPSec, Prentice Hall, 1999.