Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 4905 IPsec.

Published byRoxanne Warren Modified over 6 years ago

Similar presentations

Presentation on theme: "CSE 4905 IPsec."— Presentation transcript:

1 CSE IPsec

2 IPsec security protocol for network layer Between two network entities
Host-host, host-gateway, gateway-gateway Specified in more than dozen RFCs, developed in 1990’s security goals verify sources of IP packets - authentication prevent replaying of old packets protect integrity and/or confidentiality of packets data integrity/data encryption “blanket coverage” used case: VPN

3 Virtual Private Networks (VPNs)
motivation: institutions often want private networks for security costly: separate routers, links, DNS infrastructure. VPN: institution’s inter-office traffic is sent over public Internet instead encrypted before entering public Internet logically separate from other traffic

4 Virtual Private Networks (VPNs)
laptop w/ IPsec public Internet IP header IPsec Secure payload salesperson in hotel header IP IPsec Secure payload header IP IPsec payload Secure router w/ IPv4 and IPsec router w/ IPv4 and IPsec IP header payload header IP payload branch office headquarters

5 IPsec A collection of protocols (RFC 2401) Authentication Header (AH)
Encapsulating Security Payload (ESP) RFC 2406 Internet Key Exchange (IKE) RFC 2409 IP Payload Compression (IPcomp) RFC 3137

6 IPsec main components ESP AH IKE IPsec Security Policy
Encapsulating Security Payload Authentication Header The Internet Key Exchange

7 Two IPsec protocols Authentication Header (AH) protocol
provides source authentication & data integrity but not confidentiality Encapsulation Security Payload (ESP) provides source authentication, data integrity, and confidentiality more widely used than AH

8 Authentication Header (AH)
Provides source authentication Protects against source spoofing Provides data integrity Use cryptographic hash (96-bit) HMAC-SHA-96, HMAC-MD5-96 Protects against replay attacks Use 32-bit monotonically increasing sequence numbers NO protection for confidentiality!

9 Encapsulating Security Payload (ESP)
Provides all that AH offers, and in addition provides data confidentiality Uses symmetric key encryption 3-DES, … ESP is much more widely used than AH

10 IPsec transport mode IPsec datagram emitted and received by end-system
protects upper level protocols (not IP header) IP header IPsec header TCP header data

11 IPsec – tunneling mode edge routers IPsec-aware hosts IPsec-aware
protects entire IP packet new IP header IPsec header IP header TCP header data

12 Four combinations are possible!
Host mode with AH Host mode with ESP Tunnel mode with AH Tunnel mode with ESP most common and most important

13 Security associations (SAs)
before sending data, SA (logical network-layer connection) established from sending to receiving entity SAs are simplex: for only one direction sending and receiving entitles maintain state information about SA recall: TCP endpoints also maintain state info IP is connectionless; IPsec is connection-oriented!

14 Example SA from R1 to R2 R1 stores for SA:
/24 /24 security association Internet headquarters branch office R1 R2 R1 stores for SA: 32-bit SA identifier: Security Parameter Index (SPI) origin SA interface ( ) destination SA interface ( ) type of encryption used (e.g., 3DES with CBC) encryption key type of integrity check used (e.g., HMAC with MD5) authentication key

15 Security Association Database (SAD)
endpoint holds SA state in security association database (SAD), where it can locate them during processing. between headquarter and n salespersons, 2n SAs in R1’s SAD when sending IPsec datagram, R1 accesses SAD to determine how to process datagram. when IPsec datagram arrives to R2, R2 examines SPI in IPsec datagram, indexes SAD with SPI, and processes datagram accordingly

16 IPsec datagram focus for now on tunnel mode with ESP
new IP header ESP hdr original IP hdr Original IP datagram payload trl auth encrypted “enchilada” authenticated padding pad length next header SPI Seq #

17 What happens? Internet headquarters branch office R1 R2
/24 /24 security association Internet headquarters branch office R1 R2 new IP header ESP hdr original IP hdr Original IP datagram payload trl auth encrypted “enchilada” authenticated padding pad length next header SPI Seq #

18 R1: convert original datagram to IPsec datagram
appends to back of original datagram (which includes original header fields!) an “ESP trailer” field. encrypts result using algorithm & key specified by SA. appends to front of this encrypted quantity the “ESP header, creating “enchilada”. creates authentication MAC over the whole enchilada, using algorithm and key specified in SA; appends MAC to back of enchilada, forming payload; creates brand new IP header, with all the classic IPv4 header fields, which it appends before payload.

19 Discussion Why “new IP header” part is not authenticated?
There are variable parts (e.g., TTL) Important source authentication is by source IP address, which is protected An IPsec datagram can exceed the maximum transmission unit, and hence may be fragmented. Will fragmentaton cause any security threats? Functionality-wise, fragmentation can be handled by IP layer (through a flag and fragmentation offset) just as for any IP packet Security-wise, no problem, since the receiver will only reassemble the IP datagram, and then decrypt, authenticate… Cryptographic techniques used in Ipsec HMAC-SHA-96 (reasonble) HMAC-MD5-96 (should not be used) 3DES CBC: still reasonable in practice

20 Inside the enchilada: ESP trailer: Padding for block ciphers
new IP header ESP hdr original IP hdr Original IP datagram payload trl auth encrypted “enchilada” authenticated padding pad length next header SPI Seq # ESP trailer: Padding for block ciphers ESP header: SPI, so receiving entity knows what to do Sequence number, to thwart replay attacks MAC in ESP auth field is created with shared secret key

21 IPsec sequence numbers
for new SA, sender initializes seq. # to 0 each time datagram is sent on SA: sender increments seq # counter places value in seq # field goal: prevent attacker from sniffing and replaying a packet method: destination checks for duplicates doesn’t keep track of all received packets; instead uses a window

22 Security Policy Database (SPD)
policy: For a given datagram, sending entity needs to know if it should use IPsec needs also to know which SA to use may use: source and destination IP address; protocol number info in SPD indicates “what” to do with arriving datagram info in SAD indicates “how” to do it

23 Exercise: IPsec services
suppose Trudy sits somewhere between R1 and R2. she doesn’t know the keys. will Trudy be able to see original contents of datagram? How about source, dest IP address, transport protocol, application port? flip bits without detection? masquerade as R1 using R1’s IP address? replay a datagram?

24 Exercise: IPsec services
suppose Trudy sits somewhere between R1 and R2. she doesn’t know the keys. Trudy is not able to see original contents of datagram, or original source, dest IP address, transport protocol, application port flip any bits in enchilada will be detected (through MAC) Trudy can spoof R1’s IP address; but packets will not be authenticated because Trudy does not have MAC key replaying a datagram will be detected from the sequence #

Download ppt "CSE 4905 IPsec."

Similar presentations

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
IPsec Internet Headquarters Branch Office SA R1 R2

IPsec Internet Headquarters Branch Office SA R1 R2
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IPSec Isaac Ghansah.

IPSec Isaac Ghansah.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
Lecture 7: Network Level Security – IPSec CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Keith Ross, and.

Lecture 7: Network Level Security – IPSec CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Keith Ross, and.
Secure connections.

Secure connections.
IP Security: Security Across the Protocol Stack

IP Security: Security Across the Protocol Stack
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Security at different layers

Security at different layers
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
Karlstad University IP security Ge Zhang

Karlstad University IP security Ge Zhang
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

Similar presentations

Ads by Google