Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 5/7349 – February 15th 2006 IPSec.

Published bySigurd Pettersen Modified over 5 years ago

Similar presentations

Presentation on theme: "CSE 5/7349 – February 15th 2006 IPSec."— Presentation transcript:

1 CSE 5/7349 – February 15th 2006 IPSec

2 Basics Stack Level V4 vs V6 Provides Authentication Confidentiality

3 Architecture & Concepts
Placement Mode Security association (SA) ESP AH

4 IPSec Placement

5 Transport Mode Security
IP header IP options IPSec header Higher layer protocol ESP Real IP destination AH ESP protects higher layer payload only AH can protect IP headers as well as higher layer payload

6 Tunnel Mode Security ESP applies only to the tunneled packet
Outer IP header IPSec header Inner IP header Higher layer protocol ESP Real IP destination Destination IPSec entity AH ESP applies only to the tunneled packet AH can be applied to portions of the outer header

7 Tunnel Mode A B Encrypted Tunnel Gateway Gateway Encrypted Unencrypted
New IP Header AH or ESP Header TCP Data Orig IP Header

8 Security Association - SA
One way relationship (uni-directional) Determine IPSec processing for senders Determine IPSec decoding for destination SAs are not fixed! Generated and customized per traffic flows (manual as well as dynamic) If manual, no lifetime; dynamic has lifetime

9 Security Parameters Index - SPI
Can be up to 32 bits large The SPI allows the destination to select the correct SA under which the received packet will be processed (according to the agreement with the sender) The SPI is sent with the packet by the sender SPI + Dest IP address + IPSec Protocol (AH or ESP) uniquely identifies a SA

10 SA Bundle More than 1 SA can apply to a packet
Example: ESP does not authenticate new IP header. How to authenticate? Use SA to apply ESP w/out authentication to original packet Use 2nd SA to apply AH

11 Authenticated Header (AH)

12 AH Security Connectionless integrity Authentication
Flow/error control left to transport layer Data integrity Authentication Can “trust” IP address source Use MAC to authenticate Anti-replay feature Integrity check value

13 AH Header Format Auth Data Reserved SPI Sequence Number
Next Header (TCP/UDP) Payload Length Reserved SPI Sequence Number Auth Data

14 Anti-Replay Message authentication code (MAC) calculated over
IP header field that do not change or are predictable IPSec protocol header minus where the ICV value goes Upper-level data Code may be truncated to first 96 bits

15 Integrity Check Value - ICV
Message authentication code (MAC) calculated over IP header field that do not change or are predictable IPSec protocol header minus where the ICV value goes Upper-level data Code may be truncated to first 96 bits

16 AH Modes Tunnel Transport Nested headers
Multiple SAs applied to same message Nested tunnels

17 Processing Outbound Messages
Insert Next Header and SPI field Compute the sequence no. field If transport mode … If tunnel mode … Compute authentication value

18 Outbound Processing (cont’d)
If transport mode If tunnel mode Compute authentication value

19 Outbound Processing (cont’d) Fragment the Message
IPSec processing may result in large message which will be fragmented Transport mode Tunnel mode

20 Input Processing Identify the inbound SA Replay protection check

21 Inbound Processing (cont’d)
Verify authentication data Strip off the AH header and continue IPSec processing for any remaining IPSec headers

22 Sequence number checking
Replay Protection Sequence number checking Anti-replay is used only if authentication is selected Sequence number should be the first check on a packet upon looking up an SA Duplicates are rejected! Check bitmap, verify if new reject verify Sliding Window size >= 32

23 Anti-replay Feature Sequence number counter - 32 bit for outgoing IPSec packets Anti-replay window

24 Internet Key Exchange (IKE)

25 Key Management AH and ESP require encryption and authentication keys
Process to negotiate and establish IPSec SA’s between two entities

26 Manual Key Management Mandatory
Useful when IPSec developers are debugging Keys exchanged offline (phone, , etc.) Set up SPI and negotiate parameters Not scalable D & H p. 71

27 Oakley Key Exchange Designed to Leverage advantages of DH
Counter DH weaknesses

28 Oakley - Major Features

29 Cookies Stallings, p186

30 Example: Main Mode Preshared
Initiator Responder SA, CKY-I Negotiate IKE SA parameters SA, CKY-R NonceI, YI Exchange items to generate secret NonceR, YR Generate SKEYID IDI, HashI D & H p. 116 Send hash digest so peer can authenticate sender IDR, HashR Example: Main Mode Preshared

31 Main Mode Preshared Hashes
To authenticate each other, each entity generates a hash digest that only the peer could know Hash-I=PRF(SKEYID,YI|YR|CKY-I|CKY-R|SA Offer|ID-I) Hash-R =PRF(SKEYID,YR|YI|CKY-R|CKY-I|SA Offer|ID-R)

32 Phase II What traffic does SA cover ?
Initiator specifies which entries (selectors) in SPD are for this IPSec SA, sends off to responder Keys and SA attributes communicated with the Phase I - IKE SA Passes encrypted & authenticated

33 Example: Quick Mode I R Initiator Responder HASH3 HASH1, IPSec SA,
NonceI, [New K] Negotiate IPSec SA Parameters, [PFS] HASH2, SA, NonceR, [New K] D & H p. 124 HASH3 ‘Liveness’ proof for Responder

Download ppt "CSE 5/7349 – February 15th 2006 IPSec."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 IPsec Youngjip Kim 2004. 05. 24. 2 Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security: Security Across the Protocol Stack

IP Security: Security Across the Protocol Stack
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.

SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.

Similar presentations

Ads by Google