Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.

Published byArthur Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin."— Presentation transcript:

1 1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin

2 2 Outline why IPSec? why IPSec? IPSec Architecture IPSec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPSec Policy IPSec Policy discussion discussion

3 3 IP is not Secure! IP protocol was designed in the late 70s to early 80s IP protocol was designed in the late 70s to early 80s –Part of DARPA Internet Project –Very small network All hosts are known! All hosts are known! So are the users! So are the users! Therefore, security was not an issue Therefore, security was not an issue

4 4 Security Issues in IP source spoofing source spoofing replay packets replay packets no data integrity or confidentiality no data integrity or confidentiality DOS attacks Replay attacks Spying and more… Fundamental Issue: Networks are not (and will never be) fully secure

5 5 Goals of IPSec to verify sources of IP packets to verify sources of IP packets –authentication to prevent replaying of old packets to prevent replaying of old packets to protect integrity and/or confidentiality of packets to protect integrity and/or confidentiality of packets –data Integrity/Data Encryption

6 6 Outline Why IPsec? Why IPsec? IPSec Architecture IPSec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPsec Policy IPsec Policy Discussion Discussion

7 7 The IPSec Security Model Secure Insecure

8 8 IPSec Architecture ESPAH IKE IPSec Security Policy Encapsulating Security Payload Authentication Header The Internet Key Exchange

9 9 IPSec Architecture IPSec provides security in three situations: – – Host-to-host, host-to-gateway and gateway-to-gateway IPSec operates in two modes: – –Transport mode (for end-to-end) – –Tunnel mode (for VPN)

10 10 IPsec Architecture Tunnel Mode Router Transport Mode

11 11 Various Packets IP header TCP header data IPSec header IP header Original Transport mode Tunnel mode

12 12 IPSec A collection of protocols (RFC 2401) A collection of protocols (RFC 2401) –Authentication Header (AH) RFC 2402 RFC 2402 –Encapsulating Security Payload (ESP) RFC 2406 RFC 2406 –Internet Key Exchange (IKE) RFC 2409 RFC 2409 –IP Payload Compression (IPcomp) RFC 3137 RFC 3137

13 13 Authentication Header (AH) Provides source authentication Provides source authentication –Protects against source spoofing Provides data integrity Provides data integrity Protects against replay attacks Protects against replay attacks –Use monotonically increasing sequence numbers –Protects against denial of service attacks NO protection for confidentiality! NO protection for confidentiality!

14 14 AH Details Use 32-bit monotonically increasing sequence number to avoid replay attacks Use 32-bit monotonically increasing sequence number to avoid replay attacks Use cryptographically strong hash algorithms to protect data integrity (96-bit) Use cryptographically strong hash algorithms to protect data integrity (96-bit) –Use symmetric key cryptography –HMAC-SHA-96, HMAC-MD5-96

15 15 AH Packet Details Authentication Data Sequence Number Security Parameters Index (SPI) Next header Payload length Reserved Old IP header (only in Tunnel mode) TCP header New IP header Authenticated Data Encapsulated TCP or IP packet Hash of everything else

16 16 Encapsulating Security Payload (ESP) Provides all that AH offers, and Provides all that AH offers, and in addition provides data confidentiality in addition provides data confidentiality –Uses symmetric key encryption

17 17 ESP Details Same as AH: Same as AH: –Use 32-bit sequence number to counter replaying attacks –Use integrity check algorithms Only in ESP: Only in ESP: –Data confidentiality: Uses symmetric key encryption algorithms to encrypt packets Uses symmetric key encryption algorithms to encrypt packets

18 18 ESP Packet Details Authentication Data Sequence Number Security Parameters Index (SPI) Next header Payload length Reserved TCP header Authenticated IP header Initialization vector Data PadPad lengthNext Encrypted TCP packet

19 19 Question? 1. Why have both AH and ESP? 2. Both AH and ESP use symmetric key based algorithms –Why not public-key cryptography? –How are the keys being exchanged? –What algorithms should we use? –Similar to deciding on the ciphersuite in SSL

20 20 Outline Why IPsec? Why IPsec? IPsec Architecture IPsec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPsec Policy IPsec Policy Discussion Discussion

21 21 Internet Key Exchange (IKE) Exchange and negotiate security policies Exchange and negotiate security policies Establish security sessions Establish security sessions –Identified as Security Associations Key exchange Key exchange Key management Key management Can be used outside IPsec as well Can be used outside IPsec as well

22 22 IPsec/IKE Acronyms Security Association (SA) Security Association (SA) –Collection of attribute associated with a connection –Is asymmetric! One SA for inbound traffic, another SA for outbound traffic One SA for inbound traffic, another SA for outbound traffic Similar to ciphersuites in SSL Similar to ciphersuites in SSL Security Association Database (SADB) Security Association Database (SADB) –A database of SAs

23 23 IPsec/IKE Acronyms Security Parameter Index (SPI) Security Parameter Index (SPI) –A unique index for each entry in the SADB –Identifies the SA associated with a packet Security Policy Database (SPD) Security Policy Database (SPD) –Store policies used to establish SAs

24 24 How They Fit Together SPD SADB SA-2 SPI SA-1

25 25 SPD and SADB Example FromToProtocolPortPolicy ABAnyAnyAH[HMAC-MD5] Tunnel Mode Transport Mode A C B A’s SPDFromToProtocolSPI SA Record ABAH12 HMAC-MD5 key A’s SADB DFromToProtocolPortPolicy Tunnel Dest AnyAnyESP[3DES]D C’s SPDFromToProtocolSPI SA Record ESP14 3DES key C’s SADB A sub B sub A sub B sub

26 26 How It Works IKE operates in two phases IKE operates in two phases –Phase 1: negotiate and establish an auxiliary end-to-end secure channel Used by subsequent phase 2 negotiations Used by subsequent phase 2 negotiations Only established once between two end points! Only established once between two end points! –Phase 2: negotiate and establish custom secure channels Occurs multiple times Occurs multiple times –Both phases use Diffie-Hellman key exchange to establish a shared key

27 27 IKE Phase 1 Goal: to establish a secure channel between two end points Goal: to establish a secure channel between two end points –This channel provides basic security features: Source authentication Source authentication Data integrity and data confidentiality Data integrity and data confidentiality Protection against replay attacks Protection against replay attacks

28 28 IKE Phase 1 Rationale: each application has different security requirements Rationale: each application has different security requirements But they all need to negotiate policies and exchange keys! But they all need to negotiate policies and exchange keys! So, provide the basic security features and allow application to establish custom sessions So, provide the basic security features and allow application to establish custom sessions

29 29 Examples All packets sent to address mybank.com must be encrypted using 3DES with HMAC-MD5 integrity check All packets sent to address mybank.com must be encrypted using 3DES with HMAC-MD5 integrity check All packets sent to address www.forum.com must use integrity check with HMAC-SHA1 (no encryption is required) All packets sent to address www.forum.com must use integrity check with HMAC-SHA1 (no encryption is required) www.forum.com

30 30 Phase 1 Exchange Can operate in two modes: Can operate in two modes: –Main mode Six messages in three round trips Six messages in three round trips More options More options –Quick mode Four messages in two round trips Four messages in two round trips Less options Less options

31 31 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ]

32 32 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, SA 2 ] Establish vocabulary for further communication

33 33 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, SA 2 ] [Header, KE, Ni, {Cert_Reg} ]

34 34 Phase 1 (Main Mode) InitiatorResponder Header, SA 1 [Header, SA 1 ] [Header, KE, Ni {, Cert_Req} ] [Header, KE, Nr {, Cert_Req}] Establish secret key using Diffie-Hellman key exchange Use nonces to prevent replay attacks

35 35 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, KE, Ni {,Cert_Req} ] [Header, KE, Nr {,Cert_Req}] [Header, IDi, {CERT} sig]

36 36 Phase 1 (Main Mode) InitiatorResponder [Header, SA 1 ] [Header, KE, Ni {, Cert_req}] [Header, KE, Nr {, Cert_req}] [Header, IDi, {CERT} sig] [Header, IDr, {CERT} sig] Signed hash of IDi (without Cert_req, just send the hash)

37 37 Phase 1 (Aggressive Mode) InitiatorResponder [Header, SA 1, KE, Ni, IDi]

38 38 Phase 1 (Aggressive Mode) InitiatorResponder [Header, SA 1, KE, Ni, IDi] [Header, SA 2, KE, Nr, IDr, [Cert]sig] [Header, [Cert]sig] First two messages combined into one (combine Hello and DH key exchange)

39 39 IPSec (Phase 1) Four different way to authenticate (either mode) Four different way to authenticate (either mode) –Digital signature –Two forms of authentication with public key encryption –Pre-shared key NOTE: IKE does use public-key based cryptography for encryption NOTE: IKE does use public-key based cryptography for encryption

40 40 IPSec (Phase 2) Goal: to establish custom secure channels between two end points Goal: to establish custom secure channels between two end points –End points are identified by : e.g. e.g. –Or by packet: e.g. All packets going to 128.124.100.0/24 e.g. All packets going to 128.124.100.0/24 –Use the secure channel established in Phase 1 for communication

41 41 IPSec (Phase 2) Only one mode: Quick Mode Only one mode: Quick Mode Multiple quick mode exchanges can be multiplexed Multiple quick mode exchanges can be multiplexed Generate SAs for two end points Generate SAs for two end points Can use secure channel established in phase 1 Can use secure channel established in phase 1

42 42 IP Payload Compression Used for compression Used for compression Can be specified as part of the IPSec policy Can be specified as part of the IPSec policy Will not cover! Will not cover!

43 43 Outline Why IPsec? Why IPsec? IPsec Architecture IPsec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPSec Policy IPSec Policy Discussion Discussion

44 44 IPsec Policy Phase 1 policies are defined in terms of protection suites Phase 1 policies are defined in terms of protection suites Each protection suite Each protection suite –Must contain the following: Encryption algorithm Encryption algorithm Hash algorithm Hash algorithm Authentication method Authentication method Diffie-Hellman Group Diffie-Hellman Group –May optionally contain the following: Lifetime Lifetime …

45 45 IPSec Policy Phase 2 policies are defined in terms of proposals Phase 2 policies are defined in terms of proposals Each proposal: Each proposal: –May contain one or more of the following AH sub-proposals AH sub-proposals ESP sub-proposals ESP sub-proposals IPComp sub-proposals IPComp sub-proposals Along with necessary attributes such as Along with necessary attributes such as –Key length, life time, etc

46 46 IPSec Policy Example In English: In English: –All traffic to 128.104.120.0/24 must be: Use pre-hashed key authentication Use pre-hashed key authentication DH group is MODP with 1024-bit modulus DH group is MODP with 1024-bit modulus Hash algorithm is HMAC-SHA (128 bit key) Hash algorithm is HMAC-SHA (128 bit key) Encryption using 3DES Encryption using 3DES In IPSec: In IPSec: –[Auth=Pre-Hash; DH=MODP(1024-bit); HASH=HMAC-SHA; ENC=3DES]

47 47 IPsec Policy Example In English: In English: –All traffic to 128.104.120.0/24 must use one of the following: AH with HMAC-SHA or, AH with HMAC-SHA or, ESP with 3DES as encryption algorithm and (HMAC-MD5 or HMAC-SHA as hashing algorithm) ESP with 3DES as encryption algorithm and (HMAC-MD5 or HMAC-SHA as hashing algorithm) In IPsec: In IPsec: –[AH: HMAC-SHA] or, –[ESP: (3DES and HMAC-MD5) or (3DES and HMAC-SHA)]

48 48 Virtual Private Networks (VPNs) Virtual Virtual –It is not a physically distinct network Private Private –Tunnels are encrypted to provide confidentiality CS dept might have a VPN CS dept might have a VPN –I can be on this VPN while traveling

49 49 Alice is Traveling Alice works for the mergers and acquisitions (M&A) department of takeover.com Alice works for the mergers and acquisitions (M&A) department of takeover.com She is at Hicktown taking over a meat-packing plant She is at Hicktown taking over a meat-packing plant She wants to access the M&A server at her company (confidentially of course) She wants to access the M&A server at her company (confidentially of course)

50 50 Alice is Traveling

51 51 Outline Why IPsec? Why IPsec? IPsec Architecture IPsec Architecture Internet Key Exchange (IKE) Internet Key Exchange (IKE) IPsec Policy IPsec Policy Discussion Discussion

52 52 Discussion IPSec is not the only solution! IPSec is not the only solution! –Security features can be added on top of IP! e.g. Kerberos, SSL e.g. Kerberos, SSL Confused? Confused? –IP, IPSec protocols are very complex! Two modes, three sub protocols Two modes, three sub protocols –Complexity is the biggest enemy of security

53 53 Discussion Has it been used? Has it been used? –Yes—primarily used by some VPN vendors But not all routers support it But not all routers support it –No—it is not really an end-to-end solution Authentication is too coarse (host based) Authentication is too coarse (host based) Default encryption algorithm too weak (DES) Default encryption algorithm too weak (DES) Too complex for applications to use Too complex for applications to use

54 54 Resources IP, IPsec and related RFCs: IP, IPsec and related RFCs: –http://www.ietf.org/html.charters/ipsec-charter.html http://www.ietf.org/html.charters/ipsec-charter.html –IPsec: RFC 2401, IKE: RFC 2409 –www.freeswan.org Google search Google search

Download ppt "1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec.

IPSec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec

Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Similar presentations

Ads by Google