Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Published byBonnie Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall."— Presentation transcript:

1 ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011 1

2 IPsec: AH and ESP IP security issues IPsec security services IPsec modes Security association AH ESP VPN

3 TCP/IP Example

4 IP Packet format

5 IP Security Issues When an entity receives an IP packet, it has no assurance of: ◦ Data origin authentication / data integrity:  The packet has actually been send by the entity which is referenced by the source address of the packet  The packet contains the original content the sender placed into it, so that it has not been modified during transport  The receiving entity is in fact the entity to which the sender wanted to send the packet ◦ Confidentiality:  The original data was not inspected by a third party while the packet was sent from the sender to the receiver

6 IP Security Issues (Cont’d) Many solutions are application-specific ◦ TLS for Web, S/MIME for email, SSH for remote login IPsec aims to provide a framework of open standards for secure communications over IP ◦ Protect every protocol running on top of IPv4 and IPv6

7 IPsec IETF standard for real-time communication security Implemented at IP layer, all traffic can be secured no matter what application. Transparent to applications, no changes on upper-layer software. Transparent to end users, no need to train users on security mechanisms, issuing keying material on a per-user basis, or revoking keying material when users leave.

8 IPsec = AH + ESP + IPcomp + IKE IPsec: Network Layer Security Protection for IP traffic AH provides integrity and origin authentication ESP also confidentiality Compression Sets up keys and algorithms for AH and ESP AH and ESP rely on an existing security association ◦ Idea: parties must share a set of secret keys and agree on each other’s IP addresses and crypto algorithms Internet Key Exchange (IKE) ◦ Goal: establish security association for AH and ESP ◦ If IKE is broken, AH and ESP provide no protection!

9 IPsec Security Services Authentication and integrity for packet sources ◦ Ensures connectionless integrity (for a single packet) and partial sequence integrity (prevent packet replay) Confidentiality (encapsulation) for packet contents ◦ Also partial protection against traffic analysis Authentication and encapsulation can be used separately or together Either provided in one of two modes These services are transparent to applications above transport (TCP/UDP) layer

10 IPsec Modes Transport mode ◦ Used to deliver services from host to host or from host to gateway ◦ Usually within the same network, but can also be end-to-end across networks Tunnel mode ◦ Used to deliver services from gateway to gateway or from host to gateway ◦ Usually gateways owned by the same organization  With an insecure network in the middle

11 IPsec in Transport Mode End-to-end security between two hosts ◦ Typically, client to gateway (e.g., PC to remote host) Requires IPsec support at each host

12 IPsec in Tunnel Mode Gateway-to-gateway security ◦ Internal traffic behind gateways not protected ◦ Typical application: virtual private network (VPN) Only requires IPsec support at gateways

13 Tunnel Mode Illustration IPsec protects communication on the insecure part of the network Implements IPSec Implements IPSec

14 Transport mode secures packet payload and leaves IP header unchanged Tunnel mode encapsulates both IP header and payload into IPsec packets Transport Mode vs. Tunnel Mode IP header (real dest) IPsec headerTCP/UDP header + data IP header (gateway) IPsec headerTCP/UDP header + data IP header (real dest)

15 Security Association (SA) One-way sender-recipient relationship SA determines how packets are processed ◦ Cryptographic algorithms, keys, IVs, lifetimes, sequence numbers, mode (transport or tunnel) ◦ SA is identified by SPI (Security Parameters Index)… ◦ Each IPsec keeps a database of SAs ◦ SPI is sent with packet, tells recipient which SA to use SA is defined by the triple

16 SA Components Each IPsec connection is viewed as one-way so two SAs required for a two-way conversation ◦ Hence need for Security Parameter Index Security association (SA) defines ◦ Protocol used (AH, ESP) ◦ Mode (transport, tunnel) ◦ Encryption or hashing algorithm to be used ◦ Negotiated keys and key lifetimes ◦ Lifetime of this SA ◦ … plus other info

17 Security Association Issues How is SA established? ◦ How do parties negotiate a common set of cryptographic algorithms and keys to use? More than one SA can apply to a packet! ◦ E.g., end-to-end authentication (AH) and additional encryption (ESP) on the public part of the network

18 AH: Authentication Header Sender authentication Integrity for packet contents and IP header Sender and receiver must share a secret key ◦ This key is used in HMAC computation ◦ The key is set up by IKE key establishment protocol and recorded in the Security Association (SA)  SA also records protocol being used (AH) and mode (transport or tunnel) plus hashing algorithm used  MD5 or SHA-1 supported as hashing algorithms

19 IP Headers Version Header Length TOS Packet length Packet Id Flags Fragment offset TTL Protocol number Checksum Source IP address Destination IP address Options PredictableImmutable Mutable AH sets mutable fields to zero and predictable fields to final value and then uses this header plus packet contents as input to HMAC

20 AH in Transport Mode Before AH is applied

21 AH in Tunnel Mode Before AH is applied

22 Provides integrity and origin authentication Authenticates portions of the IP header Anti-replay service (to counter denial of service) No confidentiality AH Format Next header (TCP) Payload lengthReserved Security parameters index (SPI) Sequence number ICV: Integrity Check Value (HMAC of IP header, AH, TCP payload) Identifies security association (shared keys and algorithms) Anti-replay Authenticates source, verifies integrity of payload

23 Prevention of Replay Attacks When SA is established, sender initializes 32-bit counter to 0, increments by 1 for each packet ◦ If wraps around 2 32 -1, new SA must be established Recipient maintains a sliding 64-bit window ◦ If a packet with high sequence number is received, do not advance window until packet is authenticated

24 Forms of AH-Based Authentication

25 ESP: Encapsulating Security Payload Adds new header and trailer fields to packet Transport mode ◦ Confidentiality of packet between two hosts ◦ Complete hole through firewalls ◦ Used sparingly Tunnel mode ◦ Confidentiality of packet between two gateways or a host and a gateway ◦ Implements VPN tunnels

26 New IP header Confidentiality and integrity for packet payload ◦ Symmetric cipher negotiated as part of security assoc Optionally provides authentication (similar to AH) Can work in transport… …or tunnel mode ESP Security Guarantees Original IP header ESP headerTCP/UDP segmentESP trailerESP auth encrypted authenticated Original IP header ESP headerTCP/UDP segmentESP trailerESP auth

27 ESP Packet Identifies security association (shared keys and algorithms) Anti-replay TCP segment (transport mode) or entire IP packet (tunnel mode) Pad to block size for cipher, also hide actual payload length Type of payload HMAC-based Integrity Check Value (similar to AH)

28 Virtual Private Networks (VPN) ESP is often used to implement a VPN ◦ Packets go from internal network to a gateway with TCP / IP headers for address in another network Entire packet hidden by encryption ◦ Including original headers so destination addresses are hidden ◦ Receiving gateway decrypts packet and forwards original IP packet to receiving address in the network that it protects This is known as a VPN tunnel ◦ Secure communication between parts of the same organization over public untrusted Internet

29 ESP Together With AH AH and ESP are often combined End-to-end AH in transport mode ◦ Authenticate packet sources Gateway-to-gateway ESP in tunnel mode ◦ Hide packet contents and addresses on the insecure part of the network Significant cryptographic overhead ◦ Even with AH

30 Reading Assignment [Kaufman] Chapter 17

Download ppt "ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: email – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.

IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IPSec Isaac Ghansah.

IPSec Isaac Ghansah.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
IP Security: Security Across the Protocol Stack

IP Security: Security Across the Protocol Stack

Similar presentations

Ads by Google