Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03."— Presentation transcript:

1 THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03

2 INTRODUCTION ESP can be used to provide 1.confidentiality 2.data origin authentication 3.connectionless integrity there are three possible ESP security service combinations involving these services: - confidentiality-only - integrity-only - confidentiality and integrity 4.anti-replay service 5.traffic flow confidentiality.

3 ESP PACKET FORMAT A diagram of a secure IP datagram. | | | +-------------+-----------------------+---------------+---------------------+ | IP Header | Other IP Headers | ESP Header | encrypted data | +-------------+-----------------------+---------------+---------------------+

4 ESP PACKET FORMAT The figure illustrates the top-level format of an ESP packet 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---------------- | Security Parameters Index (SPI) | ^ Integrity +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Coverage | Sequence Number | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | --------------- | Payload Data* (variable) | | ^ ~ ~ | | | | | Confidentiality + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Coverage | | Padding (0-255 bytes) | | | +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | Pad Length | Next Header | v v +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------------------ | Integrity Check Value-ICV (variable) | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

5 ESP PACKET FORMAT 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------------ | IV (optional] | ^ p +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | a | Rest of Payload Data (variable) | | y ~ ~ | l | | | o + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | a | | TFC Padding (optional, variable) | v d +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -------------- | | Padding (0-255 bytes) | +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Pad Length | Next Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Integrity Check Value-ICV (variable) | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Substructure of Payload Data

6 ESP ALGORITHMIC MODES Encryption Algorithms Integrity Algorithms Combined Mode Algorithms

7 ESP ALGORITHMIC MODES Separate Encryption and Integrity Algorithms What What What # of Requ'd Encrypt Integ is bytes [1] Covers Covers Exempted ------ ------ ------ ------ ------ SPI 4 M Y plain Seq# (low order bits) 4 M Y plain p ------ a IV variable O Y plain | y IP datagram [2] variable M or D Y Y cipher[3] |-- l TFC padding [4] variable O Y Y cipher[3] | o ------ a Padding 0-255 M Y Y cipher[3] d Pad Length 1 M Y Y cipher[3] Next Header 1 M Y Y cipher[3] Seq# (high order bits) 4 Y not xmtd ICV Padding variable if need Y not xmtd ICV variable M [5] plain [1] M = mandatory; O = optional; D = dummy [2] If tunnel mode -> IP datagram If transport mode -> next header and data [3] ciphertext if encryption has been selected [4] Can be used only if payload specifies its "real" length [5] mandatory if a separate integrity algorithm is used

8 ESP ALGORITHMIC MODES Combined Mode Algorithms What What What # of Requ'd Encrypt Integ is bytes [1] Covers Covers Exempted ------ ------ ------ ------ ------ SPI 4 M plain Seq# (low order bits) 4 M plain p ------ a IV variable O Y plain | y IP datagram [2] variable M or D Y Y cipher |-- l TFC padding [3] variable O Y Y cipher | o ------ a Padding 0-255 M Y Y cipher d Pad Length 1 M Y Y cipher Next Header 1 M Y Y cipher Seq# (high order bits) 4 Y [4] ICV Padding variable if need Y [4] ICV omitted when this mode is employed [1] M = mandatory; O = optional; D = dummy [2] If tunnel mode -> IP datagram If transport mode -> next header and data [3] Can be used only if payload specifies its "real" length [4] The algorithm choices determines whether these are transmitted, but in either case, the result is invisible to ESP

9 ESP PROCESSING MODES Transport Mode Processing Tunnel Mode Processing

10 Transport Mode Processing BEFORE APPLYING ESP (IPv4) --------------------------------------------------------- | orig IP hdr (any options) | TCP | Data | --------------------------------------------------------- AFTER APPLYING ESP --------------------------------------------------------------------------------------------------- | orig IP hdr (any options) | ESP Hdr | TCP | Data | ESP Trailer | ESP ICV | --------------------------------------------------------------------------------------------------- | | | | BEFORE APPLYING ESP (IPv6) ------------------------------------------------------------- | orig IP hdr | ext hdrs if present | TCP | Data | ------------------------------------------------------------- AFTER APPLYING ESP ------------------------------------------------------------------------------------------- | orig | hop-by-hop,dest, | | dest | | | ESP | ESP | | IP hdr | routing,fragment | ESP | opt | TCP | Data | Trailer | ICV | ------------------------------------------------------------------------------------------- | | | |

11 Tunnel Mode Processing BEFORE APPLYING ESP (IPv4) --------------------------------------------------------- | orig IP hdr (any options) | TCP | Data | --------------------------------------------------------- AFTER APPLYING ESP --------------------------------------------------------------------------------------- | new IP hdr | | orig IP hdr | | | ESP | ESP | | (any options) | ESP | (any options) | TCP | Data | Trailer | ICV | --------------------------------------------------------------------------------------- | | | | BEFORE APPLYING ESP (IPv6) ------------------------------------------------------------- | orig IP hdr | ext hdrs if present | TCP | Data | ------------------------------------------------------------- AFTER APPLYING ESP ------------------------------------------------------------------------------------------------ | new | new ext | | orig | orig ext | | | ESP | ESP | | IP hdr | hdrs | ESP | IP hdr | hdrs | TCP | Data | Trailer | ICV | ------------------------------------------------------------------------------------------------- | | | |

12 Outbound Packet Processing Security Association Lookup Packet Encryption and Integrity Check Value (ICV) Calculation 1.Separate Confidentiality and Integrity Algorithms the Sender proceeds as: 1. Encapsulate (into the ESP Payload field): - for transport mode -- just the original next layer protocol information. - for tunnel mode -- the entire original IP datagram. 2. Add any necessary padding 3. Encrypt the result 4. Compute the ICV over the ESP packet minus the ICV field 2. Combined Confidentiality and Integrity Algorithms 1. Encapsulate into the ESP Payload Data field: - for transport mode -- just the original next layer protocol information. - for tunnel mode -- the entire original IP datagram. 2. Add any necessary padding 3. Encrypt and integrity protect the result Sequence Number Generation Fragmentation

13 Inbound Packet Processing Reassembly Security Association Lookup Sequence Number Verification ESP permits two-stage verification of packet sequence numbers The preliminary Sequence Number check the integrity of the Sequence Number Integrity Check Value Verification Separate Confidentiality and Integrity Algorithms 1. If integrity has been selected, the receiver computes the ICV 2. The receiver decrypts the ESP Payload Data, Padding, Pad Length, and Next Header 3. The receiver processes any Padding 4. The receiver checks the Next Header field. 5. The receiver reconstructs the original IP datagram from: - for transport mode -- outer IP header plus the original next layer protocol information in the ESP Payload field - for tunnel mode -- the entire IP datagram in the ESP Payload field.

14 Inbound Packet Processing Combined Confidentiality and Integrity Algorithms 1. Decrypts and integrity checks the ESP Payload Data, Padding, Pad Length, and Next Header 2. If the integrity check performed by the combined mode algorithm fails, the receiver must discard the received IP datagram as invalid 3. Process any Padding 4. The receiver checks the Next Header field 5. Extract the original IP datagram (tunnel mode) or transport-layer frame (transport mode) from the ESP Payload Data field.

15 AUDITING No valid Security Association exists for a session A packet offered to ESP for processing appears to be an IP fragment Attempt to transmit a packet that would result in Sequence Number overflow The received packet fails the anti-replay checks The integrity check fails

16 CONFORMANCE REQUIREMENTS and SECURITY CONSIDERATIONS

17 ESP IMPLEMENTATION USING AN ANTI-REPLAY WINDOW v ar. Name Size (bits) Meaning ------------- ----------- --------------------------- W 32 Size of window T 64 Highest sequence number authenticated so far, upper bound of window Tl 32 Lower 32 bits of T Th 32 Upper 32 bits of T B 64 Lower bound of window Bl 32 Lower 32 bits of B Bh 32 Upper 32 bits of B Seq 64 Sequence number of received packet Seql 32 Lower 32 bits of Seq Seqh 32 Upper 32 bits of Seq

18 If (Tl >= W - 1) If (Seql >= Tl - W + 1) Seqh = Th If (Seql <= Tl) If (pass replay check) If (pass integrity check) Set bit corresponding to Seql Pass the packet on Else reject packet Endif Else reject packet Endif Else If (pass integrity check) Tl = Seql (shift bits) Set bit corresponding to Seql Pass the packet on Else reject packet Endif Else Seqh = Th + 1 If (pass integrity check) Tl = Seql (shift bits) Th = Th + 1 Set bit corresponding to Seql Pass the packet on Else reject packet Endif Else If (Seql >= Tl - W + 1) Seqh = Th - 1 If (pass replay check) If (pass integrity check) Set the bit corresponding to Seql Pass packet on Else reject packet Endif Else reject packet Endif Else If (Seql <= Tl) If (pass replay check) If (pass integrity check) Set the bit corresponding to Seql Pass packet on Else reject packet Endif Else reject packet Endif Else If (pass integrity check) Tl = Seql (shift bits) Set the bit corresponding to Seql Pass packet on Else reject packet Endif

19 REFERENCES * Stephen Kent of BBN Technologies. "IP Encapsulating Security Payload (ESP)". An internet draft submitted to the IPsec Working Group, July 2002 Draft-ietf-ipsec-esp-v3-05.txt expires Oct 2003 "http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-v3-03.txt" * R. Atkinson of Naval Research Laboratory. "IP Encapsulating Security Payload (ESP)" A paper submitted to the Network Working Group, August 1995 "http://www.faqs.org/rfcs/rfc1827.html" * Stephen Kent of BBN Corp and R. Atkinson of @Home Network. "Security Architecture for the Internet Protocol" A paper submitted to the Network Working Group, November 1998 "http://www.ietf.org/rfc/rfc2401.txt"

20 QUESTIONS and COMMENTS!!

Download ppt "THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
IPSec.

IPSec.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Network Layer Security: IPSec

Network Layer Security: IPSec
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 IPsec Youngjip Kim 2004. 05. 24. 2 Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Similar presentations

Ads by Google