Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing and Testing IPsec: NIST’s Contributions and Future Developments Sheila Frankel Systems and Network Security Group NIST

Published byAlan Terry Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementing and Testing IPsec: NIST’s Contributions and Future Developments Sheila Frankel Systems and Network Security Group NIST"— Presentation transcript:

1 Implementing and Testing IPsec: NIST’s Contributions and Future Developments Sheila Frankel Systems and Network Security Group NIST sheila.frankel@nist.gov

2 RSA 2000 - Jan. 20, 20002 IPsec : Security a) foundation : house b) hammer : nail c) electron : chemistry d) government : progress An SAT-type Analogy: The Question

3 RSA 2000 - Jan. 20, 20003 Topics Overview of IPsec NIST’s IPsec Reference Implementations NIST’s IPsec Web-Based Interoperability Tester (IPsec-WIT) Current Status of IPsec Future Directions of IPsec

4 RSA 2000 - Jan. 20, 20004 At Which Network Layer Should Security Be Provided? Application Layer Transport (Sockets) Layer Internet Layer

5 RSA 2000 - Jan. 20, 20005 Why Internet Layer Security? Implement once, in a consistent manner, for multiple applications Centrally-controlled access policy Enable multi-level, layered approach to security

6 RSA 2000 - Jan. 20, 20006 Internet Packet Format IP Header Upper Protocol Headers and Packet Data

7 RSA 2000 - Jan. 20, 20007 Types of Security Provided by IPsec Data Origin Authentication Connectionless Integrity Replay Protection Confidentiality (Encryption) Traffic Flow Confidentiality

8 RSA 2000 - Jan. 20, 20008 Authentication Header (AH) Data origin authentication Connectionless integrity Replay protection (optional) Transport or tunnel mode Mandatory algorithms: –HMAC-MD5 –HMAC-SHA1 –Other algorithms optional

9 RSA 2000 - Jan. 20, 20009 Internet Packet Format with AH IP Header AH Header Upper Protocol Headers and Packet Data Tunnel Mode New IP Header Old IP Header AH Header Upper Protocol Headers and Packet Data Transport Mode

10 RSA 2000 - Jan. 20, 200010 Encapsulating Security Payload (ESP) Confidentiality Limited traffic flow confidentiality (tunnel mode only) Data origin authentication Connectionless integrity Replay protection (optional) Transport or tunnel mode

11 RSA 2000 - Jan. 20, 200011 Encapsulating Security Payload (ESP) (continued) Mandatory algorithms: –DES-CBC –HMAC-MD5 –HMAC-SHA1 –Null Authentication algorithm –Null Encryption algorithm –Other algorithms optional

12 RSA 2000 - Jan. 20, 200012 Internet Packet Format with ESP IP Header ESP Header Upper Protocol Headers and Packet Data Tunnel Mode New IP Header Old IP Header ESP Header Upper Protocol Headers and Packet Data Transport Mode

13 RSA 2000 - Jan. 20, 200013 Transport vs. Tunnel Mode

14 RSA 2000 - Jan. 20, 200014 Constructs Underlying IP Security Security Association (SA) Security Association Database (SAD) Security Parameter Index (SPI) Security Policy Database (SPD)

15 RSA 2000 - Jan. 20, 200015 Internet Key Exchange (IKE) Negotiate: –Communication Parameters –Security Features Authenticate Communicating Peer Protect Identity Generate, Exchange, and Establish Keys in a Secure Manner Delete Security Associations

16 RSA 2000 - Jan. 20, 200016 Internet Key Exchange (IKE) (continued) Threat Mitigation –Denial of Service –Replay –Man in Middle –Perfect Forward Secrecy Usable by IPsec and other domains

17 RSA 2000 - Jan. 20, 200017 Internet Key Exchange (IKE) (continued) Components: –Internet Security Association and Key Management Protocol (ISAKMP) –Internet Key Exchange (IKE, aka ISAKMP/Oakley) –IP Security Domain of Interpretation (IPsec DOI)

18 RSA 2000 - Jan. 20, 200018 IKE Negotiations - Phase 1 Purpose: Establish ISAKMP SA (“Secure Channel”) Steps (4-6 messages exchanged): –Negotiate Security Parameters –Diffie-Hellman Exchange –Authenticate Identities Main Mode vs. Aggressive Mode

19 RSA 2000 - Jan. 20, 200019 IKE Negotiations - Phase 2 Purpose: Establish IPsec SA Steps (3-5 messages exchanged): –Negotiate Security Parameters –Optional Diffie-Hellman Exchange –Final Verification Quick Mode

20 RSA 2000 - Jan. 20, 200020 NIST’s Contributions to IPsec Cerberus - Linux-based reference implementation of Ipsec PlutoPlus - Linux-based reference implementation of IKE IPsec-WIT - Web-based IPsec interoperability test facility

21 RSA 2000 - Jan. 20, 200021 NIST’s Contributions to Ipsec (continued) Goals: –Enable smaller industry vendors to jump-start their entry into IPsec –Facilitate ongoing interoperability testing of multiple IPsec implementations

22 RSA 2000 - Jan. 20, 200022 IPsec-WIT: Motivation Inter-operability of multiple implementations essential for IPsec to succeed Existing test modalities –Interoperability “Bake-offs” –Pre-planned Web-based interoperability testing Needed: spontaneous Web-based testing

23 RSA 2000 - Jan. 20, 200023 User-Related Objectives Accessible from remote locations Available at any time Require no modification to the tester’s IPsec implementation Allow testers to resume testing at a later time Configurable Well-documented Easy to use

24 RSA 2000 - Jan. 20, 200024 Implementation Objectives Simultaneous access by multiple users Rapid, modular implementation Easily modified and expanded as IPsec/IKE specifications evolve Built around NIST’s IPsec/IKE Reference Implementations, Cerberus and PlutoPlus

25 RSA 2000 - Jan. 20, 200025 Implementation Objectives (continued) Require minimal changes to Cerberus and PlutoPlus Operator intervention not required

26 RSA 2000 - Jan. 20, 200026 IPsec-WIT Architecture IUT WWW-based Tester Control (HTML/CGI) IPsec Encapsulated IP Packets Local IUT Configuration IPsec WIT Linux Kernel HTML Docs., Forms, and HTTP Server IP + NIST Cerberus PERL CGI Test Engine TestSuites Manual SAs and IP/IPsec Packet TracesNISTPlutoPlus Negotiated SAs and SA mgmt. messages Message logging and IKE Configuration Web Browser IKE Negotiation StateFiles

27 RSA 2000 - Jan. 20, 200027 Implementation Perl cgi-bin tester HTML forms Executable test cases Output –PlutoPlus: tracing the IKE negotiation –Cerberus: dumping the ping packets – expect command: color-coded output

28 RSA 2000 - Jan. 20, 200028 Implementation (continued) Individual tester files –Tester-specific parameters –Tester’s individual output –Storage and expiration

29 RSA 2000 - Jan. 20, 200029 Current Capabilities Key establishment: manual or IKE negotiation IKE negotiation: Initiator or Responder Peer authentication: pre-shared secrets ISAKMP hash: MD5 or SHA ISAKMP encryption: DES or 3DES Diffie-Hellman exchange: 1st Oakley group

30 RSA 2000 - Jan. 20, 200030 Current Capabilities (continued) Configurable port for IKE negotiation IPsec AH algorithms: HMAC-MD5 or HMAC-SHA1 IPsec ESP algorithms: –Encryption: DES, 3DES, IDEA, RC5, Blowfish, or ESP-Null –Authentication (optional): HMAC-MD5 or HMAC-SHA1 –Variable key length for RC5 and Blowfish

31 RSA 2000 - Jan. 20, 200031 Current Capabilities (continued) IPsec encapsulation mode: transport or tunnel Perfect Forward Secrecy (PFS) Verbosity of IKE/IPsec output configurable IPsec SA tested using “ping” command Transport-mode SA: host-to-host

32 RSA 2000 - Jan. 20, 200032 Current Capabilities (continued) Tunnel-mode SA:host-to-host or host-to- gateway –Host-to-gateway SA tests communications with tester’s host behind gateway Sample test cases for testers without a working IKE/IPsec implementation Current/cumulative test results can be viewed via browser or emailed to tester

33 RSA 2000 - Jan. 20, 200033 Limitations Re-keying Crash/disaster recovery Complex policy-related scenarios

34 RSA 2000 - Jan. 20, 200034 Lessons Learned Voluntary interoperability testing is useful and used Interoperability tests can also serve as conformance tests Stateful protocols can be tested using a Web-based tester “Standard” features are more useful than “cutting edge”

35 RSA 2000 - Jan. 20, 200035 Lessons Learned (continued) Some human intervention is required Productive and informative multi-protocol interaction is challenging Users do the “darnedest” - and most unexpected - things

36 RSA 2000 - Jan. 20, 200036 Future Horizons - PlutoPlus Additional Diffie-Hellman groups More complex policy options –Multiple proposals –Adjacent SA’s –Nested SA’s Peer authentication: public key PKI interaction and certificate exchanges

37 RSA 2000 - Jan. 20, 200037 Future Horizons - IPsec-WIT Test IPsec SA’s with UDP/TCP connections, rather than ICMP Better diagnostics from underlying protocols

38 RSA 2000 - Jan. 20, 200038 Futuristic Horizons Negative testing Robustness testing

39 RSA 2000 - Jan. 20, 200039 Current Status of IPsec Basic IPsec and IKE functionality defined in RFC’s Add-ons and additional functionality defined in Internet Drafts Numerous IPsec implementations in hardware and software Periodic interoperability/conformance testing at IPsec “Bake-offs”

40 RSA 2000 - Jan. 20, 200040 Current Status of IPsec (continued) Deployed in Auto Industry Networks (ANX and ENX) Used for Virtual Private Networks (VPNs)

41 RSA 2000 - Jan. 20, 200041 Future Directions of IPsec PKI profiles for IPsec Policy configuration and control (IPSP) Secure remote access (IPSRA) Transport-friendly ESP (TF-ESP)

42 RSA 2000 - Jan. 20, 200042 An SAT-type Analogy: The Answer ?? To Be Announced ??

43 RSA 2000 - Jan. 20, 200043 Contact/Usage Information IPsec-WIT: http://ipsec-wit.antd.nist.gov Cerberus documentation: http://www.antd.nist.gov/cerberus PlutoPlus documentation: http://ipsec-wit.antd.nist.gov/newipsecdoc/pluto.html For further information, contact: –Sheila Frankel: sheila.frankel@nist.gov –Rob Glenn: rob.glenn@nist.gov

Download ppt "Implementing and Testing IPsec: NIST’s Contributions and Future Developments Sheila Frankel Systems and Network Security Group NIST"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.

1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST

PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Similar presentations

Ads by Google