Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research

Published byBrenda O’Connor’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research"— Presentation transcript:

1 Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research smb@research.att.com http://www.research.att.com/~smb

2 Layer Violations for Fun and Profit Steven M. Bellovin AT&T Labs Research smb@research.att.com http://www.research.att.com/~smb

3 Assumptions l It is reasonable for some authorized parties to look at some packet header fields. –It is relatively harmless if unauthorized parties see the same fields. l These authorized parties should not participate in the key management dialog, nor should they be given keying material. l Packet examination should be context-free. l Packet modification is not necessary (or desirable).

4 Is this Necessary? Safe? l Many reasons already given for packet header inspection. l (Unauthorized) eavesdropper primarily learns IP addresses and port numbers. –The former are very hard to conceal; the latter are probably discernable by traffic analysis. l Don’t share keys, so monitoring station subversion not a serious problem.

5 Principles for Proposed Scheme l Packets specify amount of leading portion that is in the clear. –Exposure amount optional and negotiated. –Don’t change integrity check boundary at all. l Add padding, for boundary alignment and cipher blocksize match. l Move protocol number to the start, in the clear.

6 Proposed TF-ESP Format clearlenProtoFlags (Reserved) SPI Anti-replay counter Cleartext payload Cleartext padding IV (if needed) Encrypted padding Encrypted payload padlenPadding Encrypted Integrity

7 Features l Flag bit -- “replayable”. l Possibly move integrity check boundary, to permit modifiable fields. –Are there any safe ones? l Header fields at fixed offsets from start (unless, of course, there are IP options). l Cleartext boundary is dangerous -- better not expose TCP checksum on short packets!

8 “Disclosure” Header Protolendiff Source PortDest Port Sequence Number Dest Address Acknowledegment Source Address Window

9 A Cleaner Solution? l Contains copies of interesting encrypted fields. –Must be truthful or zero. l Leaks almost as much information. –But easier to avoid mistakes. l Possibly larger than TF-ESP scheme. l Provides high-quality plaintext/ciphertext pairs. –Could we just use a stronger cipher?

10 Suggested Alternatives l SSL –Must change every application. –Vulnerable to active denial-of-service attack. –Doesn’t handle UDP. l SSL plus AH –Must still change every application. –Still doesn’t handle UDP.

Download ppt "Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IPSec Isaac Ghansah.

IPSec Isaac Ghansah.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Internet Networking Spring 2004 Tutorial 2 IP Checksum, Fragmentation.

1 Internet Networking Spring 2004 Tutorial 2 IP Checksum, Fragmentation.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
Cryptography and Network Security

Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Similar presentations

Ads by Google