Presentation is loading. Please wait.

Presentation is loading. Please wait.

01/29/2001Policy'2001, Bristol, UK, January 29-31, 20011 IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution Zhi Fu S. Felix Wu He.

Published byRoy Short Modified over 9 years ago

Similar presentations

Presentation on theme: "01/29/2001Policy'2001, Bristol, UK, January 29-31, 20011 IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution Zhi Fu S. Felix Wu He."— Presentation transcript:

1 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20011 IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution Zhi Fu S. Felix Wu He Huang James Loh Motorola UC Davis NortelNetworks Fengmin Gong Ilia Baldine Chong Xu IntruVert MCNC Cosine http://www.cs.ucdavis.edu/~wu wu@cs.ucdavis.edu * Many of us were with NCSU while the work was done.

2 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20012 l Motivation/Conflict Examples l Security Requirements l Conflict Detection and Analysis l Example l Remarks Content Content IPSec: Policy and Requirement

3 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20013 l Policy: –if then l IPSec policy: –Condition: src,dst,src-port,dst-port, protocol, … –Action: Deny | Allow | ipsec (entry, exit, mode, sec-prot, alg) l Example: –Condition: src=A, dst=B, port=*, prot=TCP –Action: ipsec ( Rb, Rd, tun, ESP, 3DES ) BARcRbRd Rb,Rd, ESPA, B IPSec Policy: IPSec Policy: Implementation Policy

4 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20014 Conflict #1: Conflict #1: Privacy and Content Examination ASG-1SG-2B XY

5 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20015 Firewall-- drop any incoming IPSec/ESP encrypted packet if then IPSec Gateway--all packets from A to B should be encrypted with 3DES if <src = 169.237.6.236, dst = 152.1.75.170, prot=*> then <ipsec(169.237.6.236, 152.1.75.170, transport, esp, 3des) > All Packets Dropped !!

6 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20016 ASG-1SG-2B Conflict #2: Conflict #2: Selector Confusion XY

7 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20017 Security Policies: A: All packets from A to B must authenticate to SG-2 SG-1: All packets from A to B will be allowed, but otherwise denied. The src and dst changed to be A and SG-2 thus the policy at SG-1 will drop the traffic from A to B. One way or the other, we loss…...

8 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20018 A SG-1 A A

9 01/29/2001Policy'2001, Bristol, UK, January 29-31, 20019 SG-1.1, SG-2A, B B SG-2 SG-1SG-2.1 SG-1,SG-2.1 Conflict #3: Conflict #3: Tunnel Overlapping SG-1.1, SG-2A, B SG-1.1 SG-1.1, SG-2A, B A

10 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200110 l A set of (implementation) policies does not quite work well together such that the packets (information bits) are either dropped or revealed/sent unsafely. l Requirement(s): Intention(s) behind the implementation-level policies: l e.g., I want to maintain the privacy of certain flows: –IPSec ESP Tunnels. l Conflicts: l a set of policies together does not support the requirements l requirements conflict among themselves. Policy Conflict Policy Conflict IPSec/VPN Policy

11 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200111 Policy versus Requirement l Policy: (implementation, low-level) l How should a network entity or a policy domain handle a particular flow of packets? l Currently, the processing is based on the selector (i.e., the packet header information). l Requirement: (intention, high-level) l End-to-end, flow-based policy + access control + content examination + pairing. l If I want to send a sequence of information bits from A to B, how should they be handled, regardless of any packet header transformation (e.g., tunnel/NAT)

12 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200112 IPSec Security Requirements (1) l Access Control Requirement (ACR) –Restrict access only to trusted traffic l E.g. Deny all telnet traffic l Security Coverage Requirement (SCR) –Apply security functions to prevent traffic from being compromised during transmission across certain area. +who can be trusted? H2H1RbRd Encryption or Authentication trusted

13 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200113 IPSec Security Requirement (2) l Content Access Requirement (CAR) –Specify the needs to access content of certain traffic I will examine the content for intrusion detection l Security Association Requirement (SAR) –Specify trust/distrust relationship in SA setup X Can not set up SA CMR: modify CER : examine

14 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200114 Security Requirement Satisfaction (1) H2H1RcRbRd H2H1RcRbRd l Access Control Requirement - deny or allow l Security Coverage Requirement –All the links and nodes in the area will need to be covered by specified security No! Yes! Encryption

15 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200115 Security Requirement Satisfaction (2) H2H1RcRbRd l Content Access Requirement –Certain node needs to access the content, Rb? Rc? Rb: No! Rc: Yes! l Security Association Requirement –Some nodes are not allowed to set up SA

16 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200116 IPSec Requirement Spec. l Formal specification: l ACR-SCR-CAR-SAR l Conflict Detection in Requirements: l Requirement Satisfiability Problem (RSP): given a set of requirements, an algorithm to check whether at all possible to find a set of policies to satisfy all the requirements. l Completeness Proof l Policy Determination: l Transformation: if possible, an algorithm to find the “optimal” set of policies. l Correctness and Efficiency

17 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200117 IPSec Policy Analysis l Policy Conflict Analysis: l whether a set of policies satisfy all the specified requirements. l Policy Conflict Resolution: l if conflicts detected, how can we resolve them, if possible? l E.g., Tunnel breaking on trusted nodes.

18 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200118 Example (per flow): 1 2 3 4 5 SCR#1: ENC 2-4 trusted 3 SCR#2: AUTH 1-4 trusted 3 SCR#3: ENC 3-5 trusted 4 CAR#1: (ENC, AUTH) by 4 SAR#1: not-ENC 2-5 SAR#2: not-ENC 1-5 SAR#3: not-AUTH 1-4 Coverage: Content: SA relation:

19 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200119 Solution: 1 2 3 4 5 ENC AUTH SCR#1: ENC 2-4 trusted 3 SCR#2: AUTH 1-4 trusted 3 SCR#3: ENC 3-5 trusted 4 CAR#1: (ENC, AUTH) by 4 SAR#1: not-ENC 2-5 SAR#2: not-ENC 1-5 SAR#3: not-AUTH 1-4 Coverage: Content: SA relation:

20 01/29/2001Policy'2001, Bristol, UK, January 29-31, 200120 Remarks l IPSec Security Requirement Specification. l Developed algorithms to detect and analyze conflicts among policies and requirements in polynomial time l some of the results are in our new paper. wu@cs.ucdavis.edu l Future Works: l Implementation and Empirical Evaluation l Transformation from Policies to Requirements l General Topology (integrated with Routing) l Inter-domain & Distributed Policy Analysis l Other Policies (QoS and Routing)

Download ppt "01/29/2001Policy'2001, Bristol, UK, January 29-31, 20011 IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution Zhi Fu S. Felix Wu He."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Similar presentations

Ads by Google