1 lecture 13 ipsec internet protocol security cis 4362 - cis 5357 network security
Post on 21-Jan-2016
225 Views
Preview:
TRANSCRIPT
1
Lecture 13
IPsec
Internet Protocol Security
CIS 4362 - CIS 5357
Network Security
2
What is IPsec?• Protocols and mechanisms to support security at
the network layer (IP layer)– Two main security protocols called Authentication
Header (AH, IP protocol type = 51) and Encapsulating Security Protocol (ESP, IP protocol type = 50)
• Implemented on end hosts and gateways• Separate security associations (SA) are used to
determine processing at each of the two directions (outbound or inbound)
• An SA is uniquely defined by – SPI– Destination IP address– IPSec Protocol (ESP or AH)
3
Logical Format of an IP Packet
Version IHL Service Type Total length
4 bits 4 bits 8 bits 16 bits
Identification Flags Fragment offset
16 bits 3 bits 13 bits
Time to Live Protocol Header Checksum
8 bits 8 bits 16 bits
Source IP Address
32 bits
Destination IP Address
32 bits
IP Options if used plus padding to 4 bytes
Variable length multiples of 4 bytes
Encapsulated Data
Variable length, integral number of bytes
4
IPSec Services:Services That Hosts and Gateways Provide
• Access Control• Data content confidentiality• Connectionless integrity• Data origin authentication• Replay protection• Privacy• Traffic flow masking
5
IPsec Architecture (RFC 2401)
• Security Policies that define which traffic is treated
• Security Associations between network components
• Security Protocols – Authentication Header (AH) – Encapsulating Security Payload (ESP)
• Key Management – Internet Key Exchange (IKE)
• Algorithms for authentication and encryption
6
IPsec Operations
• Transport Mode– Above the IP level– Below the transport level
• Tunnel– IP within IP– Sandwiched between two IP
sessions
7
IPsec OSI Layer
Tunnel ModeTCP
IP
Data Link
Physical
Transport ModeTCP
IPSec
IP
Data Link
Physical
IPSec
8
IPsec Packet Encapsulation
IP Header Rest of Packet
Tunnel ModeTransport Mode
IP Header IPsec Header IP Header Rest of Packet
IP Header Rest of Packet
IP Header IPsec Header Rest of Packet
Original Packet
9
Adding IPSec to IPv4version: 4bits
header length: 4bits (unit = 4-octet)
type of service: 1 octet
packet length: 2 octets
packet identification: 2 octets
flags: 3 bits
fragment offset: 13 bits
hops remaining (TTL): 1 octet
protocol: 1 octet
header checksum: 2 octets
source address: 4 octets
destination address: 4 octets
options: variable
Regular IP protocol values:TCP=6; UDP=17; IP= 4
IPsec protocol values:ESP=50 and AH=51
The communicationprotocols are specifiedin the IPsec header
10
Adding IPsec to IPv6
version| type of service | flow label: 4 octets
payload length: 2 octets
next header: 1 octet (specifies protocol)
TTL: 1 octet
source address: 16 octets
destination address: 16 octets
11
Transport mode
IPheader payload
IPheader IPsec header payload
Transport mode was designed to save bandwidthin end-to-end associations. The payload is typicallyencrypted and authenticated. The IPheader is in theclear, and may or may not be authenticated.
12
Transporting
Alice Bob
IP packet p1
Sender=AliceRecipient=Bob
IP packet p2
(IPsec transport)
Sender=AliceRecipient=Bob
IP packet p1
13
Tunnel Mode
IPheader payload
new IP hdr IPsec hdr IPheader payload
Tunnel mode protects both the payload and IP header of the original packet. If encryption is used between gateways in tunnel mode, then it reduces information for traffic analysis.
14
Tunneling
IP packet p1
Sender=AliceRecipient=Bob
AliceGateway G1
Gateway G2
IP packet p 2
(IPsec tunnel)Sender=G 1
Recipient=G 2
IP packet p1
Bob
15
Security Associations
• An IPsec protected connection is called a security association
• The SPI used in identifying the SA is normally chosen by the receiving system
• Basic Processing– for outbound packets, a packet’s selector is used to
determine the processing to be applied to the packet– More complex than for inbound where the received
SPI, destination address and protocol type uniquely point to an SA
16
SAD and SPD
• The IPsec protocol maintains two databases:– Security association database. Indexed by SPI’s,
contains the information needed to encapsulate packets for one association: cryptographic algorithms, keys, sequence numbers, etc.
– Security policy database: Allows for implementation of packet filtering policies. Defines whether or not to accept non-protected packets, what to require, etc.
17
Security Association Database
• Sequence number• Sequence number overflow• Anti-Replay Window• AH Information
– Algorithms, initialization values, keys, etc.• ESP Information
– Algorithms, initialization values, keys, etc.• SA Lifetime• IPsec Protocol Mode• Path MTU (max packet size)
18
Security Policy Database
• Defines:– Traffic to be protected– How to protect it
• Must be consulted for each packet entering or leaving the IP stack
• Three possible actions– Discard– Bypass IPSEC– Apply IPSEC
19
Some Security Association Selectors
• Destination IP Address• Source IP Address• UserID• Data Sensitivity Level• Transport Layer Protocol number• IPSec Protocol (AH/ESP)
20
Combinations of SAs that must be supported
• Case 1: Host to host
– End to end service
• Case 2: Gateway to Gateway
– Virtual private network
• Case 3: Host to gateway, gateway to gateway, gateway to host
• Case 4. Host to gateway, gateway to host
– Dial-in users
21
Host Router Host
Local Intrane
t
Router
Local Intrane
tThe Internet
Transport or Tunnel
CASE 1
22
Host Gateway Host
Local Intrane
t
Gateway
Local Intrane
tThe Internet
Transport or Tunnel
CASE 2
Tunnel
23
Host Gateway Host
Local Intrane
t
Gateway
Local Intrane
tThe Internet
CASE 3
Tunnel
24
Host Gateway Host
Local Intrane
tThe
Internet
Transport or Tunnel
CASE 4
Tunnel
25
Security Protocols (RFC 2402/6)
• Authentication Header (AH) (RFC 2402)
– Access Control
– Connectionless integrity
– Data origin authentication
– Replay mask
• Encapsulating Security Payload (ESP) (RFC 2406)
– Access Control
– Connectionless integrity
– Data origin authentication
– Replay mask
– Confidentiality
– Traffic flow mask
26
IPSEC Roadmap
ESP
Encryption Algorithm Authentication Algorithm
AH
*DOI
Key Management Policy
*Domain of Interpretation
27
Authentication Header (AH) (RFC 2402)
• The IP AH is used to provide – Connectionless integrity– Data origin authentication– Protection against replays.
• AH provides authentication for as much of the IP header as possible, but cannot all be protected by AH.
• Data privacy is not provided by AH
28
Authentication Header (AH)
next hdr: 1 octet (communication protocol)
payload length: (AH header length): 1 octet
unused: 2 octets
SPI (Security Parameter Index): 4 octets
sequence number: 4 octets
authentication data: variable
The Authentication Header authenticates data -- the protocol field isunencrypted, so it is available for firewall rule-based decisions. AHauthenticates not only the IP payload but all “immutable” IP headercomponents, such as source and destination addresses. This creates incompatibilities with NAT boxes in end-to-end associations.
29
Authentication Header Structure
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Payload Len | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security Parameters Index (SPI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number Field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+-+
| Authentication Data (variable) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
30
IP Packets With AH
Original IP Packet: | IP header | TCP | Data |
AH Tunnel Mode
| new IP header | AH | original IP header | TCP | Data |
AH Transport Mode:
| IP header | AH | TCP | Data |
31
AH Elements• Authentication Data
– Variable-length field– Contains the Integrity Check Value (ICV) for this
packet
• Sequence Number – Unsigned 32-bit field– Monotonically increasing counter (sequence number)– It is mandatory and is always present– Processing of the Sequence Number field is at the
discretion of the receiver
32
Other AH Elements
• Payload Length: Length of AH in 32-bit words - 2
• Reserved: 16-bit field. MUST be set to "zero."
• Security Parameters Index (SPI): 32-bit value that, in combination with the destination IP address and security protocol, uniquely identifies the Security Association for this datagram
33
ESP (Encapsulating Security Payload)
• ESP allows for encryption, as well as authentication.– Both are optional, defined by the SPI and policies.
• ESP does not protect the IP header, only the payload– But, in tunnel mode everything is encapsulated
• If ESP encryption is enabled, then everything after the ESP header is encrypted– Communication protocol, ports (NATs and firewalls need this
information).
34
Encapsulating Security Payload(ESP)
• Services provided include:– Confidentiality– Data origin authentication– Connectionless integrity– Anti-replay service– Limited traffic flow confidentiality
• Security services can be provided between– A pair of communicating hosts– A pair of security gateways– A security gateway and a host
35
ESP encapsulationSPI (Security parameter Index): 4 octets
sequence number: 4 octets
IV (initialization vector): variable
data: variable
padding: variable
padding length: 1 octet (unit length: octets)
next header/protocol type
authentication data
36
ESP Header Elements• Security Parameters Index (SPI)• Sequence Number• Payload Data• Padding
– Sometimes need for encryption– Sometimes masks encryption– Sometimes used to mask traffic flow
• Pad length• Next Header• Authentication Data
37
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----| Security Parameters Index (SPI) | ^Auth.+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Coverage| Sequence Number | |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ----| Payload Data* (variable) | | ^~ ~ | | | | | Conf.+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Coverage*| | Padding (0-255 bytes) | | |+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| | || | Pad Length | Next Header | v v+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------| Authentication Data (variable) |~ ~| |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ESP Header (RFC 2406)
38
Encapsulating Security Header(ESP)
• The ESP header is inserted:–After the IP header–Before the upper layer protocol
header (transport mode)–Before an encapsulated IP header
(tunnel mode)
39
Transport Mode SA Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header
Authenticates entire inner IP packet (header and payload), plus selected portions of the outer IP header.
ESP Encrypts IP Payload Encrypts inner IP Packet
ESP With Authentication
Encrypts IP payload and authenticates IP payload, but not IP header
Encrypts inner IP packet, and authenticates inner IP packet.
top related