IP Security

Outline

Introduction IP security Overview IP security Applications IP security Scenario IP security Benefits IP security Architecture Security Associations Combinations of SA’s Key Exchange Management

Basic Objective: Secure IP

Should achieve the following: Disallow links to un-trusted sites. Encrypt packets that leave the

premises. Authenticate packets that enter the

premises.

IP-Level Security

Consists of three aspects:

Authentication: insures that the received packet was transmitted by the party identified in the header.

Confidentiality: Enables communicating nodes to encrypt messages.

Key management: secure key exchange.

An Overview of IP

Internet Protocol (IP): “Provides the facilities for inter-

connecting end systems across multiple networks.”

Implemented in:1. Each end system and2. Routers of the networks. Routers must cope with heterogeneous networks.

Overview of IP

IP provides unreliable service. No guarantee that all data packets will be

delivered. Delivered packets may arrive in wrong order.

Higher layer (TCP) must recover from any errors.

Provides great deal of flexibility: No reliability requirements of

subnets. Packets can follow different paths.

An Overview of IP

Operation of IP://The next slides shows the

architecture of TCP/IP suite.//Example: “End system X wants to send a data

packet to end system Y.”

TCP/IP Example

IP Security Overview

IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.

Applications of IPSec

Secure branch office connectivity over the Internet: A company can build a secure virtual private network over the Internet or over a public WAN. This enables a business to rely heavily on the Internet and reduce its need for private networks, saving costs and network management overhead.

Secure remote access over the Internet: An end user whose system is equipped with IP security protocols can make a local call to an Internet Service Provider (ISP) and gain secure access to a company network. This reduces the cost of toll charges for traveling employees and telecommuters.

Application of IPSec

Establishment of extranet and intranet connectivity with partners: IPSec can be used to secure communication with other organizations, ensuring authentication and confidentiality and providing a key exchange mechanism.

Enhancement of electronic commerce security: Most efforts to date to secure electronic commerce on the Internet have relied upon securing Web traffic with SSL since that is commonly found in Web browsers and is easy to set up and run. There are new proposals that may utilize IPSec for electronic commerce.

Applications of IP Security

IPSec can encrypt and authenticate all traffic at IP level.

Distributed applications (like remote login, client-server interaction, e-mail, file transfers, web accesss etc.) can be secured.

An IP Security Scenario

Suppose an organization maintains LANs at several dispersed locations.-Within each LAN, IP traffic is not secured.-For Inter-LAN traffic (over the Internet or a WAN), IPSec protocols are used.

An IP Security Scenario...

IPSec protocols operate in networking devices that connect a LAN to Internet.

(like router) Encrypt all traffic leaving a LAN and

decrypt traffic incoming to a LAN.▪ IPSec operations are transparent to

workstations and servers.▪ Secure transmission also possible with

individual users.// User workstation must implement IPSec

protocols//

IP Security Scenerio

Benefits of IP Security

Transparent to applications (below transport layer (TCP, UDP).

//no need to change software on end systems.//

-IPSec can be transparent to end users.//no need to train end users on security

mechanisms.// Provide security for individual users.

Benefits of IP Security

IPSec plays an important role in routing.

IPSec can assure that: A router or neighbour advertisement

comes from an authorized router A redirect message comes from the

router to which the initial packet was sent

A routing update is not forged

IP Security Architecture

1. Architecture: Covers general concepts, security requirements, etc.

2. Encapsulating Security Payload (ESP): Covers the issues of packet encryption.

3. Authentication header (AH): Cover issues of packet authentication

IP Security Architecture

4.Encryption Algorithms: how various encryption algos are used for ESP.

5. Authentication Algorithms: How various authentication algorithms are used for AH and authentication option of ESP.

6. Key Management: Documents that describe key management.

7. Domain of Interpretation (DOI): Defines payload formats, exchange types, and conventions for naming security

Architecture

IPSec Services

IPSec uses two protocols to provide security:

1. Authentication Header (AH): an authentication protocol.

2. Encapsulating Security Payload (ESP): a combined encryption and authentication protocol.

IPSec Services

Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity

Security Associations (SA) A simplex (uni-directional) logical

connection, created for security purposes. A one-way relationship between a sender and

a receiver. For a two-way secure exchange, two security

associations are required. Identified by three parameters:

Security Parameter Index (SPI): A bit string assigned to this SA.

//Used by receiver to select the SA.//

Security Associations (SA)

IP Destination Address: The address of the destination endpoint

of SA.//may be an end user system, a firewall or a

router//

Security Protocol Identifier: Indicates if the association is an AH or

ESP security association.

Modes Of Operations

AH and ESP support two modes of operations:

Transport Tunnel.

Transport Mode:

Protection extends to the payload of an IP packet.

Used for end-to-end communication between two hosts (client and server, or two workstations).

Modes Of Operations

Tunnel Mode:

Provides protection to the entire IP packet.

After AH or ESP fields are added, the entire packet plus security fields are treated as a payload of a new IP packet.

A new IP header is attached.

Tunnel vs. Transport

Authentication Header

Provides support for:1. Data integrity of a packet.

Modification to packets while in transit are not possible.

2. Authentication of a packet. End system can verify the sender. Prevents address spoofing attacks.

3. Also guards against replay attacks.

Encapsulating Security Payload

1. Provides confidentiality services. Confidentiality of the packet.

2. Provides limited authentication service. Authenticates the payload but not the

header.

3. Also provides limited traffic confidentiality.

Combination of SAs

Four basic combinations.

Case 1: All security is provided between end

systems. End systems share appropriate secret

keys.

Combination of SAs

Combination of SAs

Case 2: Security is implemented only between

gateways (routers, firewalls). End hosts do not implement IPSec. A single tunnel SA is established

between the gateways. Could support AH, ESP, and ESP with

authentication.

Combination of SAs

Combination of SAs

Case 3: End-to-end security is added to Case 2. Besides a tunnel SA, the end hosts may

have one or more SAs. Gateway-to-gateway tunnel provides

authentication or confidentiality to traffic between end systems.

End systems can implement additional security using end-to-end SAs.

Combination of SAs

Combination of SAs

Case 4: A tunnel mode exists between a host

and a firewall. Can be used by remote host to reach the

firewall and gain access to a server or workstation behind the firewall.

Combination of SAs

Key Exchange Management Handles key generation &

distribution Typically need 2 pairs of keys

2 per direction for AH & ESP Manual key management

System admin manually configures every system

Automated key management automated system for on demand

creation of keys for SA’s in large systems has Oakley & ISAKMP elements

Questions???