network security architectures part 1 fundamentals summer school on software security theory to...
Post on 20-Dec-2015
217 views
TRANSCRIPT
![Page 1: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/1.jpg)
Network Security ArchitecturesPart 1 Fundamentals
Summer School on Software Security Theory to Practice
Carl A. GunterUniversity of PennsylvaniaSummer 2004
![Page 2: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/2.jpg)
Public Key Infrastructure
Mutual authentication of participants in a transaction requires a system of identities
Principals are identified by public keys These keys can be used for authentication,
but only if “spoofing” is prevented A Public Key Infrastructure (PKI) provides a
basis for establishing trust
![Page 3: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/3.jpg)
PKI Systems
Three Philosophies Hierarchy
ITU X.509 (DAP, PKIX) DNS
Web of Trust PGP
Ad hoc SSH Most research studies
![Page 4: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/4.jpg)
X.509 Certificates
X.509 certificates bind a subject to a public key.This binding is signed by a Certificate Authority (CA).
Subject Name
Subject Public Key
CA Name
CA Signature
Subject Name
Subject Public Key
CA Name
CA Signature
![Page 5: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/5.jpg)
Chaining
Pennsylvania CA
Pennsylvania CA Key
USA CA
Philly CA
Philly CA Key
Pennsylvania CA
Joe Smith
Joe’s Key
Philly CA
Subject
Subject’s Key
Issuer
![Page 6: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/6.jpg)
Certificate Management
Distribution: How to find a certificate Certificate
accompanying signature or as part of a protocol
Directory service DAP LDAP DNS
Email Cut and paste from web
pages
Revocation: Terminate certificates before their expiration time. How does the relying
party know that the certificate has been revoked?
Many CRL distribution strategies proposed
Mitre report for NIST suggests certificate revocation will be the largest maintenance cost for PKIs
![Page 7: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/7.jpg)
Semantics of CRL’s
Three certificates.1. Q says P is the public key of Alice.2. R says P is the public key of Alice.3. Q says R is the public key of Bob.
Three kinds of revocation.1. P is not the public key of Alice. (3 not
2.)2. Q no longer vouches for whether P is
the public key of Alice. (2 and 3.)3. The key of Q has been compromised.
(2 not 3.)1998 Fox and LaMacchia
Revoke
![Page 8: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/8.jpg)
Adoption of PKI
Problems Revocation User ability to deal
with keys Registration
(challenge for all authentication techniques)
Weak business model
Areas of Progress SSL Authenticode SSH Smart cards for
government employees
Web services
![Page 9: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/9.jpg)
Challenges for Network Security
Sharing Complexity Scale Unknown perimeter Anonymity Unknown paths
![Page 10: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/10.jpg)
Internet Layers
1. Physical2. Link3. Network4. Transport5. Application
![Page 11: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/11.jpg)
Security at Layers
Physical Locked doors Spread spectrum Tempest
Link WEP GSM
Network Firewalls IPSec
Transport SSL and TLS
Application S/MIME XMLDSIG and WS
security Access control
systems for web pages, databases, and file systems
![Page 12: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/12.jpg)
Network Layer Security
HTTP FTP SMTP
TCP
IP/IPSec
![Page 13: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/13.jpg)
Transport Layer Security
HTTP FTP SMTP
TCP
IP
SSL or TLS
![Page 14: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/14.jpg)
Application Layer Security
S/MIME PGP SET
TCP
IP
SMTP HTTP
UDP
Kerberos
![Page 15: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/15.jpg)
Division of Labor in the Internet
Hosts
Routers
Networks
![Page 16: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/16.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
TCP/IP Protocol Stack
Host HostRouter Router
Physical PhysicalPhysical Physical
![Page 17: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/17.jpg)
Communication Processing Flow
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
Physical PhysicalPhys Phys
Link
Phys
Link
Phys
![Page 18: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/18.jpg)
Typical Patchwork
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
Physical PhysicalPhys Phys
Link
Phys
Link
Phys
![Page 19: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/19.jpg)
Physical Layer Protection Issues
Hide signal Spread spectrum
Emission security Radio emissions (Tempest) Power emissions
![Page 20: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/20.jpg)
Encapsulation
LinkLink IP TCP Application
Link Layer Frame
Network LayerHeader
Transport LayerHeader
Application LayerPayload
![Page 21: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/21.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
One Hop Link Layer Encryption
Host HostRouter Router
Link Link
![Page 22: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/22.jpg)
Link Layer Encryption
LinkLink IP TCP Application
Encrypted
![Page 23: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/23.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
End-to-End Network Security
Host HostRouter Router
![Page 24: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/24.jpg)
Network Layer Transport Mode
LinkLink IP TCP Application
LinkLink IP TCP Application
Encrypted
Hdr Tlr
![Page 25: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/25.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
VPN Gateway
Host HostRouter Router
Network
![Page 26: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/26.jpg)
Network Layer Tunnel Mode
LinkLink IP TCP Application
LinkLink New IP TCP ApplicationHdr IP
Encrypted
Tlr
![Page 27: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/27.jpg)
Layer 3 Implementation Options
Location Host Network
Style Integrated Modular (for tunnel mode)
![Page 28: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/28.jpg)
Modular Implementation:Bump In The Stack (BITS)
Link
Security
Network
App2
Link
Network
Link
Network
Link
Net + Sec
App1 App2App1
Transport
Transport
![Page 29: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/29.jpg)
Security
Modular Implementation:Bump In The Wire (BITW)
Link
Network
Security
App2
Link
Network
Link
Network
Link
Network
App1 App2App1
Transport Transport
![Page 30: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/30.jpg)
Implementation Options:Integrated on Host
Link
Net + Sec
App2
Link
Net + Sec
Link
Network
Link
Network
App1 App2App1
Transport Transport
![Page 31: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/31.jpg)
Implementation Options:Integrated on Router
Link
Network
App2
Link
Network
Link
Net + Sec
Link
Net + Sec
App1 App2App1
Transport Transport
![Page 32: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/32.jpg)
Network Security Location Options
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
End-to-End Transport
Voluntary Tunnel
Involuntary Tunnel
![Page 33: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/33.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
Transport Layer Security
Host HostRouter Router
![Page 34: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/34.jpg)
Transport Layer Encryption
LinkLink IP TCP Application
LinkLink IP TCP Application
Encrypted
RH
LinkLink IP TCP App
![Page 35: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/35.jpg)
Message Processing Sequence
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
App2 Sec App2 Sec
![Page 36: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/36.jpg)
Application Layer Security
LinkLink IP TCP Application
LinkLink IP TCP ApplicationKey ID
Encrypted
![Page 37: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/37.jpg)
Link Layer Security
Advantages: Transparent to applications Hardware solution possible Can address especially vulnerable links
(viz. wireless) Disadvantages:
Hop-by-hop protection causes multiple applications of crypto operations
May not provide end to end security
![Page 38: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/38.jpg)
Network Layer Security
Advantages Transparent to applications Amenable to hardware Flexible
Disadvantages Makes routing more complex Flexibility introduces policy
management and compatibility challenges
![Page 39: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/39.jpg)
Transport Layer Security
Advantages Transparent to applications and may be
packaged with applications Exposing TCP enables compression and
QoS classification Disadvantages
Probably implemented in software Exposing TCP risks DoS
![Page 40: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/40.jpg)
Application Layer Security
Advantages Customized to application Requires no special protocol stack
(transparent to networking) Disadvantages:
Hard to share between applications (viz. standardization challenge)
![Page 41: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/41.jpg)
Protocols to Software
There are important differences between theoretical descriptions, standards and software Evolution (versions, extensibility) Interoperability (options, negotiation) Error modes
Two brief case studies Transport Layer Security (TLS) Network layer security (Ipsec)
![Page 42: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/42.jpg)
Secure Socket Layer (SSL)
Session protocol with: Server authentication Client authentication optional Integrity checksum Confidentiality
Possibly the most important security-related ecommerce protocol
Session sets up security parameters Many connections possible within a given session Current version TLS 1.0
http://www.ietf.org/rfc/rfc2246.txt
![Page 43: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/43.jpg)
X.509 Key Est. Messages
Let DA = EB(k), rA, LA, A. Let DB = rB, LB, rA, A Two messages:
1. A -> B : certA, DA, SA(DA)Check that the nonce rA has not been seen, and is not expired according to LA. Remember it for its lifetime LA.
2. B -> A : certB, DB, SB(DB)Check the rA and A. Check that rB has not been seen and is not expired according to LB.
![Page 44: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/44.jpg)
Establish Security Capabilities
Client Hello
Server Hello
Client Server
Time
![Page 45: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/45.jpg)
Server Auth & Key Exchange
Server Hello Done
Client Server
Time
Certificate Request
Server Key Exchange
Certificate
Optional
![Page 46: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/46.jpg)
Client Auth & Key Exchange
Client Server
Time
Certificate Verification
Client Key Exchange
Certificate
Optional
Optional
![Page 47: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/47.jpg)
Client Auth & Key Exchange
Client Server
Time
Change Cipher Spec
Finish
Change Cipher Spec
Finish
![Page 48: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/48.jpg)
IPsec
Modes Tunnel Transport
Protocols Authenticated
Header (AH) Encapsulated
Security Payload (ESP)
Configurations End-to-end Concatenated Nested
Principal elements Security
Associations (SAD) Internet Key
Exchange (IKE) Policy (SPD)
![Page 49: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/49.jpg)
Typical Case
Client
Server
S
SESP ESPG
S
Gateway
Internet
Corporate Network
![Page 50: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/50.jpg)
Encapsulated Security Header and Trailer
Security Parameter Index (SPI)
Sequence Number
Initialization Vector
Protected Data
PadPad Length Next Header
Authentication Data
16-23 23-310-7 8-15
![Page 51: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/51.jpg)
Security Association
An SA describes the parameters for processing a secured packet from one node to another
SAs are simplex: use one for each direction
If more than one SA is used for a packet the applicable SAs are called an “SA bundle”
![Page 52: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/52.jpg)
SA Parameters (ESP Only)
Sequence number, Sequence number overflow, Anti-replay window
Lifetime Mode Tunnel destination PMTU Encryption algorithm (IV, etc.) Authentication algorithm
![Page 53: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/53.jpg)
Policy
Policy is not standardized in IPSec but certain basic functionality is expected
A Security Policy Database (SPD) is consulted to determine what kind of security to apply to each packet
The SPD is consulted during the processing of all traffic: Inbound and outbound IPSec and non-IPSec
![Page 54: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/54.jpg)
SPD Actions
Discard Bypass IPsec Apply IPsec: SPD must specify the
security services to be provided. For inbound traffic it is inferred from:
destination address, protocol, SPI. For outbound traffic this is done with a
selector.
![Page 55: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/55.jpg)
Selectors
Selectors are predicates on packets that are used to map groups of packets to SAs or impose policy
They are similar to firewall filters Selector support
Destination and source IP addresses Name (DNS, X.509) Source and destination ports (may not
be available on inbound ESP packets; use inner header for inbound tunnel mode)
![Page 56: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/56.jpg)
IPsec Processing: Outbound
Use selectors in SPD to determine drop, bypass, or apply
If apply, determine whether an SA or SA bundle for the packet exists If yes, then apply all appropriate SAs before
dispatching If no, then create all necessary SAs. Apply
these when done before dispatching
![Page 57: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/57.jpg)
IPsec Processing: Inbound
If there are no IPsec headers check SPD selectors to determine processing discard, bypass, or apply
If apply, then drop If there are IPsec headers, apply SA
determined by SPI, destination, protocol
Use selectors on result to retrieve policy and confirm correct application
![Page 58: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/58.jpg)
Internet Key Exchange (IKE)
Motivating problem: Security settings (SAs) must be highly configurable
Solutions: Let network administrator manually
configure SA (most common) Provide mechanism to allow automatic
negotiation and configuration Can be found at:
http://ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-13.txt
IKEv2 Current as of March 22, 2004
![Page 59: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/59.jpg)
Station to Station Protocol
1. A -> B : YA (Diffie-Hellman public key)
Calculate k.
2. B –> A : YB, E(k, SB(YB, YA))Calculate k, use it to decrypt the signature, check the signature using the verification function of B and known values YB, YA.
3. A -> B : E(k, SA(YA, YB))Decrypt the signature and check it using the verification function of A.
![Page 60: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/60.jpg)
High-level view
Requester: Responder:
IKE_SA_INIT --> <-- IKE_SA_INIT IKE_AUTH --> <-- IKE_AUTH
These are mandatory message exchange pairs, and must be executed in this order.
![Page 61: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/61.jpg)
High-level view
Initiator: Responder:
CREATE_CHILD_SA --> <--
CREATE_CHILD_SA INFORMATIONAL --> <--
INFORMATIONAL These messages are optional and can
be sent by either party at any time.
![Page 62: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/62.jpg)
Changes from IKEv1
4 initialization messages instead of 8 Decrease latency in common case of 1
CHILD_SA by piggybacking this onto initial message exchanges
Protocol is reliable (all messages are acknowledged and sequenced)
Cookie exchange option ensures that the responder does not have to commit state until initiator proves it can accept messages
![Page 63: Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice Carl A. Gunter University of Pennsylvania Summer](https://reader030.vdocuments.us/reader030/viewer/2022032800/56649d485503460f94a23f6e/html5/thumbnails/63.jpg)
Summary
PKI provides potential scalable identities for the Internet but adoption has been difficult
Network protocols are designed in layers; security can be provided at multiple layers with various tradeoffs
Theoretical protocols differ in significant ways from Internet standards and software