1 / 42

IP SECURITY – Chapter 16

Security Mechanisms: email – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network - TCP/IP Three Areas: 1. Authentication – verifies source / no alteration 2. Confidentiality – no eavesdropper

dcroy
Télécharger la présentation

IP SECURITY – Chapter 16

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Mechanisms: email – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network - TCP/IP Three Areas: 1. Authentication – verifies source / no alteration 2. Confidentiality – no eavesdropper 3. Key Management – secure exchange IP SECURITY – Chapter 16

  2. IP Spoofing - false IP address • eavesdropping / packet sniffing • - logon data, database contents • Secure Branch Office over Internet • - Virtual Private Network • Secure Remote Access over Internet • - local call to ISP  remote company • extranet/internet – secure comms  other orgs • Secure Commerce – enhanced by IPSEC • …because encrypt/decrypt all traffic at IP level • (fig 16.1) ATTACKS - REQUIREMENTS

  3. IP SECURITY SCENARIO

  4. Traffic within company • – ”no need for security” • Transparent applications and end users • Security for ”off-site” individuals BENEFITS of IPSEC

  5. Authorises Routing Advertisement • Authorises Neighbour Advertisement • Redirect • Routing Update - not forged IPSEC and ROUTING

  6. - follows main IP header Authentication Header Encapsulating Security Payload (ESP) header (encrypted) Fig 16.2 AH - Authentication Header ESP – Encryption + Authentication Table 16.1 EXTENSION HEADER

  7. IPSec DOCUMENT OVERVIEW

  8. One-way relationship between • sender and receiver • For two-way, need two SAs • Three Parameters • 1. Security Parameter Index (SPI) • 2. IP Destination Address • 3. Security Protocol Identifier SECURITY ASSOCIATIONS (SAs)

  9. 1. Security Parameter Index (SPI) - bit string – carried in AH and ESP headers enables receiver to select SA for processing packet. 2. IP Destination Address - end user or network system (e.g. firewall, router) 3. Security Protocol Identifier indicates AH or ESP SECURITY ASSOCIATIONS (SAs)

  10. Sequence Number Counter • Sequence Counter Overflow • - overflow auditable? • Anti-Replay Windows • - is incoming AH or ESP a replay? • AH information • - auth. alg., keys, key lifetimes • ESP information • - encryp. alg., auth. alg., keys, • init. values, key lifetimes • Lifetime of SA • IPSec Protocol Mode: • - Tunnel/Transport/Wildcard (mask) • Path MTU – max packet size SA PARAMETERS

  11. Relates IP traffic to specific SAs [ Subset0 of IP Traffic] SA [ Subset1 of IP Traffic] and/or [Subset of IP Traffic] SA0 SA1 SECURITY POLICY DATABASE (SPD)

  12. - filters/maps traffic  SA • Dest. IP Address: single/list/range/wildcard • Source IP Address: single/list/range/wildcard • User ID • Data Sensitivity Level:e.g.secret/unclassified • Transport Layer Protocol: • (number) individual/list/range • IPSEC Protocol: AH/ESP/AH and ESP • Source and Dest. Ports: • (TCP or UDPvalues) individual/list/wildcard SPD : IP and UPPER LAYER SELECTORS

  13. - filters/maps traffic  SA • IPv6 Class: specific/wildcard • IPv6 Flowlabel: specific/wildcard • IPv4 Type of Service (TOS): • specific/wildcard SPD : IP and UPPER LAYER SELECTORS

  14. Transport Upper-layer protection End-to-end communication (e.g. client  server, two workstations) ESP encryptsIP payload (not header) (optionally authenticates) AH authenticates IP payload + selected portions of header TRANSPORT MODE

  15. Tunnel Protects entire IP packet entire packet + security fields treated as ”outer” payload with new IP header Original (inner) packet travels through tunnel. Routers cannot examineinner IP header e.g. tunneled through firewall Table 16.2 TUNNEL MODE

  16. - Detects modification - Prevents address spoofing, replay Uses MAC - Alice, Bob share secret key Fig 16.3 AUTHENTICATION HEADER

  17. AUTHENTICATION HEADER

  18. Sequence Number Field (SNF) thwarts attack New SA: Sender initialises C=0 For every new packet on SA: C++ Anti-Replay operates up to max C = 232 – 1 If max reached, terminate SA ANTI-REPLAY SERVICE

  19. IP is, connectionless, unreliable  protocol does NOT guarantee: packets delivered in order all packets delivered ANTI-REPLAY SERVICE

  20. ANTI-REPLAY MECHANISM

  21. (Fig 16.4) 1. if Rx packet falls in window and new then check MAC. if authentic then mark slot 2. if Rx packet to right of window and new then check MAC. if authentic advance window up to packet. 3. if Rx packet to left of window or authentication fails then, discard, audit ANTI-REPLAY MECHANISM

  22. HMAC–MD5-96, HMAC-SHA-1-96 (trunc to 96 bits) MAC over: IP Header Fields which are unchanged in transit (or are predictable at receiver), other fields set ot 0 for calculation purposes. AH Header except Authentication Data Field – AD  0 Upper-Level protocol data INTEGRITY CHECK VALUE (ICV) - MAC

  23. Fig 16.5 Transport SA: workst.  server (secret key) Tunnel SA: workst. intern. network firewall intern. server without auth. Fig 16.6 IP Payload is TCP or data for other protocol. TRANSPORT / TUNNEL MODES

  24. End-to-End vs. End-to-intermediate Auth.

  25. SCOPE OF AH AUTHENTICATION

  26. ENCAPSULATING SECURITY PAYLOAD (ESP) Message Confidentiality Limited Traffic flow Confidentiality Authentication (like AH) Fig 16.7

  27. ENCAPSULATING SECURITY PAYLOAD (ESP)

  28. ENCAPSULATING SECURITY PAYLOAD (ESP) • SPI – Security Association • Sequence Number • Payload – Transport/Tunnel – encrypt • Padding - 0 – 255 bytes • Pad Length • Next Header – Payload type by • identifying first header • in payload. • Auth. Data – ICV (MAC)

  29. ESP Encrypts payload, padding, pad length, next header Optimal init. vector (IV) for encryp. alg. at beginning of Payload Uses DES(CBC), 3DES, RC5, IDEA, 3IDEA, CAST, Blowfish Uses HMAC-MD5-96, HMAC-SHA-1-96

  30. Required, • if encryp. alg. requires plaintext to be • certain multiple of bytes. • to make ciphertext a multiple of 32-bits • for Partial Traffic Flow Confidentiality PADDING

  31. Fig 16.8 Transport - confidentiality for all appl. - drawback : traffic analysis Tunnel – hosts avoid security (VPN) Fig 16.9 TRANSPORT and TUNNEL MODES

  32. Transport vs. Tunnel Encryp.

  33. Scope of ESP Encryp. and Auth.

  34. Each SA implements AH or ESP, but, Some traffic flow may require both.  multiple SAs Security Association Bundle Sequence of SAs SAs may terminate at different endpoints COMBINING SAs

  35. Transport Adjacency: more than one security protocol to same IP packet, no tunneling, one endpoint. Iterated Tunneling: multiple (nested) security layers using tunnelling, possible different end points. TWO BUNDLE TYPES

  36. TWO BUNDLE TYPES Two approaches can be Combined e.g. Transport SA between hosts travels partway through a Tunnel SA between security gateways.

  37. 1. ESP with Auth. Option - Fig 16.9 Transport mode ESP: IP header not protected Tunnel mode ESP: Auth. entire outer IP packet Encryp. entire inner IP packet For both cases, ciphertext authenticated AUTHENTICATION + CONFIDENTIALITY

  38. Scope of ESP Encryp. and Auth.

  39. 2. Transport Adjacency Two Bundled SAs: - inner being ESP (no auth.) outer being AH - advantage: auth. covers more fields - disadvantage: two SAs versus one AUTHENTICATION + CONFIDENTIALITY

  40. 3. Transport-Tunnel Bundle Auth. Prior to encryp.: - advantages: Impossible to intercept and alter without detection. Store MAC with message at destination for later. Use Bundle: Inner AH: Transport SA Outer ESP: Tunnel SA  entire auth. inner packet encrypted. new outer IP header added AUTHENTICATION + CONFIDENTIALITY

  41. CASE 1 End systems implement IPSec - share keys CASE 2 Security between gateways (routers,firewalls) No hosts implement IPSec Simple VPN Nested tunnels not required because IPSec applied to entire packet. CASE 3 Case 2 + end-to-end security. Gateway-to-gateway ESP provides traffic confidentiality. CASE 4 Support for remote host to reach firewall. Only tunnel mode required. Key Management - Read BASIC COMBINATION OF SAs

  42. BASIC COMBINATION OF SAs

More Related