340 likes | 517 Vues
Security at the IP Layer Lecture 5. Outline. Security concerns at IP level What can be done at IP level IPSec architecture How does IPSec work? IPSec and other layers IPSec benefits and limitations. TCP/IP & Possible Security Enhancement. Kerboros, HTTPS, S/MINE, PGP…. Application.
E N D
Outline • Security concerns at IP level • What can be done at IP level • IPSec architecture • How does IPSec work? • IPSec and other layers • IPSec benefits and limitations Information and Nework Security
TCP/IP & Possible Security Enhancement Kerboros, HTTPS, S/MINE, PGP… Application SSL, TLS Transport (TCP, UDP) Network (IP) IP Sec Data Link Physical Information and Nework Security
TCP/IP Stack HTTP FTP TELNET DNS NFS PING Application Layer TCP UDP Transport Layer IP ICMP IP packet Information and Nework Security
Security at IP layer • Security at the IP layer is related to the layer’s function of end-to-end IP datagram delivery. • The security concerns are: • Authentication • Message replay • Message alteration • Message delay and denial • Etc. Information and Nework Security
Reasons • Originally authentication and confidentiality were not enforced at the IP level • IP address from IP header can be forged by opponents => cannot ensure that a received packet was transmitted by the party identified as the source in the packet header • Contents of a packet can be inspected when in transit • Old IP packets can be replayed Information and Nework Security
Address Masquerading attack (e.g) router a.b.c.100 NSF server x.y.z.200 Authorized NFS client x.y.x.201 UNAuthorized NFS client router a.b.c.100 NSF server x.y.x.201 -> x.y.x.200 Authorized NFS client Masquerading as authorised client x.y.z.200 - shutdown For maintenance Information and Nework Security
ICMP ECHO Request Attack (e.g) Ping o' Death Attack • ICMP, an integral part of IP, is utilized to report network errors. • PING (Packet InterNet Grouper) utilizes ICMP Echo and Reply packets to test host reachability. • ICMP messages normally consist of the IP Header and enclosed ICMP data with a default size of 64 bytes. • If the Hacker sends an ICMP Echo request that is greater than 65,536 this can crash or reboot the system. • Anewer attack method modifies the header to indicate that there is more data in the packet than there actually is. Countermeasure • Routers can configured to check the size of the ICMP packet. • Block PING (ICMP) traffic at the Firewall. Information and Nework Security
ICMP ECHO Flooding (e.g) SMURF Attack • The Hacker sends an ICMP Echo request to the target network with a destination broadcast address and a spoofed source address of the target. • The network serves as a "bounce site" and returns an Echo-Reply for each station on the network. • The network serves to multiply the effect of the "ping". The Echo-Request could be sent to multiple networks. Countermeasures: • Disable IP-directed broadcasts at your router. • Configure the workstation to not respond to an IP broadcast packet. Information and Nework Security
Some Terms and Definitions • Bridge: • Connect two LANs that use identical LAN protocol • Acts as an address filter to forward packets from one LAN to another • Router: – (internal, external): • A router is a device or software or hardware/software that determines the next network point to which a packet should be forwarded toward its destination. • Connect two networks that may not be similar • A router is connected to at least two networks and decides which way to send a packet based on its current understanding of the state of the networks. Information and Nework Security
Some Terminology • Gateway: – employs TCP/IP: • Acts between an internal network and external ones • Acts as an external router to allow two autonomous systems to cooperate in the exchange of routing information • Firewall – has 4 generic types: • Packet-filtering router(1): simple use by monitoring incoming IP packets and then forward or discard them • Application-level Gateway (2): proxy server, acts as a relay of application-level traffic – allow or deny certain services (telnet, ftp, etc) • Circuit-level Gateway(3): establishes two TCP connections: itself & inner TCP user; itself & outer TCP user. The firewall acts as a middle man to initially allow the outer user to talk to security server. It depends on if the outer user can negotiate with the security server or not the firewall will allow or deny the communication with the inner user • Bastion: serves as a platform for (2) & (3) – a critical security point in the network Information and Nework Security
Why look for security at IP level? • It is below Transport Layer => no need to change software at Application Layer • It is transparent to users => no need to train users • Can be used to enhance security when used with higher-level applications • Can enhance security of firewalls • Can provide better security for communications via untrusted networks Information and Nework Security
What can be done at IP? • Authentication: Allows the receiver to validate the identity of a sender, client/server machine or process. • Integrity: Provides assurance to the receiver that the transmitted data has not been changed. • Confidentiality: Preventing the unwanted disclosure of information during transit. Information and Nework Security
IPSec Architecture (borrowed from Stallings) Information and Nework Security
IPSec Architecture • IP Sec offers two principle elements: Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols • AH makes it possible to authenticate the sender of IP packets; determines the authentication algorithm to be used • ESP makes it possible to authenticate the sender and ensure confidentiality; determines the encryption algorithm to be used • Policy: determines if two entities will be able to communicate with each other • DOI: Contains identifiers for approved encryption and authentication algorithms, key lifetime parameters, etc. • Key management: involves the determination and distribution of secret keys Information and Nework Security
AH Format Contains data that guarantees authentication Borrowed from Stallings Information and Nework Security
ESP Format Borrowed from Stallings Information and Nework Security
IPSec modes • IPSec uses the two elements (AH & ESP) in two modes • Transport mode: • is typically used in peer-to-peer communications, especially for internal networks • the data packet is encrypted but the IP header is not. • Tunnel mode: • is used for remote access and site-to-site security • the entire packet (header & payload) is encrypted Information and Nework Security
Authentication with AH Before applying AH Borrowed from Stallings Information and Nework Security
Authentication with AH After applying AH Transport mode Borrowed from Stallings Information and Nework Security
Authentication with AH After applying AH Tunnel mode Borrowed from Stallings Information and Nework Security
Authentication & encryption with ESP • IPSec offers encryption using ESP • ESP can also include authentication service • ESP may be used with or without AH • Authentication service can also be provided Information and Nework Security
Authentication & encryption with ESP After applying ESP Transport mode Borrowed from Stallings Information and Nework Security
Authentication & encryption with ESP After applying ESP Tunnel mode Borrowed from Stallings Information and Nework Security
How does IPSec work? Security Association (SA) • Two nodes must have a shared key in advance • A system implements IPSec keeps a security association database (SADB) which stores Security Associations (SA) • The Security Association (SA) is a contract between two nodes on keys, algorithms, etc. It forms the basis for IPSec operations • If two hosts, A and B, are communicating using IPSec, both hosts will have two SAs, SA_in and SA_out for processing inbound and outbound packets respectively • SA_in of host A and SA_out of host B will share the same cryptographic parameters Information and Nework Security
How does IPSec work? Security Association Database (SADB) • Any system implements IPSec has a security association database • A sending system looks up its SADB before transmitting to an IP destination, let’s say X. • Information of X in SADB tells the system how to transmit to X • i.e: SPI, the key, algorithms, etc. • When receiving an IPSec packet, the receiving system uses the SPI of the received IPSec packet to find the entry in its SADB. The entry will tell the system which key, algorithm, etc. to use to process the packet. Information and Nework Security
How does IPSec work? • Two nodes exchange shared keys (either manually or automatically): • IKE (Internet Key Exchange) protocol • ISAKMP (Internet Security Association and Key Management Protocol) • Authentication is done by using a Secure Hash Algorithm (or message Digest – MD5) to generate authentication data that is inserted into AH • Encryption is done using some encryption algorithm (3DES, IDEA, etc) to generate ciphertext that is inserted into the Payload Data field of ESP Information and Nework Security
IPSec and Security at Other Layers • At levels lower than IP, data communication circuit or the entire network can be encrypted by specialised hardware • Authentication & encryption can be done at the level higher than IP, using: • Eg. SSH - authenticates remote logins • Eg. PGP - encrypts and authenticates mail messages • However, there are advantages to doing authentication & encryption at IP level (see next slide) Information and Nework Security
Advantages of enhancing security at IP level • IPSec is the most general way to provide security services to the Internet with less constrains • Higher-level security services may be less general and hence protect some single protocol (e.g: PGP protects mail) • Lowever-level services protect single medium (eg: a pair of encryption chips on the end of a line) • IPSec can, in general, protect any medium used below IP level and any protocol running above IP level Information and Nework Security
Benefits of IPSec • Enable business to rely heavily on the Internet and reduce its need for private networks => saving costs & network management • Provide secure network access over the Internet • An end-user whose system is equipped with IPSec can make a local call to ISP and gain secure access to her/his company • Provide secure communications between organisations by ensuring authentication and confidentiality • IPSec can be used to create secure tunnel through untrusted (especially the Internet) networks • Sites connected by these tunnels form Virtual Private Networks (VPN) Information and Nework Security
Benefits of IPSec • Packet authentication makes various attacks harder • address masquerading • address spoofing • IPSec tunnels can be very useful for secure remote administration • In a non-end-to-end service, IPSec can ensure that messages between a pair or a group of sites are encrypted Information and Nework Security
Some Limitations of IPSec • IPSec cannot provide end-to-end security as systems work at higher levels • e.g: if you need emails encrypted from the sender’s desktop and decrypt them at the receiver’s site) • Specific applications have particular requirements on security and IPSec does not provide all security services: • E.g: IPSec cannot provide total security for credit card payment systems Information and Nework Security
Is IPSec everything you need? • Cryptography alone is not enough • IPSec alone is not enough • E.g: IPSec cannot provide digital signature services • Many factors affect system security. • OS security • Data management • Key management • Correctness of implementationof algorithms • Proper system management • Human factors Information and Nework Security