IPSec

IPSec CPSC499 Information Security Management CPSC499 Information Security Management

Outline • Internet Protocol • Datagram format • IPv4 addressing • NAT • IPv6 • IPSec • Security Association (SA) • IPSec Base Protocol (AH, ESP) • Encapsulation Mode (transport, tunnel) • Key Management CPSC499 Information Security Management

Host, router network layer functions: • ICMP protocol • error reporting • router “signaling” • IP protocol • addressing conventions • datagram format • packet handling conventions • Routing protocols • path selection • RIP, OSPF, BGP forwarding table The Internet Network layer Transport layer: TCP, UDP Network layer Link layer physical layer CPSC499 Information Security Management

IP protocol version number 32 bits total datagram length (bytes) header length (bytes) type of service head. len ver length for fragmentation/ reassembly fragment offset “type” of data flgs 16-bit identifier max number remaining hops (decremented at each router) upper layer time to live Internet checksum 32 bit source IP address 32 bit destination IP address upper layer protocol to deliver payload to E.g. timestamp, record route taken, specify list of routers to visit. Options (if any) data (variable length, typically a TCP or UDP segment) IP datagram format how much overhead with TCP? • 20 bytes of TCP • 20 bytes of IP • = 40 bytes + app layer overhead CPSC499 Information Security Management

network links have MTU (max.transfer size) - largest possible link-level frame. different link types, different MTUs large IP datagram divided (“fragmented”) within net one datagram becomes several datagrams “reassembled” only at final destination IP header bits used to identify, order related fragments IP Fragmentation & Reassembly fragmentation: in: one large datagram out: 3 smaller datagrams reassembly CPSC499 Information Security Management

length =1500 length =1040 length =1500 length =4000 ID =x ID =x ID =x ID =x fragflag =0 fragflag =0 fragflag =1 fragflag =1 offset =0 offset =185 offset =0 offset =370 One large datagram becomes several smaller datagrams IP Fragmentation and Reassembly Example • 4000 byte datagram • MTU = 1500 bytes 1480 bytes in data field offset = 1480/8 CPSC499 Information Security Management

IP address: 32-bit identifier for host, router interface interface: connection between host/router and physical link router’s typically have multiple interfaces host may have multiple interfaces IP addresses associated with each interface 223.1.1.2 223.1.2.2 223.1.2.1 223.1.3.2 223.1.3.1 223.1.3.27 IP Addressing: introduction 223.1.1.1 223.1.2.9 223.1.1.4 223.1.1.3 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 CPSC499 Information Security Management

IP address: subnet part (high order bits) host part (low order bits) What’s a subnet ? device interfaces with same subnet part of IP address can physically reach each other without intervening router Subnets 223.1.1.1 223.1.2.1 223.1.1.2 223.1.2.9 223.1.1.4 223.1.2.2 223.1.1.3 223.1.3.27 LAN 223.1.3.2 223.1.3.1 network consisting of 3 subnets CPSC499 Information Security Management

Recipe To determine the subnets, detach each interface from its host or router, creating islands of isolated networks. Each isolated network is called a subnet. 223.1.1.0/24 223.1.2.0/24 223.1.3.0/24 Subnets Subnet mask: /24 CPSC499 Information Security Management

host part subnet part 11001000 0001011100010000 00000000 200.23.16.0/23 IP addressing: CIDR CIDR:Classless InterDomain Routing • subnet portion of address of arbitrary length • address format: a.b.c.d/x, where x is # bits in subnet portion of address CPSC499 Information Security Management

IP addresses: how to get one? Q: How does host get IP address? • hard-coded by system admin in a file • Wintel: control-panel->network->configuration->tcp/ip->properties • UNIX: /etc/rc.config • DHCP:Dynamic Host Configuration Protocol: dynamically get address from as server • “plug-and-play” (more in next chapter) CPSC499 Information Security Management

IP addresses: how to get one? Q: How does network get subnet part of IP addr? A: gets allocated portion of its provider ISP’s address space ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23 ... ….. …. …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23 CPSC499 Information Security Management

NAT: Network Address Translation rest of Internet local network (e.g., home network) 10.0.0/24 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 Datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual) All datagrams leaving local network have same single source NAT IP address: 138.76.29.7, different source port numbers CPSC499 Information Security Management

NAT: Network Address Translation • Motivation: local network uses just one IP address as far as outside word is concerned: • no need to be allocated range of addresses from ISP: - just one IP address is used for all devices • can change addresses of devices in local network without notifying outside world • can change ISP without changing addresses of devices in local network • devices inside local net not explicitly addressable, visible by outside world (a security plus). CPSC499 Information Security Management

NAT: Network AddressTranslation Implementation: NAT router must: • outgoing datagrams:replace(source IP address, port #) of every outgoing datagram to (NAT IP address, new port #) . . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr. • remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair • incoming datagrams:replace(NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table CPSC499 Information Security Management

2 4 1 3 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 1: host 10.0.0.1 sends datagram to 128.119.40, 80 2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 128.119.40.186, 80 D: 10.0.0.1, 3345 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 NAT: Network Address Translation NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… …… 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 3: Reply arrives dest. address: 138.76.29.7, 5001 CPSC499 Information Security Management

NAT: Network Address Translation • 16-bit port-number field: • 60,000 simultaneous connections with a single LAN-side address! • NAT is controversial: • routers should only process up to layer 3 • violates end-to-end argument • NAT possibility must be taken into account by app designers, eg, P2P applications • address shortage should instead be solved by IPv6 CPSC499 Information Security Management

IPv6 Header • Initial motivation: • 32-bit address space soon to be completely allocated. • Expands addresses to 128 bits • 430,000,000,000,000,000,000 for every square inch of earth’s surface! • Solves IPv4 problem of insufficient address space • Additional motivation: • header format helps speed processing/forwarding • header changes to facilitate QoS IPv6 datagram format: • fixed-length 40 byte header • no fragmentation allowed CPSC499 Information Security Management

IPv6 Header (Cont) Priority:identify priority among datagrams in flow Flow Label:identify datagrams in same “flow.” (concept of“flow” not well defined). Next header:identify upper layer protocol for data CPSC499 Information Security Management

Other Changes from IPv4 • Checksum:removed entirely to reduce processing time at each hop • Options: allowed, but outside of header, indicated by “Next Header” field • ICMPv6: new version of ICMP • additional message types, e.g. “Packet Too Big” • multicast group management functions CPSC499 Information Security Management

IPv6 Security – IPsec mandated • IPsec is mandated in IPv6 • This means that all implementations (i.e. hosts, routers, etc) must have IPsec capability to be considered as IPv6-conformant • When (If?) IPv6 is in widespread use, this means that IPsec will be installed everywhere • At the moment, IPsec is more common in network devices (routers, etc) than user hosts, but this would change with IPsec • All hosts having IPsec => real end-to-end security possible CPSC499 Information Security Management

IPv6 Security • Enough IP addrs for every imaginable device + Real end-to-end security= Ability to securely communicate from anything to anything CPSC499 Information Security Management

IPv6 Security – harder to scan networks • With IPv4, it is easy to scan a network • With tools like nmap, can scan a typical subnet in a few minutes • Returning list of active hosts and open ports • Many worms also operate by scanning • e.g. Blaster, Slammer • Attackers (& worms) scan for proxies, weak services and back doors see: http://www.insecure.org/nmap/ CPSC499 Information Security Management

IPv6 Security – harder to scan networks • With IPv6, sparse address allocation makes such brute force scanning impractical • It is 4 billion times harder to scan 1 IPv6 subnet than all of IPv4 • No more Blaster, Slammer, … • Use of “dense” address allocations makes it easier though CPSC499 Information Security Management

Transition From IPv4 To IPv6 Transition from IPv4 to IPv6 will take time: • Due to need to support legacy systems and applications, not all system can be upgraded simultaneously • Instead, organisations deploy IPv6 piecewise with pilot/experimental implementations first • Thus need for IPv4-IPv6 coexistence • Have dual-stack systems (supporting both v4 and v6) • Tunnelling used to deliver IPv6 packets over IPv4 networks • Tunneling: IPv6 carried as payload in IPv4 datagram among IPv4 routers known as “6to4” CPSC499 Information Security Management

Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data B A E F E A B F C D tunnel Logical view: IPv6 IPv6 IPv6 IPv6 Physical view: IPv6 IPv6 IPv6 IPv6 IPv4 IPv4 Src:B Dest: E Src:B Dest: E A-to-B: IPv6 E-to-F: IPv6 Tunneling B-to-C: IPv6 inside IPv4 D-to-E: IPv6 inside IPv4 CPSC499 Information Security Management

IP Security (IPsec) • Suite of protocols from Internet Engineering Task Force (IETF) providing encryption and authentication at the IP layer • Arose from needs identified in RFC 1636 • Specifications in: • RFC 2401: Security architecture • RFC 2402: Authentication • RFC 2406: Encryption • RFC 2408: Key management • Objective is to encrypt and/or authenticate all traffic at the IP level. CPSC499 Information Security Management

IP Security Issues • Eavesdropping • Modification of packets in transit • Identity spoofing (forged source IP addresses) • Denial of service • Many solutions are application-specific • TLS for Web, S/MIME for email, SSH for remote login • IPSec aims to provide a framework of open standards for secure communications over IP • Protect every protocol running on top of IPv4 and IPv6 CPSC499 Information Security Management

Typical Usage CPSC499 Information Security Management

IPSec Services • Data origin authentication • Confidentiality • Connectionless and partial sequence integrity • Connectionless = integrity for a single IP packet • Partial sequence integrity = prevent packet replay • Limited traffic flow confidentiality • Eavesdropper cannot determine who is talking • These services are transparent to applications above transport (TCP/UDP) layer CPSC499 Information Security Management

Major IPSec Components • Security Association (SA) Database • Each SA refers to all the security parameters of one communication direction • For two-way communications, at least two SAs are needed. • Two Protocols • AH – Authentication Header • ESP – Encapsulating Security Payload • Encryption only • Encryption with authentication • Two Encapsulation modes • Transport mode • Tunnel mode CPSC499 Information Security Management

Security Association (SA) • In order to communicate, each pair of hosts must set up SA with each other • Acts as virtual connection for which various parameters are set: • Type of protection • Algorithms • Keys • … • Simplex: a one way relationship between a sender and a receiver. • For either AH or ESP, but not both CPSC499 Information Security Management

Security Association (SA) • Each SA uniquely identified by: • Security Parameters Index (SPI) • 32-bit string assigned to this SA (local meaning only) • IP destination address of packets • May be end user system, or firewall or router • Security Protocol Identifier (e.g. AH, ESP) • For each IP packet, governing SA is identified by: • Destination IP address in packet header • SPI in extension header (AH or ESP) CPSC499 Information Security Management

Security Association (SA) • It contains all the security parameters needed for one way communication • Sequence number counter • Anti-replay window • Protocol (e.g. AH / ESP) • Transform mode (e.g. transport / tunnel mode / wildcard) • Protocol parameters (e.g. AES, 128-bit, CBC mode, SHA-1) • Lifetime of the SA • etc. CPSC499 Information Security Management

Two IPSec Base Protocols • Authentication Header (AH) • Provides message authentication and integrity check of IP data payload, but not confidentiality. • Also Provides authentication for as much of the IP header as possible. • Next header: TCP, UDP, etc. • Sequence Number: Starts at 1, never recycle (optional) CPSC499 Information Security Management

Two IPSec Base Protocols • Encapsulating Security Payload (ESP) • Provides confidentiality and authentication. Either is optional. • When not used, the NULL algorithm defined in RFC-2410 is used. • The authentication trailer must be omitted if not used. • Either encryption or authentication (or both) must be enabled (NULL-NULL is an invalid option) CPSC499 Information Security Management

Two Encapsulation Modes • IPsec defines two encapsulation modes for an IP packet • Transport • Tunnel Original IP TCP data IP packet header header Transport mode IP IPsec TCP data protected packet header header header Tunnel mode IP IPsec IP TCP data protected packet header header header header CPSC499 Information Security Management

Transport mode • Intercept Network layer packets Encrypt / Authenticate these packets preserving most of the original IP header • End-to-end security between two hosts • Typically, client to gateway (e.g., PC to remote host) • Requires IPSec support at each host CPSC499 Information Security Management

Tunnel Mode • Gateway-to-gateway security • Internal traffic behind gateways not protected • Typical application: virtual private network (VPN) • Only requires IPSec support at gateways CPSC499 Information Security Management

Tunnel Mode Illustration Implements IPSec Implements IPSec IPSec protects communication on the insecure part of the network CPSC499 Information Security Management

Tunnel mode • Intercept Network layer packets Encrypt / Authenticate these packets, while encapsulating the original IP packet entirely • Versatile and has many deployment modes • Host-to-host • Host-to-router (i.e. remote access) • Router-to-router (a.k.a. Gateway-to-gateway) CPSC499 Information Security Management

Tunnel mode(Router-to-router / Gateway-to-gateway) CPSC499 Information Security Management

Tunnel mode(Host-to-Router / Remote Access) CPSC499 Information Security Management

IPSec

IPSec

Presentation Transcript

IPSec

IPSec

IPSec

IPSec

IPSec

IPsec

IPSec

IPSec

IPsec

IPsec

IPSec

IPsec

IPSec

IPSec

IPsec