1 / 32

PIS : Unit IV IPSec

PIS : Unit IV IPSec. Sanjay Rawat Sanjay_r@vnrvjiet.in. Based on the slides of Lawrie Brown & M. Lindner, together with the book “Cryptography and Network Security” by William Stalling. IPSec. general IP Security mechanisms provides authentication confidentiality key management

trinh
Télécharger la présentation

PIS : Unit IV IPSec

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PIS: Unit IVIPSec Sanjay Rawat Sanjay_r@vnrvjiet.in Based on the slides of LawrieBrown & M. Lindner,together with the book “Cryptography and Network Security” by William Stalling. PIS Unit 4 IPSec Sanjay Rawat

  2. IPSec • general IP Security mechanisms • provides • authentication • confidentiality • key management • applicable to use over LANs, across public & private WANs, & for the Internet PIS Unit 4 IPSec Sanjay Rawat

  3. IPSec Uses PIS Unit 4 IPSec Sanjay Rawat

  4. Benefits of IPSec • Firewall/router: provides strong security to all traffic crossing the perimeter • It is below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users • Sense of owing private network! PIS Unit 4 IPSec Sanjay Rawat

  5. Applications of IPSec • Secure branch office connectivity over the Internet • Secure remote access over the Internet • Establishing extranet and intranet connectivity with partners • Enhancing electronic commerce security PIS Unit 4 IPSec Sanjay Rawat

  6. IP Security Architecture • specification is quite complex • defined in numerous RFC’s • incl. RFC 2401/2402/2406/2408 • many others, grouped by category • mandatory in IPv6, optional in IPv4 • have two security header extensions: • Authentication Header (AH) • Encapsulating Security Payload (ESP) PIS Unit 4 IPSec Sanjay Rawat

  7. Seven-group Documents PIS Unit 4 IPSec Sanjay Rawat

  8. IPSec Services PIS Unit 4 IPSec Sanjay Rawat

  9. Requirements- Why? • Authentication and encryption techniques require that sender and receiver agree on • a key or keys • an authentication or encryption algorithm • other parameters e.g. lifetime of a key • Set of agreements forms • a security association between sender and receiver • If a packet is received • it can be verified or decrypted if the receiver can link it with the context of a security association • Security Parameter Index (SPI) field of AH or ESP headers is used as such a link • value negotiated as part ofthekey-exchange procedure PIS Unit 4 IPSec Sanjay Rawat

  10. Security Associations • a one-way relationship between sender & receiver that affords security for traffic flow • defined by 3 parameters: • Security Parameters Index (SPI) • IP Destination Address (end-use or gateway) • Security Protocol Identifier (AH or ESP?) • SA define the policy used between the peers for certain traffic flows • Traffic (Peers Identity, Access List) • Header (AH or ESP) • Algorithms (For authentication and encryption) • Keys • These are maintained in binary format in the memory of a peer’s computing engine • as the Security Association Database (SAD)

  11. SA parameters • Security Policy Database (SPD): specifies what services are to be offered to IP datagrams (inbound/outbound) and in what fashion • Security Association Database (SAD): defines the parameters associated with each SA • Sequence Number Counter • Sequence Counter Overflow • Anti-Replay Window • AH/ESP Information • Lifetime of This Security Association • IPSecProtocol Mode • Path MTU PIS Unit 4 IPSec Sanjay Rawat

  12. SA Modes • Transport mode SA : only IP payload is encrypted/authenticated. • Tunnel mode SA: Entire IP packet (header+payload) is encapsulated under another IP header. PIS Unit 4 IPSec Sanjay Rawat

  13. Tunnel vs transport mode PIS Unit 4 IPSec Sanjay Rawat

  14. SA Example • SAs are unidirectional • Thus multiple SAs are typically established between two peers • One SA per direction and so called transform ( AH or ESP method) • Security policies can be totally asymmetric ! • Identified by the Security Parameter Index (SPI) and peer's IP address • SPI is a 32-bit value PIS Unit 4 IPSec Sanjay Rawat

  15. Authentication Header (AH) • provides support for data integrity & authentication of IP packets • end system/router can authenticate user/app • prevents address spoofing and replay attacks • based on use of a MAC • HMAC-MD5-96 or HMAC-SHA-1-96 • parties must share a secret key

  16. AH limitations • AH does not provide: • non-repudiation • because of usage of secret-keys (shared keys) for HMAC or MAC (note: a real Digital Signature needs usage of public-key technique by signing a message with the private-key) • confidentiality (encryption) • authentication for IP fragments • therefore IP fragments must be assembled before authentication is checked (better avoid it by MTU path discovery) PIS Unit 4 IPSec Sanjay Rawat

  17. Authentication Header

  18. Header fields • Next Header (8 bits): • indicates the next header, following the AH header • Example values allowed as protocol field in IPv4 header: IP in IP (4), TCP (6), UDP (17), ICMP (1), OSPF (89), etc • Payload Length: • length of AH header: number of 32-bit words • Security Parameter Index: • a 32-bit number identifying (together with IP destination address) the security association for this IP datagram • SPI value 0 is reserved for local implementation specific use and must not be sent on the wire PIS Unit 4 IPSec Sanjay Rawat

  19. Header fields • Sequence number: • monotonically increasing counter value (mandatory and always present) defined in RFC 2085 • prevention against replay attacks enabled by default • mandatory for transmitter but the receiver need not act upon it • every new SA resets this number to zero (thus first packet= 1), no cycling: after sending the 232nd packet, a new SA must be established • RFC 4302 allows usage of 64 bit sequence numbers PIS Unit 4 IPSec Sanjay Rawat

  20. Header fields • Authentication Data: • contains Integrity Check Value (ICV) • all fields behind AH header plus predictable field of IP header before AH • the algorithm for authentication is free and must be negotiated • mandatory default calculation of the authentication data must be supported • HMAC with keyed-MD5 (RFC 2403), 128 bit secret-key • HMAC with keyed-SHA-1 (RFC 2404), 160 bit secret-key • alternative • DES-CBC based MAC • non-repudiation (IP datagram signing) is not supported! PIS Unit 4 IPSec Sanjay Rawat

  21. Header Field • The MAC is calculated over • IP header fields that either do not change in transit (immutable) or that are predictable in value upon arrival at the endpoint for the AH SA. Fields that may change in transit and whose value on arrival are unpredictable are set to zero for purposes of calculation at both source and destination. • The AH header other than the Authentication Data field. The Authentication Data field is set to zero for purposes of calculation at both source and destination. • The entire upper-level protocol data, which is assumed to be immutable in transit (e.g., a TCP segment or an inner IP packet in tunnel mode). PIS Unit 4 IPSec Sanjay Rawat

  22. AH position Tunnel Mode PIS Unit 4 IPSec Sanjay Rawat

  23. Transport & Tunnel Modes

  24. Encapsulating Security Payload (ESP) • ESP provides: • confidentiality (encryption of payload with secret-key algorithm) • replay detection and protection via sequence number (optional) • IP datagram sender authentication by HMAC (optional) • IP datagram integrity assurance by HMAC (optional) • ESP does not provide • key distribution • encryption of IP fragments • therefore IP fragments must be assembled before decryption PIS Unit 4 IPSec Sanjay Rawat

  25. ESP Header PIS Unit 4 IPSec Sanjay Rawat

  26. ESP Header • SPI and Sequence Number: • used for same functions as in the AH header • defining SA and prevention of replay attack • these are the only fields of ESP transmitted in cleartext • RFC 4303 allows usage of 64 bit sequence numbers • Payload Field of ESP is encrypted • actual format depends on encryption method • e.g. location of Initialization Vector(IV) for DES-CBC • note: in such a case every IP datagram must contain an IV because IP datagram's may arrive out of sequence PIS Unit 4 IPSec Sanjay Rawat

  27. ESP header • Padding Field • is used to fill the plaintext to the size required by the encryption algorithm (e.g. the block size of a block cipher) • is used to align 4 byte boundaries • Pad Length • pointer to end of data • Next Header • identifies the type of data contained in the Payload Data Field, e.g., an extension header in IPv6 or an upper layer protocol identifier • same values allowed as protocol field in IPv4 header PIS Unit 4 IPSec Sanjay Rawat

  28. ESP Encryption methods • Mandatory default transformation of the data • DES-CBC (Data Encryption Standard - Cipher Block Chaining) • parameter field contains Initialization Vector (IV) field • Triple-DES, Blowfish, IDEA, RC5 and AES as alternative • see RFC 2451 • An ESP “Null” algorithm must be supported • see RFC 2401 • see RFC 2410 where it is praised for ease of implementation, great speed and simplicity ;-) • Optional authentication • HMAC with keyed-MD5 or HMAC with keyed-SHA-1 PIS Unit 4 IPSec Sanjay Rawat

  29. Transport vs Tunnel Mode ESP • transport mode is used to encrypt & optionally authenticate IP data • data protected but header left in clear • good for ESP host to host traffic • tunnel mode encrypts entire IP packet • add new header for next hop • good for VPNs, gateway to gateway security

  30. ESP IP Packets Transport mode Tunnel mode PIS Unit 4 IPSec Sanjay Rawat

  31. Combining Security Associations • SA’s can implement either AH or ESP • to implement both need to combine SA’s • form a security association bundle • may terminate at different or same endpoints • combined by • transport adjacency • iterated tunneling • issue of authentication & encryption order

  32. Combining Security Associations

More Related