Post on 02-Jan-2016
description
IP Security
Outline
Introduction IP security Overview IP security Applications IP security Scenario IP security Benefits IP security Architecture Security Associations Combinations of SA’s Key Exchange Management
Basic Objective: Secure IP
Should achieve the following: Disallow links to un-trusted sites. Encrypt packets that leave the
premises. Authenticate packets that enter the
premises.
IP-Level Security
Consists of three aspects:
Authentication: insures that the received packet was transmitted by the party identified in the header.
Confidentiality: Enables communicating nodes to encrypt messages.
Key management: secure key exchange.
An Overview of IP
Internet Protocol (IP): “Provides the facilities for inter-
connecting end systems across multiple networks.”
Implemented in:1. Each end system and2. Routers of the networks. Routers must cope with heterogeneous networks.
Overview of IP
IP provides unreliable service. No guarantee that all data packets will be
delivered. Delivered packets may arrive in wrong order.
Higher layer (TCP) must recover from any errors.
Provides great deal of flexibility: No reliability requirements of
subnets. Packets can follow different paths.
An Overview of IP
Operation of IP://The next slides shows the
architecture of TCP/IP suite.//Example: “End system X wants to send a data
packet to end system Y.”
TCP/IP Example
IP Security Overview
IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
Applications of IPSec
Secure branch office connectivity over the Internet: A company can build a secure virtual private network over the Internet or over a public WAN. This enables a business to rely heavily on the Internet and reduce its need for private networks, saving costs and network management overhead.
Secure remote access over the Internet: An end user whose system is equipped with IP security protocols can make a local call to an Internet Service Provider (ISP) and gain secure access to a company network. This reduces the cost of toll charges for traveling employees and telecommuters.
Application of IPSec
Establishment of extranet and intranet connectivity with partners: IPSec can be used to secure communication with other organizations, ensuring authentication and confidentiality and providing a key exchange mechanism.
Enhancement of electronic commerce security: Most efforts to date to secure electronic commerce on the Internet have relied upon securing Web traffic with SSL since that is commonly found in Web browsers and is easy to set up and run. There are new proposals that may utilize IPSec for electronic commerce.
Applications of IP Security
IPSec can encrypt and authenticate all traffic at IP level.
Distributed applications (like remote login, client-server interaction, e-mail, file transfers, web accesss etc.) can be secured.
An IP Security Scenario
Suppose an organization maintains LANs at several dispersed locations.-Within each LAN, IP traffic is not secured.-For Inter-LAN traffic (over the Internet or a WAN), IPSec protocols are used.
An IP Security Scenario...
IPSec protocols operate in networking devices that connect a LAN to Internet.
(like router) Encrypt all traffic leaving a LAN and
decrypt traffic incoming to a LAN.▪ IPSec operations are transparent to
workstations and servers.▪ Secure transmission also possible with
individual users.// User workstation must implement IPSec
protocols//
IP Security Scenerio
Benefits of IP Security
Transparent to applications (below transport layer (TCP, UDP).
//no need to change software on end systems.//
-IPSec can be transparent to end users.//no need to train end users on security
mechanisms.// Provide security for individual users.
Benefits of IP Security
IPSec plays an important role in routing.
IPSec can assure that: A router or neighbour advertisement
comes from an authorized router A redirect message comes from the
router to which the initial packet was sent
A routing update is not forged
IP Security Architecture
1. Architecture: Covers general concepts, security requirements, etc.
2. Encapsulating Security Payload (ESP): Covers the issues of packet encryption.
3. Authentication header (AH): Cover issues of packet authentication
IP Security Architecture
4.Encryption Algorithms: how various encryption algos are used for ESP.
5. Authentication Algorithms: How various authentication algorithms are used for AH and authentication option of ESP.
6. Key Management: Documents that describe key management.
7. Domain of Interpretation (DOI): Defines payload formats, exchange types, and conventions for naming security
Architecture
IPSec Services
IPSec uses two protocols to provide security:
1. Authentication Header (AH): an authentication protocol.
2. Encapsulating Security Payload (ESP): a combined encryption and authentication protocol.
IPSec Services
Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiallity
Security Associations (SA) A simplex (uni-directional) logical
connection, created for security purposes. A one-way relationship between a sender and
a receiver. For a two-way secure exchange, two security
associations are required. Identified by three parameters:
Security Parameter Index (SPI): A bit string assigned to this SA.
//Used by receiver to select the SA.//
Security Associations (SA)
IP Destination Address: The address of the destination endpoint
of SA.//may be an end user system, a firewall or a
router//
Security Protocol Identifier: Indicates if the association is an AH or
ESP security association.
Modes Of Operations
AH and ESP support two modes of operations:
Transport Tunnel.
Transport Mode:
Protection extends to the payload of an IP packet.
Used for end-to-end communication between two hosts (client and server, or two workstations).
Modes Of Operations
Tunnel Mode:
Provides protection to the entire IP packet.
After AH or ESP fields are added, the entire packet plus security fields are treated as a payload of a new IP packet.
A new IP header is attached.
Tunnel vs. Transport
Authentication Header
Provides support for:1. Data integrity of a packet.
Modification to packets while in transit are not possible.
2. Authentication of a packet. End system can verify the sender. Prevents address spoofing attacks.
3. Also guards against replay attacks.
Encapsulating Security Payload
1. Provides confidentiality services. Confidentiality of the packet.
2. Provides limited authentication service. Authenticates the payload but not the
header.
3. Also provides limited traffic confidentiality.
Combination of SAs
Four basic combinations.
Case 1: All security is provided between end
systems. End systems share appropriate secret
keys.
Combination of SAs
Combination of SAs
Case 2: Security is implemented only between
gateways (routers, firewalls). End hosts do not implement IPSec. A single tunnel SA is established
between the gateways. Could support AH, ESP, and ESP with
authentication.
Combination of SAs
Combination of SAs
Case 3: End-to-end security is added to Case 2. Besides a tunnel SA, the end hosts may
have one or more SAs. Gateway-to-gateway tunnel provides
authentication or confidentiality to traffic between end systems.
End systems can implement additional security using end-to-end SAs.
Combination of SAs
Combination of SAs
Case 4: A tunnel mode exists between a host
and a firewall. Can be used by remote host to reach the
firewall and gain access to a server or workstation behind the firewall.
Combination of SAs
Key Exchange Management Handles key generation &
distribution Typically need 2 pairs of keys
2 per direction for AH & ESP Manual key management
System admin manually configures every system
Automated key management automated system for on demand
creation of keys for SA’s in large systems has Oakley & ISAKMP elements
Questions???