Post on 14-Nov-2014
description
Muhammad Nasir Mumtaz BhuttaCentre for Communication Systems Research
University of SurreyGuildford, Surrey
GU2 7XHEmail: m.bhutta@surrey.ac.uk,
Tel: 01483 68 3036
www.surrey.ac.uk
Multilayer Security Architecture for Internet
Protocol (ML-IPSec)
1 October, 2010
www.ee.surrey.ac.uk/CCSR2
• Demonstrate “Security Architecture for Internet Protocol” (IPSec) protection model.
• Highlight the limitations of IPSec. • Demonstrate the working or ML-IPSec. • Demonstrate the detailed experiment
plans.
Objectives
www.ee.surrey.ac.uk/CCSR3
Introduction
• Security Architecture for Internet Protocol (IPSec) provides security services at IP layer in protocol stack.
• All upper layers than IP layer can get security services without reengineering the applications.
• IPSec operates in two modes, tunnel and transport, to secure path(s) between communicating nodes.
www.ee.surrey.ac.uk/CCSR4
Path(s) Security
• Between Pairs of Gateways– Gateways need to implement IPSec.– Works in Tunnel Mode (complete IP
packet is protected & new IP header is appended).
– Different source and destination addresses in dual IP headers.
Protected Subnet
Tunnel EndpointGateway
Un Protected SubnetIPSec Tunnel
Tunnel EndpointGateway
Protected Subnet
www.ee.surrey.ac.uk/CCSR5
Path(s) Security
• Between Pair of Hosts– End nodes need to implement IPSec. – Works in Transport Mode (Upper layers
headers and IP data are protected). – IP addresses are unchanged.
Un Protected SubnetIPSec Tunnel OR Transport mode
Protected EndpointProtected Endpoint
www.ee.surrey.ac.uk/CCSR6
Path(s) Security
• Between Host and Gateway– Both end hosts and gateways implement
IPSec. – Usually works in tunnel mode to take
benefits of hiding external characteristics of communication.
Un Protected SubnetIPSec Tunnel
Protected Endpoint
Protected SubnetAND/ORInternet
Protected Endpoint
www.ee.surrey.ac.uk/CCSR7
Security Goals
• Access Control– Prevent unauthorized access to
resources. • Connectionless Integrity
– Check any modifications in IP datagram without caring about the arrival order of IP datagrams.
• Origin Authentication– Identify claimed source of data.
www.ee.surrey.ac.uk/CCSR8
Security Goals (continued..)
• Partial Sequence Integrity– Check for duplicate packets (Replay
attacks).• Data Confidentiality
– Protect against disclosure of data to unauthorized entities.
• Limited Traffic Flow Confidentiality – Protect external characteristics of
communications (e.g. source and destination addresses etc.).
www.ee.surrey.ac.uk/CCSR9
Major IPSec Components
• Security Policies– Provides rules for user access and control level.
• Security Protocols– Authentication Header (AH)
• Provides origin authentication, connectionless integrity and optional partial sequence integrity.
– Encapsulating Security Payload (ESP)• Provides all services provided by AH, data
confidentiality and limited traffic flow confidentiality as well.
www.ee.surrey.ac.uk/CCSR10
Major IPSec Components (continued..)
• Cryptographic Algorithms– Helps to achieve integrity and
confidentiality. • Key Management
– All security operations are provided by cryptographic means, so keys are required.
– Internet Key Exchange (IKE v2) is used to provide key management.
www.ee.surrey.ac.uk/CCSR11
Assumptions
• To achieve high quality of security services, certain assumptions need to be met: – Good implementation of IPSec.– Security is dependent on many things in
over all system (e.g. personnel & physical procedures, security policies etc.), so IPSec just play its role as a part.
– Good Implementation of Operating System (OS) security services.
www.ee.surrey.ac.uk/CCSR12
IPSec Components to Help in Achieving Security Goals
• Security Association (SA)– SA is a one way traffic secure
connection between communicating parties.
– For Bidirectional communication, two SAs are established.
– SA, providing actually all security services, is setup by IKE.
– Functionality is dependent upon security protocols, mode of IPSec working, endpoints of SA and chosen security services.
www.ee.surrey.ac.uk/CCSR13
IPSec Components to Help in Achieving Security Goals (continued..)
• Security Policy Database (SPD)– Stores security policies. – Provides information about security policy rules
to be applied.– At least one SPD implementation must be
supported in IPSec.– Three logical components
• SPD-Secure (S) contains rules for all IPSec protected traffic.
• SPD-Outbound (O) contains rules for all outbound traffic
• SPD-Inbound (I) contains rules for all inbound traffic or bypassed.
www.ee.surrey.ac.uk/CCSR14
IPSec Components to Help in Achieving Security Goals (continued..)
• Security Association Database (SAD)– Stores SAs. – Provides information about security
associations. – For outbound processing SAD is pointed by
SPD-S part. – For inbound processing SAD is pointed by SPD-I
part.• Peer Authorization Database (PAD)
– Stores information about links between SPD and SAD.
– Helps IPSec components in security services practice.
www.ee.surrey.ac.uk/CCSR15
IPSec Working & Role of IKE
• IKE helps in setup of security associations (SAs). – The functionality of all cryptographic protocols
is dependent on these SAs. – Control information exchange also requires SA
setup. • IKE provides this setup by message
exchanges. – IKE_SA_INIT, IKE_AUTH– IKE_CHILD_SA– Informational Exchanges
www.ee.surrey.ac.uk/CCSR16
IPSec Working & Role of ESP
• ESP provides origin authentication, connectionless and sequence integrity, data and limited traffic flow confidentiality.
• Security services are offered in three modes by ESP.– Confidentiality Only (may be supported) – Integrity Only (must be supported) – Confidentiality and Integrity (must be
supported)
www.ee.surrey.ac.uk/CCSR17
IPSec Working & Role of ESP (continued..)
• Data Confidentiality– Data confidentiality is provided via encryption.– Encryption scheme selection is dependent
upon SA out of various encryption algorithms. • Origin Authentication and Connectionless
Integrity – Integrity of IP datagram is validated via
Message Authentication Code (MAC). – Origin authentication is provided indirectly by
binding of the key with the holding entity (origin).
www.ee.surrey.ac.uk/CCSR18
IPSec Working & Role of ESP (continued..)
• Anti-Replay Service (Partial Sequence Integrity)– This is service to detect arrival of
duplicate packets. – Provides sequential integrity and may
be supported in ESP. • Limited Traffic Flow Confidentiality
– This service hides source and destination addresses and usually employed in Tunnel Mode.
www.ee.surrey.ac.uk/CCSR19
Limitations of IPSec
• IPSec follows very strict layering and protection model works end-to-end.
• With advancement in wireless technology according to characteristics of networks, certain cross-layer optimizations are performed.
• Some examples of wireless technology highlights the functionality of new network applications.
www.ee.surrey.ac.uk/CCSR20
Limitations of IPSec (continued..)
• Conflicts between IPSec and TCP PEPs– TCP PEPs work on two pieces of
information, TCP flow identification and sequence numbers.
– IPSec encapsulate whole TCP packet. • Traffic Analysis
– For functioning of upper layers, some information from headers is required at intermediate nodes.
– IPSec hides all upper layer headers.
www.ee.surrey.ac.uk/CCSR21
Limitations of IPSec (continued..)
• Traffic Engineering– Flow classification is essential in providing rich
classes of service and QoS (RED, RSVP). – The flow information present in upper layers
such ac TCP is hidden by IPSec. • Application Layer Agents/Proxies
– Some modern routers can serve the HTTP requests from their local cache in order to improve performance.
– They need information from upper layers like HTTP but, that is hidden by IPSec.
www.ee.surrey.ac.uk/CCSR22
Summary of IPSec Limitations and Conclusion
• All above defined mechanisms, try to access upper layers information for their working.
• IPSec works on end-to-end basis and encrypts all the upper layer information.
• So IPSec has basic functioning conflict with many intermediate devices.
• Need to resolve these issues for optimal performance.
www.ee.surrey.ac.uk/CCSR23
Problem Statement for ML-IPSec
• Develop a security scheme with below defined features:– Supports the services and applications
which have conflict with IPsec working. – Should grant trusted intermediate nodes
a secure, controlled and limited access to a selected portion of IP datagram.
– Should preserve the end-to-end security protection for user data.
www.ee.surrey.ac.uk/CCSR24
• Using a transport-layer security mechanism as an alternative to IPsec to provide security services.
• The transport-layer mechanism, such as secure sockets layer (SSL) or transport layer security (TLS) operates above TCP and works well with TCP PEP: – it encrypts the TCP data while leaving the TCP
header in unencrypted and unauthenticated form
• Limitations:– Vulnerable to traffic analysis attack– SSL/TLS only works on TCP but not on UDP so
the range of applications is limited
Approaches - Transport Layer Security
www.ee.surrey.ac.uk/CCSR25
• This approach tries to use transport layer security protocols, SSL/TLS, inside IPsec.
• SSL/TLS will protect the TCP data and IPSec will protect TCP header information
• Limitations:– wastage of resources because TCP data
will be encrypted twice by SSL/TLS and IPsec,
– IPsec still encrypts the whole TCP information including header and data part
Approaches – Tunnelling one security protocol
www.ee.surrey.ac.uk/CCSR26
• The transport-friendly ESP (TF-ESP) protocol format was proposed:– The TCP state information (such as flow
identifications and sequence numbers) are in a disclosure header outside the encryption scope, bbut authenticated.
• Limitations:– Vulnerable to traffic analysis attack– it does not work well with TCP spoofing
when a write access is needed
Approaches - Using a Transport Friendly ESP Format
www.ee.surrey.ac.uk/CCSR27
• IPsec protection can be applied twice, once between sender and security gateway and second time between security gateway and destination.
• Limitations:– It exposes the information to
intermediate nodes while confidentiality is only meant for end-to-end
Approaches – Splitting IPsec into Two Segments
www.ee.surrey.ac.uk/CCSR28
• ML-IPsec breaks the IP datagram into different parts and apply different security mechanisms on different parts:– one security mechanism for transport
header– different security mechanism for
application data• This approach allows the intermediate
nodes to co-exist with end-to-end IPsec
• Limitations:– More complex than IPsec
Approaches – Multi - Layer IP Security Protocol
www.ee.surrey.ac.uk/CCSR29
Standardization & Issues
• Many meetings were attended at IETF to present the idea of IPSec and internet draft was written.
• IETF Concerns: – Application domains is limited (Satellite
Networks only). – Implementation complexity is increased.
(shown feasible via implementation in IPSec).– Two more implementations required to prove
the points.• Key Management Complexity is major
issue.
www.ee.surrey.ac.uk/CCSR
Applications
30
www.ee.surrey.ac.uk/CCSR31
Principle of ML-IPSec Security Protection• Multilayer protection model:
• Divides IP datagram into zones
• Different protection schemes for different zones (e.g. SA, public/private keys, access control rules etc.)
www.ee.surrey.ac.uk/CCSR32
General Model of IPSec Processing
• .
MulticastKey Exchange
www.ee.surrey.ac.uk/CCSR33
Composite Security Association (CSA)
• Security Association
• one-way relationship between sender and receiver.
• defines set of parameters (e.g. sequence number, anti-replay window, lifetime of SA, Path MTU etc).
• Controls outbound, inbound processing.
www.ee.surrey.ac.uk/CCSR34
CSA Continued..
• CSA has two elements: – Zone Map: defines coverage of each
zone in IP datagram. – Zone List: is a list of all SAs for all zones.
(all stored in “Security Association Database (SAD)”).
www.ee.surrey.ac.uk/CCSR35
Zones and Zone Map• A zone is any portion of IP datagram under same
security protection.
• Entire IP datagram can be broken into zones.
• Zones can not overlap.
• A zone can be split into multiple sub zones (continuous part of IP datagram).
• A zone map is a mapping relationship between IP octets and zones.
• Remains Constant for a security relationship.
• zones that covers last part of IP datagram (data) should be variable according to size.
www.ee.surrey.ac.uk/CCSR36
Composite Security Association (CSA)
• Zone Map
• Zone List – In zone list area we show the SAs, their
parameters and access control.
www.ee.surrey.ac.uk/CCSR37
Zone List continued
• SA (designated)– Sequence Number Counter (64 bit)– Sequence Counter Overflow – Anti-Replay Window (64 bit)– Protocol mode (Transport or Tunnel)– Path MTU – Lifetime – Encryption algorithm (DES-CBC)– Encryption Key – Authentication algorithm (HMAC-MD5-32)– Authentication Key
www.ee.surrey.ac.uk/CCSR38
Outbound Processing (zone by zone)
Outbound: IP datagram
Zone map
Plain Text (masked and concatenated)
Encryption (using ESP)
Cipher Text (ESP)
Authentication
AH
ICV
SA
AH or ESP authentication data
ESP paylod data
www.ee.surrey.ac.uk/CCSR39
Inbound Processing (zone by zone)
Outbound: IP datagram
Zone map
Plain Text (masked and concatenated)
Decryption (using ESP)
Cipher Text (ESP)
Authentication
AH
ICV
SA
AH or ESP authentication data
ESP paylod data
www.ee.surrey.ac.uk/CCSR
ESP Header
• Security Parameter Index: Identifies Security Association (SA).
• Sequence Number: Counts the packet sent.
• Encrypted Payload Data for Zone: contains the encrypted payload data (IP payload data, padding, pad length, Next Header).
• Authentication Data for Zone: Contains the Integrity Check Values (ICV) for each zone.
40
www.ee.surrey.ac.uk/CCSR
Implementation and Evaluation
• Two different evaluations of ML-IPSec shall be performed. – Simulations based, to see the scalability
and reliability behaviour. • Impact of network bandwidth on
Performance ( SA establishment latency, TCP throughput and delay).
• Impact of different data packet size on performance and security protocol behaviour.
– Reference Implementation of ML-IPSec to see the overhead on real network. 41
www.ee.surrey.ac.uk/CCSR
Testbed Experiment Requirements
• Use Cases– IP Only: running standard IP with no security. – IPSec: running IPSec using ESP with
authentication mode enabled. – ML-IPSec (1 Zone) = IPSec– ML-IPSec (2 Zone) – ML-IPSec (3 Zones)
• The ML-IPSec experiment will be evaluated for processing delays, CPU overload and bandwidth overhead
42
www.ee.surrey.ac.uk/CCSR
Testbed Experiment Requirements
Processing Delay • The processing delay will
be measured by taking following parameters into consideration: – One Host pinging other– Packet size will be fixed. – Processing Time will be
evaluated.
Bandwidth Overhead– One host generate and
send packets as fast as it can and other counting after receiving.
– CPU speed will be fixed.
– Network speed will be fixed.
– Throughput and protocol overhead relationship will be studied
Comparing CPU Overload• For evaluation of CPU
overhead environment will be configured as given below: – One host generate and
send packets as fast as it can and other counting after receiving.
– CPU speed will be fixed. – Network speed will be
fixed. . – Throughput and CPU load
relationship will be studied.
43
www.ee.surrey.ac.uk/CCSR
ML-IPSec Testbed
• Current Status– Fedora 13
Installed– Computers are
configured as shown in diagram.
• Future Plans– Need to configure
network’s speed. – Need to configure
NIST Net according to requirements.
44
www.ee.surrey.ac.uk/CCSR
Simulations & Standalone Implementation Plans
• NIST has performed IPSec simulations as part of project “NIIST(NIST IPSec and IKE Simulation Tool”.
45
• SPD: Security Policy Database
• SAD: Security Association Database
• PF_Key: Generic Socket Key Management API
www.ee.surrey.ac.uk/CCSR
Simulations & Standalone Implementation Plans
46
www.ee.surrey.ac.uk/CCSR47
Conclusion
• Intermediate gateways can have access to partial IP datagram (e.g. TCP header) by partial keys.
• Can solve the conflict between IPSec and TCP PEPs being used in satellite networks.
• The current new and future networks can improve quality of service using fair queuing, differential services etc.
• IPSec problems are solved.