An Introduction to IPsec(1)

8/10/2019 An Introduction to IPsec(1)

http://slidepdf.com/reader/full/an-introduction-to-ipsec1 1/40

An Introduction To IPsec

Bezawada Bruhadeshwar,

International Institute of

Information Technology,Hyderabad



Overview of Presentation

Introduction The Internet Model and Threats olutions Possible

ecurity Measures at !arious "ayers IPsec# security at networ$ layer

How IPsec wor$s IPsec model Authentication Header

%nca&sulating ecurity Payload Internet 'ey %(change

"imitations of IPsec)onclusions



Introduction

Original *esign Model for Internet The model of Internet was made for a

more benign environment li$e acadaemia All data on Internet was free to all and

anyone could share or modify the data

ince the some eti+uette was being

observed by the limited Internetcommunity, security was hardly an issue

Internet has grown beyond acadaemia



Introduction contd-.

everal useful a&&lications have &rom&tedbusinesses to ma$e use of the Internet %-g-, Amazon-com, redi/-com, iciciban$-com0

Almost all conventional businesses now have a&rescence on the Internet

ome businesses only have Internet &rescence %-g-, %bay-com, Amazon-com, fabmall-com

everal social communities are built over theInternet %-g-, Or$ut-com, yahoo-grou&s, google grou&s



Introduction contd-.

In &resent scenario, Internet enables instanton1demand business by %stablishing communication lin$s with su&&liers

and business &artners By eliminating the need for costly wide area

networ$ dedicated lines %nabling remote access to cor&orate networ$s

using many available Internet service &roviders

One of the main stumbling bloc$s to achievethese bene2ts is lac$ of security besides,reliability, +uality of service among others.



Internet Threats

The varied nature of Internet users andnetwor$s has brought the security concern

To ratify the fears several threats havesurfaced, such as, Identity s&oo2ng

*enial of service

"oss of &rivacy "oss of data integrity

3e&lay attac$s



Internet Threats contd-.

Identity s&oo2ng %(ecuting transactions by mas+uerading

*enial of service

Preventing a service &rovider by 4ooding with fa$ere+uests for service

"oss of &rivacy %avesdro&&ing on conversations, database re&lies etc

"oss of data integrity

Modifying data in transit to disru&t a valid communication3e&lay attac$s 5sing older legitimate re&lies to e(ecute new and

malicious transactions



olutions to the Problems

)on2dentiality If data is encry&ted intruders cannot observe

Integrity Modi2cation can be detected

Authentication If devices can identify source of data then it is

di6cult to im&ersonate a friendly device &oo2ng , re&lay attac$s and denial of service can be

averted

The +uestion is where should such a solutionbe im&lemented in the &rotocol stac$7



tart 8ecessary

*igression0



Public1'ey )ry&togra&hy

A user generates two $eys# &ublic1$ey and &rivate1$ey &air

Public1$ey and &rivate1$ey &airs can be viewed as

mutually cancelling 9hat &ublic1$ey can encry&t only &rivate1$ey can decry&t

Public1$ey is $nown to everyone Anyone can send a message to the user using &ublic $ey

Private1$ey is secret

Only the user can decry&t with &rivate $ey%ncry&tion with &rivate is called digital signature )an be veri2ed but cannot be forged



Message Authentication

)odesA Message Authentication )ode algorithm is afamily of hash functions h$, &arametrized by asecret $, with &ro&erties#

Ease of computation# given a $ey $ and in&ut (, it is easyto com&ute h$(. Compression# h$ ma&s an in&ut of arbitrary length to an

out&ut of h$(. of bitlength n Computation-resistance# given zero or more te(t1MA)

&airs (i, h$(i.. it is com&utationally infeasible to

com&ute any te(t1MA) &air (, h$(.. for any new in&ut (If two users share a cry&togra&hic $ey they canuse it generate same MA) and hence, validateeach other



Recalling Protocol Stack

TCP, UDP

IP

Physical Layer

Link Layer

Application

H T T P

S M T P

F T P

S N

M P

N F

S

F T P

D N S



End Digression…



Security Measures at Different

Layers

Application Layer

Transport Layer

Network Layer

Data Link Layer

PGP, er!eros, SSH, etc"

SSL#Transport Layer Sec$rity %TLS&

IPsec

Har'ware encryption



Security Measures at Different

Layers (contd.)

A&&lication "ayer ecurity Im&lemented as a 5ser oftware 8o need to modify o&erating system or underlying

networ$ structure %ach a&&lication and system re+uires its own securitymechanisms

T" trans&ort layer security. is im&lement asuser1end software, and is &rotocol s&eci2c

"in$ layer security Im&lemented in hardware 3e+uires encry&tion decry&tion between every lin$ *i6cult to im&lement in Internet li$e scenario



IPsec# ecurity at IP "ayer

IPsec is a framewor$ of o&en standardsdevelo&ed by I%T: www-ietf-org, rfc;s <=>?1<=>@.

IPsec is below trans&ort layer and istrans&erant to a&&lications IPsec &rovides security to all tra6c &assing

through the IP layer

%nd users need not be trained on securitymechanisms, issued $eys or revo$ed

IPsec has the granularity to &rovide &er1usersecurity if needed



IPsec# ecurity at IP "ayercontd-.

IPsec has additional advantages of&rotecting routing architecture

IPsec can assure that a routeradvertisement is from an authorisedrouter

A routing u&date is not forged

A neighbor advertisement comesfrom an authroized router



IPsec ervices

Access control

)onnectionless Integrity

*ata origin authentication

3eection of re&layed &ac$ets

)on2dentiality

"imited tra6c 4ow con2dentiality



IPsec %(istence



IPsec %(istence contd-.

Protects data 4ow betweenamong Pair of hosts# end1to1end &rotection between two

users, inde&endent of a&&lications they are using

Pair of security gateways# A security gateway can bea router, 2rewall, &ro(y etc- ecures entire tra6cfromto the networ$

ecurity gateway and a host# secure remote accessto networ$ resources

Cranularity in I&sec Mode, choice of cry&togra&hic algorithms, &rotocols

9hich subsets of tra6c are a/orded &rotection



IPsec at a Clance

IPsec uses a combination of thefollowing techni+ues to &rovide itsservices *i6e1Hellman $ey e(change to establish

$eys between &eers %ncry&tion algorithms li$e *% to &rovide

con2dentiality 'eyed hash algorithms li$e M*D and HA1

? to &rovide message authentication



IPsec# 3oadma&

ecurity Association, ecurity Policy*atabase

IPsec &rotocol com&onentsIPsec modes

Authentication Header

%nca&sulating ecurity PayloadInternet 'ey %(change

)ommercial Instantiations



ecurity Association

A simple (one!"ay) relations#ip t#at affordssecurity ser$ices to t#e traffic carried %y it

&nly one ser$ice per SA ' A or ESP

o secure %i!directional traffic * SAs arere+uired

Specified %y Security parameters inde (SP,)-

destination ,P address Multiple SAs used %y same sourcerecei$er Multiple sources can use same SA



ecurity Policy *atabase

Defines policies for all ,P traffic passingt#roug# t#e interface

Protection offered %y ,Psec is %ased onre+uirements defined %y a security policydata%ase- SPD

Packets are selected for one of t#ree

processing actions %ased on ,P#eaderinformation- matc#ed against entries in SPD Actions'PR&E/- D,S/ARD- 01PASS



ecurity Policy *atabasecontd-.

Logical di$isions of SPD' SPD!S- SPD!

,- SPD!&

SPD!, (%ypassed or discarded)- entries t#atapply to t#e in%ound traffic

SPD!&(%ypassed or discarded)- entries

identifying out%ound traffic

SPD!S(secure traffic)- entries to lookup

SAs- create SAs-



IPsec com&onents

IPsec consists of two im&ortant &rotocolcom&onents The 2rst, de2nes the information that needs

to be added to the IP &ac$et to achieve there+uired services- These are classi2edfurther as Authentication Header and%nca&sulating ecurity Protocol

The second, Internet 'ey %(change, whichnegotiates security association between two&eers and e(changes $eying material



3ecalling Pac$et Headers Encapsulation of Data for Network Delivery

Original

Message

Data 3Header 3

Data 2Header 2

Transport Layer

(TCP, UDP)

Network Layer

(P)

Data !Header !

"ppli#ation Layer

Data Link

Layer



IPsec Modes

IPsec can o&erate in two modes Trans&ort Mode

Only IP &ayload is encry&ted

IP headers are left in tact

Adds limited overhead to the IP &ac$et

Tunnel%ntire IP &ac$et is encry&ted

8ew IP headers are generated for this&ac$et

Trans&erant to end1users



IPsec modes contd-. Trans&ort Mode# &rotect the u&&er layer&rotocols

P

Header

TCP

Header

Data(ri)inal IP

Data)ra*

P

Header

TCP

Header

P$e#

Header

DataTransport Mo'e

protecte' packet

Tunnel Mode# &rotect the entire IP &ayload

T$nnel Mo'e

protecte' packet

New P

Header

TCP

Header

P$e#

Header

DataOriginal P

Header

protected

protected



Authentication Header

This information is added to theheader to &rovide the followingservices# Access control, connectionless integrity,

data origin authentication, reection ofre&layed &ac$ets

Information added are#e+uence number =E1bit.

Integrity chec$ value variable, multi&le of=E1bits.



Authentication Headercontd-.

Anti1re&lay attac$s 3ange of se+uence numbers for session is E=E1

?

e+uence numbers are not reused

Integrity )hec$ !alue I)!. 'eyed MA) algorithms used# A%, M*D, HA1?

MA) is calculated over immutable 2elds intransit sourcedest- addr, IP version, headerlength, &ac$et length.



%nca&sulating ecurityPayload

Three ty&es of services )on2dentiality only

Integrity only )on2dentiality and integrity

Anti1re&lay service

"imited tra6c 4ow con2dentiality



%P contd-.

Header 2elds ecurity &arameters inde( =E1bit.

e+uence number =E1bit. %ncry&ted &ayload variable.F&adding>1EDD

bytes. com&uted over u&&er layer segmenttrans&ort mode. or entire &ac$et tunnelmode.

T:) &adding o&tional, variable. Integrity chec$ value1I)! variable, o&tional.,

com&uted over %P header all above data.



%P contd-.

Most &ur&oses %P is su6cient toachieve both con2dentiality and integrity-

ome auditable events by IPsec are# Invalid A

Processing fragmented &ac$et

Transmitting &ac$et which can cause

se+uence number over4ow 3eceived &ac$et fails anti1re&lay

Integrity chec$ fails



Internet 'ey %(change

I'%.I'% creates authenticated securechannel between two &eers and

then, negotiates APhases of I'% Authentication

'ey %(change %stablishing A



Authentication

Two &eers in IPsec need to identify eachother- :orms of authentication # Pre1shared $eys# same $eys are &re1installed

and authentication is done e(changing $nowndata *ecry&tion re+uires same $ey and hence, only valid

receivers can recover data

Public $ey cry&togra&hy# 8onces aree(changed using other user;s &ublic1$ey andre&lies are chec$ed for veri2cation Public1$ey to encry&t, Private1$ey to decry&t



I'% and IPsec



"imitations

Security implemented %y A and ESP

ultimately depends on t#eir implementation

&perating en$ironment affects t#e "ay ,Psecsecurity "orks

Defects in &S security- poor random num%er

generators- misconfiguration of protocols- can

all degrade security pro$ided %y ,Pssec.



)ry&togra&hic tandards for %P GI'%

%nca&sulating ecurity Payload %P encry&tion# Tri&le*% in )B) mode 3:)E<D?

%P integrity # HMA)1HA?1JK 3:)E<><

I'% and I'%vE %ncry&tion # Tri&le*% in )B) mode 3:)E<D?

Pseudo1random function# HMA)1HA? 3:)E?><

Integrity # HMA)1HA?1JK 3:)E<><

*i6e1Hellman grou&# ?>E<1bit Modular %(&onentialMO*P. 3:)E<>J



)onclusions

IPsec &rovides a method for creating secure&rivate networ$s over &ublic networ$s

A&&lications, o&erating systems need not be

changed Im&lementation can be limited to secure

gateways

everal &roducts based on IPsec are

commercially de&loyed5sers can even enable and use IPsec ontheir machines

An Introduction to IPsec(1)

Documents

Transcript of An Introduction to IPsec(1)