IP Security: Security Across the

Protocol Stack

IP Security

• There are some application specific security mechanisms– eg. S/MIME, PGP, Kerberos, SSL/HTTPS

• however there are security concerns that cut across protocol layers

• would like security implemented by the network for all applications

What is IPSec?• A collection of tools and algorithms

(protocols) for securing network connections

• The protocol is designed so as to provide network level security for IPv4 and IPv6 datagrams

• General IP security mechanisms

• applicable to use over LANs, across public & private WANs, & for the Internet

• It provides - authentication

– confidentiality– key management

Services Provided by IPsec• Authentication – ensure the identity of an

entity

• Confidentiality – protection of data from unauthorized disclosure

• Key Management – generation, exchange, storage, safeguarding, etc. of keys in a public key cryptosystem

Benefits of IPSec• If implemented in a firewall/router it

provides strong security to all traffic crossing the perimeter

• IPSec in firewall is resistant to bypass

• IPSec is below transport layer, hence transparent to applications. No need to change software on a user or server system

• IPSec can be transparent to end users

• IPSec can provide security for individual users if desired

IPSec Scenario

IP Security Architecture

• specification is quite complex

• defined in numerous RFC’s– incl. RFC 2401/2402/2406/2408– many others, grouped by category

• mandatory in IPv6, optional in IPv4

Where can IPSec be used

• These protocols can operate in

– networking devices,

• such as a router or firewall

– or they may operate directly on the workstation or server.

How can IPSec be used

• Secure Communications between devices

– Workstation to Workstation

– Protection against data changes

• Accidental or Intentional

– Contents can be hidden

• Secure communicatoins through IPSec tunnels

IPSec• IPSec provides security services at IP

layer by three main facilities

– An authentication-only function,

• Referred to as Authentication Header (AH)

– A combined authentication/ encryption function

• Called Encapsulating Security Payload (ESP)

– A key exchange function.

• Internet key exchange IKE (ISAKMP / Oakley)

IPSec Services

• Access control

• Connectionless integrity

• Data origin authentication

• Rejection of replayed packets– a form of partial sequence integrity

• Confidentiality (encryption)

• Limited traffic flow confidentiality

Security Associations• a one-way relationship between sender &

receiver that affords security services to the traffic carried on it

• A SA is an agreement between two communicating hosts on the IPSEC protocol used (i.e. AH/ESP), cryptographic algorithm used, mode of operation of protocols, cryptographic keys and lifetime of the keys

• Uniquely identified by 3 parameters:– Security Parameters Index (SPI)– IP Destination Address– Security Protocol Identifier

• have a database of Security Associations– Security Associations Database (SAD)

• has a number of other parameters– seq no, AH & EH info, lifetime etc.

• If a peer relationship is needed, for two-way secure exchange, then two security associations are required

• The SA is negotiated between peers using a Key Management Protocol namely Internet Key Exchange Protocol (IKE).

• The peers maintain a SA database (SAD) with a list of all active SA entries.

Security Associations

Security Associations (SA)

• Security Parameters Index (SPI)

– The SPI is a bit string assigned to the SA that has local significance only.

– The SPI is carried in AH and ESP headers to enable the receiving system to select the SA under which a received packet will be processed.

Security Associations (SA)

• IP destination address

– The IP address of the destination endpoint of the SA

• May be an end-user system

• Or, a network system such as a firewall or router.

– Currently, only unicast addresses are allowed

Security Associations (SA)

• Security Protocol Identifier

– Indicates which IPSec protocol is in use on the SA

• AH (Authentication only)

• ESP (complete encryption and possibly Authentication)

Transport vs. Tunnel Mode• The transport mode is the default mode for

IPSEC. • In transport mode only the IP payload is

encrypted or authenticatedProtection for upper layers-TCP,UDP,ICMP)

• whereas in tunnel mode IPSEC encrypts(or hashes) the IP header with the payload.

• Transport mode can be used to encrypt traffic between end-to-end clients (client-server, 2 workstations)

• whereas tunnel mode would be used to encrypt traffic between gateways connecting different networks

Authentication Header (AH)

• provides support for data integrity & authentication of IP packets– end system/router can authenticate user/app– prevents address spoofing attacks by tracking

sequence numbers

• based on use of a MAC– HMAC-MD5-96 or HMAC-SHA-1-96

• parties must share a secret key

Authentication Header

• Next Header (8 bits)  Type of the next header, indicating what upper-layer protocol was protected. The value is taken from the list of IP protocol numbers.

• Payload Len (8 bits)  The length of this Authentication Header in 4-octet units, minus 2 (a value of 0 means 8 octets, 1 means 12 octets, etc.). Although the size is measured in 4-octet units, the length of this header needs to be a multiple of 8 octets if carried in an IPv6 packet. This restriction does not apply to an Authentication Header carried in an IPv4 packet.

• Reserved (16 bits)  Reserved for future use (all zeroes until then). • Security Parameters Index (32 bits)  Arbitrary value which is used

(together with the source IP address) to identify the security association of the sending party.

• Sequence Number (32 bits)  A monotonically increasing sequence number (incremented by 1 for every packet sent) to prevent replay attacks.

• Integrity Check Value (multiple of 32 bits)  Variable length check value. It may contain padding to align the field to an 8-octet boundary for IPv6, or a 4-octet boundary for IPv4

IPSec Authentication Header (AH)in Transport Mode

DataDataTCP HdrTCP HdrOrig IP HdrOrig IP Hdr

DataDataTCP HdrTCP HdrAH HdrAH HdrOrig IP HdrOrig IP Hdr

Next HdrNext Hdr Payload LenPayload Len RsrvRsrv SecParamIndexSecParamIndex Keyed HashKeyed Hash

Integrity hash coverage (except for mutable fields in IP hdr)Integrity hash coverage (except for mutable fields in IP hdr)

Seq#Seq#

24 bytes totalAH is IP protocol 51

Insert

© 2000 Microsoft Corporation

IPSec AH Tunnel Mode

DataDataTCP HdrTCP HdrOrig IP HdrOrig IP Hdr

Integrity hash coverage (except for mutable new IP hdr fields))

IP HdrIP Hdr AH HdrAH Hdr DataDataTCP HdrTCP HdrOrig IP HdrOrig IP Hdr

New IP header with source & destination IP address

© 2000 Microsoft Corporation

Transport & Tunnel Modes

Encapsulating Security Payload (ESP)• Must encrypt and/or authenticate in each

packet

• ESP a bit more complicated because the encapsulation surrounds the payload rather than precedes it as with AH: ESP includes header and trailer fields to support the encryption and optional authentication

• Encryption occurs before authentication

• Authentication is applied to data in the IPSec header as well as the data contained as payload

Encapsulating Security Payload (ESP)

• provides message content confidentiality & limited traffic flow confidentiality

• can optionally provide the same authentication services as AH

• supports range of ciphers, modes, padding– incl. DES, Triple-DES, RC5, IDEA, CAST etc– CBC most common– pad to meet blocksize, for traffic flow

Encapsulating Security Payload

IPSec Encapsulating Security Payload (ESP) in Transport Mode

DataDataTCP HdrTCP HdrOrig IP HdrOrig IP Hdr

DataTCP HdrESP HdrOrig IP HdrOrig IP Hdr ESP Trailer ESP Auth

Usually encryptedUsually encrypted

integrity hash coverageintegrity hash coverage

SecParamIndexSecParamIndex

Padding Padding PadLengthPadLength NextHdrNextHdr

Seq#Seq# Keyed HashKeyed Hash

22-36 bytes total

InitVectorInitVector

ESP is IP protocol 50

Insert Append

© 2000 Microsoft Corporation

IPSec ESP Tunnel Mode

DataDataTCP HdrTCP HdrOrig IP HdrOrig IP Hdr

ESP AuthESP Auth

Usually encryptedUsually encrypted

integrity hash coverageintegrity hash coverage

DataDataTCP HdrTCP HdrESP HdrESP Hdr IP HdrIP HdrIPHdrIPHdr

New IP header with source & destination IP address

© 2000 Microsoft Corporation

ESP TrailerESP Trailer

Transport vs Tunnel Mode ESP

• transport mode is used to encrypt & optionally authenticate IP data– data protected but header left in clear– can do traffic analysis but is efficient– good for ESP host to host traffic

• tunnel mode encrypts entire IP packet– add new header for next hop– good for VPNs, gateway to gateway security

Key Management

• handles key generation & distribution• typically need 2 pairs of keys

– 2 per direction for AH & ESP

• manual key management– sysadmin manually configures every system

• automated key management– automated system for on demand creation of

keys for SA’s in large systems– has Oakley & ISAKMP elements