Transcript Document
IPsec
18.1 Introduction
18.2 Security associations
18.3 Internet Security Association and Key Management
Protocol (ISAKMP)
18.4 Internet Key Exchange (IKE)
18.5 Encapsulated Security Payload (ESP)
18.6 Summary
18.1 Introduction
Internet Protocol Security (IPsec) provides for various
security services on the IP layer, in IPv4 as well as
IPv6, thus offering protection for protocols in the upper
layers
IPsec is typically used to secure communications
between hosts and security gateways
The set of security services that IPsec provides
includes
access control
data integrity protection
data origin authentication
anti-replay protection
confidentiality
limited traffic flow confidentiality
IPsec can operate in two modes
tunnel mode
typically used to tunnel IP traffic between two
security gateways
IPsec protects the full IP datagram
transport mode
mainly used to provide security services for
upper layer protocols
IPsec offers limited protection to IP headers
The components of the IPsec security architecture
[RFC2401]
1. Security protocols
Authentication Header (AH) [RFC2402]
extends protection to some parts of the IP
header
Encapsulated Security Payload (ESP)
[RFC2406]
no security services provided for the IP
headers that precede the ESP header
2. Security associations
definition of the Security Policy Database (SPD)
and the Security Association Database (SAD) as
well as the management and usage of security
associations
3. Key management
the distribution of cryptographic keys for use
with the security protocols (namely, the Internet
Key Exchange, or IKE [RFC2409])
4. Algorithms used for encryption and authentication
18.2 Security associations
Security protocols make use of security associations
(SAs) as they provide security services
SA
a relationship between two entities that defines how
they are going to use security services to secure
their communications
it includes information on authentication and/or
encryption algorithms, cryptographic keys and key
lengths as well as the initialization vectors (IV) that
are shared between the entities
an SA is unidirectional
typically two SAs are needed for a bidirectional
flow of traffic
one for inbound (read) traffic and one for
outbound (write) traffic
An SA is uniquely identified by the following three
items
security parameter index (SPI)
destination IP address
security protocol (either AH or ESP)
The management of SAs involves two databases
SPD (Security Policy Database)
contains the policies by which all inbound and
outbound traffic is categorized on a host or a
security gateway
a set of selectors—IP layer and upper layer (e.g.,
TCP and UDP) protocol field values—is used by
the SPD to map traffic to a specific SA
SAD (Security Association Database)
a container for all active SAs, and related
parameters
18.3 Internet Security Association and
Key Management Protocol (ISAKMP)
ISAKMP
used for negotiating, establishing, modification, and
deletion of SAs and related parameters
it defines the procedures and packet formats for
peer authentication creation and management of
SAs and techniques for key generation
it also includes mechanisms that mitigate certain
threats (e.g., denial-of-service, or DOS, and antireplay protection)
ISAKMP
an "abstract" protocol—it provides a IPsec
framework for authentication and key management,
and supports many actual key exchange protocols
(e.g., IKE)
defines header and payload formats
ISAKMP
operates in two phases
phase 1
the peers establish an ISAKMP SA (namely,
they authenticate and agree on the used
mechanisms to secure further
communications)
phase 2
this ISAKMP SA is used to negotiate further
protocol SAs (e.g., an IPsec/ESP SA)
18.4 Internet Key Exchange (IKE)
IKE
a key exchange protocol which, in conjunction with
ISAKMP, negotiates authenticated keying material
for SAs
can use two modes to establish a phase 1 ISAKMP
SA
main mode
the identities of the negotiating entities are
protected
aggressive mode
the identities are revealed to the outside world
both modes use the Ephemeral Diffie-Hellman
key exchange algorithm to generate keying
material for the ISAKMP SA
18.5 Encapsulated Security Payload
(ESP)
ESP
used to provide security services in IPv4 and IPv6.
can be used alone or in unison with an AH
can "provide either confidentiality (i.e., encryption)
or integrity protection (i.e., authentication), or both.
can operate in transport mode and in tunnel mode
The ESP header is inserted
into the IP datagram after the IP header and before
any upper layer protocol headers in transport mode,
or
before an encapsulated IP datagram in tunnel mode
Figure 18.1 illustrates the ESP packet format
The fields in the ESP header
The sequence number
a monotonically increasing 32-bit counter used
to protect against replay attacks
when an SA is established the sequence number
is reset to zero
Payload data
a variable length field that typically contains the
data payload, whose type is denoted by the next
header field
it may also contain cryptographic
synchronization data, such as an IV
Padding
used to fill the payload data to a specific block
size multiple required by a particular encryption
algorithm, or to randomize the length of the
payload in order to protect against traffic flow
analysis
Pad length
an 8-bit field whose value indicates in bytes the
length of the padding field
Next header
an 8-bit field whose value indicates the type of
data contained in the payload data field
Authentication data
a variable length field containing an integrity
check value (ICV), which is computed (using an
authentication algorithm) from the rest of the
ESP packet, to provide data integrity protection
To process outbound traffic, a host or security gateway
first uses a set of selectors in the SPD to determine the
outbound SA used
It then follows a set of steps to process the outbound
packet
1. Either the entire original outbound IP datagram is
encapsulated in an ESP payload field (tunnel mode)
or just the original upper layer protocol information
from the outbound IP datagram is encapsulated
(transport mode)
2. Appropriate padding is added to the payload data
3. The results are encrypted using an encryption key
and an algorithm
4. The sequence number is incremented as
appropriate
5. If authentication is enabled, then the ICV is
calculated
6. Possible fragmentation of the IP datagram is
performed
On receiving an IP datagram the recipient follows the
following steps to process the packet
1. Possible reassembly of the IP datagram is
performed
2. Using the SPI, security protocol and destination IP
address, an appropriate SA is looked up from the
SAD
3. If anti-replay protection is enabled, the sequence
number is inspected
4. If authentication is enabled, then the ICV is
verified
5. The packet is decrypted, padding is removed and
the original IP datagram is reconstructed
18.6 Summary
IPsec provides security services in the IP layer, in both
IPv4 and IPv6, offering protection for protocols at
higher layers
IKE is used for key exchange
creating and managing SAs and related security
parameters
ESP is used for confidentiality and integrity protection