William Stallings Data and Computer Communications
Download
Report
Transcript William Stallings Data and Computer Communications
IP SECURITY
1
IPSec Three Functional Areas
IPSec encompasses three functions,
Authentication
Identify the Source address, i.e., against the forgers.
Against alteration (Plaintext transmit only)
Confidentiality
Prevent eavesdropping by 3rd party (ciphertext transmit)
Key management
Exchange the secret keys securely.
2
IPSec Overview
Flexibility
Not a sigle protocol
(Security algorithms decided by the pair of
comm. entites) + (General framework)
Transparent to applications
Encrypt and/or all traffic at the IP level.
All the distributed applications could be secured.
3
Applications
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establsihing extranet and intranet connectivity with
partners
Enhancing electronic commerce security
4
IPSec Scenario
Individual user is available
Encrypt and compress
5
IPSec Document Overview
RFC-2401
RFC-2406
RFC-2403~5
3DES-CBC
CAST
RFC-2402
RFC-2403,4
HMAC-SHA-1
HMAC-MD5
Domain of Interpretation
6
Security Association (SA)
A one-way relationsship between a sender and a
receiver that specifies the parameters to the
traffic carried.
Who to protect the traffic, what traffic to be
protected and with whom the protection is
performed.
Typically, SAs exist in pairs, one in each direction.
SAs reside in the Security Association Database.
7
Identified by three parameters:
Security Parameter Index (SPI)
Bit string assigned to the certain SA, local sinificant only.
Carried in AH or ESP heades
IP Destination address
Unicast addresses only
Security Protocol Identifier
Indicate whether it’s a AH or ESP.
8
Security Association Database (SAD)
Defines the parameters associated within each SA.
The functionality provided by a SAD must be present
in IPSec, however, the way it presents is depends on
the implementor.
9
SA 8-Parameter in SAD
Sequence Number Counter
32-bit value
Use to generate the sequence number in AH or ESP
header
Sequence Counter overflow
If overflow, generate an auditable event and terminate
such a SA.
Anti-Replay Window
Determine whether an inbound AH or ESP packet is
replay.
10
AH Information
All the details of authentication algorithm within this SA.
ESP Information
All the details of the Encryption algorithm within this
SA.
Lifetime of this Security Association
IPSec protocol Mode
Tunnel, Transport, or wildcard.
Path MTU
11
Anti-Replay Mechanism
Sequence number (Sender)
1. The sender initialized a sequence number counter once a
new SA is established.
2. The sender will increase the sequence number by one once
a packet is sent on this SA till the limit, (232 – 1), is reached.
3. The sender should terminate a SA in which the sequence
number is maximum and negotiate a new SA with a new key.
12
Sliding receive window (Receiver)
irretrievably lost
Advance the window if the valid
packet to the “right” is received
Fixed window size
Unmarked if valid
packet not yet received
13
Security Policy Database (SPD)
Maintain the IPSec policies.
Each entry defines,
Which IP traffic to be protected,
IP traffic selectors IPSec policy. (SPD)
How to protect it. One of three actions to take upon IP
traffic match
Discard
Bypass
Apply An SA or a bundle of SAs.
With whom the protection is shared
14
Map to the SAD. (per packet or per SPD entry). In
other words, points to an SA for a certain IP
traffic.
15
SA 10-Selector in SPD
Destination IP address
Source IP address
UserID
Data Sensitivity level
Transport layer protocol
IPSec protocol
Source and Destination ports
IPv6 class
IPv6 Flow label
IPv4 Type of Service(TOS)
16
IPSec
SA
AH or ESP or ESP/AH
AH
Authenticated only, i.e., the payload of the IP packet will
be transmitted in “plaintext”.
ESP
Authentication is an option.
Ciphertext
Each AH and ESP has two modes
Transport
Tunnel
17
Transport Mode vs. Tunnel Mode
Transport mode
Only the IP payload will be protected.
Origin IP address is the outbound address.
Tunnel mode
The entire IP packet (including IP address) will be
protected.
A router or firewall’s IP address will be the destination
address instead.
18
Authentication Header (AH)
Design to provide
Integrity
Authentication
Does not support
Confidentiality
Guards against the replay attack
19
AH Fields
Next header:
Identify the type of the next header.
IP protocol number for AH is 51.
Payload length:
{[Total length of AH (in word) ] – 2 }
In default case, the length is 4.
Reserved
For future usage.
SPI:
Identifies a SA
Sequence number:
a monotonically increasing counter for anti-replay.
20
Authentication data:
contains Integrity check value (ICV) or message
authentication code (MAC)
HMAC-MD5-96
HMAC-SHA-1-96
21
MAC Calculation
IP header
immutable : available
mutable but predictable : available
mutable but unpredictable : set to zero
TOS, Flags, TTL, IP hdr checksum, fragment offset
AH header
Other than the Authentication Data field.
Namely, set that field to zero.
IP payload
immutabel.
22
Mutable Field in IPv4 Format
0
4
Ver
IHL
8
16
TOS
Identification
TTL
19
Protocol
31
Total length
Flag
Fragment Offset
Header Checksum
Source Address
Destination Address
Options + Padding
23
Mutable Fields in IPv6 Format
0
4
8
16
Ver Traffic Class
Payload length
4-word
4-word
19
31
Flow Label
Next hdr
Hop limit
Source Address
Destination Address
Extension Header
24
IPv6 with Extension Headers
IPv6 Header
Hop-by-Hop opt. hdr
Destination Opt. hdr
Routing Header
Fragment Header
AH
ESP
Destination Opt. hdr
25
AH Format
0
8
Next Header
16
Payload Length
31
Reserved
Security Parameters Index (SPI)
Sequence Number
Authentication Data (variable)
26
Origin IPv4 and IPv6
Orig IP
hdr
TCP
Data
Extension headers
(If present)
TCP
Data
IPv4
IPv6 Orig IP
hdr
27
Transport Mode AH
Authenticated except
for mutable fields
IPv4
Orig IP
AH
hdr
TCP
Data
Authenticated except
for mutable fields
IPv6 Orig IP
hdr
Hop-by-hop, dest,
AH dest
routing, fragment
TCP
Data
28
Tunnel Mode AH
IP TCP Data
IPv4
IPv4
Authenticated except for
mutable fields in the new IP hdr
New IP
Orig IP
AH
hdr
hdr
TCP
Data
Authenticated except for mutable fields
in the new IP hdr and its extension hdrs
IPv6
New IP
hdr
Extension
headers
AH
Orig IP Extension
hdr
headers
TCP
Data
29
AH Approach
Transport SA
Transport SA
Tunnel SA
30
Encapsulating Security Payload (ESP)
ESP
Provide confidentiality only.
ESP/AH
Support both encryption and authentication
31
ESP Fields
Security parameters index (SPI)
Identifies a certain SA
Sequence number
The same as in AH
Payload data
protected by encryption
Padding
Encryption algorithm
Next header
Identifies the type of data contained in the payload.
IP protocol number is 50.
Authentication data
MAC computes over the (ESP packet – Authentication Data)
32
ESP Format
0
16
24
31
Confidentiality coverage
Authentication coverage
Security Parameters Index (SPI)
Sequence Number
Payload Data (variable)
Padding (0-255 bytes)
Pad Length Next Header
Authentication Data (variable)
33
Encryption and Authentication in ESP
Encryption algorithm
The cryptographic synchronization (IV) may be carried at
the beginning of the payload
Although being part of the ciphertext, IV won’t, in
general, be encrypted.
Essential : DES in CBC mode
Others : 3DES, RC5, IDEA, 3IDEA, CAST, Blowfish
symmetric key encryption
Authentication algorithm
The same as in AH.
Ciphertext+ ESP tailer
34
Transport Mode ESP
Authenticated
IPv4 IP TCP Data
Encrypted
IPv4
Orig IP ESP
hdr
hdr
TCP
Data
ESP ESP
trlr auth
Authenticated
Encrypted
IPv6 Orig IP
hdr
Hop-by-hop, dest, ESP
dest
routing, fragment hdr
TCP
Data
ESP ESP
trlr auth
35
Tunnel Mode ESP
Authenticated
IPv4 IP TCP Data
Encrypted
IPv4 new IP
hdr
ESP Orig IP
hdr
hdr
TCP
Data
ESP ESP
trlr auth
Authenticated
Encrypted
IPv6
new IP
hdr
ESP
ext
headers hdr
orig IP
hdr
ext
headers
TCP
Data
ESP ESP
trlr auth
36
ESP Approach
Transport-level security
VPN via Tunnel Mode
37
Functionality of Tunnel and Transport Mode
Transport Mode SA
Tunnel Mode SA
AH
Authenticates IP payload and selected
portions of IP header and IPv6 extension
headers
Authenticates entire inner IP
packet plus selected portions
of outer IP header and outer
IPv6 extension headers
ESP
Encrypts IP payload and any IPv6
extesion header following the ESP
header
Encrypts inner IP packet
ESP/AH
Encrypts IP payload and any IPv6
extesion header following the ESP
header. Authenticates IP payload but no
IP header
Encrypts inner IP packet.
Authenticates inner IP packet.
38
IPSec Services Summary
AH
ESP
ESP/AH
Access control
Integrity
Authentication
Anti-replay
Confidentiality
Limited traffic flow
confidentiality
39