William Stallings Data and Computer Communications

Download Report

Transcript William Stallings Data and Computer Communications 

IP SECURITY
1
IPSec Three Functional Areas
 IPSec encompasses three functions,
Authentication
Identify the Source address, i.e., against the forgers.
Against alteration (Plaintext transmit only)
Confidentiality
Prevent eavesdropping by 3rd party (ciphertext transmit)
Key management
Exchange the secret keys securely.
2
IPSec Overview
 Flexibility
Not a sigle protocol
 (Security algorithms decided by the pair of
comm. entites) + (General framework)
 Transparent to applications
Encrypt and/or all traffic at the IP level.
All the distributed applications could be secured.
3
 Applications
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establsihing extranet and intranet connectivity with
partners
Enhancing electronic commerce security
4
IPSec Scenario
Individual user is available
Encrypt and compress
5
IPSec Document Overview
RFC-2401
RFC-2406
RFC-2403~5
3DES-CBC
CAST
RFC-2402
RFC-2403,4
HMAC-SHA-1
HMAC-MD5
Domain of Interpretation
6
Security Association (SA)
 A one-way relationsship between a sender and a
receiver that specifies the parameters to the
traffic carried.
 Who to protect the traffic, what traffic to be
protected and with whom the protection is
performed.
 Typically, SAs exist in pairs, one in each direction.
 SAs reside in the Security Association Database.
7
 Identified by three parameters:
Security Parameter Index (SPI)
Bit string assigned to the certain SA, local sinificant only.
Carried in AH or ESP heades
IP Destination address
Unicast addresses only
Security Protocol Identifier
Indicate whether it’s a AH or ESP.
8
Security Association Database (SAD)
 Defines the parameters associated within each SA.
 The functionality provided by a SAD must be present
in IPSec, however, the way it presents is depends on
the implementor.
9
SA 8-Parameter in SAD
 Sequence Number Counter
32-bit value
Use to generate the sequence number in AH or ESP
header
 Sequence Counter overflow
If overflow, generate an auditable event and terminate
such a SA.
 Anti-Replay Window
Determine whether an inbound AH or ESP packet is
replay.
10
 AH Information
All the details of authentication algorithm within this SA.
 ESP Information
All the details of the Encryption algorithm within this
SA.
 Lifetime of this Security Association
 IPSec protocol Mode
Tunnel, Transport, or wildcard.
 Path MTU
11
Anti-Replay Mechanism
 Sequence number (Sender)
1. The sender initialized a sequence number counter once a
new SA is established.
2. The sender will increase the sequence number by one once
a packet is sent on this SA till the limit, (232 – 1), is reached.
3. The sender should terminate a SA in which the sequence
number is maximum and negotiate a new SA with a new key.
12
 Sliding receive window (Receiver)
irretrievably lost
Advance the window if the valid
packet to the “right” is received
Fixed window size
Unmarked if valid
packet not yet received
13
Security Policy Database (SPD)
 Maintain the IPSec policies.
 Each entry defines,
Which IP traffic to be protected,
IP traffic  selectors  IPSec policy. (SPD)
How to protect it. One of three actions to take upon IP
traffic match
Discard
Bypass
Apply  An SA or a bundle of SAs.
With whom the protection is shared
14
 Map to the SAD. (per packet or per SPD entry). In
other words, points to an SA for a certain IP
traffic.
15
SA 10-Selector in SPD
 Destination IP address
 Source IP address
 UserID
 Data Sensitivity level
 Transport layer protocol
 IPSec protocol
 Source and Destination ports
 IPv6 class
 IPv6 Flow label
 IPv4 Type of Service(TOS)
16
IPSec
 SA
AH or ESP or ESP/AH
 AH
Authenticated only, i.e., the payload of the IP packet will
be transmitted in “plaintext”.
 ESP
Authentication is an option.
Ciphertext
 Each AH and ESP has two modes
Transport
Tunnel
17
Transport Mode vs. Tunnel Mode
 Transport mode
Only the IP payload will be protected.
Origin IP address is the outbound address.
 Tunnel mode
The entire IP packet (including IP address) will be
protected.
A router or firewall’s IP address will be the destination
address instead.
18
Authentication Header (AH)
 Design to provide
Integrity
Authentication
 Does not support
Confidentiality
 Guards against the replay attack
19
AH Fields
 Next header:
Identify the type of the next header.
IP protocol number for AH is 51.
 Payload length:
{[Total length of AH (in word) ] – 2 }
In default case, the length is 4.
 Reserved
For future usage.
 SPI:
Identifies a SA
 Sequence number:
a monotonically increasing counter for anti-replay.
20
 Authentication data:
contains Integrity check value (ICV) or message
authentication code (MAC)
HMAC-MD5-96
HMAC-SHA-1-96
21
MAC Calculation
 IP header
immutable : available
mutable but predictable : available
mutable but unpredictable : set to zero
TOS, Flags, TTL, IP hdr checksum, fragment offset
 AH header
Other than the Authentication Data field.
Namely, set that field to zero.
 IP payload
immutabel.
22
Mutable Field in IPv4 Format
0
4
Ver
IHL
8
16
TOS
Identification
TTL
19
Protocol
31
Total length
Flag
Fragment Offset
Header Checksum
Source Address
Destination Address
Options + Padding
23
Mutable Fields in IPv6 Format
0
4
8
16
Ver Traffic Class
Payload length
4-word
4-word
19
31
Flow Label
Next hdr
Hop limit
Source Address
Destination Address
Extension Header
24
IPv6 with Extension Headers
IPv6 Header
Hop-by-Hop opt. hdr
Destination Opt. hdr
Routing Header
Fragment Header
AH
ESP
Destination Opt. hdr
25
AH Format
0
8
Next Header
16
Payload Length
31
Reserved
Security Parameters Index (SPI)
Sequence Number
Authentication Data (variable)
26
Origin IPv4 and IPv6
Orig IP
hdr
TCP
Data
Extension headers
(If present)
TCP
Data
IPv4
IPv6 Orig IP
hdr
27
Transport Mode AH
Authenticated except
for mutable fields
IPv4
Orig IP
AH
hdr
TCP
Data
Authenticated except
for mutable fields
IPv6 Orig IP
hdr
Hop-by-hop, dest,
AH dest
routing, fragment
TCP
Data
28
Tunnel Mode AH
IP TCP Data
IPv4
IPv4
Authenticated except for
mutable fields in the new IP hdr
New IP
Orig IP
AH
hdr
hdr
TCP
Data
Authenticated except for mutable fields
in the new IP hdr and its extension hdrs
IPv6
New IP
hdr
Extension
headers
AH
Orig IP Extension
hdr
headers
TCP
Data
29
AH Approach
Transport SA
Transport SA
Tunnel SA
30
Encapsulating Security Payload (ESP)
 ESP
Provide confidentiality only.
 ESP/AH
Support both encryption and authentication
31
ESP Fields
 Security parameters index (SPI)
 Identifies a certain SA
 Sequence number
 The same as in AH
 Payload data
 protected by encryption
 Padding
 Encryption algorithm
 Next header
 Identifies the type of data contained in the payload.
 IP protocol number is 50.
 Authentication data
 MAC computes over the (ESP packet – Authentication Data)
32
ESP Format
0
16
24
31
Confidentiality coverage
Authentication coverage
Security Parameters Index (SPI)
Sequence Number
Payload Data (variable)
Padding (0-255 bytes)
Pad Length Next Header
Authentication Data (variable)
33
Encryption and Authentication in ESP
 Encryption algorithm
The cryptographic synchronization (IV) may be carried at
the beginning of the payload
Although being part of the ciphertext, IV won’t, in
general, be encrypted.
Essential : DES in CBC mode
Others : 3DES, RC5, IDEA, 3IDEA, CAST, Blowfish
symmetric key encryption
 Authentication algorithm
The same as in AH.
Ciphertext+ ESP tailer
34
Transport Mode ESP
Authenticated
IPv4 IP TCP Data
Encrypted
IPv4
Orig IP ESP
hdr
hdr
TCP
Data
ESP ESP
trlr auth
Authenticated
Encrypted
IPv6 Orig IP
hdr
Hop-by-hop, dest, ESP
dest
routing, fragment hdr
TCP
Data
ESP ESP
trlr auth
35
Tunnel Mode ESP
Authenticated
IPv4 IP TCP Data
Encrypted
IPv4 new IP
hdr
ESP Orig IP
hdr
hdr
TCP
Data
ESP ESP
trlr auth
Authenticated
Encrypted
IPv6
new IP
hdr
ESP
ext
headers hdr
orig IP
hdr
ext
headers
TCP
Data
ESP ESP
trlr auth
36
ESP Approach
Transport-level security
VPN via Tunnel Mode
37
Functionality of Tunnel and Transport Mode
Transport Mode SA
Tunnel Mode SA
AH
Authenticates IP payload and selected
portions of IP header and IPv6 extension
headers
Authenticates entire inner IP
packet plus selected portions
of outer IP header and outer
IPv6 extension headers
ESP
Encrypts IP payload and any IPv6
extesion header following the ESP
header
Encrypts inner IP packet
ESP/AH
Encrypts IP payload and any IPv6
extesion header following the ESP
header. Authenticates IP payload but no
IP header
Encrypts inner IP packet.
Authenticates inner IP packet.
38
IPSec Services Summary
AH
ESP
ESP/AH
Access control



Integrity


Authentication


Anti-replay



Confidentiality


Limited traffic flow
confidentiality


39