Transcript Chapter 6

IP Security
Ola Flygt
Växjö University, Sweden
http://w3.msi.vxu.se/users/ofl/
[email protected]
+46 470 70 86 49
Henric Johnson
1
Outline
 Internetworking and Internet Protocols
(Appendix 6A)
 IP Security Overview
 IP Security Architecture
 Authentication Header
 Encapsulating Security Payload
 Combinations of Security Associations
 Key Management
2
TCP/IP Example
3
IPv4 Header
4
IPv6 Header
5
IP Security Overview
IPSec is not a single protocol. Instead,
IPSec provides a set of security
algorithms plus a general framework
that allows a pair of communicating
entities to use whichever algorithms
provide security appropriate for the
communication.
6
IP Security Overview
 Applications of IPSec
Secure branch office connectivity over the
Internet
Secure remote access over the Internet
Establishing extranet and intranet
connectivity with partners
Enhancing electronic commerce security
7
IP Security Scenario
8
IP Security Overview
 Benefits of IPSec
 Transparent to applications (below transport
layer (TCP, UDP)
 Provide security for individual users
 IPSec can assure that:
 A router or neighbour advertisement comes from
an authorized router
 A redirect message comes from the router to
which the initial packet was sent
 A routing update is not forged
9
IP Security Architecture
 IPSec documents:
RFC 2401: An overview of security
architecture
RFC 2402: Description of a packet
encryption extension to IPv4 and IPv6
RFC 2406: Description of a packet
encryption extension to IPv4 and IPv6
RFC 2408: Specification of key
management capabilities
10
IPSec Document Overview
11
IPSec Services
 Access Control
 Connectionless integrity
 Data origin authentication
 Rejection of replayed packets
 Confidentiality (encryption)
 Limited traffic flow confidentiality
12
Security Associations (SA)
 A one way relationship between a
sender and a receiver.
 Identified by three parameters:
Security Parameter Index (SPI)
IP Destination address
Security Protocol Identifier
13
Transport Mode SA
Tunnel Mode SA
AH
Authenticates IP payload and Authenticates entire inner
selected portions of IP header IP packet plus selected
and IPv6 extension headers
portions of outer IP
header
ESP
Encrypts IP payload and any
IPv6 extension header
Encrypts inner IP packet
ESP with
authentication
Encrypts IP payload and any
IPv6 extension header.
Authenticates IP payload but
no IP header
Encrypts inner IP packet.
Authenticates inner IP
packet.
14
Before applying AH
15
Transport Mode (AH
Authentication)
16
Tunnel Mode (AH
Authentication)
17
Authentication Header
 Provides support for data integrity and
authentication (MAC code) of IP packets.
 Guards against replay attacks.
18
End-to-end versus End-toIntermediate Authentication
19
Encapsulating Security Payload
 ESP provides confidentiality services
20
Encryption and
Authentication Algorithms
 Encryption:
 Three-key triple DES
 RC5
 IDEA
 Three-key triple IDEA
 CAST
 Blowfish
 Authentication:
 HMAC-MD5-96
 HMAC-SHA-1-96
21
ESP Encryption and
Authentication
22
ESP Encryption and
Authentication
23
Combinations of Security
Associations
24
Combinations of Security
Associations
25
Combinations of Security
Associations
26
Combinations of Security
Associations
27
Key Management
 Two types:
Manual
Automated
Oakley Key Determination Protocol
Internet Security Association and Key
Management Protocol (ISAKMP)
28
Internet Key Exchange (IKE)
 IKE=ISAKMP+Oakley
 automated system for on-demand creation and
distribution of keys for enabling SA’s in large
systems in a protected manner
 Typically SAs need 2 pairs of keys
 2 per direction for AH & ESP
 Perfect forward secrecy desired  D-H
29
Oakley
 A key exchange protocol based on Diffie-
Hellman key exchange
 Adds features to address weaknesses
 cookies, groups (global parameters), nonces, DH key exchange
with authentication
 Cookie generation criteria:
 must depend on the specific parties
 must not be possible for anyone other than the issuing entity to
generate cookies that will be accepted by that entity
 cookie generation function must be fast to thwart attacks
intended to sabotage CPU resources
 a hash over the IP source & destination address, the UDP source
and destination ports and a locally generated secret random value
30
Oakley
 Three authentication methods:
Digital signatures
Public-key encryption
Symmetric-key encryption
31
ISAKMP
Internet Security Association and Key Management Protocol
 Provides framework for key management
 Defines procedures and packet formats to establish,
negotiate, modify, & delete SAs
 Independent of key exchange protocol, encryption
alg., & authentication method
 Phase 1: ISAKMP peers establish bi-directional
secure channel using main mode or aggressive mode
 Phase 2: negotiation of security services for IPSec
(maybe for several SAs) using quick mode; can have
multiple Phase 2 exchanges, e.g., to change keys
32
ISAKMP
33
ISAKMP Payload Types
Qu i c k T i m e o c h e n
T I F F (U n c o m p re s s e d )-d e k o m p ri m e ra re
k rä v s f ö r a t t k u n n a s e b i l d e n .
34
ISAKMP Exchange Types
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
35