Transcript Chapter 6
IP Security
Ola Flygt
Växjö University, Sweden
http://w3.msi.vxu.se/users/ofl/
[email protected]
+46 470 70 86 49
Henric Johnson
1
Outline
Internetworking and Internet Protocols
(Appendix 6A)
IP Security Overview
IP Security Architecture
Authentication Header
Encapsulating Security Payload
Combinations of Security Associations
Key Management
2
TCP/IP Example
3
IPv4 Header
4
IPv6 Header
5
IP Security Overview
IPSec is not a single protocol. Instead,
IPSec provides a set of security
algorithms plus a general framework
that allows a pair of communicating
entities to use whichever algorithms
provide security appropriate for the
communication.
6
IP Security Overview
Applications of IPSec
Secure branch office connectivity over the
Internet
Secure remote access over the Internet
Establishing extranet and intranet
connectivity with partners
Enhancing electronic commerce security
7
IP Security Scenario
8
IP Security Overview
Benefits of IPSec
Transparent to applications (below transport
layer (TCP, UDP)
Provide security for individual users
IPSec can assure that:
A router or neighbour advertisement comes from
an authorized router
A redirect message comes from the router to
which the initial packet was sent
A routing update is not forged
9
IP Security Architecture
IPSec documents:
RFC 2401: An overview of security
architecture
RFC 2402: Description of a packet
encryption extension to IPv4 and IPv6
RFC 2406: Description of a packet
encryption extension to IPv4 and IPv6
RFC 2408: Specification of key
management capabilities
10
IPSec Document Overview
11
IPSec Services
Access Control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
Confidentiality (encryption)
Limited traffic flow confidentiality
12
Security Associations (SA)
A one way relationship between a
sender and a receiver.
Identified by three parameters:
Security Parameter Index (SPI)
IP Destination address
Security Protocol Identifier
13
Transport Mode SA
Tunnel Mode SA
AH
Authenticates IP payload and Authenticates entire inner
selected portions of IP header IP packet plus selected
and IPv6 extension headers
portions of outer IP
header
ESP
Encrypts IP payload and any
IPv6 extension header
Encrypts inner IP packet
ESP with
authentication
Encrypts IP payload and any
IPv6 extension header.
Authenticates IP payload but
no IP header
Encrypts inner IP packet.
Authenticates inner IP
packet.
14
Before applying AH
15
Transport Mode (AH
Authentication)
16
Tunnel Mode (AH
Authentication)
17
Authentication Header
Provides support for data integrity and
authentication (MAC code) of IP packets.
Guards against replay attacks.
18
End-to-end versus End-toIntermediate Authentication
19
Encapsulating Security Payload
ESP provides confidentiality services
20
Encryption and
Authentication Algorithms
Encryption:
Three-key triple DES
RC5
IDEA
Three-key triple IDEA
CAST
Blowfish
Authentication:
HMAC-MD5-96
HMAC-SHA-1-96
21
ESP Encryption and
Authentication
22
ESP Encryption and
Authentication
23
Combinations of Security
Associations
24
Combinations of Security
Associations
25
Combinations of Security
Associations
26
Combinations of Security
Associations
27
Key Management
Two types:
Manual
Automated
Oakley Key Determination Protocol
Internet Security Association and Key
Management Protocol (ISAKMP)
28
Internet Key Exchange (IKE)
IKE=ISAKMP+Oakley
automated system for on-demand creation and
distribution of keys for enabling SA’s in large
systems in a protected manner
Typically SAs need 2 pairs of keys
2 per direction for AH & ESP
Perfect forward secrecy desired D-H
29
Oakley
A key exchange protocol based on Diffie-
Hellman key exchange
Adds features to address weaknesses
cookies, groups (global parameters), nonces, DH key exchange
with authentication
Cookie generation criteria:
must depend on the specific parties
must not be possible for anyone other than the issuing entity to
generate cookies that will be accepted by that entity
cookie generation function must be fast to thwart attacks
intended to sabotage CPU resources
a hash over the IP source & destination address, the UDP source
and destination ports and a locally generated secret random value
30
Oakley
Three authentication methods:
Digital signatures
Public-key encryption
Symmetric-key encryption
31
ISAKMP
Internet Security Association and Key Management Protocol
Provides framework for key management
Defines procedures and packet formats to establish,
negotiate, modify, & delete SAs
Independent of key exchange protocol, encryption
alg., & authentication method
Phase 1: ISAKMP peers establish bi-directional
secure channel using main mode or aggressive mode
Phase 2: negotiation of security services for IPSec
(maybe for several SAs) using quick mode; can have
multiple Phase 2 exchanges, e.g., to change keys
32
ISAKMP
33
ISAKMP Payload Types
Qu i c k T i m e o c h e n
T I F F (U n c o m p re s s e d )-d e k o m p ri m e ra re
k rä v s f ö r a t t k u n n a s e b i l d e n .
34
ISAKMP Exchange Types
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
35