Network Security
Download
Report
Transcript Network Security
In the Name of the Most High
IP Security
Behzad Akbari
Fall 2009
1
Outline
Need for Internet Security
Internetworking and Internet Protocols
(Appendix 6A)
IP Security Overview
IP Security Architecture
Authentication Header
Encapsulating Security Payload
Combinations of Security Associations
Key Management
Need for Internet Security
Based on public-domain standards
Potential intruders know how things work
The Internet is ever-increasingly pervasive
No need for specialist tools to get access
Applications (e.g. web servers and browsers) are extensible
Now used for much more than protocol designers
envisaged originally
TCP/IP weaknesses
e.g. easy to masquerade as someone else
Why secure at the IP layer?
Can put security in place once, in a consistent
manner, for multiple applications
All applications are secured, without the need for
the user to be involved
Central management of security, including access
policy, keys, algorithms, etc.
Independent of Applications
and Transport
Diverse Apps
Email
Web
TCP
Game
DB
queries
SNMP
UDP
Secured IP
FTP
IM
Other Transport
Internet Protocols
Internet Protocol (IP)provides functionality for
interconnecting end systems across multiple
networks.
IPv4 and IPv6
Routers provide connections between
networks
Data is encapsulated in an IP Protocol Data
Unit (PDU) for transmission
Uses of IPsec
Virtual Private Network (VPN) establishment
Low-cost remote access
For connecting remote offices and users using public
Internet
e.g. teleworker gains secure access to company
network via local call to ISP
Extranet connectivity
Secure communication with partners, suppliers, etc.
OSI 7 Layer Model
7 Application
6 Presentation
Ethernet, Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi, FDDI, PPP
1Physical
IP, ICMP, IPX, BGP, OSPF, RIP, ARP, X.25
2 Data Link
TCP, UDP, RTP, SCTP, SPX, ATP,
3 Network
ASAP, TLS, SSH,RPC, NetBIOS, ASP, Winsock, BSD sockets
4 Transport
XDR, ASN.1, SMB, AFP, NCP
5 Session
HTTP, SMTP, SNMP, FTP, Telnet, SIP, SSH, NFS,, Whois,
wire, radio, fiber optic
5 Layer Internet Protocol Model
5. Application
4. Transport
3. Internet
2. Network Interface
(like Data Link)
1. Physical
TCP, UDP
IP
Logical Link Control (LLC)
Media Access Control (MAC)
TCP/IP Example
IP Security Overview
Application–specific security mechanisms
E-mail (S/MIME, PGP)
Client-server (Kerberos)
Web Access ( Secure sockets)
IP level security (IPSec)
Authentication (received unaltered from source in header)
Confidentiality (encrypted to prevent eavesdropping)
Key Management (secure exchange of keys)
IP Security Overview
IPSec is not a single protocol. Instead,
IPSec provides a set of security algorithms
plus a general framework that allows a pair
of communicating entities to use whichever
algorithms provide security appropriate for
the communication.
IP Security Overview
Applications of IPSec
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity
with partners
Enhancing electronic commerce security
IP Security Scenario
IP Security Overview
Benefits of IPSec
Transparent to applications (below transport layer
(TCP, UDP)
Provide security for individual users
IPSec can assure that:
A router or neighbor advertisement comes from an
authorized router
A redirect message comes from the router to which
the initial packet was sent
A routing update is not forged
IP Security Architecture
IPSec documents:
RFC 2401: An overview of security architecture
RFC 2402: Description of a packet encryption
extension to IPv4 and IPv6
RFC 2406: Description of a packet emcryption
extension to IPv4 and IPv6
RFC 2408: Specification of key managament
capabilities
IPsec Architecture
Two alternative protocols:
Authentication Header (AH)
Provides authentication but not confidentiality
Adds extra field to traditional IP packet; used to verify
authenticity of the packet
Encapsulating Security Payload (ESP)
Provides packet encryption and, optionally, authentication
Content of IP packet is encrypted and encapsulated between
header and trailer fields
IPSec Document Overview
IPSec Services
IPSec provides security services at the IP
layer by enabling a system to select required
protocols, determine the algorithm(s) to use,
and to put in place the cryptographic keys.
Two protocols are needed:
Authentication Header (AH)
Encapsulating Security Payload (ESP)
IPSec Services
Access Control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
Confidentiality (encryption)
Limited traffic flow confidentiallity
Security Association (SA)
In order to communicate, each pair of hosts must set up SA
with each other
Acts as virtual connection for which various parameters are
set:
Type of protection
Algorithms
Keys
…
Specifies one-way relationship
For either AH or ESP, but not both
Security Associations (SA)
A one way relationship between a sender and
a receiver.
Identified by three parameters:
Security Parameter Index (SPI)
IP Destination address
Security Protocol Identifier
Security Association (SA)
Each SA uniquely identified by:
Security Parameters Index (SPI)
IP destination address of packets
May be end user system, or firewall or router
Choice of AH or ESP
For each IP packet, governing SA is identified by:
Destination IP address in packet header
SPI in extension header (AH or ESP)
32-bit string assigned to this SA (local meaning only)
Before applying AH
IPsec modes
Transport Mode:
Protects payload only
i.e. protects original data and upper-level
protocols
Typically used for end-to-end
communication
Transport Mode Security
Transport Mode (AH Authentication)
IPsec modes
Tunnel Mode:
Protects entire IP packet
Including the IP header
Typically used for connecting secure
gateways (firewalls or routers that
implement IPsec)
Hosts don’t need to be IPsec-enabled
Tunnel Mode Security
Tunnel Mode (AH Authentication)
Authentication Header (AH)
• Adds extra field to traditional IP packet
• This is used to verify authenticity &
integrity of the packet
Before applying AH:
Authenticated (Data + parts of IP header)
Transport Mode:
data is authenticated, as
well as parts of IP header
Tunnel Mode: Authenticated (Data + orig IP header + parts of new header)
entire original packet
is authenticated +
parts of new header
Authentication Header
Provides support for data integrity and authentication
(MAC code) of IP packets.
Guards against replay attacks.
Parties share a secret key, K
Authentication Header (AH)
Protection against replay attack with use of sequence
number
Why have an Authentication-only protocol (AH)?
May be used where export/import/use of encryption is
restricted
Faster implementation
Receiver can choose whether to expend the effort to
verify authenticity/integrity
Encapsulating Security Payload (ESP)
Content of IP packet is encrypted and
encapsulated between header and trailer
fields.
Authentication data optionally added
Encapsulating Security Payload (ESP)
Original IP packet:
Transport Mode:
only data is encrypted &
authenticated
Encrypted
Authenticated
(optionally)
Tunnel Mode:
entire packet encrypted &
authenticated
Encrypted
Authenticated
(optionally)
ESP Format
Transport Mode Tunnel Mode
SA
SA
AH
Authenticates IP payload
and selected portions of IP
header and IPv6 extension
headers
Authenticates entire
inner IP packet plus
selected portions of
outer IP header
ESP
Encrypts IP payload and
any IPv6 extesion
header
Encrypts inner IP
packet
ESP with
authentication
Encrypts IP payload and
any IPv6 extesion
header. Authenticates
IP payload but no IP
header
Encrypts inner IP
packet. Authenticates
inner IP packet.
Main difference is that Tunnel mode secures the IP header as well as the payload
End-to-end versus End-to-Intermediate
Authentication
Encapsulating Security Payload
ESP provides confidentiality services
Encryption and Authentication Algorithms
Encryption:
Three-key triple DES
RC5
IDEA
Three-key triple IDEA
CAST
Blowfish
Authentication:
HMAC-MD5-96
HMAC-SHA-1-96
ESP Encryption and Authentication
ESP Encryption and Authentication
Combinations of Security Associations
Combinations of Security Associations
Combinations of Security Associations
Combinations of Security Associations
Key Management
Two types:
Manual
Automated
Oakley Key Determination Protocol( a refinement of the
Difffie-HellProject Objectives and Plans man exchange
algorithm)
Internet Security Association and Key Management
Protocol (ISAKMP)
Key Management in IPsec
Generation and distribution of secret keys
Manual
System admin configures keys (doesn’t scale well)
Automated
Oakley Key Determination Protocol
based on Diffie-Hellman
ISAKMP & IKE – Internet Security Association and Key
Management Protocol & Internet Key Exchange
Default is referred to as ISAKMP/Oakley
Oakley
Key determination protocol, based on Diffie-Hellman
algorithm with added security
Secret keys are created only when needed
Key exchange requires no pre-exisitng structure, only an
agreement on global parameters
Three authentication methods:
Digital signatures
Public-key encryption
Symmetric-key encryption
Oakley Algorithm
Characteristics:
uses a method known as cookies to thwart clogging
attacks (See next slide)
enables two parties to negotiate a group
uses nonces to ensure against replay attacks
enables the exchange of Diffie-Hellman public key
values
authenticates Diffie-Hellman exchange to thwart
“man-in-the-middle” attack
Clogging Attacks
An opponent forges the source address of a legitimate user
and send a public key to the victim.
The victim computes the secret key.
Repeated messages can clog the victim’s system with
useless work.
Cookie exchange requires that each side send a
pseudorandom number (cookie) in the initial message,
which the other side acknowledges and repeats in the first
message of the Diffie-Hellman key exchange.
If the source address was forged, the opponent gets no
answer.
ISAKMP
Internet Security Association and Key
Management Protocol (ISAKMP)
provides framework for key management and specific
protocol supports
defines procedures and packet formats to establish,
modify and delete security associations.
Provides consistent independent of the key exchange
protocol, encryption algorithm and authentication
mechanism
ISAKMP
IPsec Benefits
Provides a level of security for all applications.
Allows deployment of new/emerging applications that may
not have their own security.
Transparent to transport layer
Transparent to end-users
No need for training, key issue, key revocation, etc.
Can be provided to individual users where needed (e.g. offsite workers)
Extensible to new, stronger, cryptographic methods as these
become available
IPsec Drawbacks
Processing performance overhead
Protection is applied to all traffic, though only a small
portion may be security-sensitive
Blocks access to non-IPsec hosts
Hosts must have security association
Not great for short-lived connections
Requirement for pair-wise SA limits usefulness for
arbitrary Internet-based transactions
Not practical for broadcast
Note on VPN concept
Private Network
A set of computers connected together and
protected from the Internet (usually with a
firewall)
Traditionally made up of LAN(s) within
individual locations. If needed, wide area
(e.g. inter-branch) connection is made by
secure leased telecommunications lines.
Virtual Private Networks
(a) A leased-line private network.
(b) A virtual private
network.
Recommended Reading
Comer, D. Internetworking with TCP/IP,
Volume I: Principles, Protocols and
Architecture. Prentic Hall, 1995
Stevens, W. TCP/IP Illustrated, Volume 1:
The Protocols. Addison-Wesley, 1994