Transcript Slides

453 Network Security
Section 7: IPSec/SSL
Dr. E.C. Kulasekere
Sri Lanka Institute of Information
Technology - 2006
IP Security
• S/MIME (Multipurpose Internet Main
Extension), PGP, Kerberos are some
examples of application specific security
mechanisms
• However there are security concerns that
cut across protocol layers
• Would like security implemented by the
network for all applications, even for
security-ignorant applications.
Need for IP Security
• Here is an example of a secure private
TCP/IP network with
– Disallowing links to untrusted sites
– Encrypting packets that leave the premises
– Authenticating packets that enter the
premises
• All of the above varying requirements can
be met if you provide IP level security.
• With IP security applications of all kinds
will be covered.
IPsec
• The functional areas general IP Security
mechanisms provides
– Authentication: This provides source
authentication.
– Confidentiality: encryption
– key management: transfer of keys securely.
• applicable to use over LANs, across public
& private WANs, & for the Internet
IP Security Overview
• This was introduced to address: IP
Spoofing, eavesdropping, packet sniffing
etc.
• Came after IPv4, actually for IPv6. But can
also be used with IPv4.
• The principle feature of IPsec is that it
supports varied applications and
authenticate all traffic at the IP level. This
is primarily good for distributed
applications.
Applications of IPsec
• Secure branch office connectivity over the
internet.
– A company can build a secure VPN over the
internet.
– Hence the internet is used heavily and no
private network is required.
– Saving in cost and network management
overhead is the end result.
Applications of IPsec
• Secure remote access over the internet.
– The office system has to be equipped with
IPsec.
– The user dials into the ISP and then gains
access securely to the company network.
– This reduces the toll charges for traveling
employees and telecommuters.
• Enhancing e-commerce security
– Web and eCommerce applications have built
in security protocols, the use of IPsec will
enhance this.
IPSec Uses
Benefits of IPSec
• in a firewall/router provides strong security
to all traffic crossing the perimeter. The
traffic within the company or workgroup
will not incur additional overhead.
• is resistant to bypass in a firewall.
• is below transport layer, hence transparent
to applications
• can be transparent to end users as well.
• can provide security for individual users if
desired
Routing Applications of IPsec
• In addition to protecting the premises and
users it will additionally play a role in
routing architectures in internetworking. It
can assure that
– A router advertisement comes from an
authorized router.
– A neighbor advertisement comes from an
authorized router.
– A redirect message comes from the router to
which the initial packet was sent.
– A routing update is not forged.
IP Security Architecture
• specification is quite complex
• defined in numerous RFC’s
– incl. RFC 2401/2402/2406/2408
– many others, grouped by category
• mandatory in IPv6, optional in IPv4. In
both cases the security features are
implemented as extension headers that
follow the main IP header.
Areas Addressed in the IPsec
Documentation
• Architecture. General concepts and
requirements.
• Encapsulating security payload (ESP):
packet format for encryption.
• Authentication header (AH): packet format
for authentication.
• Encryption algorithm: different algorithms.
• Key management:
IPSec Services
•
•
•
•
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
– a form of partial sequence integrity
• Confidentiality (encryption)
• Limited traffic flow confidentiality
IPsec Services Provided by AH and ESP
Protocols
Security Associations (SA)
• This is the key concept common to both
authentication and confidentiality.
• An association is a one-way relationship
between the sender and the receiver that
affords security services to the traffic carried
on it.
• If this is required to have a two way secure
communication, then TWO SAs are required.
• Security services are afforded to an SA for
the use of AH or ESP, but not both. Since
both require different packet formats which
cannot be achieved simultaneously
Security Associations
• defined by 3 parameters:
– Security Parameters Index (SPI): only of local
significance. The SPI is carried in AH and ESP
headers to enable the receiving system to select the
SA under which a received packet will be processed.
– IP Destination Address: The address of the
destination endpoint of the SA eg. End user system
firewall or router
– Security Protocol Identifier: This indicates whether the
association is an AH or ESP security association.
• has a number of other parameters: seq no, AH & EH
info, lifetime etc
• have a database of Security Associations: Security policy
database (SPD)
Modes of Use for AH and ESP
• Transport Mode: This mode provides
protection primarily for upper layer
protocols
– ESP in transport mode encrypts and
optionally authenticates the IP payload but not
the IP header (used for end-to-end
communications)
– AH in transport mode authenticates the IP
payload and selected portions of the IP
header.
Modes of Use for AH and ESP
• Tunnel Mode: This mode provides
protection to the entire packet.
– After the AH and ESP fields are added to the
IP packet, the entire packet plus the security
fields are treated as the payload of new
`outer’ IP packet with a new outer IP header.
– No routers on the way are able to examine
the inner IP header.
– Since the total is encapsulated, the
destination and source addresses may be
completely different adding security to the
packet during transition.
Tunnel and Transport Mode
Functionality
Authentication Header (AH)
• provides support for data integrity &
authentication of IP packets in transit
– end system/router can authenticate user/app
– prevents address spoofing attacks by tracking
sequence numbers
• based on use of a MAC
– HMAC-MD5-96 or HMAC-SHA-1-96
• parties must share a secret key
Authentication Header (pp.491)
Anti-Replay Service
• This is the type of attack where the
attacker obtains a copy of an
authenticated packet and later transmit it
to the intended destination.
• This is circumvented using the sequence
number.
• The sequence number is initialized when
the new SA is established and then
incremented for each subsequent packet.
Anti-Replay Service …
• Since IP is connectionless, the delivery of the
packet is not guaranteed. Hence the receiver
implements a window size of W before it
determines that the packet expires.
Transport & Tunnel Modes
END to END & END to INTERMEDIATE
pp. 495
Encapsulating Security Payload (ESP)
• provides message content confidentiality &
limited traffic flow confidentiality
• can optionally provide the same
authentication services as AH
• supports range of ciphers, modes, padding
– incl. DES, Triple-DES, RC5, IDEA, CAST etc
– CBC most common
– pad to meet block size, for traffic flow
Encapsulating Security Payload
Transport vs. Tunnel Mode ESP
• transport mode is used to encrypt & optionally
authenticate IP data
– data protected but header left in clear
– can do traffic analysis but is efficient
– good for ESP host to host traffic
Transport vs. Tunnel Mode ESP …
• tunnel mode encrypts entire IP packet
– add new header for next hop
– good for VPNs, gateway to gateway security
Combining Security Associations
• SA’s can implement either AH or ESP
• to implement both need to combine SA’s
– form a security bundle
• have 4 cases (see next)
Combining SAs – Case 1
• All security is provided between end-systems
• The secret key should be shared by end systems
• The following combinations possible
– AH in transport mode, ESP in transport mode, AH followed
by ESP in transport mode, any of the above inside an AH
or ESP in tunnel mode
Combining SAs – Case 2
• Security is provided between gateways routers
firewalls etc and no host implements IPsec.
• A single tunnel SA using AH, ESP or ESP with
authentication can be used. Nested tunnels are
not required.
Combining SAs – Case 3
• Builds on case 2 by adding end-to-end security.
Combining SAs – Case 4
• Provides support for a remote host that uses the
internet to reach an organization’s firewall and
then to gain access to some server or
workstation behind the firewall. Only tunnel
mode is required.
Web Security
• Web now widely used by business,
government, individuals
• but Internet & Web are vulnerable
• have a variety of threats
– integrity
– confidentiality
– denial of service
– authentication
• need added security mechanisms
A Comparison of Threats on the
Web
Categorization of Web Security
• Active/Passive attacks
– Passive attack – Eavesdropping of network
traffic between browser and server and
gaining information about the web server that
is suppose to be restricted.
– Active attacks – Impersonating, altering
messages in transit between the client and
the web server and in extreme cases altering
web site content.
• Security threat based on location.
– At web server, at web browser, transit
between browser and server, etc.
Web Security based on the Relative
location on the TCP/IP Stack
Web Traffic Security Approaches.
• Network level (using IPSec)
– Adv: transparent to end user+application, general
purpose solution, has IP filtering capabilities (will not
add overhead to all traffic)
• Transport level
– Just above TCP stack. Eg. SSL. Transparent to
application if provided in the protocol. Or can be
embedded in specific applications such as Netscape.
• Application level
– Embedded in application, advantage of being able to
customize the security t the application. Eg. SET