Deployed and Emerging Security Systems for the Internet
Download
Report
Transcript Deployed and Emerging Security Systems for the Internet
Lecture 15: IPsec
AH and ESP
• IPsec introduction: uses and modes
• IPsec concepts
– security association
– security policy database
• IPsec headers
– authentication header (AH)
– encapsulating security payload
(ESP)
1
IPsec
• IETF standard for real-time communication security
– designed to work with both IPv4 and IPv6
• Cryptographic protection of the IP traffic (level 3), transparent to
the user
• main components:
– Internet Key Exchange (IKE): IPsec key exchange protocol
– Authentication Header (AH): Authentication of the IP packet
(optional)
– Encapsulating Security Payload (ESP):
Encryption/authentication of the IP packet (optional)
2
Modes and Uses of IPsec
• granularity of protection: user, host or network
• typical uses:
– remote access to network (host-to-gateway)
– virtual private networks (gateway-to-gateway)
• protocol modes:
– transport mode: host applies IPsec to transport layer packet
– tunnel mode: gateway applies IPsec to the IP packet of a
host from the network (IP in IP tunnel)
3
Security Association & Policy
• Security Association (SA) – IPsec-protected connection (one-way)
– specifies the encryption/auth. algorithm, key, etc.
– established either “manually” or through IKE
– identified by
• security parameter index (SPI)
• destination IP address
• protocol identifier: (AH or ESP – more later)
• Security Policy Database – specifies what kind of protection is applied to
packets
– matches IP packet to SA at source and destination, indexed by SPI
– contains
• AH information (auth. algorithm, key, key lifetime, etc.)
• ESP information (auth./encryption algorithm, key, key lifetime, etc.)
• sequence number counter
• anti-replay window (at the destination SA)
• lifetime of the SA
• others (protocol mode, path MTU, etc.)
4
IPsec Packet Processing
Outbound packets:
application
– The proper SA is chosen
TCP
from the security policy
IPsec
database
– From the SA database,
lower layers
the SPI and SA parameters
are retrieved
– The IPsec protection is performed; packet passed to IP
Inbound packets:
– By the SPI, the SA is found
– IPsec auth./decryption is performed
– Packet passed to upper layer protocol
5
Authentication Header (AH)
• provides (optional) integrity protection (authentication)
– for packet
– some of the fields of IP header
• the integrity check is provided by a cryptographic hash
– MAC is included in the header
• some fields of IP header are modified in transit hence
cannot be covered by integrity check; these fields differ in
IPv4 and IPv6
– mutable – modifiable in transit, not protected
– immutable – constant, protected
– mutable but predictable – changes but in a predictable
manner – protected with values at receiver
6
AH Format
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header
| Payload Len |
RESERVED
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Security Parameters Index (SPI)
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Sequence Number Field
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
+
Authentication Data (variable)
|
|
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
headers
• next header – following header in sequence
• payload length – header size (to determine authentication data size)
• sequence number – to prevent replay
authentication issues
• auth. alg.: HMAC (with MD5, SHA1, etc.)
CBC-MAC (3DES, RC5, AES, etc.)
• typically, IV is included in the payload
• authentication covers immutable fields of IP header as well as the payload.
7
Applying AH toIPv4 Header
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service|
Total Length
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Identification
|Flags|
Fragment Offset
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live |
Protocol
|
Header Checksum
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Source Address
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Destination Address
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Options
|
Padding
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IPv4
IPv4
BEFORE APPLYING AH
---------------------------|orig IP hdr |
|
|
|(any options)| TCP | Data |
----------------------------
AFTER APPLYING AH
--------------------------------|orig IP hdr |
|
|
|
|(any options)| AH | TCP | Data |
--------------------------------|<------- authenticated ------->|
except for mutable fields
• mutable field –ToS, flags,
frag.offset, TTL, checksum
• mutable, predictable –
destination address
8
Encapsulating Security
Payload (ESP)
•
provides (optional) encryption and integrity protection
ESP header
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Security Parameters Index (SPI)
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Sequence Number
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Payload Data (variable)
|
~
~
|
|
+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
Padding (0-255 bytes)
|
+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
| Pad Length
| Next Header
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Authentication Data (variable)
|
~
~
|
|
---^Auth.
|Cov|erage
| ---|
^
|
|
|Conf.
|Cov|erage
|
|
v
v
------
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
•
•
Encryption: usually a block cipher in CBC mode
IV is typically included in the payload (not encrypted)
9
ESP with IPv4
IPv4
IPv4
BEFORE APPLYING ESP
---------------------------|orig IP hdr |
|
|
|(any options)| TCP | Data |
---------------------------AFTER APPLYING ESP
------------------------------------------------|orig IP hdr | ESP |
|
|
ESP
| ESP|
|(any options)| Hdr | TCP | Data | Trailer |Auth|
------------------------------------------------|<----- encrypted ---->|
|<------ authenticated ----->|
• ESP puts MAC after the payload, why?
10
AH vs. ESP
issues with AH
• usefulness is doubtful (authentication is provided by ESP as
well)
• not efficient to compute (MAC is at the beginning)
• wasted (unused) octets in the header
• not compatible with network address translation (NAT) which
modifies IP address
• the need for immutable fields protections is unclear
– ESP in tunneling mode can do it
11