Transcript Document
IPSec (Security at the IP Layer)
Security Objectives and issues
associated with IPSEC
Overview of Network-Layer IP security
Cryptographic checksums for message
integrity protection
IPSEC encryption and authentication
headers from Chapter 5 – Internet Cryptography
2015/7/20
Choi yiu kuen
1
Security Review
2015/7/20
Choi yiu kuen
2
Security in Layer 3
Security at the IP layer,
called IPSEC, is a set of
general purpose protocols
for Protecting the TCP/IP
communications in the
Internet.
It is the third layer (layer 3).
It is used to protect traffic
between host not user.
2015/7/20
Choi yiu kuen
3
Difference between IPSec and
link security
2015/7/20
Choi yiu kuen
4
Security Objectives – Reasons (1)
Protect traffic between trusted hosts
from forgery or eavesdropping. It is
because traffic between end pairs over the
Internet might pass through hostile hosts.
Attackers could do damage.
Protect the whole range of Internet
software currently in use. The services
include such as e-mail, HTTP, Remote
access that relies on TCP/IP must be
protected. (too expensive to replace it.)
2015/7/20
Choi yiu kuen
5
Example of protecting traffic
2015/7/20
Choi yiu kuen
6
Security Objectives – Reasons (2)
An untrusted network is in
place. In many cases, the
untrusted network is the public
Internet and is too expensive to
replace by an a trusted network
between two end pairs (use
leased line).
Protection is automatic.
Individual users do not need to
modify the protocol.
2015/7/20
Choi yiu kuen
Internet
Public
Network
Untrusted
7
Security Issues (1)
Security must be independent of and transparent
to existing ISP (internet service provider). The
issue is that people wants to connect safely with
other trusted sites using existing ISPs to carry
packets.
Crypto applied at the network level (level 3)
leaves more plaintext in the packets. Network
layer will leave even more address information in
the plaintext.
Encrypted Data
Data link
header
Internet
header
Transport
header
Apllication
header
Data
Plaintext
2015/7/20
Choi yiu kuen
8
Security Issues (2)
Site security yields per-site authentication:
Network level security measures can
distinguish between traffic from approved
sites and other sites, but it can’t reliably
distinguish between traffic from individual
users at an approved site. This yields
virtual private networks.
Numerous factors have produced
uncertainty in key management:
Developers, vendors and technologies
have produced competing alternatives for
IPSEC key management.
2015/7/20
Choi yiu kuen
9
Security Technology: Cryptographic Checksums
Cryptographical checksum detects changes in
a protected message.
Unlike encryption, it will not apply to the data,
but to seal the message against changes.
For example, Alice is ending a data $123 to Bob.
The system should detect that the checksum of
$123 and find that it is 412 (an example, not
actual value). Alice will send a message
containing $123 + encrypted value of 412 (say
t&6). Bob will receive the message $123 and he
will then re-compute the checksum and use the
same key to encrypt to see whether it produces
t&6. If they are equal, it means that there is no
change.
2015/7/20
Choi yiu kuen
10
Example – message consists of data and Crypto checksum
$ 1 2 3
Crypto
Checksum
Checksum
412
Sender will send a message
of $123 and the crypto checksum
to the remote. The remote will determine
the checksum based on $123, and apply
the same key to determine the crypto
checksum. If the computed crypto
checksum is equal to the received crypto.
There is a guarantee that the data has not
been modified.
2015/7/20
t&6
Encrypt
$ 1 2 3 t&6
Choi yiu kuen
data
Entie mssage
11
Example – the message has been modified
$ 1 2 3
Crypto
Checksum
Checksum
412
Encrypt
The hacker modified the data to $321.
The receiver will send $321 and t&6 as
the crypto checksum. The remote then use
$321 to determine the checksum and apply
the key to determine the crypto
checksum. Obviously, this is not equal, as
the hacker might find it difficult to modify
the crypto checksum without knowing
the key.
t&6
$ 1 2 3
t&6
$ 3 2 1
t&6
=/=
different
checksum
2015/7/20
Choi yiu kuen
876
5$7
12
Modifying a Message protected with a
cryptographic checksum
What happens if the hacker modifies the data such
that the plaintext checksum is the same.
2015/7/20
Choi yiu kuen
13
Solution – Use on-way hash
One-way hash functions are checksumlike
functions, but are explicitly designed so
that an attacker cannot construct a forged
message (false message) that yields the
same result.
Like previous page, the hacker
understands that $123 and $654 will
produce the same plaintext checksum.
2015/7/20
Choi yiu kuen
14
How one-way hash works
Like checksums, one way hash
functions take an arbitrarily
long data sequence and
compute a check value of a
fixed size called the hash value.
One-way hash functions try to
generate a fingerprint of data.
The function is sensitive to any
change in the data.
2015/7/20
Choi yiu kuen
Very
difficult
to
determine
the
fingerprin
t
15
Protect message data with a keyed hash
2015/7/20
Choi yiu kuen
16
Description of one-way hash
The data being sent combines the secret
key.
The sender appends a secret key to the
message contents and compute a one-way
hash.
The sender then sends the message data
plus the hash.
The recipient uses the same key to recompute and validate the hashed value.
2015/7/20
Choi yiu kuen
17
Why the hacker cannot reproduce
–
one way hash
Hacker cannot generate the right
checksum value for a given message
unless they have a copy of the secret key
being used.
The correct hash value depends on
constructing the same input data,which
includes both the data sent and the secret
key.
Attackers cannot construct a similar
beneficial message that yields the same
hash value.
2015/7/20
Choi yiu kuen
18
IPSEC: IP Security Protocol
The existing IP protocol is version 4.
(32 bit for IP address)
IPSEC is an extension to the existing
IP networking protocol.
IPSEC evolved as part of the
development of the new IP version 6.
IPSEC is designed to provide privacy,
forgery detection or both for IP
packets.
2015/7/20
Choi yiu kuen
19
IPSEC is transparent to Internet Applications
IPSEC protections are applied to above the IP
routing information and below the application
data.
2015/7/20
Choi yiu kuen
20
Packet header
(no need to memorise)
Authentication header: It provides
integrity-checking information. We can
then detect if the packet’s contents has
been modified while traveling across
untrusted networks.
Encapsulating security payload: The ESP
encrypts the data contents of the
remainder of the packet so that the
contents cannot be extracted while
traveling across untrusted networks.
2015/7/20
Choi yiu kuen
21
Security Associations in IPSEC (1)
In order to communicate, each pair
hosts using IPSEC must establish a
security association with one another.
It will cover what types of protection
to apply, how to do encryption or
authentication and which keys need
to be used.
2015/7/20
Choi yiu kuen
22
Security Associations in IPSEC (2)
IPSEC must maintain the following
information:
Specification of the Crypto methods to
be used by that SPI
Keys to be used by the Crypto methods
when processing traffic for that SPI
The hosts or other entities associated
with this traffic.
2015/7/20
Choi yiu kuen
23
Replay Attacks
The TCP/IP protocols are not explicitly
designed to identify and reject packets that
are cleverly collected and replayed.
TCP/IP protocols are designed to operate
correctly even if data packets are
transmitted.
There is no replay protection.
It does not mean that replay attack is not a risk.
It is difficult to differentiate the duplicated
packet or malicious (malicious means hostile)
replay.
2015/7/20
Choi yiu kuen
24
IPSEC Authentication
No
need to
memori
se
IPSEC Header is a header in an IP
packet that contains cryptographical
checksum.
The first word (32 bits) identifies the
type and location of the next protocol
The next 32 bits are SPI tells the
destination host which security
association applies to this header.
2015/7/20
Choi yiu kuen
25
Header Format
2015/7/20
Choi yiu kuen
26
IPSEC Encryption
IPSEC ESP also defines a header in
the IP Header.
ESP processing also includes
transforming the protected data into
an unreadable, encrypted form.
ESP header simply contains SPI for
the destination host’s security
association.
2015/7/20
Choi yiu kuen
27
Format and contents of the IPSEC ESP
The ESP consists of 32-bit SPI field,
followed by data with a format that is
related to the encryption procedure.
2015/7/20
Choi yiu kuen
28
IPSEC Key Management
The success of IPSEC depends on
the relationship between
Authorised entity
Crypto keys
Identification codes within its message
One of the major areas is the Key.
2015/7/20
Choi yiu kuen
29
IPSEC Key Management
There are four types:
Manual Keying
Simple Key Interchange
Protocol
Inter Security
Association and Key
Management Protocol
Photuris
2015/7/20
Choi yiu kuen
No need to
memorise
all,
Understan
d one of
them
30
Manual Keying
Provide a way to configure security
associations manually
Specifying SPIs, Crypto Methods and
Keys as well as identifying which
host
The crypto material has to be
distributed MANUALLY once the keys
are exchanged.
2015/7/20
Choi yiu kuen
31
SKIP
SKIP negotiations and exchanges
session keys between IPSEC hosts
using a special header in each IP
packet.
Key exchange is based on a shred
secret like X.917 (not need to
memorise)
The design makes it easy to integrate
with the IPSEC software.
SUN Microsystems developed SKIP
and used it in their products.
2015/7/20
Choi yiu kuen
32
ISAKMP
It is a broad and general-purpose
protocol.
It is intended both to manage security
associations and to handle key
exchange.
It is based on IPSEC committee of the
Internet Engineering Task Force (IETF)
2015/7/20
Choi yiu kuen
33
Other Security Protocols
IPSO: IP Security OPTION
SNDS:Secure Data Network System
NLSP: Network Layer Security
Protocol
SSL: Secure Sockets Layer *
PPTP: Point to point Tunneling
Protocol
2015/7/20
Choi yiu kuen
34
Summary
IPSEC provides Crypto protection to
TCP/IP between hosts at the network layer
IPSEC Uses: Cryptographic Checksums
to ensure the data is not modified.
For example: It uses one way hash
But it cannot prevent replay attacks (fixed
by sequence number)
IPSEC Authentication and IPSEC
Encryption
IPSEC Key management: 4 methods
Other Security protocol:SSL (next chapter)
2015/7/20
Choi yiu kuen
35
Next week
Security Protocol
at Transport
layer
2015/7/20
Choi yiu kuen
36