Transcript IPSec
Computer Science
IPSec
CPSC499 Information Security Management
Fall, 2005
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
The Internet Network layer
Computer Science
Host, router network layer functions:
Transport layer: TCP, UDP
Network
layer
IP protocol
•addressing conventions
•datagram format
•packet handling conventions
Routing protocols
•path selection
•RIP, OSPF, BGP
forwarding
table
ICMP protocol
•error reporting
•router “signaling”
Link layer
physical layer
Fall, 2005
CPSC499 Information Security Management
IP datagram format
IP protocol version
number
header length
(bytes)
“type” of data
max number
remaining hops
(decremented at
each router)
upper layer protocol
to deliver payload to
how much overhead
with TCP?
• 20 bytes of TCP
• 20 bytes of IP
• = 40 bytes + app
layer overhead
Fall, 2005
Computer Science
32 bits
head. type of
length
ver
len service
fragment
16-bit identifier flgs
offset
upper
time to
Internet
layer
live
checksum
total datagram
length (bytes)
for
fragmentation/
reassembly
32 bit source IP address
32 bit destination IP address
Options (if any)
data
(variable length,
typically a TCP
or UDP segment)
CPSC499 Information Security Management
E.g. timestamp,
record route
taken, specify
list of routers
to visit.
IP Fragmentation & Reassembly
Computer Science
• network links have MTU
(max.transfer size) - largest
possible link-level frame.
– different link types, different
MTUs
fragmentation:
in: one large datagram
out: 3 smaller datagrams
• large IP datagram divided
(“fragmented”) within net
– one datagram becomes
several datagrams
– “reassembled” only at final
destination
– IP header bits used to
identify, order related
fragments
Fall, 2005
reassembly
CPSC499 Information Security Management
IP Fragmentation and Reassembly
Example
• 4000 byte
datagram
• MTU = 1500 bytes
1480 bytes in
data field
offset =
1480/8
Fall, 2005
Computer Science
length ID fragflag offset
=4000 =x
=0
=0
One large datagram becomes
several smaller datagrams
length ID fragflag offset
=1500 =x
=1
=0
length ID fragflag offset
=1500 =x
=1
=185
length ID fragflag offset
=1040 =x
=0
=370
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
IP Addressing: introduction
• IP address: 32-bit
identifier for host,
router interface
• interface: connection
between host/router
and physical link
– router’s typically have
multiple interfaces
– host may have multiple
interfaces
– IP addresses associated
with each interface
223.1.1.1
223.1.2.1
223.1.1.2
223.1.1.4
223.1.1.3
223.1.2.9
223.1.3.27
223.1.2.2
223.1.3.2
223.1.3.1
223.1.1.1 = 11011111 00000001 00000001 00000001
223
Fall, 2005
Computer Science
1
CPSC499 Information Security Management
1
1
Subnets
Computer Science
• IP address:
– subnet part (high order
bits)
– host part (low order bits)
223.1.1.1
223.1.2.1
223.1.1.2
223.1.1.4
223.1.2.9
• What’s a subnet ?
– device interfaces with
same subnet part of IP
address
– can physically reach each
other without intervening
router
223.1.1.3
223.1.3.27
223.1.2.2
LAN
223.1.3.1
223.1.3.2
network consisting of 3 subnets
Fall, 2005
CPSC499 Information Security Management
Subnets
Computer Science
223.1.1.0/24
223.1.2.0/24
Recipe
• To determine the
subnets, detach each
interface from its host or
router, creating islands
of isolated networks.
Each isolated network
is called a subnet.
223.1.3.0/24
Subnet mask: /24
Fall, 2005
CPSC499 Information Security Management
IP addressing: CIDR
Computer Science
CIDR: Classless InterDomain Routing
– subnet portion of address of arbitrary length
– address format: a.b.c.d/x, where x is # bits in subnet
portion of address
subnet
part
host
part
11001000 00010111 00010000 00000000
200.23.16.0/23
Fall, 2005
CPSC499 Information Security Management
IP addresses: how to get one?
Computer Science
Q: How does host get IP address?
• hard-coded by system admin in a file
– Wintel: control-panel->network->configuration>tcp/ip->properties
– UNIX: /etc/rc.config
• DHCP: Dynamic Host Configuration Protocol:
dynamically get address from as server
– “plug-and-play”
(more in next chapter)
Fall, 2005
CPSC499 Information Security Management
IP addresses: how to get one?
Computer Science
Q: How does network get subnet part of IP addr?
A: gets allocated portion of its provider ISP’s address
space
ISP's block
11001000 00010111 00010000 00000000
200.23.16.0/20
Organization 0
Organization 1
Organization 2
...
11001000 00010111 00010000 00000000
11001000 00010111 00010010 00000000
11001000 00010111 00010100 00000000
…..
….
200.23.16.0/23
200.23.18.0/23
200.23.20.0/23
….
Organization 7
11001000 00010111 00011110 00000000
200.23.30.0/23
Fall, 2005
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
NAT: Network Address Translation
rest of
Internet
local network
(e.g., home network)
10.0.0/24
10.0.0.4
Computer Science
10.0.0.1
10.0.0.2
138.76.29.7
10.0.0.3
All datagrams leaving local
network have same single source
NAT IP address: 138.76.29.7,
different source port numbers
Fall, 2005
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
CPSC499 Information Security Management
NAT: Network Address Translation
Computer Science
• Motivation: local network uses just one IP address
as far as outside word is concerned:
– no need to be allocated range of addresses from ISP: just one IP address is used for all devices
– can change addresses of devices in local network
without notifying outside world
– can change ISP without changing addresses of devices
in local network
– devices inside local net not explicitly addressable,
visible by outside world (a security plus).
Fall, 2005
CPSC499 Information Security Management
NAT: Network Address
Translation
Computer Science
Implementation: NAT router must:
– outgoing datagrams: replace (source IP address, port #) of
every outgoing datagram to (NAT IP address, new port #)
. . . remote clients/servers will respond using (NAT IP address,
new port #) as destination addr.
– remember (in NAT translation table) every (source IP
address, port #) to (NAT IP address, new port #) translation pair
– incoming datagrams: replace (NAT IP address, new port #) in
dest fields of every incoming datagram with corresponding (source
IP address, port #) stored in NAT table
Fall, 2005
CPSC499 Information Security Management
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3
3: Reply arrives
dest. address:
138.76.29.7, 5001
Fall, 2005
Computer Science
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
CPSC499 Information Security Management
NAT: Network Address Translation
Computer Science
• 16-bit port-number field:
– 60,000 simultaneous connections with a single LANside address!
• NAT is controversial:
– routers should only process up to layer 3
– violates end-to-end argument
• NAT possibility must be taken into account by app designers,
eg, P2P applications
– address shortage should instead be solved by IPv6
Fall, 2005
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
IPv6 Header
• Initial motivation:
Computer Science
– 32-bit address space soon to be completely allocated.
– Expands addresses to 128 bits
• 430,000,000,000,000,000,000 for every square inch of
earth’s surface!
• Solves IPv4 problem of insufficient address space
• Additional motivation:
– header format helps speed processing/forwarding
– header changes to facilitate QoS
IPv6 datagram format:
– fixed-length 40 byte header
– no fragmentation allowed
Fall, 2005
CPSC499 Information Security Management
IPv6 Header (Cont)
Computer Science
Priority: identify priority among datagrams in flow
Flow Label: identify datagrams in same “flow.”
(concept of“flow” not well defined).
Next header: identify upper layer protocol for data
Fall, 2005
CPSC499 Information Security Management
Other Changes from IPv4
Computer Science
• Checksum: removed entirely to reduce
processing time at each hop
• Options: allowed, but outside of header,
indicated by “Next Header” field
• ICMPv6: new version of ICMP
– additional message types, e.g. “Packet Too Big”
– multicast group management functions
Fall, 2005
CPSC499 Information Security Management
IPv6 Security – IPsec mandated
Computer Science
• IPsec is mandated in IPv6
– This means that all implementations (i.e. hosts,
routers, etc) must have IPsec capability to be
considered as IPv6-conformant
• When (If?) IPv6 is in widespread use, this
means that IPsec will be installed everywhere
– At the moment, IPsec is more common in network
devices (routers, etc) than user hosts, but this would
change with IPsec
• All hosts having IPsec => real end-to-end
security possible
Fall, 2005
CPSC499 Information Security Management
IPv6 Security
Computer Science
• Enough IP addrs for every imaginable device
+ Real end-to-end security
= Ability to securely communicate from
anything to anything
Fall, 2005
CPSC499 Information Security Management
IPv6 Security – harder to scan
networks
Computer Science
• With IPv4, it is easy to scan a network
– With tools like nmap, can scan a typical subnet in a
few minutes
see: http://www.insecure.org/nmap/
– Returning list of active hosts and open ports
– Many worms also operate by scanning
• e.g. Blaster, Slammer
– Attackers (& worms) scan for proxies, weak services
and back doors
Fall, 2005
CPSC499 Information Security Management
IPv6 Security – harder to scan
networks
Computer Science
• With IPv6, sparse address allocation makes
such brute force scanning impractical
– It is 4 billion times harder to scan 1 IPv6 subnet than
all of IPv4
• No more Blaster, Slammer, …
• Use of “dense” address allocations makes it
easier though
Fall, 2005
CPSC499 Information Security Management
Transition From IPv4 To IPv6
Computer Science
Transition from IPv4 to IPv6 will take time:
• Due to need to support legacy systems and
applications, not all system can be upgraded
simultaneously
• Instead, organisations deploy IPv6 piecewise with
pilot/experimental implementations first
known as “6to4”
• Thus need for IPv4-IPv6 coexistence
– Have dual-stack systems (supporting both v4 and v6)
– Tunnelling used to deliver IPv6 packets over IPv4
networks
• Tunneling: IPv6 carried as payload in IPv4 datagram
among IPv4 routers
Fall, 2005
CPSC499 Information Security Management
Tunneling
Computer Science
Logical view:
Physical view:
A
B
IPv6
IPv6
A
B
C
IPv6
IPv6
IPv4
Flow: X
Src: A
Dest: F
data
Fall, 2005
E
F
IPv6
IPv6
D
E
F
IPv4
IPv6
IPv6
tunnel
Src:B
Dest: E
Src:B
Dest: E
Flow: X
Src: A
Dest: F
Flow: X
Src: A
Dest: F
data
data
Flow: X
Src: A
Dest: F
data
B-to-C:
D-to-E:
E-to-F:
IPv6 inside
IPv6 inside
IPv6
CPSC499
Information Security Management
IPv4
IPv4
A-to-B:
IPv6
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
IP Security (IPsec)
Computer Science
• Suite of protocols from Internet Engineering Task
Force (IETF) providing encryption and
authentication at the IP layer
– Arose from needs identified in RFC 1636
– Specifications in:
•
•
•
•
RFC 2401: Security architecture
RFC 2402: Authentication
RFC 2406: Encryption
RFC 2408: Key management
• Objective is to encrypt and/or authenticate all
traffic at the IP level.
Fall, 2005
CPSC499 Information Security Management
IP Security Issues
•
•
•
•
Computer Science
Eavesdropping
Modification of packets in transit
Identity spoofing (forged source IP addresses)
Denial of service
• Many solutions are application-specific
– TLS for Web, S/MIME for email, SSH for remote login
• IPSec aims to provide a framework of open
standards for secure communications over IP
– Protect every protocol running on top of IPv4 and IPv6
Fall, 2005
CPSC499 Information Security Management
Typical Usage
Fall, 2005
CPSC499 Information Security Management
Computer Science
IPSec Services
Computer Science
• Data origin authentication
• Confidentiality
• Connectionless and partial sequence integrity
– Connectionless = integrity for a single IP packet
– Partial sequence integrity = prevent packet replay
• Limited traffic flow confidentiality
– Eavesdropper cannot determine who is talking
• These services are transparent to applications
above transport (TCP/UDP) layer
Fall, 2005
CPSC499 Information Security Management
Major IPSec Components
Computer Science
• Security Association (SA) Database
• Each SA refers to all the security parameters of one communication
direction
• For two-way communications, at least two SAs are needed.
• Two Protocols
• AH – Authentication Header
• ESP – Encapsulating Security
CCSPayload
1. Encryption only
2. Encryption with authentication
• Two Encapsulation modes
1. Transport mode
2. Tunnel mode
Fall, 2005
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
Security Association (SA)
Computer Science
• In order to communicate, each pair of hosts must set up
SA with each other
• Acts as virtual connection for which various parameters
are set:
–
–
–
–
Type of protection
Algorithms
Keys
…
• Simplex: a one way relationship between a sender and a
receiver.
• For either AH or ESP, but not both
Fall, 2005
CPSC499 Information Security Management
Security Association (SA)
•
Computer Science
Each SA uniquely identified by:
– Security Parameters Index (SPI)
•
32-bit string assigned to this SA (local meaning only)
– IP destination address of packets
•
May be end user system, or firewall or router
– Security Protocol Identifier (e.g. AH, ESP)
•
For each IP packet, governing SA is identified
by:
– Destination IP address in packet header
– SPI in extension header (AH or ESP)
Fall, 2005
CPSC499 Information Security Management
Security Association (SA)
Computer Science
• It contains all the security parameters needed for
one way communication
–
–
–
–
Sequence number counter
Anti-replay window
Protocol (e.g. AH / ESP)
Transform mode (e.g. transport / tunnel mode /
wildcard)
– Protocol parameters (e.g. AES, 128-bit, CBC mode,
SHA-1)
– Lifetime of the SA
– etc.
Fall, 2005
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
Two IPSec Base Protocols
• Authentication Header
(AH)
– Provides message
authentication and integrity
check of IP data payload, but
not confidentiality.
– Also Provides authentication
for as much of the IP header
as possible.
– Next header: TCP, UDP, etc.
– Sequence Number: Starts at
1, never recycle (optional)
Fall, 2005
CPSC499 Information Security Management
Computer Science
Two IPSec Base Protocols
• Encapsulating Security
Payload (ESP)
• Provides confidentiality and
authentication. Either is optional.
• When not used, the NULL
algorithm defined in RFC-2410 is
used.
• The authentication trailer must be
omitted if not used.
• Either encryption or authentication
(or both) must be enabled
(NULL-NULL is an invalid option)
Fall, 2005
CPSC499 Information Security Management
Computer Science
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
Two Encapsulation Modes
•
Computer Science
IPsec defines two encapsulation modes for an IP packet
– Transport
– Tunnel
Original
IP packet
IP
header
TCP
header
Transport mode
protected packet
IP
header
IPsec
header
Tunnel mode
protected packet
IP
header
IPsec
header
Fall, 2005
data
TCP
header
IP
header
data
TCP
header
CPSC499 Information Security Management
data
Transport mode
Computer Science
•
•
Intercept Network layer packets
Encrypt / Authenticate these packets preserving most of the original IP
header
End-to-end security between two hosts
– Typically, client to gateway (e.g., PC to remote host)
•
Requires IPSec support at each host
Network
A
B
Original
IP packet
IP header
TCP header
Transport mode
protected packet
IP header
IPsec header
Fall, 2005
data
TCP header
CPSC499 Information Security Management
data
Tunnel Mode
Computer Science
• Gateway-to-gateway security
– Internal traffic behind gateways not protected
– Typical application: virtual private network (VPN)
• Only requires IPSec support at gateways
Fall, 2005
CPSC499 Information Security Management
Tunnel Mode Illustration
Implements
IPSec
Computer Science
Implements
IPSec
IPSec protects communication on the insecure part of the network
Fall, 2005
CPSC499 Information Security Management
Tunnel mode
Computer Science
• Intercept Network layer packets
Encrypt / Authenticate these packets, while encapsulating the original IP
packet entirely
Original
IP
IP packet header
TCP
header
Tunnel mode
IP
protected packet header
IPsec
header
data
IP
header
TCP
header
• Versatile and has many deployment modes
– Host-to-host
– Host-to-router (i.e. remote access)
– Router-to-router (a.k.a. Gateway-to-gateway)
Fall, 2005
CPSC499 Information Security Management
data
Tunnel mode
Computer Science
(Router-to-router / Gateway-to-gateway)
Secure Tunnel
Host
A
Host
B
Network
RB
RA
1.1.1.1
1.1.1.2
2.3.2.2
2.2.2.1
3.3.3.1
Packet flow
Nested packet format
IP header
Src = 2.2.2.1
Dst = 2.3.2.2
Fall, 2005
IPsec header
IP header
TCP header
Src = 1.1.1.1
Dst = 3.3.3.2
CPSC499 Information Security Management
data
3.3.3.2
Tunnel mode
Computer Science
(Host-to-Router / Remote Access)
Secure Tunnel
Host
A
Host
B
Internet / Intranet
SGW
Fall, 2005
CPSC499 Information Security Management
Transport Mode vs. Tunnel
Mode
Computer Science
• Transport mode secures packet payload and
leaves IP header unchanged
IP header
(real dest)
IPSec header
TCP/UDP header + data
• Tunnel mode encapsulates both IP header and
payload into IPSec packets
IP header
(gateway)
Fall, 2005
IPSec header
IP header
TCP/UDP header + data
(real dest)
CPSC499 Information Security Management
Encapsulation Modes
Computer Science
Transport Mode
Tunnel Mode
Authenticates IP payload and
selected portions of IP header and
IPv6 extension headers
Authenticates entire inner
IP packet plus selected
portions of outer IP header
ESP
Encrypts IP payload and any IPv6
extension header
Encrypts inner IP packet
ESP with
authentication
Encrypts IP payload and any IPv6
extesion header. Authenticates IP
payload but no IP header
Encrypts inner IP packet.
Authenticates inner IP
packet but no outer IP
header
AH
Fall, 2005
CPSC499 Information Security Management
Authentication Header (AH)
Computer Science
• Adds extra field to traditional IP packet
• This is used to verify authenticity & integrity of
the packet
Before applying AH:
Authenticated (Data + parts of IP header)
Transport Mode:
data is authenticated, as
well as parts of IP header
Tunnel Mode:
Authenticated (Data + orig IP header + parts of new header)
entire original packet
is authenticated +
parts of new header
Fall, 2005
CPSC499 Information Security Management
Authentication Header (AH)
Computer Science
• Protection against replay attack with use of
sequence number
• Why have an Authentication-only protocol (AH)?
– May be used where export/import/use of encryption is
restricted
– Faster implementation
– Receiver can choose whether expend the effort to
verify authenticity/integrity
Fall, 2005
CPSC499 Information Security Management
AH: Authentication Header
Computer Science
•
•
•
•
Provides integrity and origin authentication
Authenticates portions of the IP header
Anti-replay service (to counter denial of service)
No confidentiality
Next header
(TCP)
Payload length
Reserved
Security parameters index (SPI)
Sequence number
ICV: Integrity Check Value
(HMAC of IP header, AH, TCP payload)
Fall, 2005
Identifies security
association (shared
keys and algorithms)
Anti-replay
Authenticates source,
verifies integrity of
payload
CPSC499 Information Security Management
Prevention of Replay Attacks
Computer Science
• When SA is established, sender initializes 32-bit
counter to 0, increments by 1 for each packet
– If wraps around 232-1, new SA must be established
• Recipient maintains a sliding 64-bit window
– If a packet with high sequence number is received, do
not advance window until packet is authenticated
Fall, 2005
CPSC499 Information Security Management
Encapsulating Security Payload
(ESP)
Computer Science
Original IP packet:
Encrypted
Transport Mode:
only data is encrypted &
authenticated
Encrypted
Tunnel Mode:
entire packet encrypted &
authenticated
Fall, 2005
Authenticated
(optionally)
Authenticated
(optionally)
CPSC499 Information Security Management
ESP Packet
Computer Science
Identifies security
association (shared
keys and algorithms)
Anti-replay
TCP segment (transport mode)
or
entire IP packet (tunnel mode)
Pad to block size for cipher,
also hide actual payload length
Type of payload
HMAC-based Integrity
Check Value (similar to AH)
Fall, 2005
CPSC499 Information Security Management
Encapsulating Security
Payload (ESP)
Computer Science
• Content of IP packet is encrypted and
encapsulated between header and trailer
fields.
• Authentication data optionally added
Fall, 2005
CPSC499 Information Security Management
Authentication + Confidentiality
(ESP)
Computer Science
• Confidentiality and integrity for packet payload
– Symmetric cipher negotiated as part of security assoc
• Provides authentication (similar to AH)
• Can work in transport…
encrypted
Original IP
header
ESP header
TCP/UDP segment
• …or tunnel mode
New IP
header
Fall, 2005
ESP header
Original IP
header
ESP trailer
ESP auth
authenticated
TCP/UDP segment
ESP trailer
CPSC499 Information Security Management
ESP auth
Combining Security Associations
• SAs can implement either AH or ESP
• to implement both need to combine SAs
– form a security bundle
• have 4 cases (see next)
Fall, 2005
CPSC499 Information Security Management
Computer Science
Selection of Protocol Modes
(Host-to-Host)
• Transport Mode
• Tunnel Mode
Fall, 2005
CPSC499 Information Security Management
Computer Science
Selection of Protocol Modes
(Router-to-Router)
• Tunnel Mode
Fall, 2005
CPSC499 Information Security Management
Computer Science
Selection of Protocol Modes
(Pass-through IPSec)
• Tunnel mode for gateway-to-gateway
• Transport mode / tunnel mode for host-to-host
Fall, 2005
CPSC499 Information Security Management
Computer Science
Selection of Protocol Modes
(Remote access)
• Tunnel mode for host-to-gateway
• Transport mode / tunnel mode for gateway-to-host
Fall, 2005
CPSC499 Information Security Management
Computer Science
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science
Key Management in IPsec
Computer Science
• Generation and distribution of secret keys
• Manual
– Sysadmin configures keys (doesn’t scale well)
• automated key management
– automated system for on demand creation of keys
for SA’s in large systems
– has Oakley & ISAKMP elements
Fall, 2005
CPSC499 Information Security Management
Oakley
Computer Science
• a key exchange protocol
• based on Diffie-Hellman key exchange
• adds features to address weaknesses
– cookies, groups (global params), nonces, DH
key exchange with authentication
Fall, 2005
CPSC499 Information Security Management
Diffie-Hellman Setup
• all users agree on global parameters:
– large prime integer or polynomial q
– α a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
x
– compute their public key: yA = α A mod q
• each user makes public that key yA
Fall, 2005
CPSC499 Information Security Management
Computer Science
Diffie-Hellman Calculation
Computer Science
• shared session key for users A & B is KAB:
x
x
KAB = α A. B mod q
x
= yA B mod q (which B can compute)
x
= yB A mod q (which A can compute)
• KAB is used as session key in private-key encryption
scheme between Alice and Bob
• if Alice and Bob subsequently communicate, they will
have the same key as before, unless they choose new
public-keys
• attacker know q and public key YA, not possible to
calculate private key XA, nor shared session key
Fall, 2005
CPSC499 Information Security Management
ISAKMP
Computer Science
• Internet Security Association and Key
Management Protocol (ISAKMP)
• provides framework for key management
• defines procedures and packet formats to
establish, negotiate, modify, & delete SAs
• independent of key exchange protocol,
encryption alg, & authentication method
Fall, 2005
CPSC499 Information Security Management
ISAKMP
Fall, 2005
CPSC499 Information Security Management
Computer Science
IPsec Benefits
Computer Science
• Provides a level of security for all applications.
– Allows deployment of new/emerging applications that
may not have their own security.
• Transparent to transport layer
• Transparent to end-users
– No need for training, key issue, key revocation, etc.
• Can be provided to individual users where
needed (e.g. off-site workers)
• Extensible to new, stronger, cryptographic
methods as these become available
Fall, 2005
CPSC499 Information Security Management
IPsec Drawbacks
Computer Science
• Processing performance overhead
– Protection is applied to all traffic, though only a small
portion may be security-sensitive
• Blocks access to non-IPsec hosts
• Hosts must have security association
– Not great for short-lived connections
• Not practical for broadcast
Fall, 2005
CPSC499 Information Security Management
Uses of IPsec
Computer Science
• Virtual Private Network (VPN) establishment
– For connecting remote offices and users using
public Internet
• Low-cost remote access
– e.g. teleworker gains secure access to company
network via local call to ISP
• Extranet connectivity
– Secure communication with partners, suppliers, etc.
Fall, 2005
CPSC499 Information Security Management
Note on VPN concept
Computer Science
• Private Network
– A set of computers connected together and
protected from the Internet (usually with a
firewall)
– Traditionally made up of LAN(s) within individual
locations. If needed, wide area (e.g. inter-branch)
connection is made by secure leased
telecommunications lines.
Fall, 2005
CPSC499 Information Security Management
Note on VPN concept
Computer Science
• Virtual Private Network (VPN)
– Uses public (insecure) Internet for parts of
network connectivity
– Made possible by use of cryptography
– Can be enabled by IPsec or SSH tunnelling,
among other methods
Fall, 2005
CPSC499 Information Security Management
Virtual Private Networks
(a) A leased-line private network.
Fall, 2005
Computer Science
(b) A virtual private network.
CPSC499 Information Security Management
Virtual Private Networks (VPNs)
Computer Science
• A virtual private network (VPN) is the
extension of a private network.
• A VPN enables you to send data between
two computers across the Internet in a
manner that emulates the properties of
a point-to-point private link.
• To emulate a point-to-point link, data is
encapsulated (or wrapped) with a header
that provides routing information
allowing it to traverse the Internet to
reach its endpoint.
• To emulate a private link, the data being
sent is encrypted for confidentiality.
Fall, 2005
CPSC499 Information Security Management
Components of a VPN Connection
Computer Science
• VPN server: A computer that
accepts VPN connections from
VPN clients.
• VPN client: A computer that
initiates a VPN connection to a
VPN server.
• Tunnel: The portion of the connection in which your data is encapsulated (or
wrapped) according to a tunneling protocol.
• VPN connection: The portion of the connection in which your data is
encrypted.
Fall, 2005
CPSC499 Information Security Management
VPN Connections
Computer Science
• Remote Access VPN connection
• Router-to-Router VPN connection
Fall, 2005
CPSC499 Information Security Management
Standards
Computer Science
•
•
•
•
•
•
•
•
•
RFC2401 IPSec
RFC2402 AH
RFC2403 HMAC MD5
RFC2404 HMAC SHA-1
RFC2405 DES CBC with IV
RFC2406 IP ESP
RFC2407 DOI for ISAKMP
RFC2408 ISAKMP
RFC2409 IKE
Fall, 2005
CPSC499 Information Security Management
Computer Science
IPSec Document Overview
Fall, 2005
CPSC499 Information Security Management
Outline
• Internet Protocol
–
–
–
–
Datagram format
IPv4 addressing
NAT
IPv6
• IPSec
–
–
–
–
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management
Fall, 2005
CPSC499 Information Security Management
Computer Science