Transcript 14.NSP 03 - IP Security_C

IP Security
Ch16 of Cryptography and
Network Security - Third Edition
by William Stallings
Modified from lecture slides by
Lawrie Brown
CIM3681: NSP 03 - IP Security
1
IP Security
If a secret piece of news is divulged 泄露,暴露
by a spy before the time is ripe 成熟的 , he
must be put to death, together with the
man to whom the secret was told.
—The Art of War, Sun Tzu
CIM3681: NSP 03 - IP Security
2
IP Security
IPSec
 IP Security Architecture 組織,結構
 Authentication Header 鑑別表頭
 Encapsulating 封進內部 Security Payload 有
效負荷
 Combining Security Associations
 Key Management

CIM3681: NSP 03 - IP Security
3
IP Security

have considered some application specific
security mechanisms

eg. S/MIME, PGP, Kerberos, SSL/HTTPS
however there are security concerns that
cut across 橫跨 protocol layers
 would like security implemented by the
network for all applications

CIM3681: NSP 03 - IP Security
4
IPSec
general IP Security mechanisms
 provides





authentication
confidentiality
key management
applicable to use over LANs, across public
& private WANs, & for the Internet
CIM3681: NSP 03 - IP Security
5
IPSec Uses
CIM3681: NSP 03 - IP Security
6
Benefits of IPSec
in a firewall/router provides strong
security to all traffic crossing the
perimeter 周界
 is resistant to bypass 繞過
 is below transport layer, hence transparent
透明 to applications
 can be transparent to end users
 can provide security for individual users if
desired 需求

CIM3681: NSP 03 - IP Security
7
IP Security Architecture
specification 規格 is quite complex
 defined in numerous RFC’s




incl. RFC 2401/2402/2406/2408
many others, grouped by category
mandatory 強制 in IPv6, optional in IPv4
CIM3681: NSP 03 - IP Security
8
IPSec Document Overview
CIM3681: NSP 03 - IP Security
9
IPSec Services
Access control 存取控制
 Connectionless integrity 無連接方式完整性
 Data origin authentication 數據起源鑑別
 Rejection of replayed 重演 packets


a form of partial sequence integrity
Confidentiality (encryption)
 Limited traffic flow confidentiality

CIM3681: NSP 03 - IP Security
10
IPSec Services
CIM3681: NSP 03 - IP Security
11
Security Associations
a one-way relationship between sender &
receiver that affords 負擔得起 security for
traffic flow
 defined by 3 parameters: 參數





has a number of other parameters


Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
seq no, AH & EH info, lifetime etc
have a database of Security Associations
CIM3681: NSP 03 - IP Security
12
Authentication Header (AH) 鑑別表頭

provides support for data integrity &
authentication of IP packets



based on use of a MAC


end system/router can authenticate user/app
prevents address spoofing attacks by tracking
sequence numbers
HMAC-MD5-96 or HMAC-SHA-1-96
parties must share a secret key
CIM3681: NSP 03 - IP Security
13
Authentication Header
CIM3681: NSP 03 - IP Security
14
Transport & Tunnel Modes
CIM3681: NSP 03 - IP Security
15
Tunnel Mode and Transport Mode
Functionality
CIM3681: NSP 03 - IP Security
16
Encapsulating Security Payload (ESP)
provides message content confidentiality &
limited traffic flow confidentiality
 can optionally provide the same
authentication services as AH
 supports range of ciphers, modes, padding




incl. DES, Triple-DES, RC5, IDEA, CAST etc
CBC most common
pad to meet blocksize, for traffic flow
CIM3681: NSP 03 - IP Security
17
Encapsulating Security Payload
CIM3681: NSP 03 - IP Security
18
Transport 傳送 vs Tunnel 隧道 Mode
ESP

transport mode is used to encrypt &
optionally authenticate IP data




data protected but header left in clear
can do traffic analysis but is efficient
good for ESP host to host traffic
tunnel mode encrypts entire IP packet


add new header for next hop
good for VPNs, gateway to gateway security
CIM3681: NSP 03 - IP Security
19
Combining Security Associations
SA’s can implement either AH or ESP
 to implement both need to combine SA’s



form a security bundle
have 4 cases (see next)
CIM3681: NSP 03 - IP Security
20
Combining Security Associations
CIM3681: NSP 03 - IP Security
21
Key Management
handles key generation & distribution
 typically need 2 pairs of keys



manual key management


2 per direction for AH & ESP
sysadmin manually configures every system
automated key management


automated system for on demand creation of
keys for SA’s in large systems
has Oakley & ISAKMP elements
CIM3681: NSP 03 - IP Security
22
Oakley
a key exchange protocol
 based on Diffie-Hellman key exchange
 adds features to address weaknesses



cookies, groups (global params), nonces, DH
key exchange with authentication
can use arithmetic in prime fields or
elliptic curve fields
CIM3681: NSP 03 - IP Security
23
ISAKMP
Internet Security Association and Key
Management Protocol
 provides framework for key management
 defines procedures and packet formats to
establish, negotiate, modify, & delete SAs
 independent of key exchange protocol,
encryption alg, & authentication method

CIM3681: NSP 03 - IP Security
24
ISAKMP
CIM3681: NSP 03 - IP Security
25
Summary

have considered:




IPSec security framework
AH
ESP
key management & Oakley/ISAKMP
CIM3681: NSP 03 - IP Security
26