CSCE 790: Computer Network Security
Download
Report
Transcript CSCE 790: Computer Network Security
CSCE 715:
Network Systems Security
Chin-Tser Huang
[email protected]
University of South Carolina
Security in Network Layer
Implementing security in application layer
provides flexibility in security policy and key
management
Problem is need to implement security
mechanism in every application individually
To reduce the overhead, implement security
in network layer to provide security for all
applications between selected pair of
computers
10/03/2006
2
IPSec
Two protocols
Provide general security services for IP
Authentication Header (AH)
Encasulating Security Payload (ESP)
Authentication
Confidentiality
Anti-replay
Key management
Applicable to use over LANs, across public
and private WANs, and for the Internet
10/03/2006
3
Scenario of IPSec Uses
10/03/2006
4
Benefits of IPSec
Provide strong security to all traffic crossing
the perimeter if installed in a firewall/router
Resistant to bypass
IPSec is below transport layer, hence
transparent to applications
Can be transparent to end users
Can provide security for individual users if
desired
10/03/2006
5
IP Security Architecture
Specification is quite complex
Defined in numerous RFC’s
RFC 2401/2402/2406/2408
many others, grouped by category
Mandatory in IPv6, optional in IPv4
10/03/2006
6
Security Association (SA)
A unidirectional relationship between sender
and receiver that affords security for traffic
flow
Each IPSec computer maintains a database of
SA’s
Defined by 3 parameters
Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
10/03/2006
7
SA Parameters
Sequence Number Counter
Sequence Number Overflow
Anti-Replay Window
AH and ESP information
Lifetime
IPSec Protocol Mode
Path MTU
10/03/2006
8
Authentication Header (AH)
Provide support for data integrity and authentication
of IP packets
Based on use of a MAC
end system/router can authenticate user/app
prevent address spoofing attacks
guard against replay attacks by tracking sequence numbers
HMAC-MD5-96 or HMAC-SHA-1-96
MAC is calculated over IP header fields that are either
immutable or predictable, AH header other than
authentication data, and entire upper-level protocol data
Parties must share a secret key
10/03/2006
9
Authentication Header
10/03/2006
10
End-to-End vs End-to-Intermediate
Authentication
10/03/2006
11
Scope of AH Authentication
10/03/2006
12
Encapsulating Security Payload
(ESP)
Provide message content confidentiality and
limited traffic flow confidentiality
Can optionally provide the same
authentication services as AH
Support range of ciphers, modes, padding
DES, Triple-DES, RC5, IDEA, CAST etc
CBC most common
pad to meet blocksize, for traffic flow
10/03/2006
13
Encapsulating Security Payload
10/03/2006
14
Padding
Serve several purposes
expand the plaintext to required length
make Pad Length and Next Header fields
aligned to 32-bit word boundary
conceal actual length of payload
10/03/2006
15
Transport vs Tunnel Mode ESP
Transport mode is used to encrypt and
optionally authenticate IP data
data protected but header left in clear
can suffer from traffic analysis but is efficient
good for ESP host to host traffic
Tunnel mode encrypts entire IP packet
add new header for next hop
can counter traffic analysis
good for VPNs, gateway to gateway security
10/03/2006
16
Scope of ESP Encryption and
Authentication
10/03/2006
17
Combining Security Associations
SAs can implement either AH or ESP, but each
SA can implement only one
Some traffic flows may require services of
both AH and ESP, while some other flows may
require both transport and tunnel modes
To address these concerns, need to combine
SAs to form a security association bundle
Have 4 basic cases
10/03/2006
18
Combining Security Associations
10/03/2006
19
Key Management
Handle key generation and distribution
Typically need 2 pairs of keys
Manual key management
2 per direction for AH & ESP
sysadmin manually configures every system
Automated key management
automated system for on demand creation of keys
for SA’s in large systems
Oakley and ISAKMP
10/03/2006
20
OAKLEY
A key exchange protocol
Based on Diffie-Hellman key exchange
Add features to address weaknesses of DiffieHellman
cookies to counter clogging attacks
nonces to counter replay attacks
key exchange authentication to counter man-inthe-middle attacks
Can use arithmetic in prime fields or elliptic
curve fields
10/03/2006
21
Usage of Cookies
Three basic requirements
Must depend on specific parties
Impossible for anyone other than issuing entity to
generate cookies that will be accepted by issuing
entity
Cookie generation and verification must be fast
To create a cookie, perform a fast hash over
src and dst IP addresses, src and dst ports,
and a locally generated secret value
10/03/2006
22
ISAKMP
Internet Security Association and Key
Management Protocol
Provide framework for key management
Define procedures and packet formats to
establish, negotiate, modify, and delete SAs
Independent of key exchange protocol,
encryption algorithm, and authentication
method
10/03/2006
23
ISAKMP Header
10/03/2006
24
ISAKMP Payload
10/03/2006
25
ISAKMP Exchange
10/03/2006
26
ISAKMP Exchange
10/03/2006
27
Next Class
Denial-of-Service (DoS) attack
Hop Integrity
10/03/2006
28