Transcript module_50

Security Protocols in the Internet
IPSec
K. Salah
1
Security facilities in the TCP/IP protocol
stack
K. Salah
2
 IP Security (IPSec) is a collection of protocols
designed by the IETF (Internet Engineering Task
Force) to provide security for a packet at the IP level.
 IPSec does not define the use of any specific
encryption or authentication method.
 IPSec provides a framework and a mechanism; it
leaves the selection of the encryption, authentication,
and hashing methods to the user.
 IPSec is still evolving, especially with present of FWs
and NATs
K. Salah
3
 An SA is a crypto-protected connection
 One SA in each direction…
 At each end, the SA contains a key, the identity of the
other party, the sequence number, and crypto
parameters (DES, 3DES, MD5, SHA1, etc)
 IPSec header indicates which SA to use
 Parties will maintain a database of SAs for currentlyopen connections
 Used both to send and receive packets
 SA connection is uniquely defined by three elements:
 32-bit security parameter index (SPI), which acts as a virtual
circuit identifier (VCI) as in Frame Relay or ATM.
 Type of the protocol used for security: AH or ESP or IKE
 IKE provides mutual authentication, establishes shared key,
and creates SA
 Source IP address.
K. Salah
4
Two Modes of Operation
 IPSec operates in two different modes. Mode defines where the IPSec header is
applied to the IP packet.
 Transport mode
 IPSec header is added between the IP header and the rest of the packet.
 Most logical when IPSec is used end-to-end
 Tunnel mode
 IPSec header is placed in front of the original IP header.
 The IPSec header, the preserved IP header, and the rest of the packet are treated as the
payload.
 Can be used when IPSec is applied at intermediate point along path (e.g., for firewall-tofirewall traffic)
 Results in slightly longer packet
 Note that data may be encrypted multiple times
K. Salah
5
AH
 Authentication Header (AH) protocol is designed to
authenticate the source host and to ensure the integrity of
the payload carried by the IP packet.
 The protocol calculates a message digest, using a hashing
function and a symmetric key, and inserts the digest in the
authentication header.
 The AH protocol provides source authentication and data
integrity,but not privacy.
This is transport AH

K. Salah
6
 When an IP datagram carries an authentication header, the
original value in the protocol field of the IP header is replaced by
the value 51. A field inside the authentication header (next
header field) defines the original value of the protocol field (the
type of payload being carried by the IP datagram).
 Steps for authentication header:
 AH is added to the payload with the authentication data field set to
zero.
 Padding may be added to make the total length even for a
particular hashing algorithm
 Hashing is based on total packet. For message digest, only those
fields of IP header that don’t change during transmission are
considered.
 Authentication data are included in the authentication header
 IP header is added after changing the value of protocol field to 51.
 Payload length: Length of AH in 4-byte multiples.
 SPI: plays the role of VCI
 Sequence number: for anti replay
K. Salah
7
ESP
 Encapsulation Security Payload (ESP) provides source authentication,
privacy and integrity.
 Value of IP protocol field is 50.
 Field inside the ESP trailer (next header field) holds the original value
of the protocol field of IP header.
 Steps






ESP trailer is added to the payload
Payload and trailer or encrypted
ESP header is added
ESP header, payload and ESP trailer are used to create authenticated data.
Authenticated data are added at the end of ESP trailer.
IP header is added after changing the protocol value to 50.
This is transport ESP

K. Salah
8
Why doesn’t NAT work with IPSec?
 Remember that the point of IPSec is not just to protect the confidentiality of the
data, but also to assure the authenticity of the sender and the integrity of the data
(that it hasn’t been changed in transit). The problem with NAT is obvious: NAT must
change information in the packet headers in order to do its job.
 The first problem is that NAT changes the IP address of the internal computer to
that of the NAT device. The Internet Key Exchange (IKE) protocol used by IPSec
embeds the sending computer’s IP address in its payload, and this embedded
address doesn’t match the source address of the IKE packet (which is that of the
NAT device). When these addresses don’t match, the receiving computer will drop
the packet.
 Another problem is that TCP checksums (and optionally, UDP checksums) are used
to verify the packets. The checksum is in the TCP header and it contains the IP
addresses of the sending and receiving computers and the port numbers used for
the communications. With normal NAT communications, this isn’t a problem
because the NAT device updates the headers to show its own IP address and port
in place of the sending computer’s. However, IPSec encrypts the headers with the
Encapsulating Security Payload (ESP) protocol. Since the header is encrypted,
NAT can’t change it. This means the checksum is invalid, so the receiving computer
rejects the packet.
 In addition, NAT isn’t able to use the port numbers in TCP and UDP headers to
multiplex packets to multiple internal computers when those headers have been
encrypted by ESP
K. Salah
9
NAT-T: How it works
 The IPSec working group of the IEEE has created standards for NAT-T that are
defined in RFCs 3947 and 3948. NAT-T is designed to solve the problems inherent in
using IPSec with NAT.
 NAT-T adds a UDP header that encapsulates the ESP header (it sits between the
ESP header and the outer IP header). This gives the NAT device a UDP header
containing UDP ports that can be used for multiplexing IPSec data streams. NAT-T
also puts the sending computer’s original IP address into a NAT-OA (Original
Address) payload. This gives the receiving computer access to that information so
that the source and destination IP addresses and ports can be checked and the
checksum validated. This also solves the problem of the embedded source IP
address not matching the source address on the packet.
 Firewall must be set up to support NAT-T
 Note:
This is a very simplified account of how NAT-T makes it possible for IPSec and NAT
to work together. For more detailed information, see RFC 3947 at
http://www.ietf.org/rfc/rfc3947.txt and RFC 3948 at http://www.ietf.org/rfc/rfc3948.txt.
K. Salah
10
Firewall
 Firewall is a device (usually a router or a computer)
installed between the internal network of an
organization and the rest of the Internet.
 It is designed to forward some packets and filter (not
forward) others.
 A firewall can be used to deny access to a specific host
or a specific service in the organization.
K. Salah
11
Packet-filter firewall
 A firewall can be used as a packet filter. It can forward or
block packets based on the information in the network layer
and transport layer headers: source and destination port
addresses, and type of protocol (TCP or UDP).
 Incoming packets from network 131.34.0.0 are blocked. ‘*’
means any.
 Incoming packets destined for any internal TELNET server
(port 23) are blocked.
 And so on.
K. Salah
12
VPN
 Privacy within intra-organization but still connected to
global Internet.
 Intra-organization data are routed through the private
internet; inter-organization data are routed through
the global Internet.
K. Salah
13
VPN
 Private and hybrid networks are costlier.
 Best solution is to use global Internet for both private
and public communications.
 VPN creates a network that is private but virtual. It is
private but it guarantees privacy inside the
organization. It is virtual because it does not use real
private WANs; the network is physically public but
virtually private.
 VPN uses IPSec in tunnel mode to provide
authentication, integrity and privacy.
K. Salah
14
VPN
 Each IP datagram destined for private use in the organization is
encapsulated in another datagram.
 To use IPSec in the tunneling mode, the VPNs need to use two
sets of addressing.
 The public network (Internet) is responsible for carrying the
packet from R1 to R2. Outsiders cannot decipher the contents of
the packet or the source and destination addresses.
Deciphering takes place at R2, which finds the destination
address of the packet and delivers it.
K. Salah
15