1 / 34

CSC 474 Information Systems Security

CSC 474 Information Systems Security. Topic 4.2: IPsec. Outline. IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload. IPsec Objectives. Why do we need IPsec? IP V4 has no authentication IP spoofing

aladdin-sharpe
Download Presentation

CSC 474 Information Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 474Information Systems Security Topic 4.2: IPsec Dr. Peng Ning

  2. Outline • IPsec Objectives • IPsec architecture & concepts • IPsec authentication header • IPsec encapsulating security payload Dr. Peng Ning

  3. IPsec Objectives • Why do we need IPsec? • IP V4 has no authentication • IP spoofing • Payload could be changed without detection. • IP V4 has no confidentiality mechanism • Eavesdropping • Denial of service (DOS) attacks • Cannot hold the attacker accountable due to the lack of authentication. Dr. Peng Ning

  4. IPsec Objectives (cont’d) • IP layer security mechanism for IPv4 and IPv6 • Not all applications need to be security aware • Can be transparent to users • Provide authentication and confidentiality mechanisms. Dr. Peng Ning

  5. IPsec Architecture IPsec module 1 IPsec module 2 SPD SPD IKE IKE IPsec SAD SAD IPsec SA SPD: Security Policy Database; IKE: Internet Key Exchange; SA: Security Association; SAD: Security Association Database. Dr. Peng Ning

  6. IPsec Architecture (Cont’d) • Two Protocols (Mechanisms) • Authentication Header (AH) • Encapsulating Security Payload (ESP) • IKE Protocol • Internet Key Management Dr. Peng Ning

  7. IPsec Architecture (Cont’d) • Can be implemented in • Host or gateway • Can work in two Modes • Tunnel mode • Transport mode Dr. Peng Ning

  8. Hosts & Gateways • Hosts can implement IPsec to connect to: • Other hosts in transport or tunnel mode • Or Gateways in tunnel mode • Gateways to gateways • Tunnel mode Dr. Peng Ning

  9. New IP Header AH or ESP Header Orig IP Header TCP Data Tunnel Mode Encrypted Tunnel Gateway Gateway Encrypted Unencrypted Unencrypted A B Dr. Peng Ning

  10. Tunnel Mode (Cont’d) • ESP applies only to the tunneled packet • AH can be applied to portions of the outer header Outer IP header IPsec header Inner IP header Higher layer protocol ESP Real IP destination Destination IPsec entity AH Dr. Peng Ning

  11. New IP Header AH or ESP Header TCP Data Transport Mode Encrypted/Authenticated A B Dr. Peng Ning

  12. Transport Mode (Cont’d) • ESP protects higher layer payload only • AH can protect IP headers as well as higher layer payload IP header IP options IPsec header Higher layer protocol ESP Real IP destination AH Dr. Peng Ning

  13. Security Association (SA) • An association between a sender and a receiver • Consists of a set of security related parameters • E.g., sequence number, encryption key • One way relationship • Determine IPsec processing for senders • Determine IPsec decoding for destination • SAs are not fixed! Generated and customized per traffic flows Dr. Peng Ning

  14. Security Parameters Index (SPI) • A bit string assigned to an SA. • Carried in AH and ESP headers to enable the receiving system to select the SA under which the packet will be processed. • 32 bits • SPI + Dest IP address + IPsec Protocol • Uniquely identifies each SA in SA Database (SAD) Dr. Peng Ning

  15. SA Database (SAD) • Holds parameters for each SA • Sequence number counter • Lifetime of this SA • AH and ESP information • Tunnel or transport mode • Every host or gateway participating in IPsec has their own SA database Dr. Peng Ning

  16. SA Bundle • More than 1 SA can apply to a packet • Example: ESP does not authenticate new IP header. How to authenticate? • Use SA to apply ESP w/out authentication to original packet • Use 2nd SA to apply AH Dr. Peng Ning

  17. Security Policy Database (SPD) • Decide • What traffic to protect? • Has incoming traffic been properly secured? • Policy entries define which SA or SA Bundles to use on IP traffic • Each host or gateway has their own SPD • Index into SPD by Selector fields • Selectors: IP and upper-layer protocol field values. • Examples: Dest IP, Source IP, Transport Protocol, IPSec Protocol, Source & Dest Ports, … Dr. Peng Ning

  18. SPD Entry Actions • Discard • Do not let in or out • Bypass • Outbound: do not apply IPSec • Inbound: do not expect IPSec • Protect – will point to an SA or SA bundle • Outbound: apply security • Inbound: security must have been applied Dr. Peng Ning

  19. SPD Protect Action • If the SA does not exist… • Outbound processing • Trigger key management protocols to generate SA dynamically, or • Request manual specification, or • Other methods • Inbound processing • Drop packet Dr. Peng Ning

  20. SPD(Policy) SA Database … … Outbound Processing Outbound packet (on A) A B IP Packet Is it for IPsec?If so, which policy entry to select? IPSec processing SPI & IPsec Packet Determine the SA and its SPI Send to B Dr. Peng Ning

  21. SPD(Policy) SA Database … … Inbound Processing Inbound packet (on B) A B From A SPI & Packet Use SPI to index the SAD Was packet properly secured? Original IP Packet “un-process” Dr. Peng Ning

  22. Authentication Header (AH) • Data integrity • Entire packet has not been tampered with • Authentication • Can “trust” IP address source • Use MAC to authenticate • Anti-replay feature • Integrity check value Dr. Peng Ning

  23. Integrity Check Value - ICV • Message authentication code (MAC) calculated over • IP header fields that do not change or are predictable • IP header fields that are unpredictable are set to zero. • IPsec AH header with the ICV field set to zero. • Upper-level data • Code may be truncated to first 96 bits Dr. Peng Ning

  24. SAD … IPsec Authentication Header Payload Length 6-2=4 Next Header (TCP/UDP) Reserved SPI Sequence Number ICV Dr. Peng Ning

  25. Encapsulated Security Protocol (ESP) • Confidentiality for upper layer protocol • Partial traffic flow confidentiality (Tunnel mode only) • Data origin authentication and connectionless integrity (optional) Dr. Peng Ning

  26. Outbound Packet Processing • Form ESP payload • Pad as necessary • Encrypt result [payload, padding, pad length, next header] • Apply authentication Dr. Peng Ning

  27. Outbound Packet Processing... • Sequence number generation • Increment then use • With anti-replay enabled, check for rollover and send only if no rollover • With anti-replay disabled, still needs to increment and use but no rollover checking • ICV calculation • ICV includes whole ESP packet except for authentication data field. • Implicit padding of ‘0’s between next header and authentication data is used to satisfy block size requirement for ICV algorithm • Not include the IP header. Dr. Peng Ning

  28. ESP Transport Example Original IP Header SPI Sequence Number Authentication coverage Payload (TCP Header and Data) Variable Length Encrypted Padding (0-255 bytes) Pad Length Next Header Integrity Check Value Dr. Peng Ning

  29. Inbound Packet Processing • Sequence number checking • Anti-replay is used only if authentication is selected • Sequence number should be the first ESP check on a packet upon looking up an SA • Duplicates are rejected! Check bitmap, verify if new verify reject Sliding Window size >= 32 0 Dr. Peng Ning

  30. Anti-replay Feature • Optional • Information to enforce held in SA entry • Sequence number counter - 32 bit for outgoing IPsec packets • Anti-replay window • 32-bit • Bit-map for detecting replayed packets Dr. Peng Ning

  31. Anti-replay Sliding Window • Window should not be advanced until the packet has been authenticated • Without authentication, malicious packets with large sequence numbers can advance window unnecessarily • Valid packets would be dropped! Dr. Peng Ning

  32. Inbound Packet Processing... • Packet decryption • Decrypt quantity [ESP payload,padding,pad length,next header] per SA specification • Processing (stripping) padding per encryption algorithm; In case of default padding scheme, the padding field SHOULD be inspected • Reconstruct the original IP datagram • Authentication verification (option) Dr. Peng Ning

  33. ESP Processing - Header Location... • Transport mode IPv4 and IPv6 IPv4 Orig IP hdr ESP hdr TCP Data ESP trailer ESP Auth IPv6 Orig IP hdr Orig ext hdr ESP hdr TCP Data ESP trailer ESP Auth Dr. Peng Ning

  34. ESP Processing - Header Location... • Tunnel mode IPv4 and IPv6 IPv4 New IP hdr ESP hdr Orig IP hdr TCP Data ESP trailer ESP Auth IPv6 New IP hdr New ext hdr ESP hdr Orig IP hdr Orig ext hdr TCP Data ESP trailer ESP Auth Dr. Peng Ning

More Related