1 / 39

Chapter 6

Chapter 6. IP Security. Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se. Outline. Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header

von
Download Presentation

Chapter 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se

  2. Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management

  3. TCP/IP Example

  4. IPv4 Header

  5. IPv6 Header

  6. IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Authentication, Confidentiality, Key Management

  7. IP Security Overview • Applications of IPSec • Secure branch office connectivity over the Internet • Secure remote access over the Internet • Establsihing extranet and intranet connectivity with partners • Enhancing electronic commerce security

  8. IP Security Scenario 인증, 암호화, 압축 침입탐지 시스템 / 방화벽 시스템

  9. IP Security Overview • Benefits of IPSec • Transparent to applications (below transport layer (TCP, UDP) • Provide security for individual users • Intrusion detection and prevention • IPSec can assure that: • A router or neighbor advertisement comes from an authorized router • A redirect message comes from the router to which the initial packet was sent • A routing update is not forged

  10. IP Security Architecture • IPSec documents: • RFC 2401: An overview of security architecture • RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 • RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 • RFC 2408: Specification of key managament capabilities

  11. IPSec Document Overview ESP: Encapsulation Security Payload AH: Authentication Header DOI: Domain of Interpretation

  12. IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity

  13. Security Associations (SA) • A one way relationship between a sender and a receiver • Identified by three parameters: • Security Parameter Index (SPI): 32-bit • IP Destination address: 32-bit • Security Protocol Identifier : AH(51) or ESP(50)

  14. Before applying AH

  15. Transport Mode (AH Authentication)

  16. Tunnel Mode (AH Authentication) F/W(Firewall) or IDS(Intrusion Detection System)’s IP Address

  17. Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks.

  18. End-to-end versus End-to-Intermediate Authentication

  19. Encapsulating Security Payload • ESP provides confidentiality services

  20. Encryption and Authentication Algorithms • Encryption: • Three-key triple DES • RC5 • IDEA • Three-key triple IDEA • CAST • Blowfish • Authentication: • HMAC-MD5-96 • HMAC-SHA-1-96

  21. ESP Encryption and Authentication 효율성이 높고 적은 추가 헤더 반면, 트래픽 분석에 노출됨

  22. ESP Encryption and Authentication 트래픽 분석 방지가능

  23. Combinations of Security Associations

  24. Combinations of Security Associations

  25. Combinations of Security Associations

  26. Combinations of Security Associations

  27. Key Management • Number of Keys Required: four keys • Two keys for AH and ESP in Tx • Two keys for AH and ESP in Rx • Two Types of Keys Exchange • Manual • Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP)

  28. Oakley Key Determination Protocol (OKDP) • OKDP is a refined version of the Diffe-Hellman key exchange algorithm • Diffie-Hellman key exchange algorithm • 두 사용자 A와 B는 두개의 변수 즉, 소수 q 와 이의 원시근 a를 사전에 합의하여 알고 있음을 가정(pp.87) • A는임의의 정수 XA를 개인키로 선정하고, 자신의 공개키 YA = aXA mode q를 B로 전송 • B는임의의 정수 XB를 개인키로 선정하고, 자신의 공개키 YB = aXB mode q를 B로 전송 • A와 B는 비밀키(대칭키) K를 다음과 같이 얻음 K = (YB)XA mode q= (YA)XB mode q= aXAXB mode q

  29. Oakley Key Determination Protocol (OKDP) • Diffie-Hellman key exchange algorithm 장점 • 필요할 때마다 언제나 키를 생성할 수 있음 • 두 변수 q와 a외 어떠한 사전협의나 기반 구조가 불필요 • Diffie-Hellman key exchange algorithm 단점 • 상대방을 확인 할 수 없음 • Man-in-the-middle attack에 취약함(상대방 인증불가로 인해) • 비밀 키 생성시 계산량이 많아지는데 이러한 의미 없는 계산으로 시간을 허비하도록 하는 clogging 공격에 취약

  30. OKDP • 특성 • Clogging 공격을 막기 위해 “cookie” 이용 • 사전에 합의 할 q와 a의 선정을 위해 일련의 값들이 정의된 “group” 이용 • 재전송 공격에 대비하여 “nonce” 이용 • Diffie-Hellman “공개키교환” • Diffie-Hellman 키교환에 “인증기능” 추가

  31. OKDP • Cookie Mechanism • IP 주소 spoofing에 의해 송신자로 위장한 공격자가 상대방에게 지나치게 큰 값의 공개키를 보내 clogging 공격을 하는 경우에 대비하기 위해 cookie라 불리우는 난 수(random number)를 상호 교환하여 확인하도록 함 • Cookie는 자신의 IP 주소나 Port 번호 및 해시 함수 등을 이용하여 생성자에게 종속적이면서 빠른 속도로 생성이 가능하나 다른 이들이 생성하기에 불가능한 것이어야 함

  32. OKDP • 전역 변수 q와 a의선정을 위한 group 예(pp.224) • q = 2768 - 2704 - 1 + 264 x ([2638 x π] + 149686) a=2 • q = 21024 - 2960 - 1 + 264 x ([2894 x π] + 129093) a=2 ………… • Nonce는 암호화되거나 서명되어 전송

  33. OKDP • 인증 • Digital Signature • Public-Key Encryption • Symmetric-Key Encryption

  34. OKDP: Aggressive Key Exchange 1) I  R: CKYI, OK_KEYX, GRP, gx, EHAO, NIDP, IDI, IDR, NI, SKI[IDI||IDR||NI||GRP||gx||EHAO] 2) R  I: CKYR, CKYI, OK_KEYX, GRP, gy, EHAS, NIDP, IDR, IDI, NR, NI, SKR[IDR||IDI||NR||NI||GRP||gy||gx||EHAS] 3) I  R: CKYI, CKYR, OK_KEYX, GRP, gx, EHAS, NIDP, IDI, IDR, NI, NR, SKI[IDI||IDR||NI||NR ||GRP||gx||gy||EHAS]

  35. ISAKMP • SA(Security Association)의 establishment, negotiation, modification, deletion을 위한 절차 및 메시지 형식 • UDP 사용 • ISAKMP는 다양한 키 교환 알고리즘에 적용 • (OKDP는 초기 버전의 ISAKMP 사용하는 경우)

  36. ISAKMP(pp.228)

  37. ISAKMP • Key Exchange Procedure • - See pp. 231

  38. Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley, 1994

More Related