1 / 31

IP security

IP security. Ge Zhang ge.zhang@kau.se. Packet-switched network is not Secure!. The protocols were designed in the late 70s to early 80s Very small network (closed environment) All hosts are assumed to be trusted So are the users Therefore, security was not an issue.

macon-knapp
Download Presentation

IP security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP security Ge Zhang ge.zhang@kau.se

  2. Packet-switched network is not Secure! • The protocols were designed in the late 70s to early 80s • Very small network (closed environment) • All hosts are assumed to be trusted • So are the users • Therefore, security was not an issue

  3. Message transfer over the Internet

  4. OSI security architecture • Security attacks: any action that compromises the security of information. • Security mechanism: A method that is designed to detect, prevent or recover from a security attack • Security service: A service that enhances the security of a system

  5. Scenario

  6. Passive attacks

  7. Active attacks

  8. Security services • Data origin authentication • Data confidentiality • Anonymity • Data integrity • Non-repudiation

  9. Security mechanism • Encipher • Digital signature • Trusted functionality • Detection and prevention • …

  10. Layered TCP/IP model • IPSec is working in IP layer • Protect IP packets

  11. Goals of IPSec • to verify sources of IP packets • Data source authentication • to prevent replaying of old packets • to protect integrity and/or confidentiality of packets • Data Integrity/Data Encryption

  12. IPSec subprotocols ESP AH Encapsulating Security Payload Authentication Header IPSec Security Policy IKE The Internet Key Exchange

  13. IPSec—IP Security Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication.

  14. IPSec related RFCs • A collection of protocols (RFC 2401) • Authentication Header (AH) • RFC 2402 • Encapsulating Security Payload (ESP) • RFC 2406 • Internet Key Exchange (IKE) • RFC 2409 • IP Payload Compression (IPcomp) • RFC 3137

  15. A->B Payload A->B A->B Payload Payload R1->R2 A->B Payload Transport mode and tunnel mode

  16. Authentication Header (AH) • Provides source authentication • Protects against source spoofing • Provides data integrity • Protects against replay attacks • Use monotonically increasing sequence numbers • NO support for confidentiality!

  17. AH Details • Use 32-bit increasing sequence number to avoid replay attacks • Use cryptographically strong hash algorithms to protect data integrity (96-bit) • Use symmetric key cryptography • HMAC-SHA-96, HMAC-MD5-96

  18. AH Protocol (transport & tunnel mode in IPv4) IP header data (e.g., TCP, UDP segment) AH header Authenticated except for mutable fields Authenticated except for mutable fields IP header New IP header AH header data (e.g., TCP, UDP segment)

  19. IPSec Authentication Header

  20. Encapsulating Security Payload (ESP) • Provides most that AH offers, and • in addition provides data confidentiality • Uses symmetric key encryption

  21. ESP Details • Same as AH: • Use 32-bit sequence number to counter replaying attacks • Use integrity check algorithms ( protect on different fields) • Only in ESP: • Data confidentiality: • Uses symmetric key encryption algorithms to encrypt packets

  22. ESP Protocol (transport & tunnel mode in IPv4) ESP authent. ESP trailer ESP authent. ESP trailer authenticated encrypted ESP header IP header TCP, UDP segment authenticated encrypted ESP header TCP, UDP segment New IP header IP header ESP in fact puts information both before and after the protected data. For encryption, DATA, padding, padding length and next header are encrypted. For authentication, all fields are included.

  23. IPSec ESP Format

  24. Anti-replay service • Sequence number (from 0 to 232-1) • The sender increments the sequence number for each generated packet. • How to detect replayed packet? • The receiver maintains an array with 232 units to mark which packets have been received. • The receiver only accepts the packets with larger sequence number than the previous one. Both are not good methods, why?

  25. Slide window scheme • A windows of size W (default W = 64) • N: highest sequence number of successfully received packets • Three cases • Packets in the window • Packets to the right of the window • Packets to the left of the window A 59 54 64 B 53 √ 54 55 √ 56 √ 57 √ 58 √ 59 √ 60 √ 61 62 √ 63 64 √ 65 66

  26. Security Associations (SA) A SA is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. Two ends (from one end  the other end) A SA is identified by: Security Parameters Index (SPI): a local identifier points to a SA IP destination address Security protocol identifier: AH? Or ESP? SA parameters: Sequence number counter Anti-replay window AH information (key, algorithms) ESP information (key, algorithms) IPSec protocol mode (Tunnel, transport) …

  27. Internet Key Exchange Protocol • SA could be created manually, but… • Internet Key Exchange Protocol (IKE) • Exchange and negotiate security policies • Establish security sessions • Identified as Security Associations (SA) • Key exchange • Key management • Can be used outside IPSec as well

  28. Virtual Private Networks (VPNs) • Virtual • It is not a physically distinct network • Private • Tunnels are encrypted to provide confidentiality • Using VPN while traveling

  29. Discussion • IPSec is not the only solution! • Security features can be added on top of IP! • e.g. Kerberos, SSL • Confused? • IP, IPSec protocols are very complex! • Two modes, three sub protocols • Complexity is the biggest enemy of security

  30. Discussion • Has it been used? • Yes—primarily used by some VPN vendors • But not all routers support it • No—it is not really an end-to-end solution • Authentication is too coarse (host based) • Default encryption algorithm too weak (DES) • Too complex for applications to use

  31. Key points • Security attack, mechanism and service • Classical attacks in the internet • IPSec encompasses : authentication, confidentiality and key management • AH and ESP • Transport mode and tunnel mode • Slide window to defend against replay attack • VPN

More Related