IPSec

About This Presentation

Title:

IPSec

Description:

With tools like nmap, can scan a typical subnet in a few minutes ... see: http://www.insecure.org/nmap/ Computer Science. IPv6 Security harder to scan networks ... – PowerPoint PPT presentation

Number of Views:369

Avg rating:3.0/5.0

Slides: 85

Provided by: onewe

Category:

more less

Transcript and Presenter's Notes

Title: IPSec

1
IPSec

CPSC499 Information Security Management

2
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

3
The Internet Network layer

Host, router network layer functions

Transport layer TCP, UDP
Network layer
Link layer
physical layer
4
IP datagram format

how much overhead with TCP?
20 bytes of TCP
20 bytes of IP
40 bytes app layer overhead

5
IP Fragmentation Reassembly

network links have MTU (max.transfer size) -
largest possible link-level frame.
different link types, different MTUs
large IP datagram divided (fragmented) within
net
one datagram becomes several datagrams
reassembled only at final destination
IP header bits used to identify, order related
fragments

fragmentation in one large datagram out 3
smaller datagrams
reassembly
6
IP Fragmentation and Reassembly

Example
4000 byte datagram
MTU 1500 bytes

1480 bytes in data field
offset 1480/8
7
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

8
IP Addressing introduction

IP address 32-bit identifier for host, router
interface
interface connection between host/router and
physical link
routers typically have multiple interfaces
host may have multiple interfaces
IP addresses associated with each interface

223.1.1.1
223.1.2.9
223.1.1.4
223.1.1.3
223.1.1.1 11011111 00000001 00000001 00000001
223
1
1
1
9
Subnets

IP address
subnet part (high order bits)
host part (low order bits)
Whats a subnet ?
device interfaces with same subnet part of IP
address
can physically reach each other without
intervening router

223.1.1.1
223.1.2.1
223.1.1.2
223.1.2.9
223.1.1.4
223.1.2.2
223.1.1.3
223.1.3.27
LAN
223.1.3.2
223.1.3.1
network consisting of 3 subnets
10
Subnets

Recipe
To determine the subnets, detach each interface
from its host or router, creating islands of
isolated networks. Each isolated network is
called a subnet.

Subnet mask /24
11
IP addressing CIDR

CIDR Classless InterDomain Routing
subnet portion of address of arbitrary length
address format a.b.c.d/x, where x is bits in
subnet portion of address

12
IP addresses how to get one?

Q How does host get IP address?
hard-coded by system admin in a file
Wintel control-panel-gtnetwork-gtconfiguration-gttcp
/ip-gtproperties
UNIX /etc/rc.config
DHCP Dynamic Host Configuration Protocol
dynamically get address from as server
plug-and-play
(more in next chapter)

13
IP addresses how to get one?

Q How does network get subnet part of IP addr?
A gets allocated portion of its provider ISPs
address space

ISP's block 11001000 00010111 00010000
00000000 200.23.16.0/20 Organization 0
11001000 00010111 00010000 00000000
200.23.16.0/23 Organization 1 11001000
00010111 00010010 00000000 200.23.18.0/23
Organization 2 11001000 00010111 00010100
00000000 200.23.20.0/23 ...
..
. . Organization 7
11001000 00010111 00011110 00000000
200.23.30.0/23
14
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

15
NAT Network Address Translation
rest of Internet
local network (e.g., home network) 10.0.0/24
10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
Datagrams with source or destination in this
network have 10.0.0/24 address for source,
destination (as usual)
All datagrams leaving local network have same
single source NAT IP address 138.76.29.7, differe
nt source port numbers
16
NAT Network Address Translation

Motivation local network uses just one IP
address as far as outside word is concerned
no need to be allocated range of addresses from
ISP - just one IP address is used for all
devices
can change addresses of devices in local network
without notifying outside world
can change ISP without changing addresses of
devices in local network
devices inside local net not explicitly
addressable, visible by outside world (a security
plus).

17
NAT Network AddressTranslation

Implementation NAT router must
outgoing datagrams replace (source IP address,
port ) of every outgoing datagram to (NAT IP
address, new port )
. . . remote clients/servers will respond using
(NAT IP address, new port ) as destination
addr.
remember (in NAT translation table) every (source
IP address, port ) to (NAT IP address, new port
) translation pair
incoming datagrams replace (NAT IP address, new
port ) in dest fields of every incoming datagram
with corresponding (source IP address, port )
stored in NAT table

18
NAT Network Address Translation
NAT translation table WAN side addr LAN
side addr
138.76.29.7, 5001 10.0.0.1, 3345

10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
4 NAT router changes datagram dest addr
from 138.76.29.7, 5001 to 10.0.0.1, 3345
3 Reply arrives dest. address 138.76.29.7,
5001
19
NAT Network Address Translation

16-bit port-number field
60,000 simultaneous connections with a single
LAN-side address!
NAT is controversial
routers should only process up to layer 3
violates end-to-end argument
NAT possibility must be taken into account by app
designers, eg, P2P applications
address shortage should instead be solved by IPv6

20
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

21
IPv6 Header

Initial motivation
32-bit address space soon to be completely
allocated.
Expands addresses to 128 bits
430,000,000,000,000,000,000 for every square inch
of earths surface!
Solves IPv4 problem of insufficient address space
Additional motivation
header format helps speed processing/forwarding
header changes to facilitate QoS
IPv6 datagram format
fixed-length 40 byte header
no fragmentation allowed

22
IPv6 Header (Cont)
Priority identify priority among datagrams in
flow Flow Label identify datagrams in same
flow. (concept offlow
not well defined). Next header identify upper
layer protocol for data
23
Other Changes from IPv4

Checksum removed entirely to reduce processing
time at each hop
Options allowed, but outside of header,
indicated by Next Header field
ICMPv6 new version of ICMP
additional message types, e.g. Packet Too Big
multicast group management functions

24
IPv6 Security IPsec mandated

IPsec is mandated in IPv6
This means that all implementations (i.e. hosts,
routers, etc) must have IPsec capability to be
considered as IPv6-conformant
When (If?) IPv6 is in widespread use, this means
that IPsec will be installed everywhere
At the moment, IPsec is more common in network
devices (routers, etc) than user hosts, but this
would change with IPsec
All hosts having IPsec gt real end-to-end
security possible

25
IPv6 Security

Enough IP addrs for every imaginable device
Real end-to-end security Ability to securely
communicate from anything to anything

26
IPv6 Security harder to scan networks

With IPv4, it is easy to scan a network
With tools like nmap, can scan a typical subnet
in a few minutes
Returning list of active hosts and open ports
Many worms also operate by scanning
e.g. Blaster, Slammer
Attackers ( worms) scan for proxies, weak
services and back doors

see http//www.insecure.org/nmap/
27
IPv6 Security harder to scan networks

With IPv6, sparse address allocation makes such
brute force scanning impractical
It is 4 billion times harder to scan 1 IPv6
subnet than all of IPv4
No more Blaster, Slammer,
Use of dense address allocations makes it
easier though

28
Transition From IPv4 To IPv6

Transition from IPv4 to IPv6 will take time
Due to need to support legacy systems and
applications, not all system can be upgraded
simultaneously
Instead, organisations deploy IPv6 piecewise with
pilot/experimental implementations first
Thus need for IPv4-IPv6 coexistence
Have dual-stack systems (supporting both v4 and
v6)
Tunnelling used to deliver IPv6 packets over IPv4
networks
Tunneling IPv6 carried as payload in IPv4
datagram among IPv4 routers

known as 6to4
29
Tunneling
B-to-C IPv6 inside IPv4
D-to-E IPv6 inside IPv4
30
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

31
IP Security (IPsec)

Suite of protocols from Internet Engineering Task
Force (IETF) providing encryption and
authentication at the IP layer
Arose from needs identified in RFC 1636
Specifications in
RFC 2401 Security architecture
RFC 2402 Authentication
RFC 2406 Encryption
RFC 2408 Key management
Objective is to encrypt and/or authenticate all
traffic at the IP level.

32
IP Security Issues

Eavesdropping
Modification of packets in transit
Identity spoofing (forged source IP addresses)
Denial of service
Many solutions are application-specific
TLS for Web, S/MIME for email, SSH for remote
login
IPSec aims to provide a framework of open
standards for secure communications over IP
Protect every protocol running on top of IPv4 and
IPv6

33
Typical Usage
34
IPSec Services

Data origin authentication
Confidentiality
Connectionless and partial sequence integrity
Connectionless integrity for a single IP packet
Partial sequence integrity prevent packet
replay
Limited traffic flow confidentiality
Eavesdropper cannot determine who is talking
These services are transparent to applications
above transport (TCP/UDP) layer

35
Major IPSec Components

Security Association (SA) Database
Each SA refers to all the security parameters of
one communication direction
For two-way communications, at least two SAs are
needed.
Two Protocols
AH Authentication Header
ESP Encapsulating Security Payload
Encryption only
Encryption with authentication
Two Encapsulation modes
Transport mode
Tunnel mode

CCS
36
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

37
Security Association (SA)

In order to communicate, each pair of hosts must
set up SA with each other
Acts as virtual connection for which various
parameters are set
Type of protection
Algorithms
Keys
Simplex a one way relationship between a sender
and a receiver.
For either AH or ESP, but not both

38
Security Association (SA)

Each SA uniquely identified by
Security Parameters Index (SPI)
32-bit string assigned to this SA (local meaning
only)
IP destination address of packets
May be end user system, or firewall or router
Security Protocol Identifier (e.g. AH, ESP)
For each IP packet, governing SA is identified
by
Destination IP address in packet header
SPI in extension header (AH or ESP)

39
Security Association (SA)

It contains all the security parameters needed
for one way communication
Sequence number counter
Anti-replay window
Protocol (e.g. AH / ESP)
Transform mode (e.g. transport / tunnel mode /
wildcard)
Protocol parameters (e.g. AES, 128-bit, CBC mode,
SHA-1)
Lifetime of the SA
etc.

40
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

41
Two IPSec Base Protocols

Authentication Header (AH)
Provides message authentication and integrity
check of IP data payload, but not
confidentiality.
Also Provides authentication for as much of the
IP header as possible.
Next header TCP, UDP, etc.
Sequence Number Starts at 1, never recycle
(optional)

42
Two IPSec Base Protocols

Encapsulating Security Payload (ESP)
Provides confidentiality and authentication.
Either is optional.
When not used, the NULL algorithm defined in
RFC-2410 is used.
The authentication trailer must be omitted if not
used.
Either encryption or authentication (or both)
must be enabled (NULL-NULL is an invalid option)

43
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

44
Two Encapsulation Modes

IPsec defines two encapsulation modes for an IP
packet
Transport
Tunnel

IP
TCP
Original
data
header
header
IP packet
IP
TCP
IPsec
Transport mode
data
protected packet
header
header
header
Tunnel mode
IP
TCP
IPsec
IP
data
header
header
header
header
protected packet
45
Transport mode

Intercept Network layer packets Encrypt /
Authenticate these packets preserving most of the
original IP header
End-to-end security between two hosts
Typically, client to gateway (e.g., PC to remote
host)
Requires IPSec support at each host

46
Tunnel Mode

Gateway-to-gateway security
Internal traffic behind gateways not protected
Typical application virtual private network
(VPN)
Only requires IPSec support at gateways

47
Tunnel Mode Illustration
Implements IPSec
Implements IPSec
IPSec protects communication on the insecure part
of the network
48
Tunnel mode

Intercept Network layer packets Encrypt /
Authenticate these packets, while encapsulating
the original IP packet entirely

Versatile and has many deployment modes
Host-to-host
Host-to-router (i.e. remote access)
Router-to-router (a.k.a. Gateway-to-gateway)

49
Tunnel mode(Router-to-router /
Gateway-to-gateway)
50
Tunnel mode(Host-to-Router / Remote Access)
51
Transport Mode vs. Tunnel Mode

Transport mode secures packet payload and leaves
IP header unchanged
Tunnel mode encapsulates both IP header and
payload into IPSec packets

IP header (real dest)
IPSec header
TCP/UDP header data
IP header (gateway)
IPSec header
TCP/UDP header data
IP header (real dest)
52
Encapsulation Modes
53
Authentication Header (AH)

Adds extra field to traditional IP packet
This is used to verify authenticity integrity
of the packet

Before applying AH
Authenticated (Data parts of IP header)

Transport Mode
data is authenticated, as well as parts of IP
header

Tunnel Mode
entire original packet is authenticated parts
of new header

Authenticated (Data orig IP header parts of
new header)
54
Authentication Header (AH)

Protection against replay attack with use of
sequence number
Why have an Authentication-only protocol (AH)?
May be used where export/import/use of encryption
is restricted
Faster implementation
Receiver can choose whether expend the effort to
verify authenticity/integrity

55
AH Authentication Header

Provides integrity and origin authentication
Authenticates portions of the IP header
Anti-replay service (to counter denial of
service)
No confidentiality

Next header (TCP)
Payload length
Reserved
Identifies security association (shared keys and
algorithms)
Security parameters index (SPI)
Sequence number
Anti-replay
ICV Integrity Check Value (HMAC of IP header,
AH, TCP payload)
Authenticates source, verifies integrity
of payload
56
Prevention of Replay Attacks

When SA is established, sender initializes 32-bit
counter to 0, increments by 1 for each packet
If wraps around 232-1, new SA must be established
Recipient maintains a sliding 64-bit window
If a packet with high sequence number is
received, do not advance window until packet is
authenticated

57
Encapsulating Security Payload (ESP)
Original IP packet
Encrypted

Transport Mode
only data is encrypted authenticated

Authenticated (optionally)
Encrypted

Tunnel Mode
entire packet encrypted authenticated

Authenticated (optionally)
58
ESP Packet
Identifies security association (shared keys and
algorithms)
Anti-replay
TCP segment (transport mode) or entire IP packet
(tunnel mode)
Pad to block size for cipher, also hide actual
payload length
Type of payload
HMAC-based Integrity Check Value (similar to AH)
59
Encapsulating Security Payload (ESP)

Content of IP packet is encrypted and
encapsulated between header and trailer fields.
Authentication data optionally added

60
Authentication Confidentiality (ESP)

Confidentiality and integrity for packet payload
Symmetric cipher negotiated as part of security
assoc
Provides authentication (similar to AH)
Can work in transport
or tunnel mode

encrypted
authenticated
61
Combining Security Associations

SAs can implement either AH or ESP
to implement both need to combine SAs
form a security bundle
have 4 cases (see next)

62
Selection of Protocol Modes(Host-to-Host)

Transport Mode
Tunnel Mode

63
Selection of Protocol Modes(Router-to-Router)

Tunnel Mode

64
Selection of Protocol Modes(Pass-through IPSec)

Tunnel mode for gateway-to-gateway
Transport mode / tunnel mode for host-to-host

65
Selection of Protocol Modes(Remote access)

Tunnel mode for host-to-gateway
Transport mode / tunnel mode for gateway-to-host

66
Outline

Internet Protocol
Datagram format
IPv4 addressing
NAT
IPv6
IPSec
Security Association (SA)
IPSec Base Protocol (AH, ESP)
Encapsulation Mode (transport, tunnel)
Key Management

67
Key Management in IPsec

Generation and distribution of secret keys
Manual
Sysadmin configures keys (doesnt scale well)
automated key management
automated system for on demand creation of keys
for SAs in large systems
has Oakley ISAKMP elements

68
Oakley

a key exchange protocol
based on Diffie-Hellman key exchange
adds features to address weaknesses
cookies, groups (global params), nonces, DH key
exchange with authentication

69
Diffie-Hellman Setup

all users agree on global parameters
large prime integer or polynomial q
a a primitive root mod q
each user (eg. A) generates their key
chooses a secret key (number) xA lt q
compute their public key yA axA mod q
each user makes public that key yA

70
Diffie-Hellman Calculation

shared session key for users A B is KAB
KAB axA.xB mod q
yAxB mod q (which B can compute)
yBxA mod q (which A can compute)
KAB is used as session key in private-key
encryption scheme between Alice and Bob
if Alice and Bob subsequently communicate, they
will have the same key as before, unless they
choose new public-keys
attacker know q and public key YA, not possible
to calculate private key XA, nor shared session
key

71
ISAKMP

Internet Security Association and Key Management
Protocol (ISAKMP)
provides framework for key management
defines procedures and packet formats to
establish, negotiate, modify, delete SAs
independent of key exchange protocol, encryption
alg, authentication method

72
ISAKMP
73
IPsec Benefits

Provides a level of security for all
applications.
Allows deployment of new/emerging applications
that may not have their own security.
Transparent to transport layer
Transparent to end-users
No need for training, key issue, key revocation,
etc.
Can be provided to individual users where needed
(e.g. off-site workers)
Extensible to new, stronger, cryptographic
methods as these become available

74
IPsec Drawbacks

Processing performance overhead
Protection is applied to all traffic, though only
a small portion may be security-sensitive
Blocks access to non-IPsec hosts
Hosts must have security association
Not great for short-lived connections
Not practical for broadcast

75
Uses of IPsec

Virtual Private Network (VPN) establishment
For connecting remote offices and users using
public Internet
Low-cost remote access
e.g. teleworker gains secure access to company
network via local call to ISP
Extranet connectivity
Secure communication with partners, suppliers,
etc.

76
Note on VPN concept

Private Network
A set of computers connected together and
protected from the Internet (usually with a
firewall)
Traditionally made up of LAN(s) within individual
locations. If needed, wide area (e.g.
inter-branch) connection is made by secure leased
telecommunications lines.

77
Note on VPN concept

Virtual Private Network (VPN)
Uses public (insecure) Internet for parts of
network connectivity
Made possible by use of cryptography
Can be enabled by IPsec or SSH tunnelling, among
other methods

78
Virtual Private Networks

(a) A leased-line private network. (b) A
virtual private network.

79
Virtual Private Networks (VPNs)

A virtual private network (VPN) is the extension
of a private network.
A VPN enables you to send data between two
computers across the Internet in a manner that
emulates the properties of a point-to-point
private link.
To emulate a point-to-point link, data is
encapsulated (or wrapped) with a header that
provides routing information allowing it to
traverse the Internet to reach its endpoint.
To emulate a private link, the data being sent is
encrypted for confidentiality.

80
Components of a VPN Connection

VPN server A computer that accepts VPN
connections from VPN clients.
VPN client A computer that initiates a VPN
connection to a VPN server.

Tunnel The portion of the connection in which
your data is encapsulated (or wrapped) according
to a tunneling protocol.
VPN connection The portion of the connection in
which your data is encrypted.

81
VPN Connections