CSE 5/7349 - PowerPoint PPT Presentation

About This Presentation
Title:

CSE 5/7349

Description:

Sequence number should be the first check on a packet upon looking up an SA ... Keys exchanged offline (phone, email, etc.) Set up SPI and negotiate parameters ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 34
Provided by: leedmc
Learn more at: https://s2.smu.edu
Category:
Tags: cse | keys

less

Transcript and Presenter's Notes

Title: CSE 5/7349


1
CSE 5/7349 February 15th 2006
  • IPSec

2
Basics
  • Stack Level
  • V4 vs V6
  • Provides
  • Authentication
  • Confidentiality

3
Architecture Concepts
  • Placement
  • Mode
  • Security association (SA)
  • ESP
  • AH

4
IPSec Placement
5
Transport Mode Security
IP header
IP options
IPSec header
Higher layer protocol
ESP
Real IP destination
AH
  • ESP protects higher layer payload only
  • AH can protect IP headers as well as higher layer
    payload

6
Tunnel Mode Security
Outer IP header
Inner IP header
IPSec header
Higher layer protocol
ESP
Real IP destination
Destination IPSec entity
AH
  • ESP applies only to the tunneled packet
  • AH can be applied to portions of the outer header

7
Tunnel Mode
Encrypted Tunnel
Gateway
Gateway
Encrypted
Unencrypted
Unencrypted
A
B
8
Security Association - SA
  • One way relationship (uni-directional)
  • Determine IPSec processing for senders
  • Determine IPSec decoding for destination
  • SAs are not fixed! Generated and customized per
    traffic flows (manual as well as dynamic)
  • If manual, no lifetime dynamic has lifetime

9
Security Parameters Index - SPI
  • Can be up to 32 bits large
  • The SPI allows the destination to select the
    correct SA under which the received packet will
    be processed (according to the agreement with the
    sender)
  • The SPI is sent with the packet by the sender
  • SPI Dest IP address IPSec Protocol (AH or
    ESP) uniquely identifies a SA

10
SA Bundle
  • More than 1 SA can apply to a packet
  • Example ESP does not authenticate new IP header.
    How to authenticate?
  • Use SA to apply ESP w/out authentication to
    original packet
  • Use 2nd SA to apply AH

11
  • Authenticated Header (AH)

12
AH Security
  • Connectionless integrity
  • Flow/error control left to transport layer
  • Data integrity
  • Authentication
  • Can trust IP address source
  • Use MAC to authenticate
  • Anti-replay feature
  • Integrity check value

13
AH Header Format
Payload Length
Next Header (TCP/UDP)
Reserved
SPI
Sequence Number
Auth Data
14
Anti-Replay
  • Message authentication code (MAC) calculated
    over
  • IP header field that do not change or are
    predictable
  • IPSec protocol header minus where the ICV value
    goes
  • Upper-level data
  • Code may be truncated to first 96 bits

15
Integrity Check Value - ICV
  • Message authentication code (MAC) calculated
    over
  • IP header field that do not change or are
    predictable
  • IPSec protocol header minus where the ICV value
    goes
  • Upper-level data
  • Code may be truncated to first 96 bits

16
AH Modes
  • Tunnel
  • Transport
  • Nested headers
  • Multiple SAs applied to same message
  • Nested tunnels

17
Processing Outbound Messages
  • Insert Next Header and SPI field
  • Compute the sequence no. field
  • If transport mode
  • If tunnel mode
  • Compute authentication value

18
Outbound Processing (contd)
  • If transport mode
  • If tunnel mode
  • Compute authentication value

19
Outbound Processing (contd)Fragment the Message
  • IPSec processing may result in large message
    which will be fragmented
  • Transport mode
  • Tunnel mode

20
Input Processing
  • Identify the inbound SA
  • Replay protection check

21
Inbound Processing (contd)
  • Verify authentication data
  • Strip off the AH header and continue IPSec
    processing for any remaining IPSec headers

22
Replay Protection
  • Sequence number checking
  • Anti-replay is used only if authentication is
    selected
  • Sequence number should be the first check on a
    packet upon looking up an SA
  • Duplicates are rejected!

Check bitmap, verify if new
verify
reject
Sliding Window size gt 32
0
23
Anti-replay Feature
  • Sequence number counter - 32 bit for outgoing
    IPSec packets
  • Anti-replay window

24
Internet Key Exchange (IKE)
25
Key Management
  • AH and ESP require encryption and authentication
    keys
  • Process to negotiate and establish IPSec SAs
    between two entities

26
Manual Key Management
  • Mandatory
  • Useful when IPSec developers are debugging
  • Keys exchanged offline (phone, email, etc.)
  • Set up SPI and negotiate parameters
  • Not scalable

27
Oakley Key Exchange
  • Designed to
  • Leverage advantages of DH
  • Counter DH weaknesses

28
Oakley - Major Features
29
Cookies
30
Example Main Mode Preshared
Negotiate IKE SA parameters
Exchange items to generate secret
Generate SKEYID
Send hash digest so peer can authenticate sender
31
Main Mode Preshared Hashes
  • To authenticate each other, each entity generates
    a hash digest that only the peer could know
  • Hash-IPRF(SKEYID,YIYRCKY-ICKY-RSA
    OfferID-I)
  • Hash-R PRF(SKEYID,YRYICKY-RCKY-ISA
    OfferID-R)

32
Phase II
  • What traffic does SA cover ?
  • Initiator specifies which entries (selectors) in
    SPD are for this IPSec SA, sends off to responder
  • Keys and SA attributes communicated with the
    Phase I - IKE SA
  • Passes encrypted authenticated

33
Example Quick Mode
Negotiate IPSec SA Parameters, PFS
Liveness proof for Responder
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CSE 5/7349 " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!