IPSec

1
IPSec

• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
• Confidentiality

• Sheng-Liang Song
• ssl_at_cisco.com

2
IPSec

• Complexity
• Security worst enemy
• best practice

• Sheng-Liang Song
• ssl_at_cisco.com

3
Agenda

• IPSec Overview
• IPSec (Network Layer)
• Modes (Tunnel/Transport)
• Protocols (ESP/AH)
• IKE (Internet Key Exchange)
• IPSec Cases
• IPSec Discussion
• QA

4
Key Words

• ISAKMP (Internet Security Association
• and Key Management Protocol)
• SA (Security Associations)
• SPD (Security Policy Database)
• IKE (Internet Key Exchange)
• AH (Authentication Header)
• ESP (Encapsulating Security Payload)
• HMAC (Keyed-Hashing for Message Authentication)
• H(K XOR opad_5C, H(K XOR ipad_36, text))

5
IPSec (Network Layer)

• lives at the network layer
• transparent to applications

User
SSL
OS
IPSec
NIC
6
IPv4 Header Format
Mutable, predictable, Immutable
7
IPv6 Header Format
8
IPSec Modes (Tunnel and Transport)

• Transport Mode

• Tunnel Mode
• Transport Mode

IP header
data
data
IP header
ESP/AH

• Tunnel Mode

IP header
data
new IP hdr
ESP/AH
IP header
data
9
IPSec Protocols (ESP and AH)

• ESP (Encapsulating Security Payload)
• Integrity and confidentiality (HMAC/DES-CBC)
• Integrity only by using NULL encryption
• AH (Authentication Header)
• Integrity only

10
AH Format
The sender's counter is initialized to 0 when an
SA is established.
11
AH/Transport
12
AH/Transport
13
ESP Format
The sender's counter is initialized to 0 when an
SA is established.
14
ESP/Transport
15
ESP/Tunnel
16
IPSec Tunnels
IP header
IP Payload
TOS
Original IP Packet
17
Anti-Replay in IPSec

• Both ESP and AH have an anti-reply mechanism
• based on sequence numbers
• sender increment the sequence number after each
  transmission
• receiver optionally checks the sequence number
  and rejects if it is out of window

18
How IPSec uses IKE
19
IPSec and IKE in Practice

• Sets up a keying channel
• Sets up data channels

Internal Network
Certificate Authority
Digital Certificate
ISAKMP Session
Digital Certificate
SA
Authenticated Encrypted Tunnel
ISAKMP (Internet Security Association and Key
Management Protocol) SA (Security
Associations) SPD (Security Policy
Database) Discard,bypass IPsec, apply
IPSec (Overhead)
Clear Text
Internal Network
Encrypted
20
IPSec (IKE1 Phase1)

• Authenticated with Signatures
• Authenticated with Shared key
• Authenticated with Public Key Encryption
• Authenticated with Public Key Encryption (Revised)

21
IPSec (Cases)
22
IPSec Case1
23
IPSec Case2
24
IPSec Case3
25
IPSec Case4
26
IPSec Discussion

1. IPSec authenticates machines, not users
2. Does not stop denial of service attacks
3. Easier to do DoS
4. Order of operations Encryption/Authentication
5. Q A

27
Reference

• Information Security Principles and Practice,
  Mark Stamp, Jan 29,2005
• http//www.ietf.org/
• Cisco IOS IPsec www.cisco.com/go/ipsec/
• Cisco White Paper, IPsec, http//www.cisco.com/war
  p/public/cc/so/neso/sqso/eqso/ipsec_wp.htm
• N. Ferguson and B. Schneier, A Cryptographic
  Evaluation of IPsec, http//www.schneier.com/paper
  -ipsec.html
• IPsec, Security for the Internet Protocol,
  http//www.freeswan.org/freeswan_trees/freeswan-2.
  06/doc/intro.html