Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

IPSec

VIEWS: 3 PAGES: 32

									Internet Security
   CSCE 813

     IPsec
            IPSec Protocols

   Encapsulating Security Payload (ESP)
    – Confidentiality
    – Authentication
   Authentication Header (AH)
    – Authentication




                        CSCE 813 - Farkas   2
Encapsulating Security
      Payload
       (ESP)
                         ESP
   Provides:
    – Confidentiality
    – Data origin authentication
    – Data integrity
    – Limited traffic flow confidentiality
    – Anti-replay
   Protocol number: 50

                        CSCE 813 - Farkas    4
                            ESP
 Confidentiality: Encryptor
 Integrity: Authenticator
 Algorithm is determined by the Security
  Association (SA)
 Each ESP has at most:
    –   One cipher and one authenticator or
    –   One cipher and zero authenticator or
    –   Zero cipher and one authenticator or
    –   Disallowed: zero cipher and zero authenticator or



                           CSCE 813 - Farkas                5
   ESP Protected IP packet
                                 encrypted
                         Protected
 IP header    ESP header                     ESP Trailer
                           data

                     authenticated

ESP goals:
   • Authenticate as much information as possible
   • Allow efficient processing

                     CSCE 813 - Farkas                     6
              ESP Format
 Security Parameter Index (SPI)
    Sequence number




                                                                  Authenticity protected
            IV

       Payload data




                                                Confidentiality
                                                 protected
                      padding
padding            Pad length     Next header



    Authentication data (n*32 bit)

                   CSCE 813 - Farkas                                                       7
                  ESP Header
   SPI:
    – Combined with the destination address and protocol in
      the preceding IP header identifies the SA
    – Authenticated but not encrypted
   Sequence number:
    – Used for anti-replay
    – Monotonically increasing number
    – Authenticated but not encrypted


                         CSCE 813 - Farkas                    8
             Payload Data Field
 Data to be protected
 Length depends on the length of data to be
  protected
 Contains:
    –   Initialization Vector (IV)
    –   Protected Data
    –   Pad
    –   Pad Length
    –   Next Header

                            CSCE 813 - Farkas   9
        Initialization Vector
 Specific algorithm must define location of
  IV
 DES-CBC location first 8 octets of
  protected data field
 Authenticated but not encrypted




                  CSCE 813 - Farkas            10
              Protected Data
   Depends on the mode of ESP
    – Transport mode: Upper-layer protocol packet
    – Tunnel mode: entire IP packet is protected




                      CSCE 813 - Farkas             11
                      Padding
 Needed for encryption (input data multiple of
  block size)
 Hide actual data length
 Padding values:
    – Algorithm may specify
    – ESP default values: start with 1 and monotonically
      increases
    – Used for checking proper decryption by recipient


                         CSCE 813 - Farkas                 12
                     Padding
   Padding Length
    – Needed for restoring actual length of payload
      data
    – Mandatory (even if there is no padding)
   Next header
    – Defines that type of protected data
       Transport mode: type of upper-level protocol
        (e.g., TCP 6)
       Tunnel mode: 4 (IP-in-IP)


                        CSCE 813 - Farkas              13
    Authentication Data Field
 Used for data integrity check
 Usually keyed hash function
 Length: depends on the authentication
  algorithm defined in SA
 If no authenticator is specified: there is no
  authentication data


                    CSCE 813 - Farkas             14
             ESP Processing
 Depends on mode in which ESP is
  employed
 Both modes:
    – Cipher is authenticated
    – Authenticated plain text is not encrypted
 Outbound: encryption happens first
 Inbound: authentication happens first

                      CSCE 813 - Farkas           15
             Outbound Processing
1.    ESP header inserted into the outgoing IP packet
     a.   Protocol field of IP header copied into Next header field of ESP
     b.   Remaining fields of ESP filled (SPI, sequence number, pad, pad
          length)
     c.   Protocol number of IP header is given the value ESP (50)
2.    Encrypt packet from the beginning of payload data to the
      next header field
3.    Authenticate packet form the ESP header, through the
      encrypted ciphertext to the ESP trailer and insert
      authentication data into ESP trailer

                              CSCE 813 - Farkas                         16
               Inbound Processing
1.     Check for SA of the packet
     a.    If no SA  drop packet
     b.    Otherwise: use valid SA to process the packet
2.     Check sequence number
     a.    Invalid number  drop packet
3.     Authenticate cipher text
     a.    Entire packet (without the authentication data) is processed by
           the authenticator
     b.    Match generated data with authentication data
     c.    No match  drop packet
4.     Decrypt ESP packet (from beginning on payload to the next header
       field)
     a.    Check pad integrity
5.     Validate ESP mode using Next header field and decrypted payload

                              CSCE 813 - Farkas                          17
Authentication Header
    Authentication Header (AH)
 Does NOT provide confidentiality
 Provides:
    – Data origin authentication
    – Connectionless data integrity
   May provide:
    – Non-repudiation (depends on cryptographic alg.)
    – Anti-replay protection
 Precision of authentication: granularity of SA
 Protocol number: 51

                         CSCE 813 - Farkas              19
AH Protected IP packet


IP header   AH header            Protected data


            authenticated




             CSCE 813 - Farkas                    20
               AH Header

Next header      Payload length         Reserved
        Security Parameter Index (SPI)
              Sequence number


              Authentication data (n*32 bit)



                   32 bit
                    CSCE 813 - Farkas              21
          Authentication Data
 AH protects outer IP header (unlike ESP)
 Computed by using
    – Authentication algorithm (MD5, SHA-1)
    – Cryptographic key (secret key)
 Sender: computes authentication data
 Recipient: verifies data



                      CSCE 813 - Farkas       22
Internet Key Exchange
         (IKE)
                       IKE
   Security Association (SA) defines
    processing done on IP packets
    – What algorithms to use
    – Parameters
    – Constraints
 SA need to be created
 IKE: establish shared security parameters
  and authenticated keys between IPsec peers
                     CSCE 813 - Farkas     24
                             IKE
 General purpose security exchange protocol
 Supports:
    – Policy negotiation
    – Establishment of authenticated keying material
   Based on three protocols
    – Internet Security Association and Key Management
      Protocol - ISAKMP ( NSA)
    – Oakley (Hilarie Orman)
    – SKEME (Hugo Krawczyk)


                           CSCE 813 - Farkas             25
                        ISAKMP
   Defines:
    – How two peers communicate
    – How messages are constructed
    – How to provide security
   Provides means to
    – Authenticate peers
    – Exchange information for key exchange
    – Negotiate security services
   Does not define
                                                     Specific
                                                 }
    – How a particular key exchange should be done
    – Parameters necessary for SA establishment
                                                     Key exchange
                                                     Protocols


                           CSCE 813 - Farkas                   26
Domain of Interpretation (DOI)
 Defines what the protocol is being used for
 Example: RFC 2407 (DOI of ISAKMP)
    – ISAKMP can be used to negotiate IKE and
     IPsec SAs




                    CSCE 813 - Farkas           27
                     IKE
 Request-response type of protocol
 Initiator: need to establish SA because of
  the SDA requirement on an outbound
  packet
 Responder: destination of the outgoing
  packet


                   CSCE 813 - Farkas           28
               Protection suite
   Defines:
    –   Encryption algorithm
    –   Hash algorithm
    –   Diffie-Hellman group
    –   Method of authentication
   IKE policy database:
    – List of protection suites weighted in order of
        preference

                       CSCE 813 - Farkas               29
        SA Establishement
 Phase 1: IKE SA is established
 Phase 2: IKE SA is used to establish IPsec
  Sas between communicating peers




                  CSCE 813 - Farkas            30
                         Phase 1
1.   Cookie exchange
        Protects responder by requesting that initiator submits valid
         cookie before value exchange and Diffie-Hellman key exchange
        Valid cookie: computed and verified by the responder
        Need cookie exchange
2.   Value exchange
        Establishes a shared secret key
        Uses Diffie-Hellman key exchange
        Negotiate parameters
        Result: shared, un-authenticated secret key
3.   Authentication exchange
        Keys and SA are authenticated
        Methods: preshared keys, DSS, RSA digital signature, encrypted
         nonce with RSA

                             CSCE 813 - Farkas                      31
                Phase 2
 Quick mode exchange
 Negotiate IPsec SA under the protection of
  IKE SA
 Keys derived from IKE secret state




                  CSCE 813 - Farkas            32

								
To top