IP Security Encryption Protocol _IPSec_ by ert554898


									IP Security Encryption
   Protocol (IPSec)
    Virginia Marques-Arbogast
            Spring 2007
 IPSec Encrypts and/or Authenticates all
  traffic at the IP level

 Secures distributed applications
  – Remote logon, client/server, email, file
    transfer, web access, etc.
       IP Security Architecture
 Security Services
 Security Protocols
  – Authentication Header (AH)
  – Encapsulating Security Payload (ESP)
 Security Associations
 Key Management
  – Manual
  – Automatic (The Internet Key Exchange (IKE))
 Algorithms for authentication and encryption
           Security Services
 Security Services at the IP layer
  – Enable a system to select required security
  – Determine the algorithms to use for the
  – Put in place any cryptographic keys required
    to provide the requested services
            Security Services
   Access Control
   Connectionless Integrity
   Data Origin Authentication
   Rejection of Replayed Packages
   Confidentiality
   Limited Traffic Flow Confidentiality
              Security Protocols
 IP Authentication Header (AH) protocol
  – connectionless integrity
  – data origin authentication
  – optional anti-replay service

 Encapsulating Security Payload (ESP) protocol
  –   confidentiality (encryption)
  –   limited traffic flow confidentiality
  –   connectionless integrity
  –   data origin authentication
  –   anti-replay service
     Security Associations (SA)
 Simplex "connection" that provides security services
  to the traffic carried by it
 Security services are provided to an SA by the use of
  AH, or ESP, but not both
 If both AH and ESP protection is applied to a traffic
  stream, then two (or more) SAs are created to provide
  protection to the traffic stream
 To secure typical, bi-directional communication
  between two hosts, or between two security gateways,
  two Security Associations (one in each direction) are
    Security Associations (SA)
 A SA is uniquely identified
  – Security Parameter Index (SPI)
  – IP Destination Address
  – Security protocol (AH or ESP) identifier
 Two Types of Security Associations
  – Transport Mode
  – Tunnel Mode
           Transport Mode
 Security Association between two hosts
 Provides protections for upper layer
  protocols (TCP, UDP or ICMP)
 In IPv4 the payload follow the IP header
  and before any higher layer protocols
  (e.g., TCP or UDP)
 In IPv6, the payload normally follow the
  base IP header and extensions
            Transport Mode
 Encapsulating Security Payload (ESP)
  – Encrypts IP payload but not IP header
  – Optionally authenticates IP payload

 Authentication Header (AH)
  – Authenticates IP payload and selected
    portions of IP Header
             Tunnel Mode
 Security Association between
  – A host and a security gateway
  – Two security gateways
 Protection to the entire IP packet
 “Outer” IP packet with new IP header
 “Inner” packet travels through a
              Tunnel Mode
 Encapsulating Security Payload (ESP)
  – Encrypts entire inner IP packet
  – Optionally authenticates inner IP packet

 Authentication Header (AH)
  – Authenticates entire inner IP packet plus
    selected portions of outer IP header
 Transport/Tunnel Mode Summary

 A host MUST support both transport and
  tunnel mode

 A security gateway is required to support
  only tunnel mode
 Security Policy Database (SPD)
 Specifies what services are to be offered
  to IP datagrams and in what fashion

 The SPD must be consulted during the
  processing of all traffic

 Each SDP entry defines a subset of IP
  traffic and points to an SA for that traffic
 A set of values that defines each SPD
  – Destination IP Address
  – Source IP Address
  – User ID
  – Data Sensitivity Level
  – Transport Layer Protocol
  – Source and Destination Ports
 Processing for each outbound IP packet
  – Compare selector fields against the SPD
  – Find matching SDP entry
  – Determine SA (if any) and associated SPI
  – Perform required IPSec Processing (AH or
       Authentication Header
 Support for data integrity

 Authentication of IP Packets
  – Based on the use of a message
    authentication code (MAC)
  – Guards against the replay attack
  – Prevents address spoofing attacks
     Authentication Header
 Next       Payload          RESERVED
Header       Length           (16 bits)
(8 bits)     (8 bits)
       Security Parameters Index (SPI)
                   (32 bits)
           Sequence Number
                (32 bits)
           Authentication Data
       Authentication Header
 Anti-Replay Service - Sender
  – Initializes the sequence number counter to
  – Increments the counter for each packet
  – Does not allow the sequence number to past
    232-1 back to 0
  – If limit 232-1 is reached  terminate this SA
    and negotiate a new SA with a new key
       Authentication Header
 Anti-Replay Service – Receiver
  – Implements a window of size W
  – Received packet falls within window and is
    new  MAC is checked / Slot is marked
  – Received packet falls to the right of window
    and is new  MAC is checked / Window is
    advanced / Slot is marked
  – Received packet falls to the left of window or
    authentication fails  Discard packet
       Authentication Header
 Integrity Check Value (ICV)
  – Message authentication code (truncated)
    produced by a MAC algorithm
  – Must support HMAC-MD5-96 and HMAC-
  – HMAC code is truncated by using the first 96
 Encapsulating Security Payload
 Confidentiality of message contents

 Limited traffic flow confidentiality

 Authentication (optional)
Encapsulating Security Payload
  Security Parameters Index (SPI) (32 bits)
        Sequence Number (32 bits)

          Payload Data (variable)

           Padding (0-255 bytes)
                            Pad Length   Next Header
            Authentication Data
 Encapsulating Security Payload
 Payload Data, Padding, Pad Length, and Next Header
  fields are encrypted

 Compliant implementation must support DES in Cipher
  Block Chaining (CBC)

 Other encryption algorithms
  –   Three-key triple DES
  –   RC5
  –   IDEA
  –   CAST
  –   Blowfish
 Encapsulating Security Payload
 Padding fields serves to
  – Expand the plaintext to the required length
  – Conceal the actual length of the payload
  – Align Pad length and Next Header to the
    right of a 32 bit word
          Key Management
 Determination and distribution of secret
 Transmit and receive pairs for both AH
  and ESP (four keys)
 Types
  – Manual
  – Automated- ISAKMP/Oakley
           Key Management
 Oakley Key Determination Protocol
  – Based on the Diffie-Hellman algorithm
  – Employs cookie exchange
  – Provides authentication (Digital signature,
    public key and symmetric key encryptions)
           Key Management
 – Defines procedures and packet formats to
   establish, negotiate, modify and delete
   Security Associations.

To top