260 likes | 516 Views
Network Security (contd.). Bijendra Jain (bnj@cse.iitd.ernet.in). Lecture 5: IPSec. IPSec: IP Security. An IETF standard IPSec architecture and related standards published as refer RFC 1825 thru RFC 1829 Adrresses security issues arising from authentication and confidentiality
E N D
Network Security (contd.) Bijendra Jain (bnj@cse.iitd.ernet.in) Tutorial on Network Security: Sep 2003
Lecture 5: IPSec Tutorial on Network Security: Sep 2003
IPSec: IP Security • An IETF standard • IPSec architecture and related standards published as refer RFC 1825 thru RFC 1829 • Adrresses security issues arising from • authentication and confidentiality • connecting a remote host to a server • Interconnecting two LANs using a public network • Applications: • wide-area networking of branch offices using Internet • Interconnecting supplier/distributor extranets to enterprise network • Telecommuting • E-commerce • Implemented in clients, servers or in routers Tutorial on Network Security: Sep 2003
Public Network Enterprise LAN#1 Enterprise LAN#2 PC PC PC Router Router Server IPSec Scenario Tutorial on Network Security: Sep 2003
Authentication header (AH) Encapsulating security payload (ESP), without AH Encapsulating security payload, with AH Access control Yes Yes Yes Connection-less integrity Yes Yes Data origin authentication Yes Yes Rejection of replayed packets Yes Yes Yes Confidentiality Yes Yes (Limited) Flow Confidentiality Yes Yes Security functions covered by IPSec Tutorial on Network Security: Sep 2003
Modes in IPSec • Transport Mode • The payload in an IP packet is secured • E.g. TCP, UDP, ICMP headers, data • Tunnel Mode • The complete IP packet • including its header is secured Tutorial on Network Security: Sep 2003
Public Network Enterprise LAN#1 Enterprise LAN#2 End-to-end authentication and/or encryption PC PC PC Router Router End-to-end authentication and/or encryption Server Transport Mode IPSec Tutorial on Network Security: Sep 2003
Public Network Enterprise LAN#1 Enterprise LAN#2 End-system to ROUTER authentication and/or encryption PC PC Router Router Router-to-router authentication and/or encryption Server PC Tunnel Mode IPSec Tutorial on Network Security: Sep 2003
Transport vs. Tunnel modes • ? Tutorial on Network Security: Sep 2003
Public Network Enterprise LAN Enterprise LAN Enterprise LAN Enterprise LAN Router Router Router Router IPSec Tunnel mode • Advantages: • Only routers need to implement IPSec functions • Implement VPN (Virtual private network) Tutorial on Network Security: Sep 2003
Original IP hdr TCP header TCP data Original IP hdr TCP header TCP data Authen. hdr Original IP hdr TCP header TCP data Authen. hdr NEW IP hdr IPSec: Authentication Header • Original IP packet • Encoded packet in “transport mode”? • Encoded packet in “tunnel mode”? Tutorial on Network Security: Sep 2003
Original/new IP header Reserved (16 bits) Payload length Next header Identifier (32 bits) Sequence number (32 bits) AH (variable length, default 96 bits) Based on: MD5, or SHA-1 Covers TCP/UDP/ICMP header, data and portions of “non-mutable” IP headers Payload (IP or TCP packet) IPSec: packet format for AH Tutorial on Network Security: Sep 2003
ESP hdr TCP data Original IP hdr TCP header TCP data Original IP hdr TCP header ESP trailer AH (optional) AH (optional) Original IP hdr TCP header TCP data ESP hdr NEW IP hdr ESP trailer IPSec: ESP (Encryption) • Original IP packet • Encoded packet in “transport mode”? • Encoded packet in “tunnel mode”? Tutorial on Network Security: Sep 2003
Original/new IP header Identifier (32 bits) Sequence number (32 bits) Payload (TCP, or IP packet with padding, pad length, next header), suitably encrypted using 3DES, RC5 or … Authentication Header based on MD5, etc. authenticated encrypted Pad length, … IPSec: packet format for ESP Tutorial on Network Security: Sep 2003
Public Network Enterprise LAN Enterprise LAN PC Server Combining security functions • Authentication with confidentiality • ESP, with AH • An AH inside a ESP (both in transport mode) Router Router Tutorial on Network Security: Sep 2003
Public Network Enterprise LAN Enterprise LAN PC Router Server Router Combining security functions • An AH inside a ESP (both in transport mode), and all this within a ESP tunnel across the routers Tutorial on Network Security: Sep 2003
Key exchange • Key generation and exchange using some “physical means” • Automated generation of keys • Oakley key determination and exchange • Based on Diffie-Hellman key generation algorithm • Oakley key exchanged protocol Tutorial on Network Security: Sep 2003
Diffie-Hellman key generation • A distributed key generation scheme • Given q - a large prime number a – a primitive root of q (1 <= ak mod q < q, and distinct for all 1 <= k < q) • A: • picks XA (keeps it secret), • computes and sends YA aXA mod q to B • B: • picks XB (keeps it secret), • computes and sends YB aXB mod q A • A and B compute the secret shared key aXA XB YBXA orYAXB Tutorial on Network Security: Sep 2003
Diffie-Hellman key generation • Man-in-the-middle attack • Assumes ability to intercept, and spoof XA, A2B XE, A2B A B E XE, B2A XB, B2A aXA*XE aXB*XE Tutorial on Network Security: Sep 2003
Diffie-Hellman key generation • Issues with the algorithm: • What is the value of q, a? • Make available several sets, and let the parties negotiate • Man-in-the-middle attack • Use some form of authentication • Denial of service attack, arises from address-spoofing • Use cookies: • Replay attacks • Use nonces Tutorial on Network Security: Sep 2003
Cookies • Cookies: A requests B’s attention B responds with a “cookie” (a random number), K A must return K in its subsequent messages • Characteristics of cookies: • Should depend upon data specific to B • Should use some secret information • Cookie generation and verification must be fast • B should not have to save the cookie • Example method used: • Hash sender/receiver IP address TCP port nos. and a secret value Tutorial on Network Security: Sep 2003
Oakley Key exchange Tutorial on Network Security: Sep 2003
Oakley Key exchange: part 1 • A to B ID of A, ID of B Initiator cookie, CK-A Encryption, hash, authentication algorithms Specific Diffie Hellman group (q, a) public key yA = aXA mod q Nonce NA SignedKR(A)[ID of A, ID of B, NA, q, a, yA] Tutorial on Network Security: Sep 2003
Oakley Key exchange: part 2 • B to A ID of B, ID of A Responder cookie, CK-B, Returned initiator cookie, CK-A Encryption, hash, authentication algorithms Specific Diffie Hellman group (q, a) public key yB = aXB mod q Nonce NA, NB SignedKR(B)[ID of B, ID of A, NA, NB, q, a, yB yA] Tutorial on Network Security: Sep 2003
Oakley Key exchange: part 3 • A to B ID of A, ID of B Returned cookie, CK-B, initiator cookie, CK-A Encryption, hash, authentication algorithms Specific Diffie Hellman group (q, a) public key yA = aXA mod q Nonce NA, NB SignedKR(A)[ID of A, ID of B, NA, NB, q, a, yB yA] Tutorial on Network Security: Sep 2003
Thanks Tutorial on Network Security: Sep 2003