1 / 33

Internet Security CSCE 813 IP s ec

Internet Security CSCE 813 IP s ec. TCP/IP Protocol Stack. Application Layer. Transport Layer. Network Layer. Data Link Layer. Network Layer. Provides connectionless service Routing (routers): determine the path a path has to traverse to reach its destination

brandi
Download Presentation

Internet Security CSCE 813 IP s ec

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internet Security CSCE 813IPsec

  2. TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer CSCE813 - Farkas

  3. Network Layer • Provides connectionless service • Routing (routers): determine the path a path has to traverse to reach its destination • Defines addressing mechanism • Hosts should conform to the addressing mechanism CSCE813 - Farkas

  4. Communication Between Layers Application Data Application layer Application layer Transport payload Transport layer Transport layer Network Payload Network layer Network layer Network layer Network layer Data Link layer Data Link layer Data Link layer Data Link layer Data Link Payload Host A Router Router Host B CSCE813 - Farkas

  5. Network Layer and Security In most network architecture and corresponding communication protocol stack: network layer protocol data units are transmitted in the clear: • Easy to inspect the data content • Easy to forge source or destination address • Easy to modify content • Easy to replay data Need network layer security protocol CSCE813 - Farkas

  6. Network Layer Protocols Several protocols have been proposed: • Security Protocol 3 (SP3): U.S. NSA and NIST as part of the secure data network system (SDNS) • Network Layer Security Protocol (NLSP): ISO for Connectionless Network Protocol (CLNP) • Integrated NLSP (I-NLSP): NIST, for both IP and CLNP • swIPe: John Ioannidis and Matt Blaze at Berkley Univ. Used in Unix environment CSCE813 - Farkas

  7. Internet Engineering Task Force Standardization • IPv6 development requirements: Strong security features • Security features algorithm-independent • Must enforce wide variety of security policies • Avoid adverse impact on Internet users who do not need security • 1992: IPSEC WG (IETF) • Define security architecture • Standardize IP Security Protocol and Internet Key Management Protocol • 1998: revised version of IP Security Architecture • IPsec protocols (two sub-protocols AH and ESP) • Internet Key Exchange (IKE) CSCE813 - Farkas

  8. IPsec • Provides security for IP and upper layer protocols • Suit of algorithms: • Mandatory-to-implement • Assures interoperability • Easy to add new algorithms CSCE813 - Farkas

  9. IP Security Overview IPSec: method of protecting IP datagrams • Data origin authentication • Connectionless data integrity authentication • Data content confidentiality • Anti-replay protection • Limited traffic flow confidentiality CSCE813 - Farkas

  10. IP Security Architecture IPsec module 1 IPsec module 2 SPD SPD IKE IKE IPsec IPsec SAD SAD SA CSCE813 - Farkas

  11. Security Association • Associates security services and keys with the traffic to be protected • Identified by Security Parameter Index (SPI)  retrieve correct SA parameters from Security Association Database (SAD) • Ipsec protocol identifier • Destination address (direction) • Simplex connection  need to establish two SAs for secure bidirectional communication CSCE813 - Farkas

  12. Security Association • Defines security services and mechanisms between two end points (or IPsec modules): • Hosts • Network security gateways (e.g., routers, application gateways) • Hosts and security gateways • Security service, parameters, mode of operation, and initialization vector • e.g., Confidentiality using ESP with DES in CBC mode with IV initialization vector CSCE813 - Farkas

  13. Security Association • May use either Authentication Header (AH) or Encapsulating Security Payload (ESP) but not both  if both AH and ESP are applied, need two SAs • Bundle: set of SAs through which traffic must be processed CSCE813 - Farkas

  14. SA -- Lifetime • Amount of traffic protected by a key and time frame the same key is used • Manual creation: no lifetime • Dynamic creation: may have a lifetime CSCE813 - Farkas

  15. SA -- Security Granularity User (SSO) specified • Host-oriented keying • All users on one host share the same session key • Not recommended! • User-oriented keying • Each user on one host have one or of more unique session keys • Session-unique keying • Single session key is assigned to a give IP address, upper-layer protocol, and port number CSCE813 - Farkas

  16. Security Policy Database (SPD) • Defines: • What traffic to be protected • How to protect • With whom the protection is shared • For each packet entering or leaving an IPsec implementation SPD is used to determine security mechanism to be applied • Actions: • Discard: do not let packet in or out • Bypass: do not apply or expect security services • Protect: apply/expect security services on packets CSCE813 - Farkas

  17. Anti-replay Protection • Not explicitly part of the architecture • Protection by sequence number (32-bits) and sliding receive window (64-bits) • When SA is created: sequence number is initiated to zero • Prior to IPsec output processing: sequence number is incremented Sliding window of received packets 1 1 1 1 0 1 0 1 1 1 1 1 1 1 1 1 0 Packet stream N N+5 N+7 New packet CSCE813 - Farkas

  18. IPSec • Protection for IP and upper layer protocols • IPSec protocols • Encapsulating Security Payload (ESP) • Proof of data origin, data integrity, anti-replay protection • Data confidentiality and limited traffic flow confidentiality • Authentication Header (AH) • Proof of data origin, data integrity, anti-replay protection CSCE813 - Farkas

  19. IPsec • Security provided by ESP or AH is dependent on the cryptographic algorithms applied to them • Default encryption algorithm: DES CBC • Not suited for highly sensitive data or • For data that must remain secure for extended period of time • Authentication and/or confidentiality requires shared keys • Manual key addition is supported but scales poorly • Internet Key Exchange (IKE): key management protocol CSCE813 - Farkas

  20. AH and ESP • Transport mode: protect upper layer protocols • IPSec header is inserted between the IP header and the upper-layer protocol header • Communication endpoints must be cryptographic endpoints protected IP Payload IPsec CSCE813 - Farkas

  21. protected IP IPsec IP Payload AH and ESP • Tunnel mode: protect entire IP datagram • Entire IP packet to be protected is encapsulated in another IP datagram and an IPsec header is inserted between the outer and inner IP headers New IP header Original IP header CSCE813 - Farkas

  22. Authentication Header (AH) • Does NOT provide confidentiality • Provides: • Data origin authentication • Connectionless data integrity • May provide: • Non-repudiation (depends on cryptographic alg.) • Anti-replay protection • Precision of authentication: granularity of SA • Protocol number: 51 CSCE813 - Farkas

  23. AH Protected IP packet IP header AH header Protected data authenticated CSCE813 - Farkas

  24. Security Parameter Index Sequence number Authentication data (n*32 bit) AH Header Reserved Payload length Next header 32 bit CSCE813 - Farkas

  25. Authentication Data • Computed by using • authentication algorithm (MD5, SHA-1) • cryptographic key (secret key) • Sender: computes authentication data • Recipient: verifies data CSCE813 - Farkas

  26. Encapsulating Security Payload (ESP) • Provides: • Confidentiality • Authentication (not as strong as AH: IP headers below ESP are not protected) • Limited traffic flow confidentiality • Anti-replay protection • Protocol number: 50 CSCE813 - Farkas

  27. ESP Protected IP packet encrypted Protected data ESP Trailer IP header ESP header authenticated CSCE813 - Farkas

  28. ESP header and trailer • ESP packet processing: • Verify sequence number • Verify integrity • Decrypt • ESP header: not encrypted • Contains: SPI and sequence number • ESP trailer: partially encrypted • Contains: padding, length of padding, next protocol, authentication data CSCE813 - Farkas

  29. Security Parameter Index Sequence number Authentication data (n*32 bit) ESP Format Authen- ticity protected Payload data padding padding Pad length Next header Confidentiality protected CSCE813 - Farkas

  30. ESP • SA has multiple algorithms defined: • Cipher: for confidentiality • Authenticator: for authenticity • Each ESP has at most: • one cipher and one authenticator or • one cipher and zero authenticator or • zero cipher and one authenticator or • Disallowed: zero cipher and zero authenticator or CSCE813 - Farkas

  31. Encryption • Block ciphers in Cipher Block Chain (CBC) mode • Need • Padding at the end of data • Initialization vector (IV) – contained in the packet CSCE813 - Farkas

  32. Encryption and Compression • Interdependence between encryption and compression • When encryption is applied at Internet layer  prevents effective compression by lower protocol layers • IPsec: does not provide data compression CSCE813 - Farkas

  33. Key Management Protocols • IP security architecture supports manual and automated SA and key agreement • Key management protocol: e.g., IKE • Proposals for automated key management protocol CSCE813 - Farkas

More Related