620 likes | 927 Views
Lecture 05 IP Security. Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th. Outline. Motivation IPSec Architecture How IPSec Works IPSec Security Protocols IPSec Modes Combining Security Associations IPSec Key Exchange and Management Protocol IPSec benefits and limitations.
E N D
Lecture 05 IP Security Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th
NETE0519-ITEC4614 Outline • Motivation • IPSec Architecture • How IPSec Works • IPSec Security Protocols • IPSec Modes • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 Motivations • Originally authentication and confidentiality were not enforced at the IP level • Source/Destination IP address spoofing • Inspection of IP payload • Replay
NETE0519-ITEC4614 IP Spoofing Attack router a.b.c.100 NFS server x.y.z.200 Authorized NFS client x.y.x.201 UNAuthorized NFS client router a.b.c.100 NFS server x.y.x.201 -> x.y.x.200 Authorized NFS client Masquerading as authorised client x.y.z.200 - shutdown For maintenance
NETE0519-ITEC4614 Ping Of Death Attack • ICMP, an integral part of IP, is utilized to report network errors. • PING (Packet InterNet Grouper) utilizes ICMP echo request and reply packets to test host reachability. • ICMP messages normally consist of the IP Header and enclosed ICMP data with a default size of 64 bytes. • If the Hacker sends an ICMP Echo request that is greater than 65,536 bytes, this can crash or reboot the system. • A newer attack method modifies the header to indicate that there is more data in the packet than there actually is.
NETE0519-ITEC4614 Smurf Attack • Hacker sends an ICMP echo request to the target network with a destination broadcast address and a spoofed source address of the target • The network serves as a "bounce site" and returns an echo reply packet for each station on the network • The network serves to multiply the effect of the "ping". The echo request packet could be sent to multiple networks
NETE0519-ITEC4614 Why look for security at IP level? • Below Transport Layer • Not specific to network applications • no need to change software at Application Layer • Transparent to users • no need to train users • Enhance security when used with higher-level applications • Enhance security of firewalls • Easily identify authorised access to the network
NETE0519-ITEC4614 What can be done at IP Layer? • Authentication: • Allows the receiver to validate the identity of a sender, client/server machine or process. • Integrity: • Provides assurance to the receiver that the transmitted data has not been changed. • Confidentiality: • Preventing the unwanted disclosure of information during transit.
NETE0519-ITEC4614 TCP/IP & Possible Security Enhancement Application Kerboros, HTTPS, S/MIME, PGP… Transport (TCP, UDP) SSL, TLS Network (IP) IPSec Data Link Physical
NETE0519-ITEC4614 IPSec • A type of VPN (Virtual Private Network) • Types of VPNs • VPN over SSH (Secure Shell) and PPP (Point-to-point Protocol) • VPN over SSL/TLS (Secure Socket Layer/Transport Layer Security) and PPP • IPSec • PPTP (Point-to-point Tunneling Protocol) • etc.
NETE0519-ITEC4614 Roadmap • Motivation • IPSec Architecture • How IPSec Works • IPSec Security Protocols • IPSec Modes • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 An IP Security Scenario
NETE0519-ITEC4614 Applications of IPSec • Secure branch office connectivity over the Internet • Save cost no need to have leased line • Secure remote access over the Internet • Establishing extranet and intranet connectivity with partners • Enhancing electronic commerce security • Extranet enables B2B ecommerce transactions among business partners
NETE0519-ITEC4614 IP Security Architecture
NETE0519-ITEC4614 IP Security Architecture (cont.) • Architecture: • general concepts, requirements, definitions, and mechanisms defining IPSec technology • Encapsulating Security Payload (ESP) • Generally provide encryption to IP Payload (data) and optionally provide authentication • Authentication Header (AH) • Provide authentication to IP headers • Encryption algorithm • Describe encryption algo used for ESP • Authentication algorithm • Describe authentication algo. For AH and ESP • Key Management • Involve determination and distribution of secret keys • Domain of interpretation (DOI) • Contains identifiers for approved encryption and authentication algorithms, key lifetime parameters, etc.
NETE0519-ITEC4614 Roadmap • Motivation • IPSec Architecture • How IPSec Works • IPSec Modes • IPSec Security Protocols • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 Security Associations • a one-way relationship between sender & receiver that affords security for traffic flow • A party who wants to send and receive data needs 2 SAs • defined by 3 parameters: • Security Parameters Index (SPI) • IP Destination Address • Security Protocol Identifier (AH or ESP) • has a number of other parameters • seq no, AH & ESP info, lifetime etc • have a database of Security Associations (SADs) • Security services are afforded to an SA for the use of AH or ESP, but not both
NETE0519-ITEC4614 SAD Example • Incoming packet contains SPI, dest IP, security protocol used to refer to an entry in SAD • Can configure to specific app. E.g. http traffic 192.168.1.1
NETE0519-ITEC4614 Security Policy Database (SPD) • Make higher-level decision on what to do with IP packet • SPD enforces protection policy, whereas SAD supplies the necessary parameters and makes it possible.
NETE0519-ITEC4614 How IPSec Works SPD IPSec needed? If so, pass to SAD Sender SAD If so, check header to see how IPSec is implemented Check header to see if IPSec packet is received Remove IPSec header SAD Recipient Decide to allow or drop incoming packet SPD
NETE0519-ITEC4614 How IPSec Works (cont.) • Outbound Traffic: Send packet out to the network • IPSec checks Security Policy Database (SPD) to decide to • Let the packet go through without IPSec protected • Drop packet • Protect packet using IPSec
NETE0519-ITEC4614 How IPSec Works (cont.) Inbound Traffic: Incoming packet from the network • System determines Security Association (SA) for the packet. SA is composed of: • Security Parameters Index (SPI): served as an index in Security Association Database (SAD) • Destination IP Address • IPSec Data Manipulation Protocol (Authentication Header (AH) or Encapsulation Security Payload (ESP)) • Determine appropriate SA, then perform authentication/decryption to extract data from IPSec data • Once original header is extract, look up SPD rules to see if it matches any rule or not.
NETE0519-ITEC4614 Example: Outbound Traffic • SPD • SAD
NETE0519-ITEC4614 Roadmap • Motivation • IPSec Architecture • How IPSec Works • IPSec Security Protocols • IPSec Modes • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 Authentication Header (AH) • provides support for data integrity & authentication of IP packets • end system/router can authenticate user/app • prevents address spoofing attacks by tracking sequence numbers • based on use of a MAC • HMAC-MD5-96 or HMAC-SHA-1-96 • parties must share a secret key
NETE0519-ITEC4614 Authentication Header Contain MAC of the packet
NETE0519-ITEC4614 AH Frame Mutable fields: fields that can be changed during transmission e.g. TTL Immutable fields: source address, header length, destination address, upper-layer protocol data e.g. TCP or UDP segments
NETE0519-ITEC4614 Encapsulating Security Payload (ESP) • provides message content confidentiality & limited traffic flow confidentiality • can optionally provide the same authentication services as AH • supports range of ciphers, modes, padding • incl. DES, Triple-DES, RC5, IDEA, CAST etc • CBC & other modes • padding needed to fill blocksize, fields, for traffic flow • Current specs supports CBC-DES encryption
NETE0519-ITEC4614 ESP (cont.)
NETE0519-ITEC4614 ESP Frame
NETE0519-ITEC4614 Roadmap • Motivation • IPSec Architecture • How IPSec Works • IPSec Modes • IPSec Security Protocols • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 Transport Mode • Typically used in peer-to-peer communications, especially for internal networks • Data packet is encrypted but the IP header is not. • IP Payload and parts of IP header are authenticated • No modification of original IP header. Only authentication can be provided at header
NETE0519-ITEC4614 Transport AH
NETE0519-ITEC4614 Transport ESP
NETE0519-ITEC4614 Tunnel Mode • Used for remote access and site-to-site security • Entire packet (header & payload) is encrypted and treated as a Payload • Then a new header is added to establish a “tunnel” for original IP datagram • Generally used between firewalls or gateways -> hosts in network do not need to implement IPSec • ESP encrypts entire inner IP datagram • AH authenticates entire inner datagram and parts of outer IP header
NETE0519-ITEC4614 Tunnel AH and ESP
NETE0519-ITEC4614 Transport VS Tunnel ESP • Transport ESP mode is used to encrypt & optionally authenticate IP data • Data is protected but header is left in clear • Can do traffic analysis but is efficient • Good for ESP host-to-host traffic • Tunnel ESP mode encrypts the entire IP packet • Add new header for next hop • Good for VPNs, gateway-to-gateway security
NETE0519-ITEC4614 Transport Mode and Tunnel Mode Functionality Inner IP -> host Outer IP -> gateway
NETE0519-ITEC4614 Transport & Tunnel Modes Transport: end-to-end Tunnel: end-to-intermediate or intermediate-to-intermediate
NETE0519-ITEC4614 Roadmap • Motivation • IPSec Architecture • How IPSec Works • IPSec Security Protocols • IPSec Modes • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 Security Association Bundles • SAs can implement either AH or ESP • To implement both, we need to combine SA’s • Form a security association (SA)bundle • May terminate at different or same endpoints • Combined by • Transport adjacency • Iterated tunneling • issue of authentication & encryption order • Authentication before encryption or encryption before authentication?
NETE0519-ITEC4614 Transport Adjacency • Applying more than one security protocol to the same IP packet. • Combining AH & ESP -> performing at only one IPSec instance
NETE0519-ITEC4614 Transport Adjacency (cont.) • Use two bundled transport SAs • Inner SA ESP without authentication option • Payload is encrypted • Outer SA AH • Authentication covers header + ESP • However, need two SAs comparing to one SA
NETE0519-ITEC4614 Iterated Tunneling • Allow multiple levels of nesting • Each tunnel can originate or terminate at different IPSec site along the path
NETE0519-ITEC4614 Iterated Tunneling (cont.)
NETE0519-ITEC4614 Combining Security Associations End-to-end IPSec connection Added confidentiality btw gateways from Case2 Simple VPN Remote access to host through firewall
NETE0519-ITEC4614 Roadmap • Motivation • IPSec Architecture • How IPSec Works • IPSec Security Protocols • IPSec Modes • Combining Security Associations • IPSec Key Exchange and Management Protocol • IPSec benefits and limitations
NETE0519-ITEC4614 Key Management • Handles key generation & distribution • Typically need 2 pairs of shared keys • 2 per direction for AH & ESP • Manual key management • System admin manually configures every system • Automated key management • Automated system for on demand creation of keys for SA’s in large distribution systems • Has Oakley & ISAKMP elements
NETE0519-ITEC4614 Oakley • A key exchange protocol • Based on Diffie-Hellman key exchange • Adds features to address weaknesses • cookies, groups (global parameters), nonces, DH key exchange with authentication • Can use arithmetic in prime fields or elliptic curve fields
NETE0519-ITEC4614 ISAKMP • Internet Security Association and Key Management Protocol • provides framework for key management • defines procedures and packet formats to establish, negotiate, modify, and delete SAs • independent of key exchange protocol, encryption alg, & authentication method • Initial version of ISAKMP deploys Oakley as its key exchange protocol • Alternatively, Oakley protocol operates on top of ISAKMP protocol