1 / 26

Network Security (contd.)

Network Security (contd.). Bijendra Jain (bnj@cse.iitd.ernet.in). Lecture 5: IPSec. IPSec: IP Security. An IETF standard IPSec architecture and related standards published as refer RFC 1825 thru RFC 1829 Adrresses security issues arising from authentication and confidentiality

Download Presentation

Network Security (contd.)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Security (contd.) Bijendra Jain (bnj@cse.iitd.ernet.in) Tutorial on Network Security: Sep 2003

  2. Lecture 5: IPSec Tutorial on Network Security: Sep 2003

  3. IPSec: IP Security • An IETF standard • IPSec architecture and related standards published as refer RFC 1825 thru RFC 1829 • Adrresses security issues arising from • authentication and confidentiality • connecting a remote host to a server • Interconnecting two LANs using a public network • Applications: • wide-area networking of branch offices using Internet • Interconnecting supplier/distributor extranets to enterprise network • Telecommuting • E-commerce • Implemented in clients, servers or in routers Tutorial on Network Security: Sep 2003

  4. Public Network Enterprise LAN#1 Enterprise LAN#2 PC PC PC Router Router Server IPSec Scenario Tutorial on Network Security: Sep 2003

  5. Authentication header (AH) Encapsulating security payload (ESP), without AH Encapsulating security payload, with AH Access control Yes Yes Yes Connection-less integrity Yes Yes Data origin authentication Yes Yes Rejection of replayed packets Yes Yes Yes Confidentiality Yes Yes (Limited) Flow Confidentiality Yes Yes Security functions covered by IPSec Tutorial on Network Security: Sep 2003

  6. Modes in IPSec • Transport Mode • The payload in an IP packet is secured • E.g. TCP, UDP, ICMP headers, data • Tunnel Mode • The complete IP packet • including its header is secured Tutorial on Network Security: Sep 2003

  7. Public Network Enterprise LAN#1 Enterprise LAN#2 End-to-end authentication and/or encryption PC PC PC Router Router End-to-end authentication and/or encryption Server Transport Mode IPSec Tutorial on Network Security: Sep 2003

  8. Public Network Enterprise LAN#1 Enterprise LAN#2 End-system to ROUTER authentication and/or encryption PC PC Router Router Router-to-router authentication and/or encryption Server PC Tunnel Mode IPSec Tutorial on Network Security: Sep 2003

  9. Transport vs. Tunnel modes • ? Tutorial on Network Security: Sep 2003

  10. Public Network Enterprise LAN Enterprise LAN Enterprise LAN Enterprise LAN Router Router Router Router IPSec Tunnel mode • Advantages: • Only routers need to implement IPSec functions • Implement VPN (Virtual private network) Tutorial on Network Security: Sep 2003

  11. Original IP hdr TCP header TCP data Original IP hdr TCP header TCP data Authen. hdr Original IP hdr TCP header TCP data Authen. hdr NEW IP hdr IPSec: Authentication Header • Original IP packet • Encoded packet in “transport mode”? • Encoded packet in “tunnel mode”? Tutorial on Network Security: Sep 2003

  12. Original/new IP header Reserved (16 bits) Payload length Next header Identifier (32 bits) Sequence number (32 bits) AH (variable length, default 96 bits) Based on: MD5, or SHA-1 Covers TCP/UDP/ICMP header, data and portions of “non-mutable” IP headers Payload (IP or TCP packet) IPSec: packet format for AH Tutorial on Network Security: Sep 2003

  13. ESP hdr TCP data Original IP hdr TCP header TCP data Original IP hdr TCP header ESP trailer AH (optional) AH (optional) Original IP hdr TCP header TCP data ESP hdr NEW IP hdr ESP trailer IPSec: ESP (Encryption) • Original IP packet • Encoded packet in “transport mode”? • Encoded packet in “tunnel mode”? Tutorial on Network Security: Sep 2003

  14. Original/new IP header Identifier (32 bits) Sequence number (32 bits) Payload (TCP, or IP packet with padding, pad length, next header), suitably encrypted using 3DES, RC5 or … Authentication Header based on MD5, etc. authenticated encrypted Pad length, … IPSec: packet format for ESP Tutorial on Network Security: Sep 2003

  15. Public Network Enterprise LAN Enterprise LAN PC Server Combining security functions • Authentication with confidentiality • ESP, with AH • An AH inside a ESP (both in transport mode) Router Router Tutorial on Network Security: Sep 2003

  16. Public Network Enterprise LAN Enterprise LAN PC Router Server Router Combining security functions • An AH inside a ESP (both in transport mode), and all this within a ESP tunnel across the routers Tutorial on Network Security: Sep 2003

  17. Key exchange • Key generation and exchange using some “physical means” • Automated generation of keys • Oakley key determination and exchange • Based on Diffie-Hellman key generation algorithm • Oakley key exchanged protocol Tutorial on Network Security: Sep 2003

  18. Diffie-Hellman key generation • A distributed key generation scheme • Given q - a large prime number a – a primitive root of q (1 <= ak mod q < q, and distinct for all 1 <= k < q) • A: • picks XA (keeps it secret), • computes and sends YA  aXA mod q to B • B: • picks XB (keeps it secret), • computes and sends YB  aXB mod q A • A and B compute the secret shared key aXA XB YBXA orYAXB Tutorial on Network Security: Sep 2003

  19. Diffie-Hellman key generation • Man-in-the-middle attack • Assumes ability to intercept, and spoof XA, A2B XE, A2B A B E XE, B2A XB, B2A aXA*XE aXB*XE Tutorial on Network Security: Sep 2003

  20. Diffie-Hellman key generation • Issues with the algorithm: • What is the value of q, a? • Make available several sets, and let the parties negotiate • Man-in-the-middle attack • Use some form of authentication • Denial of service attack, arises from address-spoofing • Use cookies: • Replay attacks • Use nonces Tutorial on Network Security: Sep 2003

  21. Cookies • Cookies: A requests B’s attention B responds with a “cookie” (a random number), K A must return K in its subsequent messages • Characteristics of cookies: • Should depend upon data specific to B • Should use some secret information • Cookie generation and verification must be fast • B should not have to save the cookie • Example method used: • Hash sender/receiver IP address TCP port nos. and a secret value Tutorial on Network Security: Sep 2003

  22. Oakley Key exchange Tutorial on Network Security: Sep 2003

  23. Oakley Key exchange: part 1 • A to B ID of A, ID of B Initiator cookie, CK-A Encryption, hash, authentication algorithms Specific Diffie Hellman group (q, a) public key yA = aXA mod q Nonce NA SignedKR(A)[ID of A, ID of B, NA, q, a, yA] Tutorial on Network Security: Sep 2003

  24. Oakley Key exchange: part 2 • B to A ID of B, ID of A Responder cookie, CK-B, Returned initiator cookie, CK-A Encryption, hash, authentication algorithms Specific Diffie Hellman group (q, a) public key yB = aXB mod q Nonce NA, NB SignedKR(B)[ID of B, ID of A, NA, NB, q, a, yB yA] Tutorial on Network Security: Sep 2003

  25. Oakley Key exchange: part 3 • A to B ID of A, ID of B Returned cookie, CK-B, initiator cookie, CK-A Encryption, hash, authentication algorithms Specific Diffie Hellman group (q, a) public key yA = aXA mod q Nonce NA, NB SignedKR(A)[ID of A, ID of B, NA, NB, q, a, yB yA] Tutorial on Network Security: Sep 2003

  26. Thanks Tutorial on Network Security: Sep 2003

More Related