1

IP SECURITYIP SECURITY

2

IPSec Three Functional Areas IPSec encompasses three functions,

Authentication Identify the Source address, i.e., against the forgers. Against alteration (Plaintext transmit only)

Confidentiality Prevent eavesdropping by 3rd party (ciphertext transmit)

Key management Exchange the secret keys securely.

3

IPSec Overview

Flexibility Not a sigle protocol

(Security algorithms decided by the pair of comm. entites) + (General framework)

Transparent to applications Encrypt and/or all traffic at the IP level. All the distributed applications could be secured.

4

Applications Secure branch office connectivity over the Internet Secure remote access over the Internet Establsihing extranet and intranet connectivity with

partners Enhancing electronic commerce security

5

IPSec Scenario

Encrypt and compress

Individual user is available

6

IPSec Document Overview

Domain of Interpretation

RFC-2406 RFC-2402

RFC-2401

RFC-2403,4HMAC-SHA-1HMAC-MD5

RFC-2403~53DES-CBCCAST

7

Security Association (SA)

A one-way relationsship between a sender and a receiver that specifies the parameters to the traffic carried.

Who to protect the traffic, what traffic to be protected and with whom the protection is performed.

Typically, SAs exist in pairs, one in each direction.

SAs reside in the Security Association Database.

8

Identified by three parameters:

Security Parameter Index (SPI) Bit string assigned to the certain SA, local sinificant

only. Carried in AH or ESP heades

IP Destination address Unicast addresses only

Security Protocol Identifier Indicate whether it’s a AH or ESP.

9

Security Association Database (SAD) Defines the parameters associated within each

SA.

The functionality provided by a SAD must be present in IPSec, however, the way it presents is depends on the implementor.

10

SA 8-Parameter in SAD

Sequence Number Counter 32-bit value Use to generate the sequence number in AH or ESP

header

Sequence Counter overflow If overflow, generate an auditable event and

terminate such a SA.

Anti-Replay Window Determine whether an inbound AH or ESP packet is

replay.

11

AH Information All the details of authentication algorithm within this

SA.

ESP Information All the details of the Encryption algorithm within this

SA.

Lifetime of this Security Association

IPSec protocol Mode Tunnel, Transport, or wildcard.

Path MTU

12

Anti-Replay Mechanism

Sequence number (Sender) 1. The sender initialized a sequence number counter

once a new SA is established.

2. The sender will increase the sequence number by one once a packet is sent on this SA till the limit, (232 – 1), is reached.

3. The sender should terminate a SA in which the sequence number is maximum and negotiate a new SA with a new key.

13

Sliding receive window (Receiver)Advance the window if the validpacket to the “right” is received

Fixed window size

Unmarked if valid packet not yet received

irretrievably lost

14

Security Policy Database (SPD)

Maintain the IPSec policies.

Each entry defines, Which IP traffic to be protected,

IP traffic selectors IPSec policy. (SPD)

How to protect it. One of three actions to take upon IP traffic match

Discard Bypass Apply An SA or a bundle of SAs.

With whom the protection is shared

15

Map to the SAD. (per packet or per SPD entry). In other words, points to an SA for a certain IP traffic.

16

SA 10-Selector in SPD

Destination IP address Source IP address UserID Data Sensitivity level Transport layer protocol IPSec protocol Source and Destination ports IPv6 class IPv6 Flow label IPv4 Type of Service(TOS)

17

IPSec

SA AH or ESP or ESP/AH

AH Authenticated only, i.e., the payload of the IP packet

will be transmitted in “plaintext”.

ESP Authentication is an option. Ciphertext

Each AH and ESP has two modes Transport Tunnel

18

Transport Mode vs. Tunnel Mode

Transport mode Only the IP payload will be protected. Origin IP address is the outbound address.

Tunnel mode The entire IP packet (including IP address) will be

protected. A router or firewall’s IP address will be the destination

address instead.

19

Authentication Header (AH)

Design to provide Integrity Authentication

Does not support Confidentiality

Guards against the replay attack

20

AH Fields

Next header: Identify the type of the next header. IP protocol number for AH is 51.

Payload length: {[Total length of AH (in word) ] – 2 } In default case, the length is 4.

Reserved For future usage.

SPI: Identifies a SA

Sequence number: a monotonically increasing counter for anti-replay.

21

Authentication data: contains Integrity check value (ICV) or message

authentication code (MAC) HMAC-MD5-96 HMAC-SHA-1-96

22

MAC Calculation

IP header immutable : available mutable but predictable : available mutable but unpredictable : set to zero

TOS, Flags, TTL, IP hdr checksum, fragment offset

AH header Other than the Authentication Data field. Namely, set that field to zero.

IP payload immutabel.

23

Mutable Field in IPv4 Format

Total length

Fragment Offset

0 4 8 16 19 31

Flag

Ver TOSIHL

Identification

ProtocolTTL Header Checksum

Source Address

Destination Address

Options + Padding

24

Mutable Fields in IPv6 Format

Flow Label

Next hdr

Traffic ClassVer

Payload length Hop limit

Source Address

Destination Address

0 4 8 16 19 31

4-word

4-word

Extension Header

25

IPv6 with Extension Headers

IPv6 Header

Hop-by-Hop opt. hdr

Destination Opt. hdr

Routing Header

Fragment Header

AH

ESP

Destination Opt. hdr

26

AH Format

Payload LengthNext Header

Security Parameters Index (SPI)

Sequence Number

Authentication Data (variable)

0 8 16 31

Reserved

27

Origin IPv4 and IPv6

Orig IPhdr

TCP DataIPv4

Orig IPhdr

TCP DataExtension headers

(If present)IPv6

28

Transport Mode AH

Authenticated except for mutable fields

Orig IPhdr

AH TCP DataIPv4

Orig IPhdr

dest TCP DataAHHop-by-hop, dest,routing, fragment

IPv6

Authenticated except for mutable fields

29

Tunnel Mode AH

Orig IPhdr

AH TCP Data

Authenticated except formutable fields in the new IP hdr

IPv4New IP

hdr

IPv6

Authenticated except for mutable fieldsin the new IP hdr and its extension hdrs

Orig IPhdr

TCP DataAHExtensionheaders

New IPhdr

Extensionheaders

IP TCP DataIPv4

30

AH Approach

Transport SA

Tunnel SA

Transport SA

31

Encapsulating Security Payload (ESP)

ESP Provide confidentiality only.

ESP/AH Support both encryption and authentication

32

ESP Fields

Security parameters index (SPI) Identifies a certain SA

Sequence number The same as in AH

Payload data protected by encryption

Padding Encryption algorithm

Next header Identifies the type of data contained in the payload. IP protocol number is 50.

Authentication data MAC computes over the (ESP packet – Authentication Data)

33

ESP Format

Payload Data (variable)

Pad Length Next Header

Security Parameters Index (SPI)

Sequence Number

Padding (0-255 bytes)

Authentication Data (variable)

0 16 24 31

Aut

hent

icat

ion

cove

rage

Con

fide

ntia

lity

cov

erag

e

34

Encryption and Authentication in ESP

Encryption algorithm The cryptographic synchronization (IV) may be

carried at the beginning of the payload Although being part of the ciphertext, IV won’t, in

general, be encrypted. Essential : DES in CBC mode Others : 3DES, RC5, IDEA, 3IDEA, CAST, Blowfish

symmetric key encryption

Authentication algorithm The same as in AH. Ciphertext+ ESP tailer

35

Transport Mode ESP

Orig IPhdr

ESPhdr

TCP DataESPtrlr

ESPauth

Orig IPhdr

dest TCP DataESPtrlr

ESPauth

ESPhdr

Hop-by-hop, dest,routing, fragment

IPv4

IPv6

Authenticated

Encrypted

Authenticated

Encrypted

IP TCP DataIPv4

36

Tunnel Mode ESP

Orig IPhdr

ESPhdr

TCP DataESPtrlr

ESPauth

new IPhdr

extheaders TCP Data

ESPtrlr

ESPauth

ESPhdr

extheaders

IPv4

IPv6

Authenticated

Encrypted

Authenticated

Encrypted

new IPhdr

orig IPhdr

IP TCP DataIPv4

37

ESP Approach

VPN via Tunnel Mode

Transport-level security

38

Functionality of Tunnel and Transport Mode

Transport Mode SA Tunnel Mode SA

AHAuthenticates IP payload and selected portions of IP header and IPv6 extension headers

Authenticates entire inner IP packet plus selected portions of outer IP header and outer IPv6 extension headers

ESPEncrypts IP payload and any IPv6 extesion header following the ESP header

Encrypts inner IP packet

ESP/AH

Encrypts IP payload and any IPv6 extesion header following the ESP header. Authenticates IP payload but no IP header

Encrypts inner IP packet. Authenticates inner IP packet.

39

IPSec Services Summary

AH ESP ESP/AH

Access control

Integrity

Authentication

Anti-replay

Confidentiality

Limited traffic flow confidentiality