Download - Network Security (contd.)
04/19/23 Tutorial on Network Security: Sep 2003
1
Network Security (contd.)Network Security (contd.)
Bijendra Jain([email protected])
04/19/23 Tutorial on Network Security: Sep 2003
2
Lecture 5: IPSecLecture 5: IPSec
04/19/23 Tutorial on Network Security: Sep 2003
3
IPSec: IP SecurityIPSec: IP Security An IETF standard
– IPSec architecture and related standards published as refer RFC 1825 thru RFC 1829
Adrresses security issues arising from– authentication and confidentiality– connecting a remote host to a server– Interconnecting two LANs using a public network
Applications:– wide-area networking of branch offices using Internet– Interconnecting supplier/distributor extranets to enterprise network– Telecommuting– E-commerce
Implemented in clients, servers or in routers
04/19/23 Tutorial on Network Security: Sep 2003
4
IPSec ScenarioIPSec Scenario
Public Network
Enterprise LAN#1
Enterprise LAN#2
PC Server
Router Router
PC
PC
04/19/23 Tutorial on Network Security: Sep 2003
5
Security functions covered by IPSecSecurity functions covered by IPSec Authenticatio
n header (AH)Encapsulating security payload (ESP), without AH
Encapsulating security payload, with AH
Access control Yes Yes Yes
Connection-less integrity Yes Yes
Data origin authentication Yes Yes
Rejection of replayed packets Yes Yes Yes
Confidentiality Yes Yes
(Limited) Flow Confidentiality Yes Yes
04/19/23 Tutorial on Network Security: Sep 2003
6
Modes in IPSecModes in IPSec Transport Mode
– The payload in an IP packet is secured E.g. TCP, UDP, ICMP headers, data
Tunnel Mode– The complete IP packet
including its header is secured
04/19/23 Tutorial on Network Security: Sep 2003
7
Transport Mode IPSecTransport Mode IPSec
Public Network
Enterprise LAN#1
Enterprise LAN#2
PC Server
Router Router
PC
PC
End-to-end authentication and/or encryption
End-to-end authentication and/or encryption
04/19/23 Tutorial on Network Security: Sep 2003
8
Tunnel Mode IPSecTunnel Mode IPSec
Public Network
Enterprise LAN#1
Enterprise LAN#2
PC Server
Router Router
PC
PC
End-system to ROUTER authentication and/or encryption
Router-to-router authentication and/or encryption
04/19/23 Tutorial on Network Security: Sep 2003
9
Transport vs. Tunnel modesTransport vs. Tunnel modes
? Transport mode Tunnel Mode
AH: Authentication function
authenticates TCP/UDP/ICMP header and data
authenticates IP header and data
ESP: Encryption function
encrypts TCP/UDP/ICMP header and data
encrypts IP header and data
ESP with AH
encrypts and authenticates TCP/UDP/ICMP header and
encrypts IP header and data
04/19/23 Tutorial on Network Security: Sep 2003
10
IPSec Tunnel modeIPSec Tunnel mode Advantages:
– Only routers need to implement IPSec functions– Implement VPN (Virtual private network)
Public Network
Enterprise LAN
Router Router
RouterRouterEnterprise LAN
Enterprise LAN
Enterprise LAN
04/19/23 Tutorial on Network Security: Sep 2003
11
IPSec: Authentication HeaderIPSec: Authentication Header
Original IP packet
Encoded packet in “transport mode”?
Encoded packet in “tunnel mode”?
Original IP hdr
TCP header
TCP data
Original IP hdr
TCP header
TCP data
Authen. hdr
Original IP hdr
TCP header
TCP data
Authen. hdr
NEW IP hdr
04/19/23 Tutorial on Network Security: Sep 2003
12
IPSec: packet format for AHIPSec: packet format for AH
Reserved (16 bits)Payload length
Next header
Identifier (32 bits)
Sequence number (32 bits)
AH (variable length, default 96 bits)
Based on: MD5, or SHA-1
Covers TCP/UDP/ICMP header, data and portions of “non-mutable” IP headers
Payload (IP or TCP packet)
Original/new IP header
04/19/23 Tutorial on Network Security: Sep 2003
13
IPSec: ESP (Encryption)IPSec: ESP (Encryption)
Original IP packet
Encoded packet in “transport mode”?
Encoded packet in “tunnel mode”?
Original IP hdr
TCP header
TCP data
Original IP hdr
TCP header
TCP data
ESP hdr ESP trailer
AH (optional)
Original IP hdr
TCP header
TCP data
ESP hdrNEW IP hdr
ESP trailer
AH (optional)
04/19/23 Tutorial on Network Security: Sep 2003
14
IPSec: packet format for ESPIPSec: packet format for ESP
Identifier (32 bits)
Sequence number (32 bits)
Payload (TCP, or IP packet with padding, pad length, next header), suitably encrypted using 3DES, RC5 or …
Original/new IP header
Authentication Header based on MD5, etc.
encrypted
authenticated
Pad length, …
04/19/23 Tutorial on Network Security: Sep 2003
15
Combining security functionsCombining security functions Authentication with confidentiality
– ESP, with AH
An AH inside a ESP (both in transport mode)
PC
Server
Public Network
Enterprise LAN
Router
Router
Enterprise LAN
04/19/23 Tutorial on Network Security: Sep 2003
16
Combining security functionsCombining security functions An AH inside a ESP (both in transport mode), and all
this within a ESP tunnel across the routers
PC
Server
Public Network
Enterprise LAN
Router
Router
Enterprise LAN
04/19/23 Tutorial on Network Security: Sep 2003
17
Key exchangeKey exchange Key generation and exchange using some “physical
means” Automated generation of keys
– Oakley key determination and exchange Based on Diffie-Hellman key generation algorithm Oakley key exchanged protocol
04/19/23 Tutorial on Network Security: Sep 2003
18
Diffie-Hellman key generationDiffie-Hellman key generation A distributed key generation scheme Given q - a large prime number
a – a primitive root of q
(1 <= ak mod q < q, and distinct for all 1 <= k < q)
A:– picks XA (keeps it secret),– computes and sends YA aXA mod q to B
B:– picks XB (keeps it secret),– computes and sends YB aXB mod q A
A and B compute the secret shared key aXA XB
YBXA or YAXB
04/19/23 Tutorial on Network Security: Sep 2003
19
Diffie-Hellman key generationDiffie-Hellman key generation Man-in-the-middle attack
– Assumes ability to intercept, and spoof
A
E
BXA, A2B XE, A2B
XE, B2A XB, B2A
aXA*XE aXB*XE
04/19/23 Tutorial on Network Security: Sep 2003
20
Diffie-Hellman key generationDiffie-Hellman key generation Issues with the algorithm:
– What is the value of q, a? Make available several sets, and let the parties negotiate
– Man-in-the-middle attack Use some form of authentication
– Denial of service attack, arises from address-spoofing Use cookies:
– Replay attacks Use nonces
04/19/23 Tutorial on Network Security: Sep 2003
21
CookiesCookies Cookies:
A requests B’s attentionB responds with a “cookie” (a random number), KA must return K in its subsequent messages
Characteristics of cookies:– Should depend upon data specific to B– Should use some secret information– Cookie generation and verification must be fast– B should not have to save the cookie
Example method used:– Hash sender/receiver IP address TCP port nos. and a secret
value
04/19/23 Tutorial on Network Security: Sep 2003
22
Oakley Key exchangeOakley Key exchange
04/19/23 Tutorial on Network Security: Sep 2003
23
Oakley Key exchange: part 1Oakley Key exchange: part 1 A to B
ID of A, ID of B
Initiator cookie, CK-A
Encryption, hash, authentication algorithms
Specific Diffie Hellman group (q, a)
public key yA = aXA mod q
Nonce NA
SignedKR(A)[ID of A, ID of B, NA, q, a, yA]
04/19/23 Tutorial on Network Security: Sep 2003
24
Oakley Key exchange: part 2Oakley Key exchange: part 2 B to A
ID of B, ID of A
Responder cookie, CK-B, Returned initiator cookie, CK-A
Encryption, hash, authentication algorithms
Specific Diffie Hellman group (q, a)
public key yB = aXB mod q
Nonce NA, NB
SignedKR(B)[ID of B, ID of A, NA, NB, q, a, yB yA]
04/19/23 Tutorial on Network Security: Sep 2003
25
Oakley Key exchange: part 3Oakley Key exchange: part 3 A to B
ID of A, ID of B
Returned cookie, CK-B, initiator cookie, CK-A
Encryption, hash, authentication algorithms
Specific Diffie Hellman group (q, a)
public key yA = aXA mod q
Nonce NA, NB
SignedKR(A)[ID of A, ID of B, NA, NB, q, a, yB yA]
04/19/23 Tutorial on Network Security: Sep 2003
26
ThanksThanks