Download IPSec (IP Security)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts

Unix security wikipedia , lookup

One-time pad wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Cryptanalysis wikipedia , lookup

Airport security wikipedia , lookup

Information security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Distributed firewall wikipedia , lookup

Cryptography wikipedia , lookup

History of cryptography wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Mobile security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Security-focused operating system wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Authentication wikipedia , lookup

3-D Secure wikipedia , lookup

Transcript 
Advanced Computer Networks SS2004
IPSec (IP Security)
Florian Limberger
Outline
●
●
●
●
Introduction
Internet Key Exchange
IPSec Protocols and Modes
Management Control
motivation
Where to put security?
●
application security
–
–
●
“really” secure (end-to-end)
applications must be modified
ssh,sftp,https
network (IP)-layer security (IPSec)
–
–
–
“general” security
applications remain unchanged
applications must rely on “lower” security
IPSec overview
●
●
●
●
●
●
designed by IETF
RFCs 2401, 2402, 2406, 2408, 2409
rather framework then single protocol
high granularity
(different modes for each flow)
Different Security Services
optional for IPv4, mandatory for IPv6
security services
●
●
●
●
●
Access Control
Integrity
Authentication
Anti-Replay service
Confidentiality
main parts
●
1st part („connection setup“)
–
–
–
peer authentication
negotiation of cryptographic parameters
agreement on shared secret keys
IKE (Internet Key Exchange), SA (Security Association)
●
2nd part („bulk data transfer“)
–
application of security services
AH (Authentication Header), ESP (Encapsulating Security Payload)
SA – security association
●
●
kind of connection
uniquely identified by 3 parameters:
–
–
–
Security Parameters Index (SPI)
local significance only, identifies SA
IP Destination Address
address of destination endpoint of the SA
Security Protocol Identifier
AH or ESP
SA parameters
●
●
●
●
●
●
Lifetime of this SA
AH/ESP Information
authentication/encryption algorithm, keys,
liftetime
IPSec Protocol Mode
tunnel, transport
anti-replay window
sequence number counter
...
IKE - internet key exchange
●
connection setup
peer authentication
key exchange
SA creation and negotiation
on-demand creation of keys
●
udp, port 500, ISAKMP
●
●
●
●
(Internet Security Association and Key Management Protocol)
●
uses Diffie-Hellman key exchange algorithm
IKE Phase1
●
●
plaintext messages
peer authentication through
–
–
–
●
pre-shared keys (PSK)
RSA keys
X.509 certificates
creation of ISAKMP - SA
IKE Phase2
●
●
●
●
●
encrypted messages
(with key from Phase1)
second set of shared secret keys
Phase1-SA is used to setup IPSec SAs
usually (at least)two unidirectional IPSec SAs
Phase2 repeated to change keys,
Phase1-SA remains
Data Encryption and
Authentication
●
2 Attributes:
–
Protocol
controls whether the data packet is protected by
confidentiality or message authentication (or both)
–
Mode
controls in what way and how much of the data packet is
protected
AH – Authentication header
●
●
●
●
IP protocol 51
24 bytes
provides data integrity and authentication
integrity:
–
●
undetected modification not possible
authentication:
–
–
authenticate sender
spoofing attacks not possible
(src and dst fields are protected)
AH
Integrity Check Value (ICV)
●
●
●
contained within authentication data field
hashed message authentication code
(HMAC)
hash over:
–
–
–
secret key
payload
immutable parts of the IP header
using first 96bits
HMAC-MD5-96, HMAC-SHA-1-96
●
anti-replay service
●
●
●
●
●
use of sequence number
retransmission of packet -> different number
receiver has anti-replay window
duplicated packets are discarded
if exhausted (2^32) -> create new SA
ESP – Encapsulating Security
Payload
●
●
IP protocol 50
provides
–
–
–
message contents confidentiality
limited traffic flow confidentiality
optional: authentication services
ESP
encryption
●
●
symmetric cipher (performance)
3DES,RC5,IDEA,CAST,Blowfish
padding:
–
–
necessary for block ciphers
usefull for partial traffic flow confidentiality
IPSec protocol modes
●
Transport mode
–
–
–
–
●
protection for upper-layer protocols
end-to-end, between two hosts
encryption of payload only
authenticaton of payload + header (only AH)
Tunnel mode
–
–
–
protection of entire IP packet
“old” packet is packed into new one
tunnel:
●
●
–
security gateway <-> security gateway
security gateway <-> host
used for Virtual Private Networks
IPSec modes
AH modes
transport
tunnel
ESP modes
transport
tunnel
AH vs. ESP
●
●
●
●
originally:
AH only integrity, ESP only confidentiality
AH not possible with NAT
AH prevents spoofing
ESP: HMAC after trailer -> faster
Management Control
●
IPSec protection
–
–
●
based on policy choices defined in the SPD
established and maintained by a user
Security Policy Database (SPD)
–
–
defines subset of IP traffic
ip-address (src,dst), ports, transport layer protocol, etc.
points to SA
inbound traffic
●
●
●
IPSec "layer" receives a packet from the network
Headers of the packet are analysed
If IPSEC was used to transmit
–
–
–
Determine SA details (over SPI)
Consult the SA Database to validate/decipher the packet
Once validated/deciphered the appropriate action for the
packet is determined and it is forwarded according to the
rules in the SPD
outbound traffic
●
●
●
IPSec "layer" receives data to be sent
It consults SPD to determine what should be done
If IPSEC is to be used
–
–
–
●
IPSEC engine recovers the SA and checks the SAD
If no entry exists, one will be created (IKE, etc.)
Rules for the flow are considered
If not, the packet is processed normally
References
●
●
Computer Networks
Larry Peterson & Bruce S. Davie
Cryptography and Network Security
William Stallings
Related documents
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Network Layer Security
Network Layer Security
Network Security
Network Security
Slide 1
Slide 1
ppt
ppt
William Stallings, Cryptography and Network Security 4/e
William Stallings, Cryptography and Network Security 4/e
CSCE 790: Computer Network Security
CSCE 790: Computer Network Security
Chapter 9
Chapter 9
IPSEC Presentation
IPSEC Presentation
Slides
Slides
Slide 1
Slide 1