Download Lecture06: IP Security

Lecture 06
IP Security
Dr. Supakorn Kungpisdan
[email protected]
Outline








Motivation
IPSec Architecture
How IPSec Works
IPSec Security Protocols
IPSec Modes
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
2
Motivations
 Originally authentication and confidentiality were
not enforced at the IP level
 Source/Destination IP address spoofing
 Inspection of IP payload
 Replay
ITEC4621 Network Security
3
IP Spoofing Attack
router
a.b.c.100
NFS server
x.y.z.200
Authorized NFS client
x.y.x.201
UNAuthorized NFS client
router
a.b.c.100
NFS server
ITEC4621 Network Security
x.y.z.200 - shutdown
For maintenance
x.y.x.201 -> x.y.x.200
Authorized NFS client
Masquerading as authorised
client
4
Ping Of Death Attack
 ICMP, an integral part of IP, is utilized to report network
errors.
 PING (Packet InterNet Grouper) utilizes ICMP echo
request and reply packets to test host reachability.
 ICMP messages normally consist of the IP Header and
enclosed ICMP data with a default size of 64 bytes.
 If the Hacker sends an ICMP Echo request that is
greater than 65,536 bytes, this can crash or reboot the
system.
 A newer attack method modifies the header to indicate that
there is more data in the packet than there actually is.
ITEC4621 Network Security
5
Smurf Attack
 Hacker sends an ICMP echo request to the target network
with a destination broadcast address and a spoofed source
address of the target
 The network serves as a "bounce site" and returns an
echo reply packet for each station on the network
 The network serves to multiply the effect of the "ping". The echo
request packet could be sent to multiple networks
ITEC4621 Network Security
6
Why look for security at IP level?
 Below Transport Layer
 Not specific to network applications
 no need to change software at Application Layer
 Transparent to users
 no need to train users
 Enhance security when used with higher-level applications
 Enhance security of firewalls
 Easily identify authorised access to the network
ITEC4621 Network Security
7
What can be done at IP Layer?
 Authentication:
 Allows the receiver to validate the identity of a sender,
client/server machine or process.
 Integrity:
 Provides assurance to the receiver that the transmitted data
has not been changed.
 Confidentiality:
 Preventing the unwanted disclosure of information during
transit.
ITEC4621 Network Security
8
TCP/IP & Possible Security Enhancement
Kerboros, HTTPS, S/MIME, PGP…
Application
SSL, TLS
Transport
(TCP, UDP)
IPSec
Network (IP)
Data Link
Physical
ITEC4621 Network Security
9
IPSec
 A type of VPN (Virtual Private Network)
 Types of VPNs
 VPN over SSH (Secure Shell) and PPP (Point-to-point
Protocol)
 VPN over SSL/TLS (Secure Socket Layer/Transport Layer
Security) and PPP
 IPSec
 PPTP (Point-to-point Tunneling Protocol)
 etc.
ITEC4621 Network Security
10
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Security Protocols
IPSec Modes
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
11
An IP Security Scenario
ITEC4621 Network Security
12
Applications of IPSec
 Secure branch office connectivity over the Internet
 Save cost  no need to have leased line
 Secure remote access over the Internet
 Establishing extranet and intranet connectivity with partners
 Enhancing electronic commerce security
 Extranet enables B2B ecommerce transactions among business
partners
ITEC4621 Network Security
13
IP Security Architecture
ITEC4621 Network Security
14
IP Security Architecture (cont.)
 Architecture:
 general concepts, requirements, definitions, and mechanisms defining IPSec
technology
 Encapsulating Security Payload (ESP)
 Generally provide encryption to IP Payload (data) and optionally provide authentication
 Authentication Header (AH)
 Provide authentication to IP headers
 Encryption algorithm
 Describe encryption algo used for ESP
 Authentication algorithm
 Describe authentication algo. For AH and ESP
 Key Management
 Involve determination and distribution of secret keys
 Domain of interpretation (DOI)
 Contains identifiers for approved encryption and authentication algorithms, key lifetime
parameters, etc.
ITEC4621 Network Security
15
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Modes
IPSec Security Protocols
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
16
Security Associations
 a one-way relationship between sender & receiver that affords
security for traffic flow
 A party who wants to send and receive data needs 2 SAs
 defined by 3 parameters:
 Security Parameters Index (SPI)
 IP Destination Address
 Security Protocol Identifier (AH or ESP)
 has a number of other parameters
 seq no, AH & ESP info, lifetime etc
 have a database of Security Associations (SADs)
 Security services are afforded to an SA for the use of AH or ESP,
but not both
ITEC4621 Network Security
17
SAD Example
 Incoming packet contains SPI, dest IP, security protocol  used to
refer to an entry in SAD
 Can configure to specific app. E.g. http traffic
ITEC4621 Network Security
18
Security Policy Database (SPD)
 Make higher-level decision on what to do with IP packet
 SPD enforces protection policy, whereas SAD supplies the
necessary parameters and makes it possible.
ITEC4621 Network Security
19
How IPSec Works
SPD
IPSec needed? If so, pass to SAD
SAD
If so, check header to see how IPSec is implemented
SAD
Check header to see if IPSec packet is received
Remove IPSec header
Sender
Recipient
SPD
ITEC4621 Network Security
Decide to allow or drop incoming packet
20
How IPSec Works (cont.)
 Outbound Traffic: Send packet out to the network
 IPSec checks Security Policy Database (SPD) to decide to
 Let the packet go through without IPSec protected
 Drop packet
 Protect packet using IPSec
ITEC4621 Network Security
21
How IPSec Works (cont.)
Inbound Traffic: Incoming packet from the network
1. System determines Security Association (SA) for the packet.
SA is composed of:



Security Parameters Index (SPI): served as an index in Security
Association Database (SAD)
Destination IP Address
IPSec Data Manipulation Protocol (Authentication Header (AH) or
Encapsulation Security Payload (ESP))
2. Determine appropriate SA, then perform
authentication/decryption to extract data from IPSec data
3. Once original header is extract, look up SPD rules to see if it
matches any rule or not.
ITEC4621 Network Security
22
Example: Outbound Traffic
 SPD
Rule
#
Src IP
Dst IP
Src
Port
Dst
Port
Action
IPSec
Protocol
Mode
Outbound
SA Index
1
192.168.1.1
192.168.2.1
Any
80
IPSec
AH
Tunnel
400
2
192.168.1.23 192.168.2.5
Any
22
Accept
-
-
8500
 SAD
SPI
Src IP
Dst IP
Src
Port
Dst
Port
Parameter
Type
Pointer to
SPD
400
192.168.1.1
192.168.2.1
Any
80
.....
Outbound
1
8500
192.168.1.23
192.168.2.5
Any
22
-
-
2
ITEC4621 Network Security
23
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Security Protocols
IPSec Modes
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
24
Authentication Header (AH)
 provides support for data integrity & authentication of IP
packets
 end system/router can authenticate user/app
 prevents address spoofing attacks by tracking sequence
numbers
 based on use of a MAC
 HMAC-MD5-96 or HMAC-SHA-1-96
 parties must share a secret key
ITEC4621 Network Security
25
Authentication Header
Contain MAC of the packet
ITEC4621 Network Security
26
AH Frame
Mutable fields: fields that can be changed during transmission e.g. TTL
Immutable fields: source address, header length, destination address, upper-layer protocol
data e.g. TCP or UDP segments
ITEC4621 Network Security
27
Encapsulating Security Payload (ESP)
 provides message content confidentiality & limited traffic flow
confidentiality
 can optionally provide the same authentication services as AH
 supports range of ciphers, modes, padding




incl. DES, Triple-DES, RC5, IDEA, CAST etc
CBC & other modes
padding needed to fill blocksize, fields, for traffic flow
Current specs supports CBC-DES encryption
ITEC4621 Network Security
28
ESP (cont.)
ITEC4621 Network Security
29
ESP Frame
ITEC4621 Network Security
30
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Modes
IPSec Security Protocols
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
31
Transport Mode
 Typically used in peer-to-peer communications,
especially for internal networks
 Data packet is encrypted but the IP header is not.
 IP Payload and parts of IP header are authenticated
 No modification of original IP header. Only
authentication can be provided at header
ITEC4621 Network Security
32
Transport AH
ITEC4621 Network Security
33
Transport ESP
ITEC4621 Network Security
34
Tunnel Mode
 Used for remote access and site-to-site security
 Entire packet (header & payload) is encrypted and treated
as a Payload
 Then a new header is added to establish a “tunnel” for
original IP datagram
 Generally used between firewalls or gateways -> hosts in
network do not need to implement IPSec
 ESP encrypts entire inner IP datagram
 AH authenticates entire inner datagram and parts of outer
IP header
ITEC4621 Network Security
35
Tunnel AH and ESP
ITEC4621 Network Security
36
Transport VS Tunnel ESP
 Transport ESP mode is used to encrypt & optionally authenticate IP
data
 Data is protected but header is left in clear
 Can do traffic analysis but is efficient
 Good for ESP host-to-host traffic
 Tunnel ESP mode encrypts the entire IP packet
 Add new header for next hop
 Good for VPNs, gateway-to-gateway security
ITEC4621 Network Security
37
Transport Mode and Tunnel Mode
Functionality
Inner IP -> host
Outer IP -> gateway
ITEC4621 Network Security
38
Transport & Tunnel Modes
Transport: end-to-end
Tunnel: end-to-intermediate or intermediate-to-intermediate
ITEC4621 Network Security
39
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Security Protocols
IPSec Modes
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
40
Security Association Bundles
 SAs can implement either AH or ESP
 To implement both, we need to combine SA’s
 Form a security association (SA) bundle
 May terminate at different or same endpoints
 Combined by
 Transport adjacency
 Iterated tunneling
 issue of authentication & encryption order
 Authentication before encryption or encryption before
authentication?
ITEC4621 Network Security
41
Transport Adjacency
 Applying more than one security protocol to the same IP
packet.
 Combining AH & ESP -> performing at only one IPSec
instance
ITEC4621 Network Security
42
Transport Adjacency (cont.)
 Use two bundled transport SAs
 Inner SA  ESP without authentication option
 Payload is encrypted
 Outer SA  AH
 Authentication covers header + ESP
 However, need two SAs comparing to one SA
ITEC4621 Network Security
43
Iterated Tunneling
 Allow multiple levels of nesting
 Each tunnel can originate or terminate at different
IPSec site along the path
ITEC4621 Network Security
44
Iterated Tunneling (cont.)
ITEC4621 Network Security
45
Combining Security Associations
End-to-end
IPSec connection
Added confidentiality btw gateways from Case2
Simple VPN
Remote access to host through firewall
ITEC4621 Network Security
46
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Security Protocols
IPSec Modes
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
47
Key Management
 Handles key generation & distribution
 Typically need 2 pairs of shared keys
 2 per direction for AH & ESP
 Manual key management
 System admin manually configures every system
 Automated key management
 Automated system for on demand creation of keys for SA’s in large
distribution systems
 Has Oakley & ISAKMP elements
ITEC4621 Network Security
48
Oakley
 A key exchange protocol
 Based on Diffie-Hellman key exchange
 Adds features to address weaknesses
 cookies, groups (global parameters), nonces, DH key exchange with
authentication
 Can use arithmetic in prime fields or elliptic curve fields
ITEC4621 Network Security
49
ISAKMP
 Internet Security Association and Key Management Protocol
 provides framework for key management
 defines procedures and packet formats to establish, negotiate,
modify, and delete SAs
 independent of key exchange protocol, encryption alg, &
authentication method
 Initial version of ISAKMP deploys Oakley as its key exchange protocol
 Alternatively, Oakley protocol operates on top of ISAKMP protocol
ITEC4621 Network Security
50
ISAKMP
ITEC4621 Network Security
51
IPSec vs Firewalls
 Allow traffic on UDP port 500 (ISAKMP) to and from the IPSec
device
 If using IPSec in ESP mode, allow IP protocol 50 (ipv6-crypt) to and
from the IPSec device
 If using IPSec in AH mode, allow IP protocol 51 (ipv6-auth) to and
from the IPSec device
ITEC4621 Network Security
52
Testing IPSec
 Using traceroute
 Host-to-host: traceroute should show display only one hop: the
other end of the VPN
 Network-to-network: traceroute should show only gateways
and the host in the internet network.
 Using Telnet
 Sniffing telnet connection should not be able to read username
and password
ITEC4621 Network Security
53
Roadmap








Motivation
IPSec Architecture
How IPSec Works
IPSec Security Protocols
IPSec Modes
Combining Security Associations
IPSec Key Exchange and Management Protocol
IPSec benefits and limitations
ITEC4621 Network Security
54
Benefits of IPSec
 Enable business to rely heavily on the Internet and reduce its need
for private networks
 saving costs & network management
 Provide secure network access over the Internet
 An end-user whose system is equipped with IPSec can make a
local call to ISP and gain secure access to her/his company
 Provide secure communications between organisations by ensuring
authentication and confidentiality
 IPSec can be used to create secure tunnel through untrusted
(especially the Internet) networks
 Sites connected by these tunnels form Virtual Private Networks
(VPN)
ITEC4621 Network Security
55
Benefits of IPSec (cont.)
 Packet authentication makes various attacks harder
 Address masquerading
 Address spoofing
 IPSec tunnels can be very useful for secure remote administration
 In a non-end-to-end service, IPSec can ensure that messages
between a pair or a group of sites are encrypted
ITEC4621 Network Security
56
Some Limitations of IPSec
 IPSec cannot provide end-to-end security as systems work at higher
levels
 if you need emails encrypted from the sender’s desktop and decrypt
them at the receiver’s site)
 Cannot choose what email to by encrypted and not to be encrypted
 Specific applications have particular security requirements and
IPSec does not provide all security services:
 IPSec cannot provide total security for credit card payment systems
ITEC4621 Network Security
57
Is IPSec Everything You Need?
 Cryptography alone is not enough
 IPSec alone is not enough
 E.g: IPSec cannot provide digital signature services
 Many factors affect system security.
OS security
Data management
Key management
Correctness of implementation
of algorithms
 Proper system management
 Human factors




ITEC4621 Network Security
58
Questions?