Download CSCE 790: Computer Network Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Deep packet inspection wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Authentication wikipedia , lookup

Transcript
CSCE 715:
Network Systems Security
Chin-Tser Huang
[email protected]
University of South Carolina
Security in Network Layer



Implementing security in application layer
provides flexibility in security policy and key
management
Problem is need to implement security
mechanism in every application individually
To reduce the overhead, implement security
in network layer to provide security for all
applications between selected pair of
computers
02/23/2009
2
IPSec


Current security standard for IP layer
Provide general security services for IP





Authentication
Confidentiality
Anti-replay
Key management
Applicable to use over LANs, across public
and private WANs, and for the Internet
02/23/2009
3
Scenario of IPSec Uses
02/23/2009
4
Benefits of IPSec





Provide strong security to all traffic crossing
the perimeter if installed in a firewall/router
Resistant to bypass
IPSec is below transport layer, hence
transparent to applications
Can be transparent to end users
Can provide security for individual users if
desired
02/23/2009
5
IP Security Architecture


Specification is quite complex
Defined in numerous RFC’s



Two protocols



RFC 2401/2402/2406/2408
many others, grouped by category
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Mandatory in IPv6, optional in IPv4
02/23/2009
6
Security Association (SA)



A unidirectional relationship between sender
and receiver that affords security for traffic
flow
Each IPSec computer maintains a database of
SA’s
Defined by 3 parameters



Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
02/23/2009
7
SA Parameters







Sequence Number Counter
Sequence Number Overflow
Anti-Replay Window
AH and ESP information
Lifetime
IPSec Protocol Mode
Path MTU
02/23/2009
8
Authentication Header (AH)

Provide support for data integrity and authentication
of IP packets




Based on use of a MAC



end system/router can authenticate user/app
prevent address spoofing attacks
guard against replay attacks by tracking sequence numbers
HMAC-MD5-96 or HMAC-SHA-1-96
MAC is calculated over IP header fields that are either
immutable or predictable, AH header other than
authentication data, and entire upper-level protocol data
Parties must share a secret key
02/23/2009
9
Authentication Header
02/23/2009
10
Transport vs Tunnel Mode AH

Transport mode is used to authenticate IP
payload and selected portion of IP header


good for host to host traffic
Tunnel mode authenticates entire IP packet
and selected portion of outer IP header

good for VPNs, gateway to gateway security
02/23/2009
11
End-to-End vs End-to-Intermediate
Authentication
02/23/2009
12
Scope of AH Authentication
02/23/2009
13
Encapsulating Security Payload
(ESP)



Provide message content confidentiality and
limited traffic flow confidentiality
Can optionally provide the same
authentication services as AH
Support range of ciphers, modes, padding



DES, Triple-DES, RC5, IDEA, CAST etc
CBC most common
pad to meet blocksize, for traffic flow
02/23/2009
14
Encapsulating Security Payload
02/23/2009
15
Padding

Serve several purposes



expand the plaintext to required length
make Pad Length and Next Header fields
aligned to 32-bit word boundary
conceal actual length of payload
02/23/2009
16
Transport vs Tunnel Mode ESP

Transport mode is used to encrypt and
optionally authenticate IP data




data protected but header left in clear
can suffer from traffic analysis but is efficient
good for ESP host to host traffic
Tunnel mode encrypts entire IP packet



add new header for next hop
can counter traffic analysis
good for VPNs, gateway to gateway security
02/23/2009
17
Transport vs Tunnel Mode ESP
02/23/2009
18
Scope of ESP Encryption and
Authentication
02/23/2009
19
Combining Security Associations



SAs can implement either AH or ESP, but each
SA can implement only one
Some traffic flows may require services of
both AH and ESP, while some other flows may
require both transport and tunnel modes
To address these concerns, need to combine
SAs to form a security association bundle
02/23/2009
20
Authentication plus Confidentiality

Which one first? Three approaches to
consider

ESP with Authentication Option



Transport Adjacency



Transport mode or tunnel mode
Authentication after encryption
A bundle of two transport SAs, with the inner being an
ESP SA and the outer being an AH SA
Authentication after encryption
Transport-Tunnel Bundle


02/23/2009
A bundle consisting of an inner AH transport SA and an
outer ESP tunnel SA
Authentication before encryption
21
Combining Security Associations
02/23/2009
22
Key Management


Handle key generation and distribution
Typically need 2 pairs of keys


Manual key management


2 per direction for AH & ESP
sysadmin manually configures every system
Automated key management


automated system for on demand creation of keys
for SA’s in large systems
Oakley and ISAKMP
02/23/2009
23
OAKLEY



A key exchange protocol
Based on Diffie-Hellman key exchange
Add features to address weaknesses of DiffieHellman




cookies to counter clogging attacks
nonces to counter replay attacks
key exchange authentication to counter man-inthe-middle attacks
Can use arithmetic in prime fields or elliptic
curve fields
02/23/2009
24
Usage of Cookies

Three basic requirements




Must depend on specific parties
Impossible for anyone other than issuing entity to
generate cookies that will be accepted by issuing
entity
Cookie generation and verification must be fast
To create a cookie, perform a fast hash over
src and dst IP addresses, src and dst ports,
and a locally generated secret value
02/23/2009
25
ISAKMP




Internet Security Association and Key
Management Protocol
Provide framework for key management
Define procedures and packet formats to
establish, negotiate, modify, and delete SAs
Independent of key exchange protocol,
encryption algorithm, and authentication
method
02/23/2009
26
ISAKMP Header
02/23/2009
27
ISAKMP Payload
02/23/2009
28
ISAKMP Exchange
02/23/2009
29
ISAKMP Exchange
02/23/2009
30
Next Class


Denial-of-Service (DoS) attack
Hop Integrity
02/23/2009
31