IPsec: AH and ESP. IPsec: AH and ESP

Transcription

1 CS 472 Computer and Network Security Mo Almalag Old Dominion University Spring /23/2013 IPsec: AH and ESP IPsec: AH and ESP Background TCP/IP IP Packet Formation IP security issues What is IPsec? Why we need IPsec? Two Modes Transport mode Tunnel mode Security Association (SA) Tow Security Protocols AH ESP 1

2 Background TCP/IP example Background IP Packet Formation 2

3 IP Security Issues When an entity receives an IP packet, it has no assurance of: Data origin authentication / data integrity: The packet has actually been send by the entity which is referenced by the source address of the packet The packet contains the original content the sender placed into it, so that it has not been modified during transport The receiving entity is in fact the entity to which the sender wanted to send the packet Confidentiality: The original data was not inspected by a third party while the packet was sent from the sender to the receiver What is IPsec? IETF standard for real-time communication security Implemented at IP layer, all traffic can be secured no matter what application Transparent to applications, no changes on upper-layer software Transparent to end users, no need to train users on security mechanisms, issuing keying material on a per-user basis, or revoking keying material when users leave 3

4 Why we need IPsec? Security at above two layers may not be enough in some cases: 1. Not all client/server programs are protected at the application layer For example, S/MIME protect only 2. Not all client/server programs at the application layer use the service of TCP to protected by SSL or TLS Some programs use the service of UDP 3. Many applications, such as routing protocols, directly use the service of IP They need security service at the IP layer IPsec Modes Two modes of applying IPsec protection to a packet: 1. Transport mode Used to deliver services from host to host or from host to gateway Usually within the same network 2. Tunnel mode Used to deliver services from gateway to gateway or from host to gateway Usually gateways owned by the same organization With an insecure network in the middle 4

5 IPsec in Transport Modes End-to-end security between two hosts Typically, client to gateway (e.g., PC to remote host) Requires IPsec support at each host IPsec packet in transport mode: IP header Rest of packet IP header IPsec Rest of packet IPsec in Transport Modes (Cont d) Transport mode in action: 5

6 IPsec in Tunnel Modes Gateway-to-gateway security Internal traffic behind gateways not protected Typical application: virtual private network (VPN) Only requires IPsec support at gateways IPsec packet in tunnel mode: IP header Rest of packet New IP header IPsec IP header Rest of packet IPsec in Tunnel Modes Tunnel mode in action: 6

7 Transport Mode vs. Tunnel Mode Transport mode: Secures packet payload and leaves IP header unchanged IPsec layer comes between the transport layer and the network layer Tunnel mode: Encapsulates both IP header and payload into IPsec packets The flow is from network layer to the IPsec layer and then back to the network layer Transport Mode vs. Tunnel Mode IPsec (transport mode) IPsec (tunnel mode) 7

8 Security Association (SA) SA is a cryptographically protected connection One-way sender-recipient relationship SA determines how packets are processed Cryptographic algorithms, keys, IVs, lifetimes, sequence numbers, mode (transport or tunnel) SA is identified by SPI (Security Parameters Index) Each IPsec keeps a database of SAs SPI is sent with packet, tells recipient which SA to use SA is defined by the triple <SPI, destination address, flag for whether it s AH or ESP> SA Components Each IPsec connection is viewed as one-way so two SAs required for a two-way conversation Hence need for Security Parameter Index Security association (SA) defines Protocol used (AH, ESP) Mode (transport, tunnel) Encryption or hashing algorithm to be used Negotiated keys and key lifetimes Lifetime of this SA plus other info 8

9 Tow Security Protocols IPsec defines two security protocols: 1. AH: Authentication Header 2. ESP: Encapsulating Security Payload AH: Authentication Header Sender authentication Integrity for packet contents and IP header Sender and receiver must share a secret key This key is used in HMAC computation The key is set up by IKE key establishment protocol and recorded in the Security Association (SA) SA also records protocol being used (AH) and mode (transport or tunnel) plus hashing algorithm used MD5 or SHA-1 supported as hashing algorithms 9

10 AH: Authentication Header AH in transport mode: IP header AH Rest of packet Next header (TCP) Payload length Reserved Security parameters index (SPI) Sequence number Identifies security association (shared keys and algorithms) Anti-replay Authentication data (digest) (HMAC of IP header, AH, TCP payload) Authenticates source, verifies integrity of payload Prevention of Replay Attacks When SA is established, sender initializes 32-bit counter to 0, increments by 1 for each packet If wraps around , new SA must be established Recipient maintains a sliding 64-bit window If a packet with high sequence number is received, do not advance window until packet is authenticated 10

11 AH: Authentication Header AH in tunnel mode: New IP header AH IP header Rest of packet Next header (TCP) Payload length Reserved Security parameters index (SPI) Sequence number Authentication data (digest) (HMAC of IP header, AH, TCP payload) ESP: Encapsulating Security Payload Adds new header and trailer fields to packet Transport mode Confidentiality of packet between two hosts Tunnel mode Confidentiality of packet between two gateways or a host and a gateway Implements VPN tunnels 11

12 ESP: Encapsulating Security Payload Transport mode encrypted Original IP header ESP header TCP/UDP segment ESP trailer ESP auth authenticated Tunnel mode encrypted New IP header Original IP ESP header TCP/UDP segment ESP trailer ESP auth header authenticated ESP: Encapsulating Security Payload ESP Packet: Identifies security association (shared keys and algorithms) Anti-replay TCP segment (transport mode) or entire IP packet (tunnel mode) Pad to block size for cipher, also hide actual payload length Type of payload HMAC-based Integrity Check Value (similar to AH) 12

13 AH vs. ESP The AH protocol provides source authentication and data integrity ESP provides source authentication, data integrity, and privacy So, do need AH? AH designed before ESP Routers and firewalls cannot look at anything above layer 3 ESP Together With AH AH and ESP are often combined End-to-end AH in transport mode Authenticate packet sources Gateway-to-gateway ESP in tunnel mode Hide packet contents and addresses on the insecure part of the network 13