TIK COMPUTER NETWORKS IPSEC

Transcription

1 TIK COMPUTER NETWORKS IPSEC Pekka Nikander Professor / Chief Scientist / Ericsson Nomadic Lab 1 Pekka.Nikander@hut.fi / Pekka.Nikander@nomadiclab.com

2 Contents of this lecture 2 Overview Distributed Systems Security Quick introduction to crypto Environment Possible goals for an authentication protocol Architecture IPSEC ISAKMP PKI in General Trust relationships Summary

3 Overview 3 Basic TCP/IP lacks security Cryptography is the only means to secure connections in an unsecure network SSL and SSH provide security at application level Each application contains their own implementation of encryption SSH can also be used for tunneling IPSEC provides security within TCP/IP stack Three basic parts: IPSEC, ISAKMP/IKE, PKI

4 Distributed Systems Security 4 Attack Passive attack (e.g. eavesdropping) Active attack (e.g. masquerade) Confidentiality Message integrity Connection integrity Authentication of origin Authentication of integrity Access control, authorization Non-repudiation

5 Quick introduction to crypto Symmetric encryption: Alice, Bob, shared K AB K A + KA Public key encryption: Alice, key pair, 5 Digital signature (based on public key crypto) Cryptograpic hash functions HMAC Hashed Message Authentication Code protects integrity with a shared key Random number generator cryptographically strong RNG generation of keys and nonces

6 Environment Alice K + A K B K A Mallory K B +K A + Bob K + B K A K B Trent (KDC) 6 K A K B

7 Threats 7 Eavesdropping read confidential information, e.g., passwords Masquare as the initiating protocol party Introducing oneself with false identity Masquare while a protocol is running "Stealing" and identity Key security Make someone accept false key; reveal a key through cryptanalysis Man-in-the-middle -attack A combincation of these

8 Possible goals for an authentication protocol Peer identity authentication Creation and agreement on shared secret key Assurance on key holders Freshness of the newly created key Authentication of access control credentials Perferct forward security Back traffic protection 8

9 Architecture Host OS Trust and policy management Application protocols Authentication protocol(s) Certificate repository Session / connection level security Communication infrastructure Host OS 9

10 Architecture: The IPSEC case PKI Host OS Standard appl. protocols ISAKMP/IKE IPSEC X:509 directory Host OS TCP/IP infrastructure 10

11 IPSEC 11 Session Protection protocol Concept: Security Association (SA) SAs are created by ISAKMP/IKE Located between layers 3 and 4 IPv4 Between IP and TCP/UDP Optional IPv6 Part of the extension header architecture AH mandatory, ESP optional

12 IPSEC Two distinct modes of operation ("protocols") AH Authentication Header * AH provides integrity protection for all data in a packet, including the IP header ESP Encapusulated Security Payload * ESP provides integrity and optionally confidentiality protection for the payload 12 Client TCP/UDP IPSEC IP Security Gateway TCP/UDP IPSEC IP Server TCP/UDP IP

13 TLM labs IPSEC prototype Application process TCP / UDP IPSEC management process User space Kernel IP + ICMP IPSEC Control Driver Kernel level security mgmt 13 Ethernet driver AH driver ESP driver OS user driver

14 ISAKMP 14 Internet Security Association and Key Management Protocol Runs on the top of UDP Two phase negotiation: ISAKMP => Applic. Creates and maintains Security Associations A framework for exchanges; extensible Policy free Cryptoindependent IKE: Internet Key Exchange ISAKMP Application Establishes IPSEC SAs

15 PKI in General Public Key Infrastructure In practice: Certificates in Directory X.509: Identity and attribute certificates certificates Keys Person Name challenge ACL Operation 15 SPKI / Keynote: Authorization certificates certificates Person Keys Operation challenge

16 Trust relationships Authoritative agent Authoritative agent Requesting agent Target node Delegated agent Node admin agent 16

17 Summary 17 Cryptography the only means to achieve security Basic security goals: Confidentiality Integrity Availablility Layered architecture: PKI: X.509 (maybe SPKI in future) Authentication and key generation: ISAKMP/IKE Session Security: IPSEC