Protocol Security Where?

IPsec: AH and ESP 1

Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos Transport layer: (+): security mostly seamlessly e.g., TLS Network layer: (+) reduced key management, fewer application changes, fewer implementations, VPN; (- ): multiuser machines Data link layer: (+): speedl (-): hop-by-hop only 2

Documents 3

IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP Spoofing Payload could be changed without detection IP V4 has no confidentiality mechanism Eavesdropping Denial of Service Attacks Cannot hold the attacker accountable due to the lack of authentication IPsec Objectives IP layer security mechanisms for IP V4 and V6 Not all applications need to be security aware Can be transparent to users Provide authentication and confidentiality mechanisms IPsec AH (Authentication Header) and ESP (Encapsulating Security Payload) IP header extensions for carrying cryptographically protected data IKE (Internet Key Management) Authenticating and establishing a session key 4

IPsec Architecture 5

Security Associations (SA) SA is a cryptographically protected connection An association between a sender and a receiver Consists of a set of security related parameters One way relationship: unidirectional Determine IPSec processing for senders Determine IPSec decoding for destination SAs are not fixed! Generated and customized per traffic flows 6

Security Parameter Index (SPI) A bit string assigned to a SA Carried in the IPsec header The SPI allows the destination to select the correct SA under which the received packet will be processed (according to the agreement with the sender) SPI + Dest IP Address + IPsec Protocol (flag for whether it is AH or ESP) Uniquely identify each SA 7

Security Association Database (SAD) Holds parameters for each SA When transmitting to X, look up X in SAD SPI Up to 32 bits large Allow the destination to select the correct SA Key Algorithms Sequence number When receiving an IP packet, look up SPI in SAD 8

Security Policy Database (SPD) Which types of packets should be dropped? Which should be forwarded or accepted without IPsec protection? Which should be protected by IPsec? If protected, encrypted and/or integrity-protected? Index into SPD by Selector fields Dest IP, Source IP, Transport Protocol, IPSec Protocol, Source & Dest Ports, 9

Hosts & Gateways Hosts can implement IPSec to : Other hosts in transport or tunnel mode Gateways with tunnel mode Gateways to gateways - tunnel mode 10

Tunnel Mode Encrypted Tunnel Gateway Gateway A Unencrypted Encrypted Unencrypted B New IP Header AH or ESP Header Orig IP Header TCP Data 11

Tunnel Mode Outer IP header IPSec header Inner IP header Higher layer protocol Destination IPSec entity ESP AH Real IP destination ESP applies only to the tunneled packet AH can be applied to portions of the outer header 12

IPsec, tunnel mode, between firewall 13

Transport Mode IP header IP options IPSec header Higher layer protocol Real IP destination ESP AH ESP protects higher layer payload only AH can protect IP headers as well as higher layer payload 14

Outbound Processing IP Packet Outbound packet (on A) Is it for IPSec? If so, which policy entry to select? SPD (Policy) A SA Database B IPSec processing Determine the SA and its SPI SPI & IPSec Packet 15 Send to B

Inbound Processing Inbound packet (on B) A B From A SPI & Packet SA Database SPD (Policy) Use SPI to index the SAD Was packet properly secured? un-process Original IP Packet 16

NAT (Network Address Translation) What is it? With a NAT box, the computer on your internal network do not need global IPv4 addresses in order to connect to the Internet NAT box translates an internal IP The problem An IPsec tunnel cannot go through a NAT box because the NAT box wants to update the IP address inside the encrypted data and it does not have the key For transport mode, IP address is included in the computation of the TCP/UDP checksum 17

IP Header Protocol field: ESP=50, AH=51 18

AH (Authentication Header) Data integrity: Entire packet has not been tampered with Authentication: 1. Can trust IP address source;2. Use MAC to authenticate Anti-replay feature Integrity check value Immutable or predictable IP header fields: version, IH length, total length, identification, protocol, source, destination (source node => predictable) Upper-level data 19

AH in Transport Mode 20

AH in Tunnel Mode 21

Encapsulating Security Payload (ESP) 22

ESP 23

ESP 24