Neils Ferguson and Bruce Schneier presented by Rajdeep R Larha

Similar documents
IPsec Details 1 / 43. IPsec Details

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

CSE/EE 461 Lecture 23

Protocol Security Where?

Securing IP Networks with Implementation of IPv6

IP Security. Ola Flygt Växjö University, Sweden

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Introduction to Security and PIX Firewall

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chapter 10. Network Security

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

IT Networks & Security CERT Luncheon Series: Cryptography

Network Security Part II: Standards

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Lecture 9 - Network Security TDTS (ht1)

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

Chapter 7 Transport-Level Security

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Secure Sockets Layer

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Chapter 8. Network Security

Internet Security Architecture

Security vulnerabilities in the Internet and possible solutions

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Internetwork Security

Transport Level Security

Network Security. Lecture 3

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Internet Protocol Security IPSec

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

Lecture 17 - Network Security

Computer and Network Security

Client Server Registration Protocol

21.4 Network Address Translation (NAT) NAT concept

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

CSCI 454/554 Computer and Network Security. Final Exam Review

NETWORK ADMINISTRATION AND SECURITY

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Cryptography and network security CNET4523

Chapter 17. Transport-Level Security

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Chapter 5: Network Layer Security

Chapter 7: Network security

Wireless Networks. Welcome to Wireless

Netzwerksicherheit: Anwendungen

EXAM questions for the course TTM Information Security May Part 1

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Bit Chat: A Peer-to-Peer Instant Messenger

How To Protect Your Data From Attack

Network Security. HIT Shimrit Tzur-David

Communication Security for Applications

Web Security Considerations

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Overview. SSL Cryptography Overview CHAPTER 1

As enterprises conduct more and more

SECURITY IN NETWORKS

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

IPSEC: IKE. Markus Hidell Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

CCNA Security 1.1 Instructional Resource

Transport Layer Security Protocols

Implementing and Managing Security for Network Communications

Network Security Fundamentals

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Security issues with Mobile IP

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Network Security. Outline of the Tutorial

Network Security Technology Network Management

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Telematics Chapter 11: Network Security Beispielbild User watching video clip

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD

CS 494/594 Computer and Network Security

Chapter 6 CDMA/802.11i

Application Note: Onsight Device VPN Configuration V1.1

Security in Computer Networks

CS 758: Cryptography / Network Security

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration

The Secure Sockets Layer (SSL)

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

SSL A discussion of the Secure Socket Layer

Transcription:

A Cryptographic Evaluation of IPsec. Neils Ferguson and Bruce Schneier presented by Rajdeep R Larha

About the Authors! Niels Ferguson:- Presently, an independent cryptography consultant, working at Amsterdam, The Netherlands. Cracked the HDCP system developed by INTEL. Censorship in action: Silenced by the DMCA.! Bruce Schneier:- Founder and CTO of Counterpane Internet Security Inc. Author of six books for Cryptography and Security.

Cryptographic Algorithms (Basics) A Crypto Algorithm is a procedure that takes the plain text data and transforms it into ciphertext in a reversible way. A Cryptographic Key is a special type of data that directs the crypto device to encrypt the message in a distinctive way.

Basics continued.. Three Types of Cryptographic Algorithms:-! Secret Key Algorithm:- Both participants share a single key.! Public Key Algorithm:- Each participant have a private key which is not shared and a public key which is published to all.! Hashing Algorithms (Message Digest):- A large message is mapped into a fixed-length number.

Basics continued.. Secret Key Encryption (Symmetric) Same key is used to encrypt and decrypt the message. e.g. Data Encryption Standard (DES).

DES! Encrypts a 64 bit plaintext with 64 bit Key.! The 64 bits in the message block are permuted.! Sixteen rounds of identical operation are applied to the resulting data and the key.! The inverse of original permutation is applied to the result.! The following rules are applied during each round i L i = R i-1 R i = L i-1 XOR F(Ri-1,Ki)

DES

DES Manipulation done at each round in DES.

DES Detailed Single iteration in DES.

DES To encrypt message over 64 bit size, Cipher Block Chaining is used. IV is the Initialization Vector used for the nonexistent ciphertext for block 0.

DES! To break DES it requires to search exhaustively for 2 56 keys, which is not difficult as with the speed of processors available now and the task of searching a key space is highly parallel.! No satisfactory reason for using initial permutation and final permutation (Confusion and Diffusion).! Triple DES:- is more effective as it uses 2 keys and on each side three instances of DES is used. The effective key length is 112 bits.

RSA (Ravist,Shamir, and Aldeman) Public Key Encryption (Asymmetric) Uses two keys (Pubic and Private). Grounded in Number Theory, requires enormous computation power. The key length is 512 bits.

Message Digest version 5 (MD5)! It computes the cryptographic checksum over the message.! It is not computationally feasible to find two messages that hash to the same cryptographic checksum. i.e. H(m1) H(m2)! The message is padded so that its length is congruent to 448 mod 512 as the last 64 bit are used in the message to represent the length in bits of the original message (before padding). This allows messages of length up to 2 64 bits.

MD5 Overview of Message Digest operation

MD5! It transforms the 512 bits of message at a time with the 128 bit digest and outputs the a new 128 bit digest. Then this new digest is the input to the next 512 bit chunk in the message! Possible number of outputs are 2 128,these outputs should be randomly distributed, as it requires to compute the digest of about 2 64 to find that the two are same. (Birthday Attack Problem)

Active Attacks: Security Threats! Replay Attack:- Involves the passive capture of data unit and its subsequent retransmission to produce an unauthorized effect.! Denial of service (DOS) Attack:- Disruption of the entire network by disabling the network or by overloading the network by flooding messages to degrade the performance (SYN-Attack in TCP). Can be protected through firewalls.

KEYS Two Types are keys are identified:-! Session key:- When the two end systems wish to communicate, they establishes a logical connection. For the duration of that logical connection, all user data are encrypted with a one-time session key. It is destroyed at the end of session.! Permanent key:- A permanent key is used between entities for the purpose of distributing session keys.

Authentication Protocol The three common protocols for implementing authentication are:-! Simple Three-Way Handshake.! Trusted Third Party (Used in Kerberos).! Public Key Authentication.

Simple Three-Way Handshake! The client sends encrypted random number E (x, CHK) along with its ClientId.! The server uses the same key as SHK corresponding to that client. It decrypts that random number and adds 1 to it and send back to the client after encrypting it. It also send another random number y to the client.! The client authenticate the server and sends y after adding one to it, after receiving the message the server also authenticate the client and sends a session key to the client which is encrypted using SHK.

Simple Three-Way Handshake Three-way handshake protocol for authentication.

IPSec IPSec has two modes of operation:! Transport Mode: Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. It is more efficient and the end points are obvious.! Tunnel Mode: is the way Mobile-IP works or the VPN are constructed. It is less efficient but hides the network behind the security gateways. the traffic of the several networks can be concealed in one tunnel making traffic analysis difficult. It encrypts both the data and the header.

Tunnel Mode IPSec implemented between security gateways.

Transport Mode IPSec implementation in end-to-end communication scheme

IPsec: Protocols Types IPSec consists of 2 pieces 1) Protocols:! Authentication Header (AH):- Provides access control, connectionless message integrity, authentication, and antireplay protection.! Encapsulating Security Payload (ESP):- Provides all the above services plus confidentiality (Encryption). 2) Key Management:! ISAKMP: defines procedures and packet formats to establish, negotiate, modify and delete security associations. Security Association (SA): An SA is a simplex (one-way) connection that is protected by one or more available security services.

Authentication Header (AH)! AH provides authentication of the payload and also of the packet header.! It also provides protection against replay attack.! NextHdr field identifies the type of the next payload.! Payload Length field specifies the length of AH in 32 bit words.! SPI uniquely identifies the SA in combination with the destination IP address.! SeqNum field contains a monotonically increasing counter to provide anti-replay service.! A session is expired after 2 32 packets are transmitted. AH format

Encapsulating Security Payload (ESP)! ESP provides authentication and encryption of the payload ESP header format

ESP! SPI, SeqNum provides the same function as in AH.! PaylaodData contains the data described by the NextHdr field.! Padding is required as the encryption algorithm requires the plaintext to be multiple of some number or bytes.! Authentication Data contains the Message Integrity code (MIC) for this packet.

Transport Mode AH! AH is stronger in this mode as it also authenticates the IP header fields. Transport Mode AH using IPv4 and IPv6.

Transport Mode ESP Transport Mode ESP using IPv4 and IPv6. ESP trailer is used for adding the padding and the NextHdr fields.esp Authentication is used when authentication is carried by ESP

Tunnel Mode AH In tunnel mode the payload includes the original IP header.

Tunnel Mode ESP Tunnel mode ESP using IPv4 and IPv6

Encryption before/after Authentication. Advantage of applying Authentication before Encryption Since AH is protected by ESP it is impossible for anyone to intercept the messages and alter the AH without detection. If it is required to store the Authentication Information is it beneficial as the authentication information applies to the plaintext message and not cipher-text message

Internet Security Association and Key Management Protocol (ISAKMP)! It s role is to define the procedures and packet formats to establish, negotiate, modify, and delete security associations.! It defines packet formats for exchanging key (IKE) generation and authentication data.! It does not specify any specific protocol but provides building blocks for various Domains of Interpretations and Key-Exchange protocols.

ISAKMP ISAKMP Header Format

ISAKMP Generic Payload Header. The initiator cookie field is cookie that initiated the SA process. The responder cookie field contains the cookie of the responding identity. A "cookie" or anti-clogging token (ACT) is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine its authenticity. An exchange prior to CPU-intensive public key operations can thwart some denial of service attempts (e.g. simple flooding with bogus IP source addresses).

ISAKMP! The major and minor version fields indicates the corresponding version of the ISAKMP in use.! The conventional Payloads are:- Security Association (SA), Proposal (P), Transform (T), Key Exchange (KE), Identification (ID), Certificate (CERT), Certificate Request (CR), Hash (HASH), Signature (SIG), Nonce (NONCE), Notification (N), Delete (D).! There are five types of exchanges Base, Identity Protection, Authentication Only, Aggressive and Informational.

ISAKMP

ISAKMP! DOI:- Domain of Interpretation: A Domain of Interpretation (DOI) defines payload formats, exchange types, and conventions for naming security-relevant information such as security policies or cryptographic algorithms and modes.! A Domain of Interpretation (DOI) identifier is used to interpret the payloads of ISAKMP payloads. A system SHOULD support multiple Domains of Interpretation simultaneously.

IPSec Overview.

From the Authors! Lesson 1: Cryptographic protocols Should not be developed by a committee. Benefit is shown by the development of AES.! Security systems should be simple to test through security reviews.the difficulty of performing security evaluations also increases with increasing complexity.! Lesson 2:The documentation of a system should include introductory material, an overview for first time readers, states goals, rationale, etc.

From the Authors! Lesson 3: Authenticate not just the message, but everything that is used to determine the meaning of the message.! Lesson 4: The properties required of each of the primitive functions used in the system should be clearly documented.

From the Authors Recommendation 1: Eliminate Transport mode. Recommendation 2: Eliminate the AH protocol. Recommendation 3: Modify ESP to always provide authentication; only encryption should be optional. Recommendation 4: Modify the ESP protocol to ensure that it authenticates all data used in the deciphering of the payload. Recommendation 5: Encryption Algorithm that have large classes of weak keys that introduce security weakness should simply not be used.

From the Authors! Recommendation 6: Fix the derivation formulas for SKEYID and associated values.! Recommendation 7: Fix the definition of HASH values so that it provides proper authentication.! Recommendation 8: Change the KETMAT derivation in phase 2 to avoid generating the same keys for the two negotiated SA s

Conclusion! IPSec is too complex, and this leads to large numbers of ambiguities, contradictions and weakness.! IPSec in its current form is not 100% secure.! It is either required to decrease the complexity of IPSec and improving the modularization or another alternative is required.

THANK YOU

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information