IPSEC: AH and ESP. Markus Hidell Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

Similar documents
Protocol Security Where?

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

IPsec Details 1 / 43. IPsec Details

Network Security Part II: Standards

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

CS 4803 Computer and Network Security

Lecture 17 - Network Security

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

21.4 Network Address Translation (NAT) NAT concept

Securing IP Networks with Implementation of IPv6

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 32 Internet Security

Chapter 10. Network Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

IP Security. Ola Flygt Växjö University, Sweden

Introduction to Security and PIX Firewall

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Chapter 5: Network Layer Security

Lecture 10: Communications Security

Introduction to Computer Security

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

IP SECURITY (IPSEC) PROTOCOLS

Network Security. Lecture 3

Introduction to Computer Security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Chapter 9. IP Secure

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Chapter 7 Transport-Level Security

IPSEC: IKE. Markus Hidell Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Laboratory Exercises V: IP Security Protocol (IPSec)

Lecture 5.1: IPsec Basics

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

CS 494/594 Computer and Network Security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Security vulnerabilities in the Internet and possible solutions

Virtual Private Networks

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Computer and Network Security

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Cryptography and network security CNET4523

Secure Sockets Layer

ETSF10 Part 3 Lect 2

Chapter 17. Transport-Level Security

Internet Security Architecture

Internet Protocol: IP packet headers. vendredi 18 octobre 13

IPv6 Security: How is the Client Secured?

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Internet Protocol Security IPSec

MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration

Protocol Rollback and Network Security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Network Working Group Request for Comments: Category: Standards Track December Security Architecture for the Internet Protocol

Overview. Protocols. VPN and Firewalls

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Computer and Network Security Exercise no. 4

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Insecure network services

High Performance VPN Solutions Over Satellite Networks

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

CCNA Security 1.1 Instructional Resource

Computer Networks. Secure Systems

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Branch Office VPN Tunnels and Mobile VPN

Network Security Essentials Chapter 5

Internetwork Security

Application Note: Onsight Device VPN Configuration V1.1

IPSec and SSL Virtual Private Networks

IPsec VPN Application Guide REV:

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Virtual Private Networks

Comparison of VPN Protocols IPSec, PPTP, and L2TP

TLS and SRTP for Skype Connect. Technical Datasheet

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT


CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Network Security Protocols

Security issues with Mobile IP

Introduction to Internet Security

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Virtual Private Networks: IPSec vs. SSL

Security Architecture for IP (IPsec)

Solution of Exercise Sheet 5

Cornerstones of Security

3GPP TSG SA WG3 Security S Meeting S3#16 Sophia Antipolis, November, Abstract

Chapter 49 IP Security (IPsec)

Transcription:

IPSEC: AH and ESP Markus Hidell mahidell@kth.se Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers 1

Kaufman, chapter 16-17 Reading 2

TCP/IP Example 3

IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service Many solutions are application-specific TLS for Web, S/MIME for email, SSH for remote login IPsec aims to provide a framework of open standards for secure communications over IP Protect every protocol running on top of IPv4 and IPv6 4

Operating system layers App. TCP IP L2 L1 User process Socket API OS kernel Device driver Interface specific SSL (Secure Socket Layer) changes the API to TCP/IP Applications change, but OS doesn t IPSec implemented in OS Applications and API remain unchanged (at least in theory) To make full use of IPSec, API and apps have to change! and accordingly also the applications

Authenticated Keying Overview of IPsec Internet Key Exchange (IKE) Next lecture Data Encapsulation ESP: IP Encapsulating Security Payload (RFC 4303) AH: IP Authentication Header (RFC 4302) Security Architecture (RFC 4301) Tunnel/transport Mode Databases (Security Association, Policy, Peer Authorization) 6

IPsec: Network Layer Security IPsec = AH + ESP + IKE Protection for IP traffic AH provides integrity and origin authentication ESP also confidentiality Sets up keys and algorithms for AH and ESP AH and ESP rely on an existing security association Idea: parties must share a set of secret keys and agree on each other s IP addresses and crypto algorithms Internet Key Exchange (IKE) Goal: establish security association for AH and ESP If IKE is broken, AH and ESP provide no protection! 7

IPsec Security Services Authentication and integrity for packet sources Ensures connectionless integrity (for a single packet) and partial sequence integrity (prevent packet replay) Confidentiality (encapsulation) for packet contents Authentication and encapsulation can be used separately or together Either provided in one of two modes Transport mode Tunnel mode 8

Transport mode IPsec Modes Used to deliver services from host to host or from host to gateway Usually within the same network, but can also be end-to-end across networks Tunnel mode Used to deliver services from gateway to gateway or from host to gateway Usually gateways owned by the same organization With an insecure network in the middle 9

IPsec in Transport Mode End-to-end security between two hosts Typically, client to gateway (e.g., PC to remote host) Requires IPsec support at each host 10

IPsec in Tunnel Mode Gateway-to-gateway security Internal traffic behind gateways not protected Typical application: virtual private network (VPN) Only requires IPsec support at gateways 11

Tunnel Mode Illustration Implements IPsec Implements IPsec IPsec protects communication on the insecure part of the network 12

Transport Mode vs Tunnel Mode Transport mode secures packet payload and leaves IP header unchanged IP header (real dest) IPSec header TCP/UDP header + data Tunnel mode encapsulates both IP header and payload into IPsec packets IP header (gateway) IPSec header IP header (real dest) TCP/UDP header + data 13

Security Association (SA) One-way sender-recipient relationship Manually configured or negotiated through IKE SA determines how packets are processed Cryptographic algorithms, keys, AH/ESP, lifetimes, sequence numbers, mode (transport or tunnel) read Kaufman! SA is uniquely identified by {SPI, dst IP addr, flag} SPI: Security Parameter Index Chosen be destination (unless traffic is multicast...) Flag: ESP or AH Each IPsec implementation keeps a database of SAs SPI is sent with packet, tells recipient which SA to use 14

Sending and Receiving IPsec Packets When Alice is sending to Bob: Consult security policy database (SPD) to check if packet should protected with IPsec or not ( selector fields) SPD provides pointer to the associated SA entry in the security association database (SAD) SA provides SPI, algorithm, key, sequence number, etc. Include the SPI in the message When Bob receives a message: Lookup the SA based on the destination address and SPI (In a multicast message the address is not Bob's own) Find algorithm, key, sequence number, etc. After decrypting message, verify that packet matches selector in the policy database (SPD) 15

AH Encapsulation Formats Authentication Header Only provides integrity ESP Encapsulating Security Payload Provides integrity and/or privacy AH in transport mode Original IP header AH TCP header Data 16

RFC 4302 AH: Authentication Header Sender authentication Integrity for packet contents and IP header Sender and receiver must share a secret key This key is used in HMAC computation The key is set up by IKE key establishment protocol and recorded in the Security Association (SA) AHv2, RFC 4302 Let authentication header implement IP integrity by holding a hash of a shared secret and the content of an IP packet 17

AH and IP Header Mutable fields may change Service type Fragm. offset TTL Header checksum Predictable fields may change in a predictable way Dst address (source routing) Immutable fields will not change the rest... Mutable fields can t be included in the AH s end-to-end integrity check 18

Authentication Header Format Provides integrity and origin authentication Authenticates portions of the IP header Anti-replay service (to counter denial of service) No confidentiality Next header (TCP) Payload length Reserved Security parameters index (SPI) Sequence number Identifies security association (shared keys and algorithms) Anti-replay ICV: Integrity Check Value (HMAC of IP header, AH, TCP payload) Authenticates source, verifies integrity of payload 19

ESP: Encapsulating Security Payload RFC 4303 Adds new header and trailer fields to packet Transport mode Confidentiality of packet between two hosts Complete hole through firewalls Used sparingly Tunnel mode Confidentiality of packet between two gateways or a host and a gateway Implements VPN tunnels 20

ESP Security Guarantees Confidentiality and integrity for packet payload Symmetric cipher negotiated as part of security assoc Optionally provides authentication (similar to AH) Can work in transport Encrypted (inner) Original IP header ESP header TCP/UDP segment ESP trailer ESP auth or tunnel mode Authenticated (outer) New IP header Original IP ESP header TCP/UDP segment ESP trailer ESP auth header 21

ESP Packet Identifies security association (shared keys and algorithms) Anti-replay TCP segment (transport mode) or entire IP packet (tunnel mode) Pad to block size for cipher, also hide actual payload length Type of payload HMAC-based Integrity Check Value (similar to AH) 22

Virtual Private Networks (VPN) ESP is often used to implement a VPN Packets go from internal network to a gateway with TCP/IP headers for address in another network Entire packet hidden by encryption Including original headers so destination addresses are hidden Receiving gateway decrypts packet and forwards original IP packet to receiving address in the network that it protects This is known as a VPN tunnel Secure communication between parts of the same organization over public Internet 23

Use Cases Summary Host-Host Transport mode (Or tunnel mode) Gateway-Gateway Tunnel mode Host-Gateway Tunnel mode H Secure connection H (host-host) H Secure tunnel (gw-gw) GW GW H H Secure tunnel (host-gw) GW H

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information