Post on 29-Dec-2015
1
Mehrdad Nourani
Data & Network SecurityData & Network Security
2
IP Security
Session 17Session 17
3
Review of TCP/IP Model and Features
4
Why TCP/IP Is Preferred?
• Originated in ARPA protocol• Simplified protocol stack• Funded by the US government in early
years• Supported in Berkeley Unix (a free OS)• Higher speed, lower price and more
availability
5
Some of Protocols in TCP/IP Suite
6
Who Standardizes TCP/IP?
• The Internet Society—Has both organizational and individual members—Gets technical advice from the Internet Architecture
Board (IAB )—The IAB standardizes the protocols used on the
Internet– Specification documents are called Requests for Comments
(RFCs).– IAB oversees the Internet Engineering Task Force (IETF )
+ Goal: Standardization as a part of implementation+ Working documents are called Internet Drafts+ Divided into working groups focused on specific standards
7
Who Standardizes TCP/IP? (cont.)
• Overall responsibility for names and IP addresses: ICANN
• IP addresses: American Registry for Internet Numbers (ARIN)
• Domain names: Network Solutions, Inc. and many other registrars
• Numerical parameters: Internet Assigned Numbers Authority (IANA)
8
Internetworking (When One is not Enough)
• Why not have a single physical network for the entire planet?—Requires centralized coordination—Difficult to integrate heterogeneous networks—Growth by scaling difficult (impossible?)
• Alternative: Interconnected networks that look like a single network
9
Internetworking: Layer by Layer• Layer 1 internetworking: Goal is to connect two
similar physical networks so that they function as one—Typical internetworking device: Repeating hub
• Layer 2 internetworking: Connect two (possibly dissimilar) physical networks so that traffic flows from one to the other only if necessary—Typical internetworking devices: Bridge, Layer 2 switch
• Layer 3 internetworking: Goal is to connect diverse networks so that layers above the network layer see only a single large network—Typical internetworking devices: Router , Layer3 switch
• Layer 4 internetworking: Filter applications and network addresses to limit access—Typical internetworking device: Firewall
10
Internetworking in the OSI Model
11
Internetworking Modes
There are two basic modes of internetworking at a particular protocol layer:
• 1. Protocol Translation:—The Protocol Data Units (PDUs) of network A
are replaced with network B PDUs—Example: A bridge (Layer 2 internetworking
device) between an Ethernet LAN and a token-ring LAN removes the Ethernet framing and encapsulates the contents of each Ethernet frame in token-ring frames
—Problems arise when networks A and B offer dissimilar services
12
Internetworking Modes (cont.)
• 2. Protocol Encapsulation :—At an edge node between two dissimilar networks,
A and B, the network-layer protocol data units (PDUs) of network A are encapsulated in PDUs of network B
—Encapsulation nearly always works, so it is the IETF’s usual approach for implementing IP in a non-IP network
—Example: IP over ATM—Disadvantage: Large overhead
13
The Internet Protocol (IP)• The vision: A virtual network, This is as important
as virtual memory and networked (i.e., virtual) file systems
• Modern memory and file systems present the same user interface, regardless of:—The physical location of the data—The technology used to access the data
• Design goal for a virtual network:—Make hosts on other physical networks look and feel as
if they were on the same physical network as your computer
—The world’s most important data network protocol
• If your network speaks IP, you can talk to networks anywhere
14
Main Features of IP• IP (Internet Protocol)• Layer 3 (network)
—End-to-end encapsulation thus, hardware details are hidden
—Datagrams do not have to be explicitly routed—Routing is performed hop-by-hop for each
datagram, not end-to-end over a path set up in advance
• Transparent, connectionless, unreliable datagram transport
• No flow control
15
Main Features of TCP• TCP (the Transmission Control Protocol ):• Layer 4 (transport) thus, Hides network details• Transparent, connection-oriented, reliable
stream transport• Flow and congestion control
—Sequence numbers and sliding windows
• Insensitive to details of routing
16
TCP and UDP• TCP (Transmission
Control Protocol) : —connection-oriented—Reliable packet
delivery in sequence
• UDP (User Datagram Protocol ):— connectionless
(datagram)—Unreliable packet
delivery—Packets may arrive out
of sequence or duplicated
17
TCP/UDP Standard• TCP
—RFC 793, RFC 1122—Outgoing data is logically a stream of octets from user—Stream broken into blocks of data, or segments—TCP accumulates octets from user until segment is large enough,
or data marked with PUSH flag—Data marked with URGENT flag causes user to be signaled—Similarly, incoming data is a stream of octets presented to user—Data marked with PUSH flag triggers delivery of data to user,
otherwise TCP decides when to deliver data
• UDP—RFC 768—Connectionless, unreliable, Less overhead—Simply adds port addressing to IP—Checksum is optional
18
Fragmentation and Reassembly• Networks may have
different maximum packet size
• Router may need to fragment datagrams before sending to next network
• Fragments may need further fragmenting in later networks
• Reassembly done only at final destination since fragments may take different routes
19
Encapsulation in TCP/IP
20
A Decoded Ethernet Frame
21
Role of IP
• IP provides functionality for interconnecting end systems across multiple networks.
• IP should be implemented in each end systems and routers in between
• Higher level data at a source are encapsulated in an IP data unit (PDU) for transmission—E.g. in TCP/IP, the source IP layer attaches a
header that specifies destination global address. If destination is in another subnetwork, in the router the IP hands its data to LLC (Logical Link Control) and later to MAC (Medium Access Control) layer that can be forwarded to the next router.
22
Configuration of TCP/IP
23
IP Headers
24
IPv6 Packet with Extension Headers
25
Routing: What Makes Internet Possible• Routers are specialized computers that forward
datagrams• Each network connected to the router
communicates through a dedicated physical or logical network interface
• Many types exist:—Store and forward (e.g., general-purpose
computer)—Routing switch (ASIC forwarding engines, switch
fabric)
26
What Makes Routing Successful• 1. The Robustness:
— Principle (quoted from RFC 1123): At every layer of the protocols, there is a general rule whose application can lead to enormous benefits in robustness and interoperability:
Be liberal in what you accept, and conservative in what you send
27
What Makes Routing Successful• 2. Scalability:
—A system that is designed to support growth to an arbitrarily large size without degradation of the services that it offers is called scalable
—For a network, “size ”=number of hosts or users—The Internet Protocol (v4) has allowed the
construction of a global, heterogeneous network of moderately large size by distributing the control
—The challenge for future protocols, systems and applications is to provide for scalability of the global Internet to a much larger size than it has at present
28
TCP/IP Operation
29
Operation of TCP/IP
30
Operation of TCP/IP (cont.)
31
Operation of TCP/IP: At Sender Side
32
Operation of TCP/IP: At Router
33
Operation of TCP/IP: At Receiver
34
Packet Switch (Datagram Approach)• Data transmitted in short
blocks, or packets• Packet length < 1000
octets• Each packet contains user
data plus control info (routing)
• Store and forward• Advantages:
—flexibility, resource sharing, robust, responsive
• Disadvantages:—Time delays in distributed
network, overhead penalties
—Need for routing and congestion control
35
Packet Switch (Virtual Circuit Approach)• Frame relay and ATM
are variants of packet-switching
• Datagram—Each packet sent
independently of the others
—No call setup—More reliable (can route
around failed nodes or congestion)
• Virtual circuit—Fixed route established
before any packets sent—No need for routing
decision for each packet at each node
36
IP Security Overview
37
IP Security
• Internet community has considered some application specific security mechanisms, e.g.—Electronic Mail (S/MIME, PGP)—Client-Server communication (Kerberos)—Web Access (Secure Socket Layer SSL/HTTPS)—…
• however there are security concerns that cut across protocol layers, e.g.— IP spoofing: intruders create packets with false IP
address and exploit applications that use authentication based on IP
—Packet sniffing: attackers read transmitted information including logon information and database contents
• would like security implemented by the network for all applications
38
IPSec
• general IP Security mechanisms• provides
—authentication—confidentiality—key management
• applicable to use over LANs, across public & private WANs, & for the Internet. Examples:—Secure branch office connectivity over the
Internet—Secure remote access over the Internet—Establishing Extranet/Intranet connectivity with
partners—Enhancing electronic commerce security
39
IPSec Principal Features
• encrypts and/or authenticate all traffic at the IP level. Thus all distributed applications will benefit, such as —logon, client-server, email, file transfer, web access
• is implemented in a firewall or router and provides strong security that can be applied to all traffic crossing the perimeter.
• when implemented in a firewall is resistant to bypass if all traffic from the outside must use IP.
• In routing applications, IPSec ensures that a router advertisement comes from a legitimate router and a routing update (or a redirect message) is not forged.
40
IPSec Uses
Individual security (when needed)
41
Benefits of IPSec
• in a firewall/router provides strong security to all traffic crossing the perimeter
• Typically, IPSec:— encrypt/compress data going into WAN— decrypt/decompress traffic coming from WAN
• is resistant to bypass (affects all traffic with no exception)
• is below transport layer (TCP, UDP), hence transparent to applications (e.g. servers and workstations in LAN)
• can be transparent to end users• can provide security for individual users if desired• can be also used in routing applications to make
sure that a new router is authorized in the neighborhood.
42
IP Security Architecture
• specification has become quite complex• defined in numerous RFC’s
—including RFC 2401/2402/2406/2408—many others, grouped by category
• mandatory in IPv6, optional in IPv4—Security features are implemented as
extension headers that follow the main IP header
43
IPSec Services• Access control• Connectionless integrity• Data origin authentication• Rejection of replayed packets
—a form of partial sequence integrity
• Confidentiality (encryption)• Limited traffic flow confidentiality
Authentication Header Protocol
Encapsulating Security Payload Protocol
44
Security Associations (SA)• SA is a one-way relationship between sender &
receiver that affords security services to the traffic carried on it
• defined by 3 parameters:1. Security Parameters Index (SPI) (carried in SA/ESP headers)2. IP Destination Address (endpoint of the SA)3. Security Protocol Identifier (says if SA is an AH or ESP)— The IP destination address is in IPv4/IPv6 header and SPI in
the enclosed extension header (AH or ESP)
• SA has a number of other parameters (see book)— sequence number, sequence counter overflow, Anti-replay
window, AH info, ESP info, lifetime, protocol mode, etc.— Through these parameters, authentication and privacy are
specified independent of specific key-management mechanism.
• have a database of Security Associations (see details of Security Policy Database (SPD) in the textbook).
45
Transport and Tunnel Modes• Transport Mode:
— Used for end-to-end communications (e.g. two workstations or a client and a server)
— ESP encrypts and optionally authenticate the IP payload but not the IP header
— AH authenticate the IP payload and selected portions of the IP header
• Tunnel Mode:— Used when one or both ends of communication is a
security gateway such as a firewall or a router that implements IPSec.
— The entire original (inner) packet travels through “tunnel” and no router along the way is able to examine the inner IP header
— After AH and ESP fields are added to IP packet, the entire packet plus security fields is treated as the payload of new “outer” IP packet with a new outer IP header.
46
Transport and Tunnel Modes (cont.)
47
Transport & Tunnel Modes
Uses Tunnel mode, e.g.• to access the entire
internal network or • because the requested
server does not support the authentication feature.
Uses Transport mode, e.g.• Workstation and server
share a protected secret key
48
Authentication Header (AH)
• provides support for data integrity & authentication of IP packets—end system/router can authenticate
user/application—prevents address spoofing attacks by tracking
sequence numbers (spoofing is the creation of TCP/IP packets using somebody else's IP address. Then, the responses may be directed to the attacker).
• The authentication Data field holds a value referred to as Integrity Check Value (ICV) which is based on use of a MAC—HMAC-MD5-96 or HMAC-SHA-1-96
• parties must share a secret key
49
Authentication Header
(also called ICV-96 bits)
(A counter value up to 232 for one SA to provide anti-replay function)
(identifies a security association)
50
Scope of AH Authentication• Transport Mode
AH:— In IPv4, AH is
inserted after the original IP header and before the IP payload.
— In IPv6, AH is viewed as an end-to-end payload, i.e. it is not examined or processed by intermediate routers
— In both IPv4 and IPv6, authentication covers the entire packet, excluding mutable fields that are set to zero for MAC calculation
(dest options extension header can be before or after AH)
51
Scope of AH Authentication (cont.)• Tunnel Mode AH:
— Entire IP packet is authenticated
— AH is inserted between the original IP header and a new outer IP header
– The inner header has source / destination addresses
– The outer header has address of firewall or other security gateways
— Entire inner IP packet, including the entire IP header, is protected by AH
52
Encapsulating Security Payload (ESP)
• provides message content confidentiality & limited traffic flow confidentiality
• can optionally provide the same authentication services as AH
• supports range of ciphers, modes, padding—including DES, 3-key triple-DES, RC5, 3-key
triple-IDEA, CAST, etc.—CBC most common—pad to meet block-size, for traffic flow
53
Encapsulating Security Payload
(also called ICV computed over ESP packet minus Authentication Data field)
(To prevent replay attack)
- Transport mode: transport level segment
- Tunnel mode: IP packet
54
Transport vs. Tunnel Mode ESP
• transport mode is used to encrypt & optionally authenticate IP data—data protected but header left in clear—attacker can do traffic analysis —good for ESP host to host traffic
• tunnel mode encrypts entire IP packet—add new header for next hop—good for virtual private networks (VPNs),
gateway to gateway security
55
Transport vs. Tunnel Mode ESP (cont.)• Transport Mode:
—Encryption (and optionally authentication) is provided directly between two hosts.
• Tunnel Mode:—E.g. Four private
networks are interconnected across the Internet. Hosts use internet to communicate among themselves only. The tunnel and security gateway do not allow hosts to interact with other Internet-based hosts.
56
Scope of ESP Encryption & Authentication
• Transport Mode ESP:— In IPv4, ESP header is
inserted after the original IP header and before the transport layer header (e.g. TCP, UDP, ICMP).
— In IPv6, ESP is viewed as an end-to-end payload, i.e. it is not examined or processed by intermediate routers
— In both IPv4 and IPv6, authentication covers the cipher plus the ESP header
— The destination node examines and processes the IP and extensions headers. Then based on SPI in ESP header, decrypts the remainder of packet to recover transport-layer segment.
Used if authentication is selected
ESP Trailer=padding, pad length, next header
ESP
57
Scope of ESP Encryption & Authentication (cont.)• Tunnel Mode ESP:
— Entire IP packet is authenticated
— ESP is inserted between the original IP header and a new outer IP header
— The new header provides information for routers for routing but not for traffic analysis
— Packet plus ESP trailer is encrypted
— The destination firewall examines and processes the outer IP header plus any extension headers. Then based on SPI in the ESP header decrypts the packet and then send it to the internal network.
ESP
58
Combining Security Associations
• An individual SA can implement either the AH or ESP but not both
• to implement both need to combine SA’s—form a security bundle
• have 4 cases that must be supported by compliant IPSec hosts (e.g. workstations and servers) or security gateways (e.g. firewall, router).
59
Combining Security Associations
Security is provided between any two systemwith IPSec (sharing secret key)
Security is provided only between gateways (routers, firewalls, etc.)
Cases (1) and (2) are combined
Case (1) plus support for a remote hostto reach firewall and server behind it
60
Key Management
• handles key generation & distribution• typically need 2 pairs of keys
—transmit for AH & transmit for ESP—receive for AH & receive for ESP
• manual key management—System admin manually configures every
system
• automated key management—automated system for on demand creation of
keys for SA’s in large systems—Default automated key management protocol
for IPSec is referred to as ISAKMP/Oakley elements
61
Oakley
• a key exchange protocol• based on Diffie-Hellman (DH) key exchange• adds features to address weaknesses
—It employs a mechanism known as Cookies to solve clogging attack (to solve pseudorandom numbers problem)
—It enables two parties to negotiate a group (to set global parameters for Diffie-Hellman key exchange)
—It uses nonces to ensures against replay attacks—It enables DH key exchange with authentication
(to solve the man-in-the-middle attack)
• can use arithmetic in prime fields or elliptic curve fields
• See book for examples.
62
ISAKMP
• ISAKMP stands for Internet Security Association and Key Management Protocol
• defines procedures and packet formats to establish, negotiate, modify, & delete security associations (SAs)
• The payload format, defined by ISAKMP, provides framework for key management independent of—key exchange protocol —encryption algorithm—authentication method
63
ISAKMP
(unique ID for this message)
(header plus payload in octets)
(A pseudorandom number)
64
ISAKMP Payload Types
65
ISAKMP Message Exchange Types
66
ISAKMP Message Exchange Types (cont.)
67
Summary
• have considered:—IPSec security framework—AH—ESP—key management & Oakley/ISAKMP