8.X Sec & I Pv6
-
Upload
phanleson -
Category
Technology
-
view
432 -
download
3
Transcript of 8.X Sec & I Pv6
![Page 1: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/1.jpg)
Course 3: Network Security, Section 8Pascal Meunier, Ph.D., M.Sc., CISSPMay 2004, updated July 30, 2004Developed thanks to the support of Symantec Corporation,NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise CenterCopyright (2004) Purdue Research Foundation. All rights reserved.
![Page 2: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/2.jpg)
Course 3 Learning Plan
Architecture Physical and link layer Network layer Transport layer Application layer: DNS, RPC, NFS Application layer: Routing Wireless networks More secure protocols: DNSSEC, IPSEC, IPv6
![Page 3: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/3.jpg)
Learning objectives
Understand how IPSEC and IPv6 are inter-related Learn the IPSEC header types and transport modes Understand how ISAKMP and IKE support IPSEC Understand how DNSSEC can secure some
vulnerabilities in DNS
![Page 4: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/4.jpg)
More Secure Protocols
-IPSEC, IPv6– ISAKMP– IKE
DNSSEC
![Page 5: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/5.jpg)
IPSEC Outline
Goals, Services Relationship to IPv6 Fundamental Concept: Security Associations IPSEC Headers (protocols)
– Authentication Header (AH)– Encapsulating Security Payload (ESP)
IPSEC support protocols– IKE– ISAKMP
Advanced topics– Security limitations of IPSEC– NAT and IPSEC
![Page 6: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/6.jpg)
IPSEC Goals
Add-on to IPv4 Built into IPv6 Provides, at the IP layer:
– Authentication– Integrity– Confidentiality
Does not provide solutions or solve problems for Availability
![Page 7: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/7.jpg)
IPSEC Services
Access control Connectionless integrity Data origin authentication Protection against replays (a form of partial
sequence integrity) Encryption (confidentiality) Limited traffic flow confidentiality
– e.g., Does Eve need to know that Alice and Bob are exchanging data?
![Page 8: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/8.jpg)
Differences IPv6 vs IPv4
New ICMP architecture (ICMPv6) Expanded Addressing Capabilities Header Format Simplification Improved Support for Extensions and Options Flow Labeling Capability (for quality of service) Authentication and Privacy Capabilities
– i.e., IPSEC (RFC 2460)
![Page 9: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/9.jpg)
Security Associations
Channel that provides certain properties (keys, algorithms...) to the traffic between the hosts
Directional: Host A to Host B Uniquely identified by a triple:
– Security Parameter Index Some integer
– IP Destination Address (so far only unicast)– Protocol header identifier
See header types on next slides
SAs must be established and negotiated before any data is exchanged.
![Page 10: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/10.jpg)
SA Headers
Each SA must be of type – AH (Authentication Header) or– ESP (Encapsulating Security Payload)
Two modes:– Tunnel– Transport
{X, 192.168.1.2, ESP}
192.168.1.2 192.168.1.3
{Z, 192.168.1.3, AH}
![Page 11: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/11.jpg)
Transport Mode
Does not hide or replace the original IP header– AH header is used in illustration
IPHeader
TCPHeader
TCPPayload
IPHeader
TCPHeader
TCPPayload
SAHeader
Packet transformation for SA transport
![Page 12: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/12.jpg)
Tunnel Mode
Adds a new IP header Allows nesting of SAs Protects the original IP header
IPHeader
TCPHeader
TCPPayload
IPHeader
TCPHeader
TCPPayload
SAHeader
Packet transformation for SA tunnel
IPHeader
Note: The illustration applies to a AH header
![Page 13: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/13.jpg)
IP Authentication Header
RFC 2402 AH goals:
– connectionless integrity– data origin authentication– optional anti-replay service
Which IPSEC service doesn’t AH provide?
![Page 14: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/14.jpg)
Answer
Confidentiality
![Page 15: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/15.jpg)
Authentication Header Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Payload Len | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security Parameters Index (SPI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number Field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Authentication Data (variable) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
![Page 16: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/16.jpg)
Integrity
Provided by an Integrity Check Value (ICV)– Stored in the "authentication data" field
Calculation method: HMAC with either of:– MD5– SHA-1
Uses a secret key exchanged during SA negotiation
![Page 17: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/17.jpg)
Authentication
Hash is calculated over as much data as possible
IPHeader
TCPHeader
TCPPayload
SAHeader
Authenticated except for mutable fields
IPHeader
TCPHeader
TCPPayload
SAHeader
IPHeader
![Page 18: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/18.jpg)
AH Data Origin Authentication
Because the HMAC secret is specific to the SA Because the IP addresses are included in the
HMAC calculation
![Page 19: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/19.jpg)
AH Anti-Replay Service
Sender puts in a Sequence Number– Not to be confused with the TCP sequence number– SAs become void when the sequence number overflows
Receiver must verify it– optional
HMAC calculation guarantees that nobody could alter the sequence number or inject malicious packets with the correct sequence number– So it doesn't matter if the sequence number is predictable
![Page 20: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/20.jpg)
ESP
Has service options 2 service types
– Confidentiality Confidentiality through encryption Limited traffic flow confidentiality
– Requires tunnel mode so that the original IP header is encrypted
– Authentication Connectionless integrity Data origin authentication Optional anti-replay service
– Can be selected only if data origin authentication was selected
Both types can be present at the same time Described in RFC 2406
![Page 21: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/21.jpg)
ESP Parts
Header Trailer
– Not present in AH
Authentication– Part of the AH header
![Page 22: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/22.jpg)
ESP Transport Mode
Does not hide or replace the original IP header
IPHeader
TCPHeader
TCPPayload
IPHeader
TCPHeader
TCPPayload
ESPHeader
Packet transformation for ESP transport
ESPTrailer
ESPAuth
![Page 23: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/23.jpg)
ESP Tunnel Mode
Adds a new IP header Allows nesting of SAs Protects the original IP header
IPHeader
TCPHeader
TCPPayload
IPHeader
TCPHeader
TCPPayload
ESPHeader
Packet transformation for ESP tunnel
IPHeader
ESPTrailer
ESPAuth
![Page 24: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/24.jpg)
ESP Authentication
Uses the same idea as AH authentication– HMAC provides integrity and data origin authentication
Sequence number provides optional protection from replay attacks
ESP authentication does not protect the IP header in transport mode– AH header protects the IP header as much as possible
![Page 25: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/25.jpg)
ESP Coverage
Hash is calculated over less data than AH header
Authenticated
IPHeader
TCPHeader
TCPPayload
ESPHeader
ESPTrailer
ESPAuth
IPHeader
TCPHeader
TCPPayload
ESPHeader
IPHeader
ESPTrailer
ESPAuth
Encrypted
![Page 26: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/26.jpg)
Question
Why would someone prefer AH instead of ESP?
a) AH is more compatible with IPv4b) AH is significantly fasterc) ESP can’t authenticated) AH authenticates the headerse) no reason
![Page 27: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/27.jpg)
Question
Why would someone prefer AH instead of ESP?
a) AH is more compatible with IPv4b) AH is significantly fasterc) ESP can’t authenticated) AH authenticates the headerse) no reason
![Page 28: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/28.jpg)
ISAKMP
Internet Security Association and Key Management Protocol
Aims to be "a common security establishment protocol"– Means it helps setup security associations
Problem statement: How do you– Perform initial authentication of peers– Create, manage and delete associations
Specify AH or ESP
– Decide which encryption algorithm to use– Decide which authentication algorithm to use
Described in RFC 2408– Rides on top of UDP
![Page 29: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/29.jpg)
Fundamental Basis for ISAKMP/IPSEC
Public key cryptography– Hosts are identified with certificates signed by a Certificate
Authority Including public key
Need for Public Key Infrastructure (PKI) Internet Policy Registration Authority (IPRA)
– Policy Certification Authorities (PCA) Certificate Authorities (CAs)
![Page 30: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/30.jpg)
Certificate Payloads
ISAKMP has the ability to carry certificate payloads Where to get certificates?
1. DNSSEC or equivalent
2. Certificate Payloads (ISAKMP) PKCS #7 wrapped X.509 certificate PGP certificate X.509 Kerberos Tokens DNS signed key
![Page 31: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/31.jpg)
ISAKMP Characteristics
Abstract, ubiquitous framework Heavy
1. Hosts must first establish an SA for ISAKMP exchanges
2. Then the needed SAs can be established– Many fields or messages to negotiate– Implements reliability
– Timers, resending of packets
![Page 32: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/32.jpg)
ISAKMP
Flexible– Many negotiation options
Complicated– The negotiation options have various advantages and
disadvantages– The security implications of the choices, and which one is
optimal for a given task, are not obvious
Does not perform the actual key generation and exchange– Need to use IKE (see next slide)
![Page 33: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/33.jpg)
IKE
Internet Key Exchange RFC 2409 IKE works with ISAKMP to establish and manage
SAs to provide IPSEC services. Key exchange can be done manually and IPSEC
still works; IKE automates it. Details out of the scope of this presentation
![Page 34: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/34.jpg)
DNSSEC
DNS Extension Based on cryptographic digital signatures Basic Idea:
– Store public keys in DNS records "KEY" resource record Associated with a name
– Use those to authenticate DNS transactions
Provides:– Data integrity– Authentication
![Page 35: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/35.jpg)
Zones
Each zone has a public/private key pair– RR sets are signed with the private key– Resolvers can verify the signature with a public key
Initial public key must be seeded securely somehow From that key, a chain of trust is created to other zones
Guarantees integrity and authenticity No cache poisoning IN-ADDR.ARPA domain information still controlled
by possibly untrustworthy sources– Even if the data is signed, it may be malicious– Inconsistencies between the two DNS trees are not
resolved
![Page 36: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/36.jpg)
DNSSEC Today
Still not in wide use Had several setbacks in specification development Doesn't solve all problems
– However an incremental improvement is better than status quo
Meetings and plans to establish the deployment roadmap (2004)
![Page 37: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/37.jpg)
Question
The AH IPSEC header provides: a) Connectionless integrity, data origin
authentication, and an optional anti-replay service b) Confidentiality (encryption) and limited traffic flow
confidentiality
![Page 38: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/38.jpg)
Question
The AH IPSEC header provides: a) Connectionless integrity, data origin
authentication, and an optional anti-replay service b) Confidentiality (encryption) and limited traffic
flow confidentiality
![Page 39: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/39.jpg)
Question
Which is the strong requirement for the practical, widespread deployment of IPSEC, DNSSEC and related protocols?
a) Better keyed hash algorithms b) Larger cryptographic key sizes c) A mass adoption and transition to IPv6 d) A cheap, deployed public key infrastructure (PKI) e) Greater, cheaper internet bandwidth
![Page 40: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/40.jpg)
Question
Which is the strong requirement for the practical, widespread deployment of IPSEC, DNSSEC and related protocols?
a) Better keyed hash algorithms b) Larger cryptographic key sizes c) A mass adoption and transition to IPv6 d) A cheap, deployed public key infrastructure
(PKI) e) Greater, cheaper internet bandwidth
![Page 41: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/41.jpg)
Question
Security Associations are a) Bidirectional b) Multidirectional c) Special interest groups d) Unidirectional
![Page 42: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/42.jpg)
Question
Security Associations are a) Bidirectional b) Multidirectional c) Special interest groups d) Unidirectional
![Page 43: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/43.jpg)
Question
DNSSEC protects DNS against a) Malicious DNS administrators b) All networking protocol attacks c) Malicious web sites d) DNS cache poisoning
![Page 44: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/44.jpg)
Question
DNSSEC protects DNS against a) Malicious DNS administrators b) All networking protocol attacks c) Malicious web sites d) DNS cache poisoning
![Page 45: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/45.jpg)
Questions or Comments?
![Page 46: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/46.jpg)
About These Slides
You are free to copy, distribute, display, and perform the work; and to
make derivative works, under the following conditions.
– You must give the original author and other contributors credit
– The work will be used for personal or non-commercial educational uses
only, and not for commercial activities and purposes
– For any reuse or distribution, you must make clear to others the terms of
use for this work
– Derivative works must retain and be subject to the same conditions, and
contain a note identifying the new contributor(s) and date of modification
– For other uses please contact the Purdue Office of Technology
Commercialization.
Developed thanks to the support of Symantec Corporation
![Page 47: 8.X Sec & I Pv6](https://reader038.fdocuments.us/reader038/viewer/2022110204/55d4c178bb61eb52338b467c/html5/thumbnails/47.jpg)
Pascal [email protected]:Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera