K. Salah 1

Security Protocols in the Internet Security Protocols in the Internet

IPSecIPSec

K. Salah 2

Security facilities in the TCP/IP protocol Security facilities in the TCP/IP protocol stackstack

K. Salah 3

IP Security (IPSec) is a collection of protocols designed IP Security (IPSec) is a collection of protocols designed by the IETF (Internet Engineering Task Force) to by the IETF (Internet Engineering Task Force) to provide security for a packet at the IP level. provide security for a packet at the IP level.

IPSec does not define the use of any specific IPSec does not define the use of any specific encryption or authentication method.encryption or authentication method.

IPSec provides a framework and a mechanism; it IPSec provides a framework and a mechanism; it leaves the selection of the encryption, authentication, leaves the selection of the encryption, authentication, and hashing methods to the user.and hashing methods to the user.

IPSec is still evolving, especially with present of FWs IPSec is still evolving, especially with present of FWs and NATsand NATs

K. Salah 4

An SA is a crypto-protected connectionAn SA is a crypto-protected connection One SA in each direction…

At each end, the SA contains a key, the identity of the At each end, the SA contains a key, the identity of the other party, the sequence number, and crypto other party, the sequence number, and crypto parameters (DES, 3DES, MD5, SHA1, etc)parameters (DES, 3DES, MD5, SHA1, etc)

IPSec header indicates which SA to useIPSec header indicates which SA to use Parties will maintain a database of SAs for currently-Parties will maintain a database of SAs for currently-

open connectionsopen connections Used both to send and receive packets

SA connection is uniquely defined by three elements:SA connection is uniquely defined by three elements: 32-bit security parameter index (SPI), which acts as a virtual

circuit identifier (VCI) as in Frame Relay or ATM. Type of the protocol used for security: AH or ESP or IKE

IKE provides mutual authentication, establishes shared key, and creates SA

Source IP address.

K. Salah 5

IPSec Suite & FrameworkIPSec Suite & Framework

IPsec uses the following protocols to perform IPsec uses the following protocols to perform various functions:various functions: A security association (SA) is set up by Internet Key

Exchange (IKE and IKEv2) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by IPsec.

Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.

Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.

K. Salah 6

Software Implementation Software Implementation

IPsec support is usually implemented in the kernel with key IPsec support is usually implemented in the kernel with key management and IKE negotiation carried out from user-space. management and IKE negotiation carried out from user-space. Existing IPsec implementations often include both.Existing IPsec implementations often include both.

There exist a number of implementations of IPsec and IKE There exist a number of implementations of IPsec and IKE protocols. These include:protocols. These include: OpenBSD, with its own code derived from a BSD/OS implementation. "IPsec" in Microsoft Windows, including Windows XP, Windows 2000,

Windows 2003, Windows Vista, Windows Server 2008, and Windows 7. IPsec in Solaris Linux NETKEY, a native IPsec stack based on the KAME project.

Managed with IPsec-Tools. Openswan on Linux using the NETKEY Linux IPsec stack, or its own

KLIPS stack.

K. Salah 7

Two Modes of Operation

IPSec operates in two different modes. Mode defines where the IPSec header is IPSec operates in two different modes. Mode defines where the IPSec header is applied to the IP packet.applied to the IP packet.

Transport mode IPSec header is added between the IP header and the rest of the packet. Most logical when IPSec is used end-to-end

Tunnel mode IPSec header is placed in front of the original IP header. The IPSec header, the preserved IP header, and the rest of the packet are treated as the

payload. Can be used when IPSec is applied at intermediate point along path (e.g., VPN) Results in slightly longer packet Note that data may be encrypted multiple times

K. Salah 8

AH

Authentication Header (AH) protocol is designed to Authentication Header (AH) protocol is designed to authenticate the source host and to ensure the integrity of authenticate the source host and to ensure the integrity of the payload carried by the IP packet.the payload carried by the IP packet.

The protocol calculates a message digest, using a hashing The protocol calculates a message digest, using a hashing function and a symmetric key, and inserts the digest in the function and a symmetric key, and inserts the digest in the authentication header.authentication header.

The AH protocol provides source authentication and data The AH protocol provides source authentication and data integrity,but not privacy.integrity,but not privacy.

This is transport AH

K. Salah 9

When an IP datagram carries an authentication header, the When an IP datagram carries an authentication header, the original value in the protocol field of the IP header is replaced by original value in the protocol field of the IP header is replaced by the value 51. A field inside the authentication header (next the value 51. A field inside the authentication header (next header field) defines the original value of the protocol field (the header field) defines the original value of the protocol field (the type of payload being carried by the IP datagram).type of payload being carried by the IP datagram).

Steps for authentication header:Steps for authentication header: AH is added to the payload with the authentication data field set to

zero. Padding may be added to make the total length even for a

particular hashing algorithm Hashing is based on total packet. For message digest, only those

fields of IP header that don’t change during transmission are considered.

Authentication data are included in the authentication header IP header is added after changing the value of protocol field to 51.

Payload length: Length of AH in 4-byte multiples.Payload length: Length of AH in 4-byte multiples. SPI: plays the role of VCISPI: plays the role of VCI Sequence number: Sequence number: for anti replayfor anti replay

K. Salah 10

ESP

Encapsulation Security Payload (ESP) provides source authentication, Encapsulation Security Payload (ESP) provides source authentication, privacy and integrity.privacy and integrity.

Value of IP protocol field is 50.Value of IP protocol field is 50. Field inside the ESP trailer (next header field) holds the original value Field inside the ESP trailer (next header field) holds the original value

of the protocol field of IP header.of the protocol field of IP header. StepsSteps

ESP trailer is added to the payload Payload and trailer or encrypted ESP header is added ESP header, payload and ESP trailer are used to create authenticated data. Authenticated data are added at the end of ESP trailer. IP header is added after changing the protocol value to 50.

This is transport ESP

K. Salah 11

Why doesn’t NAT work with IPSec?Why doesn’t NAT work with IPSec? Remember that the point of IPSec is not just to protect the confidentiality of the Remember that the point of IPSec is not just to protect the confidentiality of the

data, but also to assure the authenticity of the sender and the integrity of the data data, but also to assure the authenticity of the sender and the integrity of the data (that it hasn’t been changed in transit). The problem with NAT is obvious: NAT must (that it hasn’t been changed in transit). The problem with NAT is obvious: NAT must change information in the packet headers in order to do its job.change information in the packet headers in order to do its job.

The first problem is that NAT changes the IP address of the internal computer to The first problem is that NAT changes the IP address of the internal computer to that of the NAT device. The Internet Key Exchange (IKE) protocol used by IPSec that of the NAT device. The Internet Key Exchange (IKE) protocol used by IPSec embeds the sending computer’s IP address in its payload, and this embedded embeds the sending computer’s IP address in its payload, and this embedded address doesn’t match the source address of the IKE packet (which is that of the address doesn’t match the source address of the IKE packet (which is that of the NAT device). When these addresses don’t match, the receiving computer will drop NAT device). When these addresses don’t match, the receiving computer will drop the packet.the packet.

Another problem is that TCP checksums (and optionally, UDP checksums) are Another problem is that TCP checksums (and optionally, UDP checksums) are used to verify the packets. The checksum is in the TCP header and it contains the used to verify the packets. The checksum is in the TCP header and it contains the IP addresses of the sending and receiving computers and the port numbers used IP addresses of the sending and receiving computers and the port numbers used for the communications. With normal NAT communications, this isn’t a problem for the communications. With normal NAT communications, this isn’t a problem because the NAT device updates the headers to show its own IP address and port because the NAT device updates the headers to show its own IP address and port in place of the sending computer’s. However, IPSec encrypts the headers with the in place of the sending computer’s. However, IPSec encrypts the headers with the Encapsulating Security Payload (ESP) protocol. Since the header is encrypted, Encapsulating Security Payload (ESP) protocol. Since the header is encrypted, NAT can’t change it. This means the checksum is invalid, so the receiving computer NAT can’t change it. This means the checksum is invalid, so the receiving computer rejects the packet.rejects the packet.

In addition, NAT isn’t able to use the port numbers in TCP and UDP headers to In addition, NAT isn’t able to use the port numbers in TCP and UDP headers to multiplex packets to multiple internal computers when those headers have been multiplex packets to multiple internal computers when those headers have been encrypted by ESPencrypted by ESP

K. Salah 12

NAT-T: How it worksNAT-T: How it works The IPSec working group of the IEEE has created standards for NAT-T that are The IPSec working group of the IEEE has created standards for NAT-T that are

defined in RFCs 3947 and 3948. NAT-T is designed to solve the problems inherent in defined in RFCs 3947 and 3948. NAT-T is designed to solve the problems inherent in using IPSec with NAT.using IPSec with NAT.

NAT-T adds a UDP header that encapsulates the ESP header (it sits between the NAT-T adds a UDP header that encapsulates the ESP header (it sits between the ESP header and the outer IP header). This gives the NAT device a UDP header ESP header and the outer IP header). This gives the NAT device a UDP header containing UDP ports that can be used for multiplexing IPSec data streams. NAT-T containing UDP ports that can be used for multiplexing IPSec data streams. NAT-T also puts the sending computer’s original IP address into a NAT-OA (Original also puts the sending computer’s original IP address into a NAT-OA (Original Address) payload. This gives the receiving computer access to that information so Address) payload. This gives the receiving computer access to that information so that the source and destination IP addresses and ports can be checked and the that the source and destination IP addresses and ports can be checked and the checksum validated. This also solves the problem of the embedded source IP checksum validated. This also solves the problem of the embedded source IP address not matching the source address on the packet.address not matching the source address on the packet.

Firewall must be set up to support NAT-TFirewall must be set up to support NAT-T

Note:Note:This is a very simplified account of how NAT-T makes it possible for IPSec and NAT This is a very simplified account of how NAT-T makes it possible for IPSec and NAT to work together. For more detailed information, see RFC 3947 at to work together. For more detailed information, see RFC 3947 at http://www.ietf.org/rfc/rfc3947.txthttp://www.ietf.org/rfc/rfc3947.txt and RFC 3948 at and RFC 3948 at http://www.ietf.org/rfc/rfc3948.txthttp://www.ietf.org/rfc/rfc3948.txt. .

K. Salah 13

Firewall

Firewall is a device (usually a router or a computer) Firewall is a device (usually a router or a computer) installed between the internal network of an installed between the internal network of an organization and the rest of the Internet.organization and the rest of the Internet.

It is designed to forward some packets and filter (not It is designed to forward some packets and filter (not forward) others.forward) others.

A firewall can be used to deny access to a specific host A firewall can be used to deny access to a specific host or a specific service in the organization.or a specific service in the organization.

K. Salah 14

Packet-filter firewall

A firewall can be used as a packet filter. It can forward or A firewall can be used as a packet filter. It can forward or block packets based on the information in the network layer block packets based on the information in the network layer and transport layer headers: source and destination port and transport layer headers: source and destination port addresses, and type of protocol (TCP or UDP).addresses, and type of protocol (TCP or UDP).

Incoming packets from network 131.34.0.0 are blocked. ‘*’ Incoming packets from network 131.34.0.0 are blocked. ‘*’ means any.means any.

Incoming packets destined for any internal TELNET server Incoming packets destined for any internal TELNET server (port 23) are blocked.(port 23) are blocked.

And so on.And so on.

K. Salah 15

VPN

Privacy within intra-organization but still connected to Privacy within intra-organization but still connected to global Internet.global Internet.

Intra-organization data are routed through the private Intra-organization data are routed through the private internet; inter-organization data are routed through internet; inter-organization data are routed through the global Internet.the global Internet.

K. Salah 16

VPN

Private and hybrid networks are costy.Private and hybrid networks are costy. Best solution is to use global Internet for both private Best solution is to use global Internet for both private

and public communications.and public communications. VPN creates a network that is private but virtual. It is VPN creates a network that is private but virtual. It is

private but it guarantees privacy inside the private but it guarantees privacy inside the organization. It is virtual because it does not use real organization. It is virtual because it does not use real private WANs; the network is physically public but private WANs; the network is physically public but virtually private.virtually private.

VPN uses IPSec in tunnel mode to provide VPN uses IPSec in tunnel mode to provide authentication, integrity and privacy.authentication, integrity and privacy.

K. Salah 17

VPN

Each IP datagram destined for private use in the organization is Each IP datagram destined for private use in the organization is encapsulated in another datagram. encapsulated in another datagram.

To use IPSec in the tunneling mode, the VPNs need to use two To use IPSec in the tunneling mode, the VPNs need to use two sets of addressing.sets of addressing.

The public network (Internet) is responsible for carrying the The public network (Internet) is responsible for carrying the packet from R1 to R2. Outsiders cannot decipher the contents packet from R1 to R2. Outsiders cannot decipher the contents of the packet or the source and destination addresses. of the packet or the source and destination addresses. Deciphering takes place at R2, which finds the destination Deciphering takes place at R2, which finds the destination address of the packet and delivers it.address of the packet and delivers it.