What is IPsec

8/2/2019 What is IPsec

1/35

Explained


2/35

Outline

IPsec What, Why and How?

IPsec Architecture

IPSec and SSL


3/35

What Is IPsec?

IPsec is a set of security protocols andalgorithms used to secure IP data at the networklayer.

IPsec provides

data confidentiality (encryption)

integrity (hash)

authentication (signatures and certificates)Access control

Detection and rejection of Replay Attacks

while maintaining the ability to route themthrough existing IP networks.


4/35

Security Issues in IP

source spoofing

replay packets no data integrity or

confidentiality

DOS attacks Replay attacks Spyingand more

Fundamental Issue: Networks are not (and

will never be) Fully secure


5/35

IPsec Architecture Two modes of propagation: Transport and Tunnel

Three situations:Host-host, host-gateway and gateway-gateway

Security Protocols: AH and ESP

Security Associations:Security parameter index (SPI)

Security policy database (SPD)

SA database (SAD)

Key management & Exchange: IKE (ISAKMP/Oakley) Cryptographic algorithms for authentications

and encryption


6/35

6

IPsec Transport Mode

IPsec datagram emitted and received by

end-system.

IPsec IPsec


7/357

IPsec Tunneling mode

In first case end routers are IPsec aware.

Hosts need not be.

IPsec IPsec

IPsecIPsec


8/35

8

Tunnel v/s Transport

IP header

IP header

IP header

TCP header

TCP header

TCP header

data

data

data

IPSec header

IPSec header IP header

Original

Transport

mode

Tunnel

mode


9/35

Two Security Protocols

Authentication Header (AH) protocol

provides source authentication & data integrity but notconfidentiality

Encapsulation Security Protocol (ESP)

provides source authentication, data integrity, and

confidentiality . more widely used than AH

Host modewith AH

Host modewith ESP

Tunnel modewith AH

Tunnel modewith ESP

Most common and

most important


10/35

Authentication Header (AH)

RFC 2402

provides support for data integrity &

authentication of IP packets end system/router can authenticate user/app

prevents address spoofing attacks by tracking sequence numbers

based on use of a message authentication code HMAC-MD5-96 or HMAC-SHA-1-96

MAC is calculated:

immutable IP header fields

AH header (except for Authentication Data field)

the entire upper-level protocol data (immutable)

parties must share a secret key


11/35

Encapsulating Security Payload

RFC 2406 provides message content confidentiality &

limited traffic flow confidentiality

can optionally provide the sameauthentication services as AH

supports range of ciphers, modes, padding

incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC most common

pad to meet blocksize, for traffic flow


12/35

AH in Tunnel Mode


13/35

ESP in Tunnel Mode


14/35

Security Association - SA

Defined by 3 parameters: Security Parameters Index (SPI)

IP Destination Address

Security Protocol Identifier

Have a database of Security Associations

Determine IPSec processing for senders

Determine IPSec decoding for destination

SAs are not fixed. Generated and customized per

traffic flows


15/35

Security Parameters Index (SPI)

The SPI is a bit string assigned to the SA that has local

significance only.

The SPI is carried in AH and ESP headers to enable the

receiving system to select the SA under which a

received packet will be processed.

IP destination address

The IP address of the destination endpoint of the SA May

be an end-user system Or, a network system such as a

firewall or router.

Security Protocol Identifier

Indicates which IPSec protocol is in use on the SA

AH or ESP


16/35

Security Parameters Index - SPI

Can be up to 32 bits large

The SPI allows the destination to select the

correct SA under which the received packet

will be processed

According to the agreement with the sender

The SPI is sent with the packet by the sender

SPI + Dest IP address + IPSec Protocol (AH or

ESP) uniquely identifies a SA

E h SA ( i )


17/35

Each SA (contains)

Sequence number counter

Sequence counter overflow A flag indicating whether

overflow of the sequence number counter should generate anauditable event and prevent further transmission of packets onthis SA

Anti-replay window Used to determine whether an inboundAH or ESP packet is a replay, by defining a sliding window withinwhich the sequence number must fall

AH information

ESP information

Lifetime of this security association

IPSec protocol mode Tunnel or transport

Path MTU Any observed path maximum transmission unit(maximum size of a packet that can be transmitted withoutfragmentation) and aging variables (required for all

implementations)


18/35

SA Database - SAD

Holds parameters for each SA

Lifetime of this SA

AH and ESP information Tunnel or transport mode

Every host or gateway participating in

IPSec has their own SA database


19/35

Security Policy Database - SPD

What traffic to protect?

Policy entries define which SA or SA bundles

to use on IP traffic

Each host or gateway has their own SPD

Index into SPD by Selector fields

Dest IP, Source IP, Transport Protocol, IPSec

Protocol, Source & Dest Ports,


20/35

SPD Entry Actions

Discard Do not let in or out

Bypass

Outbound: do not apply IPSec Inbound: do not expect IPSec

Protect will point to an SA or SA bundle

Outbound: apply security Inbound: check that security must have been

applied


21/35

SPD Protect Actions

If the SA does not exist

Outbound processing: use IKE to

generate SA dynamically Inbound processing: drop packet


22/35

Few things to know

To decide which SA to useMay use: source and destination IP

address; protocol number.

Info in SPD indicates what to do with

arriving datagram;

Info in the SAD indicates how to do it.


23/35

Is it for IPSec?If so, which policyentry to select?

SPD

(Policy)

SA

Database

IP Packet

Outbound packet (on A)A B

SPI & IPSecPacket

Send to B

Determine the SAand its SPI

IPSec processing

Outbound Processing


24/35

Use SPI toindex the SAD

SA Database

Original IP Packet

SPI & Packet

Inbound packet (on B) A B

From A

Inbound Processing

SPD(Policy)

Was packet properlysecured?

un-process

d l


25/35

25

SPD and SADB Example

From To Protocol Port PolicyA B Any Any AH[HMAC-MD5]

Tunnel Mode

TransportMode

AC

B

As SPD

From To Protocol SPI SA Record

A B AH 12 HMAC-MD5 keyAs SADB

D

From To Protocol Port Policy Tunnel DestAny Any ESP[3DES] D Cs SPD

From To Protocol SPI SA Record

ESP 14 3DES keyCs SADB

Asub Bsub

Asub Bsub


26/35

26

# SAs encrypt w/ 192 bit keys & auth w/ 128 bit keys

Add 200.168.1.100 193.68.2.23 esp 0x201 -m tunnel -E 3des-cbc

0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 -A

hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;

Add 193.68.2.23 200.168.1.100 esp 0x301 -m tunnel -E 3des-cbc

0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df -A

hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;

# Security policies

spdadd 172.16.1.0/24 172.16.2.0/24 any -P out ipsec

esp/tunnel/ 200.168.1.100 - 193.68.2.23 /require;

spdadd 172.16.2.0/24 172.16.1.0/24 any -P in ipsec

esp/tunnel/ 193.68.2.23 - 200.168.1.100 /require;

2 SAs

addedto SAD

SPI

2 policies

added

to SPD apply to all packets


27/35

Key Management IKE provides a standardized method for dynamically

authenticating IPSec peers, negotiating security services,and generating shared keys

There are five variations of an IKE negotiation:

Two modes (aggressive mode and main mode)

Three authentication methods (preshared, public keyencryption, and public key signature)

IKE has evolved from many different protocols and can be

thought of as having two distinct capabilities

ISAKMP (Key Management)

Oakley (Key Distribution)


28/35

ISAKMP

Internet Security Association and Key

Management Protocol (RFC 2407)

provides framework for key management

defines procedures and packet formats to

establish, negotiate, modify and delete SAs

independent of key exchange protocol,

encryption algorithm and authentication method


29/35

Oakley

RFC 2412

a key exchange protocol

based on Diffie-Hellman key exchange adds features to address weaknesses

cookies, groups (global params), nonces, DH

key exchange with authentication can use arithmetic in prime fields or elliptic

curve fields


30/35

Diffie-Hellman is a standard method of Alice and Bob being able

to communicate, and end up with the same secret encryption

key


31/35


32/35


33/35


34/35

IPsec v/s SSL

IPSEC is a huge and overly complicated set ofcrypto protocols while SSL is a just a securetransport layer.

IPSec works at the Network Layer; SSL works atthe Application layer. SSL is clientless, IPSec needsa provisioned client.

SSL works in many more locations since it does

not need to deal with NAT which is enabled in somany places and prevents IPSec from workingeasily.


35/35

References

What is IPsec

Documents

Transcript of What is IPsec