An Introduction To IPsec

Bezawada Bruhadeshwar,
International Institute of
Information Technology,
Hyderabad

Overview of Presentation
Introduction



The Internet Model and Threats
Solutions Possible
Security Measures at Various Layers
IPsec: security at network layer

How IPsec works



IPsec model
Authentication Header
Encapsulating Security Payload
Internet Key Exchange

Limitations of IPsec
Conclusions

Introduction
Original Design Model for Internet

The model of Internet was made for a
more benign environment like acadaemia
All data on Internet was free to all and
anyone could share or modify the data
Since the some etiquette was being
observed by the limited Internet
community, security was hardly an issue
Internet has grown beyond acadaemia

Introduction (contd.)
Several useful applications have prompted
businesses to make use of the Internet

E.g., Amazon.com, rediff.com, icicibank.com…
Almost all conventional businesses now have a
prescence on the Internet

Some businesses only have Internet prescence

E.g., Ebay.com, Amazon.com, fabmall.com

Several social communities are built over the
Internet

E.g., Orkut.com, yahoo.groups, google groups

) In present scenario.Introduction (contd. quality of service among others) . Internet enables instant on-demand business by    Establishing communication links with suppliers and business partners By eliminating the need for costly wide area network dedicated lines Enabling remote access to corporate networks using many available Internet service providers One of the main stumbling blocks to achieve these benefits is lack of security (besides. reliability.

     Identity spoofing Denial of service Loss of privacy Loss of data integrity Replay attacks .Internet Threats The varied nature of Internet users and networks has brought the security concern To ratify the fears several threats have surfaced. such as.

database replies etc Loss of data integrity  Modifying data in transit to disrupt a valid communication Replay attacks  Using older legitimate replies to execute new and malicious transactions .) Identity spoofing  Executing transactions by masquerading Denial of service  Preventing a service provider by flooding with fake requests for service Loss of privacy  Eavesdropping on conversations.Internet Threats (contd.

replay attacks and denial of service can be averted The question is where should such a solution be implemented in the protocol stack? .Solutions to the Problems Confidentiality  If data is encrypted intruders cannot observe Integrity  Modification can be detected Authentication   If devices can identify source of data then it is difficult to impersonate a friendly device Spoofing .

Start Necessary Digression… .

Public-Key Cryptography A user generates two keys: public-key and privatekey pair Public-key and private-key pairs can be viewed as mutually cancelling  What public-key can encrypt only private-key can decrypt Public-key is known to everyone  Anyone can send a message to the user using public key Private-key is secret  Only the user can decrypt with private key Encryption with private is called digital signature  Can be verified but cannot be forged .

hk(xi)) it is computationally infeasible to compute any text-MAC pair (x. parametrized by a secret k. validate each other .Message Authentication Codes A Message Authentication Code algorithm is a family of hash functions h k. with properties:    Ease of computation: given a key k and input x. it is easy to compute hk(x) Compression: hk maps an input of arbitrary length to an output of hk(x) of bitlength n Computation-resistance: given zero or more text-MAC pairs (xi. hk(x)) for any new input x If two users share a cryptographic key they can use it generate same MAC and hence.

Recalling Protocol Stack Application Link Layer Physical Layer NFS IP SNMP FTP DNS FTP SMTP HTTP TCP. UDP .

End Digression… .

SSH.Security Measures at Different Layers Application Layer PGP. Kerberos. Transport Layer SSL/Transport Layer Security (TLS) Network Layer IPsec Data Link Layer Hardware encryption . etc.

Security Measures at Different Layers (contd. and is protocol specific Link layer security    Implemented in hardware Requires encryption decryption between every link Difficult to implement in Internet like scenario .) Application Layer Security    Implemented as a User Software No need to modify operating system or underlying network structure Each application and system requires its own security mechanisms TLS (transport layer security) is implement as user-end software.

ietf. rfc’s 43014308) IPsec is below transport layer and is transperant to applications  IPsec provides security to all traffic passing through the IP layer End users need not be trained on security mechanisms.IPsec: Security at IP Layer IPsec is a framework of open standards developed by IETF (www. issued keys or revoked IPsec has the granularity to provide per-user security if needed .org.

IPsec: Security at IP Layer (contd.) IPsec has additional advantages of protecting routing architecture    IPsec can assure that a router advertisement is from an authorised router A routing update is not forged A neighbor advertisement comes from an authroized router .

IPsec Services Access control Connectionless Integrity Data origin authentication Rejection of replayed packets Confidentiality Limited traffic flow confidentiality .

IPsec Existence .

) Protects data flow between/among    Pair of hosts: end-to-end protection between two users.IPsec Existence (contd. Secures entire traffic from/to the network Security gateway and a host: secure remote access to network resources Granularity in Ipsec   Mode. protocols Which subsets of traffic are afforded protection . firewall. independent of applications they are using Pair of security gateways: A security gateway can be a router. proxy etc. choice of cryptographic algorithms.

IPsec at a Glance IPsec uses a combination of the following techniques to provide its services    Diffie-Hellman key exchange to establish keys between peers Encryption algorithms like DES to provide confidentiality Keyed hash algorithms like MD5 and SHA1 to provide message authentication .

Security Policy Database IPsec protocol components IPsec modes Authentication Header Encapsulating Security Payload Internet Key Exchange Commercial Instantiations .IPsec: Roadmap Security Association.

Security Association A simplex (one-way) relationship that affords security services to the traffic carried by it Only one service per SA : AH or ESP To secure bi-directional traffic 2 SAs are required Specified by Security parameters index (SPI). destination IP address   Multiple SAs used by same source/receiver Multiple sources can use same SA .

BYPASS . DISCARD.Security Policy Database Defines policies for all IP traffic passing through the interface Protection offered by IPsec is based on requirements defined by a security policy database. SPD Packets are selected for one of three processing actions based on IPheader information. matched against entries in SPD  Actions:PROTECT.

entries identifying outbound traffic SPD-S(secure traffic). create SAs. . SPDI.) Logical divisions of SPD: SPD-S. SPD-O    SPD-I (bypassed or discarded). entries that apply to the inbound traffic SPD-O(bypassed or discarded).Security Policy Database (contd. entries to lookup SAs.

Internet Key Exchange. defines the information that needs to be added to the IP packet to achieve the required services.IPsec components IPsec consists of two important protocol components   The first. which negotiates security association between two peers and exchanges keying material . These are classified further as Authentication Header and Encapsulating Security Protocol The second.

UDP) Network Layer (IP) Data Link Header 1 Layer Header 2 Original Message Header 3 Data 3 Data 2 Data 1 .Recalling Packet Headers Encapsulation of Data for Network Delivery Application Layer Transport Layer (TCP.

IPsec Modes IPsec can operate in two modes  Transport Mode  Only IP payload is encrypted  IP headers are left in tact  Adds limited overhead to the IP packet  Tunnel  Entire IP packet is encrypted  New IP headers are generated for this packet  Transperant to end-users .

IPsec modes (contd.) Transport Mode: protect the upper layer protocols Original IP Datagram IP Header TCP Header Transport Mode protected packet IP Header IPSec Header Data TCP Header Data protected Tunnel Mode: protect the entire IP payload Tunnel Mode protected packet New IP Header IPSec Header Original IP Header protected TCP Header Data .

multiple of 32-bits) .Authentication Header This information is added to the header to provide the following services:   Access control. rejection of replayed packets Information added are:  Sequence number (32-bit)  Integrity check value (variable. data origin authentication. connectionless integrity.

header length.Authentication Header (contd. MD5.) Anti-replay attacks   Range of sequence numbers for session is 2 321 Sequence numbers are not reused Integrity Check Value (ICV)   Keyed MAC algorithms used: AES. SHA-1 MAC is calculated over immutable fields in transit (source/dest. packet length) . addr. IP version.

Encapsulating Security Payload Three types of services      Confidentiality only Integrity only Confidentiality and integrity Anti-replay service Limited traffic flow confidentiality .

variable) Integrity check value-ICV (variable.ESP (contd. computed over ESP header (all above data) .) Header fields      Security parameters index (32-bit) Sequence number (32-bit) Encrypted payload (variable)+padding(0-255 bytes) computed over upper layer segment (transport mode) or entire packet (tunnel mode) TFC padding (optional. optional).

Some auditable events by IPsec are:      Invalid SA Processing fragmented packet Transmitting packet which can cause sequence number overflow Received packet fails anti-replay Integrity check fails .) Most purposes ESP is sufficient to achieve both confidentiality and integrity.ESP (contd.

Internet Key Exchange (IKE) IKE creates authenticated secure channel between two peers and then. negotiates SA Phases of IKE    Authentication Key Exchange Establishing SA .

Authentication Two peers in IPsec need to identify each other. only valid receivers can recover data  Public key cryptography: Nonces are exchanged using other user’s public-key and replies are checked for verification  Public-key to encrypt. Private-key to decrypt . Forms of authentication :  Pre-shared keys: same keys are pre-installed and authentication is done exchanging known data  Decryption requires same key and hence.

IKE and IPsec .

. can all degrade security provided by IPssec. poor random number generators. misconfiguration of protocols.Limitations Security implemented by AH and ESP ultimately depends on their implementation Operating environment affects the way IPsec security works Defects in OS security.

Cryptographic Standards for ESP & IKE Encapsulating Security Payload   ESP encryption: TripleDES in CBC mode [RFC2451] ESP integrity : HMAC-SHA1-96 [RFC2404] IKE and IKEv2     Encryption : TripleDES in CBC mode [RFC2451] Pseudo-random function: HMAC-SHA1 [RFC2104] Integrity : HMAC-SHA1-96 [RFC2404] Diffie-Hellman group: 1024-bit Modular Exponential (MODP) [RFC2409] .

operating systems need not be changed  Implementation can be limited to secure gateways Several products based on IPsec are commercially deployed Users can even enable and use IPsec on their machines .Conclusions IPsec provides a method for creating secure private networks over public networks Applications.