You are on page 1of 35


IPsec What, Why and How? IPsec Architecture IPSec and SSL

What Is IPsec?
IPsec is a set of security protocols and algorithms used to secure IP data at the network layer. IPsec provides
data confidentiality (encryption) integrity (hash) authentication (signatures and certificates) Access control Detection and rejection of Replay Attacks

while maintaining the ability to route them through existing IP networks.

Security Issues in IP
source spoofing replay packets no data integrity or confidentiality

DOS attacks

Replay attacks Spying and more

Fundamental Issue: Networks are not (and will never be) Fully secure

IPsec Architecture
Two modes of propagation: Transport and Tunnel Three situations: Host-host, host-gateway and gateway-gateway Security Protocols: AH and ESP Security Associations:
Security parameter index (SPI) Security policy database (SPD) SA database (SAD)

Key management & Exchange: IKE (ISAKMP/Oakley) Cryptographic algorithms for authentications and encryption

IPsec Transport Mode



IPsec datagram emitted and received by end-system.

IPsec Tunneling mode





In first case end routers are IPsec aware. Hosts need not be.

Tunnel v/s Transport

IP header TCP header data

Transport mode

IP header

IPSec header

TCP header


Tunnel mode

IP header

IPSec header

IP header

TCP header


Two Security Protocols

Authentication Header (AH) protocol provides source authentication & data integrity but not confidentiality Encapsulation Security Protocol (ESP) provides source authentication, data integrity, and confidentiality . more widely used than AH Host mode with AH Host mode with ESP
Most common and most important

Tunnel mode with AH

Tunnel mode with ESP

Authentication Header (AH)

RFC 2402 provides support for data integrity & authentication of IP packets
end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers

based on use of a message authentication code

HMAC-MD5-96 or HMAC-SHA-1-96 MAC is calculated:

immutable IP header fields AH header (except for Authentication Data field) the entire upper-level protocol data (immutable)

parties must share a secret key

Encapsulating Security Payload

RFC 2406 provides message content confidentiality & limited traffic flow confidentiality can optionally provide the same authentication services as AH supports range of ciphers, modes, padding
incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC most common pad to meet blocksize, for traffic flow

AH in Tunnel Mode

ESP in Tunnel Mode

Security Association - SA
Defined by 3 parameters:
Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier

Have a database of Security Associations Determine IPSec processing for senders Determine IPSec decoding for destination SAs are not fixed. Generated and customized per traffic flows

Security Parameters Index (SPI)

The SPI is a bit string assigned to the SA that has local significance only.
The SPI is carried in AH and ESP headers to enable the receiving system to select the SA under which a received packet will be processed.

IP destination address
The IP address of the destination endpoint of the SA May be an end-user system Or, a network system such as a firewall or router.

Security Protocol Identifier

Indicates which IPSec protocol is in use on the SA AH or ESP

Security Parameters Index - SPI

Can be up to 32 bits large The SPI allows the destination to select the correct SA under which the received packet will be processed
According to the agreement with the sender The SPI is sent with the packet by the sender

SPI + Dest IP address + IPSec Protocol (AH or ESP) uniquely identifies a SA

Each SA (contains)
Sequence number counter
Sequence counter overflow A flag indicating whether
overflow of the sequence number counter should generate an auditable event and prevent further transmission of packets on this SA

Anti-replay window Used to determine whether an inbound

AH or ESP packet is a replay, by defining a sliding window within which the sequence number must fall

AH information ESP information Lifetime of this security association IPSec protocol mode Tunnel or transport Path MTU Any observed path maximum transmission unit
(maximum size of a packet that can be transmitted without fragmentation) and aging variables (required for all implementations)

SA Database - SAD
Holds parameters for each SA
Lifetime of this SA AH and ESP information Tunnel or transport mode

Every host or gateway participating in IPSec has their own SA database

Security Policy Database - SPD

What traffic to protect? Policy entries define which SA or SA bundles to use on IP traffic Each host or gateway has their own SPD Index into SPD by Selector fields
Dest IP, Source IP, Transport Protocol, IPSec Protocol, Source & Dest Ports,

SPD Entry Actions

Do not let in or out

Outbound: do not apply IPSec Inbound: do not expect IPSec

Protect will point to an SA or SA bundle

Outbound: apply security Inbound: check that security must have been applied

SPD Protect Actions

If the SA does not exist Outbound processing: use IKE to generate SA dynamically Inbound processing: drop packet

Few things to know

To decide which SA to use May use: source and destination IP address; protocol number. Info in SPD indicates what to do with arriving datagram; Info in the SAD indicates how to do it.

Outbound Processing
Outbound packet (on A)
IP Packet SPD (Policy) Is it for IPSec? If so, which policy entry to select? IPSec processing

SA Database

Determine the SA and its SPI

SPI & IPSec Packet

Send to B

Inbound Processing
Inbound packet (on B)

From A
SPI & Packet SA Database SPD (Policy) Was packet properly secured?

Use SPI to index the SAD


Original IP Packet

SPD and SADB Example

Transport Mode

Tunnel Mode

From To

From A From A Protocol Any

To B To B Port Any

Protocol Any Protocol AH Policy

Port Any SPI 12

Policy AH[HMAC-MD5] SA Record HMAC-MD5 key Tunnel Dest D





Protocol ESP

SA Record 3DES key



# SAs encrypt w/ 192 bit keys & auth w/ 128 bit keys Add esp 0x201 -m tunnel -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; SPI Add esp 0x301 -m tunnel -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;

2 SAs added to SAD

2 policies added to SPD

# Security policies spdadd any -P out ipsec esp/tunnel/ - /require; apply to all packets spdadd any -P in ipsec esp/tunnel/ - /require; 26

Key Management
IKE provides a standardized method for dynamically authenticating IPSec peers, negotiating security services, and generating shared keys There are five variations of an IKE negotiation: Two modes (aggressive mode and main mode) Three authentication methods (preshared, public key encryption, and public key signature) IKE has evolved from many different protocols and can be thought of as having two distinct capabilities ISAKMP (Key Management) Oakley (Key Distribution)

Internet Security Association and Key Management Protocol (RFC 2407) provides framework for key management defines procedures and packet formats to establish, negotiate, modify and delete SAs independent of key exchange protocol, encryption algorithm and authentication method

RFC 2412 a key exchange protocol based on Diffie-Hellman key exchange adds features to address weaknesses
cookies, groups (global params), nonces, DH key exchange with authentication

can use arithmetic in prime fields or elliptic curve fields

Diffie-Hellman is a standard method of Alice and Bob being able to communicate, and end up with the same secret encryption key

IPsec v/s SSL

IPSEC is a huge and overly complicated set of crypto protocols while SSL is a just a secure transport layer. IPSec works at the Network Layer; SSL works at the Application layer. SSL is clientless, IPSec needs a provisioned client. SSL works in many more locations since it does not need to deal with NAT which is enabled in so many places and prevents IPSec from working easily.