IP Security. Cunsheng Ding HKUST, Kong Kong, China

Transcription

1 IP Security Cunsheng Ding HKUST, Kong Kong, China

2 Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building Blocks: IPSec Protocols - ESP and AH Building Block: Security Policy Database Building blocks: Key Management Protocols The Whole Picture of IPSec C. Ding - CSIT571 - L20

3 The Internet Layers Application Transport/session Internet Interface telnet,ftp,http, smtp,set TCP, UDP IP Network technology protocols smtp = simple mail transfer protocol C. Ding - CSIT571 - L20

4 Attacks Against IP n A number of attacks against IP are possible. n Typically, these exploit the fact that IP does not perform a robust mechanism for sender authentication. n IP Spoofing n This is where one host claims to have the IP address of another. n IP Session Hijacking n It is an attack whereby a user's session is taken over, being in the control of the attacker. n If the user was in the middle of , the attacker is looking at the , and then can execute any commands he wishes as the attacked user. Conclusion: Security mechanism at the network layer would help. C. Ding - CSIT571 - L20

5 Where can we put security? HTTP AH FTP TCP IP SMTP ESP Network approach S-HTTP TCP IP S/MIME Application approach HTTP FTP SSL/TLS TCP IP SMTP Transport approach SET HTTP FTP TCP IP PGP SMTP Presentation approach Advantaqes and disadvantage of each? C. Ding - CSIT571 - L20

6 Brief Introduction to IPSec C. Ding - CSIT571 - L20

7 Internet Engineering Task Force Standardization IPSEC WG (IETF) Define security architecture Standardize IP Security Protocol and Internet Key Management Protocol 1998: revised version of IPSec Architecture IPsec protocols (two sub-protocols AH & ESP) Internet Key Exchange (IKE) 2005: Updated version (RFC ) C. Ding - CSIT571 - L20

8 IPsec: Network Approach Provides security for IP and upper layer protocols Suit of algorithms: Mandatory-to-implement Assures interoperability Easy to add new algorithms C. Ding - CSIT571 - L20

9 IP Security Overview IPSec provides the following: Data origin authentication Connectionless data integrity Data content confidentiality Anti-replay protection Limited traffic flow confidentiality C. Ding - CSIT571 - L20

10 Building Blocks: Security Association

11 Security Association n It is a one-way relationship between a sender and a receiver. n It associates security services and keys with the traffic to be protected. n It is identified by: n Security Parameter Index (SPI) à retrieve correct SA parameters from Security Association Database (SAD) n IPSec protocol identifier (AH or ESP) n Destination address (firewall, router)

12 Security Association Defines security services and mechanisms between two end points (or IPsec modules): Hosts Network security gateways (e.g., routers, application gateways) Hosts and security gateways Defines parameters, mode of operation, and initialization vector e.g., Confidentiality using ESP with DES in CBC mode with IV initialization vector May use either Authentication Header (AH) or Encapsulating Security Payload (ESP).

13 Security Association Host A Security Association: # ipsecadm new esp -spi src HostA \ -dst HostB -forcetunnel -enc 3des -auth sha1 \ -key 7762d d974168cbb1d274f8bed4cbd3364 \ -authkey 6a20367e21c66e5a40739db293cf2ef2a4e6659f Host B Security Association: # ipsecadm new esp -spi src HostB \ -dst HostA -forcetunnel -enc 3des -auth sha1 \ -key 7762d d974168cbb1d274f8bed4cbd3364 \ -authkey 6a20367e21c66e5a40739db293cf2ef2a4e6659f RemarK: src = source, dst = destination, keysize = 160 bits spi is a binary string at most 32 bits, used to create and delete SA, the spi values between 0 and 100 are reserved.

14 SA -- Lifetime Amount of traffic protected by a key and time frame the same key is used Manual creation: no lifetime Dynamic creation: may have a lifetime

15 Building Blocks: Security Policy Database

16 Security Policy Database (SPD) Defines: What traffic to be protected (e.g., messages only) How to protect (e.g., use ESP or AH) With whom the protection is shared (e.g., with John) For each packet entering or leaving an IPsec implementation, SPD is used to determine security mechanism to be applied Actions: Discard: do not let packet in or out Bypass: do not apply or expect security services Protect: apply/expect security services on packets

17 SPD and SAD Examples n Visit the course webpage for examples of a SPD and a SAD n Visit the course webpage for the relationships between a SPD and a SAD

18 Building Blocks: IPSec Protocols

19 IPSec Protocols n Encapsulating Security Payload (ESP) n Proof of data origin, data integrity, antireplay protection n Data confidentiality and limited traffic flow confidentiality n Authentication Header (AH) n Proof of data origin, data integrity, antireplay protection n No data confidentiality n May provide non-repudiation & anti-replay (it depends on the algorithm used.)

20 Transport Mode: AH & ESP n Usage: protect upper layer protocols n IPSec header is inserted between the IP header and the upper-layer protocol header n Communication endpoints must be cryptographic endpoints (for end-to-end authentication), i.e., the endpoints generate/process IP header (AH, ESP). n Only data is protected. protected IP IPsec Payload

21 When is Transport Mode Used Both endpoints are cryptographic endpoints, i.e. they generate / process an IPSec header (AH or ESP)

22 Tunnel Mode: AH & ESP n Usage: protect entire IP datagram n Entire IP packet to be protected is encapsulated in another IP datagram and an IPsec header is inserted between the outer and inner IP headers protected IP IPsec IP Payload New IP header Original IP header

23 When Is Tunnel Mode Used Tunnel mode is used when at least one cryptographic endpoint is not a communication endpoint of the secured IP packets. Outer IP Header Destination for the router. Inner IP Header Ultimate Destination

24 Encryption and Authentication Algorithms n Encryption: n Triple DES in CBC mode (MUST) n AES in CBC mode (SHOULD+) n AES in CTR (counter) mode (SHOULD) n Authentication: n HMAC-MD5-96 (MAY) n 96 truncated bites from 120 n HMAC-SHA-1-96 (MUST) n 96 truncated bites from 160 n AES-XCBC-96 (SHOULD+) n 96 truncated bites from 128

25 Building Blocks: Key management protocol IKE

26 Key Management n IPSec needs secret keys: n for transmitting and receiving both AH and ESP n It supports two types of key management: n Manual: A system administrator manually configures each system with its own keys and with the keys of other communicating systems. n Automated: An automated system enable the ondemand creation of keys for SAs and facilitates the use of keys in a large distributed system with an evolving configuration.

27 Key Management Protocol n The management protocol is called Internet Key Exchange (IKE). n It has two versions. n n IKE 1998, IKEv It is the most complicated sub-protocol of IPSec. n Details are omitted in this course, but we will present its outline here.

28 Key exchange protocol Key Management

29 Whole Picture of IPSec

30 IP Security Architecture IPsec module 1 IPsec module 2 SPD SPD IKE IKE SAD IPsec IPsec SAD SA SAD: Security Association Database SPD: Security Policy Database IKE: Internet Key Exchange

31

32 IPSec Uses

33 Applications of IPSec n Using IPSec all distributed applications can be secured, n Remote logon, n client/server, n , n file transfer, n Web access n etc.

34 Benefits of Using IPSec n The benefits of IPSec include: n IPSec can be transparent to end users. n There is no need to train users on security mechanisms n IPSec can provide security for individual aplication n By configuration, IPSec is applied to only one specified application.