The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server applications: Kerberos HTTP, etc.: SSL/TLS but what about a network as a whole? implementing security at the IP layer could ensure secure networking for all applications and transparently The Network Layer two approaches for security at the network protocol layer: end- to- end security, or network link security The Network Layer end- to- end security is a minimalist strategy encryption/decryption is restricted exclusively to the endpoint hosts communicating payload data is encrypted header information for all PDUs must remain plaintext Pros? Cons? 1
The Network Layer network link security implies that network layer devices (routers) manage encryption/decryption duties when a packet arrives at a link, it is decrypted, checked, encrypted again and transmitted to the next link each pair of routers must be equipped with encryption technology and must manage encryption keys Pros? Cons? The Network Layer: IPSec IPSec (for Internet Protocol Security ) is a hybrid model that attempts to provide more security over an insecure network layer (IPv4 or IPv6) a suite of protocols instead of Internet router implementation, IPSec creates a virtual secure network that is managed by servers that establish a secure connection between hosts all packets transmitted through this connection receive same security services The Network Layer: IPSec Security Services confidentiality. privacy of communications message integrity. can detect whether messages have been tampered with or altered authentication. can provide source authentication to prevent IP spoofing and related attacks access control. only authorized agents can send and receive packets over a network connection anti- replay. can detect and prevent playback attacks The Network Layer: IPSec commonly used for establishing Virtual Private Networks (VPNs) 2
The Network Layer: IPSec Transfer Modes Two standard modes of operation: transport used for end- to- end communications, for example, encrypted telnet or Remote Desktop sessions provides protection of the data or IP payload tunnel the default mode: the entire packet is protected by IPSec the entire packet is encrypted and wrapped with a new IP header the datagram is then sent to the other side of the VPN tunnel The Network Layer: IPSec the IPSec protocol suite can be divided into three basic groups Authentication Header (AH), RFC 4302 Encapsulating Security Payload (ESP), RFC 4303 Internet Key Exchange protocols, which generates and distributes keys for both AH and ESP The Network Layer: IPSec Authentication Header IPSec Authentication Header (AH) a protocol that provides authentication of all or part of the contents of a datagram the AH does not provide privacy The Network Layer: IPSec Authentication Header in the transport mode, the AH header is inserted after the IP header IP data and header are used to calculate the authentication value 3
The Network Layer: IPSec Authentication Header in the tunnel mode, the original IP datagram is encapsulated within a new IP packet all of the original IP datagram is authenticated The Network Layer: Encapsulating Security Payload Encapsulated Security Payload (ESP) uses shared key encryption for data privacy also supports its own authentication or can be used in conjunction with AH ESP divides its fields into three components ESP Header ESP Trailer ESP Authentication Data The Network Layer: Encapsulating Security Payload in transport mode, ESP Header is inserted after the original IP header ESP trailer and authentication are added to the end of the packet each host must be aware that IPSec is operating The Network Layer: Encapsulating Security Payload in tunnel mode, the original IP packet is encapsulated, which secures both IP header and payload ESP header follows the new IP header ESP trailer and authentication are again added to the end of the packet 4
The Network Layer: Internet Key Exchange Internet Key Exchange (IKE) is a composite of several protocols that automatically negotiate IPSec Security Associations (SA) and enable secure communications authenticates hosts as IPSec peers and manages shared key generation uses Diffie- Hellman so that hosts without previous communication can establish a common shared secret The Network Layer: Internet Key Exchange In Phase 1, peers lay groundwork for an IPSec Security Association (SA) i.e., establishing what traffic to protect and how to protect it The Network Layer: Internet Key Exchange In Phase 2, peers specify parameters for security levels and are ready to exchange data Phase 2 can also serve as a quick mode for creating the SAs The Link Layer: Wireless LANs ANSI/IEEE Standard 802.11 is the dominant technology for wireless LANs topology: the basic service set (BSS) is the fundamental component of the 802.11 wireless LAN there are two types: BSS with an Access Point ( AP ), which serves as the central base station connecting a collection of wireless hosts ad hoc network (no AP), hosts form temporary network without the aid of an AP 5
The Link Layer: Wireless LANs we will focus on the former, wireless LANs with an AP as the central base they are connected (eventually) to wired networks and the Internet it is also typical for several BSS to be connected The Link Layer: BSS Membership How does a host join an associated BSS? SSID. each AP is assigned a one- or two- word Service Set Identifier (SSID) channel. the AP is designated a specific channel or sub- frequency for communication beacon frames. each AP sends short messages to identify the AP s SSID and MAC address The Link Layer: BSS Membership How does a host join an associated BSS? passive scanning. any host within range will receive beacon frames the host is free to choose any BSS that identifies itself active scanning. the host broadcasts probe request frames. An AP within range may respond with a probe response frame The Link Layer: BSS Membership How does a host join an associated BSS? regardless of the method, the last step is the handshake protocol association request frames association response frames membership may require authentication in these instances, the AP consults an authentication server 6
The Link Layer: Common Attacks on Wireless LANs packet sniffing. easy and risk of detection is low rogue APs. unauthorized wireless devices that extend the range of a local network serve as pivot points for attacks evil twin attack. a device that masquerades as the BSS AP used for MITM attacks The Link Layer: Wireless LAN Security IEEE 802.11i provides protocols for Robust Security Networks (RSN) authentication. prescribes the exchange between a wireless host and the authentication server provide mutual authentication, generates temporary keys access control. enforces the use of authentication, routes messages, and facilitates the key exchange. privacy with message integrity. data are encrypted along with message integrity code The Link Layer: Wireless LAN Security The Link Layer: Wireless LAN Security the Discovery phase includes: network & security discovery system association in the Authentication phase, the host joins the AS, receives master session key from AS via AP in the key management phase, there is usually a four- way handshake nonce is sent to STA from AP STA sends a separate nonce with a Message Integrity Code (MIC) the AP sends a Group Temporal Key (GTK) and MIC the STA acknowledges The Pairwise Transient Key (PTK) insures the STA that there is no MITM attack 7
The Link Layer: Wireless LAN Security confidentiality is ensured by Wireless Protected Access 2 (WPA2) uses AES encryption/decryption with Cipher Block Chaining- MAC or CCM integrity is ensured by the CCM, which uses the last code block as the MIC 8