Voice over IPSec. Emilia Rosti Dip. Informatica e Comunicazione Univ. Degli Studi di Milano

Similar documents
CSCE 715: Network Systems Security

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

IP Security. Have a range of application specific security mechanisms

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

CSC 6575: Internet Security Fall 2017

IPSec. Overview. Overview. Levente Buttyán

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Cryptography and Network Security

Cryptography and Network Security. Sixth Edition by William Stallings

Chapter 6/8. IP Security

IP Security IK2218/EP2120

Virtual Private Network

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A

ET4254 Communications and Networking 1

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

SEN366 (SEN374) (Introduction to) Computer Networks

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

The IPsec protocols. Overview

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

VPN Overview. VPN Types

Chapter 11 The IPSec Security Architecture for the Internet Protocol

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Networking interview questions

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

The IPSec Security Architecture for the Internet Protocol

Sample excerpt. Virtual Private Networks. Contents

RSVP Support for RTP Header Compression, Phase 1

BCRAN. Section 9. Cable and DSL Technologies

IKE and Load Balancing

8. Network Layer Contents

Real-Time Protocol (RTP)

CSE509: (Intro to) Systems Security

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Lecture 13 Page 1. Lecture 13 Page 3

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Chapter 5: Network Layer Security

IPv6 Protocol. Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer Cisco Systems, Inc.

Virtual Private Networks

CSC 4900 Computer Networks: Security Protocols (2)


Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Lecture 16: Network Layer Overview, Internet Protocol

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

Lecture 9: Network Level Security IPSec

IPsec NAT Transparency

CHAPTER 18 INTERNET PROTOCOLS ANSWERS TO QUESTIONS

IP Security Discussion Raise with IPv6. Security Architecture for IP (IPsec) Which Layer for Security? Agenda. L97 - IPsec.

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

Virtual Private Networks (VPN)

Lecture 12 Page 1. Lecture 12 Page 3

Mobile Communications Chapter 9: Network Protocols/Mobile IP

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

ETSF10 Internet Protocols Transport Layer Protocols

VPN Ports and LAN-to-LAN Tunnels

CS 356 Internet Security Protocols. Fall 2013

IPsec NAT Transparency

Introduction to IPv6. IPv6 addresses

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Table of Contents 1 IKE 1-1

IPSec implementation for SCTP

Internet security and privacy

Position of IP and other network-layer protocols in TCP/IP protocol suite

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

Internet Services & Protocols. Quality of Service Architecture

Network Security: IPsec. Tuomas Aura

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Module 28 Mobile IP: Discovery, Registration and Tunneling

COSC4377. Chapter 8 roadmap

Da t e: August 2 0 th a t 9: :00 SOLUTIONS

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Service Managed Gateway TM. Configuring IPSec VPN

II. Principles of Computer Communications Network and Transport Layer

internet technologies and standards

A common issue that affects the QoS of packetized audio is jitter. Voice data requires a constant packet interarrival rate at receivers to convert

Chapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS

Configuring Internet Key Exchange Security Protocol

IPv6: An Introduction

Internet. 1) Internet basic technology (overview) 3) Quality of Service (QoS) aspects

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Introduction to computer networking

Configuring Security for VPNs with IPsec

Data & Computer Communication

Mohammad Hossein Manshaei 1393

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

IBM i Version 7.2. Security Virtual Private Networking IBM

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

Application Note 11. Main mode IPSec between a Windows 2000 / XP (responder) and a Digi Transport Router (initiator)

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Network Encryption 3 4/20/17

How to Configure IPSec Tunneling in Windows 2000

Lecture 3. The Network Layer (cont d) Network Layer 1-1

IPsec and ISAKMP. About Tunneling, IPsec, and ISAKMP

Transcription:

Voice over IPSec Emilia Rosti Dip. Informatica e Comunicazione Univ. Degli Studi di Milano

Outline IP refresher IPSec VoIP and QoS - basics VoIPSec Experiments Results 2

IP refresher - network layers 3

IP refresher - TCP/IP communication END SYSTEM X END SYSTEM Y ROUTER A ROUTER B 4

IPv4 header 5

IPv4 fields Version: 4b, value is 0100 = 4 Internet Header Length (IHL): 4b, length of header in 32bit words; min. value = 5 Type of Service: 8b Total Length: 16b, total IP packet length in B Identification: 16b, sequence number Flags: 3b, more, and don t fragment Fragment offset: 13b, where it belongs in 64bit units 6

IPv4 fields Time to Live (TTL): 8b, number of seconds for packet to live Checksum Source/ Destination Addresses: 32b Options 7

IPv6 header 8

IPv6 fields Version: 4b, value is 0110 = 6 Traffic class: 8b, priority of this packet for routers Flow Label: 20b, label packets for special processing by routers Payload Length: 16b Next Header: 8b, TCP or UDP or an IPv6 extension Hop limit: 8b Source/Destination Address: 128b, 16B = 4W addresses 9

Network security: where? application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS can be tuned to payload requirements must rework for every application transport (TCP) level mechanisms end-to-end apps can control when to use them apps must be modified (unless proxied) 10

Network security: where? network (IP) level covers all traffic, end-to-end transparent to applications little application control unnatural, since IP packets are stateless but channel is stateful link level covers all traffic on that link e.g. RF only one hop 11

Network security security concerns across all protocol layers would like security implemented by the network for all applications secure channel origin authentication integrity confidentiality 12

IPSec IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Security Associations Key Management 13

IPSec general IP Security mechanisms providing authentication confidentiality key management applicable to use over LANs, across public & private WANs, & for the Internet specified by Internet Engineering Task Force (IETF) develops protocol standards for the Internet 14

IPSec - specs RFC 2401 security architecture overview RFC 2402 packet authentication extension RFC 2406 packet encryption RFC 2408 key management many others, grouped by category 15

IPSec - overview IPSec provides a set of security algorithms and a general framework that allow a pair of communicating entities to use whichever algorithms provide security appropriate for their communication not bound to any specific crypto-algorithm applications secure branch office connectivity over the Internet secure remote access over the Internet establishing extranet and intranet connectivity with partners enhancing electronic commerce security Virtual Private Networks 16

IPSec - overview two protocols 1. Authentication Header (AH) authentication protocol 2. Encapsulating Security Protocol (ESP) combined encryption/authentication protocol mandatory in IPv6, optional in IPv4 two deployment modes 1. transport for IPSec-aware hosts as endpoints 2. tunnel for IPSec-unaware hosts, established by intermediate gateways or host OS 17

IPSec - scenario 18

IPSec - advantages in a firewall/router provides strong security to all traffic crossing the perimeter resistant to bypass below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users if desired 19

IPSec - advantages vital role in routing architecture router advertisement is valid neighbor advertisement is valid verify redirect message comes from the same router the initial packet was sent from validate routing update messages routing protocols such as OSPF run on top of IPSec 20

IPSec - services access control connectionless integrity data origin authentication rejection of replayed packets a form of partial sequence integrity confidentiality (encryption) 21

IPSec - AH data integrity & authentication of IP packets (most of header and payload) end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers guards against replay attacks sliding window mechanism based on use of a MAC HMAC-MD5-96 or HMAC-SHA-196 parties must share a secret key 22

IPSec - AH AH Format 23

IPSec - AH Before AH 24

IPSec - AH With AH, in Transport Mode 25

IPSec - AH With AH, in Tunnel Mode 26

IPSec - end to end vs end to intermediate authentication 27

IPSec - Encapsulating Security Payload Provides confidentiality and (optionally) authentication of payload only ESP Format 28

IPSec - ESP encryption and ESP transport mode authentication 29

IPSec - ESP encryption and ESP tunnel mode authentication 30

IPSec - crypto algorithms Authentication HMAC-MD5-96 HMAC-SHA-196 Encryption Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish 31

IPSec - security associations a one-way relationship between sender & receiver that affords security for traffic flow inbound SAs and outbound SAs set up manually or by IKE IPSec Key Exchange hosts have a DB of Security Associations uniquely defined by 3 parameters Security Parameters Index (SPI) carried in AH and ESP headers IP Destination Address Security Protocol Identifier has other parameters sequence number, AH & EH info, lifetime etc. 32

IPSec - SA parameters sequence number counter sequence counter overflow flag anti-replay window AH info authentication algorithm, keys, key lifetimes ESP info encryption and authentication algorithm, keys, key lifetimes lifetime of the SA IPSec protocol mode path MTU 33

IPSec - Security Policy Database SPD entries define a subset of the IP traffic and the SA that should be applied to it anything from all traffic shall use this key to individual combinations of source and destination addresses and ports even user-based keying supported binding a user to an IP address is very problematic 34

IPSec - oubound traffic lookup policy for this datagram drop, pass through, or process create a new SA if none exists apply keys from SA for MAC and enciphering add explicit IV for each datagram because they can be lost and arrive out-of-order pass assembled datagram down to link layer or to next instance of IPSec processing we ignore fragmentation, PMTU discovery, 35

IPSec - inbound traffic lookup policy for this datagram drop, pass through, or process SA should already exist we are the responder apply keys from SA for MAC-check and deciphering using datagram s IV too raise security error if needed; otherwise pass assembled datagram up to rest of normal IP processing or to next instance of IPSec processing 36

IPSec - security associations 37

IPSec - security associations 38

IPSec - security associations 39

IPSec - security associations 40

IPSec - IKE specific adaptation of more general protocols (Oakley and ISAKMP) two levels of SA negotiated an initial context (bidirectional, with heavy-duty authentication and negotiation) then several client SAs, negotiated quickly using initial SA as secure channel; one for each direction and each AH and ESP initial SA also used for error traffic and similar management traffic 41

authentication of parties IPSec - IKE security digital signature, proof of knowledge of private key, or shared key establishment of a fresh shared secret shared secret used to derive keys for channel confidentiality and authentication Perfect Forward Secrecy, at cost of using up shared material (partial) anti-clogging, against denial-of-service attacks secure negotiation of algorithms asymmetric (e.g. RSA, elliptic curve), symmetric (e.g. 3DES, Blowfish, AES), and hash (e.g. MD5, SHA-1) 42

IPSec - IKE phase 1 exchange to establish a secure key management channel Main mode variant: slower, more cautious, hides details of credentials used and allows forward secrecy (independence of short-term keys) Aggressive mode : less negotiation, fewer round trips, more information disclosed phase 2: quick mode established SAs for IPSec itself, using the phase 1 channel 43

IPSec - key management Manual Automated Oakley Key Determination Protocol Internet Security Association and Key Management Protocol (ISAKMP) 44

IPSec - Oakley Three authentication methods Digital signatures Public-key encryption Symmetric-key encryption 45

IPSec - ISAKAMP 46

VoIP - basics recommendations for voice, video, data traffic over IP LANs H.323 call control (on TCP) H225, Q.931, H245, data (on TCP) T.120 audio & video (on UDP) G.7xx, H.26X, RTP A/V control (on UDP) RTPC, RAS 47

VoIP - basics CODEC: analog signal digitization 8KHz with 8 bits per sample -> 64Kbps compression 32Kbps creation of voice datagram Add header (RTPC, UDP, IP, ) TCP-UDP/IP packet generation TCP to set up and tear down calls, negotiates parameters RTP to transmit over UDP no quality guarantee packet transmission 48

VoIP - basics packet reception process header re-sequence and buffer delay CODEC: digital to analog signal reconstruction 49

VoIP - basics network delay packet loss - compensation variable inter-packet timing - jitter voice compression transducers echo cancellation voice activity detection 50

VoIP - basics acceptable total delay on wire: 150ms 200 ms on satellite: up to 300 ms digitization: up to 30 ms queueing: up to 30ms buffering: up to 70 ms 51

VoIP - basics N. of telephone calls and average delay in ms as a function of bandwidth in Kbps and payload size (10, 20, 40 bytes) 10 10 20 20 40 40 B/w #calls delay #calls delay #calls delay 32 0-0 - 1 >200 64 0-1 100-150 2 150-200 128 1 <100 2 <100 4 150-200 256 2 <100 5 <100 9 ~150 512 5 <100 10 <100 18 100-150 1024 11 <100 20 <100 36 100-150 10240 117 <100 214 <100 365 ~100 52

QoS - basics TCP/IP is a best effort protocol suite no inherent guaranteed service delay / bandwidth ad hoc protocols for QoS bit in the IP header RFC 2211 Spec of the Controlled-Load Network Element Service RFC 2212 Spec of guaranteed quality of service 53

QoS - basics providing guarantees on service quality firm bounds on end-to-end datagram queueing delay by means of endpoint specification of traffic characteristics admission control policies packet classification packet queueing/scheduling policies traffic shaping resource reservation header compression not always possible in the presence of IPSec 54

QoS - basics QoS protocols RSVP - RFC 2205 resource reservation Diff-Serv differentiated services 55

VoIPSec voice transmission over IPSecured networks combine VoIP protocol with IPSec possible? issues additional delays encryption packet size increase ESP and header 56

VoIPSec QoS configuration diff-serv environment with TOS/DSCP manage congestion and packet discard necessary to copy the DSCP field in the external IP header for proper handling of packets LLQ (Low Latency Queueing) queue management protocol to handle RTP packets properly LFI (Link Fragmentation and Interleaving) packet fragmentation, interleaves fragments with voice packets 57

VoIPSec - experimental setting 58

VoIPSec - experimental setting Phone1 IPSec tunnels Phone2 R1 R2 R3 TG 59

VoIPSec - experimental setting ESP in tunnel mode Ethernet 100MBps links the dial peers set the TOS bit for the signaling and the media flows (IOS ver. 12.2) LLQ protocol set with a reserved bandwidth of 64Kbps on both serial and Ethernet link serial link is a PPP multilink with LFI enabled and with maximum latency set to 10ms RTP addresses are forced to match the access lists 60

VoIPSec - packet format 61

VoIPSec - figures of merit For various protocols packet size packet delay crypto-engine throughput packet interarrival time 62

VoIPSec - phone calls Packet Hdr Pkt len. Ratio Size Perf. Type [Byte] [Byte] Hd/Pk incr. Reduc. #call crtp 5 45 89% 0% 0% 7 IP 40 80 50% 78% 44% 4 IPsec DES 82 122 33% 271% 63% 2 IPsec 3DES+SHA 94 134 30% 298% 66% 2 Size increase w.r.t. crtp pkt.len. Perf. Reduction w.r.t. crtp #calls 128Kbps link, 50 pps, 40B payload 63

VoIPSec - packet size Increase [%] 100% 75% 50% 25% Packet size increase DES & 3DES & NULL + SHA 3DES + SHA 0% 60 210 360 510 660 810 960 1110 1260 Original size [Bytes] 64

VoIPSec - packet delay transmission delay increases proportionally with the packet size and is constant for every router (whether peers or not) internal router delays (e.g., due to checksums calculation) are considered in the generic IPsec delay we injected multiple traffic streams in our test network, starting at random times in order to create a realistic scenario individual flows may be distinguished based on the IP source address 65

VoIPSec - packet delay measured/modeled traffic delay is reported as a function of the traffic intensity in pps on a 128 Kbps link with 90 bytes long packets in case of encrypted traffic (leftmost set of curves), traffic delay grows much earlier (i.e., for smaller traffic rates) than in case of clear traffic it is not possible to estimate a priori the time spent by a packet before it accesses to the crypto-engine model more precise with clear traffic 66

VoIPSec - packet delay 128Kbps link, 90B payload 67

VoIPSec - crypto-engine Tput packet encryption and new headers construction (ESP + IP tunnel) various crypto-algorithms and packet sizes, 100Mbps link increasing traffic flow until crypto-engine saturation crypto-engine is a serious bottleneck in the transmission of real-time traffic in IPSec impossible to control packet access to the cryptoengine 68

VoIPSec - crypto-engine Tput Throughput [pps] 2500 2000 1500 1000 500 Plain DES 3DES NULL + SHA 3DES + SHA 0 Traffic rate [pps] 69

VoIPSec - packet interarrival time experiments with real voice traffic 3DES encrypted phone call on empty link on busy link 1200 byte packets extra traffic 70

VoIPSec - packet interarrival time (empty link) 0.03 Relative delay [sec] 0.025 0.02 0.015 0.01 0.005 Packets 71

VoIPSec - packet interarrival time (busy link) 0.03 Relative delay [sec] 0.025 0.02 0.015 0.01 0.005 Packets 72

VoIPSec - QoS analysis three traffic streams T1: phone call (with the TOS bit set) with 70 bytes long packets at a rate of 50 pps T2: phone call without priority and equal parameters T3: extra stream of jumbo datagrams with 1500 bytes long packets at a rate of 1pps to simulate ordinary traffic all traffic streams are 3DES encrypted 73

VoIPSec - QoS analysis traffic delay measured as the difference in the arrival time of consecutive packets calls performed without QoS control (T2) suffer a great variability in the measured interarrival times, which accounts for the largest standard deviation more stable stream is the one comprised of jumbodatagrams (T3) phone call with priority (T1) experiences some variability less than T2 74

VoIPSec - QoS analysis packet interarrival time 75

VoIPSec - cipsec packet size critical for performance new compression scheme based on crtp second order difference is zero in parts of IP- UPD-RTP headers session context and shared information IP src and dst, UPD ports, RTP SSRC fields full IP, UDP, RTP headers of last packet last value of 4-bit sequence number 76

VoIPSec - cipsec headers reduce to session Context ID - 16 bit link sequence - 8 bit sequence bit checksum bit retransmission bit UDP checksum - 32 bit- optional RTP sequence - 32 bit - optional 77

VoIPSec - cipsec bdw analysis bandwidth used in case of plain VoIP, VoIPsec and cipsec packets for various error rates 78

VoIPSec - cipsec advantages with voice traffic less expensive to compute than crtp effective bandwidth reduction up to 50% with IPSec average 2% packet length increase wrt IP reduction of transmission delay expected reduction similar to bandwidth usage optimization better usage of the CPU and of the crypto-engine faster encryption phase 2%-6.5% depending on the algorithm 79

VoIPSec - the meat can VoIPSec replace VoIP seamlessly? quantitative experimental analysis bottleneck in the crypto-engine NOT in the computation new header compression scheme for VoIPSec 80

References R. Barbieri, D. Bruschi, E. Rosti, ``Voice over IPSec: analysis and solutions, Proc. Annual Computer Security Application Conference, 2002. www.acsac.org 81

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback