Internet security and privacy

Similar documents
IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IP Security IK2218/EP2120

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Introduction to IPsec. Charlie Kaufman

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

IP Security. Have a range of application specific security mechanisms

IPSec. Overview. Overview. Levente Buttyán

Virtual Private Network

CSC 6575: Internet Security Fall 2017

Configuration of an IPSec VPN Server on RV130 and RV130W

Chapter 11 The IPSec Security Architecture for the Internet Protocol

IP Security Discussion Raise with IPv6. Security Architecture for IP (IPsec) Which Layer for Security? Agenda. L97 - IPsec.

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

The IPSec Security Architecture for the Internet Protocol

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Virtual Tunnel Interface

Lecture 13 Page 1. Lecture 13 Page 3

Lecture 9: Network Level Security IPSec

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

VPNs and VPN Technologies

Network Security: IPsec. Tuomas Aura

The IPsec protocols. Overview

COSC4377. Chapter 8 roadmap

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Lecture 12 Page 1. Lecture 12 Page 3

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Encryption 3 4/20/17

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

14. Internet Security (J. Kurose)

Chapter 5: Network Layer Security

8. Network Layer Contents

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

CSCE 715: Network Systems Security

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Sample excerpt. Virtual Private Networks. Contents

Virtual Private Networks

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

IPSec Transform Set Configuration Mode Commands

Table of Contents 1 IKE 1-1

IBM i Version 7.2. Security Virtual Private Networking IBM

Real-time protocol. Chapter 16: Real-Time Communication Security

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

IPsec NAT Transparency

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

HIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

IP Security II. Overview

The EN-4000 in Virtual Private Networks

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

IPSec Transform Set Configuration Mode Commands

FAQ about Communication

Firewalls, Tunnels, and Network Intrusion Detection

VPN Ports and LAN-to-LAN Tunnels

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

CLEARPASS CONFIGURING IPsec TUNNELS

IPsec NAT Transparency

Configuring Security for VPNs with IPsec

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Chapter 6/8. IP Security

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

How to Configure an IPsec VPN to an AWS VPN Gateway with BGP

Chapter 8 Network Security

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Cryptography and Network Security. Sixth Edition by William Stallings

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Internet security and privacy

CSE543 Computer and Network Security Module: Network Security

CSC 4900 Computer Networks: Security Protocols (2)

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

L13. Reviews. Rocky K. C. Chang, April 10, 2015

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

IPSec Site-to-Site VPN (SVTI)

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

A-B I N D E X. backbone networks, fault tolerance, 174

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Firepower Threat Defense Site-to-site VPNs

Cisco Live /11/2016

IKE and Load Balancing

VPN Overview. VPN Types

Network Security IN2101

CSE509: (Intro to) Systems Security

Virtual Tunnel Interface

CS 356 Internet Security Protocols. Fall 2013

SFO17-406: IPsec Full Offload Support in OpenDataPlane. Bill Fischofer

Application Note 11. Main mode IPSec between a Windows 2000 / XP (responder) and a Digi Transport Router (initiator)

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

Network Security (NetSec) IN2101 WS 16/17

show crypto group summary, page 1 show crypto ikev2-ikesa security-associations summary spi, page 2

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT

Security for VPNs with IPsec Configuration Guide, Cisco IOS XE Release 3S

Cryptography and Network Security

Service Managed Gateway TM. Configuring IPSec VPN

Transcription:

Internet security and privacy IPsec 1

Layer 3 App. TCP/UDP IP L2 L1 2

Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3

IPsec Create a secure (privacy, integrity, authentication) IP-layer. Benefits no change made to application layer Drawbacks need to upgrade all operating systems applications can not make use of the authentication 4

End-to-end security TCP/UDP IPsec IP L2 L1 TCP/UDP IPsec 5

TCP/UDP and IPsec IP TCP/UDP app data IP IPsec TCP/UDP app data 6

How hard can it be? Two religious groups push their own idea and the IETF accept both. There are two completely different solutions to IPsec. And each can be operated in two modes. The protocols for initiating a secure connection, IKE RFC 2409, is even more complex and the v2 of the protocol (now an Internet draft) is mainly a simplification of v1. 7

Security Association IKE will set up a security association, SA, between two nodes. A SA is one way! The SA includes: cipher algorithm, shared session key, sequence number etc The SA is identified by Security Parameter Index (SPI) chosen by the destination and the destination address Why the destination address? 8

Sending and receiving When Alice is sending to Bob: Look up the SA for Bob in a database. Find SPI, algorithm, key, sequence number etc. Include the SPI in the message When Bob receives a message: Lookup the SA based on the destination address and SPI Find algorithm, key, sequence number etc In a multicast message the address is not the address of Bob! 9

Two versions AH Authentication Header only provides integrity ESP Encapsulating Security Payload provides integrity and/or privacy 10

AH authentication header Let an authentication header implement IP integrity by holding a hash of a shared secret and the content of an IP packet. RFC 2406 How much of the IP packet should be protected? all only the datagram part datagram and part of the IP header Why not all? Why all? 11

AH IP header protocol = 51 AH header next = 6/17/?? TCP/UDP/?? Next header Payload length Security Parameter Index Sequence number to detect duplicates Authentication data: HMAC or similar 12

What to protect AH is from a school where NAT nodes does not exist and if they existed they should be ignored. Protect as much as possible of the whole IP packet. Why not all? 13

things will change Mutable things that are changed by a router Immutable things that a router should not touch Predictable the source knows what the final value will be 14

the IP header ver lenght TOS total length identifier fragmentation TTL protocol checksum source address destination address options 15

IPv6 In IPv6 the extension headers are all encoded using the same format: next header length of this header data of this header The data field consist of a sequence of type, length, value fields where the type field includes a bit that determines if the value is mutable or immutable. 16

mutable/immutable/predictable version header length TOS (DSCP/ECN) total Length identifier fragmentation time to Live (TTL) protocol checksum source address destination address mutable a a a a immutable a a a a a a a predictable a 17

What's the problem? App. TCP/UDP IP L2 L1 NAPT NAT A NAT node changes source IP address. NAPT node changes even the source port. In some cases even the application data is changed. 18

ESP Encapsulating Security Payload Integrity and encryption (both optional) does not protect the IP header Solves the problem of simple NAT but does not allow NAPT since the port is encoded in the UDP/TCP header. One problem: nothing in the ESP header shows if the payload is encrypted or not. If we don't know we can not determine and filter on the port. 19

ESP header/trailer auth encrypted IP header protocol = 50 ESP header TCP/UDP/?? ESP trailer ESP Auth Header Security Param Ind sequence number IV Trailer padding padding length next = 6/17/? Authentication data HMAC or similar 20

When to use IPsec Both AH and ESP have problems with NAT, NAPT and firewalls. End user applications does not normally know what the underlying authentication (provided in IKE) means and can not make use of it. Mainly used to set up a secure VPN tunnel between gateways. 21

VPN A VPN virtual private network, is set up between two gateways that communicate over an insecure network. Nodes inside the VPN should be able to communicate with each other as if they were inside the same private network. Create a tunnel IP-over-IP between the two gateways and protect the tunnel using IPsec. 22

IPsec tunnel mode App. TCP/UDP IP user data IP IP IP L2 L2 IPsec IPsec L2 L1 L1 L2 L2 L1 L1 L1 IPsec IP user data 23

IPsec tunnel mode IP header IPsec next=4 IP header Tunnel mode can be implemented using either AH or ESP. The original src/dest address remains intact two private address can talk with each other. User data 24

Setting up IPsec IPsec requires a session key and ciphering algorithms. How do we authenticate each other? How do we generate the session key? Which ciphering algorithms should we use? 25

IKE Internet Key Exchange setting up the SA's for IPsec? We assume that the two nodes have some long term key (either secret or public) and need to do mutual authentication and create a session key. IKE does not define exactly which ciphers to use, the nodes will negotiate. 26

IKE phases Phase 1 do mutual authentication and establish a IKE session key. Phase 2 Set up one ore more IPsec SA between the nodes using the keys derived in phase 1. Why two phases Mutual authentication is expensive so if we need more SAs or need to change SA parameters we do not need to do it again. 27

Danger of having only one SA If we only have one SA between two nodes and have several flows going through the nodes (tunnel) Trudy can use one flow to decrypt messages in the other (if encryption only is used). Trudy controls flows between C and D intercept messages: A to B and C to D replace the initial part of the AB message with the initial part of the CD message wait for the decrypted message at D 28

Basic set up Propose cipher suite and Diffie- Hellman parameters. Use Diffie-Hellman to create a session key. Use long term secret to authenticate by signing a hash of previous messages. 29

Modes of authentication Aggressive mode Mutual authentication and session key in three messages. Main mode Mutual authentication and session key in six messages. More options in cipher negotiation. Can hide endpoint identifiers. 30

Main mode Alice crypto proposal crypto choice g a mod p g b mod p {Alice, proof I'm Alice}g ab Bob {Bob, proof I'm Bob}g ab 31

Aggressive mode Alice g a mod p, Alice, crypto proposal Bob g b mod p, crypto choice, proof I'm Bob Proof I'm Alice 32

Authentication shared secret simplest but with the drawbacks of shared secrets public keys for signatures send a certificate and signed hash of messages to Bob/Alice the natural choice public keys for encryption exchange nonce encrypt with public keys encrypt hash using session key based on nonce Alice can optionaly send certificate 33

Phase 2 A three message hand-shake. Protected by session key generated in phase 1 Results in a IPsec Security Association cryptographic methods session keys chosen Security Parameter Index (one for traffic to Alice and one for traffic to Bob) 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback