IP Security

1
 IP Security Overview
 IP Security Architecture
 Encapsulating Security Payload

2
3
4
 IPSec is not a single protocol. Instead,
IPSec provides a set of security algorithms
plus a general framework that allows a pair
of communicating entities to use whichever
algorithms provide security appropriate for
the communication.

5
 Applications of IPSec
◦ Secure branch office connectivity over the Internet
◦ Secure remote access over the Internet
◦ Establishing extranet and intranet connectivity with
partners
◦ Enhancing electronic commerce security

6
7
Benefits of IPsec:
 When IPsec is implemented in a firewall or router, it provides strong
security that can be applied to all traffic crossing the perimeter.

 IPsec in a firewall is resistant to bypass if all traffic from the outside

must use IP and the firewall is the only means of entrance from the
Internet into the organization.

 IPsec is below the transport layer (TCP, UDP) and so is transparent to

applications. There is no need to change software on a user or server
system when IPsec is implemented in the firewall or router. Even if
IPsec is implemented in end systems, upper-layer software, including
applications, is not affected.
 IPsec can be transparent to end users. There is no need to train users
on security mechanisms, issue keying material on a per-user basis, or
revoke keying material when users leave the organization.

 IPsec can provide security for individual users if needed. This is useful
for offsite workers and for setting up a secure virtual subnetwork
within an organization for sensitive applications.

8
Routing applications
 IPSec can assure that:
◦ A router or neighbor advertisement comes from
an authorized router.
◦ A redirect message comes from the router to
which the initial packet was sent.
◦ A routing update is not forged.

9
 IPSec documents:
◦ RFC 2401: An overview of security architecture
◦ RFC 2402: Description of a packet authentication
extension to IPv4 and IPv6
◦ RFC 2406: Description of a packet encryption
extension to IPv4 and IPv6
◦ RFC 2408: Specification of key managament
capabilities

10
The documents are divided into seven
groups:
Architecture: covers the general
concepts, security requirements, definitions,
and mechanisms defining IPSec technology.
Encapsulation Security Payload
Authentication Header
Encryption Algorithm
Authentication Algorithm
Key management: Documents that
describe key management schemes.
Domain of Interpretation (DOI):
contains values needed for the other
documents to relate to each other. These
include identifiers for approved encryption
and authentication algorithms, as well as
operational parameters such as key life
time.

11
 IPsec provides security services at the IP layer by
enabling a system to select required security
protocols, determine the algorithm(s) to use for
the service(s), and put in place any cryptographic
keys required to provide the requested services.
 Two protocols are used to provide security:
an authentication protocol designated by the
header of the protocol, Authentication Header
(AH); and a combined encryption/authentication
protocol designated by the format of the packet
for that protocol, Encapsulating Security Payload
(ESP).

12
 Access Control
 Connectionless integrity
 Data origin authentication
 Rejection of replayed packets
 Confidentiality (encryption)
 Limited traffic flow confidentiallity

13
14
 Both AH and ESP support two modes of use:
Transport and tunnel mode.
 Transport mode provides protection primarily for
upper-layer protocols.
 That is, transport mode protection extends to the
payload of an IP packet.
 Examples include a TCP or UDP segment or an
ICMP packet.
 ESP in transport mode encrypts and optionally
authenticates the IP payload but not the IP
header.
 AH in transport mode authenticates the IP
payload and selected portions of the IP header.
15
 Tunnel mode provides protection to the
entire IP packet.
 To achieve this, after the AH or ESP fields are
added to the IP packet, the entire packet plus
security fields is treated as the payload of
new outer IP packet with a new outer IP
header.
 The entire original, inner, packet travels
through a tunnel from one point of an IP
network to another; no routers along the way
are able to examine the inner IP header.

16
 Transport Mode Tunnel Mode
SA SA

AH Authenticates IP payload
and selected portions of
Authenticates entire
inner IP packet plus
IP header and IPv6 selected portions of
extension headers outer IP header

ESP Encrypts IP payload and Encrypts inner IP

any IPv6 extesion header packet

ESP with Encrypts IP payload and Encrypts inner IP

any IPv6 extesion packet. Authenticates
authentication header. Authenticates IP inner IP packet.
payload but no IP header

17
18
19
20
 A key concept that appears in both the
authentication and confidentiality mechanisms for
IP is the security association (SA).
 An association is a one-way logical connection
between a sender and a receiver that affords
security services to the traffic carried on it.
 If a peer relationship is needed for two-way secure
exchange, then two security associations are
required.
 Security services are afforded to an SA for the use
of AH or ESP, but not both.

21
 A security association is uniquely identified by three
parameters.
 Security Parameters Index (SPI): A bit string assigned to this
SA and having local significance only. The SPI is carried in AH
and ESP headers to enable the receiving system to select the
SA under which a received packet will be processed.
 IP Destination Address: This is the address of the destination
endpoint of the SA, which may be an end-user system or a
network system such as a firewall or router.
 Security Protocol Identifier: This field from the outer IP header
indicates whether the association is an AH or ESP security
association.

22
 In each IPsec implementation, there is a nominal
Security Association Database that defines the
parameters associated with each SA.
 A security association is normally defined by the
following parameters in an SAD entry.
 Security Parameter Index: A 32-bit value selected
by the receiving end of an SA to uniquely identify
the SA. In an SAD entry for an outbound SA, the
SPI is used to construct the packet’s AH or ESP
header. In an SAD entry for an inbound SA, the
SPI is used to map traffic to the appropriate SA.

23
 Sequence Number Counter: A 32-bit value
used to generate the Sequence Number field
in AH or ESP headers•
 Sequence Counter Overflow: A flag indicating
whether overflow of the Sequence Number
Counter should generate an auditable event
and prevent further transmission of packets
on this SA (required for all implementations).
 Anti-Replay Window: Used to determine
whether an inbound AH or ESP packet is a
replay,

24
 AH Information: Authentication algorithm, keys,
key lifetimes, and related parameters being used
with AH (required for AH implementations).

 ESP Information: Encryption and authentication

algorithm, keys, initialization values, key
lifetimes, and related parameters being used with
ESP (required for ESP implementations).

 Lifetime of this Security Association: A time

interval or byte count after which an SA must be
replaced with a new SA (and new SPI) or
terminated, plus an indication of which of these
actions should occur (required for all
implementations).

25
 IPsec Protocol Mode: Tunnel, transport, or
wildcard.
 Path MTU: Any observed path maximum
transmission unit (maximum size of a packet
that can be transmitted without
fragmentation) and aging variables (required
for all implementations).

26
 Fundamental to the operation of IPsec is the
concept of a security policy applied to each IP
packet that transits from a source to a
destination.
 IPsec policy is determined primarily by the
interaction of two databases, the security
association database (SAD) and the security
policy database (SPD).
 This section provides an overview of these
two databases and then summarizes their use
during IPsec operation.
27
28
 SPD contains entries, each of which defines a
subset of IP traffic and points to an SA for
that traffic.
 Each SPD entry is defined by a set of IP and
upper-layer protocol field values, called
selectors.
 these selectors are used to filter outgoing
traffic in order to map it into a particular SA.

29
 Outbound processing obeys the following
general sequence for each IP packet.
◦ Compare the values of the appropriate fields in the
packet (the selector fields) against the SPD to find a
matching SPD entry, which will point to zero or
more SAs.
◦ Determine the SA if any for this packet and its
associated SPI.
◦ Do the required IPSec processing (i.e., AH or ESP
processing).

30
 The following selectors determine an SPD
entry:
 Remote IP Address: This may be a single IP
address, an enumerated list or range of
addresses, or a wildcard (mask) address.
 Local IP Address: This may be a single IP
address, an enumerated list or range of
addresses, or a wildcard (mask) address.
 Next Layer Protocol: The IP protocol header
includes a field that designates the protocol
operating over IP. If AH or ESP is used, then
this IP protocol header immediately precedes
the AH or ESP header in the packet.

31
 Name: A user identifier from the operating
system. This is not a field in the IP or upper-
layer headers but is available if IPsec is
running on the same operating system as the
user.
 Local and Remote Ports: These may be
individual TCP or UDP port values, an
enumerated list of ports, or a wildcard port.

32
33
 Provides support for data integrity and
authentication (MAC code) of IP packets.
 Guards against replay attacks.

34
 Next Header (8 bits): Identifies the type of header
immediately following this header.
 Payload Length (8 bits): Length of Authentication
Header in 32-bit words, minus 2. For example, the
default length of the authentication data field is 96 bits,
or three 32-bit words. With a three-word fixed header,
there are a total of six words in the header, and the
Payload Length field has a value of 4.
 Reserved (16 bits): For future use.
 Security Parameters Index (32 bits): Identifies a security
association.
 Sequence Number (32 bits): A monotonically increasing
counter value, discussed later.
 Authentication Data (variable): A variable-length field
(must be an integral number of 32-bit words) that
contains the Integrity Check Value (ICV), or MAC, for
this packet, discussed later.
35
 A replay attack is one in which an attacker
obtains a copy of an authenticated packet
and later transmits it to the intended
destination.
 The receipt of duplicate, authenticated IP
packets may disrupt service in some way or
may have some other undesired
consequence. The Sequence Number field is
designed to thwart such attacks.

36
37
 The Authentication Data field holds a value
referred to as the Integrity Check Value.
 The ICV is a message authentication code or
a truncated version of a code produced by a
MAC algorithm.
◦ HMAC-MD5-96
◦ HMAC-SHA-1-96

38
 The MAC is calculated over the following:
◦ IP header fields that either do not change in transit
(immutable) or that are predictable in value upon
arrival at the endpoint for the AH SA. Fields that
may change in transit and whose value on arrival
are unpredictable are set to zero for purposes of
calculation at both source and destination.
◦ The AH header other than the Authentication Data
field. The Authentication Data field is set to zero for
purposes of calculation at both source and
destination.
◦ The entire upper-level protocol data, which is
assumed to be immutable in transit (e.g., a TCP
segment or an inner IP packet in tunnel mode).

39
40
 ESP provides confidentiality services

41
 Security Parameters Index (32 bits): Identifies
a security association.

 Sequence Number (32 bits): A monotonically

increasing counter value; this provides an
anti-replay function, as discussed for AH.

 Payload Data (variable): This is a transport-

level segment (transport mode) or IP packet
(tunnel mode) that is protected by encryption.

42
 Padding (0–255 bytes): The purpose of this
field is discussed later.

 Pad Length (8 bits): Indicates the number of

pad bytes immediately preceding this field.

 Next Header (8 bits): Identifies the type of

data contained in the payload data field by
identifying the first header in that payload
(for example, an extension header in IPv6, or
an upper-layer protocol such as TCP).

43
 The Padding field serves several purposes:
◦ If an encryption algorithm requires the plaintext to
be a multiple of some number of bytes (e.g., the
multiple of a single block for a block cipher), the
Padding field is used to expand the plaintext to the
required length.
◦ The ESP format requires that the Pad Length and
Next Header fields be right aligned within a 32-bit
word. Equivalently, the ciphertext must be an
integer multiple of 32 bits. The Padding field is
used to assure this alignment.
◦ Additional padding may be added to provide partial
traffic-flow confidentiality by concealing the actual
length of the payload.

44
 Encryption:
◦ Three-key triple DES
◦ RC5
◦ IDEA
◦ Three-key triple IDEA
◦ CAST
◦ Blowfish
 Authentication:
◦ HMAC-MD5-96
◦ HMAC-SHA-1-96

45
46
47