U18ECTE023 :Network Security

IP Security

Mr.S.Arun Kumar
Department of Electronics and Communication
Outline

• IP Security
• Benefits of IPSec
• Architecture
• Services
• Modes
• SSL Protocol

2
 IP Security
•Have a range of application specific security mechanisms
•Ex: S/MIME, PGP, Kerberos, SSL/HTTPS
•Some security concerns cut across protocol layers
•Security must be implemented by the network for all
applications -Both security mechanisms as well as
security-ignorant applications
IPSec
•General IP Security mechanisms provides
•Authentication
•Confidentiality
•Key management
•Applicable to use over LANs, across public &
private WANs, & for the Internet
•Authentication
Assures that a received packet was transmitted by the party
identified as the source in the packet header, and that the
packet has not been altered in transit.

•Confidentiality
Enables communicating nodes to encrypt messages to
prevent eavesdropping by third parties.

•Key management
Concerned with the secure exchange of keys. IPSec provides
the capability to secure communications across a LAN,
across private and public WANs, and across the Internet.
IPSec Uses
Benefits of IPSec
•In a Firewall/router provides strong security to all
traffic crossing the perimeter
•IPsec in a firewall is resistant to bypass if all traffic
from the outside must use IP and the firewall is the
only means of entrance from the Internet into the
organistaion.
•Is below transport layer, hence transparent to
applications
•Can be transparent to end users
•Can provide security for individual users
•Secures routing architecture
IP Security Architecture
•Specification is quite complex
•Defined in numerous RFC’s
• RFC 2401/2402/2406/2408
•Mandatory in IPv6, optional in IPv4
•Have two security header extensions:
•Authentication Header (AH)
•Encapsulating Security Payload (ESP)
•RFC 2401: An overview of a security architecture
•RFC 2402: Description of a packet authentication
extension to IPv4 and IPv6
•RFC 2406: Description of a packet encryption extension
to IPv4 and IPv6
•RFC 2408: Specification of key management
capabilities
IPSec Services
•Access control
•Connectionless integrity
•Data origin authentication
•Rejection of replayed packets
•Form of partial sequence integrity
•Confidentiality (encryption)
•Limited traffic flow confidentiality
Security Associations
•One-way relationship between sender & receiver that
affords security for traffic flow
•Defined by 3 parameters:
• Security Parameters Index (SPI) -A bit string assigned to this SA and
having local significance only
• IP Destination Address-Address of the destination endpoint of the
SA
• Security Protocol Identifier-Indicates whether the association is an
AH or ESP security association
•Has a number of other parameters
•Seq no, AH & EH info, lifetime etc
•Have a database of Security Associations
Authentication Header (AH)
•Provides support for data integrity & authentication
of IP packets
•End system/router can authenticate user/app
•Prevents address spoofing attacks by tracking
sequence numbers
•Based on use of a MAC
•HMAC-MD5-96 or HMAC-SHA-1-96
•Parties must share a secret key
Authentication Header
 Authentication Header
Next Header (8 bits): Identifies the type of header immediately
following this header
• Payload Length (8 bits): Length of Authentication Header in
32-bit words, minus 2.
• Reserved (16 bits): For future use
• Security Parameters Index (32 bits): Identifies a security
association
• Sequence Number (32 bits): A monotonically increasing
counter value
• Authentication Data (variable): A variable-length field (must
be an integral number of 32-bit words) that contains the
Integrity Check Value (ICV), or MAC,for this packet
 Transport & Tunnel Modes
• Transport mode provides protection primarily for upper-layer
protocol payloads, by inserting AH after original IP header
and before IP payload.
• Used for end-to-end communication between two hosts.
• Tunnel mode provides protection to entire IP, after AH or
ESP fields are added to IP packet, entire packet plus security
fields is treated as payload of new “outer” IP packet with a
new outer IP header.
• Tunnel mode is used when one or both ends of an SA are a
security gateway, such as a firewall or router that implements
IPSec.
Transport & Tunnel Modes
Encapsulating Security Payload (ESP)
•Provides message content confidentiality & limited
traffic flow confidentiality
•Can optionally provide the same authentication
services as AH
•Supports range of ciphers, modes, padding
• DES, Triple-DES, RC5, IDEA, CAST
•CBC & other modes
•Padding needed to fill blocksize, fields, for traffic
flow
Encapsulating Security Payload
Encapsulating Security Payload
Security Parameters Index (32 bits): Identifies a security association
• Sequence Number (32 bits): A monotonically increasing counter value;
this provides an anti-replay function ,as discussed for AH
• Payload Data (variable): This is a transport-level segment (transport
mode) or IP packet (tunnel mode) that is protected by encryption
• Padding (0–255 bytes): for various reasons
• Pad Length (8 bits): Indicates the number of pad bytes immediately
preceding this field
• Next Header (8 bits): Identifies the type of data contained in the payload
data field by identifying the first header in that payload
• Authentication Data (variable): A variable-length field that contains the
Integrity Check Value computed over the ESP packet minus the
Authentication Data field
Transport vs Tunnel Mode ESP
•Transport mode is used to encrypt & optionally
authenticate data carried by IP.
•Confidentiality is achieved and Data protected but
header left in clear
•Can do traffic analysis but is efficient
•Good for ESP host to host traffic
•Tunnel mode encrypts entire IP packet
•Add new header for next hop
•Good for VPNs, gateway to gateway security
Transport vs Tunnel Mode ESP
• Transport mode ESP is used to encrypt and optionally
authenticate the data carried by IP. Transport mode operation
provides confidentiality for any application that uses it, thus
avoiding the need to implement confidentiality in every
individual application.
• Transport mode of operation is also reasonably efficient, adding
little to the total length of the IP packet. One drawback to this
mode is that it is possible to do traffic analysis on the
transmitted packets.
• Tunnel mode ESP is used to encrypt an entire IP packet. Tunnel
mode is useful in a configuration that includes a firewall or
other sort of security gateway that protects a trusted network
from external networks.
Combining Security Associations
•SA’s can implement either AH or ESP
•To implement both need to combine SA’s
•Form a security association bundle
•May terminate at different or same endpoints
•Combined by
•Transport adjacency-more than one security protocol
on same IP packet, without invoking tunneling
•Iterated tunneling-application of multiple layers of
security protocols effected through IP tunneling
•Issue of authentication & encryption order
Combining Security Associations
Key Management
•Handles key generation & distribution
•Need 2 pairs of keys
•2 per direction for AH & ESP
•Manual key management
•Sys admin manually configures every system
•Automated key management
•Automated system for on demand creation of
keys for SA’s in large systems
•Has Oakley & ISAKMP elements
Oakley
•Key exchange protocol
•Based on Diffie-Hellman key exchange
•Adds features to address weaknesses
•Cookies, groups (global params), nonces, DH key
exchange with authentication
•Can use arithmetic in prime fields or elliptic curve
fields
ISAKMP
•Internet Security Association and Key Management
Protocol
•Provides framework for key management
•Defines procedures and packet formats to establish,
negotiate, modify, & delete SAs
•Independent of key exchange protocol, encryption
alg, & authentication method
ISAKMP
ISAKMP Payloads & Exchanges
•Have a number of ISAKMP payload types:
•Security, Proposal, Transform, Key,
Identification, Certificate, Certificate, Hash,
Signature, Nonce, Notification, Delete
• ISAKMP has framework for 5 types of message
exchanges:
•Base, Identity protection, Authentication only,
Aggressive, Informational
Web Security
•Widely used by business, government, individuals
•Vulnerable to threats
•Have a variety of threats
•Integrity
•Confidentiality
•Denial of service
•Authentication
•Need added security mechanisms
SSL (Secure Socket Layer)
•Transport layer security service
•Originally developed by Netscape
•Version 3 designed with public input
•Subsequently became Internet standard known as
TLS (Transport Layer Security)
•Uses TCP to provide a reliable end-to-end service
•SSL has two layers of protocols
SSL Architecture
SSL Architecture
•SSL connection
•Transient, peer-to-peer, communications link
•Associated with 1 SSL session
•SSL session
•Association between client & server
•Created by the Handshake Protocol
•Define a set of cryptographic parameters
•May be shared by multiple SSL connections
SSL Record Protocol Services
•Message integrity
•Using a MAC with shared secret key
•Similar to HMAC but with different padding
•Confidentiality
•Using symmetric encryption with a shared secret
key defined by Handshake Protocol
•AES, IDEA, RC2-40, DES-40, DES, 3DES,
Fortezza, RC4-40, RC4-128
•Message is compressed before encryption
SSL Record Protocol Operation
SSL Change Cipher Spec Protocol

•Uses SSL Record protocol

•A single message causes pending state to become
current hence updating the cipher suite in use
SSL Alert Protocol
• Conveys SSL-related alerts to peer entity
• Severity: or fatal warning
• compressed & encrypted like all SSL data

FATAL Warning
• Unexpected message • Close notify
• Bad record mac • No certificate
• Decompression failure • Bad certificate
• Handshake failure • Unsupported certificate
• Illegal parameter • Certificate revoked
• Certificate expired
• Certificate unknown
37
 SSL Handshake Protocol
• Allows server & client to:
• Authenticate each other
• Negotiate encryption & MAC algorithms
• Negotiate cryptographic keys to be used
• Comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
SSL Handshake Protocol
TLS (Transport Layer Security)
•IETF standard RFC 2246 similar to SSLv3
•With minor differences
•In record format version number
•Uses HMAC for MAC
•Pseudo-random function expands secrets
•Has additional alert codes
•Some changes in supported ciphers
•Changes in certificate types & negotiations
•Changes in crypto computations & padding