Computer

Networks
CMPE 466
Lecture 20
Security – At what level?

S-MIME,Kerberos
Application Proxies,SET

Transport Socks
(TCP, UDP) SSL, TLS
IPSEC(AH,ESP)
Network Packet Filtering
(IP) Tunnelling Protocols

Data Link CHAP, PAP

(Network Interface) MS-CHAP
IPSecurity (IPSec)
 IPSecurity (IPSec) is a collection of protocols designed by
the Internet Engineering Task Force (IETF) to provide
security for a packet at the network level.
Why security at the IP Layer?
 IPsec provides security to the network itself.
 Security is transparent to the application.
 Security could be added to any application without the
need to change the application itself
 Since IPsec-protected packets are themselves IP packets,
they can be easily routed through and IP network
(Internet)
 Since the IPsec services are offered at the network layer-
layer 2 of the TCP/IP protocol stack- these services can be
used by any of the upper-layer protocols such as TCP,
UDP, ICMP, and IGMP or any application layer protocol
IPSec Security Services

 Access Control
 Message Integrity
 Data source authentication
 Replay attack protection
 Confidentiality
IPSec protocol Modes
Note

IPSec in the transport mode does not protect the

IP header; it only protects the information
coming from the transport layer.
IPSec Security Protocols

 Authentication Header (AH)

 Encapsulating Security Payload (ESP)

 Key management protocol to negotiate the

cryptographic algorithms to be used by AH and
ESP and put in place the Cryptographic Keys
required
Authentication Header (AH)

 Providessupport for data integrity and

authentication of IP packets
 Ensures that content changes of a
packet in transit can be detected
 Enables an end system or network
device to authenticate the user or
application and filter traffic accordingly
 Prevents the address spoofing attacks
 Guards against the replay attack
Authentication Header Format

Payload
Next Header RESERVED
Length

Security Parameter Index (SPI)

Sequence Number

32-bitContains
A Identifies the
value the
type
which Integrity
Length
of Check
of Data
the AH
in combination
Authentication
Value
in
with the
(variable)
(ICV)
destination
The The algorithm
next payload
IP Address used
after
and the for generating
32-bitprotocol
IPsec the
words uniquely ICV
For Future is
Use
idenifies
The Specified
AH association by2 SA.
Minus(SA)
A monotonically increasing counterfor
The security thisthat
value datagram
provides
Protection against replay attacks and guarantees that each
IPsec packet exchanged between two parties is unique
Authentication Header (AH) Protocol
AH Modes
 Thelocation of AH header depends on the mode of
operation of AH. There are two modes of operations:
 Transport mode
 Tunnel mode
AH Transport Mode

 Transport mode is applicable only to host

implementations where AH protects end-to-end
communication. The communications endpoint
must be the IPsec endpoint. This mode provides
protection for upper layer protocols, in addition to
selected IP header fields
AH Transport Mode

Orig. IP TCP
Data
Header Header

Authentication Header

AH

 In transport mode, the AH is inserted after the IP header.

 And before an upper layer protocol, e.g., TCP, UDP, ICMP,
etc. or before any other IPsec headers that have already been
inserted
AH Tunnel Mode

 Tunnel mode AH may be employed in either hosts

or security gateways. However, when AH is
implemented in a security gateway (to protect
transit traffic), tunnel mode must be used.
AH Tunnel Mode

Orig. IP TCP
Data
Header Header

Authentication Header

New IP
AH
Header

 With this mode, the tunneling concept is applied, a new IP

datagram is constructed with a new IP header
 The original IP datagram is made the payload
Encapsulating Security Payload (ESP)

 Provides confidentiality service, including

 message contents and limited traffic flow
confidentiality
 As an optional feature, ESP can also provide a
authentication services like AH
Encapsulating Security Protocol

Sequence Number

Security Parameter Index (SPI)

Payload Data (variable)

A monotonically increasing counter value that provides
Protection against replay attacks and guarantees that each
IPsec packet exchanged between
Padding ( 0two parties
– 255 is unique
) bytes
A 32-bit value which ii combination with the destination
Pad Length Next header
IP Address and the IPsec protocol uniquely idenifies
The Contains
security association (SA)
the Integrity for this
Check Valuedatagram
(ICV)
Usually a keyed
Authentication hash
Data function
(variable)
It contains the actual data being protected by the ESP. This is
An entirely
(for encryptian) encrypted
it is and encapsulated
used to maintain IPItpacket
boundries. contains the
Padding bits if any that are used by the encryptian algorithm.
Encapsulating Security Payload (ESP) Protocol
Authentication Header (AH) Protocol
ESP Modes
 As for AH, the location of the ESP in the packet depends on
the mode of operation of ESP. There are two modes of
operations: :
 Transport mode
 Tunnel mode
ESP Transport Mode

 The transport mode is applicable only to host

implementations and provides protection for upper
protocols, but not the IP header.
ESP Transport Mode

Orig. IP TCP
Data
Header Header

Authenticated

Encrypted

ESP ESP ESP

Header Trailer Auth. Data

 The ESP header is inserted after the IP header

 And before an upper-layer protocol (TCP, UDP or ICMP), or before any other
IPsec headers that have already been inserted
 The ESP trailer is placed after the IP packet.
 If authentication is selected, the ESP Authentication Data field is added after the
ESP trailer
ESP Tunnel Mode

 Tunnel mode ESP can be employed in either hosts

or security gateways. When ESP is implemented in
a security gateway to protect subscriber transit
traffic, tunnel mode must be used
ESP Tunnel Mode

Orig. IP TCP
Data
Header Header

Authenticated

Encrypted

New IP ESP ESP ESP

Header Header Trailer Auth. Data

 With this mode, the tunneling concept is applied, a new IP datagram is

constructed with a new IP header
 The original IP datagram is made the payload
 In tunnel mode, ESP protects the entire inner IP packet, including the
entire inner IP header
IPSec services
Key Management Protocols

 To communicate with someone using

authentication and encryption services, like those
provided by IPsec AH and ESP, you need to do
three things:
 Negotiate with other people the protocols,
encryption algorithms and keys to use
 Exchange keys easily (this might include changing
them often)
 Keep track of all these agreements
Key Management Protocols

 Itinvolves the determination and distribution of

secret keys. There are two types of key
management:
 Manual : the keys of the communicating parties are
manually configured to each system (it is hardly
scalable)
 Automatic : the default one is the internet key
exchange (IKE). Its function is the establishment and
maintenance of security Association (SA)
Internet Key Exchange (IKE)

 It is the default automated key management

protocol selected for use with IPsec.
 IKE is a hybrid protocol
 It integrates the Internet Security Association and
Key Management Protocol (ISAKMP) with a
subset of the Oakley key exchange scheme.
Internet Key Exchange (IKE)
 IKE provides a way to:
 agree on which protocols, algorithms, and keys to use
(negotiation services)
 ensure from the beginning of the exchange that you’re talking
to whom you think you’re talking to (primary authentication
services)
 manage those keys after they’ve been agreed upon (key
management)
 exchange material for generating those keys safely
Security Associations (SA)
 The concept of SA is fundamental to IPsec
 It separates key management from security
mechanisms.
 A principle function of the key management scheme
(e.g. IKE) is to establish and maintain SAs.
 Security mechanisms—AH and ESP—simply read and
use those SAs
 A Security Association (SA) is a simplex
(unidirectional) "connection" that affords security
services to the traffic carried by it.
Security Associations (SA)(cont.)
 Since SA is a simplex (unidirectional), separate SAs are
required for outbound and inbound traffic.
 To secure typical, bi-directional communication between
two hosts, or between two security gateways, two SAs
(one in each direction) are required .
 SAs are also protocol specific.
Security Associations (SA)(cont.)
 It is a contract or agreement between communicating peers
on factors such as the IPsec protocol (AH or ESP), mode
of operation of the protocol (transport mode or tunnel
mode), cryptographic algorithms, cryptographic keys, and
lifetime of the keys that will be used to protect the traffic
between them
Security Associations (SA)(cont.)
 A security association is uniquely identified by a triple
consisting of
 Security Parameters Index (SPI)
 This is a 32-bit value assigned to each SA, and each SA is
identified through an SPI.
 IP Destination Address
 This address can be a unicast, broadcast, or multicast IP address
 Security Protocol Identifier (AH/ESP)
 This indicates whether the association is an AH or ESP security
association
Security Associations
 There are two databases that are necessary for processing
IPsec traffic :
 Association Database (SAD)
 SAD contains the active SA parameters
 Security Policy Database (SPD)
 SPD specifies the policies that are to be applied to the traffic
destined to or originated from a given host or network.
 Separate inbound and outbound databases are required
Security Association Database
 Sequence Number Counter.
 Sequence Counter Overflow.
 Anti-Replay Window
 AH authentication algorithm, keys, etc.
 ESP Authentication algorithm, keys, etc.
 ESP Encryption algorithm, keys, IV mode, IV (initial
vector).
 IPsec Protocol Mode (transport or tunnel).
 Path Maximum Transfer Unit (PMTU)(In tunnel mode
only)
 Lifetime of SA (either time or byte count).
Security Policy Database
 Source and Destination IP addresses (or ranges).
 Source and Destination ports (or ranges)
 Transport Layer Protocol
 Name (user ID or System Name), (DNS)
 Data Sensitivity Level
 IPv6 Mobility Header Message Type (MH type).
 ICMP message type and code.
Simple inbound and outbound security associations