Title: IPsec
1Lecture 13
- IPsec
- Internet Protocol Security
- CIS 4362 - CIS 5357
- Network Security
2What is IPsec?
- Protocols and mechanisms to support security at
the network layer (IP layer) - Two main security protocols called Authentication
Header (AH, IP protocol type 51) and
Encapsulating Security Protocol (ESP, IP protocol
type 50) - Implemented on end hosts and gateways
- Separate security associations (SA) are used to
determine processing at each of the two
directions (outbound or inbound) - An SA is uniquely defined by
- SPI
- Destination IP address
- IPSec Protocol (ESP or AH)
3Logical Format of an IP Packet
Version IHL Service Type Total length 4 bits 4 bits 8 bits 16 bits
Identification Flags Fragment offset 16 bits 3 bits 13 bits
Time to Live Protocol Header Checksum 8 bits 8 bits 16 bits
Source IP Address 32 bits
Destination IP Address 32 bits
IP Options if used plus padding to 4 bytes Variable length multiples of 4 bytes
Encapsulated Data Variable length, integral number of bytes
4IPSec ServicesServices That Hosts and Gateways
Provide
- Access Control
- Data content confidentiality
- Connectionless integrity
- Data origin authentication
- Replay protection
- Privacy
- Traffic flow masking
5IPsec Architecture (RFC 2401)
- Security Policies that define which traffic is
treated - Security Associations between network components
- Security Protocols
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Key Management
- Internet Key Exchange (IKE)
- Algorithms for authentication and encryption
6IPsec Operations
- Transport Mode
- Above the IP level
- Below the transport level
- Tunnel
- IP within IP
- Sandwiched between two IP sessions
7IPsec OSI Layer
Tunnel Mode
TCP
IP
Data Link
Physical
Transport Mode
TCP
IPSec
IP
Data Link
Physical
IPSec
8IPsec Packet Encapsulation
Tunnel Mode
Transport Mode
Original Packet
IP Header Rest of Packet
IP Header Rest of Packet
IP Header IPsec Header Rest of Packet
IP Header IPsec Header IP Header Rest of Packet
9Adding IPSec to IPv4
version 4bits
header length 4bits (unit 4-octet)
type of service 1 octet
packet length 2 octets
packet identification 2 octets
flags 3 bits
fragment offset 13 bits
hops remaining (TTL) 1 octet
protocol 1 octet
header checksum 2 octets
source address 4 octets
destination address 4 octets
options variable
Regular IP protocol values TCP6 UDP17 IP 4
IPsec protocol values ESP50 and AH51
The communication protocols are specified in the
IPsec header
10Adding IPsec to IPv6
version type of service flow label 4 octets
payload length 2 octets
next header 1 octet (specifies protocol)
TTL 1 octet
source address 16 octets
destination address 16 octets
11Transport mode
IPheader payload
IPheader IPsec header payload
Transport mode was designed to save bandwidth in
end-to-end associations. The payload is
typically encrypted and authenticated. The
IPheader is in theclear, and may or may not be
authenticated.
12Transporting
IP packet p1
IP packet p1 SenderAlice RecipientBob
13Tunnel Mode
IPheader payload
new IP hdr IPsec hdr IPheader payload
Tunnel mode protects both the payload and IP
header of the original packet. If encryption is
used between gateways in tunnel mode, then it
reduces information for traffic analysis.
14Tunneling
15Security Associations
- An IPsec protected connection is called a
security association - The SPI used in identifying the SA is normally
chosen by the receiving system - Basic Processing
- for outbound packets, a packets selector is used
to determine the processing to be applied to the
packet - More complex than for inbound where the received
SPI, destination address and protocol type
uniquely point to an SA
16SAD and SPD
- The IPsec protocol maintains two databases
- Security association database. Indexed by SPIs,
contains the information needed to encapsulate
packets for one association cryptographic
algorithms, keys, sequence numbers, etc. - Security policy database Allows for
implementation of packet filtering policies.
Defines whether or not to accept non-protected
packets, what to require, etc.
17Security Association Database
- Sequence number
- Sequence number overflow
- Anti-Replay Window
- AH Information
- Algorithms, initialization values, keys, etc.
- ESP Information
- Algorithms, initialization values, keys, etc.
- SA Lifetime
- IPsec Protocol Mode
- Path MTU (max packet size)
18Security Policy Database
- Defines
- Traffic to be protected
- How to protect it
- Must be consulted for each packet entering or
leaving the IP stack - Three possible actions
- Discard
- Bypass IPSEC
- Apply IPSEC
19Some Security Association Selectors
- Destination IP Address
- Source IP Address
- UserID
- Data Sensitivity Level
- Transport Layer Protocol number
- IPSec Protocol (AH/ESP)
20Combinations of SAs that must be supported
- Case 1 Host to host
- End to end service
- Case 2 Gateway to Gateway
- Virtual private network
- Case 3 Host to gateway, gateway to gateway,
gateway to host - Case 4. Host to gateway, gateway to host
- Dial-in users
21CASE 1
Transport or Tunnel
Host
Router
Host
Router
Local Intranet
Local Intranet
The Internet
22CASE 2
Tunnel
Transport or Tunnel
Host
Gateway
Host
Gateway
Local Intranet
Local Intranet
The Internet
23CASE 3
Tunnel
Host
Gateway
Host
Gateway
Local Intranet
Local Intranet
The Internet
24CASE 4
Tunnel
Transport or Tunnel
Host
Gateway
Host
Local Intranet
The Internet
25Security Protocols (RFC 2402/6)
- Authentication Header (AH) (RFC 2402)
- Access Control
- Connectionless integrity
- Data origin authentication
- Replay mask
- Encapsulating Security Payload (ESP) (RFC 2406)
- Access Control
- Connectionless integrity
- Data origin authentication
- Replay mask
- Confidentiality
- Traffic flow mask
26IPSEC Roadmap
ESP
AH
Encryption Algorithm
Authentication Algorithm
DOI
Key Management
Policy
Domain of Interpretation
27Authentication Header (AH) (RFC 2402)
- The IP AH is used to provide
- Connectionless integrity
- Data origin authentication
- Protection against replays.
- AH provides authentication for as much of the IP
header as possible, but cannot all be protected
by AH. - Data privacy is not provided by AH
28Authentication Header (AH)
next hdr 1 octet (communication protocol)
payload length (AH header length) 1 octet
unused 2 octets
SPI (Security Parameter Index) 4 octets
sequence number 4 octets
authentication data variable
The Authentication Header authenticates data --
the protocol field is unencrypted, so it is
available for firewall rule-based decisions.
AH authenticates not only the IP payload but all
immutable IP header components, such as source
and destination addresses. This creates
incompatibilities with NAT boxes in end-to-end
associations.
29Authentication Header Structure
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
5 6 7 8 9 0 1 - -------------------------
- - Next Header Payload Len RESERVED
- -------------------------
- - Security Parameters Index (SPI)
- -------------------------
- - Sequence Number Field
- -------------------------
-- - Authentication Data (variable)
-
- ------------------------
--
30IP Packets With AH
Original IP Packet IP header TCP Data
AH Transport Mode IP header AH TCP
Data
AH Tunnel Mode new IP header AH
original IP header TCP Data
31AH Elements
- Authentication Data
- Variable-length field
- Contains the Integrity Check Value (ICV) for this
packet - Sequence Number
- Unsigned 32-bit field
- Monotonically increasing counter (sequence
number) - It is mandatory and is always present
- Processing of the Sequence Number field is at the
discretion of the receiver
32Other AH Elements
- Payload Length Length of AH in 32-bit words - 2
- Reserved 16-bit field. MUST be set to "zero."
- Security Parameters Index (SPI) 32-bit value
that, in combination with the destination IP
address and security protocol, uniquely
identifies the Security Association for this
datagram
33ESP (Encapsulating Security Payload)
- ESP allows for encryption, as well as
authentication. - Both are optional, defined by the SPI and
policies. - ESP does not protect the IP header, only the
payload - But, in tunnel mode everything is encapsulated
- If ESP encryption is enabled, then everything
after the ESP header is encrypted - Communication protocol, ports (NATs and firewalls
need this information).
34Encapsulating Security Payload(ESP)
- Services provided include
- Confidentiality
- Data origin authentication
- Connectionless integrity
- Anti-replay service
- Limited traffic flow confidentiality
- Security services can be provided between
- A pair of communicating hosts
- A pair of security gateways
- A security gateway and a host
35ESP encapsulation
SPI (Security parameter Index) 4 octets
sequence number 4 octets
IV (initialization vector) variable
data variable
padding variable
padding length 1 octet (unit length octets)
next header/protocol type
authentication data
36ESP Header Elements
- Security Parameters Index (SPI)
- Sequence Number
- Payload Data
- Padding
- Sometimes need for encryption
- Sometimes masks encryption
- Sometimes used to mask traffic flow
- Pad length
- Next Header
- Authentication Data
37ESP Header (RFC 2406)
0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ----------
----------------------
---- Security Parameters Index
(SPI) Auth. --------
------------------------
Coverage Sequence Number
-----------------
--------------- ----
Payload Data (variable)
Conf.
------------
------------ Coverage
Padding (0-255 bytes)
--------
----------------
Pad Length
Next Header v
v ------------------------
-------- ------
Authentication Data (variable)
------------------------
--------
38Encapsulating Security Header(ESP)
- The ESP header is inserted
- After the IP header
- Before the upper layer protocol header (transport
mode) - Before an encapsulated IP header (tunnel mode)
39Transport Mode SA Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header Authenticates entire inner IP packet (header and payload), plus selected portions of the outer IP header.
ESP Encrypts IP Payload Encrypts inner IP Packet
ESP With Authentication Encrypts IP payload and authenticates IP payload, but not IP header Encrypts inner IP packet, and authenticates inner IP packet.