Lecture 06 IP Security

1
Lecture 06 IP Security

• Dr. Supakorn Kungpisdan
• supakorn_at_mut.ac.th

2
Outline

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Security Protocols
• IPSec Modes
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

3
Motivations

• Originally authentication and confidentiality
  were not enforced at the IP level
• Source/Destination IP address spoofing
• Inspection of IP payload
• Replay

4
IP Spoofing Attack
router
a.b.c.100 NFS server
x.y.z.200 Authorized NFS client
x.y.x.201 UNAuthorized NFS client
router
a.b.c.100 NFS server
x.y.x.201 -gt x.y.x.200 Authorized NFS
client Masquerading as authorised client
x.y.z.200 - shutdown For maintenance
5
Ping Of Death Attack

• ICMP, an integral part of IP, is utilized to
  report network errors.
• PING (Packet InterNet Grouper) utilizes ICMP echo
  request and reply packets to test host
  reachability.
• ICMP messages normally consist of the IP Header
  and enclosed ICMP data with a default size of 64
  bytes.
• If the Hacker sends an ICMP Echo request that is
  greater than 65,536 bytes, this can crash or
  reboot the system.
• A newer attack method modifies the header to
  indicate that there is more data in the packet
  than there actually is.

6
Smurf Attack

• Hacker sends an ICMP echo request to the target
  network with a destination broadcast address and
  a spoofed source address of the target
• The network serves as a "bounce site" and returns
  an echo reply packet for each station on the
  network
• The network serves to multiply the effect of the
  "ping". The echo request packet could be sent to
  multiple networks

7
Why look for security at IP level?

• Below Transport Layer
• Not specific to network applications
• no need to change software at Application Layer
• Transparent to users
• no need to train users
• Enhance security when used with higher-level
  applications
• Enhance security of firewalls
• Easily identify authorised access to the network

8
What can be done at IP Layer?

• Authentication
• Allows the receiver to validate the identity of a
  sender, client/server machine or process.
• Integrity
• Provides assurance to the receiver that the
  transmitted data has not been changed.
• Confidentiality
• Preventing the unwanted disclosure of information
  during transit.

9
TCP/IP Possible Security Enhancement
Application
Kerboros, HTTPS, S/MIME, PGP
Transport (TCP, UDP)
SSL, TLS
Network (IP)
IPSec
Data Link
Physical
10
IPSec

• A type of VPN (Virtual Private Network)
• Types of VPNs
• VPN over SSH (Secure Shell) and PPP
  (Point-to-point Protocol)
• VPN over SSL/TLS (Secure Socket Layer/Transport
  Layer Security) and PPP
• IPSec
• PPTP (Point-to-point Tunneling Protocol)
• etc.

11
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Security Protocols
• IPSec Modes
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

12
An IP Security Scenario
13
Applications of IPSec

• Secure branch office connectivity over the
  Internet
• Save cost ? no need to have leased line
• Secure remote access over the Internet
• Establishing extranet and intranet connectivity
  with partners
• Enhancing electronic commerce security
• Extranet enables B2B ecommerce transactions among
  business partners

14
IP Security Architecture
15
IP Security Architecture (cont.)

• Architecture
• general concepts, requirements, definitions, and
  mechanisms defining IPSec technology
• Encapsulating Security Payload (ESP)
• Generally provide encryption to IP Payload (data)
  and optionally provide authentication
• Authentication Header (AH)
• Provide authentication to IP headers
• Encryption algorithm
• Describe encryption algo used for ESP
• Authentication algorithm
• Describe authentication algo. For AH and ESP
• Key Management
• Involve determination and distribution of secret
  keys
• Domain of interpretation (DOI)
• Contains identifiers for approved encryption and
  authentication algorithms, key lifetime
  parameters, etc.

16
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Modes
• IPSec Security Protocols
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

17
Security Associations

• a one-way relationship between sender receiver
  that affords security for traffic flow
• A party who wants to send and receive data needs
  2 SAs
• defined by 3 parameters
• Security Parameters Index (SPI)
• IP Destination Address
• Security Protocol Identifier (AH or ESP)
• has a number of other parameters
• seq no, AH ESP info, lifetime etc
• have a database of Security Associations (SADs)
• Security services are afforded to an SA for the
  use of AH or ESP, but not both

18
SAD Example

• Incoming packet contains SPI, dest IP, security
  protocol ? used to refer to an entry in SAD
• Can configure to specific app. E.g. http traffic

19
Security Policy Database (SPD)

• Make higher-level decision on what to do with IP
  packet
• SPD enforces protection policy, whereas SAD
  supplies the necessary parameters and makes it
  possible.

20
How IPSec Works
SPD
IPSec needed? If so, pass to SAD
Sender
SAD
If so, check header to see how IPSec is
implemented
Check header to see if IPSec packet is
received Remove IPSec header
SAD
Recipient
Decide to allow or drop incoming packet
SPD
21
How IPSec Works (cont.)

• Outbound Traffic Send packet out to the network
• IPSec checks Security Policy Database (SPD) to
  decide to
• Let the packet go through without IPSec protected
• Drop packet
• Protect packet using IPSec

22
How IPSec Works (cont.)

• Inbound Traffic Incoming packet from the network
• System determines Security Association (SA) for
  the packet. SA is composed of
• Security Parameters Index (SPI) served as an
  index in Security Association Database (SAD)
• Destination IP Address
• IPSec Data Manipulation Protocol (Authentication
  Header (AH) or Encapsulation Security Payload
  (ESP))
• Determine appropriate SA, then perform
  authentication/decryption to extract data from
  IPSec data
• Once original header is extract, look up SPD
  rules to see if it matches any rule or not.

23
Example Outbound Traffic

• SPD
• SAD

Rule Src IP Dst IP Src Port Dst Port Action IPSec Protocol Mode Outbound SA Index
1 192.168.1.1 192.168.2.1 Any 80 IPSec AH Tunnel 400
2 192.168.1.23 192.168.2.5 Any 22 Accept - - 8500
SPI Src IP Dst IP Src Port Dst Port Parameter Type Pointer to SPD
400 192.168.1.1 192.168.2.1 Any 80 ..... Outbound 1
8500 192.168.1.23 192.168.2.5 Any 22 - - 2
24
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Security Protocols
• IPSec Modes
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

25
Authentication Header (AH)

• provides support for data integrity
  authentication of IP packets
• end system/router can authenticate user/app
• prevents address spoofing attacks by tracking
  sequence numbers
• based on use of a MAC
• HMAC-MD5-96 or HMAC-SHA-1-96
• parties must share a secret key

26
Authentication Header
Contain MAC of the packet
27
AH Frame
Mutable fields fields that can be changed during
transmission e.g. TTL Immutable fields source
address, header length, destination address,
upper-layer protocol data e.g. TCP or UDP segments
28
Encapsulating Security Payload (ESP)

• provides message content confidentiality
  limited traffic flow confidentiality
• can optionally provide the same authentication
  services as AH
• supports range of ciphers, modes, padding
• incl. DES, Triple-DES, RC5, IDEA, CAST etc
• CBC other modes
• padding needed to fill blocksize, fields, for
  traffic flow
• Current specs supports CBC-DES encryption

29
ESP (cont.)
30
ESP Frame
31
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Modes
• IPSec Security Protocols
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

32
Transport Mode

• Typically used in peer-to-peer communications,
  especially for internal networks
• Data packet is encrypted but the IP header is
  not.
• IP Payload and parts of IP header are
  authenticated
• No modification of original IP header. Only
  authentication can be provided at header

33
Transport AH
34
Transport ESP
35
Tunnel Mode

• Used for remote access and site-to-site security
• Entire packet (header payload) is encrypted and
  treated as a Payload
• Then a new header is added to establish a
  tunnel for original IP datagram
• Generally used between firewalls or gateways -gt
  hosts in network do not need to implement IPSec
• ESP encrypts entire inner IP datagram
• AH authenticates entire inner datagram and parts
  of outer IP header

36
Tunnel AH and ESP
37
Transport VS Tunnel ESP

• Transport ESP mode is used to encrypt
  optionally authenticate IP data
• Data is protected but header is left in clear
• Can do traffic analysis but is efficient
• Good for ESP host-to-host traffic
• Tunnel ESP mode encrypts the entire IP packet
• Add new header for next hop
• Good for VPNs, gateway-to-gateway security

38
Transport Mode and Tunnel Mode Functionality
Inner IP -gt host Outer IP -gt gateway
39
Transport Tunnel Modes
Transport end-to-end Tunnel end-to-intermediate
or intermediate-to-intermediate
40
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Security Protocols
• IPSec Modes
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

41
Security Association Bundles

• SAs can implement either AH or ESP
• To implement both, we need to combine SAs
• Form a security association (SA) bundle
• May terminate at different or same endpoints
• Combined by
• Transport adjacency
• Iterated tunneling
• issue of authentication encryption order
• Authentication before encryption or encryption
  before authentication?

42
Transport Adjacency

• Applying more than one security protocol to the
  same IP packet.
• Combining AH ESP -gt performing at only one
  IPSec instance

43
Transport Adjacency (cont.)

• Use two bundled transport SAs
• Inner SA ? ESP without authentication option
• Payload is encrypted
• Outer SA ? AH
• Authentication covers header ESP
• However, need two SAs comparing to one SA

44
Iterated Tunneling

• Allow multiple levels of nesting
• Each tunnel can originate or terminate at
  different IPSec site along the path

45
Iterated Tunneling (cont.)
46
Combining Security Associations
End-to-end IPSec connection
Added confidentiality btw gateways from Case2
Simple VPN
Remote access to host through firewall
47
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Security Protocols
• IPSec Modes
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

48
Key Management

• Handles key generation distribution
• Typically need 2 pairs of shared keys
• 2 per direction for AH ESP
• Manual key management
• System admin manually configures every system
• Automated key management
• Automated system for on demand creation of keys
  for SAs in large distribution systems
• Has Oakley ISAKMP elements

49
Oakley

• A key exchange protocol
• Based on Diffie-Hellman key exchange
• Adds features to address weaknesses
• cookies, groups (global parameters), nonces, DH
  key exchange with authentication
• Can use arithmetic in prime fields or elliptic
  curve fields

50
ISAKMP

• Internet Security Association and Key Management
  Protocol
• provides framework for key management
• defines procedures and packet formats to
  establish, negotiate, modify, and delete SAs
• independent of key exchange protocol, encryption
  alg, authentication method
• Initial version of ISAKMP deploys Oakley as its
  key exchange protocol
• Alternatively, Oakley protocol operates on top of
  ISAKMP protocol

51
ISAKMP
52
IPSec vs Firewalls

• Allow traffic on UDP port 500 (ISAKMP) to and
  from the IPSec device
• If using IPSec in ESP mode, allow IP protocol 50
  (ipv6-crypt) to and from the IPSec device
• If using IPSec in AH mode, allow IP protocol 51
  (ipv6-auth) to and from the IPSec device

53
Testing IPSec

• Using traceroute
• Host-to-host traceroute should show display only
  one hop the other end of the VPN
• Network-to-network traceroute should show only
  gateways and the host in the internet network.
• Using Telnet
• Sniffing telnet connection should not be able to
  read username and password

54
Roadmap

• Motivation
• IPSec Architecture
• How IPSec Works
• IPSec Security Protocols
• IPSec Modes
• Combining Security Associations
• IPSec Key Exchange and Management Protocol
• IPSec benefits and limitations

55
Benefits of IPSec

• Enable business to rely heavily on the Internet
  and reduce its need for private networks
• saving costs network management
• Provide secure network access over the Internet
• An end-user whose system is equipped with IPSec
  can make a local call to ISP and gain secure
  access to her/his company
• Provide secure communications between
  organisations by ensuring authentication and
  confidentiality
• IPSec can be used to create secure tunnel through
  untrusted (especially the Internet) networks
• Sites connected by these tunnels form Virtual
  Private Networks (VPN)

56
Benefits of IPSec (cont.)

• Packet authentication makes various attacks
  harder
• Address masquerading
• Address spoofing
• IPSec tunnels can be very useful for secure
  remote administration
• In a non-end-to-end service, IPSec can ensure
  that messages between a pair or a group of sites
  are encrypted

57
Some Limitations of IPSec

• IPSec cannot provide end-to-end security as
  systems work at higher levels
• if you need emails encrypted from the senders
  desktop and decrypt them at the receivers site)
• Cannot choose what email to by encrypted and not
  to be encrypted
• Specific applications have particular security
  requirements and IPSec does not provide all
  security services
• IPSec cannot provide total security for credit
  card payment systems

58
Is IPSec Everything You Need?

• Cryptography alone is not enough
• IPSec alone is not enough
• E.g IPSec cannot provide digital signature
  services
• Many factors affect system security.
• OS security
• Data management
• Key management
• Correctness of implementationof algorithms
• Proper system management
• Human factors

59
Questions?