Encapsulation Security Payload

1

• Encapsulation Security Payload
• Protocol
• Lan Vu

2
OUTLINE

• Introduction and terms
• 2. ESP Overview
• ESP Packet Format
• ESP Fields
• ESP Modes
• ESP packet processing
• Why ESP?
• Security Considerations
• ESP Performance Impacts
• Conclusion

3
INTRODUCTION AND TERMS

• Internet Protocol Security (IPSec) a security
  function implemented at the IP level of the
  protocol stack.
• Security Association (SA) is used to track a
  given communication session. It defines the
  information about the traffic security protocol,
  the authentication algorithm, and the encryption
  algorithm to be used. Also, it gives the
  information on data flow, lifetime of the SA and
  sequence numbering to guard against replay
  attacks.

4
ESP OVERVIEW

• ESP protocol (i.e. traffic security protocol) is
  used in an IPsec transmitted over IP.
• ESP is identified by protocol number 50.
• ESP provides optional services to provide the
  protection for anything such as authentication,
  encryption, and integrity check for IP datagrams.
  It operates on a per-packet basis.
• Encryption scrambles the data packet to
  prevent unauthorized people from reading the
  message.
• Authentication verifies that the source
  address was not forged.
• Anti replay mechanism ensures the packet was
  not tampered while in route to its destination.

5
ESP OVERVIEW (cont.)

• The desired services to be used are selectable
  upon establishment of the security association
  (SA).
• Encryption is selectable independent of any other
  services. If encryption is enabled, then
  integrity check and authentication should be
  turned on as well. If only encryption is used,
  intruders could forge packets in order to mount a
  cryptanalytic attack.

6
ESP PACKET FORMAT

• There is an ESP header, an ESP trailer, and ESP
  authentication data. The payload is located
  (encapsulated) between the header and the
  trailer, which gives the protocol its name.

7
PACKET FIELDS

• The ESP packet contains the following fields
• Security Parameter Index (SPI) This field is 32
  bits in length
• Sequence Number This 32-bit field is an
  increasing counter, and again follows the AH
  definitions. It is used to prevent replay
  attacks.
• Payload Data This field is mandatory.
• It consists of a variable number of bytes of
  data described by the Next Header field.
• PD is encrypted with the cryptographic
  algorithm selected during SA establishment. If
  the algorithm requires initialization vectors
  (CBC), they will be included here as well.
• Algorithms supported
• DES (CBC) TDEA (three key)
• IDEA Three key triple IDEA
• CAST Blowfish
• RC5

8
PACKET FIELDS (CONT.)

• Padding
• ie. to ensure that the bits to be encrypted are
  a multiple of blocksize
• Authentication Data This optional field is
  variable in length.
• Authenticate packet using MD5 or SHA-1 with a
  key (i.e. HMAC) or without a key to create a
  unique hash or digest of the contents of the
  packet.
• IP header is not covered in the AD
• The AD is calculated from the SPI to the Next
  Header field inclusive.

9
ESP MODES

• Transport Mode Here the ESP header is inserted
  immediately after the IP header. The ESP trailer
  and the optional authentication data are appended
  to the payload. In transport mode, ESP neither
  authenticates nor encrypts the IP header. But
  this mode has a low computational overhead.

10
ESP MODES (CONT.)

• Tunnel Mode Here, a new IP packet is made with a
  new IP header. ESP/Transport is then applied and
  the original datagram is the payload for the new
  packet. If authentication and encryption have
  been initiated, the packet is protected. However,
  the new IP header is not protected.

11
ESP PACKET PROCESSING

• Sender Processes
• Look up SA
• Packet encryption and authentication data
• Encapsulate the original next layer protocol
  information or the entire original IP datagram
• Add necessary padding
• Encrypt the result using the key and encryption
  algorithm mode specified in SA
• Compute the authenticate data over the ESP
  packet using hash functions.
• 3. Generate sequence number

12
ESP PACKET PROCESSING

• Receiver Processes
• Determines the appropriate SA
• Verify sequence number
• Verify the decryption and authentication
• Decrypts and integrity check the ESP payload
  data, padding, pad length, and next header using
  the key, algorithm, algorithm mode indicated by
  SA
• If the check fail, discard the packet and log
  the SPI value, date/time received, source
  address, destination address, the sequence
  number.
• Process any padding
• Check the next header field, if the value is
  59, the packet is discard .
• Extract the original IP datagram or
  transport-layer fram from the ESP Payload Data
  field.

13
WHY ESP?

• Data origin authentication is a security service
  that verifies the identity of the claimed source
  of data
• Confidentiality is the security service that
  protects data from unauthorized parties.
• the disclosure of application level data is
  protected by encrypting the payload data .
• the disclosure of external characteristics of
  communication, also known as the traffic-flow
  confidentiality that is support by concealing
  source and destination addresses, message length,
  or frequency of communication.
• Anti-replay detects arrival of duplicate IP
  datagram (using sliding receive window). It is
  supported by the sequence number which is an
  unsigned 32-bit field contains a monotonically
  increasing counter value in ESP header

14
SECURITY CONSIDERATIONS

• The quality of the security provides by this ESP
  mechanism depends on
• - The strength of the implemented cryptographic
  algorithms
• - The strength of the key being used
• - The correct implementation of the
  cryptographic algorithms
• - The security of the key management protocol
• - The correct implementation of IP
• - Several security mechanisms in all of the
  participating systems.
• The ESP protocol is described as a security
  service focuses only on the IP layer. Not solve
  the secure of the system.

15
SECURITY CONSIDERATIONS (cont.)

• Advantage
• Higher-level services protect a single
  protocol.
• Lower level services protect a single medium.
• Therefore, Can protect any protocol running
  above IP and any medium which IP runs over.
• Attacks on higher-level protocols more
  difficult.
• Limitations
• Not end-to-end
• Authenticate machine not users
• Does not stop traffic analysis
• In general, to provide an effective security
  environment, one should consider the combination
  of different mechanisms and algorithms as well as
  weight the strength and weakness for each of them
  to meet his or her needs.

16
PERFORMANCE IMPACTS

• The encapsulating security approach used by ESP
  can noticeably impact network performance in
  participating systems
• Protocol processing in participating systems will
  be more complex when encapsulating security is
  used, requiring both more time and more
  processing power.
• Use of encryption will also increase the
  communications latency. The increased latency is
  primarily due to the encryption and decryption
  required for each IP datagram containing an
  Encapsulating Security Payload

17
Conclusion

• Encapsulating Security Payload covers packet
  format and general issues for packet encryption.
  It offers the security service at the IP layer.
  Hence, it could be used in the conjunction with
  other security mechanisms in designing robust
  distributed systems.

18
REFERENCES

• 1. R. Atkinson. IP encapsulating security
  payload (ESP). Request for Comments (Proposed
  Standard) RFC 1827, Internet Engineering Task
  Force, August 1995.
• 2. FreeS/Wan Project. http//www.freeswan.org
• 3. S. Kent and R. Atkinson. IP Encapsulating
  Security Payload. Request for Comments (2406),
  Internet Engineering Task Force, November 1998.
  http//www.networksorcery.com/enp/rfc/rfc2406.txt
• 4. R. Anderson. Security Engineering. A Guide to
  Building Dependable Distributed Systems. Wiley,
  p.378, 2001.
• 5. IPSEC and Windows 2000 a step by step guide
• http//www.ccs.neu.edu/home/peterm/IPSEC2000.html