Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service Many solutions are application-specific TLS for Web, S/MIME for email, SSH for remote login IPsec aims to provide a framework of open standards for secure communications over IP Protect every protocol running on top of IPv4 and IPv6
Trang 1IPsec Protocol Suite
o ESP, AH, IKE
Packet Encapsulation in IPsec
o Transport mode
o Tunnel mode
Internet Key Exchange (IKE)
Trang 2 Eavesdropping
Modification of packets in transit
Identity spoofing (forged source IP addresses)
Denial of service
Many solutions are application-specific
TLS for Web, S/MIME for email, SSH for remote login
IPsec aims to provide a framework of open standards for
secure communications over IP
Protect every protocol running on top of IPv4 and IPv6
Trang 3• makes use of the HMAC message authentication code
• can be applied to the entire original IP packet (tunnel mode) or to all
of the packet except for the IP header (transport mode).
Trang 4 IPsec provides the capability to secure communications across
a LAN, across private and public WANs, and across the
Internet
o Secure branch office connectivity over the Internet:
saving costs and network management overhead.
o Secure remote access over the Internet:
reduces the cost of toll charges for traveling employees and
telecommuters.
o Establishing extranet and intranet connectivity with partners:
ensuring authentication and confidentiality and providing a key
exchange mechanism.
o Enhancing electronic commerce security:
guarantees data is both encrypted and authenticate.
Trang 5 In a firewall or router, it provides strong security that can be
applied to all traffic crossing the perimeter (edge).
IPsec in a firewall is resistant to bypass if all traffic from the
outside must use IP and the firewall is the only means of
entrance from the Internet into the organization.
IPsec is below the transport layer (TCP, UDP) and so is
transparent to applications.
IPsec can be transparent to end users.
IPsec can provide security for individual users
IPsec provides security services at the IP layer by:
o enabling a system to select required security protocols,
o determining the algorithm(s) to use for the service(s), and
o putting in place any cryptographic keys required to provide the
requested services.
RFC 4301 lists the following services:
o Access control
o Connectionless integrity
o Data origin authentication
o Rejection of replayed packets (a form of partial sequence
integrity)
o Confidentiality (encryption)
o Limited traffic flow confidentiality
Trang 6Authentication Header (AH) protocol
o For authenticating and securing data
o IP protocol 51
Encapsulating Security Payload (ESP) protocol
o For encrypting, authenticating, and securing data
o IP protocol 50
Internet Key Exchange (IKE) protocol
o For negotiating security parameters and establishing
authenticated keys
o Uses UDP port 500 for ISAKMP
Authentication Header (AH) - RFC4302
o is an extension header
o Provide data origin authentication for IP datagrams
o provide connectionless integrityand
o provide protection against replays.
Trang 7 Encapsulating Security Payload (ESP) RFC4303
o consists of an encapsulating header and trailer used to provide
encryption or combined encryption/authentication
o ESP can be used to provide:
• confidentiality,
• Data origin authentication,
• connectionless integrity,
• an anti-replay service (a form of partial sequence integrity),
• and (limited) traffic flow confidentiality.
o ESP can work with a variety of encryption and authentication
algorithms
AH and ESP support 2 modes: transport and tunnel mode
Transport mode:
o provides protection primarily for upper-layer protocols.
o extends to the payload of an IP packet.
o is used for end-to-end communication between
o to encrypt & optionally authenticate IP data
• can do traffic analysis but is efficient
• good for ESP host-to-host traffic
Tunnel mode:
o provides protection to the entire IP packet.
o Packet travels through a tunnel from one point a IP network to another
o encrypts entire IP packet
o add new header for next hop
o no routers on way can examine inner IP header
o good for VPNs, gateway to gateway security
Trang 804/11/2017 15
Trang 904/11/2017 17
Trang 1004/11/2017 19
The two protocols AH and ESP can provide several
security services for packets at the network layer as
shown in the table below:
Trang 1104/11/2017 21
Trang 12 handles key generation & distribution
typically need 2 pairs of keys
o 2 per direction for AH & ESP
manual key management
o Sys admin manually configures every system
automated key management
o automated system for on demand creation of keys for SA’s in
large systems
o has Oakley & ISAKMP elements
key exchange algorithm: Diffie-Hellman:
o Secret keys are created only w hen needed There is no need to store secret
keys for a long period of time, exposing them to increased vulnerability.
o The exchange requires no pre-existing infrastructure other than an
agreement on the global parameters.
IKE key determination is designed to retain the advantages of
DiffieHellman:
o 1 It employs a mechanism know n as cookies to thw art clogging attacks.
o 2 It enables the tw o parties to negotiate a group; this, in essence, specifies
the global
o parameters of the Diffie-Hellman key exchange.
o 3 It uses nonce to ensure against replay attacks.
o 4 It enables the exchange of Diffie-Hellman public key values.
o 5 It authenticates the Diffie-Hellman exchange to thw art man-in-the-middle
o attacks.
Trang 13 Negotiates IPsec tunnel characteristics between two
IPsec peers
Negotiates IPsec protocol parameters
Exchanges public keys
Authenticates both sides
Manages keys after the exchange
Automates entire key-exchange process
Trang 1404/11/2017 27
Trang 15 Identify interesting traffic by an IPsec peer that has been
configured to initiate an IPsec session for this traffic
IPsec peers negotiate a secure authenticated
communication channel using main mode or aggressive
mode negotiation, resulting in creation of an IKE
Security Association (SA) between the two IPsec peers
(IKE phase I)
Create two IPsec SAs between the two IPsec peers via
IKE quick mode negotiation (IKE phase II)
Send data over encrypted tunnel using ESP and/or AH
encapsulation
Trang 16 Agreeing on a set of parameters that are to be used to
authenticate the two peers
Agreeing on parameters used to encrypt a portion of the
main mode and all of the quick mode messages
None of the aggressive mode messages are encrypted
Authenticate the two peers to each other
Generate keys used to generate keying material for
subsequent encryption of data
All of the parameters negotiated and the keys used to
generate keys for encryption are stored as IKE or ISAKMP
security association (SA)
Main mode using preshared key authentication
followed by quick mode negotiation
Main mode using digital signature authentication
followed by quick mode negotiation
Aggressive mode using preshared key
authentication followed by quick mode negotiation
Main mode using nonces authentication followed by
quick mode negotiation
Aggressive mode using digital signature
authentication followed by quick mode negotiation
Trang 17 To have two peers agree on a set of attributes for
creating the IPsec security associations that could be
used by ESP to encrypt the data
To redo Diffie-Hellman (DH) exchange so that new
keying material can be used to generate IPsec
encryption keys
Preshared keys
Digital signatures
Encrypted nonces
Trang 19 Data Encryption Standard (DES)
Triple DES (3DES)
Trang 20- Cipher block: DES encryption algorithm converting fixed -length
message into cipher text of same length
-block size of DES is 64 bits while key length is 56 bits
-Initialization vector is sent in ESP header
Overall key length is 168 bits
Trang 21 a security policy applied to each IP packet that transits
from a source to a destination
IPsec policy is determined primarily by the interaction of
two databases:
o the security association database (SAD) and
o the security policy database (SPD)
Security Associations
Security Association Database
Security Policy Database
IP Traffic Processing
Trang 22 a one-way logical connection between sender & receiver that
affords security service to the traffic carried on it
It is a mechanism that IPSec used to establish the security
parameters between a sender and a particular receiver the
first time they have communication
Using SA, IPSec changes a connectionless protocol (IP) to a
connection- oriented protocol
SA is identified by 3 parameters:
o Security Parameters Index (SPI): A bit string assigned to this SA
and having local significance only
o IP Destination Address : address of the destination endpoint
o Security Protocol Identifier : indicates whether the association is an
AH or ESP security association
SAD defines the parameters associated with each SA
o Security Parameter Index
o Sequence Number Counter
o Sequence Counter Overflow
o Anti-Replay Window
o AH Information
o ESP Information
o Lifetime of this Security Association
o IPsec Protocol Mode
o Path MTU
Trang 23SAD is needed to collect those of SAs
It is a two-dimensional table with each row defining a single SA
defined by a set of IP and upper-layer protocol field
values, called selectors
The following selectors determine an SPD entry:
o Remote IP Address: (e.g., behind a firewall)
o Local IP Address: (e.g., behind a firewall).
o Next Layer Protocol: The IP protocol header (IPv4, IPv6, or
IPv6 Extension)
o Name: A user identifier from the operating
o Local and Remote Ports: TCP or UDP port values
Trang 25 This case illustrates simple VPN
The tunnel could support AH, ESP,
or ESP with the authentication
option
Trang 26 support for a remote host that uses
the Internet to reach an
organization’s firewall and
then to gain access to some server or
workstation behind the firewall
Trang 27 LAN-to-LAN or site-to-site
o Used to connect two private networks to form one combined
virtual private network
Remote-access client IPsec
o Used to allow road warriors to be part of the trusted network
Trang 28Applications of Ipsec
IPsec Architecture
IPsec Protocol Suite
o ESP, AH, IKE
Packet Encapsulation in IPsec
Trang 3004/11/2017 59
Trang 3104/11/2017 61
and Practice, William Stallings, Prentice Hall,
Sixth Edition, 2013
o Chapter 19
o Others