Professional Documents
Culture Documents
Lecture 17 IPSec
Lecture 17 IPSec
Lecture 17 IPSec
IP SE CU R IT Y
Dr. M M Waseem
Iqbal
Introduction
A range of application specific security
mechanisms e.g. PGP, Kerberos etc.
However there are security concerns that cut
across protocol layers
A need for security implemented by the
network for all applications.
IPSec
General IP Security mechanism
Provides:
Authentication
Confidentiality
Key Management
Applicable across a LAN, across public &
private WANs, & across the Internet
IPSec Applicability Scenario
B enefits of IPSec
Implementation
When implemented in a firewall or router:
Provides strong security to all traffic crossing the
perimeter
R esistant to bypass
T ransparent to applications
T ransparent to end users
Provides security for individual users
Secures routing architecture
IP Security Architecture
Specification is quite complex
Defined in numerous R F C’s
Support for IPsec features is :
mandatory for IPv6
optional for IPv4
T he security features are implemented as
extension headers :
Authentication : Authentication Header (AH)
E ncryption : E ncapsulating Security Payload(E SP)
Header
IPSec Services
Access Control
Connectionless integrity
Data origin authentication
R ejection of replayed packets
Confidentiality
Limited traffic flow confidentiality
IP Security Architecture: Security
Association (SA)
A one way relationsship between a sender and a
receiver.
Can be between:
A pair of hosts
A host and a security gateway
A pair of security gateways
O ne SA can implement either AH or E SP, but not both.
U niquely defined by 3 parameters:
Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
SAs are not fixed. Generated and customized per
traffic flows.
IP Security Architecture: SA Database (SAD)
IPSec processing
Send to B
SPD: Inbound Processing
From A
SA Database SPD
SPI & Packet
(Policy)
Use SPI to Was packet properly
index the SAD secured?
Original IP Packet
…
“un-process” …
T ransport and T unnel Modes
B oth AH and E SP support two modes of use
for IP-Packet transmissions
Packet formats for the modes
Original IP TCP
data
IP packet header header
Payload Data
If the received packet is to the right of the window and is new, the MAC is
checked. If the packet is authenticated, the window is advanced so that this
sequence number is the right edge of the window, and the corresponding
slot in the window is marked
… N
N-W
N+ 1
Marked if valid U nmarked if valid packet
packet received not yet received
Antireplay Mechanism
Integrity Check V alue (ICV )
T he Authentication Data field holds the ICV
T he ICV is a truncated version of a MAC produced by
HMAC
HMAC-MD5 -9 6
HMAC-SHA-1-9 6
T he first 9 6 bits of the MAC is the default length for the
field
Contd…
T he MAC is calculated over
IP header fields to be immutable in transit or to be
predictable in value on arrival
F ields that may change in transit and whose value on arrival are
unpredictable are set to zero for purpose of calc at both send/recv
T he AH header other than the Authentication Data field (set
to zero)
T he entire upper-level protocol data (e.g. a T CP segment)
O thers are set to zero for the purposes of calculation
Integrity Check V alue (ICV )
E xamples of immutable fields
Internet Header Length and Source Address
E xample of mutable but predictable field
Destination Address
E xamples of mutable fields
T ime to LIV E and Header Checksum fields
T ransport Mode (AH)
T unnel Mode (AH)
IPSec E ncapsulating Security Payload
Header
Provides confidentiality
Can optionally provide authentication service too.
E ncryption Algorithms:
DE S, T riple-DE S, R C5 , IDE A, T riple-IDE A, CAST, B lowfish
Authentication Algorithms:
HMAC-MD5 -9 6 , HMAC-SHA1-9 6
IPSec E SP Format
T ransport Mode E SP
T unnel Mode E SP
SA B undle
SA’s can implement either AH or E SP
T o implement both need to combine SA’s
Form a security association bundle
May terminate at different or same
endpoints
Combined by
transport adjacency
iterated tunneling
Issue of authentication & encryption order.
SA B undle: Authentication Plus
Confidentiality
E SP with Authentication O ptions
T he user first applies E SP, then appends the auth.
data field.
T ransport Adjacency
U se of two bundled transport SAs with the inner
being an E SP SA and the outer being an AH SA
T ransport-T unnel B undle
T he use of authentication prior to encryption
T he auth. Data is protected
T he plain message is stored with its auth. info. for
late reference
B asic Combinations of SAs
AH in transport mode
E SP in transport mode
E SP followed by AH in transport mode
Any one of the above inside an AH or E SP in tunnel mode
B asic Combinations of SAs
Providing support for a remote host that uses the Internet to reach an
organization’s firewall and then to gain access to some server or
workstation behind the firewall.