CS-381 Network Security

IP SE CU R IT Y
Dr. M M Waseem
Iqbal
Introduction
 A range of application specific security
mechanisms e.g. PGP, Kerberos etc.
 However there are security concerns that cut
across protocol layers
 A need for security implemented by the
network for all applications.
IPSec
 General IP Security mechanism
 Provides:
 Authentication
 Confidentiality
 Key Management
 Applicable across a LAN, across public &
private WANs, & across the Internet
IPSec Applicability Scenario
B enefits of IPSec
Implementation
 When implemented in a firewall or router:
 Provides strong security to all traffic crossing the
perimeter
 R esistant to bypass
 T ransparent to applications
 T ransparent to end users
 Provides security for individual users
 Secures routing architecture
IP Security Architecture
 Specification is quite complex
 Defined in numerous R F C’s
 Support for IPsec features is :
 mandatory for IPv6
 optional for IPv4
 T he security features are implemented as
extension headers :
 Authentication : Authentication Header (AH)
 E ncryption : E ncapsulating Security Payload(E SP)
Header
IPSec Services
 Access Control
 Connectionless integrity
 Data origin authentication
 R ejection of replayed packets
 Confidentiality
 Limited traffic flow confidentiality
IP Security Architecture: Security
Association (SA)
 A one way relationsship between a sender and a
receiver.
 Can be between:
 A pair of hosts
 A host and a security gateway
 A pair of security gateways
 O ne SA can implement either AH or E SP, but not both.
 U niquely defined by 3 parameters:
 Security Parameters Index (SPI)
 IP Destination Address
 Security Protocol Identifier
 SAs are not fixed. Generated and customized per
traffic flows.
IP Security Architecture: SA Database (SAD)

 A database of Security Associations

 E very host or gateway participating in IPSec
has its own SA database
 Determine IPSec processing for senders
 Determine IPSec decoding for destination
 Holds parameters for each SA like:
 Lifetime of this SA
 AH and E SP information
 T unnel or transport mode
IP Security Architecture: Security Policy Database
(SPD)

 What traffic to protect?

 Policy entries define which SA or SA bundles
to use on IP traffic
 E ach host or gateway has their own SPD
 Index into SPD by Selector fields
 Dest IP, Source IP, T ransport Protocol, Source &
Dest Ports
SPD E ntry Actions
 Discard
 Do not let in or out
 B ypass
 O utbound: do not apply IPSec
 Inbound: do not expect IPSec
 Protect – will point to an SA or SA bundle
 O utbound: apply security
 Inbound: check that security must have been applied
 If the SA does not exist:
 O utbound processing: generate SA dynamically
 Inbound processing: drop packet
 SPD: O utbound Processing
Outbound packet (on A)
A B
IP Packet
SPD SA
(Policy) Database
Is it for IPSec?
If so, which policy
entry to select?

IPSec processing

… … SPI & IPSec

Packet
Determine the SA
and its SPI

Send to B
SPD: Inbound Processing

Inbound packet (on B) A B

From A

SA Database SPD
SPI & Packet
(Policy)
Use SPI to Was packet properly
index the SAD secured?

Original IP Packet
…
“un-process” …
 T ransport and T unnel Modes
 B oth AH and E SP support two modes of use
for IP-Packet transmissions
 Packet formats for the modes
Original IP TCP
data
IP packet header header

Transport mode IP IPsec TCP

data
protected packet header header header

Tunnel mode New IP IPsec IP TCP

data
protected packet header header header header
T ransport and T unnel Modes

T ransport mode : end-to-end authentication

T unnel mode : end-to-intermediate authentication
IPSec Authentication Header
 AH protocol is applied for data integrity and
authentication
 U ndetected modification not possible
 E nables end user to authenticate user/application
 Prevents address spoofing
 Guard against replay attack
 Authentication is based on the use of a HMAC
 B oth party shares secret key before communication
 F irst 9 6 bits of HMAC produced is served as MAC
IPSec Authentication Header

IP Header (usually 2 0 bytes)

Protocol = AH

Next Header Length R eserved

Security Parameter Index (SPI) 32 bits

AH Header
2 4 bytes
Sequence Number 32 bits

Authentication Data 9 6 bits

Payload Data

Next header: T CP, U DP etc.

Sequence number: Start at 1, never recycle (optional)
Anti-R eplay Service
 Generating the sequence numbers at the sender:
 T he sequence number is set to zero with a new SA established
 T he number is incremented by 1 for each packet sent on the SA
 T he SA is terminated or negotiated with a new key if N = 2 32 - 1
 A window of size W is implemented in order for IP
packets to be delivered in reliable manner (with a default
of W= 6 4 )
 Contd..
 If the received packet falls within the window and is new, the MAC is
checked. If the packet is authenticated, the corresponding slot in the
window is marked.

 If the received packet is to the right of the window and is new, the MAC is
checked. If the packet is authenticated, the window is advanced so that this
sequence number is the right edge of the window, and the corresponding
slot in the window is marked

 If the received packet is to the left of the window or if authentication fails,

the packet is discarded;this is an auditable event.
Anti-R eplay Service

Advance window if valid

packet to the right is
received

F ixed window size W

… N

N-W
N+ 1
Marked if valid U nmarked if valid packet
packet received not yet received

Antireplay Mechanism
 Integrity Check V alue (ICV )
 T he Authentication Data field holds the ICV
 T he ICV is a truncated version of a MAC produced by
HMAC
 HMAC-MD5 -9 6
 HMAC-SHA-1-9 6
 T he first 9 6 bits of the MAC is the default length for the
field
 Contd…
 T he MAC is calculated over
 IP header fields to be immutable in transit or to be
predictable in value on arrival
 F ields that may change in transit and whose value on arrival are
unpredictable are set to zero for purpose of calc at both send/recv
 T he AH header other than the Authentication Data field (set
to zero)
 T he entire upper-level protocol data (e.g. a T CP segment)
 O thers are set to zero for the purposes of calculation
Integrity Check V alue (ICV )
 E xamples of immutable fields
 Internet Header Length and Source Address
 E xample of mutable but predictable field
 Destination Address
 E xamples of mutable fields
 T ime to LIV E and Header Checksum fields
T ransport Mode (AH)
T unnel Mode (AH)
IPSec E ncapsulating Security Payload
Header
 Provides confidentiality
 Can optionally provide authentication service too.
 E ncryption Algorithms:
 DE S, T riple-DE S, R C5 , IDE A, T riple-IDE A, CAST, B lowfish
 Authentication Algorithms:
 HMAC-MD5 -9 6 , HMAC-SHA1-9 6
IPSec E SP Format
T ransport Mode E SP
T unnel Mode E SP
SA B undle
 SA’s can implement either AH or E SP
 T o implement both need to combine SA’s
 Form a security association bundle
 May terminate at different or same
endpoints
 Combined by
 transport adjacency
 iterated tunneling
 Issue of authentication & encryption order.
 SA B undle: Authentication Plus
Confidentiality
 E SP with Authentication O ptions
 T he user first applies E SP, then appends the auth.
data field.
 T ransport Adjacency
 U se of two bundled transport SAs with the inner
being an E SP SA and the outer being an AH SA
 T ransport-T unnel B undle
 T he use of authentication prior to encryption
 T he auth. Data is protected
 T he plain message is stored with its auth. info. for
late reference
B asic Combinations of SAs

 AH in transport mode
 E SP in transport mode
 E SP followed by AH in transport mode
 Any one of the above inside an AH or E SP in tunnel mode
B asic Combinations of SAs

 IPsec services only b/w gateways

 Support of simple virtual private network
 T he tunnel could support AH, E SP, or E SP with the authentication
service
B asic Combinations of SAs

 Adding E -to-E security on case 2

B asic Combinations of SAs

 Providing support for a remote host that uses the Internet to reach an
organization’s firewall and then to gain access to some server or
workstation behind the firewall.