Professional Documents
Culture Documents
Outline
IPsec What, Why and How? IPsec Architecture IPSec and SSL
What Is IPsec?
IPsec is a set of security protocols and algorithms used to secure IP data at the network layer. IPsec provides
data confidentiality (encryption) integrity (hash) authentication (signatures and certificates) Access control Detection and rejection of Replay Attacks
Security Issues in IP
source spoofing replay packets no data integrity or confidentiality
DOS attacks
Fundamental Issue: Networks are not (and will never be) Fully secure
IPsec Architecture
Two modes of propagation: Transport and Tunnel Three situations: Host-host, host-gateway and gateway-gateway Security Protocols: AH and ESP Security Associations:
Security parameter index (SPI) Security policy database (SPD) SA database (SAD)
Key management & Exchange: IKE (ISAKMP/Oakley) Cryptographic algorithms for authentications and encryption
IPsec
IPsec
IPsec
IPsec
IPsec
IPsec
In first case end routers are IPsec aware. Hosts need not be.
7
Transport mode
IP header
IPSec header
TCP header
data
Tunnel mode
IP header
IPSec header
IP header
TCP header
data
immutable IP header fields AH header (except for Authentication Data field) the entire upper-level protocol data (immutable)
AH in Tunnel Mode
Security Association - SA
Defined by 3 parameters:
Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier
Have a database of Security Associations Determine IPSec processing for senders Determine IPSec decoding for destination SAs are not fixed. Generated and customized per traffic flows
IP destination address
The IP address of the destination endpoint of the SA May be an end-user system Or, a network system such as a firewall or router.
Each SA (contains)
Sequence number counter
Sequence counter overflow A flag indicating whether
overflow of the sequence number counter should generate an auditable event and prevent further transmission of packets on this SA
AH information ESP information Lifetime of this security association IPSec protocol mode Tunnel or transport Path MTU Any observed path maximum transmission unit
(maximum size of a packet that can be transmitted without fragmentation) and aging variables (required for all implementations)
SA Database - SAD
Holds parameters for each SA
Lifetime of this SA AH and ESP information Tunnel or transport mode
Bypass
Outbound: do not apply IPSec Inbound: do not expect IPSec
Outbound Processing
Outbound packet (on A)
IP Packet SPD (Policy) Is it for IPSec? If so, which policy entry to select? IPSec processing
A
SA Database
Send to B
Inbound Processing
Inbound packet (on B)
From A
SPI & Packet SA Database SPD (Policy) Was packet properly secured?
un-process
Original IP Packet
D
Tunnel Mode
As SPD As SADB
From To
To B To B Port Any
Asub
From
Bsub
To
ESP[3DES] SPI 14
Cs SPD
Cs SADB
25
Protocol ESP
Asub
Bsub
# SAs encrypt w/ 192 bit keys & auth w/ 128 bit keys Add 200.168.1.100 193.68.2.23 esp 0x201 -m tunnel -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; SPI Add 193.68.2.23 200.168.1.100 esp 0x301 -m tunnel -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
# Security policies spdadd 172.16.1.0/24 172.16.2.0/24 any -P out ipsec esp/tunnel/ 200.168.1.100 - 193.68.2.23 /require; apply to all packets spdadd 172.16.2.0/24 172.16.1.0/24 any -P in ipsec esp/tunnel/ 193.68.2.23 - 200.168.1.100 /require; 26
Key Management
IKE provides a standardized method for dynamically authenticating IPSec peers, negotiating security services, and generating shared keys There are five variations of an IKE negotiation: Two modes (aggressive mode and main mode) Three authentication methods (preshared, public key encryption, and public key signature) IKE has evolved from many different protocols and can be thought of as having two distinct capabilities ISAKMP (Key Management) Oakley (Key Distribution)
ISAKMP
Internet Security Association and Key Management Protocol (RFC 2407) provides framework for key management defines procedures and packet formats to establish, negotiate, modify and delete SAs independent of key exchange protocol, encryption algorithm and authentication method
Oakley
RFC 2412 a key exchange protocol based on Diffie-Hellman key exchange adds features to address weaknesses
cookies, groups (global params), nonces, DH key exchange with authentication
Diffie-Hellman is a standard method of Alice and Bob being able to communicate, and end up with the same secret encryption key
References