Chapter 19 – IP Security Cryptography and Network Security Chapter 19 If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death together with the man to whom the death, together with the man to whom the secret was told. Fifth Edition — The Art of War , Sun Tzu by William Stallings Lecture slides by Lawrie Brown IP Security IP Security • general IP Security mechanisms • have a range of application specific security • provides mechanisms – authentication – eg. S/MIME, PGP, Kerberos, SSL/HTTPS – confidentiality • however there are security concerns that cut • however there are security concerns that cut – key management across protocol layers • applicable to use over LANs, across public & • would like security implemented by the private WANs, & for the Internet network for all applications • need identified in 1994 report – need authentication, encryption in IPv4 & IPv6 IP Security Uses Benefits of IPSec in a firewall/router provides strong security to all traffic crossing the perimeter in a firewall/router is resistant to bypass is below transport layer hence transparent to is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture 1
IP Security Architecture IPSec Services • specification is quite complex, with groups: • Access control – Architecture • RFC4301 Security Architecture for Internet Protocol • Connectionless integrity – Authentication Header (AH) • Data origin authentication • RFC4302 IP Authentication Header • Rejection of replayed packets • Rejection of replayed packets – Encapsulating Security Payload (ESP) – a form of partial sequence integrity • RFC4303 IP Encapsulating Security Payload (ESP) • Confidentiality (encryption) – Internet Key Exchange (IKE) • Limited traffic flow confidentiality • RFC4306 Internet Key Exchange (IKEv2) Protocol – Cryptographic algorithms – Other Transport and Tunnel Modes • Transport Mode – to encrypt & optionally authenticate IP data Transport – can do traffic analysis but is efficient and – good for ESP host to host traffic • Tunnel Mode Tunnel – encrypts entire IP packet Modes – add new header for next hop – no routers on way can examine inner IP header – good for VPNs, gateway to gateway security Security Associations • a one ‐ way relationship between sender & Transport receiver that affords security for traffic flow and • defined by 3 parameters: Tunnel Tunnel – Security Parameters Index (SPI) Security Parameters Index (SPI) – IP Destination Address Mode – Security Protocol Identifier Protocols • has a number of other parameters – seq no, AH & EH info, lifetime etc • have a database of Security Associations 2
Security Policy Database Encapsulating Security Payload (ESP) relates IP traffic to specific SAs • provides message content confidentiality, data origin match subset of IP traffic to relevant SA authentication, connectionless integrity, an anti ‐ use selectors to filter outgoing traffic to map replay service, limited traffic flow confidentiality based on: local & remote IP addresses, next layer • services depend on options selected when establish Security Association (SA), net location Security Association (SA) net location protocol, name, local & remote ports t l l l & t t • can use a variety of encryption & authentication algorithms Encryption & Authentication Encapsulating Security Payload Algorithms & Padding • ESP can encrypt payload data, padding, pad length, and next header fields – if needed have IV at start of payload data • ESP can have optional ICV for integrity S h i l f i i – is computed after encryption is performed • ESP uses padding – to expand plaintext to required length – to align pad length and next header fields – to provide partial traffic flow confidentiality Anti ‐ Replay Service Combining Security Associations • replay is when attacker resends a copy of an • SA’s can implement either AH or ESP authenticated packet • to implement both need to combine SA’s • use sequence number to thwart this attack – form a security association bundle • sender initializes sequence number to 0 when sender initializes sequence number to 0 when – may terminate at different or same endpoints may terminate at different or same endpoints a new SA is established – combined by – increment for each packet • transport adjacency – must not exceed limit of 2 32 – 1 • iterated tunneling • combining authentication & encryption • receiver then accepts packets with seq no – ESP with authentication, bundled inner ESP & within window of ( N –W+1 ) outer AH, bundled inner transport & outer ESP 3
Combining Security Associations IPSec Key Management • handles key generation & distribution • typically need 2 pairs of keys – 2 per direction for AH & ESP • manual key management manual key management – sysadmin manually configures every system • automated key management – automated system for on demand creation of keys for SA’s in large systems – has Oakley & ISAKMP elements Oakley ISAKMP • Internet Security Association and Key • a key exchange protocol Management Protocol • based on Diffie ‐ Hellman key exchange • provides framework for key management • adds features to address weaknesses • defines procedures and packet formats to defines procedures and packet formats to – no info on parties, man ‐ in ‐ middle attack, cost establish, negotiate, modify, & delete SAs – so adds cookies, groups (global params), nonces, • independent of key exchange protocol, DH key exchange with authentication encryption alg, & authentication method • can use arithmetic in prime fields or elliptic • IKEv2 no longer uses Oakley & ISAKMP terms, curve fields but basic functionality is same IKEV2 Exchanges ISAKMP 4
Cryptographic Suites IKE Payloads & Exchanges • variety of cryptographic algorithm types have a number of ISAKMP payload types: • to promote interoperability have Security Association, Key Exchange, Identification, Certificate, Certificate Request, Authentication, – RFC4308 defines VPN cryptographic suites Nonce, Notify, Delete, Vendor ID, Traffic Selector, • VPN ‐ A matches common corporate VPN security using Encrypted, Configuration, Extensible E t d C fi ti E t ibl 3DES & HMAC Authentication Protocol • VPN ‐ B has stronger security for new VPNs payload has complex hierarchical structure implementing IPsecv3 and IKEv2 using AES may contain multiple proposals, with multiple – RFC4869 defines four cryptographic suites compatible with US NSA specs protocols & multiple transforms • provide choices for ESP & IKE • AES ‐ GCM, AES ‐ CBC, HMAC ‐ SHA, ECP, ECDSA Summary • have considered: – IPSec security framework – IPSec security policy – ESP ESP – combining security associations – internet key exchange – cryptographic suites used 5
Recommend
More recommend
