introduction to ipsec
play

Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP - PowerPoint PPT Presentation

Dec 04, 2022 •341 likes •868 views

Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF standard for Network Layer security Popular for creating trusted link (VPN), either firewall-firewall, or machine to firewall Done at

  1. Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1

  2. IP Security (IPsec) • IETF standard for Network Layer security • Popular for creating trusted link (VPN), either firewall-firewall, or machine to firewall • Done “at layer 3” (we’ll explain that later) • Pieces include data packets (AH, ESP), authentication handshake (ISAKMP/IKE), and endless other documents 2

  3. Terminology Nit… • Cryptographic protection of data usually has two pieces: – Encryption, for confidentiality – Integrity protection, for authentication • In this talk, I’ll just say encryption and mean both! 3

  4. Terminology Nit… • Cryptographic protection of data usually has two pieces: – Encryption, for confidentiality – Integrity protection, for authentication • In this talk, I’ll just say encryption and mean both! • “ We could do encryption without integrity protection, but it would be wrong, that’s for sure ”….apologies to Richard Nixon 4

  5. Distinction between IPsec and SSL/TLS Interesting • Both “real time” security – Mutual authentication – SA (security association) establishment – encryption/integrity protection of conversation • But important and subtle differences 5

  6. IPsec vs. SSL/TLS • IPsec philosophy: only change OS, don’t change applications or API • SSL/TLS philosophy: don’t change OS, deployable as user process. TCP and below in OS, so works on top of TCP 6

  7. SSL vs IPsec • Layer 3 (IPsec) theoretically better – SSL: Rogue packet problem • TCP by definition, not involved in crypto • So attacker can generate TCP with (noncrypto) good checksum – TCP will accept it – Real data will be discarded as duplicate • Only recourse: break the connection – In contrast, each IPsec pkt ind. protected – Also, easier to build outboard crypto assist 7

  8. However... • If you don’t change the API or the application: – the only thing IPsec can pass up is the IP address you’re talking to – so IKE does all this PKI stuff to find out this is mary.smith.examplecompany.com, but can’t tell app 8

  9. What you do get • Encryption of the traffic • Ability to do filtering, based on a policy database • Just as if there were a firewall between the two ends 9

  10. IPsec Scenario 1 Firewall to Firewall • Corporate network connected through Internet Unmodified Unmodified Endnode Endnode Protected Protected Subnet Subnet Untrusted IPsec IPsec Network endpoint endpoint 10

  11. IPsec Scenario 2 Endnode to Firewall • Mobile node connects home through Internet Endnode Unmodified w/IPsec in Endnode network stack Protected Subnet Internet IPsec endpoint 11

  12. In Scenario 2, allocating an “internal” IP address • Mobile node needs address in Protected Subnet that will be routed to IPsec endpoint Endnode Unmodified w/IPsec in Endnode network stack Protected Subnet Internet IPsec endpoint 12

  13. IPsec Scenario 3 End to End • Two nodes don’t need to trust the network Endnode Endnode w/IPsec in w/IPsec in network stack network stack internal or external network 13

  14. What does IPsec Protect? • Protection from eavesdropping on the untrusted network • In scenarios 1 & 2, connectivity only – control ‘admission’ to a protected network • In scenario 3, potential for user and server authentication – mostly unrealized 14

  15. Tunnel vs. Transport Mode • In scenarios 1 & 2, IPsec payload is an IP packet complete with different addresses IP hdr ESP hdr IP hdr TCP or UDP payload • In scenario 3, IP endpoints have same addresses as IPsec endpoints, so second header not needed. IP hdr ESP hdr TCP or UDP payload 15

  16. IKE vs. ESP vs. AH • IPsec Security Association (SA) established using IKE • Payload packets are encapsulated with ESP and/or AH • IPsec Security Association could be configured manually (at least in theory) or using some other protocol 16

  17. AH / ESP • Extra header between layers 3 and 4 (IP and TCP) to give dest enough info to identify “security association” • AH does integrity only - but also protects parts of IP header • ESP does encryption and (optional) integrity protection (but only starting after IP header) … encryption “optional” too now 17

  18. ESP Encapsulating Security Payload Next Header = ‘50’ (ESP) IP Header ESP Header Session ID Sequence # TCP = 6 Encrypted UDP = 17 Payload ESP = 50 IP = 4 Encrypted Padding Pad Len NXT Over ESP Header, Encrypted MIC Payload/Pad/Padlen/NXT 18

  19. AH (Authentication Header) IP Header Next Header = ‘51’ (AH) AH Header Next Len MBZ Payload Session ID TCP = 6 Sequence # UDP = 17 ESP = 50 IP = 4 MIC AH = 51 Over “immutable” fields of IP Header, AH Header, and Payload 19

  20. ESP / AH • Payload may be TCP, UDP, or some other ‘higher layer’ protocol (transport mode) • Payload may be IP datagram (tunnel mode) • Payload may be ESP/AH again (recursive encapsulation) • If it’s important to protect IP header, ESP with tunnel mode will do that 20

  21. Why AH? • AH and ESP designed by different groups. AH designers were IPv6 supporters • AH looks more like IPv6 • AH also protects “immutable” fields in IP header. • Originally, ESP just encryption • Encryption without integrity has flaws 21

  22. Why AH, con’t • Then integrity protection added to ESP. • Excuses for keeping AH – protects IP header (nobody has a credible security reason why, and ESP-tunnel can too. – Makes NAT harder, which pleases IPv6 fans) – with AH, firewalls and routers that want to look at layer 4 info (like ports) know it’s not encrypted. With ESP, can’t tell from packet 22

  23. Why Not AH? • IPsec already way too complex. • AH implementation headache, makes IP complex (marking everything “mutable” or not) • IP header can’t be integrity protected en route anyway (routers don’t know the key) • You could peek inside ESP and almost always tell if it’s encrypted or not. A flag might be nice (reserved SPIs would work) 23

  24. Internet Key Exchange (IKE) • Resynchronize two ends of an IPsec SA – Choose cryptographic keys – Reset sequence numbers to zero – Authenticate endpoints • Design evolved into something very complex 24

  25. General idea of IKEv2 Alice Bob g A mod p, nonce A g B mod p, nonce B {“Alice”, proof I’m Alice}g AB mod p {“Bob”, proof I’m Bob}g AB mod p 25

  26. Functionality WG wanted • Perfect Forward Secrecy • Identity hiding • Lots of authentication styles • Work with NATs • DHCP-like address allocation • crypto negotiation • filtering rules (“selectors”) negotiation (“Traffic over this SA must be between this set of IP addresses and layer 4 ports …) • Two “phases” (next slide) 26

  27. Phases • Phase 1: expensive (when based on public keys) mutual authentication, establish SA between two machines • Phase 2: leverage the phase 1 SA to create lots of “child-SAs” 27

  28. Why Two Phases • We argued for removing this, but people wanted it for: – firewalls creating lots of VPNs for lots of customers…they feel safer if different SAs – different QOS, since might travel at different speeds, sequence numbers get far apart – makes rekeying faster – different SAs with different security properties 28

  29. Conceptual IKE • Diffie-Hellman for PFS • Signed D-H to avoid man-in-middle attack • Cookies for DoS protection 29

  30. DoS Protection Using Cookies • Avoid using memory or computation resources when pkts from forged IP addr’s Alice Bob g A mod p, nonce A first send me cookie = h(IP, secret) cookie, g A mod p, nonce A 30

  31. An Intuition for Diffie-Hellman • Allows two individuals to agree on a secret key, even though they can only communicate in public • Alice chooses a private number and from that calculates a public number • Bob does the same • Each can use the other’s public number and their own private number to compute the same secret • An eavesdropper can’t reproduce it 31

  32. Why is D-H Secure? • We assume the following is hard: • Given g, p, and g X mod p, what is X? • With the best known mathematical techniques, this is somewhat harder than factoring a composite of the same magnitude as p • Subtlety: they haven’t proven that the algorithms are as hard to break as the underlying problem 32

  33. Diffie-Hellman Alice agree on g,p Bob choose random A choose random B g A mod p g B mod p compute (g B mod p) A compute (g A mod p) B agree on g AB mod p 33

  34. Man in the Middle Alice Trudy Bob g A mod p g T mod p g T mod p g B mod p agree on g AT mod p agree on g TB mod p {data}g AT mod p {data}g TB mod p {data}g AT mod p {data}g TB mod p 34

  35. Signed Diffie-Hellman (Avoiding Man in the Middle) Alice Bob choose random A choose random B [g A mod p] signed with Alice’s Private Key [g B mod p] signed with Bob’s Private Key verify Alice’s signature verify Bob’s signature agree on g AB mod p 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC can be used with VPNs Identify areas where extensions to IPSEC could be useful Bryan Gleeson, Page-1 VPN Reference Model CE CE PE

352 views • 9 slides
IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE PE CPE/CLE Host PE CPE to CPE IPSEC can be used for : PE to PE PE to CPE Bryan Gleeson, Page-1 CPE to CPE IPSEC tunnels

680 views • 8 slides
Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and Linux Contents Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP Tables The Connection Tracking

444 views • 9 slides
Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt draft-jml-ipsec-ikev2-security-context-00.txt Presented by: Joy Latten Document authors: Serge Hallyn, Trent Jaeger, Joy Latten, and George Wilson Problem Description Mandatory

295 views • 6 slides
Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab Version 2.5.47 basiert auf dem USAGI Projekt. Hierbei handelt es sich um eine alternative Implementierung des IPsec Stacks zum FreeS/WAN Projekt.

610 views • 8 slides
THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution Make encryption the default mode of communication Certifjcations (FIPS, Common Criteria, USGv6, etc.)

917 views • 25 slides
IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22

IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22

IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22 1 / 22 Introduction 2 / 22 ESP and IKE Components of the IPsec protocol suite ESP Encapsulating Security Payload AH Authentication Header IKE

478 views • 22 slides
Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality

818 views • 37 slides
OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by Paul Wouters, RHEL Security THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution

736 views • 32 slides
Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com) 1 Motivation To secure communication

83 views • 6 slides
IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised by Cunsheng Ding IP Security Architecture IPSec module 1 IPSec module 2 SPD SPD IKE IKE AH/ESP AH/ESP SAD SAD SA IKE: Internet Key

702 views • 26 slides
iLab IPsec Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of

iLab IPsec Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of

iLab IPsec Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 8 18ss 1 / 29 Outline Overview IPsec databases

563 views • 29 slides
IP IPSec ( ) 13 Network

IP IPSec ( ) 13 Network

IP IPSec ( ) 13 Network Security, Principles and Practice,2nd Ed. : http://www.fata.ir

567 views • 23 slides
Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of

Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of

Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of course IKE/IPsec can be configured on routers to provide transport security for BGP and other similar control plane protocols. And certainly

480 views • 16 slides
for Constrained Environments dra%-raza-6lo-ipsec-02 {shahid.raza, simon.duquennoy}@sics.se

for Constrained Environments dra%-raza-6lo-ipsec-02 {shahid.raza, simon.duquennoy}@sics.se

Compression of IPsec AH and ESP Headers for Constrained Environments dra%-raza-6lo-ipsec-02 {shahid.raza, simon.duquennoy}@sics.se goran.selandaer@ericsson.com 1 Status of the Document First submi<ed as a posi=on paper to the Smart

209 views • 18 slides
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But theyre worried about attack How do you know

1k views • 56 slides
MySQL Parallel Replication: inventory, use-cases and limitations Jean-Franois Gagn (System

MySQL Parallel Replication: inventory, use-cases and limitations Jean-Franois Gagn (System

MySQL Parallel Replication: inventory, use-cases and limitations Jean-Franois Gagn (System Engineer) jeanfrancois DOT gagne AT booking.com Presented at Percona Live Amsterdam 2016 Booking.com Based in Amsterdam since 1996 Online

850 views • 47 slides
ENERGY-PROPORTIONAL IMAGE SENSING FOR CONTINUOUS

ENERGY-PROPORTIONAL IMAGE SENSING FOR CONTINUOUS

ENERGY-PROPORTIONAL IMAGE SENSING FOR CONTINUOUS MOBILE VISION Robert LiKamW Robert LiKamWa a Bodhi Bodhi Priyantha Priyantha Matthai Matthai Philipose Philipose Victor ictor

366 views • 36 slides
ENSURING QUALITY CARE PROBLEM SOLVING AND CONFLICT RESOLUTION September 2019 Safety, Oversight

ENSURING QUALITY CARE PROBLEM SOLVING AND CONFLICT RESOLUTION September 2019 Safety, Oversight

ENSURING QUALITY CARE PROBLEM SOLVING AND CONFLICT RESOLUTION September 2019 Safety, Oversight and Quality Unit 1 PURPOSE AND KEY TERMS The purpose of this section is to Conflict assist the learner in acquiring Mediator basic skills in

549 views • 20 slides
Session 13 Session 13 Tool Time Tuesday Tool Time Tuesday Cleaning your tech & author

Session 13 Session 13 Tool Time Tuesday Tool Time Tuesday Cleaning your tech & author

Session 13 Session 13 Tool Time Tuesday Tool Time Tuesday Cleaning your tech & author alerts Cleaning your tech & author alerts Hello! Hello! Laurissa Gann, MSLS, AHIP Lesli Moore, MLS Research Medical Library Research Medical

340 views • 19 slides
A Very Common Mistake Javier Estrada Do not fear simple approaches IESE Business School

A Very Common Mistake Javier Estrada Do not fear simple approaches IESE Business School

Winning Investment Strategies Reference Portfolios Javier Estrada Winter, 2014 1. Assets & Products Relevant assets Financial products 2. Reference Portfolios 100% equity The 6040 portfolio The permanent portfolio

164 views • 12 slides
Genes and Behavior Genes and Behavior Cog. Sci. 1 Cog. Sci. 1 Ralph Greenspan Ralph Greenspan

Genes and Behavior Genes and Behavior Cog. Sci. 1 Cog. Sci. 1 Ralph Greenspan Ralph Greenspan

Genes and Behavior Genes and Behavior Cog. Sci. 1 Cog. Sci. 1 Ralph Greenspan Ralph Greenspan rgreenspan@ucsd.edu rgreenspan@ucsd.edu Its genetic. My father was a dog, and Im a dog. Mendel Galton Mendelian inheritance

1.09k views • 95 slides
MANAGEMENT OF REFRACTORY THYROID CANCER RAJKUMAR VENKATRAMANI, MD, MS RARE TUMORS PROGRAM TEXAS

MANAGEMENT OF REFRACTORY THYROID CANCER RAJKUMAR VENKATRAMANI, MD, MS RARE TUMORS PROGRAM TEXAS

9/9/2016 MANAGEMENT OF REFRACTORY THYROID CANCER RAJKUMAR VENKATRAMANI, MD, MS RARE TUMORS PROGRAM TEXAS CHILDRENS HOSPITAL CONFLICTS OF INTEREST Policies and standards of the Texas Medical Association, the Accreditation Council for

484 views • 11 slides
Technology Design for Older Adults Wendy A. Rogers, Ph.D. Director: Human Factors and Aging

Technology Design for Older Adults Wendy A. Rogers, Ph.D. Director: Human Factors and Aging

Technology Design for Older Adults Wendy A. Rogers, Ph.D. Director: Human Factors and Aging Laboratory School of Psychology Georgia Institute of Technology How can technology ENHANCE the lives of older adults...

230 views • 21 slides

More recommend