View
8
Download
0
Category
Preview:
Citation preview
1
IPsec: AH and ESP
2
Protocol Security – Where?
• Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
• Transport layer: (+): security mostly seamlessly e.g., TLS
• Network layer: (+) reduced key management, fewer application changes, fewer implementations, VPN; (-): multiuser machines
• Data link layer: (+): speedl (-): hop-by-hop only
3
Documents
4
IPsec Objectives• Why do we need IPsec?
– IP V4 has no authentication• IP Spoofing• Payload could be changed without detection
– IP V4 has no confidentiality mechanism• Eavesdropping
– Denial of Service Attacks• Cannot hold the attacker accountable due to the lack of authentication
• IPsec Objectives– IP layer security mechanisms for IP V4 and V6
• Not all applications need to be security aware• Can be transparent to users• Provide authentication and confidentiality mechanisms
• IPsec– AH (Authentication Header) and ESP (Encapsulating Security Payload)
• IP header extensions for carrying cryptographically protected data– IKE (Internet Key Management)
• Authenticating and establishing a session key
5
IPsec Architecture
6
Security Associations (SA)
• SA is a cryptographically protected connection– An association between a sender and a receiver
– Consists of a set of security related parameters
• One way relationship: unidirectional
• Determine IPSec processing for senders
• Determine IPSec decoding for destination
• SAs are not fixed! Generated and customized per traffic flows
7
Security Parameter Index (SPI)
• A bit string assigned to a SA
• Carried in the IPsec header
• The SPI allows the destination to select the correct SA under which the received packet will be processed (according to the agreement with the sender)
• SPI + Dest IP Address + IPsec Protocol (flag for whether it is AH or ESP)– Uniquely identify each SA
8
Security Association Database (SAD)
• Holds parameters for each SA
• When transmitting to X, look up X in SAD– SPI
• Up to 32 bits large
• Allow the destination to select the correct SA
– Key
– Algorithms
– Sequence number
• When receiving an IP packet, look up SPI in SAD
9
Security Policy Database (SPD)
• Which types of packets should be dropped?
• Which should be forwarded or accepted without IPsec protection?
• Which should be protected by IPsec? If protected, encrypted and/or integrity-protected?
• Index into SPD by Selector fields– Dest IP, Source IP, Transport Protocol, IPSec Protocol, Source
& Dest Ports, …
10
Hosts & Gateways
• Hosts can implement IPSec to :– Other hosts in transport or tunnel mode
– Gateways with tunnel mode
• Gateways to gateways - tunnel mode
11
A B
Encrypted Tunnel
Gateway Gateway
New IP Header
AH or ESP Header
TCP DataOrig IP Header
Encrypted
Unencrypted Unencrypted
Tunnel Mode
12
Tunnel Mode
• ESP applies only to the tunneled packet• AH can be applied to portions of the outer header
Outer IPheader
Inner IPheader
IPSecheader
Higherlayer protocol
ESP
AH
Real IP destinationDestinationIPSecentity
13
IPsec, tunnel mode, between firewall
14
Transport Mode
• ESP protects higher layer payload only• AH can protect IP headers as well as higher layer payload
IPheader
IPoptions
IPSecheader
Higherlayer protocol
ESP
AH
Real IPdestination
15
Is it for IPSec?If so, which policyentry to select?
…
SPD(Policy)
…
SA Database
IP Packet
Outbound packet (on A)
A B
SPI & IPSecPacket
Send to B
Determine the SA and its SPI
IPSec processing
Outbound Processing
16
Use SPI to index the SAD
…
SA Database
Original IP Packet
SPI & Packet
Inbound packet (on B) A B
From A
Inbound Processing
…
SPD(Policy)
Was packet properly secured?
“un-process”
17
NAT (Network Address Translation)
• What is it?– With a NAT box, the computer on your internal network do
not need global IPv4 addresses in order to connect to the Internet
– NAT box translates an internal IP
• The problem– An IPsec tunnel cannot go through a NAT box because the
NAT box wants to update the IP address inside the encrypted data and it does not have the key
– For transport mode, IP address is included in the computation of the TCP/UDP checksum
18
IP Header
•Protocol field: ESP=50, AH=51
19
AH (Authentication Header)
••Data integrity: Entire packet has not been tampered withData integrity: Entire packet has not been tampered with••Authentication: 1. Can Authentication: 1. Can ““trusttrust”” IP address source;2. Use MAC to authenticateIP address source;2. Use MAC to authenticate••AntiAnti--replay featurereplay feature••Integrity check valueIntegrity check value•Immutable or predictable IP header fields: version, IH length, total length, identification, protocol, source, destination (source node => predictable)•Upper-level data
20
AH in Transport Mode
21
AH in Tunnel Mode
22
Encapsulating Security Payload (ESP)
23
ESP
24
ESP
Recommended