IPsec AH ESP CS 470 Introduction to Applied

  • Slides: 12
Download presentation
IPsec – AH & ESP CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin

IPsec – AH & ESP CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk CS 470, A. Selcuk IPsec – AH & ESP 1

IPsec • Cryptographic protection of the IP traffic, transparent to the user • Main

IPsec • Cryptographic protection of the IP traffic, transparent to the user • Main components: – Internet Key Exchange (IKE): IPsec key exchange protocol – Authentication Header (AH): Authentication of the IP packet (optional) – Encapsulating Security Payload (ESP): Encryption/authentication of the IP packet (optional) CS 470, A. Selcuk IPsec – AH & ESP 2

Uses of IPsec • Can be used to provide user-, host-, or network-level protection

Uses of IPsec • Can be used to provide user-, host-, or network-level protection (the granularity) • Protocol modes: – Transport mode: Host applies IPsec to transport layer packet – Tunnel mode: Gateway applies IPsec to the IP packet of a host from the network (IP in IP tunnel) • Typical uses: – Remote access to network (host-to-gateway) – Virtual private networks (gateway-to-gateway) CS 470, A. Selcuk IPsec – AH & ESP 3

Security Association & Policy • Security Policy Database Specifies what kind of protection should

Security Association & Policy • Security Policy Database Specifies what kind of protection should be applied to packets (according to source-destination address, port numbers, User. ID, data sensitivity level, etc. ) • Security Association (SA) – An IPsec-protected connection (one-way) – Specifies the encryption/auth. algorithm, key, etc. – Identified by • security parameter index (SPI) • destination IP address • protocol identifier (AH or ESP) CS 470, A. Selcuk IPsec – AH & ESP 4

SA Database Contains the relevant information for each SA: – AH information (auth. algorithm,

SA Database Contains the relevant information for each SA: – AH information (auth. algorithm, key lifetime, etc. ) – ESP information (auth. /encryption algorithm, key lifetime, etc. ) – Sequence number counter – Anti-replay window (at the destination SA) – Lifetime of the SA – Others (protocol mode, path MTU, etc. ) CS 470, A. Selcuk IPsec – AH & ESP 5

IPsec Packet Processing Outbound packets: – The proper SA is chosen from the security

IPsec Packet Processing Outbound packets: – The proper SA is chosen from the security policy database – From the SA database, the SPI and SA parameters are retrieved – The IPsec protection is performed; packet passed to IP Inbound packets: – By the SPI, the SA is found – IPsec auth. /decryption is performed – Packet passed to upper layer protocol CS 470, A. Selcuk IPsec – AH & ESP 6

Authentication Header (AH) 0 1 2 3 4 5 6 7 8 9 0

Authentication Header (AH) 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Payload Len | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number Field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Authentication Data (variable) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Auth. alg. : HMAC (with MD 5, SHA 1, etc. ) CBC-MAC (3 DES, RC 5, AES, etc. ) • Typically, IV is included in the payload • Authentication covers immutable fields of IP header as well as the payload. CS 470, A. Selcuk IPsec – AH & ESP 7

IPv 4 Header 0 1 2 3 4 5 6 7 8 9 0

IPv 4 Header 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Mutable fields (according to AH): To. S, flags, frag. offset, TTL, checksum CS 470, A. Selcuk IPsec – AH & ESP 8

AH with IPv 4 CS 470, A. Selcuk BEFORE APPLYING AH --------------|orig IP hdr

AH with IPv 4 CS 470, A. Selcuk BEFORE APPLYING AH --------------|orig IP hdr | |(any options)| TCP | Data | -------------- AFTER APPLYING AH ----------------|orig IP hdr | | |(any options)| AH | TCP | Data | ----------------|<------- authenticated ------->| except for mutable fields IPsec – AH & ESP 9

AH Controversies • Authentication is provided by ESP as well (hence, AH is useless)

AH Controversies • Authentication is provided by ESP as well (hence, AH is useless) • Protecting immutable fields doesn’t add much • Destination address may be mutable (due to NAT) • Not efficient to compute (MAC at the beginning) CS 470, A. Selcuk IPsec – AH & ESP 10

Encapsulating Security Payload (ESP) 0 1 2 3 4 5 6 7 8 9

Encapsulating Security Payload (ESP) 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Data (variable) | ~ ~ | | + +-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (0 -255 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+ | | Pad Length | Next Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Data (variable) | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---^Auth. | Cov| erage | ---| ^ | | |Conf. | Cov| erage* | | v v ------ • Encryption: usually a block cipher in CBC mode • IV is typically included in the payload (not encrypted) CS 470, A. Selcuk IPsec – AH & ESP 11

ESP with IPv 4 CS 470, A. Selcuk BEFORE APPLYING ESP --------------|orig IP hdr

ESP with IPv 4 CS 470, A. Selcuk BEFORE APPLYING ESP --------------|orig IP hdr | |(any options)| TCP | Data | -------------- AFTER APPLYING ESP ------------------------|orig IP hdr | ESP | | | ESP| |(any options)| Hdr | TCP | Data | Trailer |Auth| ------------------------|<----- encrypted ---->| |<------ authenticated ----->| IPsec – AH & ESP 12

THE IPSEC PROTOCOL SUITE IPSEC IPsec is aTHE IPSEC PROTOCOL SUITE IPSEC IPsec is a
La suite di protocolli IPSec IPSec IPsec unaLa suite di protocolli IPSec IPSec IPsec una
Lecture 15 IPsec AH and ESP IPsec introductionLecture 15 IPsec AH and ESP IPsec introduction
IPsec IKE CS 470 Introduction to Applied CryptographyIPsec IKE CS 470 Introduction to Applied Cryptography
Extrasensory Perception ESP Types of ESP ESP isExtrasensory Perception ESP Types of ESP ESP is
Encapsulating Security Payload ESP 1 ESP 2 ESPEncapsulating Security Payload ESP 1 ESP 2 ESP
IP Security IPSec protocol n Introduction n IPSecIP Security IPSec protocol n Introduction n IPSec
IPSec and TLS Lesson Introduction IPSec and theIPSec and TLS Lesson Introduction IPSec and the
IP Security IPSec protocol n Introduction n IPSecIP Security IPSec protocol n Introduction n IPSec
IP Security IPSec Matt Hermanson What is IPSecIP Security IPSec Matt Hermanson What is IPSec
IPsec IPsec IP security Security for transmission overIPsec IPsec IP security Security for transmission over