ACN 2013-2014 (3)

7/27/2019 ACN 2013-2014 (3)

1/61

IPSec

7/27/2019 ACN 2013-2014 (3)

2/61

IP Header

VERSION HLEN TOS LENGTH

IDENTIFICATION FLAGS OFFSET

TTL PROTOCOl CHECKSUM

SOURCE ADDRESS

DESTINATION ADDRESS

OPTIONS (VARIABLE) PAD(VARIABLE)

0 4 8 16 19 31

DATA

7/27/2019 ACN 2013-2014 (3)

3/61

Internetworks (Internets)

A collection of different physical networks Requirements:

Heterogeneity Scalability

R2

R1

H4

H5

H3H2H1

Network 2 (Ethernet)

Network 1 (Ethernet)

H6

Network 3 (FDDI)

Network 4(point-to-point)

H7 R3 H8

7/27/2019 ACN 2013-2014 (3)

4/61

IP Datagram Fragmentation and Reassembly Contd.

Internet contains heterogeneous networks, some networks limit the maximum packet size to a

smaller size than others. We use the term Maximum Transmission Unit (MTU) to refer to thelargest payload a given network can accommodate . To Accommodate heterogeneous MTUs,IP uses the technique of fragmentation and reassembly a router can divide a large datagraminto a set of smaller datagrams called fragments. Each fragments travels independently and ultimate destination reassembles fragments to reproduce the original datagram.

Each fragment is a datagram that begins with a datagram header.Header fields in a fragment are derived from the original datagram

Ina fragment, the following fields differ from the original datagram:

Total Length

Flags

Fragment Offeset

Header Checksum

The size of a fragment is determined by the MTU of the outgoing network

The FLAGS AND FRAGMENT OFFSET fields together identify a datagram as afragment; If both contains zero the datagram is not a fragment.

7/27/2019 ACN 2013-2014 (3)

5/61


Fragment Offset field tells the relationship between data in the fragment and data in theoriginal datagram. More specifically, the FRAGMENT OFFSET specifies how far intothe original payload the data in the fragment belongs.

TOTAL LENGTH field in a datagram contains 16 bits, which means the datagram can be 64K octets long. Because only 13 bit, the FRAGMENT OFFSET field cannotrepresent all possible octet position in the datagram. Instead, the value in theFRAGMENT OFFSET field interpreted as multiple of eight octets.

7/27/2019 ACN 2013-2014 (3)

6/61

IP Datagram Fragmentation and Reassembly Contd.Given: an IP datagram , D , and a Network MTU

Produce a set of fragments for DIf the DO NOT FRAGMENT bit is set

{ Stop and report an error}

Computer the size of the datagram header H

Choose N to be the largest multiple of 8 such that H+N MTU

Initialize an offset counter 0 to zeroRepeat until datagram empty

{ Create a new fragment that a has a copy of D s header Extract up to the next Noctets of data from D and place the data in the fragment.

Set the MORE FRAGEMENT BIT IN FRAGMENT HEADER;

Set TOTAL LENGTH field in fragment header to be H+N;Set FRAGMENT OFFSET field in fragment header to be 0;

Computer and set the CHECKSUM filed in fragment header ;

Increment 0 by N/8;

}

7/27/2019 ACN 2013-2014 (3)

7/61

IP Datagram Fragmentationand Reassembly Contd.

Ident is selected by sender host, and isunique for each packet sent by that hostin recent past.

M bit : shows whether there are morefragments for that packet following

Offset : deals with possibly reordered fragments (counts 8-byte words; whynot count bytes?)

A packet can be fragmented at multiplerouters (see how)

Reassembly is only performed at thereceiving host

When should receiver give up on thereassembly of a packet?

Ident = x Offset = 0

Start of header

0

Rest of header

1400 data bytes

(a)


Start of header

1

Rest of header

512 data bytes

(b)


Start of header

1

Rest of header

512 data bytes


Start of header

0

Rest of header

376 data bytes

7/27/2019 ACN 2013-2014 (3)

8/61


R1

ETH FDDI

IPIP

ETH

TCP R2

FDDI PPP

IP

R3

PPP ETH

IP

H1

IP

ETH

TCP

H8

7/27/2019 ACN 2013-2014 (3)

9/61


Each network technology has a Maximum Transmission Unit

(MTU): largest IP datagram for that technology Internetworking requires fragmentation of a packet at a router,

when packet is larger than next network s MTU Common MTUs: Ethernet (1500B), FDDI (4500B), PPP

(configurable)

H1 R1 R2 R3 H8

ETH IP (1400) FDDI IP (1400) PPP IP (512)

PPP IP (376)

PPP IP (512)

ETH IP (512)

ETH IP (376)

ETH IP (512)

7/27/2019 ACN 2013-2014 (3)

10/61

IP Datagram Fragmentation and Reassembly Contd. The destination accepts incoming fragments and collects the fragments

from a given datagram. When all fragments of a datagram arrive, thesystem reassembles them to produce the original datagram which it then

processes. Out-of-order-Delivery: Routes can change at any time. As a result,

fragments may arrive out-of-order. In particular, because some routers

give priority to short packets, the fragments carrying the tail of thedatagram may arrive first.

Duplication: The original datagram or any fragment can be duplicated during its trip through the Internet. More important, if a duplicatedatagram is router along a different path than the original, fragmentation

along the paths may differ, which produces fragments that overlap. Loss: One or More fragments from a datagram may be lost. IP does not

retransmit lost datagram or lost fragments. Concurrent Reception : A receiving system must be prepared to accept

incoming fragments from multiple datagrams concurrently.

7/27/2019 ACN 2013-2014 (3)

11/61

Problem No. 1

7/27/2019 ACN 2013-2014 (3)

12/61

Solution to Problem No. 1

7/27/2019 ACN 2013-2014 (3)

13/61

Problem No. 2

7/27/2019 ACN 2013-2014 (3)

14/61


7/27/2019 ACN 2013-2014 (3)

15/61

Source routing Include all forwarding information in each packet

Source needs to know network topology Headers can be arbitrarily large

0

13

2

0

1 3

2

0

13

2

0

13

23 0 1 3 01

30 1

Switch 3

Host B

Switch 2

Host A

Switch 1

7/27/2019 ACN 2013-2014 (3)

16/61

Source Routing Header Processing

Header Enteringswitch

Header leavingswitch

D C B A Ptr

(a) (b) (c)

D C B A D C B A

D C B A Ptr D C B D C B A

7/27/2019 ACN 2013-2014 (3)

17/61

Problem No. 3

7/27/2019 ACN 2013-2014 (3)

18/61


7/27/2019 ACN 2013-2014 (3)

19/61

A

7/27/2019 ACN 2013-2014 (3)

20/61

The TCP/IP and the OSI Models

7/27/2019 ACN 2013-2014 (3)

21/61

Pragmatic Model

7/27/2019 ACN 2013-2014 (3)

22/61

Integration of Security Services into CommunicationArchitecture

There is the question of which security services should be implemented into which systems of a communication Network.

7/27/2019 ACN 2013-2014 (3)

23/61

Integration of Security Services into CommunicationArchitecture Contd.

Individual Security services can conceivable be provided in end systems or intermediate systems. Regarding the integration intointermediate systems, a further differentiation can be made as towhich security services should be embedded into whichintermediate systems, For example, whether services should beintegrated solely on the boundary nodes of a network or alsogenerally within the network.

On one had it could be argued that security services should basically be supplied in end systems because it is only there that users havetotal control over them and can be sure that their data will have thedesired protection.

7/27/2019 ACN 2013-2014 (3)

24/61

Integration of Security Services into CommunicationArchitecture Contd.

Design decisions are also needed to identify the layers into which specificsecurity services should be integrated.

7/27/2019 ACN 2013-2014 (3)

25/61

Mapping between Protocol Layers and RequirementsLevel is not One-to-One

Security measures to meet the requirements of the end system and subnetwork levels can be implemented in the transport layer as well as inthe network layer.

Link level can be implemented in the data link layer and the physicallayer.

7/27/2019 ACN 2013-2014 (3)

26/61

TCP/IP Packet Generation

7/27/2019 ACN 2013-2014 (3)

27/61

Cryptographic Algorithm Placement

Application Layer: Deploying Cryptographic Algorithms at theapplication layer provides end-to-end security protection. Data isencrypted at this layer. The encrypted or authenticated data then goesthrough each layer below as if it were normal data. That is, it does notneed to be decrypted or checked for signature at any layer.

On the other hand, TCP headers and IP headers are not encrypted or authenticated because these headers are added within the lower layers,making it possible for an attacker to analyze traffic and modify header information.

Transport Layer: Deploying Cryptographic Algorithms at thetransport layer provides security protections for TCP packets. The

payload of a TCP packet or the entire TCP packet itself (i.e. bothheader and payload) can be encrypted or authenticated at this layer.

7/27/2019 ACN 2013-2014 (3)

28/61

Cryptographic Algorithm Placement Contd.

Transport Layer Contd.: Crypto placement at the transport layer doesnot affect the application data received from the application layer.Therefore, users do not need to modify any application programs.

The TCP header encapsulating the encrypted or authentication TCP packet is not encrypted, making it possible for the attacker to analyzetraffic using information from the IP header. If the TCP header is notencrypted, the attacker may further obtain additional information suchas TCP sequencing numbers. This makes it possible for the attacker tofigure out how TCP sequencing numbers might be generated. Thisinformation is needed if the attacker wants to hijack a TCP connection.

7/27/2019 ACN 2013-2014 (3)

29/61

Cryptographic Algorithm Placement Contd.

Network Layer : Deploying cryptographic algorithms at the network

layer provides link-link security protection. At this layer, the payload of the IP packet or the entire IP packet itself (i.e., both header and payload)can be encrypted or authenticated. Applying cryptographic algorithms on

payloads does not affect the routing functionality and it is referred to astransport mode application.

Applying cryptographic algorithms on the entire packet requires a network layer gateway to route tunnel mode IP packets, which is equivalent tohiding the whole IP packets inside the gateway and it is referred to as thetunnel mode application .

Data Link Layer : Deploying cryptographic algorithms at the data link layer provides security protection for frames. Payloads of the frames areencrypted or authenticated at this layer. Deploying cryptographicalgorithms at the data link layer also does not need to modify existingapplication programs.

7/27/2019 ACN 2013-2014 (3)

30/61

IPsec

In1994

, the Internet Architecture Board (IAB ) issued a report entitled "Security in the Internet Architecture" (RFC 1636). The report stated thegeneral consensus that the Internet needs more and better security, and it identified key areas for security mechanisms. Among these were theneed to secure the network infrastructure from unauthorized monitoringand control of network traffic and the need to secure end-user-to-end-user traffic using authentication and encryption mechanisms.

These concerns are fully justified. As confirmation, the 1998 annualreport from the Computer Emergency Response Team (CERT) lists over 1,300 reported security incidents affecting nearly 20,000 sites. The mostserious types of attacks included IP spoofing, in which intruders create

packets with false IP addresses and exploit applications that useauthentication based on IP address; and various forms of eavesdropping

and packet sniffing, in which attackers read transmitted information,including logon information and database contents.

7/27/2019 ACN 2013-2014 (3)

31/61

IPsec

In response to these issues, the IAB included authentication and encryption as necessary security features in the next-generation IP,which has been issued as IPv 6. Fortunately, these security capabilitieswere designed to be usable both with the current IP (IPv 4) and IPv 6,meaning that vendors can begin offering these features now, and manyvendors do now have some IP Security Protocol (IPSec) capability intheir products.

7/27/2019 ACN 2013-2014 (3)

32/61

Applications of IPSec

The Internet community has developed application-specific securitymechanisms in numerous application areas, including

electronic mail ( Privacy Enhanced Mail, Pretty Good Privacy [PGP]),

Network Management ( Simple Network Management Protocol Version3 [SNMPv3]),

Web Access (Secure HTTP, Secure Sockets Layer [SSL]), and others.However, users have some security concerns that cut across protocollayers. For example, an enterprise can run a secure, private TCP/IPnetwork by disallowing links to untrusted sites, encrypting packets thatleave the premises, and authenticating packets that enter the premises.By implementing security at the IP level, an organization can ensuresecure networking not only for applications that have securitymechanisms but also for the many security-ignorant applications.

7/27/2019 ACN 2013-2014 (3)

33/61

Applications of IPSec Contd.

Secure branch office connectivity over the Internet: A company can build a secure virtual private network over the Internet or over a public WAN.This enables a business to rely heavily on the Internet and reduce its need for private networks, saving costs and network management overhead.

Secure remote access over the Internet: An end user whose system is

equipped with IP security protocols can make a local call to an Internet Service Provider (ISP) and gain secure access to a company network. Thisreduces the cost of toll charges for travelling employees and telecommuters.

Establishment of extranet and intranet connectivity with partners: IPSeccan be used to secure communication with other organizations, ensuringauthentication and confidentiality and providing a key exchangemechanism.

7/27/2019 ACN 2013-2014 (3)

34/61

Applications of IPSec Contd.

Enhancement of electronic commerce security: Most efforts to date tosecure electronic commerce on the Internet have relied upon securingWeb traffic with SSL since that is commonly found in Web browsers and is easy to set up and run. There are new proposals that may utilize IPSecfor electronic commerce.

7/27/2019 ACN 2013-2014 (3)

35/61

The benefits of IPSec include

When IPSec is implemented in a firewall or router, it provides strongsecurity that can be applied to all traffic crossing the perimeter. Trafficwithin a company or workgroup does not incur the overhead of security-related processing.

IPSec is below the transport layer (TCP, UDP), so is transparent toapplications. There is no need to change software on a user or server

system when IPSec is implemented in the firewall or router. Even if IPSecis implemented in end systems, upper layer software, includingapplications, is not affected.

IPSec can be transparent to end users. There is no need to train users onsecurity mechanisms, issue keying material on a per-user basis, or revokekeying material when users leave the organization.

IPSec can provide security for individual users if needed. This feature isuseful for offsite workers and also for setting up a secure virtualsubnetwork within an organization for sensitive applications.

7/27/2019 ACN 2013-2014 (3)

36/61

IPsec Architecture

7/27/2019 ACN 2013-2014 (3)

37/61

IPSec in Transport Mode

In Transport Mode, IPsec protects what is delivered from the transport layer tothe network layer. In other words, transport mode protects the network layer

payload, the payload to be encapsulated in the network layer.

Transport mode does not protect the IP header. In other words, transport modedoes not protect the whole IP packet; it protect only the packet from thetransport layer(IP layer payload). In this mode, the IPsec header and trailer areadded to the information coming from the transport layer. The IP layer isadded later.

7/27/2019 ACN 2013-2014 (3)

38/61

IPSec in Transport Mode Contd.

Transport mode is normally used when host-to-host (end-to-end) protection of data. The sending host uses IPsec to authenticate and/or decrypt the payload delivered from the transport layer. The receiving host uses IPsec to check theauthentication and/or the IP packet and deliver it to the transport layer.

7/27/2019 ACN 2013-2014 (3)

39/61

IPsec Tunnel Mode

In tunnel mode, IPSec protects the entire IP packet. It takes an IP packet,including the header, applies IPSec security methods to the entire packet,and then adds a new IP header.

The tunnel mode normally used between two routers, between hosts and router or between a router and host . In other words, tunnel mode is used when either the sender or the receiver is not a host. The entire original

packet is protected from intrusion between the sender and the receiver, as if the whole packet goes through an imaginary tunnel.

7/27/2019 ACN 2013-2014 (3)

40/61

Tunnel Mode in Action

7/27/2019 ACN 2013-2014 (3)

41/61

Comparison between Tunnel and Transport Mode

In transport mode, IPsec layer comes between the transport layer and the

network layer. In tunnel mode, the flow is from the network layer to the IPseclayer and then back to the network layer again.

7/27/2019 ACN 2013-2014 (3)

42/61

Authentication Header (AH)

Next Header : The 8 bit next header field defines the type of payload carried by the IP datagram (such as TCP, UDP, ICMP or OSPF). It hasthe same function as the protocol filed in the IP header before encapsulation. Inother words, the process copies the value of the protocol field in the IP datagram to this filed. The value of the protocol in the new IP datagram is set to51 to show that the packet carries an authentication header.

7/27/2019 ACN 2013-2014 (3)

43/61

Authentication Header (AH) Contd.

Payload Length : The name of this 8-bit field is misleading. It doesnot define the length of the payload; it defines the length of theauthentication header in 4-byte multiples, but it does not include the first 8

byte.

Security Parameter Index : The 32-bit Security Parameter Index (SPI)field plays the role of a virtual circuit identifier and is the same for all

packets sent during a connection called a Security Association.

Sequence Number : A 32-bit sequence number provides orderinginformation for a sequence of datagram. The sequence prevent a playback.

Note that the sequence number is not repeated even if a packet isretransmitted. A sequence number does not wrap around after it reaches 2 32-1 or new connection is established.

Authentication Data : Finally, the authentication data field is the resultof applying a hash function to the entire IP datagram except for the fieldsthat are changed during transit.

7/27/2019 ACN 2013-2014 (3)

44/61

Authentication Header (AH) Contd.

7/27/2019 ACN 2013-2014 (3)

45/61

Encapsulation Security Header

The AH protocol does not provide privacy, only source authentication and integrity. IPsec later defined an alternative protocol, Encapsulating SecurityPayload (ESP) , that provides source authentication, integrity and privacy.ESP adds a header and trailer. Note that ESP s authentication data areadded at the end of the packet, which makes its calculation eaiser.

When an IP datagram carries an ESP header and trailer, the value of the protocol field in the IP header is 50. A field inside the ESP trailer ( thenext-header field) holds the original value of the protocol filed (the type of

payload being carried by the IP datagram such as TCP or UDP).

7/27/2019 ACN 2013-2014 (3)

46/61

Encapsulation Security Header Contd.

Security Parameter Index : The 32-bit security parameter index field is similar to that defined for the AH

protocol.

Sequence Number : The 32-bit sequence number field issimilar to that defined for the AH protocol.

Padding : This variable length field ( 0-255 bytes) of 0s serves as padding.

7/27/2019 ACN 2013-2014 (3)

47/61

Encapsulation Security Header Contd.

Next Header : The 8-bit next header field similar to that defined in the AH protocol. It servers the same purpose asthe protocol field in the IP header beforeencapsulation.

Authentication Data : Finally, the authentication data field isthe result of applying an authenticationscheme to parts of the datagram. Notethe difference between the authenticationdata in AH and ESP. In AH part of the IPheader is included in the calculation of the authentication data; in ESP, it is not.

7/27/2019 ACN 2013-2014 (3)

48/61

AH versus ESP

The ESP protocol was designed after the AH protocol was already in use. ESPdoes whatever AH does with additional functionality (privacy).

Access Control: IPsec provides access control indirectly using a SecurityAssociation Database (SAD). When a packet arrives at a destination and there is no Security Association already established for this packet, the

packet is discarder.

7/27/2019 ACN 2013-2014 (3)

49/61

AH versus ESP

Message Integrity: Message integrity is preserved in both Ah and ESP. A digestof data is created and sent by the sender to be checked by the receiver.

Entity Authentication: The Security Association and the Keyed-hash digest of the data sent by the sender authenticate the sender of the data in both AH and ESP.

Confidentiality: The encryption of the message ESP provides confidentiality.AH, however, does not provide confidentiality. If confidentiality is needed, oneshould use ESP instead of AH.

7/27/2019 ACN 2013-2014 (3)

50/61

Reply Attack Protection

7/27/2019 ACN 2013-2014 (3)

51/61

Security Association

IPsec supports a number of encryption algorithms for user to choose from.When Sender wants to communicate with Receiver using IPsec, sender mustfirst select a set of encryption algorithms and parameters and then inform toReceiver about his selection. Receiver may select accept the Sender Selectionor negotiate with Sender for a different set of algorithms and parameters.Once the algorithms and parameters are selected, IPsec established a Security

Association (SA) between Sender and Receiver.

Security Parameter Index: It is a 32 bit binary string used to identify a particular set of algorithms and parameters as well as particualr communication session. SPI is included in AH and ESP to ensure that bothsides will use the same algorithms and paramters.

7/27/2019 ACN 2013-2014 (3)

52/61

Security Association Contd.

IP destination Address : It specifies which host the underlying SA isestablished for.

Security Protocol Identifier : It specifies whether the underlying AS isestablished for AH or ESP. IPsec disallow AH and ESP to use the same SAsimultaneously.

7/27/2019 ACN 2013-2014 (3)

53/61

Security Association Contd.

A Security Association is a contract between two parties; it creates a securechannel between them. Let us assume that Sender needs unidirectionalcommunicate with Receiver. If sender and Receiver are interested only in theconfidentiality aspect of security, they can get a shared secrete key betweenthemselves. We can say that there are two security Associations (SAs) betweensender and receiver. One outbound SA and one bound inbound SA. Each themstores the value of the key in a variable and the name of the encryption/decryption algorithm in another. Sender user the algorithm and key to encrypta message, Receiver uses the algorithm and key when he need to decrypt themessage received from sender and receiver.

Security Associations can be involved if the two parties need message integrityand authentication. Each association needs other data such as the algorithm for message integrity, key and other parameters.

7/27/2019 ACN 2013-2014 (3)

54/61

Security Association Database

A Security Association can be very complex. This is particularly true if sender

wants to send message to many people and Receiver needs to receive messagefrom many people. In addition, each site needs to have both inbound and outbound SA s to allow bidirectional communication. In other words, we need aset of SA s that can be collected into a database. This is called the SecurityAssociation Database (SAD).

7/27/2019 ACN 2013-2014 (3)

55/61

Security Association Database Contd.

Security Parameter Index : The Security Parameter Index (SPI) is a 32 bit

number that defines the SA at the destination. SPI is determined during the SAnegotiation. The same SPI is included in all IPsec packets belonging to the sameinbound SA.

Destination Address : The second index is the destination address of thehost. We need to remember that a host in the Internet normally has one unicastdestination address, but it may have several multicast address. IPsec requires thatthe SAs be unique for each destination address.

Protocol : IPsec has two different security protocols : AH and ESP.To separate parameters and information user for each protocol, IPsec requires that adestination define a different SA for each protocol.

7/27/2019 ACN 2013-2014 (3)

56/61

Security Association Database Contd.

Typical SA Parameters

7/27/2019 ACN 2013-2014 (3)

57/61

Security Policy

Another important aspect of IPsec is the Security Policty (SP), which defines thetype of security applied to a packet when it is to be sent or when it has arrived.

Security Policy Database : Each host that is using the IPsec protocol need to keep a Security Policy Database (SPD). There is need for aninbound SPD and an outbound SPD. Each entry in the SPD can be accessed using aSixtuple index: Source Address, Destination Address, Name, Protocol, Source Port,Destination Port as shown in figure

7/27/2019 ACN 2013-2014 (3)

58/61

Outbound Processing

7/27/2019 ACN 2013-2014 (3)

59/61

Outbound Processing Contd.

Outbound

When a packet is to be sent, the outbound SPD is consulted. The input to theOutbound SPD is the sixtuple index, the output is one the three cases

Drop : This means that the packet defined by the index cannot be sent; it isdropped.

Bypass : This means that there is no policy for the packet with this policy index;the packet is sent, bypassing the security header application.

Apply : In this case, the security header is applied. Two situation may occur.

7/27/2019 ACN 2013-2014 (3)

60/61

Outbound Processing Contd.

a). If an outbound AS is already established, the triple SA index is returned that selects the corresponding SA from the outbound SAD. The AH or ESP header is formed; encryption, authentication or both are applied

based on the SA selected. The packet is transmitted.

b) If an outbound AS is not established yet, the Internet Key Exchange (IKE) protocol is called to create an outbound and inbound SA for this traffic.The outbound SA is added to the outbound SAD by the source; theinbound SA is added to the inbound SAD by the destination.

7/27/2019 ACN 2013-2014 (3)

61/61

Inbound Processing

When a packet arrives, the inbound SPD is consulted. Each entry in

the inbound SPD is also accessed using the same sixtuple index.

ACN 2013-2014 (3)

Documents

Transcript of ACN 2013-2014 (3)