IPsec Protocols and Security Mechanisms

Questions and Answers

What was the primary goal of the 'Security in the Internet Architecture' document (RFC 1636)?

• To establish new internet protocols for IPv6 only.
• To solely encrypt all internet traffic.
• To secure network infrastructure and end-user traffic through authentication and encryption. (correct)
• To provide a new standard for key exchange.

Which RFC defines the general concepts, security requirements, definitions, and mechanisms of IPsec technology?

• RFC 1636
• RFC 4301 (correct)
• RFC 4302
• RFC 7296

What is the main function of the Authentication Header (AH) extension in IPsec?

• To manage cryptographic keys.
• To offer message authentication. (correct)
• To provide encryption for network traffic.
• To define policy management.

Why is the use of the Authentication Header (AH) considered deprecated in new applications?

Its functionality is replaced by Encapsulating Security Payload (ESP). (A)

What is the role of the Encapsulating Security Payload (ESP) in IPsec?

To provide encryption or message authentication. (D)

Which RFC is considered the main document for Internet Key Exchange (IKE)?

RFC 7296 (B)

What does the IPsec specification consist of?

A set of Internet standards. (B)

In addition to encryption and message authentication, what other aspects of IPsec are described in related RFCs?

Security policy and Management Information Base content. (A)

Which of the following best describes the primary function of IPsec?

To provide security services at the IP layer (C)

What is a Security Association (SA) in the context of IPsec?

A one-way logical connection between sender and receiver providing security services (C)

Which of these is NOT a typical application of IPsec?

Securing DNS (Domain Name System) queries (D)

What is the purpose of the Security Parameter Index (SPI) in an IPsec packet?

To enable the receiving system to select the appropriate Security Association (A)

Which of the following is NOT a service provided by IPsec as per RFC 4301?

Detailed traffic flow analysis (B)

In establishing an IPsec connection, what must be determined by the system?

The specific security protocols needed and algorithm (D)

How does IPsec enhance security for electronic commerce?

By encrypting all application layer traffic regardless (A)

What kind of logical connection is created by a Security Association?

A one-way connection between sender and receiver (C)

Which of the following security associations is NOT a possible combination between IPsec end systems for transport mode?

AH followed by ESP (B)

When combining security associations in tunnel mode, what is a valid encapsulation method?

Any of the above (D)

Which scenario is NOT explicitly mentioned as a use case for combined security associations?

Security between a client and a remote server behind a NAT (C)

In manual key management, how are keys typically configured?

Manually configured by a system administrator (D)

What is a primary requirement for secure communication between two applications concerning key management?

Both integrity and confidentiality (C)

What is a key advantage of using automated key management over manual key management?

Supports on-demand creation of keys for SAs (A)

What is a known disadvantage of the basic Diffie-Hellman key exchange protocol?

It doesn't provide any information about identities of parties (A)

Which characteristic is NOT a positive attribute of the refined Diffie-Hellman key exchange protocol?

Provides identity verification of parties involved (C)

What happens when the limit of $2^{32}-1$ is reached for the sequence number?

The sender terminates the Security Association (SA) and negotiates a new key. (A)

What does the right edge of the window represent in the sequence number processing?

The highest sequence number for any packet received. (D)

Which condition leads to the received packet being processed as new and within the window?

The packet's sequence number falls within the range $(N-W+1, N)$. (C)

What action does the receiver take when a packet is received that is new and to the right of the window?

The MAC is checked and the window is advanced. (D)

In the ESP Transport Mode, what is the role of the destination node?

To decrypt the IP header and verify the packet's authenticity. (D)

What does the sequence number field in the Encapsulation Security Payload (ESP) primarily prevent?

Duplicate packet processing (D)

What is the primary purpose of the ESP trailer in a packet?

To signal the end of the encrypted data. (C)

Which of the following is NOT a component associated with the IPsec policy?

Encryption algorithm (B)

How does the intermediate router handle the ESP traffic in terms of encryption?

It does not need to decrypt the packet to route it. (D)

What is the purpose of padding in the ESP packet format?

To achieve specific block lengths and conceal packet length (A)

What happens to packets with a sequence number that falls to the left of the current window?

They are rejected and discarded. (A)

In a scenario where multiple destination systems share the same Security Association (SA), which identifier is used?

User identifier from the operating system (A)

Which type of address can be specified as a Local IP Address in the IPsec policy?

A wildcard mask address or an enumerated list (D)

What does the Integrity Check Value (ICV) represent in the ESP packet format?

Data used for verifying packet authenticity (B)

What type of packet processing applies to inbound traffic in an IPsec policy?

Filtering and forwarding based on security policies (A)

What initializes the sequence number counter when a new Security Association (SA) is established?

It starts at 0 (C)

What is the purpose of the Security Protocol Identifier field in the IP header?

To indicate whether the association is an AH or ESP security association (C)

Which of the following is NOT a parameter defined in the Security Association Database (SAD)?

IP destination address (B)

What is the primary function of the Security Policy Database (SPD)?

To map IP traffic to specific security associations (A)

Which of the following is a valid selector used to determine an SPD entry?

Next Layer Protocol (A)

What is the role of the 'Remote IP Address' selector in an SPD entry?

To define the IP address range that should be subject to specific security policies (D)

How can multiple SPD entries relate to a single SA in a complex environment?

By using different selectors to match specific network traffic patterns (A)

What is the purpose of the 'Path MTU' parameter in an SA?

To ensure that the packet size does not exceed the maximum allowed on the network path (D)

How does the 'Sequence Number Counter' parameter help in ensuring security?

By preventing replay attacks by tracking the sequence of packets (A)

Flashcards

IP Security (IPsec)

A set of protocols for securing Internet Protocol (IP) communications through authentication and encryption.

RFC 1636

A document that outlined goals for securing network infrastructure and end-user traffic, issued by the Internet Architecture Board in 1994.

Encapsulating Security Payload (ESP)

A part of IPsec providing encryption and optional authentication for IP packets.

Authentication Header (AH)

An extension header in IPsec used for message authentication; usage is deprecated for new applications.

Security Policy

Guidelines describing how security measures will be implemented and maintained in a network.

Internet Key Exchange (IKE)

A protocol that facilitates secure key management for establishing security associations in IPsec.

Combining Security Associations

Methods of combining different security associations to achieve comprehensive security goals in IPsec.

IPv4 and IPv6

The two versions of Internet Protocol used for addressing and routing packets of data.

AH Header

Authentication Header used for IPsec to provide integrity.

ESP Header

Encapsulating Security Payload provides confidentiality and integrity.

Local IP Address

A single or range of IP addresses for devices on a local network.

Remote IP Address

The IP address of a destination system outside the local network.

Local and Remote Ports

Specific TCP or UDP port values used in communication.

Sequence Number

A field in the IP packet to prevent replay attacks by tracking packet order.

Initialization Vector (IV)

An optional value used to ensure unique encryption for each packet.

Integrity Check Value

A variable field in the ESP to verify the integrity of the payload data.

IP Destination Address

Address of the destination endpoint for IP packets.

Security Protocol Identifier

Indicates whether the security association uses AH or ESP protocol.

Security Association (SA)

Defines the parameters for secure communication between endpoints.

Security Parameter Index

Identifies the security association for incoming and outgoing traffic.

Sequence Number Counter

Keeps track of the order of packets to prevent replay attacks.

Anti-replay Window

A method to protect against replay attacks by tracking which packets have been seen.

Selectors in SPD

Criteria used to define which traffic applies to a specific Security Association.

Next Layer Protocol

Indicates the protocol operating over IP, such as IPv4 or IPv6.

IPsec

A suite of protocols designed to secure Internet Protocol (IP) communications through encryption and authentication at the IP level.

Applications of IPsec

IPsec can be used for secure branch office connectivity, remote access, and enhancing electronic commerce security over networks.

Security Parameter Index (SPI)

A unique 32-bit integer assigned to a Security Association used to identify the SA in IPsec headers.

RFC 4301 Services

Standardized services provided by IPsec including access control, integrity, authentication, and confidentiality.

Confidentiality in IPsec

The service that ensures data is encrypted and keeps it private from unauthorized access.

Traffic Flow Confidentiality

A service providing limited confidentiality to obscure the flow of traffic between parties.

IPsec Policy

A set of rules defining how IPsec services are applied and managed within a network.

SA termination

Ending a Security Association when the sequence number limit is reached.

Receiver Window Size (W)

Size of the window for allowable sequence numbers, default is 64.

Valid Packet Condition

Criteria for processing packets based on their sequence number.

Window Advancement

Shifting the receiver's window to include a new highest sequence number.

MAC Check

Verifying the integrity and authenticity of packets using Message Authentication Code.

Transport Mode

A mode in IPsec where the payload and ESP header are encrypted but not the entire IP header.

ESP Header Purpose

Indicates the Security Parameters Index for packet decryption and authentication.

AH in transport mode

Uses Authentication Header to provide authentication for data in transit without encrypting it.

ESP in transport mode

Encapsulating Security Payload provides encryption and optional authentication for data in transit.

ESP followed by AH

Combines encryption from ESP and authentication from AH to secure data via two layers.

Key Management Types

Methods for determining and distributing secret keys: manual and automated.

Manual Key Management

System administrator manually configures keys for communication between systems.

Automated Key Management

Automatically generates keys for Security Associations, ideal for dynamic systems.

Key Determination Protocol

Refines Diffie-Hellman key exchange to generate secret keys without prior infrastructure.

Study Notes

Network Security: IP Security

• The presentation covers IP security, specifically IPsec, at the University of Bern.
• The course instructor is Prof. Dr. Torsten Braun from the Institute for Informatics.
• The presentation dates are November 4th-11th, 2024.

IPsec Overview

• Architecture (RFC 1636): Issued in 1994 by the Internet Architecture Board, this aims to secure network infrastructure from unauthorized monitoring, control of network traffic, and end-user-to-end-user traffic using authentication and encryption.
• Goals: Securing network infrastructure, unauthorized monitoring and control, end-user-to-end-user traffic using authentication and encryption.
• Design: IPv6 and IPv4 support. IPsec specification now part of Internet standards.
• Document detail: Includes general concepts, security requirements, definitions, and mechanisms defining IPsec technology. Provides message authentication (RFC 4302). Encapsulating Security Payload (ESP) is the preferred method in modern uses, deprecating Authentication Header (AH).

IPsec Applications

• IPsec supports communications over LANs, public WANs, and the internet and it encrypts or authenticates all traffic at the IP layer.
• Example uses: Secure branch office connectivity, virtual private networks (VPNs), secure remote access to ISPs/companies, and establishing extranets/intranets.

IPsec Applications (in IP-related protocols)

• Mobile IP, routing protocols, address resolution, and ICMP.

IPsec Services (RFC 4301)

• Select required security protocols, determine algorithms for services, put cryptographic keys in place to provide requested services.
• RFC 4301 services: Access control, connectionless integrity, data origin authentication, replayed packet rejection, confidentiality(encryption), and limited traffic flow confidentiality.

IPsec Policy (Architecture)

• Uses IKEv2 for key exchange
• Includes Security Policy Database (SPD), Security Association Database (SAD).
• IPsecv3 and IPsec SA Pair, and ESP.

Security Association (SA)

• Parameters:
• Security Parameter Index (SPI), Sequence number counter, Sequence counter overflow, Anti-replay window, AH information, ESP information, SA Lifetime, IPsec protocol mode, Path MTU.
• Destination Address: The address of the SA's destination endpoint.
• Security Protocol Identifier: Identifies whether association is AH or ESP for security association.

Security Policy Database (SPD)

• SPD links IP traffic to specific security associations, using selections of IP and upper layer protocol field values.
• Used to filter outgoing traffic to map traffic to a particular SA for processing.
• In complex environments, multiple SPDs may relate to one SA.

Selectors Determining SPD Entry (various)

• Remote IP Address (single, list, range, wildcard).
• Local IP Address (single, list, range, wildcard).
• Port.
• Next Layer Protocol (e.g. IPv4/IPv6, TCP/UDP).

IPsec Output Processing

• The flow describes how IP packets are determined and processed based on matching the search criteria between the incoming packets and the SPD database.
• Packet matching procedures with possible outcomes: BYPASS, DISCARD, PROTECT.

IPsec Input Processing

• The input processing flow outlines how inbound IP packets are handled, similar to outbound processing.
• Packet matching procedures with possible outcomes: BYPASS, DISCARD, Processing (AH/ESP), Match.

Encapsulation Security Payload (ESP)

• Packet Format: Includes Optional Initialization Vector (IV), padding, SPI, sequence number, payload data, integrity check value, and encryption.

Anti-Replay Attack Service

• By using sequence number, duplicate authenticated IP packets are prevented from harming services.
• If a packet's sequence number falls within the defined window, processing proceeds as follows:
• Check MAC (Message Authentication Code).
• Advance the window, Mark the sequence number is received.
• If packet is left of window or Auth fail, Discard the packet.

Encapsulation Security Payload (ESP)

• Transport Mode: Outer IP header remains unchanged. Encryption occurs between host and the security gateway.
• Tunnel Mode: Inner IP header is encapsulated (changed). Encryption occurs solely between security gateways.

Virtual Private Networks (VPNs)

• Tunnel mode in ESP can be used to create private networks within public networks, traffic can only move from one VPN to another.
• VPNs are used to create Wide Area Networks (WAN) across geo areas which allow site-to-site connections to branch offices and connections for mobile users to company LAN's.

Authentication Header (AH)

• Authentication of all Immutable IP fields between sender and receiver. Uses keyed MD5 to generate 128-bit authentication data.

Authentication Header (AH)

• Transport Mode: Attaches AH to the existing IP packet.
• Tunnel Mode: AH is put in a new IP packet to encapsulate the existing data.
• AH protecting only IP header, ESP for beyond IP header including export issues.

Combining Security Associations

• Transport Adjacency: Applying multiple security associations (SAs) to a single IP packet without tunneling.
• Iterated Tunneling: Using multiple layers of security protocols through IP tunneling. Supports multiple levels of nested security.
• Authentication and Confidentiality (ESP): Applying ESP to data for protection, then authentication data for ciphertext (not plaintext).
• Transport-Tunnel Bundle: Applying authentication before encryption between two hosts, and using a combined inner AH and outer ESP SA.

Internet Key Exchange (IKE)

• Key Management Types:
• Manual (administrator configurations each system with related system keys).
• Automated (System automatically generates keys based on need/request.)
• Key determination protocol: Refinement of Diffie-Hellman key exchange.
• Clogging Attack: Attackers forge source addresses and send public keys to victim to consume its resources.
• IKE Key Determination: Uses cookies to thwart clogging attacks, enables exchange of DH public keys, and authenticates the exchange to prevent man-in-the-middle attacks.
• Cookie Exchange: Each side provides a pseudorandom number in the initial message for authentication
• Cookie Generation Requirements: Cookies are specific to parties, cannot be generated by anyone else, authentication is fast, and is not deducible to secret data.
• IKEv2 Exchanges: This contains the information on exchanges between initiator and responder. Initial exchanges and CREATE_CHILD_SA Exchange and Informational Exchange are listed.

IKE Formats

• SPI definitions (Initiator and Responder)
• Next payload, MjVer, MnVer, Exchangetype, Message ID, Length (in IKE headers).
• Generic payload header (bits, Next payload, Reserved, Payload length).

IKE Payload Types

• Provides a table of Security Association, Key Exchange, Identification, Certificates, Requests, Authentication, Nonce, Notify, Delete, Vendor ID and their relevant Proposals and Parameters.