05- Network Layer Security (NLS).pdf

Full Transcript

CSec15321
Network Security and Protocols

Network Layer Security
(NLS)

Dr. Qasem Abu Al-Haija,
Department of Cybersecurity, PSUT
© 2017 Pearson Education, Ltd., All rights reserved.
Overview of IPsec
 Introduction
The IPv4 protocol and the whole Internet started when Internet users
trusted each other.
No security was provided for the IPv4 protocol.

Today, however, the situation is different.
The Internet is not secure anymore.

Three security issues are particularly applicable to IP protocol:
1. Packet Sniffing (require encryption mechanisms).
2. Packet Modification (require data integrity mechanisms).
3. IP Spoofing (require origin authentication mechanisms).
 Introduction
Several applications have specific security mechanisms, such as:
― Electronic mail (S/MIME, PGP),
― Client/server (Kerberos),
― Web access (Secure Sockets Layer)
However, users have security concerns that cut across protocol layers.
Implementing security at the IP level can ensure secure networking for
all applications (security-specific and security-ignorant applications).
― This is normally
known as IPsec.

© 2017 Pearson Education, Ltd., All rights reserved.
 Introduction
IP-level security encompasses three functional areas:

― Authentication: Assures (1) the received packet was, in fact,
transmitted by the party identified as the source in the packet header,
(2) the packet has not been altered in transit.

― Confidentiality: enables communicating nodes to encrypt messages to
prevent eavesdropping by third parties.

― Key Management: concerned with the secure exchange of keys.

© 2017 Pearson Education, Ltd., All rights reserved.
 IP Security Overview

RFC 1636
“Security in the Internet Architecture”
Issued in 1994 by the Internet Architecture Board (IAB)
Identifies key areas for security mechanisms
Need to secure the network infrastructure from unauthorized monitoring
and control of network traffic
Need to secure end-user-to-end-user traffic using authentication and
encryption mechanisms
IAB included authentication and encryption as necessary security
features in the next-generation IP (IPv6)
The IPsec specification now exists as a set of Internet standards

© 2017 Pearson Education, Ltd., All rights reserved.
 Applications of IPsec
IPsec provides the capability to secure communications across a LAN, private and
public WANs, and the Internet

Secure branch office connectivity
over the Internet
Secure remote access over the
Examples Internet
include: Establishing extranet and intranet
connectivity with partners
Enhancing electronic commerce
security

Principal feature of IPsec is that it can encrypt and/or authenticate all traffic at the IP level
Thus, all distributed applications (remote login, client/server, e-mail, file transfer, Web access)
can be secured

© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Benefits of IPSec
Some of the benefits of IPsec:
When IPsec is implemented in a firewall or router, it provides strong security that can be
applied to all traffic crossing the perimeter
Traffic within a company or workgroup does not incur the overhead of security-related
processing
IPsec in a firewall is resistant to bypass if all traffic from the outside must use IP and the
firewall is the only means of entrance from the Internet into the organization
IPsec is below the transport layer (TCP, UDP) and so is transparent to applications
There is no need to change software on a user or server system when IPsec is implemented in
the firewall or router
IPsec can be transparent to end users
There is no need to train users on security mechanisms, issue keying material on a per-user
basis, or revoke keying material when users leave the organization
IPsec can provide security for individual users if needed
This is useful for offsite workers and for setting up a secure virtual subnetwork
within an organization for sensitive applications
© 2017 Pearson Education, Ltd., All rights reserved.
 Routing
Applications
IPsec can play a vital role in the routing architecture
required for internetworking

IPsec can assure that:
A router seeking to
establish or A redirect message
A router
maintain a neighbor comes from the
advertisement A routing update is
relationship with a router to which the
comes from an not forged
router in another initial IP packet was
authorized router
routing domain is sent
an authorized router

© 2017 Pearson Education, Ltd., All rights reserved.
 Encapsulating Security Internet Key Exchange (IKE)
Payload (ESP)
A collection of documents
Consists of an encapsulating describing the key
header and trailer used to management schemes for use
provide encryption or with IPsec
combined
encryption/authentication The main specification is RFC
7296, Internet Key Exchange
The current specification is (IKEv2) Protocol, but there are a
RFC 4303, IP Encapsulating number of related RFCs
Security Payload (ESP)

Authentication Header Cryptographic algorithms
(AH) This category encompasses
An extension header to a large set of documents
provide message that define and describe
authentication cryptographic algorithms
The current specification is for encryption, message
RFC 4302, IP authentication,
Authentication Header pseudorandom functions
(PRFs), and cryptographic
key exchange
Architecture IPsec
Covers the general concepts,
security requirements,
Documents Other
definitions, and mechanisms There are a variety of
defining IPsec technology other IPsec-related
The current specification is RFCs, including those
RFC4301, Security dealing with security
Architecture for the Internet policy and management
Protocol information base (MIB)
content
© 2017 Pearson Education, Ltd., All rights reserved.
 IPsec Services
IPsec provides security services at the IP layer by enabling a system to:
Select required security protocols
Determine the algorithm(s) to use for the service(s)
Put in place any cryptographic keys required to provide the requested services

RFC 4301 lists the following services:
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets (a form of partial sequence integrity)
Confidentiality (encryption)
Limited traffic flow confidentiality

RFC 4301 Security Architecture for the Internet Protocol
IPsec Modes of
Operation
 Transport and
Tunnel Modes
Transport Mode

Provides protection primarily for
upper-layer protocols Tunnel Mode
Examples include a TCP or UDP
segment or an ICMP packet Provides protection to the entire IP
packet
Typically used for end-to-end
Used when one or both ends of a security
communication between two hosts association (SA) are a security gateway
ESP in transport mode encrypts and A number of hosts on networks behind
optionally authenticates the IP firewalls may engage in secure
payload but not the IP header communications without implementing
AH in transport mode authenticates IPsec
the IP payload and selected portions ESP in tunnel mode encrypts and
of the IP header optionally authenticates the entire inner
IP packet, including the inner IP header
AH in tunnel mode authenticates the
entire inner IP packet and selected
portions of the outer IP header
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 9.1
Tunnel Mode and Transport Mode
Functionality

© 2017 Pearson Education, Ltd., All rights reserved.
 Transport Mode

In transport mode, IPSec protects what is delivered from
the transport layer to the network layer.

Note

IPSec in transport mode does not protect
the IP header;
it only protects the information
coming from the transport layer.

18.17
 Transport Mode

IPSec in transport mode

18.18
Transport Mode

Transport mode in action

18.19
 Tunnel Mode

In tunnel mode, IPSec protects the entire IP packet. It
takes an IP packet, including the header, applies IPSec
security methods to the entire packet, and then adds a
new IP header.

Note

IPSec in tunnel mode protects the original IP
header.

18.20
 Tunnel Mode

IPSec in tunnel mode

18.21
 Tunnel Mode

Tunnel mode in action

18.22
 Transport mode versus tunnel mode

18.23
IPsec Security
Protocols
IPsec defines TWO SECURITY PROTOCOLs

Authentication Header (AH) Protocol
o Provides authentication only for packets at IP level.

Encapsulating Security Payload (ESP) Protocol
o Provides authentication and/or encryption for packets at IP level.

IPSec supports both IPv4 and IPv6.
o In IPv6, however, AH and ESP are part of the extension header.

The ESP designed after AH protocol was already in use.
o ESP does whatever AH does with additional functionality (privacy).
AH Protocol
AH protocol provides source authentication and
data integrity, but not privacy.
ESP Protocol
ESP provides source authentication, data integrity,
and privacy.

18.27
 Services Provided by IPSec

18.28
 More about:

Encapsulating Security
Payload (ESP)

© 2017 Pearson Education, Ltd., All rights reserved.
 Encapsulating
Security Payload (ESP)
Used to encrypt the Payload Data, Padding, Pad Length, and Next Header fields
If the algorithm requires cryptographic synchronization data, then these data may be
carried explicitly at the beginning of the Payload Data field

An optional ICV field is present only if the integrity service is selected and is
provided by either a separate integrity algorithm or a combined mode algorithm
that uses an ICV
ICV is computed after the encryption is performed
This order of processing facilitates reducing the impact of DoS attacks
Because the ICV is not protected by encryption, a keyed integrity algorithm must be
employed to compute the ICV

The Padding field serves several purposes:
If an encryption algorithm requires the plaintext to be a multiple of some number of
bytes, the Padding field is used to expand the plaintext to the required length
Used to assure alignment of Pad Length and Next Header fields
Additional padding may be added to provide partial traffic-flow confidentiality by
concealing the actual length of the payload

© 2017 Pearson Education, Ltd., All rights reserved.
 Anti-Reply Mechanism

© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 IPsec
Architecture
© 2017 Pearson Education, Ltd.,
All rights reserved.
 Security Association (SA)
IPSec requires a logical Uniquely identified by three parameters:
relationship, called a Security
Association (SA), between two
hosts
Security Parameters
A one-way logical connection Index (SPI)
between a sender and a receiver A 32-bit unsigned integer
assigned to this SA and
that affords security services to having local significance only
the traffic carried on it

In any IP packet, the SA is
uniquely identified by the IP Destination
Destination Address in the IPv4 Security protocol Address
identifier
or IPv6 header and the SPI in Indicates whether the
Address of the
destination endpoint of
the enclosed extension header association is an AH or the SA, which may be
ESP security an end-user system or a
(AH or ESP) association network system such as
a firewall or router

© 2017 Pearson Education, Ltd., All rights reserved.
 Idea of Security Association

Simple SA

18.39
 Security Association
Database (SAD)
Defines the parameters associated with each SA

Normally defined by the following parameters in a SAD entry:
Security parameter index
Sequence number counter
Sequence counter overflow
Anti-replay window
AH information
ESP information
Lifetime of this security association
IPsec protocol mode
Path MTU
© 2017 Pearson Education, Ltd., All rights reserved.
Security Association Database (SAD)

18.41
 Typical SA Parameters

Parameters Description

18.42
 Security Policy
Database (SPD)
SPD defines the type of security applied to a packet when it is to
be sent or when it has arrived
The means by which IP traffic is related to specific SAs
Contains entries, each of which defines a subset of IP traffic and
points to an SA for that traffic

In more complex environments, there may be multiple entries that
potentially relate to a single SA or multiple SAs associated with a
single SPD entry
Each SPD entry is defined by a set of IP and upper-layer protocol
field values called selectors
These are used to filter outgoing traffic in order to map it into a
particular SA

© 2017 Pearson Education, Ltd., All rights reserved.
 SPD Entries
The following selectors determine an SPD entry:

Remote IP Local IP Next layer Local and
Name
address address protocol remote ports
This may be a This may be a
single IP single IP
address, an address, an A user
enumerated list enumerated list identifier from
or range of or range of the operating
addresses, or a addresses, or a system
wildcard (mask) wildcard (mask) The IP protocol These may be
address address header includes individual TCP
a field that or UDP port
designates the values, an
protocol Not a field in the enumerated list
The latter two
The latter two operating over IP or upper-layer of ports, or a
are required to
are required to IP headers but is wildcard port
support more
support more available if IPsec
than one
than one source is running on the
destination
system sharing same operating
system sharing
the same SA system as the
the same SA
user

© 2017 Pearson Education, Ltd., All rights reserved.
Connection identifiers
 Table 9.2
Host SPD Example

© 2017 Pearson Education, Ltd., All rights reserved.
 Outbound
processing

© 2017 Pearson Education, Ltd., All rights reserved.
Outbound processing
 Inbound
processing

© 2017 Pearson Education, Ltd., All rights reserved.
 Inbound processing

18.50
Combining Security
Associations
 Combining Security
Associations
An individual SA can implement either the AH or ESP protocol but not both

Security association bundle
Refers to a sequence of SAs through which traffic must be processed to provide
a desired set of IPsec services
The SAs in a bundle may terminate at different endpoints or at the same
endpoint

May be combined into bundles in two ways:

Transport Refers to applying more than one security protocol to
the same IP packet without invoking tunneling
adjacency This approach allows for only one level of combination

Iterated Refers to the application of multiple layers of security
protocols effected through IP tunneling
tunneling This approach allows for multiple levels of nesting

© 2017 Pearson Education, Ltd., All rights reserved.
 ESP with Authentication
Option
In this approach, the first user applies ESP to the data to be
protected and then appends the authentication data field

Transport mode ESP
Authentication and encryption apply to the IP payload delivered to
the host, but the IP header is not protected

Tunnel mode ESP
Authentication applies to the entire IP packet delivered to the outer
IP destination address and authentication is performed at that
destination
The entire inner IP packet is protected by the privacy mechanism
for delivery to the inner IP destination

For both cases authentication applies to the ciphertext
rather than the plaintext
© 2017 Pearson Education, Ltd., All rights reserved.
 Transport Adjacency

Another way to apply authentication after encryption
is to use two bundled transport SAs, with the inner
being an ESP SA and the outer being an AH SA
In this case ESP is used without its authentication option
Encryption is applied to the IP payload
AH is then applied in transport mode
Advantage of this approach is that the authentication
covers more fields
Disadvantage is the overhead of two SAs versus one SA

© 2017 Pearson Education, Ltd., All rights reserved.
Transport-Tunnel Bundle
The use of authentication One approach is to use a
prior to encryption might be bundle consisting of an
preferable for several inner AH transport SA and
reasons: an outer ESP tunnel SA
It is impossible for anyone to Authentication is applied to
intercept the message and the IP payload plus the IP
alter the authentication data header
without detection The resulting IP packet is
It may be desirable to store then processed in tunnel
the authentication mode by ESP
information with the The result is that the
message at the destination entire authenticated inner
for later reference packet is encrypted and a
new outer IP header is
added

© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Internet Key Exchange
(IKE)
 Internet Key Exchange
The key management
portion of IPsec involves the The IPsec Architecture document mandates
support for two types of key management:
determination and
distribution of secret keys A system administrator
A typical requirement is four manually configures each
system with its own keys and
keys for communication with the keys of other
communicating systems
between two applications This is practical for small,
relatively static environments
Transmit and receive pairs
for both integrity and
confidentiality Manual Automated
Enables the on-demand
creation of keys for SAs and
facilitates the use of keys in a
large distributed system with
an evolving configuration

© 2017 Pearson Education, Ltd., All rights reserved.
 ISAKMP/Oakley
The default automated key management protocol of IPsec
Consists of:
Oakley Key Determination Protocol
A key exchange protocol based on the Diffie-Hellman algorithm but
providing added security
Generic in that it does not dictate specific formats
Internet Security Association and Key Management Protocol (ISAKMP)
Provides a framework for Internet key management and provides the
specific protocol support, including formats, for negotiation of security
attributes
Consists of a set of message types that enable the use of a variety of key
exchange algorithms

© 2017 Pearson Education, Ltd., All rights reserved.
 Features of IKE Key
Determination
Algorithm is characterized by five important features:

It employs a mechanism known as cookies to thwart clogging attacks
1.

It enables the two parties to negotiate a group; this, in essence,
2. specifies the global parameters of the Diffie-Hellman key exchange

It uses nonces to ensure against replay attacks
3.

It enables the exchange of Diffie-Hellman public key values
4.

It authenticates the Diffie-Hellman exchange to thwart man-in-the-
5. middle-attacks
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All
rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 9.3
IKE Payload Types

© 2017 Pearson Education, Ltd., All rights reserved.
 (Table 9.4 can be
found on page
318 in the
textbook)

© 2017 Pearson Education, Ltd., All rights reserved.
 Summary
IP security overview Encapsulating security payload
Applications of IPsec ESP format
Benefits of IPsec Encryption and authentication
Routing applications algorithms
IPsec documents Padding
IPsec services Anti-replay service
Transport and tunnel modes Transport and tunnel modes

IP security policy Combining security
associations
Security associations
Authentication plus
Security association database confidentiality
Security policy database Basic combinations of security
IP traffic processing associations

Cryptographic suites Internet key exchange
Key determination protocol
Header and payload formats
© 2017 Pearson Education, Ltd., All rights reserved.