Professional Documents
Culture Documents
Overview
MotivationforIPSecurity
Providesecurityatthenetworklayerincluding
HelpsinestablishmentofVirtualPrivate Networks(VPNs)
IPSecurityArchitecture
ComponentsofIPSEC
TransportandTunnelMode
IPSECArch:Scenario1
Secureconnection (tunnelmodeonly) H1 R1 R2 H2
IPSECArch:Scenario2
SecureConnection (tunnelmodeonly) H1 R1 R2 H2
TransportMode
IPheader
IPSecHdr
restofthedatagram
TransportMode
TunnelMode
IPheader
IPsecHdr
IPHdr
restofthedatagram
SecurityPolicyDatabase
Definesthesecuritypoliciesoftheenterprise Exampleentries:
Dest B B B Protocol TCP TCP TCP SrcPort * * * DestPort 80 22 80 Policy Pass Apply Apply Sec.Serv. None ESP AH
Source A C *
SecurityAssociationDatabase
ASecurityAssociationisaninstantiationofa securitypolicythatisdynamicallycreatedand deleted. AsinglesecuritypolicycanhavemanySAs sincethepolicycanhaveawildcardforany selectorbutaseparateSAforeachindividual connection AnSAisidentifieduniquelybytheDestination Address,SPIandSecurityProtocol(AHor ESP)
OutboundProcessing
1.Matchthepacket'sselectorfieldsagainstthe outboundpoliciesintheSPDtolocatethefirst appropriatepolicy,whichwillpointtozeroormoreSA bundlesintheSAD. 2.Matchthepacket'sselectorfieldsagainstthoseinthe SAbundlesfoundin(1)tolocatethefirstSAbundle thatmatches.IfnoSAswerefoundornonematch, createanappropriateSAbundleandlinktheSPD entrytotheSADentry.Ifnokeymanagemententityis found,dropthepacket. 3.UsetheSAbundlefound/createdin(2)todothe requiredIPsecprocessing,e.g.,authenticateand encrypt.
InboundProcessing
1.Usethepacket'sdestinationaddress(outerIP header),IPsecprotocol,andSPItolookuptheSAin theSAD.IftheSAlookupfails,dropthepacketand log/reporttheerror. 2.UsetheSAfoundin(1)todotheIPsecprocessing, e.g.,authenticateanddecrypt. 3.FindanincomingpolicyintheSPDthatmatchesthe packet. 4.CheckwhethertherequiredIPsecprocessinghas beenapplied.
AuthenticationHeader
SecurityServicesprovidedare:
AuthenticationHeaderFormat
0 NextHeader 8 PayloadLen 16 Reserved 31
SecurityParameterIndex(SPI) SequenceNumberField
AuthenticationDataorICV(variablelength)
OutboundProcessing:Calculating theICV
TheAHICVisaonewayhashcomputedusing SHA1orMD5over:
Mutable,ImmutableandPredictable Fields
Immutable
Mutablebutpredictable
Mutable(zeroedpriortoICVcalculation)
InboundProcessing
EncapsulatingSecurityPayload
SecurityServicesprovidedare
ESPHeader/TrailerFormat
SecurityParameterIndex(SPI) SequenceNumber PayloadData(variable)
AuthenticationDataorICV(variable)
ESPOutboundProcessing
1.encapsulates(intotheESPPayloadfield):
ESPInboundProcessing
1.decryptstheESPPayloadData,Padding,PadLength, andNextHeaderusingthekey,encryptionalgorithm, algorithmmodeindicatedbytheSA. 2.processesanypaddingasspecifiedintheencryption algorithmspecification. 3.reconstructstheoriginalIPdatagramfrom:
a)fortransportmodeoriginalIPheaderplustheoriginal upperlayerprotocolinformationintheESPPayloadfield b)fortunnelmodetunnelIPheader+theentireIP datagramintheESPPayloadfield.
IPSECSummary
IPSECconsistsof
IPSECSummary
Scalability/PrivacyIssues
InternetKeyExchange(IKE)
IKEisadynamickeyexchangeprotocolthat provides
Hastwophases:
IKEPayloads
IKEAuthenticationPayloads
IKEMainModeAuth.with Signatures
HDR,SAproposal
HDR,SAchosen HDR,KE,Ni
A
HDR,KE,Nr HDR*,IDii,[CERT,]SIG_I
HDR*,IDir,[CERT,]SIG_R
IKEAggressiveModeAuth.with Signatures
HDR,SAproposal,KE,Ni,IDii
HDR,SAchosen,KE,Nr,IDir,[CERT,]SIG_R
HDR,[CERT,]SIG_I
GenerationofKeyingMaterial
GenerationofHashValues
IKEQuickMode
HDR*,HASH(1),SAproposal,Ni, [,KE][,IDci,IDcr]
HDR*,HASH(3)
SA,ProposalandTransform Payloads
NH=SA Reserved Situation NH=Proposal Proposal1 Reserved PROTO_AH SPI NH=Transform Transform1 Reserved AH_SHA PayloadLength Reserved PayloadLength SPIsize=4 #Trans.=1 PayloadLength DomainofInterpretation(DOI)
AttributesinTLVformat(variableinlength)
HashCalculationinQuickMode
ThehashvaluesseeninQuickModeare calculatedasfollows:
HASH(1) = prf(SKEYID_a, M-ID | SA | Ni [ | KE ] | IDci | IDcr ) HASH(2) = prf(SKEYID_a, M-ID | Ni_b | SA | Nr | KE ] [ | IDci | IDcr ) HASH(3) = prf(SKEYID_a, 0 | M-ID | Ni_b | Nr_b) [ [
KeyingmaterialforIPSECSAisgeneratedas follows:
KEYMAT = prf(SKEYID_d, protocol | SPI | Ni_b | Nr_b)
PerfectForwardSecrecy
PerfectForwardSecrecy(PFS)isdefinedas follows:
Compromiseofasinglekeyallowsaccesstoonly dataprotectedbyasinglekey.
IKEPFS
IKEachieves
IKESummary
References
RFC2401:SecurityArchitecturefortheInternetProtocolby StephenKent,BBNCorporationandRonAtkinson,@Home Network,Nov.1998. RFC2402:IPAuthenticationHeader(AH)byStephenKent, BBNCorporationandRonAtkinson,@HomeNetwork,Nov. 1998. RFC2406:IPEncapsulatingSecurityPayload(ESP)by StephenKent,BBNCorporationandRonAtkinson,@Home Network,Nov.1998. RFC2409:InternetKeyExchange(IKE)byDanielHarkinsand DaveCarrel,CiscoSystemsInc.,Nov.1998. NetworkSecurity:PrivateCommunicationinaPUBLIC WorldbyCharlieKaufman,RadiaPerlmanandMikeSpeciner, PearsonEducation,2002.