Professional Documents
Culture Documents
Introduction
This presentation examines the IPsec framework and its three main components:
Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE).
IPsec adds integrity checking, authentication, encryption and replay protection to IP packets. It is used for end-to-end security and also for creating secure tunnels between gateways. IPsec was designed for interoperability. When correctly implemented, it does not affect networks and hosts that do not support it. IPsec is independent of the current cryptographic algorithms; it can accommodate new ones as they become available.
Introduction
It works both with IPv4 and IPv6. In fact, IPsec is a mandatory component of IPv6. IPsec uses state-of-the-art cryptographic algorithms. The specific implementation of an algorithm for use by an IPsec protocol is often called a transform. For example, the DES algorithm used by ESP is called the ESP DES-CBC transform. The transforms, like the protocols, are published in the RFCs. Two major IPsec concepts should be clarified: Security Associations and tunneling.
An SA can be in either of two modes, transport or tunnel, depending on the mode of the protocol in that SA. SAs are simplex, hence, for bidirectional communication between two IPsec systems, there must be two SAs defined, one in each direction. A single SA gives security services to the traffic carried by it either by using AH or ESP, but not both. In other words, for a connection that should be protected by both AH and ESP, two SAs must be defined for each direction. In this case, the set of SAs that define the connection is referred to as an SA bundle. The SAs in the bundle do not have to terminate at the same endpoint. For example, a mobile host could use an AH SA between itself and a firewall and a nested ESP SA that extends to a host behind the firewall.
Tunneling
Tunneling or encapsulation is a common technique in packet-switched networks. It consists of wrapping a packet in a new one. That is, a new header is attached to the original packet. The entire original packet becomes the payload of the new one.
Tunneling
In general, tunneling is used to carry traffic of one protocol over a network that does not support that protocol directly. For example, NetBIOS or IPX can be encapsulated in IP to carry it over a TCP/IP WAN link. In the case of IPsec, IP is tunneled through IP for a slightly different purpose: To provide total protection, including the header of the encapsulated packet. If the encapsulated packet is encrypted, an intruder cannot figure out, for example, the destination address of that packet. (Without tunneling, he or she could.) The internal structure of a private network can be concealed in this way. Tunneling requires intermediate processing of the original packet while en-route. The destination specified in the outer header, usually an IPsec firewall or router, receives the tunneled packet, extracts the original packet, and sends it to the ultimate destination. The processing overhead is compensated by the extra security.
Tunneling
A notable advantage of IP tunneling is the possibility to exchange packets with private IP addresses between two intranets over the public Internet, which requires globally unique addresses. Since the encapsulated header is not processed by the Internet routers, only the endpoints of the tunnel (the gateways) need to have globally assigned addresses; the hosts in the intranets behind them can be assigned private addresses (for example, 10.x.x.x). As globally unique IP addresses are becoming a scarce resource, this interconnection method gains importance.
The payload of the IP packet is considered immutable and is always protected by AH. AH is identified by protocol number 51, assigned by the IANA. AH processing is applied only to non-fragmented IP packets. However, an IP packet with AH applied can be fragmented by intermediate routers. In this case, the destination first reassembles the packet and then applies AH processing to it. If an IP packet that appears to be a fragment (offset field is nonzero, or the More Fragments bit is set) is input to AH processing, it is discarded. This prevents the so-called overlapping fragment attack, which misuses the fragment reassembly algorithm in order to create forged packets and force them through a firewall. Packets that fail authentication are discarded and never delivered to upper layers. This mode of operation greatly reduces the chances of successful denial of service attacks, which aim to block the communication of a host or gateway by flooding it with bogus packets.
AH Header format
AH Header format
The fields are as follows:
Next header The next header t is an 8-bit field that identifies the type of what follows. The value of this field is chosen from the set of IP protocol numbers defined in the most recent Assigned Numbers RFC from the IANA. In other words, the IP header protocol field is set to 51, and the value which would have gone in the protocol field goes in the AH next header field. Payload length This field is 8 bits long and contains the length of the AH header expressed in 32-bit words, minus 2. It does not relate to the actual payload length of the IP packet as a whole. If default options are used, the value is 4 (three 32-bit fixed words plus three 32-bit words of authentication data minus two). Reserved This field is reserved for future use. Its length is 16 bits and it is set to zero.
AH Header format
Security parameter index (SPI) This field is 32 bits in length. See Security parameter index (SPI) This is a 32-bitvalue used to identify different SAs with the same destination address and security protocol. The SPI is carried in the header of the security protocol (AH or ESP). Generally, the SPI is selected by the destination system during SA establishment. Sequence number This 32-bit field is a monotonically increasing counter, which is used for replay protection. Replay protection is optional; however, this field is mandatory. The sender always includes this field and it is at the discretion of the receiver to process it or not. At the establishment of an SA, the sequence number is initialized to zero. The first packet transmitted using the SA has a sequence number of 1. Sequence numbers are not allowed to repeat. Thus the maximum number of IP packets that can be transmitted on any given SA is 232-1. After the highest sequence number is used, a new SA and consequently a new key is established. Anti-replay is enabled at the sender by default. If upon SA establishment the receiver chooses not to use it, the sender need not be concerned with the value in this field anymore. Typically, the anti-replay mechanism is not used with manual key management.
AH Header format
Authentication data This is a variable-length field containing the Integrity Check Value (ICV), and is padded to 32 bits for IPv4 or 64 bits for IPv6. The ICV for each packet is calculated with the algorithm selected at SA initialization. As its name implies, it is used by the receiver to verify the integrity of the incoming packet. In theory, any MAC algorithm can be used to calculate the ICV. The specification requires that HMACMD5-96 and HMAC-SHA-1-96 must be supported. The old RFC 1826 requires Keyed MD5. In practice, Keyed SHA-1 is also used. Implementations usually support two to four algorithms. When doing the ICV calculation, the mutable fields are considered to be filled with zero.
AH in Transport Mode
AH in Tunnel Mode
AH in Tunnel Modes
This mode is allowed when the gateway acts as a host, that is, in cases when traffic is destined to the gateway itself. For example, SNMP commands could be sent to the gateway using transport mode. In tunnel mode the outer headers' IP addresses do not need to be the same as the inner headers addresses. For example, two security gateways can operate an AH tunnel which is used to authenticate all traffic between the networks they connect together. This is a very typical mode of operation. The advantages of tunnel mode include total protection of the encapsulated IP datagram and the possibility of using private addresses. However, there is extra processing overhead associated with this mode.
HVALA NA PANJI