![Page 1: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/1.jpg)
1
Lecture 13
IPsec
Internet Protocol Security
CIS 4362 - CIS 5357
Network Security
![Page 2: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/2.jpg)
2
What is IPsec?• Protocols and mechanisms to support security at
the network layer (IP layer)– Two main security protocols called Authentication
Header (AH, IP protocol type = 51) and Encapsulating Security Protocol (ESP, IP protocol type = 50)
• Implemented on end hosts and gateways• Separate security associations (SA) are used to
determine processing at each of the two directions (outbound or inbound)
• An SA is uniquely defined by – SPI– Destination IP address– IPSec Protocol (ESP or AH)
![Page 3: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/3.jpg)
3
Logical Format of an IP Packet
Version IHL Service Type Total length
4 bits 4 bits 8 bits 16 bits
Identification Flags Fragment offset
16 bits 3 bits 13 bits
Time to Live Protocol Header Checksum
8 bits 8 bits 16 bits
Source IP Address
32 bits
Destination IP Address
32 bits
IP Options if used plus padding to 4 bytes
Variable length multiples of 4 bytes
Encapsulated Data
Variable length, integral number of bytes
![Page 4: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/4.jpg)
4
IPSec Services:Services That Hosts and Gateways Provide
• Access Control• Data content confidentiality• Connectionless integrity• Data origin authentication• Replay protection• Privacy• Traffic flow masking
![Page 5: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/5.jpg)
5
IPsec Architecture (RFC 2401)
• Security Policies that define which traffic is treated
• Security Associations between network components
• Security Protocols – Authentication Header (AH) – Encapsulating Security Payload (ESP)
• Key Management – Internet Key Exchange (IKE)
• Algorithms for authentication and encryption
![Page 6: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/6.jpg)
6
IPsec Operations
• Transport Mode– Above the IP level– Below the transport level
• Tunnel– IP within IP– Sandwiched between two IP
sessions
![Page 7: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/7.jpg)
7
IPsec OSI Layer
Tunnel ModeTCP
IP
Data Link
Physical
Transport ModeTCP
IPSec
IP
Data Link
Physical
IPSec
![Page 8: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/8.jpg)
8
IPsec Packet Encapsulation
IP Header Rest of Packet
Tunnel ModeTransport Mode
IP Header IPsec Header IP Header Rest of Packet
IP Header Rest of Packet
IP Header IPsec Header Rest of Packet
Original Packet
![Page 9: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/9.jpg)
9
Adding IPSec to IPv4version: 4bits
header length: 4bits (unit = 4-octet)
type of service: 1 octet
packet length: 2 octets
packet identification: 2 octets
flags: 3 bits
fragment offset: 13 bits
hops remaining (TTL): 1 octet
protocol: 1 octet
header checksum: 2 octets
source address: 4 octets
destination address: 4 octets
options: variable
Regular IP protocol values:TCP=6; UDP=17; IP= 4
IPsec protocol values:ESP=50 and AH=51
The communicationprotocols are specifiedin the IPsec header
![Page 10: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/10.jpg)
10
Adding IPsec to IPv6
version| type of service | flow label: 4 octets
payload length: 2 octets
next header: 1 octet (specifies protocol)
TTL: 1 octet
source address: 16 octets
destination address: 16 octets
![Page 11: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/11.jpg)
11
Transport mode
IPheader payload
IPheader IPsec header payload
Transport mode was designed to save bandwidthin end-to-end associations. The payload is typicallyencrypted and authenticated. The IPheader is in theclear, and may or may not be authenticated.
![Page 12: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/12.jpg)
12
Transporting
Alice Bob
IP packet p1
Sender=AliceRecipient=Bob
IP packet p2
(IPsec transport)
Sender=AliceRecipient=Bob
IP packet p1
![Page 13: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/13.jpg)
13
Tunnel Mode
IPheader payload
new IP hdr IPsec hdr IPheader payload
Tunnel mode protects both the payload and IP header of the original packet. If encryption is used between gateways in tunnel mode, then it reduces information for traffic analysis.
![Page 14: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/14.jpg)
14
Tunneling
IP packet p1
Sender=AliceRecipient=Bob
AliceGateway G1
Gateway G2
IP packet p 2
(IPsec tunnel)Sender=G 1
Recipient=G 2
IP packet p1
Bob
![Page 15: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/15.jpg)
15
Security Associations
• An IPsec protected connection is called a security association
• The SPI used in identifying the SA is normally chosen by the receiving system
• Basic Processing– for outbound packets, a packet’s selector is used to
determine the processing to be applied to the packet– More complex than for inbound where the received
SPI, destination address and protocol type uniquely point to an SA
![Page 16: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/16.jpg)
16
SAD and SPD
• The IPsec protocol maintains two databases:– Security association database. Indexed by SPI’s,
contains the information needed to encapsulate packets for one association: cryptographic algorithms, keys, sequence numbers, etc.
– Security policy database: Allows for implementation of packet filtering policies. Defines whether or not to accept non-protected packets, what to require, etc.
![Page 17: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/17.jpg)
17
Security Association Database
• Sequence number• Sequence number overflow• Anti-Replay Window• AH Information
– Algorithms, initialization values, keys, etc.• ESP Information
– Algorithms, initialization values, keys, etc.• SA Lifetime• IPsec Protocol Mode• Path MTU (max packet size)
![Page 18: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/18.jpg)
18
Security Policy Database
• Defines:– Traffic to be protected– How to protect it
• Must be consulted for each packet entering or leaving the IP stack
• Three possible actions– Discard– Bypass IPSEC– Apply IPSEC
![Page 19: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/19.jpg)
19
Some Security Association Selectors
• Destination IP Address• Source IP Address• UserID• Data Sensitivity Level• Transport Layer Protocol number• IPSec Protocol (AH/ESP)
![Page 20: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/20.jpg)
20
Combinations of SAs that must be supported
• Case 1: Host to host
– End to end service
• Case 2: Gateway to Gateway
– Virtual private network
• Case 3: Host to gateway, gateway to gateway, gateway to host
• Case 4. Host to gateway, gateway to host
– Dial-in users
![Page 21: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/21.jpg)
21
Host Router Host
Local Intrane
t
Router
Local Intrane
tThe Internet
Transport or Tunnel
CASE 1
![Page 22: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/22.jpg)
22
Host Gateway Host
Local Intrane
t
Gateway
Local Intrane
tThe Internet
Transport or Tunnel
CASE 2
Tunnel
![Page 23: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/23.jpg)
23
Host Gateway Host
Local Intrane
t
Gateway
Local Intrane
tThe Internet
CASE 3
Tunnel
![Page 24: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/24.jpg)
24
Host Gateway Host
Local Intrane
tThe
Internet
Transport or Tunnel
CASE 4
Tunnel
![Page 25: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/25.jpg)
25
Security Protocols (RFC 2402/6)
• Authentication Header (AH) (RFC 2402)
– Access Control
– Connectionless integrity
– Data origin authentication
– Replay mask
• Encapsulating Security Payload (ESP) (RFC 2406)
– Access Control
– Connectionless integrity
– Data origin authentication
– Replay mask
– Confidentiality
– Traffic flow mask
![Page 26: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/26.jpg)
26
IPSEC Roadmap
ESP
Encryption Algorithm Authentication Algorithm
AH
*DOI
Key Management Policy
*Domain of Interpretation
![Page 27: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/27.jpg)
27
Authentication Header (AH) (RFC 2402)
• The IP AH is used to provide – Connectionless integrity– Data origin authentication– Protection against replays.
• AH provides authentication for as much of the IP header as possible, but cannot all be protected by AH.
• Data privacy is not provided by AH
![Page 28: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/28.jpg)
28
Authentication Header (AH)
next hdr: 1 octet (communication protocol)
payload length: (AH header length): 1 octet
unused: 2 octets
SPI (Security Parameter Index): 4 octets
sequence number: 4 octets
authentication data: variable
The Authentication Header authenticates data -- the protocol field isunencrypted, so it is available for firewall rule-based decisions. AHauthenticates not only the IP payload but all “immutable” IP headercomponents, such as source and destination addresses. This creates incompatibilities with NAT boxes in end-to-end associations.
![Page 29: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/29.jpg)
29
Authentication Header Structure
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Payload Len | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security Parameters Index (SPI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number Field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+-+
| Authentication Data (variable) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
![Page 30: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/30.jpg)
30
IP Packets With AH
Original IP Packet: | IP header | TCP | Data |
AH Tunnel Mode
| new IP header | AH | original IP header | TCP | Data |
AH Transport Mode:
| IP header | AH | TCP | Data |
![Page 31: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/31.jpg)
31
AH Elements• Authentication Data
– Variable-length field– Contains the Integrity Check Value (ICV) for this
packet
• Sequence Number – Unsigned 32-bit field– Monotonically increasing counter (sequence number)– It is mandatory and is always present– Processing of the Sequence Number field is at the
discretion of the receiver
![Page 32: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/32.jpg)
32
Other AH Elements
• Payload Length: Length of AH in 32-bit words - 2
• Reserved: 16-bit field. MUST be set to "zero."
• Security Parameters Index (SPI): 32-bit value that, in combination with the destination IP address and security protocol, uniquely identifies the Security Association for this datagram
![Page 33: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/33.jpg)
33
ESP (Encapsulating Security Payload)
• ESP allows for encryption, as well as authentication.– Both are optional, defined by the SPI and policies.
• ESP does not protect the IP header, only the payload– But, in tunnel mode everything is encapsulated
• If ESP encryption is enabled, then everything after the ESP header is encrypted– Communication protocol, ports (NATs and firewalls need this
information).
![Page 34: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/34.jpg)
34
Encapsulating Security Payload(ESP)
• Services provided include:– Confidentiality– Data origin authentication– Connectionless integrity– Anti-replay service– Limited traffic flow confidentiality
• Security services can be provided between– A pair of communicating hosts– A pair of security gateways– A security gateway and a host
![Page 35: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/35.jpg)
35
ESP encapsulationSPI (Security parameter Index): 4 octets
sequence number: 4 octets
IV (initialization vector): variable
data: variable
padding: variable
padding length: 1 octet (unit length: octets)
next header/protocol type
authentication data
![Page 36: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/36.jpg)
36
ESP Header Elements• Security Parameters Index (SPI)• Sequence Number• Payload Data• Padding
– Sometimes need for encryption– Sometimes masks encryption– Sometimes used to mask traffic flow
• Pad length• Next Header• Authentication Data
![Page 37: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/37.jpg)
37
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----| Security Parameters Index (SPI) | ^Auth.+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Coverage| Sequence Number | |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ----| Payload Data* (variable) | | ^~ ~ | | | | | Conf.+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Coverage*| | Padding (0-255 bytes) | | |+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| | || | Pad Length | Next Header | v v+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------| Authentication Data (variable) |~ ~| |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ESP Header (RFC 2406)
![Page 38: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/38.jpg)
38
Encapsulating Security Header(ESP)
• The ESP header is inserted:–After the IP header–Before the upper layer protocol
header (transport mode)–Before an encapsulated IP header
(tunnel mode)
![Page 39: 1 Lecture 13 IPsec Internet Protocol Security CIS 4362 - CIS 5357 Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062301/5697c0231a28abf838cd3fb3/html5/thumbnails/39.jpg)
39
Transport Mode SA Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header
Authenticates entire inner IP packet (header and payload), plus selected portions of the outer IP header.
ESP Encrypts IP Payload Encrypts inner IP Packet
ESP With Authentication
Encrypts IP payload and authenticates IP payload, but not IP header
Encrypts inner IP packet, and authenticates inner IP packet.