1

IPsec: AH and ESP

2

Protocol Security – Where?

• Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

• Transport layer: (+): security mostly seamlessly e.g., TLS

• Network layer: (+) reduced key management, fewer application changes, fewer implementations, VPN; (-): multiuser machines

• Data link layer: (+): speedl (-): hop-by-hop only

3

Documents

4

IPsec Objectives• Why do we need IPsec?

– IP V4 has no authentication• IP Spoofing• Payload could be changed without detection

– IP V4 has no confidentiality mechanism• Eavesdropping

– Denial of Service Attacks• Cannot hold the attacker accountable due to the lack of authentication

• IPsec Objectives– IP layer security mechanisms for IP V4 and V6

• Not all applications need to be security aware• Can be transparent to users• Provide authentication and confidentiality mechanisms

• IPsec– AH (Authentication Header) and ESP (Encapsulating Security Payload)

• IP header extensions for carrying cryptographically protected data– IKE (Internet Key Management)

• Authenticating and establishing a session key

5

IPsec Architecture

6

Security Associations (SA)

• SA is a cryptographically protected connection– An association between a sender and a receiver

– Consists of a set of security related parameters

• One way relationship: unidirectional

• Determine IPSec processing for senders

• Determine IPSec decoding for destination

• SAs are not fixed! Generated and customized per traffic flows

7

Security Parameter Index (SPI)

• A bit string assigned to a SA

• Carried in the IPsec header

• The SPI allows the destination to select the correct SA under which the received packet will be processed (according to the agreement with the sender)

• SPI + Dest IP Address + IPsec Protocol (flag for whether it is AH or ESP)– Uniquely identify each SA

8

Security Association Database (SAD)

• Holds parameters for each SA

• When transmitting to X, look up X in SAD– SPI

• Up to 32 bits large

• Allow the destination to select the correct SA

– Key

– Algorithms

– Sequence number

• When receiving an IP packet, look up SPI in SAD

9

Security Policy Database (SPD)

• Which types of packets should be dropped?

• Which should be forwarded or accepted without IPsec protection?

• Which should be protected by IPsec? If protected, encrypted and/or integrity-protected?

• Index into SPD by Selector fields– Dest IP, Source IP, Transport Protocol, IPSec Protocol, Source

& Dest Ports, …

10

Hosts & Gateways

• Hosts can implement IPSec to :– Other hosts in transport or tunnel mode

– Gateways with tunnel mode

• Gateways to gateways - tunnel mode

11

A B

Encrypted Tunnel

Gateway Gateway

New IP Header

AH or ESP Header

TCP DataOrig IP Header

Encrypted

Unencrypted Unencrypted

Tunnel Mode

12

Tunnel Mode

• ESP applies only to the tunneled packet• AH can be applied to portions of the outer header

Outer IPheader

Inner IPheader

IPSecheader

Higherlayer protocol

ESP

AH

Real IP destinationDestinationIPSecentity

13

IPsec, tunnel mode, between firewall

14

Transport Mode

• ESP protects higher layer payload only• AH can protect IP headers as well as higher layer payload

IPheader

IPoptions

IPSecheader

Higherlayer protocol

ESP

AH

Real IPdestination

15

Is it for IPSec?If so, which policyentry to select?

…

SPD(Policy)

…

SA Database

IP Packet

Outbound packet (on A)

A B

SPI & IPSecPacket

Send to B

Determine the SA and its SPI

IPSec processing

Outbound Processing

16

Use SPI to index the SAD

…

SA Database

Original IP Packet

SPI & Packet

Inbound packet (on B) A B

From A

Inbound Processing

…

SPD(Policy)

Was packet properly secured?

“un-process”

17

NAT (Network Address Translation)

• What is it?– With a NAT box, the computer on your internal network do

not need global IPv4 addresses in order to connect to the Internet

– NAT box translates an internal IP

• The problem– An IPsec tunnel cannot go through a NAT box because the

NAT box wants to update the IP address inside the encrypted data and it does not have the key

– For transport mode, IP address is included in the computation of the TCP/UDP checksum

18

IP Header

•Protocol field: ESP=50, AH=51

19

AH (Authentication Header)

••Data integrity: Entire packet has not been tampered withData integrity: Entire packet has not been tampered with••Authentication: 1. Can Authentication: 1. Can ““trusttrust”” IP address source;2. Use MAC to authenticateIP address source;2. Use MAC to authenticate••AntiAnti--replay featurereplay feature••Integrity check valueIntegrity check value•Immutable or predictable IP header fields: version, IH length, total length, identification, protocol, source, destination (source node => predictable)•Upper-level data

20

AH in Transport Mode

21

AH in Tunnel Mode

22

Encapsulating Security Payload (ESP)

23

ESP

24

ESP