IPsec

1
Lecture 13

• IPsec
• Internet Protocol Security
• CIS 4362 - CIS 5357
• Network Security

2
What is IPsec?

• Protocols and mechanisms to support security at
  the network layer (IP layer)
• Two main security protocols called Authentication
  Header (AH, IP protocol type 51) and
  Encapsulating Security Protocol (ESP, IP protocol
  type 50)
• Implemented on end hosts and gateways
• Separate security associations (SA) are used to
  determine processing at each of the two
  directions (outbound or inbound)
• An SA is uniquely defined by
• SPI
• Destination IP address
• IPSec Protocol (ESP or AH)

3
Logical Format of an IP Packet
Version IHL Service Type Total length 4 bits 4 bits 8 bits 16 bits
Identification Flags Fragment offset 16 bits 3 bits 13 bits
Time to Live Protocol Header Checksum 8 bits 8 bits 16 bits
Source IP Address 32 bits
Destination IP Address 32 bits
IP Options if used plus padding to 4 bytes Variable length multiples of 4 bytes
Encapsulated Data Variable length, integral number of bytes
4
IPSec ServicesServices That Hosts and Gateways
Provide

• Access Control
• Data content confidentiality
• Connectionless integrity
• Data origin authentication
• Replay protection
• Privacy
• Traffic flow masking

5
IPsec Architecture (RFC 2401)

• Security Policies that define which traffic is
  treated
• Security Associations between network components
• Security Protocols
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
• Key Management
• Internet Key Exchange (IKE)
• Algorithms for authentication and encryption

6
IPsec Operations

• Transport Mode
• Above the IP level
• Below the transport level
• Tunnel
• IP within IP
• Sandwiched between two IP sessions

7
IPsec OSI Layer
Tunnel Mode
TCP
IP
Data Link
Physical
Transport Mode
TCP
IPSec
IP
Data Link
Physical
IPSec
8
IPsec Packet Encapsulation
Tunnel Mode
Transport Mode
Original Packet
IP Header Rest of Packet
IP Header Rest of Packet
IP Header IPsec Header Rest of Packet
IP Header IPsec Header IP Header Rest of Packet
9
Adding IPSec to IPv4
version 4bits
header length 4bits (unit 4-octet)
type of service 1 octet
packet length 2 octets
packet identification 2 octets
flags 3 bits
fragment offset 13 bits
hops remaining (TTL) 1 octet
protocol 1 octet
header checksum 2 octets
source address 4 octets
destination address 4 octets
options variable
Regular IP protocol values TCP6 UDP17 IP 4
IPsec protocol values ESP50 and AH51
The communication protocols are specified in the
IPsec header
10
Adding IPsec to IPv6
version type of service flow label 4 octets
payload length 2 octets
next header 1 octet (specifies protocol)
TTL 1 octet
source address 16 octets
destination address 16 octets
11
Transport mode
IPheader payload
IPheader IPsec header payload
Transport mode was designed to save bandwidth in
end-to-end associations. The payload is
typically encrypted and authenticated. The
IPheader is in theclear, and may or may not be
authenticated.
12
Transporting
IP packet p1
IP packet p1 SenderAlice RecipientBob
13
Tunnel Mode
IPheader payload
new IP hdr IPsec hdr IPheader payload
Tunnel mode protects both the payload and IP
header of the original packet. If encryption is
used between gateways in tunnel mode, then it
reduces information for traffic analysis.
14
Tunneling
15
Security Associations

• An IPsec protected connection is called a
  security association
• The SPI used in identifying the SA is normally
  chosen by the receiving system
• Basic Processing
• for outbound packets, a packets selector is used
  to determine the processing to be applied to the
  packet
• More complex than for inbound where the received
  SPI, destination address and protocol type
  uniquely point to an SA

16
SAD and SPD

• The IPsec protocol maintains two databases
• Security association database. Indexed by SPIs,
  contains the information needed to encapsulate
  packets for one association cryptographic
  algorithms, keys, sequence numbers, etc.
• Security policy database Allows for
  implementation of packet filtering policies.
  Defines whether or not to accept non-protected
  packets, what to require, etc.

17
Security Association Database

• Sequence number
• Sequence number overflow
• Anti-Replay Window
• AH Information
• Algorithms, initialization values, keys, etc.
• ESP Information
• Algorithms, initialization values, keys, etc.
• SA Lifetime
• IPsec Protocol Mode
• Path MTU (max packet size)

18
Security Policy Database

• Defines
• Traffic to be protected
• How to protect it
• Must be consulted for each packet entering or
  leaving the IP stack
• Three possible actions
• Discard
• Bypass IPSEC
• Apply IPSEC

19
Some Security Association Selectors

• Destination IP Address
• Source IP Address
• UserID
• Data Sensitivity Level
• Transport Layer Protocol number
• IPSec Protocol (AH/ESP)

20
Combinations of SAs that must be supported

• Case 1 Host to host
• End to end service
• Case 2 Gateway to Gateway
• Virtual private network
• Case 3 Host to gateway, gateway to gateway,
  gateway to host
• Case 4. Host to gateway, gateway to host
• Dial-in users

21
CASE 1
Transport or Tunnel
Host
Router
Host
Router
Local Intranet
Local Intranet
The Internet
22
CASE 2
Tunnel
Transport or Tunnel
Host
Gateway
Host
Gateway
Local Intranet
Local Intranet
The Internet
23
CASE 3
Tunnel
Host
Gateway
Host
Gateway
Local Intranet
Local Intranet
The Internet
24
CASE 4
Tunnel
Transport or Tunnel
Host
Gateway
Host
Local Intranet
The Internet
25
Security Protocols (RFC 2402/6)

• Authentication Header (AH) (RFC 2402)
• Access Control
• Connectionless integrity
• Data origin authentication
• Replay mask

• Encapsulating Security Payload (ESP) (RFC 2406)
• Access Control
• Connectionless integrity
• Data origin authentication
• Replay mask
• Confidentiality
• Traffic flow mask

26
IPSEC Roadmap
ESP
AH
Encryption Algorithm
Authentication Algorithm
DOI
Key Management
Policy
Domain of Interpretation
27
Authentication Header (AH) (RFC 2402)

• The IP AH is used to provide
• Connectionless integrity
• Data origin authentication
• Protection against replays.
• AH provides authentication for as much of the IP
  header as possible, but cannot all be protected
  by AH.
• Data privacy is not provided by AH

28
Authentication Header (AH)
next hdr 1 octet (communication protocol)
payload length (AH header length) 1 octet
unused 2 octets
SPI (Security Parameter Index) 4 octets
sequence number 4 octets
authentication data variable
The Authentication Header authenticates data --
the protocol field is unencrypted, so it is
available for firewall rule-based decisions.
AH authenticates not only the IP payload but all
immutable IP header components, such as source
and destination addresses. This creates
incompatibilities with NAT boxes in end-to-end
associations.
29
Authentication Header Structure

• 0 1 2 3
• 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
  5 6 7 8 9 0 1
• -------------------------
  -
• Next Header Payload Len RESERVED
  
• -------------------------
  -
• Security Parameters Index (SPI)
  
• -------------------------
  -
• Sequence Number Field
  
• -------------------------
  --
• Authentication Data (variable)
  
• 
  
• ------------------------
  --

30
IP Packets With AH
Original IP Packet IP header TCP Data

AH Transport Mode IP header AH TCP
Data
AH Tunnel Mode new IP header AH
original IP header TCP Data
31
AH Elements

• Authentication Data
• Variable-length field
• Contains the Integrity Check Value (ICV) for this
  packet
• Sequence Number
• Unsigned 32-bit field
• Monotonically increasing counter (sequence
  number)
• It is mandatory and is always present
• Processing of the Sequence Number field is at the
  discretion of the receiver

32
Other AH Elements

• Payload Length Length of AH in 32-bit words - 2
• Reserved 16-bit field. MUST be set to "zero."
• Security Parameters Index (SPI) 32-bit value
  that, in combination with the destination IP
  address and security protocol, uniquely
  identifies the Security Association for this
  datagram

33
ESP (Encapsulating Security Payload)

• ESP allows for encryption, as well as
  authentication.
• Both are optional, defined by the SPI and
  policies.
• ESP does not protect the IP header, only the
  payload
• But, in tunnel mode everything is encapsulated
• If ESP encryption is enabled, then everything
  after the ESP header is encrypted
• Communication protocol, ports (NATs and firewalls
  need this information).

34
Encapsulating Security Payload(ESP)

• Services provided include
• Confidentiality
• Data origin authentication
• Connectionless integrity
• Anti-replay service
• Limited traffic flow confidentiality
• Security services can be provided between
• A pair of communicating hosts
• A pair of security gateways
• A security gateway and a host

35
ESP encapsulation
SPI (Security parameter Index) 4 octets
sequence number 4 octets
IV (initialization vector) variable
data variable
padding variable
padding length 1 octet (unit length octets)
next header/protocol type
authentication data
36
ESP Header Elements

• Security Parameters Index (SPI)
• Sequence Number
• Payload Data
• Padding
• Sometimes need for encryption
• Sometimes masks encryption
• Sometimes used to mask traffic flow
• Pad length
• Next Header
• Authentication Data

37
ESP Header (RFC 2406)
0 1 2
3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ----------
----------------------
---- Security Parameters Index
(SPI) Auth. --------
------------------------
Coverage Sequence Number
-----------------
--------------- ----
Payload Data (variable)



Conf.
------------
------------ Coverage
Padding (0-255 bytes)
--------
----------------
Pad Length
Next Header v
v ------------------------
-------- ------
Authentication Data (variable)



------------------------
--------
38
Encapsulating Security Header(ESP)

• The ESP header is inserted
• After the IP header
• Before the upper layer protocol header (transport
  mode)
• Before an encapsulated IP header (tunnel mode)

39
Transport Mode SA Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header Authenticates entire inner IP packet (header and payload), plus selected portions of the outer IP header.
ESP Encrypts IP Payload Encrypts inner IP Packet
ESP With Authentication Encrypts IP payload and authenticates IP payload, but not IP header Encrypts inner IP packet, and authenticates inner IP packet.