Cryptography and Cryptography and Network Security Network Security Chapter 16 Chapter 16 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lawrie Lecture slides by Lawrie Brown Brown
Cryptography and Cryptography and Network SecurityNetwork Security
Chapter 16Chapter 16
Fourth EditionFourth Edition
by William Stallingsby William Stallings
Lecture slides by Lawrie BrownLecture slides by Lawrie Brown
Henric JohnsonHenric Johnson 22
TCP/IP ExampleTCP/IP Example
IP SecurityIP Security
application specific security mechanismsapplication specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPSeg. S/MIME, PGP, Kerberos, SSL/HTTPS
however there are security concerns that however there are security concerns that cut across protocol layerscut across protocol layers
would like security implemented by the would like security implemented by the network for all applicationsnetwork for all applications
Henric JohnsonHenric Johnson 44
IP Security OverviewIP Security Overview
Applications of IPSecApplications of IPSec Secure branch office connectivity over the Secure branch office connectivity over the
InternetInternet Secure remote access over the InternetSecure remote access over the Internet Establsihing extranet and intranet connectivity Establsihing extranet and intranet connectivity
with partnerswith partners Enhancing electronic commerce securityEnhancing electronic commerce security
IPSecIPSec
A frameworkA framework general IP Security mechanismsgeneral IP Security mechanisms providesprovides
authenticationauthentication confidentialityconfidentiality key managementkey management
applicable to use over LANs, across public applicable to use over LANs, across public & private WANs, & for the Internet& private WANs, & for the Internet
Benefits of IPSecBenefits of IPSec
in a firewall/router provides strong security in a firewall/router provides strong security to all traffic crossing the perimeterto all traffic crossing the perimeter
in a firewall/router is resistant to bypassin a firewall/router is resistant to bypass is below transport layer, hence transparent is below transport layer, hence transparent
to applicationsto applications can be transparent to end userscan be transparent to end users can provide security for individual userscan provide security for individual users secures routing architecturesecures routing architecture
IPSec ServicesIPSec Services
Access controlAccess control Connectionless integrityConnectionless integrity Data origin authenticationData origin authentication Rejection of replayed packetsRejection of replayed packets
a form of partial sequence integritya form of partial sequence integrity Confidentiality (encryption)Confidentiality (encryption) Limited traffic flow confidentialityLimited traffic flow confidentiality
Henric JohnsonHenric Johnson 88
IP Security RFCsIP Security RFCs
IPSec documents:IPSec documents: RFC 2401: An overview of security RFC 2401: An overview of security
architecturearchitecture RFC 2402: Description of a packet encryption RFC 2402: Description of a packet encryption
extension to IPv4 and IPv6extension to IPv4 and IPv6 RFC 2406: Description of a packet emcryption RFC 2406: Description of a packet emcryption
extension to IPv4 and IPv6extension to IPv4 and IPv6 RFC 2408: Specification of key managament RFC 2408: Specification of key managament
capabilitiescapabilities
Henric JohnsonHenric Johnson 99
IPSec Document OverviewIPSec Document Overview
IPSec UsesIPSec Uses
Transport & Tunnel ModesTransport & Tunnel Modes
IP Security ArchitectureIP Security Architecture
specification is quite complexspecification is quite complex mandatory in IPv6, optional in IPv4mandatory in IPv6, optional in IPv4 have two security header extensions:have two security header extensions:
Authentication Header (AH)Authentication Header (AH) Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP)
Security AssociationsSecurity Associations
a one-way relationship between sender & a one-way relationship between sender & receiver that affords security for traffic flowreceiver that affords security for traffic flow
identifiedidentified by 3 parameters: by 3 parameters: Security Parameters Index (SPI), like SA IDSecurity Parameters Index (SPI), like SA ID IP Destination AddressIP Destination Address Security Protocol Identifier, AH or ESP usedSecurity Protocol Identifier, AH or ESP used
has a number of other parametershas a number of other parameters seq no, AH & EH info, lifetime etcseq no, AH & EH info, lifetime etc
have a database of Security Associationshave a database of Security Associations
Authentication Header (AH)Authentication Header (AH)
provides support for data integrity & provides support for data integrity & authentication of IP packetsauthentication of IP packets end system/router can authenticate user/append system/router can authenticate user/app prevents address spoofing attacks by tracking prevents address spoofing attacks by tracking
sequence numberssequence numbers based on use of a MACbased on use of a MAC
HMAC-MD5-96 or HMAC-SHA-1-96HMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret keyparties must share a secret key
Authentication HeaderAuthentication Header
Henric JohnsonHenric Johnson 1616
Before applying AHBefore applying AH
Henric JohnsonHenric Johnson 1717
Transport Mode (AH Transport Mode (AH Authentication)Authentication)
Henric JohnsonHenric Johnson 1818
Tunnel Mode (AH Tunnel Mode (AH Authentication)Authentication)
Encapsulating Security Payload Encapsulating Security Payload (ESP)(ESP)
provides provides message content confidentiality & message content confidentiality & limited traffic flow confidentialitylimited traffic flow confidentiality
can optionally can optionally provide the same authentication provide the same authentication services as AHservices as AH
supports range of ciphers, modes, paddingsupports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etcincl. DES, Triple-DES, RC5, IDEA, CAST etc CBC & other modesCBC & other modes padding needed to fill blocksize, fields, for traffic flowpadding needed to fill blocksize, fields, for traffic flow
Encapsulating Security Encapsulating Security PayloadPayload
Henric JohnsonHenric Johnson 2121
ESP Encryption and ESP Encryption and AuthenticationAuthentication
Henric JohnsonHenric Johnson 2222
ESP Encryption and ESP Encryption and AuthenticationAuthentication
Henric JohnsonHenric Johnson 2323
Encryption and Encryption and Authentication AlgorithmsAuthentication Algorithms
in EPSin EPS Encryption:Encryption:
Three-key triple DESThree-key triple DES RC5RC5 IDEAIDEA Three-key triple IDEAThree-key triple IDEA CASTCAST BlowfishBlowfish
Authentication:Authentication: HMAC-MD5-96HMAC-MD5-96 HMAC-SHA-1-96HMAC-SHA-1-96
Transport vs Tunnel Mode Transport vs Tunnel Mode ESPESP
transport mode is used to encrypt & transport mode is used to encrypt & optionally authenticate IP dataoptionally authenticate IP data data protected but header left in cleardata protected but header left in clear can do traffic analysis but is efficientcan do traffic analysis but is efficient good for ESP host to host trafficgood for ESP host to host traffic
tunnel mode encrypts entire IP packettunnel mode encrypts entire IP packet add new header for next hopadd new header for next hop good for VPNs, gateway to gateway securitygood for VPNs, gateway to gateway security
Henric JohnsonHenric Johnson 2525
Transport Mode SA
Tunnel Mode SA
AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers
Authenticates entire inner IP packet plus selected portions of outer IP header
ESP Encrypts IP payload and any IPv6 extesion header
Encrypts inner IP packet
ESP with authentication
Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header
Encrypts inner IP packet. Authenticates inner IP packet.
Combining Security Combining Security AssociationsAssociations
SA’s can implement either AH or ESPSA’s can implement either AH or ESP to implement both need to combine SA’sto implement both need to combine SA’s
form a security form a security association association bundlebundle may terminate at different or same may terminate at different or same
endpointsendpoints combined bycombined by
• transport adjacencytransport adjacency• iterated tunnelingiterated tunneling
issue of authentication & encryption order issue of authentication & encryption order
Combining Security Combining Security AssociationsAssociations
Key ManagementKey Management
handles key generation & distributionhandles key generation & distribution typically need 2 pairs of keystypically need 2 pairs of keys
2 per direction for AH & ESP2 per direction for AH & ESP manual key managementmanual key management
sysadmin manually configures every systemsysadmin manually configures every system automated key managementautomated key management
automated system for on demand creation of automated system for on demand creation of keys for SA’s in large systemskeys for SA’s in large systems
has Oakley & ISAKMP elementshas Oakley & ISAKMP elements
OakleyOakley
a key exchange protocola key exchange protocol based on Diffie-Hellman key exchangebased on Diffie-Hellman key exchange adds features to address weaknessesadds features to address weaknesses
cookies, groups (global params), nonces, DH cookies, groups (global params), nonces, DH key exchange with authenticationkey exchange with authentication
can use arithmetic in prime fields or elliptic can use arithmetic in prime fields or elliptic curve fieldscurve fields
ISAKMPISAKMP
Internet Security Association and Key Internet Security Association and Key Management ProtocolManagement Protocol
provides framework for key managementprovides framework for key management defines procedures and packet formats to defines procedures and packet formats to
establish, negotiate, modify, & delete SAsestablish, negotiate, modify, & delete SAs independent of key exchange protocol, independent of key exchange protocol,
encryption alg, & authentication methodencryption alg, & authentication method
ISAKMPISAKMP
ISAKMP Payloads & ISAKMP Payloads & ExchangesExchanges
have a number of ISAKMP payload types:have a number of ISAKMP payload types: Security, Proposal, Transform, Key, Security, Proposal, Transform, Key,
Identification, Certificate, Certificate, Hash, Identification, Certificate, Certificate, Hash, Signature, Nonce, Notification, DeleteSignature, Nonce, Notification, Delete
ISAKMP has framework for 5 types of ISAKMP has framework for 5 types of message exchanges:message exchanges: base, identity protection, authentication only, base, identity protection, authentication only,
aggressive, informationalaggressive, informational