Muhammad Nasir Mumtaz Bhutta Centre for Communication Systems Research University of Surrey Guildford, Surrey GU2 7XH Email: [email protected], Tel: 01483 68 3036 www.surrey.ac.uk Multilayer Security Architecture for Internet Protocol (ML-IPSec) 1 October, 2010
47
Embed
Multilayer Security Architecture for Internet Protocols
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Muhammad Nasir Mumtaz BhuttaCentre for Communication Systems Research
– Encapsulating Security Payload (ESP)• Provides all services provided by AH, data
confidentiality and limited traffic flow confidentiality as well.
www.ee.surrey.ac.uk/CCSR10
Major IPSec Components (continued..)
• Cryptographic Algorithms– Helps to achieve integrity and
confidentiality. • Key Management
– All security operations are provided by cryptographic means, so keys are required.
– Internet Key Exchange (IKE v2) is used to provide key management.
www.ee.surrey.ac.uk/CCSR11
Assumptions
• To achieve high quality of security services, certain assumptions need to be met: – Good implementation of IPSec.– Security is dependent on many things in
over all system (e.g. personnel & physical procedures, security policies etc.), so IPSec just play its role as a part.
– Good Implementation of Operating System (OS) security services.
www.ee.surrey.ac.uk/CCSR12
IPSec Components to Help in Achieving Security Goals
• Security Association (SA)– SA is a one way traffic secure
connection between communicating parties.
– For Bidirectional communication, two SAs are established.
– SA, providing actually all security services, is setup by IKE.
– Functionality is dependent upon security protocols, mode of IPSec working, endpoints of SA and chosen security services.
www.ee.surrey.ac.uk/CCSR13
IPSec Components to Help in Achieving Security Goals (continued..)
• Security Policy Database (SPD)– Stores security policies. – Provides information about security policy rules
to be applied.– At least one SPD implementation must be
supported in IPSec.– Three logical components
• SPD-Secure (S) contains rules for all IPSec protected traffic.
• SPD-Outbound (O) contains rules for all outbound traffic
• SPD-Inbound (I) contains rules for all inbound traffic or bypassed.
www.ee.surrey.ac.uk/CCSR14
IPSec Components to Help in Achieving Security Goals (continued..)
• Security Association Database (SAD)– Stores SAs. – Provides information about security
associations. – For outbound processing SAD is pointed by
SPD-S part. – For inbound processing SAD is pointed by SPD-I
part.• Peer Authorization Database (PAD)
– Stores information about links between SPD and SAD.
– Helps IPSec components in security services practice.
www.ee.surrey.ac.uk/CCSR15
IPSec Working & Role of IKE
• IKE helps in setup of security associations (SAs). – The functionality of all cryptographic protocols
is dependent on these SAs. – Control information exchange also requires SA
• ESP provides origin authentication, connectionless and sequence integrity, data and limited traffic flow confidentiality.
• Security services are offered in three modes by ESP.– Confidentiality Only (may be supported) – Integrity Only (must be supported) – Confidentiality and Integrity (must be
supported)
www.ee.surrey.ac.uk/CCSR17
IPSec Working & Role of ESP (continued..)
• Data Confidentiality– Data confidentiality is provided via encryption.– Encryption scheme selection is dependent
upon SA out of various encryption algorithms. • Origin Authentication and Connectionless
Integrity – Integrity of IP datagram is validated via
Message Authentication Code (MAC). – Origin authentication is provided indirectly by
binding of the key with the holding entity (origin).
www.ee.surrey.ac.uk/CCSR18
IPSec Working & Role of ESP (continued..)
• Anti-Replay Service (Partial Sequence Integrity)– This is service to detect arrival of
duplicate packets. – Provides sequential integrity and may
be supported in ESP. • Limited Traffic Flow Confidentiality
– This service hides source and destination addresses and usually employed in Tunnel Mode.
www.ee.surrey.ac.uk/CCSR19
Limitations of IPSec
• IPSec follows very strict layering and protection model works end-to-end.
• With advancement in wireless technology according to characteristics of networks, certain cross-layer optimizations are performed.
• Some examples of wireless technology highlights the functionality of new network applications.
www.ee.surrey.ac.uk/CCSR20
Limitations of IPSec (continued..)
• Conflicts between IPSec and TCP PEPs– TCP PEPs work on two pieces of
information, TCP flow identification and sequence numbers.
– For functioning of upper layers, some information from headers is required at intermediate nodes.
– IPSec hides all upper layer headers.
www.ee.surrey.ac.uk/CCSR21
Limitations of IPSec (continued..)
• Traffic Engineering– Flow classification is essential in providing rich
classes of service and QoS (RED, RSVP). – The flow information present in upper layers
such ac TCP is hidden by IPSec. • Application Layer Agents/Proxies
– Some modern routers can serve the HTTP requests from their local cache in order to improve performance.
– They need information from upper layers like HTTP but, that is hidden by IPSec.
www.ee.surrey.ac.uk/CCSR22
Summary of IPSec Limitations and Conclusion
• All above defined mechanisms, try to access upper layers information for their working.
• IPSec works on end-to-end basis and encrypts all the upper layer information.
• So IPSec has basic functioning conflict with many intermediate devices.
• Need to resolve these issues for optimal performance.
www.ee.surrey.ac.uk/CCSR23
Problem Statement for ML-IPSec
• Develop a security scheme with below defined features:– Supports the services and applications
which have conflict with IPsec working. – Should grant trusted intermediate nodes
a secure, controlled and limited access to a selected portion of IP datagram.
– Should preserve the end-to-end security protection for user data.
www.ee.surrey.ac.uk/CCSR24
• Using a transport-layer security mechanism as an alternative to IPsec to provide security services.
• The transport-layer mechanism, such as secure sockets layer (SSL) or transport layer security (TLS) operates above TCP and works well with TCP PEP: – it encrypts the TCP data while leaving the TCP
header in unencrypted and unauthenticated form
• Limitations:– Vulnerable to traffic analysis attack– SSL/TLS only works on TCP but not on UDP so
the range of applications is limited
Approaches - Transport Layer Security
www.ee.surrey.ac.uk/CCSR25
• This approach tries to use transport layer security protocols, SSL/TLS, inside IPsec.
• SSL/TLS will protect the TCP data and IPSec will protect TCP header information
• Limitations:– wastage of resources because TCP data
will be encrypted twice by SSL/TLS and IPsec,
– IPsec still encrypts the whole TCP information including header and data part
Approaches – Tunnelling one security protocol
www.ee.surrey.ac.uk/CCSR26
• The transport-friendly ESP (TF-ESP) protocol format was proposed:– The TCP state information (such as flow
identifications and sequence numbers) are in a disclosure header outside the encryption scope, bbut authenticated.
• Limitations:– Vulnerable to traffic analysis attack– it does not work well with TCP spoofing
when a write access is needed
Approaches - Using a Transport Friendly ESP Format
www.ee.surrey.ac.uk/CCSR27
• IPsec protection can be applied twice, once between sender and security gateway and second time between security gateway and destination.
• Limitations:– It exposes the information to
intermediate nodes while confidentiality is only meant for end-to-end
Approaches – Splitting IPsec into Two Segments
www.ee.surrey.ac.uk/CCSR28
• ML-IPsec breaks the IP datagram into different parts and apply different security mechanisms on different parts:– one security mechanism for transport
header– different security mechanism for
application data• This approach allows the intermediate
nodes to co-exist with end-to-end IPsec
• Limitations:– More complex than IPsec
Approaches – Multi - Layer IP Security Protocol
www.ee.surrey.ac.uk/CCSR29
Standardization & Issues
• Many meetings were attended at IETF to present the idea of IPSec and internet draft was written.
• IETF Concerns: – Application domains is limited (Satellite
Networks only). – Implementation complexity is increased.
(shown feasible via implementation in IPSec).– Two more implementations required to prove
the points.• Key Management Complexity is major
issue.
www.ee.surrey.ac.uk/CCSR
Applications
30
www.ee.surrey.ac.uk/CCSR31
Principle of ML-IPSec Security Protection• Multilayer protection model:
• Divides IP datagram into zones
• Different protection schemes for different zones (e.g. SA, public/private keys, access control rules etc.)
www.ee.surrey.ac.uk/CCSR32
General Model of IPSec Processing
• .
MulticastKey Exchange
www.ee.surrey.ac.uk/CCSR33
Composite Security Association (CSA)
• Security Association
• one-way relationship between sender and receiver.
• defines set of parameters (e.g. sequence number, anti-replay window, lifetime of SA, Path MTU etc).
• Controls outbound, inbound processing.
www.ee.surrey.ac.uk/CCSR34
CSA Continued..
• CSA has two elements: – Zone Map: defines coverage of each
zone in IP datagram. – Zone List: is a list of all SAs for all zones.
(all stored in “Security Association Database (SAD)”).
www.ee.surrey.ac.uk/CCSR35
Zones and Zone Map• A zone is any portion of IP datagram under same
security protection.
• Entire IP datagram can be broken into zones.
• Zones can not overlap.
• A zone can be split into multiple sub zones (continuous part of IP datagram).
• A zone map is a mapping relationship between IP octets and zones.
• Remains Constant for a security relationship.
• zones that covers last part of IP datagram (data) should be variable according to size.
www.ee.surrey.ac.uk/CCSR36
Composite Security Association (CSA)
• Zone Map
• Zone List – In zone list area we show the SAs, their
parameters and access control.
www.ee.surrey.ac.uk/CCSR37
Zone List continued
• SA (designated)– Sequence Number Counter (64 bit)– Sequence Counter Overflow – Anti-Replay Window (64 bit)– Protocol mode (Transport or Tunnel)– Path MTU – Lifetime – Encryption algorithm (DES-CBC)– Encryption Key – Authentication algorithm (HMAC-MD5-32)– Authentication Key
www.ee.surrey.ac.uk/CCSR38
Outbound Processing (zone by zone)
Outbound: IP datagram
Zone map
Plain Text (masked and concatenated)
Encryption (using ESP)
Cipher Text (ESP)
Authentication
AH
ICV
SA
AH or ESP authentication data
ESP paylod data
www.ee.surrey.ac.uk/CCSR39
Inbound Processing (zone by zone)
Outbound: IP datagram
Zone map
Plain Text (masked and concatenated)
Decryption (using ESP)
Cipher Text (ESP)
Authentication
AH
ICV
SA
AH or ESP authentication data
ESP paylod data
www.ee.surrey.ac.uk/CCSR
ESP Header
• Security Parameter Index: Identifies Security Association (SA).
• Sequence Number: Counts the packet sent.
• Encrypted Payload Data for Zone: contains the encrypted payload data (IP payload data, padding, pad length, Next Header).
• Authentication Data for Zone: Contains the Integrity Check Values (ICV) for each zone.
40
www.ee.surrey.ac.uk/CCSR
Implementation and Evaluation
• Two different evaluations of ML-IPSec shall be performed. – Simulations based, to see the scalability
and reliability behaviour. • Impact of network bandwidth on
Performance ( SA establishment latency, TCP throughput and delay).
• Impact of different data packet size on performance and security protocol behaviour.
– Reference Implementation of ML-IPSec to see the overhead on real network. 41
www.ee.surrey.ac.uk/CCSR
Testbed Experiment Requirements
• Use Cases– IP Only: running standard IP with no security. – IPSec: running IPSec using ESP with