IPsecIPsec IPsec (IP security)IPsec (IP security) Security for transmission over IP Security for transmission over IP
networksnetworks• The InternetThe Internet
• Internal corporate IP networksInternal corporate IP networks
• IP packets sent over public switched IP packets sent over public switched data networks (PSDN)data networks (PSDN)
LocalNetwork
Internet LocalNetwork
IPsecIPsec Why do we need IPsec?Why do we need IPsec?
• IP has no securityIP has no security• Add security to create a Add security to create a virtual virtual
private network (VPN)private network (VPN) to give to give secure communication over the secure communication over the Internet or another IP networkInternet or another IP network
LocalNetwork
Internet LocalNetwork
IPsecIPsec
GenesisGenesis• Being created by the Internet Being created by the Internet
Engineering Task ForceEngineering Task Force• For both IP version 4 and IP version 6For both IP version 4 and IP version 6
IPsecIPsec
Two Two ModesModes of operation of operation Tunnel ModeTunnel Mode
• IPsec serverIPsec server at each site at each site
• Secures messages going through the Secures messages going through the InternetInternet
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsecServer
IPsecIPsec
Tunnel ModeTunnel Mode• Hosts operate in their usual wayHosts operate in their usual way
Tunnel mode IPsec is Tunnel mode IPsec is transparenttransparent to the to the hostshosts
• No security within the site networks No security within the site networks
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsecServer
IPsecIPsec Two Modes of operationTwo Modes of operation Transport ModeTransport Mode
• End-to-end securityEnd-to-end security between the between the hostshosts
• Security within site networks as well Security within site networks as well • Requires hosts to implement IPsecRequires hosts to implement IPsec
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsecIPsec
Transport ModeTransport Mode• Adds a Adds a security headersecurity header to IP packet to IP packet• AfterAfter the main IP header the main IP header• Source and destination addresses of Source and destination addresses of
hosts can be learned by interceptorhosts can be learned by interceptor• Only the original data field is protectedOnly the original data field is protected
ProtectedOriginal Data Field
OriginalIP Header
TransportSecurityHeader
IPsecIPsec Tunnel ModeTunnel Mode
• Adds a Adds a security headersecurity header beforebefore the the original IP headeroriginal IP header
• Has IP addresses of the source and Has IP addresses of the source and destination IPsec servers only, not destination IPsec servers only, not those of the source and destination those of the source and destination hostshosts
• Protects the main IP header Protects the main IP header
ProtectedOriginal Data Field
ProtectedOriginal
IP Header
TunnelSecurityHeader
IPsecIPsec Can combine the two modesCan combine the two modes
• Transport mode for end-to-end Transport mode for end-to-end securitysecurity
• Plus tunnel mode to hide the IP Plus tunnel mode to hide the IP addresses of the source and addresses of the source and destination hosts during passage destination hosts during passage through the Internetthrough the Internet
LocalNetwork
Internet LocalNetwork
Tunnel Mode Transport Mode
IPsecIPsec Two forms of protectionTwo forms of protection Encapsulating Security Protocol (ESP)Encapsulating Security Protocol (ESP)
security provides security provides confidentialityconfidentiality as well as as well as authenticationauthentication
Authentication Header (AH)Authentication Header (AH) security security provides provides authenticationauthentication but but not not confidentialityconfidentiality• Useful where encryption is forbidden by lawUseful where encryption is forbidden by law• Provides slightly better authentication by Provides slightly better authentication by
providing authentication over a slightly larger providing authentication over a slightly larger part of the message, but this is rarely decisive part of the message, but this is rarely decisive
IPsecIPsec
Modes and protection methods can Modes and protection methods can be applied in any combinationbe applied in any combination
Tunnel Tunnel ModeMode
Transport Transport ModeMode
ESPESP SupportedSupported SupportedSupported
AHAH SupportedSupported SupportedSupported
IPsecIPsec Security Associations (SAs)Security Associations (SAs) are are
agreements between two hosts or agreements between two hosts or two IPsec servers, depending on two IPsec servers, depending on the modethe mode
““Contracts” for how security will be Contracts” for how security will be performedperformed
NegotiatedNegotiated
Governs subsequent transmissionsGoverns subsequent transmissions
Host A Host B
NegotiateSecurity Association
IPsecIPsec Security Associations (SAs) can be Security Associations (SAs) can be
asymmetricalasymmetrical• Different strengths in the two Different strengths in the two
directionsdirections• For instance, clients and servers may For instance, clients and servers may
have different security needshave different security needs
Host A Host B
SA for messagesFrom A to B
SA for messagesFrom B to A
IPsecIPsecPoliciesPolicies may limit what SAs can be may limit what SAs can be
negotiatednegotiated• To ensure that adequately strong SAs To ensure that adequately strong SAs
for the organization’s threatsfor the organization’s threats• Gives uniformity to negotiation Gives uniformity to negotiation
decisionsdecisions
Host A Host B
Security AssociationNegotiations Limited
By Policies
IPsecIPsec First, two parties negotiate First, two parties negotiate IKE IKE
(Internet Key Exchange)(Internet Key Exchange) Security Security AssociationsAssociations• IKE is IKE is not IPsec-specificnot IPsec-specific• Can be used in other security Can be used in other security
protocolsprotocols
Host A Host BCommunication
Governed byIKE SA
IPsecIPsec
Under the protection of Under the protection of communication governed by this IKE communication governed by this IKE SA, negotiate SA, negotiate IPsec-specificIPsec-specific security security associationsassociations
Host A Host BCommunication
Governed byIKE SA
IPsec SA Negotiation
IPsecIPsec Process of Creating IKE SAs (and other Process of Creating IKE SAs (and other
SAs)SAs)
• Negotiate security parameters within Negotiate security parameters within policy limitationspolicy limitations
• Authenticate the parties using SA-agreed Authenticate the parties using SA-agreed methodsmethods
• Exchange a symmetric session key using Exchange a symmetric session key using SA-agreed methodSA-agreed method
• Communicate securely with Communicate securely with confidentiality, message-by-message confidentiality, message-by-message authentication, and message integrity authentication, and message integrity using SA-agreed methodusing SA-agreed method
IPsecIPsec
IPsec has IPsec has mandatory security mandatory security algorithmsalgorithms
• Uses them as Uses them as defaultsdefaults if no other if no other algorithm is negotiatedalgorithm is negotiated
• Other algorithms may be negotiatedOther algorithms may be negotiated
• But these mandatory algorithms But these mandatory algorithms MUSTMUST be supportedbe supported
IPsecIPsec
Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement• To agree upon a symmetric session key To agree upon a symmetric session key
to be used for confidentiality during this to be used for confidentiality during this sessionsession
• Also does authenticationAlso does authentication
Party A Party B
IPsecIPsec
Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement• Each party sends the other a Each party sends the other a noncenonce
(random number)(random number)• The nonces will almost certainly be The nonces will almost certainly be
differentdifferent • Nonces are not sent confidentiallyNonces are not sent confidentially
Party A Party BNonce B
Nonce A
IPsecIPsec Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement
• From the different nonces, each party From the different nonces, each party will be able to compute the same will be able to compute the same symmetric session key for subsequent symmetric session key for subsequent useuse
• No No exchangeexchange of the key; instead, of the key; instead, agreementagreement on the key on the key
Party A Party B
Symmetric Key Symmetric KeyFrom nonces,
independently computesame symmetric
session key