Module 3

IP Security
 IP Security

• IP Security Overview
• IP Security Architecture
• Modes of operation
• Security associations (SA)
• Authentication Header (AH)
• Encapsulating Security Payload(ESP)
• Internet Key Exchange
IP Security
• Chapter Goals
• Understand why we use IP Security (IPSec)
• To learn how IP Security works
• Gain insight on the specific sections
• The pros and cons of IP Security
• Learn of specific implementations IP Security
• Learn of IP Security Architecture and Standers
IP Security
• Purpose of IP Security
• Application specific security measures insufficient
• Organizations have needs of security which cut layers
• IP-level security enhances both application security
already in place, and provides to security to applications
lacking security
• What an IP Security system should provide
• Three functional areas
• Authentication
• Confidentiality
• Key management
• Look at security architecture, then each of the functional areas
IP Security Overview
• IP Security: Known as “IPSec”
• IPv6 (successor to IPv4) has authentication and
encryption
• IPSec was designed to be work with both IPv4 and IPv6
• In v6, IPSec’s implementation is mandatory
• For IPv4, it’s still optional
• Benefit is v6 security can be rolled out immediately,
before v6 is mainstream
IPSec Applications
• Secure communications across a LAN
• Indented uses of IPSec:
• Companies can use Internet for secure intra-office
communication
• Secure remote access (VPN, dial systems) from
external computer to secured network
• Secure connectively of terminals between companies
• Adding security to E – commerce (which as
application level security)
IPSec Applications
IPSec Benefits
• Applied on a router level to all traffic
• Hard to bypass when used for firewall implementation
• Below the transport layer: software is unaffected
• Transparent to users
• Can be customized to specific users
• IPSec used in routing:
• router advertisements are authentic
• neighbor advertisements are authentic
• verification of redirect messages
• prevents update forges
IP Security Architecture
• Complex specification (many documents/specs)
• Protocols specify:
• Architecture
• Encapsulating Security Payload (ESP)
• Authentication Header (AH)
• Encryption Algorithm
• Authentication Algorithm
• Key Management
IPSec Services
• Services at the IP Layer
• Selecting protocols, algorithms, crypto-keys
• Important security protocols: ESP and AH
• ESP and AH services:
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
• Confidentiality (cipher text)
• Confidentiality with limited cipher text
IPSec Services
Security Associations
• Very important concept (used throughout)
• Association: one-way relationship between sender
and receiver
• Provides security on traffic between it
• Can use two Security Associations (SA’s) for two way
communication
• Services provided to AH, ESP, but not both
simultaneously (but can be combined, as seen later)
• SA uniquely identified by three parameters: Security
Parameters Index (SPI), IP Destination Address, Security
Protocol Identifier
SA Parameters
• An SA must carry with it a number of important values
• Sequence Number Counter
• Sequence Counter Overflow
• Anti-replay window
• AH, ESP Information
• Lifetime of the SA
• Protocol mode (Tunnel/Transport, see in a moment)
• MTU: Maximum transmission unit
SA Selectors
• IPSec: Flexibility on application of services to traffic
• How to relate IP traffic to an SA?
• Security Policy Database:
• Simple idea: Table to relate subset of IP traffic to a
specific SA
• Becomes very complex (many to many relationship)
• An entry: IP and upper-layer protocol field values
• Known as selectors (filter outgoing traffic to SA)
• Outgoing traffic: 1) compares fields of packet against
SPD, finds match. 2) Determine the SA (if exists) 3) Do
IPSec (AH ESP)
SPD Entry
• What does an SPD entry look like?
• Destination IP Address – Single or Range (mask)
• Source IP Address
• UserID
• Data Sensitivity Level
• Transport Layer Protocol
• Source and Destination Ports
Transport and Tunnel Mode
• Another important concept reused:
• Transport mode: Protection of packet payload
• Tunnel mode: Protection of entire packet
• Transport mode used in end to end communication
between hosts.
• ESP: encrypts (+ authenticate) payload, not header
• AH: Authenticates payload, selected header bits
• Tunnel mode: new routing info added
• ESP: encrypts (+ authenticate) packet(not outer
header)
• AH: authenticates entire packet, selected outer bits
Authentication Header
• Adds data integrity and authentication to IP packets
• Integrity: avoid alteration of packets
• Authentication: filter traffic correctly
• Prevent spoof attacks and replay attacks
• Uses a message authentication code (MAC)
• Required shared secret key
• Uses the following fields:
• Next Header, Payload Length
• Reserved, SPI
• Sequence Number, Authentication Data
Authentication Header
Preventing Replays
• Attacker grabs authentic packet, transmits later
• Sequence Number tries to prevent this
• Sequence Number is generated by sender for a new SA
• Starts and 0 and increments to 232 – 1
• Incremented for each new packet, thus first value, 1
• Cannot be allowed to cycle. Passing limit must
negotiate NEW SA with a NEW secret key
• Since IP does not guarantee packet delivery order (or
at all for that matter), the receiver uses the familiar
sliding window concept for data transmission.
Integrity Check Value
• ICV value in the Authentication Data
• Authentication code from a MAC algorithm
• Can use HMAC-MD5-96 or HMAC-SHA-1-96
• Calculation of the MAC code:
• Includes immutable fields and predictable fields
• Other fields set to 0
• Authentication Data field = 0
• Includes all additional protocol information (TCP/IP),
which should be immutable
• Recalculated and destination
Transport and Tunnel Modes
Encapsulating Security Payload
• Confidentiality services
• ESP can optionally provide authentication
• Parameters in an ESP Packet:
• Security Parameters Index
• Sequence Number
• Payload Data
• Padding
• Pad Length
• Next Header
• Authentication Data (e.g. ICV value)
Encapsulating Security Payload
Encryption and Decryption
• Uses any number symmetric encryption algorithms
• Three-key DES
• RC5
• Blowfish
• More
• Specified by the DOI
• Padding:
• Padding can indicate cipher text length, make plain
text long enough
• Used to align fields
• Conceal actual payload length
Transport Mode

Tunneling Mode
Transport and Tunnel Modes
• Transport Mode
• IP Header removed. Payload (including TCP header)
encrypted/replaced by cipher text
• Header attached/sent to destination
• Destination detaches and decrypts payload
• Tunnel Mode
• Entire packet is encrypted
• New IP Header added to cipher text and routed
• Decrypts the packet at destination
• Secondary header used for final routing
Combining Security Associates/Keys
• Can combine security associates (4 cases)
• IPSec requires management of secret keys
• Two types of key management: auto and manual
• Oakley Key Determination Protocol (like Diffie-
Hellman, but more secure)
• Cookies against clog attacks
• nonces to prevent replays
• authenticate against man in the middle
• Internet Security Association and Key Management
Protocol (allows various key exchange algorithms)
Combining Security Associations
Internet Key Exchange

• The IPsec Architecture document mandates support for two types of

• Manual
• Automated

• The default automated key management protocol for IPsec is referred

• Oakley Key Determination Protocol