Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Ge Zhang ge.zhang@kau.se
Karlstad University
Karlstad University
Karlstad University
Karlstad University
Scenario
Alice
Attacker
Bob
Karlstad University
Passive attacks
Read contents of message from Alice to Bob Attacker
Alice
Bob
Attacker
Alice
Bob
Karlstad University
Active attacks
Attacker disrupts service provided by server Attacker
Alice
Alice
Bob
Capture message from Bob to Alice; later replay message to Alice Attacker
Alice
Bob
Alice
Bob
Karlstad University
Security services
Data origin authentication Data confidentiality Anonymity Data integrity Non-repudiation
Karlstad University
Security mechanism
Encipher Digital signature Trusted functionality Detection and prevention
Karlstad University
Karlstad University
Goals of IPSec
to verify sources of IP packets
Data source authentication
Karlstad University
IPSec subprotocols
AH
Authentication Header
IPSec Security Policy
IPSecIP Security
Provide encryption and integrity protection to IP packets (and authentication of two peers).
AH (Authentication Header)
An additional header, provides integrity protection
Karlstad University
Karlstad University
Transport mode
R1 A
R2
Tunnel mode
R1->R2 A->B Payload A->B Payload
A->B
Payload
Karlstad University
Karlstad University
AH Details
Use 32-bit increasing sequence number to avoid replay attacks Use cryptographically strong hash algorithms to protect data integrity (96-bit)
Use symmetric key cryptography HMAC-SHA-96, HMAC-MD5-96
Karlstad University
Karlstad University
Karlstad University
Karlstad University
ESP Details
Same as AH:
Use 32-bit sequence number to counter replaying attacks Use integrity check algorithms ( protect on different fields)
Only in ESP:
Data confidentiality:
Uses symmetric key encryption algorithms to encrypt packets
Karlstad University
ESP in fact puts information both before and after the protected data. For encryption, DATA, padding, padding length and next header are encrypted. For authentication, all fields are included.
Karlstad University
Karlstad University
Anti-replay service
Sequence number (from 0 to 232-1) The sender increments the sequence number for each generated packet. How to detect replayed packet?
The receiver maintains an array with 232 units to mark which packets have been received. The receiver only accepts the packets with larger sequence number than the previous one. Both are not good methods, why?
Karlstad University
59 54 64
53 55 56 54 57 58 59 60 61 62 63 64 65 66
Karlstad University
SA parameters:
Sequence number counter Anti-replay window AH information (key, algorithms) ESP information (key, algorithms) IPSec protocol mode (Tunnel, transport)
Karlstad University
Karlstad University
Private
Tunnels are encrypted to provide confidentiality
Tunnel
Intranet server
Mail server
Karlstad University
Discussion
IPSec is not the only solution!
Security features can be added on top of IP!
e.g. Kerberos, SSL
Confused?
IP, IPSec protocols are very complex!
Two modes, three sub protocols
Karlstad University
Discussion
Has it been used?
Yesprimarily used by some VPN vendors
But not all routers support it
Karlstad University
Key points
Security attack, mechanism and service Classical attacks in the internet IPSec encompasses : authentication, confidentiality and key management AH and ESP Transport mode and tunnel mode Slide window to defend against replay attack VPN
Karlstad University