Somesh Jha
University of Wisconsin
1
Outline
why IPSec?
IPSec Architecture
Internet Key Exchange (IKE)
IPSec Policy
discussion
2
IP is not Secure!
3
Security Issues in IP
source spoofing
replay packets • DOS attacks
• Replay attacks
no data integrity or • Spying
confidentiality • and more…
Fundamental Issue:
Networks are not (and will never be)
fully secure
4
Goals of IPSec
5
Outline
Why IPsec?
IPSec Architecture
Internet Key Exchange (IKE)
IPsec Policy
Discussion
6
The IPSec Security Model
Secure
Insecure
7
IPSec Architecture
ESP AH
IKE
9
IPsec Architecture
Transport Mode
Router Router
Tunnel Mode
10
Various Packets
Tunnel
IP header IPSec header IP header TCP header data
mode
11
IPSec
13
AH Details
14
AH Packet Details
New IP header
Next Payload
Reserved
header length
Authenticated Encapsulated
Sequence Number
TCP or IP packet
Old IP header (only in Tunnel mode)
TCP header
Hash of everything
else Data
Authentication Data
15
Encapsulating Security
Payload (ESP)
Provides all that AH offers, and
in addition provides data
confidentiality
– Uses symmetric key encryption
16
ESP Details
Same as AH:
– Use 32-bit sequence number to counter
replaying attacks
– Use integrity check algorithms
Only in ESP:
– Data confidentiality:
Uses symmetric key encryption algorithms
to encrypt packets
17
ESP Packet Details
IP header
Next Payload
Reserved
header length
Authentication Data
18
Question?
19
Outline
Why IPsec?
IPsec Architecture
Internet Key Exchange (IKE)
IPsec Policy
Discussion
20
Internet Key Exchange
(IKE)
Exchange and negotiate security
policies
Establish security sessions
– Identified as Security Associations
Key exchange
Key management
Can be used outside IPsec as well
21
IPsec/IKE Acronyms
22
IPsec/IKE Acronyms
23
How They Fit Together
SPD
SA-1
SA-2
SADB SPI
SPI
24
SPD and SADB Example
Transport Mode A’s SPD
From To Protocol Port Policy
A B
C D A B Any Any AH[HMAC-MD5]
Tunnel Mode
From To Protocol SPI SA Record
A’s SADB
A B AH 12 HMAC-MD5 key
27
IKE Phase 1
28
Examples
– Quick mode
Four messages in two round trips
Less options
30
Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
31
Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA2]
32
Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA2]
[Header, KE, Ni, {Cert_Reg} ]
33
Phase 1 (Main Mode)
Initiator Responder
Header, SA1
[Header, SA1]
[Header, KE, Ni { , Cert_Req} ]
34
Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA1]
35
Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {, Cert_req}]
37
Phase 1 (Aggressive Mode)
Initiator Responder
[Header, [Cert]sig]
38
IPSec (Phase 1)
41
IP Payload Compression
42
Outline
Why IPsec?
IPsec Architecture
Internet Key Exchange (IKE)
IPSec Policy
Discussion
43
IPsec Policy
Phase 1 policies are defined in terms of
protection suites
Each protection suite
– Must contain the following:
Encryption algorithm
Hash algorithm
Authentication method
Diffie-Hellman Group
– May optionally contain the following:
Lifetime
…
44
IPSec Policy
45
IPSec Policy Example
In English:
– All traffic to 128.104.120.0/24 must be:
Use pre-hashed key authentication
DH group is MODP with 1024-bit modulus
Hash algorithm is HMAC-SHA (128 bit key)
Encryption using 3DES
In IPSec:
– [Auth=Pre-Hash;
DH=MODP(1024-bit);
HASH=HMAC-SHA;
ENC=3DES]
46
IPsec Policy Example
In English:
– All traffic to 128.104.120.0/24 must use one
of the following:
AH with HMAC-SHA or,
ESP with 3DES as encryption algorithm and
(HMAC-MD5 or HMAC-SHA as hashing algorithm)
In IPsec:
– [AH: HMAC-SHA] or,
– [ESP: (3DES and HMAC-MD5) or
(3DES and HMAC-SHA)]
47
Virtual Private Networks
(VPNs)
Virtual
– It is not a physically distinct network
Private
– Tunnels are encrypted to provide
confidentiality
CS dept might have a VPN
– I can be on this VPN while traveling
48
Alice is Traveling
50
Outline
Why IPsec?
IPsec Architecture
Internet Key Exchange (IKE)
IPsec Policy
Discussion
51
Discussion
53
Resources
Google search
54