IP SECURITY

1
IPSec Three Functional Areas
 IPSec encompasses three functions,
Authentication
Identify the Source address, i.e., against the forgers.
Against alteration (Plaintext transmit only)
Confidentiality
Prevent eavesdropping by 3rd party (ciphertext transmit)
Key management
Exchange the secret keys securely.

2
IPSec Overview

 Flexibility
Not a sigle protocol

 (Security algorithms decided by the pair of

comm. entites) + (General framework)

 Transparent to applications
Encrypt and/or all traffic at the IP level.
All the distributed applications could be secured.

3
 Applications
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establsihing extranet and intranet connectivity with
partners
Enhancing electronic commerce security

4
 IPSec Scenario

Individual user is available

Encrypt and compress

5
IPSec Document Overview

RFC-2401

RFC-2406 RFC-2402

RFC-2403~5 RFC-2403,4
3DES-CBC HMAC-SHA-1
CAST HMAC-MD5

Domain of Interpretation

6
Security Association (SA)

 A one-way relationsship between a sender and a

receiver that specifies the parameters to the
traffic carried.

 Who to protect the traffic, what traffic to be

protected and with whom the protection is
performed.

 Typically, SAs exist in pairs, one in each direction.

 SAs reside in the Security Association Database.

7
 Identified by three parameters:

Security Parameter Index (SPI)

Bit string assigned to the certain SA, local sinificant only.
Carried in AH or ESP heades

IP Destination address

Unicast addresses only
Security Protocol Identifier
Indicate whether it’s a AH or ESP.

8
Security Association Database (SAD)
 Defines the parameters associated within each SA.

 The functionality provided by a SAD must be present

in IPSec, however, the way it presents is depends on
the implementor.

9
SA 8-Parameter in SAD

 Sequence Number Counter

32-bit value
Use to generate the sequence number in AH or ESP
header

 Sequence Counter overflow

If overflow, generate an auditable event and terminate
such a SA.

 Anti-Replay Window
Determine whether an inbound AH or ESP packet is
replay.

10
 AH Information
All the details of authentication algorithm within this SA.

 ESP Information
All the details of the Encryption algorithm within this
SA.

 Lifetime of this Security Association

 IPSec protocol Mode

Tunnel, Transport, or wildcard.

 Path MTU
11
Anti-Replay Mechanism
 Sequence number (Sender)
1. The sender initialized a sequence number counter once a
new SA is established.

2. The sender will increase the sequence number by one once
a packet is sent on this SA till the limit, (232 – 1), is reached.

3. The sender should terminate a SA in which the sequence

number is maximum and negotiate a new SA with a new key.

12
  Sliding receive window (Receiver)
Advance the window if the valid
packet to the “right” is received
irretrievably lost

Fixed window size

Unmarked if valid
packet not yet received

13
Security Policy Database (SPD)

 Maintain the IPSec policies.

 Each entry defines,

Which IP traffic to be protected,
IP traffic  selectors  IPSec policy. (SPD)

How to protect it. One of three actions to take upon IP

traffic match
Discard
Bypass
Apply  An SA or a bundle of SAs.

With whom the protection is shared

14
 Map to the SAD. (per packet or per SPD entry). In
other words, points to an SA for a certain IP
traffic.

15
SA 10-Selector in SPD

 Destination IP address
 Source IP address
 UserID
 Data Sensitivity level
 Transport layer protocol
 IPSec protocol
 Source and Destination ports
 IPv6 class
 IPv6 Flow label
 IPv4 Type of Service(TOS)
16
IPSec
 SA
AH or ESP or ESP/AH
 AH
Authenticated only, i.e., the payload of the IP packet will
be transmitted in “plaintext”.
 ESP
Authentication is an option.
Ciphertext

 Each AH and ESP has two modes

Transport
Tunnel

17
 Transport Mode vs. Tunnel Mode

 Transport mode
Only the IP payload will be protected.
Origin IP address is the outbound address.

 Tunnel mode
The entire IP packet (including IP address) will be
protected.
A router or firewall’s IP address will be the destination
address instead.

18
 Authentication Header (AH)

 Design to provide
Integrity
Authentication

 Does not support

Confidentiality

 Guards against the replay attack

19
AH Fields

 Next header:
Identify the type of the next header.
IP protocol number for AH is 51.
 Payload length:
{[Total length of AH (in word) ] – 2 }
In default case, the length is 4.
 Reserved
For future usage.
 SPI:
Identifies a SA
 Sequence number:
a monotonically increasing counter for anti-replay.
20
 Authentication data:
contains Integrity check value (ICV) or message
authentication code (MAC)
HMAC-MD5-96
HMAC-SHA-1-96

21
MAC Calculation

 IP header
immutable : available
mutable but predictable : available
mutable but unpredictable : set to zero
TOS, Flags, TTL, IP hdr checksum, fragment offset

 AH header
Other than the Authentication Data field.
Namely, set that field to zero.
 IP payload
immutabel.

22
Mutable Field in IPv4 Format

0 4 8 16 19 31

Ver IHL TOS Total length

Identification Flag Fragment Offset
TTL Protocol Header Checksum
Source Address
Destination Address
Options + Padding

23
Mutable Fields in IPv6 Format
0 4 8 16 19 31

Ver Traffic Class Flow Label

Payload length Next hdr Hop limit

4-word
Source Address

4-word
Destination Address

Extension Header
24
IPv6 with Extension Headers

IPv6 Header

Hop-by-Hop opt. hdr

Destination Opt. hdr
Routing Header
Fragment Header
AH
ESP

Destination Opt. hdr 25

AH Format
0 8 16 31

Next Header Payload Length Reserved

Security Parameters Index (SPI)

Sequence Number

Authentication Data (variable)

26
Origin IPv4 and IPv6

Orig IP
IPv4 TCP Data
hdr

IPv6 Orig IP Extension headers

TCP Data
hdr (If present)

27
Transport Mode AH

Authenticated except
for mutable fields

IPv4 Orig IP
AH TCP Data
hdr

Authenticated except
for mutable fields

IPv6 Orig IP Hop-by-hop, dest,

AH dest TCP Data
hdr routing, fragment

28
 Tunnel Mode AH

IP TCP Data
IPv4 Authenticated except for
mutable fields in the new IP hdr

New IP Orig IP
IPv4 hdr
AH
hdr
TCP Data

Authenticated except for mutable fields

in the new IP hdr and its extension hdrs

New IP Extension Orig IP Extension

IPv6 hdr headers
AH
hdr headers
TCP Data

29
AH Approach

Transport SA

Transport SA

Tunnel SA

30
Encapsulating Security Payload (ESP)

 ESP
Provide confidentiality only.

 ESP/AH
Support both encryption and authentication

31
ESP Fields

 Security parameters index (SPI)

 Identifies a certain SA
 Sequence number
 The same as in AH
 Payload data
 protected by encryption
 Padding
 Encryption algorithm
 Next header
 Identifies the type of data contained in the payload.
 IP protocol number is 50.
 Authentication data
 MAC computes over the (ESP packet – Authentication Data)

32
ESP Format
0 16 24 31

Security Parameters Index (SPI)

Sequence Number
Authentication coverage
Confidentiality coverage

Payload Data (variable)

Padding (0-255 bytes)

Pad Length Next Header

Authentication Data (variable)

33
Encryption and Authentication in ESP

 Encryption algorithm
The cryptographic synchronization (IV) may be carried at
the beginning of the payload
Although being part of the ciphertext, IV won’t, in
general, be encrypted.
Essential : DES in CBC mode
Others : 3DES, RC5, IDEA, 3IDEA, CAST, Blowfish
symmetric key encryption

 Authentication algorithm
The same as in AH.
Ciphertext+ ESP tailer

34
 Transport Mode ESP

Authenticated

IPv4 IP TCP Data Encrypted

Orig IP ESP ESP ESP

IPv4 hdr
TCP Data
trlr auth
hdr

Authenticated
Encrypted

IPv6 Orig IP Hop-by-hop, dest, ESP

routing, fragment hdr
dest TCP Data
ESP ESP
trlr auth
hdr

35
 Tunnel Mode ESP

Authenticated
IPv4 IP TCP Data
Encrypted

IPv4 new IP ESP Orig IP

TCP Data
ESP ESP
hdr hdr hdr trlr auth

Authenticated

Encrypted

IPv6 new IP ext ESP orig IP ext ESP ESP

headers hdr headers
TCP Data
hdr hdr trlr auth

36
ESP Approach

Transport-level security

VPN via Tunnel Mode

37
Functionality of Tunnel and Transport Mode

Transport Mode SA Tunnel Mode SA

Authenticates entire inner IP

Authenticates IP payload and selected
packet plus selected portions
AH portions of IP header and IPv6 extension
of outer IP header and outer
headers
IPv6 extension headers

Encrypts IP payload and any IPv6

ESP extesion header following the ESP Encrypts inner IP packet
header

Encrypts IP payload and any IPv6

extesion header following the ESP
Encrypts inner IP packet.
ESP/AH header. Authenticates IP payload but no
Authenticates inner IP packet.
IP header

38
IPSec Services Summary

AH ESP ESP/AH

Access control   

Integrity  

Authentication  

Anti-replay   

Confidentiality  
Limited traffic flow
 
confidentiality

39