18 july 2004bill nickless / ipsec1 ipsec internet protocol security and you
TRANSCRIPT
18 July 2004Bill Nickless / IPSec 1
IPSec
Internet Protocol Security
And You
18 July 2004Bill Nickless / IPSec 2
Outline
• What is IPSec, and what is it for?
• The IPSec Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
18 July 2004Bill Nickless / IPSec 3
IPSec Scope (RFC 2401)
Good news:
IPSEC is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6.
18 July 2004Bill Nickless / IPSec 4
IPSec Scope (RFC 2401)
Bad news:
The set of IPSec protocols employed in any context, and the ways they are employed, will be determined by the security and system requirements of users, applications, and/or sites/organizations.
18 July 2004Bill Nickless / IPSec 5
IPSec Scope
• IPSec is a technology.
• IPSec is NOT a solution.
• Better: IPSec is a technology framework.
18 July 2004Bill Nickless / IPSec 6
Outline
• What is IPSec, and what is it for?
• The IPSec Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
18 July 2004Bill Nickless / IPSec 7
IPSec
• Standards-based IP Security Framework– Data Integrity– Data Confidentiality– Data Origin Authentication– Anti-Replay Protection
• Supported in modern router software– Cisco IOS 12.1(19) or later– Juniper JUNOS 5.3 or later
(with Encryption Services PIC)
18 July 2004Bill Nickless / IPSec 8
IPSec
Router performs additional operations:
1. Receive the packetand verify/decrypt it
2. Inspect the headers of the packet
3. Based on that inspection, put the packet into an outbound queue
4. Transmit the packet when it reaches the front of the outbound queueand sign/encrypt it
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
IP
IP
IP
IP
IP
1
2
3
4
18 July 2004Bill Nickless / IPSec 9
Ciphers, Signing and Keys(Oh My!)
• IPSec is a framework that supports many cryptographic technologies.
• What fits into the IPSec framework?– Diffie-Hellman Key Exchange– Ciphers– Hashes– Shared Secrets– Certificates– Perfect Forward Secrecy
18 July 2004Bill Nickless / IPSec 10
Diffie-Hellman Key Exchange
• Agree on a secret shared key, without a secure channel.
Suppose Alice and Bob want to agree on a shared secret key using the Diffie-Hellman key agreement protocol. They proceed as follows: First, Alice generates a random private value a and Bob generates a random private value b. Both a and b are drawn from the set of integers . Then they derive their public values using parameters p and g and their private values. Alice's public value is ga mod p and Bob's public value is gb mod p. They then exchange their public values. Finally, Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p. Since gab = gba = k, Alice and Bob now have a shared secret key k.
http://www.rsasecurity.com/rsalabs/node.asp?id=2248
18 July 2004Bill Nickless / IPSec 11
Ciphers
• Obscure data, so that it can only be read by someone with the right “key”
• DES, AES, RSA, RC5, Blowfish, Skipjack, etc.
18 July 2004Bill Nickless / IPSec 12
Hashes
• Take a bunch of data, make a digest of it, so that changes can be detected
• MD5, SHA-1, RIPEMD-160
18 July 2004Bill Nickless / IPSec 13
Shared Secrets
• Prove identity by demonstrating knowledge of the same data
• Not necessary to actually transmit the shared secret.
18 July 2004Bill Nickless / IPSec 14
Perfect Forward Secrecy
RFC 2409:Perfect Forward Secrecy (PFS) refers to the notion
that compromise of a single key will permit access to only data protected by a single key.
For PFS to exist the key used to protect transmission of data MUST NOT be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material MUST NOT be used to derive any more keys.
18 July 2004Bill Nickless / IPSec 15
Certificates
• Establish trust based on mutual trust of a third party
• X.509
18 July 2004Bill Nickless / IPSec 16
IPSec Security Associations
• IPSec Security Associations (SA)– between two routers
(or hosts)– Unicast only– Unidirectional– Selection Criteria:
Drop, Apply IPSec, Pass without IPSec
18 July 2004Bill Nickless / IPSec 17
IPSec
Router IPSec flow:1. Receive the packet.
2. Inspect the headers of the packet. Matching Security Association (SA)?
3. If so, verify/decrypt
4. Inspect headers again. Make routing decision, and look for matching Security Association (SA).
5. If so, sign/encrypt
6. Transmit the packet.
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
IP
IP
IP
IP
IP
1
2
5
3
4
6
18 July 2004Bill Nickless / IPSec 18
Outline
• What is IPSec, and what is it for?
• The IPSec Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
18 July 2004Bill Nickless / IPSec 19
The Internet Key Exchange (IKE)
RFC 2409:The purpose is to negotiate, and provide
authenticated keying material for, security associations in a protected manner.
Processes which implement this memo can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network.
18 July 2004Bill Nickless / IPSec 20
IKE Phase 1
Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA).
18 July 2004Bill Nickless / IPSec 21
IKE Phase 2
Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation.
18 July 2004Bill Nickless / IPSec 22
IKE New Group
"New Group Mode" is not really a phase 1 or phase 2. It follows phase 1, but serves to establish a new group which can be used in future negotiations.
18 July 2004Bill Nickless / IPSec 23
IKE In Operation
18 July 2004Bill Nickless / IPSec 24
IKE In Operation
18 July 2004Bill Nickless / IPSec 25
IKE In Operation
18 July 2004Bill Nickless / IPSec 26
Authentication Header (AH)
Uses a hash such as MD5 or SHA– Protects against
modification– Protects against replay
• RFC 2402
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Authentication Header
Data
(possibly with sequence number)
Checksum
18 July 2004Bill Nickless / IPSec 27
ESP: Encapsulating Security Payload
Transport Mode
• Before applying ESP
---------------------------- IPv4 |orig IP hdr | | | |(any options)| TCP | Data | ----------------------------
• After applying ESP ------------------------------------------------- IPv4 |orig IP hdr | ESP | | | ESP | ESP| |(any options)| Hdr | TCP | Data | Trailer |Auth| ------------------------------------------------- |<----- encrypted ---->| |<------ authenticated ----->|
• RFC 2406
18 July 2004Bill Nickless / IPSec 28
Recursive Encapsulation: Tunneling
Why?
– Create a virtual connection between two parts of a private Internet that…
…uses nonroutable addresses?
…uses advanced services like IPv6 or multicast?
– Encrypt the encapsulated packet
18 July 2004Bill Nickless / IPSec 29
Recursive Encapsulation: Tunneling
• Encapsulate an IP packet inside the data portion of another IP packet
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
18 July 2004Bill Nickless / IPSec 30
ESP: Encapsulating Security Payload
Tunnel Mode
• Before applying ESP ---------------------------- IPv4 |orig IP hdr | | | |(any options)| TCP | Data | ----------------------------
• After applying ESP --------------------------------------------------------------- IPv4 | new IP hdr | ESP | orig IP hdr | | | ESP | ESP| |(any options)| HDR | (any options)| TCP | Data |Trailer |Auth| --------------------------------------------------------------- |<--------- encrypted -------------->| |<----------- authenticated -------------->|
• RFC 2406
18 July 2004Bill Nickless / IPSec 31
IPSec
Router IPSec flow:1. Receive the packet.
2. Inspect the headers of the packet. Matching Security Association (SA)?
3. If so, verify/decrypt
4. Inspect headers again. Make routing decision, and look for matching Security Association (SA).
5. If so, sign/encrypt
6. Transmit the packet.
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
IP
IP
IP
IP
IP
1
2
5
3
4
6
18 July 2004Bill Nickless / IPSec 32
ESP in Operation
18 July 2004Bill Nickless / IPSec 33
Outline
• What is IPSEC, and what is it for?
• The IPSEC Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
18 July 2004Bill Nickless / IPSec 34
ESP and AH
• Additional Header Information– Smaller payload– MTU ugliness
• Cryptographic Operations– Additional Complexity– More CPU load?
18 July 2004Bill Nickless / IPSec 35
ESP Tunnel Mode
• Original headers obscured– Bad guys can’t see the headers
...neither can your firewall!
...neither can your router!
• Creates a Virtual Circuit– Encapsulated IP TTL isn’t decremented– Intermediate hops are obscured– Remember debugging ATM VCs?
…or MPLS?
18 July 2004Bill Nickless / IPSec 36
ESP in Operation
18 July 2004Bill Nickless / IPSec 37
Outline
• What is IPSEC, and what is it for?
• The IPSEC Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
18 July 2004Bill Nickless / IPSec 38
Where is your Security Perimeter?
• Firewalls and ACLs protect your network
• IPSec VPN solutions bring external hosts inside your network
• Should you trust those external hosts?– Viruses, Worms, Trojans– OS Vendor Patch-of-the-week– “Art and Music” sharing
• Split tunneling vs. Host-based Firewalls
18 July 2004Bill Nickless / IPSec 39
Policy Enforcement
• Enforcement Requires Visibility
• ESP Tunnel Mode– Bad guys can’t see the headers
….neither can your firewall!
….neither can your router!
• Encryption Obscures Activity– Is this traffic work-related or “Art and Music”?
18 July 2004Bill Nickless / IPSec 40
IPSec: A Two-Edged Sword
• Powerful set of options– Data Confidentiality– Data Integrity– Data Origin Authentication
• Bad Guys can use IPSec too– Back doors– Hiding “bad” activity
18 July 2004Bill Nickless / IPSec 41
IPSec Legal/Societal Issues
• Cryptography: Controlled as a Munition
• Lawful Intercept
• U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
(Not a comprehensive list)
18 July 2004Bill Nickless / IPSec 42
Outline
• What is IPSEC, and what is it for?
• The IPSEC Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
18 July 2004Bill Nickless / IPSec 43
Example Solution: Cisco Easy VPN
18 July 2004Bill Nickless / IPSec 44
Example Solution: Cisco Easy VPN
18 July 2004Bill Nickless / IPSec 45
Cisco and Linux Interoperate
http://www.sans.org/rr/papers/20/753.pdf
18 July 2004Bill Nickless / IPSec 46
Juniper IPSec Configurationhttp://www.juniper.net/techpubs/software/junos/junos63/ swconfig63-services/html/ipsec-config.html
IETF IPSec Working Grouphttp://www.ietf.org/html.charters/ipsec-charter.html
http://www.vpnc.org/vpn-standards.htmlVirtual Private Network Consortium
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/ 122cgcr/fsecur_c/fipsenc/scfipsec.htm
Cisco IPSec Configuration