18 july 2004bill nickless / ipsec1 ipsec internet protocol security and you

18 July 2004Bill Nickless / IPSec 1

IPSec

Internet Protocol Security

And You


Outline

• What is IPSec, and what is it for?

• The IPSec Framework

• How do IKE, AH, and ESP fit together?

• Routing and Technology Issues

• Management and Policy Issues

• How To Learn More


IPSec Scope (RFC 2401)

Good news:

IPSEC is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6.


IPSec Scope (RFC 2401)

Bad news:

The set of IPSec protocols employed in any context, and the ways they are employed, will be determined by the security and system requirements of users, applications, and/or sites/organizations.


IPSec Scope

• IPSec is a technology.

• IPSec is NOT a solution.

• Better: IPSec is a technology framework.


Outline








IPSec

• Standards-based IP Security Framework– Data Integrity– Data Confidentiality– Data Origin Authentication– Anti-Replay Protection

• Supported in modern router software– Cisco IOS 12.1(19) or later– Juniper JUNOS 5.3 or later

(with Encryption Services PIC)


IPSec

Router performs additional operations:

1. Receive the packetand verify/decrypt it

2. Inspect the headers of the packet

3. Based on that inspection, put the packet into an outbound queue

4. Transmit the packet when it reaches the front of the outbound queueand sign/encrypt it

Version(4 or 6)

Protocol(TCP, etc)

Source IP Address

Destination IP Address

Source Port Destination Port

Flags Time To Live

Data

(possibly with sequence number)

Checksum

IP

IP

IP

IP

IP

1

2

3

4


Ciphers, Signing and Keys(Oh My!)

• IPSec is a framework that supports many cryptographic technologies.

• What fits into the IPSec framework?– Diffie-Hellman Key Exchange– Ciphers– Hashes– Shared Secrets– Certificates– Perfect Forward Secrecy


Diffie-Hellman Key Exchange

• Agree on a secret shared key, without a secure channel.

Suppose Alice and Bob want to agree on a shared secret key using the Diffie-Hellman key agreement protocol. They proceed as follows: First, Alice generates a random private value a and Bob generates a random private value b. Both a and b are drawn from the set of integers . Then they derive their public values using parameters p and g and their private values. Alice's public value is ga mod p and Bob's public value is gb mod p. They then exchange their public values. Finally, Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p. Since gab = gba = k, Alice and Bob now have a shared secret key k.

http://www.rsasecurity.com/rsalabs/node.asp?id=2248


Ciphers

• Obscure data, so that it can only be read by someone with the right “key”

• DES, AES, RSA, RC5, Blowfish, Skipjack, etc.


Hashes

• Take a bunch of data, make a digest of it, so that changes can be detected

• MD5, SHA-1, RIPEMD-160


Shared Secrets

• Prove identity by demonstrating knowledge of the same data

• Not necessary to actually transmit the shared secret.


Perfect Forward Secrecy

RFC 2409:Perfect Forward Secrecy (PFS) refers to the notion

that compromise of a single key will permit access to only data protected by a single key.

For PFS to exist the key used to protect transmission of data MUST NOT be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material MUST NOT be used to derive any more keys.


Certificates

• Establish trust based on mutual trust of a third party

• X.509


IPSec Security Associations

• IPSec Security Associations (SA)– between two routers

(or hosts)– Unicast only– Unidirectional– Selection Criteria:

Drop, Apply IPSec, Pass without IPSec


IPSec

Router IPSec flow:1. Receive the packet.

2. Inspect the headers of the packet. Matching Security Association (SA)?

3. If so, verify/decrypt

4. Inspect headers again. Make routing decision, and look for matching Security Association (SA).

5. If so, sign/encrypt

6. Transmit the packet.

Version(4 or 6)

Protocol(TCP, etc)

Source IP Address



Flags Time To Live

Data


Checksum

IP

IP

IP

IP

IP

1

2

5

3

4

6


Outline








The Internet Key Exchange (IKE)

RFC 2409:The purpose is to negotiate, and provide

authenticated keying material for, security associations in a protected manner.

Processes which implement this memo can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network.


IKE Phase 1

Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA).


IKE Phase 2

Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation.


IKE New Group

"New Group Mode" is not really a phase 1 or phase 2. It follows phase 1, but serves to establish a new group which can be used in future negotiations.


IKE In Operation


Authentication Header (AH)

Uses a hash such as MD5 or SHA– Protects against

modification– Protects against replay

• RFC 2402

Version(4 or 6)

Protocol(TCP, etc)

Source IP Address



Flags Time To Live

Authentication Header

Data


Checksum


ESP: Encapsulating Security Payload

Transport Mode

• Before applying ESP

---------------------------- IPv4 |orig IP hdr | | | |(any options)| TCP | Data | ----------------------------

• After applying ESP ------------------------------------------------- IPv4 |orig IP hdr | ESP | | | ESP | ESP| |(any options)| Hdr | TCP | Data | Trailer |Auth| ------------------------------------------------- |<----- encrypted ---->| |<------ authenticated ----->|

• RFC 2406


Recursive Encapsulation: Tunneling

Why?

– Create a virtual connection between two parts of a private Internet that…

…uses nonroutable addresses?

…uses advanced services like IPv6 or multicast?

– Encrypt the encapsulated packet


Recursive Encapsulation: Tunneling

• Encapsulate an IP packet inside the data portion of another IP packet

Version(4 or 6)

Protocol(TCP, etc)

Source IP Address Destination IP Address


Flags Time To Live

Data


Checksum

Version(4 or 6)

Protocol(TCP, etc)

Source IP Address



Flags Time To Live

Data


Checksum


ESP: Encapsulating Security Payload

Tunnel Mode

• Before applying ESP ---------------------------- IPv4 |orig IP hdr | | | |(any options)| TCP | Data | ----------------------------

• After applying ESP --------------------------------------------------------------- IPv4 | new IP hdr | ESP | orig IP hdr | | | ESP | ESP| |(any options)| HDR | (any options)| TCP | Data |Trailer |Auth| --------------------------------------------------------------- |<--------- encrypted -------------->| |<----------- authenticated -------------->|

• RFC 2406


IPSec

Router IPSec flow:1. Receive the packet.

2. Inspect the headers of the packet. Matching Security Association (SA)?

3. If so, verify/decrypt

4. Inspect headers again. Make routing decision, and look for matching Security Association (SA).

5. If so, sign/encrypt

6. Transmit the packet.

Version(4 or 6)

Protocol(TCP, etc)

Source IP Address



Flags Time To Live

Data


Checksum

IP

IP

IP

IP

IP

1

2

5

3

4

6


ESP in Operation


Outline

• What is IPSEC, and what is it for?

• The IPSEC Framework






ESP and AH

• Additional Header Information– Smaller payload– MTU ugliness

• Cryptographic Operations– Additional Complexity– More CPU load?


ESP Tunnel Mode

• Original headers obscured– Bad guys can’t see the headers

...neither can your firewall!

...neither can your router!

• Creates a Virtual Circuit– Encapsulated IP TTL isn’t decremented– Intermediate hops are obscured– Remember debugging ATM VCs?

…or MPLS?


ESP in Operation


Outline








Where is your Security Perimeter?

• Firewalls and ACLs protect your network

• IPSec VPN solutions bring external hosts inside your network

• Should you trust those external hosts?– Viruses, Worms, Trojans– OS Vendor Patch-of-the-week– “Art and Music” sharing

• Split tunneling vs. Host-based Firewalls


Policy Enforcement

• Enforcement Requires Visibility

• ESP Tunnel Mode– Bad guys can’t see the headers

….neither can your firewall!

….neither can your router!

• Encryption Obscures Activity– Is this traffic work-related or “Art and Music”?


IPSec: A Two-Edged Sword

• Powerful set of options– Data Confidentiality– Data Integrity– Data Origin Authentication

• Bad Guys can use IPSec too– Back doors– Hiding “bad” activity


IPSec Legal/Societal Issues

• Cryptography: Controlled as a Munition

• Lawful Intercept

• U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA)

(Not a comprehensive list)


Outline








Example Solution: Cisco Easy VPN


Cisco and Linux Interoperate

http://www.sans.org/rr/papers/20/753.pdf


Juniper IPSec Configurationhttp://www.juniper.net/techpubs/software/junos/junos63/ swconfig63-services/html/ipsec-config.html

IETF IPSec Working Grouphttp://www.ietf.org/html.charters/ipsec-charter.html

http://www.vpnc.org/vpn-standards.htmlVirtual Private Network Consortium

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/ 122cgcr/fsecur_c/fipsenc/scfipsec.htm

Cisco IPSec Configuration

http://www.juniper.net/techpubs/software/junos/junos63/

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/

18 july 2004bill nickless / ipsec1 ipsec internet protocol security and you

Documents

ipsec frameworkhow

ipsec scopeipsec

secret shared key

shared secret key

single key

ipsec security associationsi

set of ipsec protocols

gab mod