21 july 2004bill nickless / ipsec1 ipsec internet protocol security and you
TRANSCRIPT
21 July 2004 Bill Nickless / IPSec 1
IPSec
Internet Protocol Security
And You
21 July 2004 Bill Nickless / IPSec 2
Outline
• What is IPSec, and what is it for?
• The IPSec Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
21 July 2004 Bill Nickless / IPSec 3
IPSec Scope (RFC 2401)
Good news:
IPSEC is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6.
21 July 2004 Bill Nickless / IPSec 4
IPSec Scope (RFC 2401)
Bad news:
The set of IPSec protocols employed in any context, and the ways they are employed, will be determined by the security and system requirements of users, applications, and/or sites/organizations.
21 July 2004 Bill Nickless / IPSec 5
IPSec Scope
• IPSec is a technology.
• IPSec is NOT a solution.
• Better: IPSec is a technology framework.
21 July 2004 Bill Nickless / IPSec 6
Outline
• What is IPSec, and what is it for?
• The IPSec Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
21 July 2004 Bill Nickless / IPSec 7
IPSec
• Standards-based IP Security Framework– Data Integrity– Data Confidentiality– Data Origin Authentication– Anti-Replay Protection
• Supported in modern router software– Cisco IOS 12.1(19) or later– Juniper JUNOS 5.3 or later
(with Encryption Services PIC)
21 July 2004 Bill Nickless / IPSec 8
IPSec
Router performs additional operations:
1. Receive the packetand verify/decrypt it
2. Inspect the headers of the packet
3. Based on that inspection, put the packet into an outbound queue
4. Transmit the packet when it reaches the front of the outbound queueand sign/encrypt it
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
IP
IP
IP
IP
IP
1
2
3
4
21 July 2004 Bill Nickless / IPSec 9
Ciphers, Signing and Keys(Oh My!)
• IPSec is a framework that supports many cryptographic technologies.
• What fits into the IPSec framework?– Diffie-Hellman Key Exchange– Ciphers– Hashes– Shared Secrets– Certificates– Perfect Forward Secrecy– Tunneling
21 July 2004 Bill Nickless / IPSec 10
Diffie-Hellman Key Exchange
• Agree on a secret shared key, without a secure channel.
Suppose Alice and Bob want to agree on a shared secret key using the Diffie-Hellman key agreement protocol. They proceed as follows: First, Alice generates a random private value a and Bob generates a random private value b. Both a and b are drawn from the set of integers . Then they derive their public values using parameters p and g and their private values. Alice's public value is ga mod p and Bob's public value is gb mod p. They then exchange their public values. Finally, Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p. Since gab = gba = k, Alice and Bob now have a shared secret key k.
http://www.rsasecurity.com/rsalabs/node.asp?id=2248
21 July 2004 Bill Nickless / IPSec 11
Ciphers
• Obscure data, so that it can only be read by someone with the right “key”
• DES, AES, RSA, RC5, Blowfish, Skipjack, etc.
21 July 2004 Bill Nickless / IPSec 12
Hashes
• Take a bunch of data, make a digest of it, so that changes can be detected
• MD5, SHA-1, RIPEMD-160
21 July 2004 Bill Nickless / IPSec 13
Shared Secrets
• Prove identity by demonstrating knowledge of the same data
• Not necessary to actually transmit the shared secret.
21 July 2004 Bill Nickless / IPSec 14
Perfect Forward Secrecy
RFC 2409:Perfect Forward Secrecy (PFS) refers to the notion
that compromise of a single key will permit access to only data protected by a single key.
For PFS to exist the key used to protect transmission of data MUST NOT be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material MUST NOT be used to derive any more keys.
21 July 2004 Bill Nickless / IPSec 15
Certificates
• Establish trust based on mutual trust of a third party
• X.509
21 July 2004 Bill Nickless / IPSec 16
Recursive Encapsulation: Tunneling
• Encapsulate an IP packet inside the data portion of another IP packet
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
21 July 2004 Bill Nickless / IPSec 17
Recursive Encapsulation: Tunneling
Why?
– Create a virtual connection between two parts of a private Internet that…
…uses nonroutable addresses?
…uses advanced services like IPv6 or multicast?
– Encrypt the encapsulated packet
21 July 2004 Bill Nickless / IPSec 18
IPSec Security Associations
• IPSec Security Associations (SA)– between two routers
(or hosts)– Unicast only– Unidirectional– Selection Criteria:
Drop, Apply IPSec, Pass without IPSec
21 July 2004 Bill Nickless / IPSec 19
IPSec
Router IPSec flow:1. Receive the packet.
2. Inspect the headers of the packet. Matching Security Association (SA)?
3. If so, verify/decrypt
4. Inspect headers again. Make routing decision, and look for matching Security Association (SA).
5. If so, sign/encrypt
6. Transmit the packet.
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Data
(possibly with sequence number)
Checksum
IP
IP
IP
IP
IP
1
2
5
3
4
6
21 July 2004 Bill Nickless / IPSec 20
Outline
• What is IPSec, and what is it for?
• The IPSec Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
21 July 2004 Bill Nickless / IPSec 21
How do IKE, AH, and ESP fit together?
• Good question…. But we don’t have time.
• See the slides after the end of this presentation (you can get them online).
21 July 2004 Bill Nickless / IPSec 22
Outline
• What is IPSEC, and what is it for?
• The IPSEC Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
21 July 2004 Bill Nickless / IPSec 23
ESP and AH
• Additional Header Information– Smaller payload– MTU ugliness
• Cryptographic Operations– Additional Complexity– More CPU load?
21 July 2004 Bill Nickless / IPSec 24
ESP Tunnel Mode
• Original headers obscured– Bad guys can’t see the headers
...neither can your firewall!
...neither can your router!
• Creates a Virtual Circuit– Encapsulated IP TTL isn’t decremented– Intermediate hops are obscured– Remember debugging ATM VCs?
…or MPLS?
21 July 2004 Bill Nickless / IPSec 25
ESP in Operation
21 July 2004 Bill Nickless / IPSec 26
Outline
• What is IPSEC, and what is it for?
• The IPSEC Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
21 July 2004 Bill Nickless / IPSec 27
Where is your Security Perimeter?
• Firewalls and ACLs protect your network
• IPSec VPN solutions bring external hosts inside your network
• Should you trust those external hosts?– Viruses, Worms, Trojans– OS Vendor Patch-of-the-week– “Art and Music” sharing
• Split tunneling vs. Host-based Firewalls
21 July 2004 Bill Nickless / IPSec 28
Policy Enforcement
• Enforcement Requires Visibility
• ESP Tunnel Mode– Bad guys can’t see the headers
….neither can your firewall!
….neither can your router!
• Encryption Obscures Activity– Is this traffic work-related or “Art and Music”?
21 July 2004 Bill Nickless / IPSec 29
IPSec Legal/Societal Issues
• Cryptography: Controlled as a Munition
• Lawful Intercept
• U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
(Not a comprehensive list)
21 July 2004 Bill Nickless / IPSec 30
IPSec: A Two-Edged Sword
• Powerful set of options– Data Confidentiality– Data Integrity– Data Origin Authentication
• Bad Guys can use IPSec too– Back doors– Hiding “bad” activity
21 July 2004 Bill Nickless / IPSec 31
Outline
• What is IPSEC, and what is it for?
• The IPSEC Framework
• How do IKE, AH, and ESP fit together?
• Routing and Technology Issues
• Management and Policy Issues
• How To Learn More
21 July 2004 Bill Nickless / IPSec 32
Cisco and Linux Interoperate
http://www.sans.org/rr/papers/20/753.pdf
21 July 2004 Bill Nickless / IPSec 33
Juniper IPSec Configurationhttp://www.juniper.net/techpubs/software/junos/junos63/ swconfig63-services/html/ipsec-config.html
IETF IPSec Working Grouphttp://www.ietf.org/html.charters/ipsec-charter.html
http://www.vpnc.org/vpn-standards.htmlVirtual Private Network Consortium
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/ 122cgcr/fsecur_c/fipsenc/scfipsec.htm
Cisco IPSec Configuration
21 July 2004 Bill Nickless / IPSec 34
Slides you would have seenIf you had been here on Sunday
(Linked from the JT Agenda)
21 July 2004 Bill Nickless / IPSec 35
Example Solution: Cisco Easy VPN
21 July 2004 Bill Nickless / IPSec 36
Example Solution: Cisco Easy VPN
21 July 2004 Bill Nickless / IPSec 37
The Internet Key Exchange (IKE)
RFC 2409:The purpose is to negotiate, and provide
authenticated keying material for, security associations in a protected manner.
Processes which implement this memo can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network.
21 July 2004 Bill Nickless / IPSec 38
IKE Phase 1
Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA).
21 July 2004 Bill Nickless / IPSec 39
IKE Phase 2
Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation.
21 July 2004 Bill Nickless / IPSec 40
IKE New Group
"New Group Mode" is not really a phase 1 or phase 2. It follows phase 1, but serves to establish a new group which can be used in future negotiations.
21 July 2004 Bill Nickless / IPSec 41
IKE In Operation
21 July 2004 Bill Nickless / IPSec 42
IKE In Operation
21 July 2004 Bill Nickless / IPSec 43
IKE In Operation
21 July 2004 Bill Nickless / IPSec 44
Authentication Header (AH)
Uses a hash such as MD5 or SHA– Protects against
modification– Protects against replay
• RFC 2402
Version(4 or 6)
Protocol(TCP, etc)
Source IP Address
Destination IP Address
Source Port Destination Port
Flags Time To Live
Authentication Header
Data
(possibly with sequence number)
Checksum
21 July 2004 Bill Nickless / IPSec 45
ESP: Encapsulating Security Payload
Transport Mode
• Before applying ESP
---------------------------- IPv4 |orig IP hdr | | | |(any options)| TCP | Data | ----------------------------
• After applying ESP ------------------------------------------------- IPv4 |orig IP hdr | ESP | | | ESP | ESP| |(any options)| Hdr | TCP | Data | Trailer |Auth| ------------------------------------------------- |<----- encrypted ---->| |<------ authenticated ----->|
• RFC 2406
21 July 2004 Bill Nickless / IPSec 46
ESP: Encapsulating Security Payload
Tunnel Mode
• Before applying ESP ---------------------------- IPv4 |orig IP hdr | | | |(any options)| TCP | Data | ----------------------------
• After applying ESP --------------------------------------------------------------- IPv4 | new IP hdr | ESP | orig IP hdr | | | ESP | ESP| |(any options)| HDR | (any options)| TCP | Data |Trailer |Auth| --------------------------------------------------------------- |<--------- encrypted -------------->| |<----------- authenticated -------------->|
• RFC 2406
21 July 2004 Bill Nickless / IPSec 47
ESP in Operation