ch16 IP Security.ppt

CryptographyandNetworkSecurityChapter16,FourthEditionbyWilliamStallingsLectureslidesbyLawrieBrown,Chapter16IPSecurity,Ifasecretpieceofnewsisdivulgedbyaspybeforethetimeisripe,hemustbeputtodeath,togetherwiththemantowhomthesecretwastold.TheArtofWar,SunTzu,IPSecurity,havearangeofapplicationspecificsecuritymechanismseg.S/MIME,PGP,Kerberos,SSL/HTTPShowevertherearesecurityconcernsthatcutacrossprotocollayerswouldlikesecurityimplementedbythenetworkforallapplications,IPSec,generalIPSecuritymechanismsprovidesauthenticationconfidentialitykeymanagementapplicabletouseoverLANs,acrosspublic&privateWANs,&fortheInternet,IPSecUses,BenefitsofIPSec,inafirewall/routerprovidesstrongsecuritytoalltrafficcrossingtheperimeterinafirewall/routerisresistanttobypassisbelowtransportlayer,hencetransparenttoapplicationscanbetransparenttoenduserscanprovidesecurityforindividualuserssecuresroutingarchitecture,IPSecurityArchitecture,specificationisquitecomplexdefinedinnumerousRFCsincl.RFC2401/2402/2406/2408manyothers,groupedbycategorymandatoryinIPv6,optionalinIPv4havetwosecurityheaderextensions:AuthenticationHeader(AH)EncapsulatingSecurityPayload(ESP),IPSecServices,AccesscontrolConnectionlessintegrityDataoriginauthenticationRejectionofreplayedpacketsaformofpartialsequenceintegrityConfidentiality(encryption)Limitedtrafficflowconfidentiality,SecurityAssociations,aone-wayrelationshipbetweensender&receiverthataffordssecurityfortrafficflowdefinedby3parameters:SecurityParametersIndex(SPI)IPDestinationAddressSecurityProtocolIdentifierhasanumberofotherparametersseqno,AH&EHinfo,lifetimeetchaveadatabaseofSecurityAssociations,AuthenticationHeader(AH),providessupportfordataintegrity&authenticationofIPpacketsendsystem/routercanauthenticateuser/apppreventsaddressspoofingattacksbytrackingsequencenumbersbasedonuseofaMACHMAC-MD5-96orHMAC-SHA-1-96partiesmustshareasecretkey,AuthenticationHeader,Transport&TunnelModes,EncapsulatingSecurityPayload(ESP),providesmessagecontentconfidentiality&limitedtrafficflowconfidentialitycanoptionallyprovidethesameauthenticationservicesasAHsupportsrangeofciphers,modes,paddingincl.DES,Triple-DES,RC5,IDEA,CASTetcCBC&othermodespaddingneededtofillblocksize,fields,fortrafficflow,EncapsulatingSecurityPayload,TransportvsTunnelModeESP,transportmodeisusedtoencrypt&optionallyauthenticateIPdatadataprotectedbutheaderleftinclearcandotrafficanalysisbutisefficientgoodforESPhosttohosttraffictunnelmodeencryptsentireIPpacketaddnewheaderfornexthopgoodforVPNs,gatewaytogatewaysecurity,CombiningSecurityAssociations,SAscanimplementeitherAHorESPtoimplementbothneedtocombineSAsformasecurityassociationbundlemayterminateatdifferentorsameendpointscombinedbytransportadjacencyiteratedtunnelingissueofauthentication&encryptionorder,CombiningSecurityAssociations,KeyManagement,handleskeygeneration&distributiontypicallyneed2pairsofkeys2perdirectionforAH&ESPmanualkeymanagementsysadminmanuallyconfigureseverysystemautomatedkeymanagementautomatedsystemforondemandcreationofkeysforSAsinlargesystemshasOakley&ISAKMPelements,Oakley,akeyexchangeprotocolbasedonDiffie-Hellmankeyexchangeaddsfeaturestoaddressweaknessescookies,groups(globalparams),nonces,DHkeyexchangewithauthenticationcanusearithmeticinprimefieldsorellipticcurvefields,ISAKMP,InternetSecurityAssociationandKeyManagementProtocolprovidesframeworkforkeymanagementdefinesproceduresandpacketformatstoestablish,negotiate,modify,&deleteSAsindependentofkeyexchangeprotocol,encryptionalg,&authenticationmethod,ISAKMP,ISAKMPPayloads&Exchanges,haveanumberofISAKMPpayloadtypes:Security,Proposal,Transform,Key,Identification,Certificate,Certificate,Hash,Signature,Nonce,Notification,DeleteIS