Beruflich Dokumente
Kultur Dokumente
IAIK
IAIK
Institute for Applied Information Processing and Communications
Inffeldgasse 16a IAIK
A–8010 GRAZ TU Graz
IIS Homework
Version 1
Article
IIS - Gruppe 17
http://www.iaik.tu-graz.ac.at/teaching/
Internet Protocol Security
Mirza Plevljak, Pritam Lodh, Babak Arabani, and Thomas Holzmann
January 16, 2008
Abstract
With the growing size of the Internet and networks in general, security became
a huge problem. Many engineers and developers tried to find a solution and they
came up with many different concepts. At first trying to provide server-sided protec-
tion, which made at least the backbone networks safe, but the end-users, generally
workstations still suffered from a lack of security. That was the point when personal
firewalls were introduced, but it was still no “perfect” protection. Over the years
many other security systems have been introduced but IPSec became the most reli-
able and favorable solution. IPSec is an extension to the IP protocol which provides
security. When IPv4 was developed nobody thought that the networks would develop
so fast and many computers would participate. The first participants received huge
quantities(millions) of IP-addresses.
2
Contents
1 Why do we need IP security 4
3 IP Security Protocol 7
3.1 How it works and how to use . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1.1 Diffie-Hellman key exchange in detail . . . . . . . . . . . . . . . . . 8
3.1.2 The symmetric cryptosystem . . . . . . . . . . . . . . . . . . . . . 9
3.1.3 The security association . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1.4 SAD and SPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1.5 Operations of IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1.6 IP authentication header . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 IPSec protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2.1 Authentication Header . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.3 Encapsulating Security Payload (ESP) . . . . . . . . . . . . . . . . . . . . 13
3.4 Network Address Translators (NAT) . . . . . . . . . . . . . . . . . . . . . 16
5 Disadvantages of IP Security 22
3
1 Why do we need IP security
The Internet Protocol organizes the connections between computers in a network and im-
portant data should be transferred over this. Therefore we need security mechanisms for
the communication.
The discussion about Internet Security began in 1994 as the Internet Architecture Board
(IAB) issued a Report titled “Security in the Internet Architecture” which said that the
Internet needs more security and identified key areas for security. These were e.g. the need
to secure the network infrastructure for unauthorized monitoring and the need to secure
end-user-to-end-user traffic using authentication and encryption mechanisms.
In the year 1998 these concerns were fully justified by the Computer Emergency Response
Team (CERT) which listed many security incidents affecting many sites.
Therefore the Internet Architecture Board included authentication and encryption as im-
portant features for the next generation Internet Protocol IPv6 (IPv6 will be discussed
later in detail). Fortunately these capabilities can also be used with IPv4 and many ven-
dors have IP Security (IPSec) capabilities in their products now. [Sta]
In the future there will be even more demand on Internet security because the working
area of the Internet will be more broad. Much more people than today will make bank
transactions, make administrative activities where they have to send their personal data
over the internet and much more companies will transfer business data over the internet.
So we need good security protocols for the Internet.
But not only the address space was enlarged, also other features has been added. This
list will give you an overview of all these new features [Wik08f]:
4
Figure 1: Persons per IP address
• And others
2.1 IP addresses
As said before, the primary change from IPv4 to IPv6 is the enlargement of IP address
space and therefore also the IP address is growing from 32 bits to 128 bits. So also another
notation is required.
With IPv4 an IP address looks e.g. like this 200.123.233.133. There are four blocks, each
with three decimal numbers, and every block is representing eight bits. Each address is
divided into a network ID and a host ID. Normally the first 24 bits are the network ID
and the last 8 bits are the host ID. You have to define this division in the subnetmask.
So if the subnetmask is 255.255.255.0 it describes the division mentioned above: You have
a network ID e.g. 192.168.0.x and a host ID 192.168.0.1. This means that you can have
256 − 2 hosts in this network (-2 because host ID 0 means the whole network and 255 is
reserved for the broadcast, which means that all hosts will be called). Similarly to the
subnetmask you can say 192.168.0.1/24, which also means that the first 24 bits are the
network ID.
With IPv6 addresses are defined as eight blocks, each consisting of 4 hexadecimal num-
bers and divided with colons. One or more blocks with the values 000 can be replaced
with two colons, but one address may contain this only once. So e.g. the address
5
342e:9d3a:0000:0000:2b88:93c5:ee3a:054a can also be written as 342e:9d3a::2b88:93c5:ee3a:054a.
There also don’t exist netmasks any more. Instead of that you have to add a / and the
length of the network ID (in decimal) to define a subnet.
2.2.3 Multicast
Multicast means that you can send a message from one point to a whole group, without
multiplying the bandwidth of the sender for every receiver. So the sender only needs the
same bandwidth as each receiver. To send such a message, you need a special multicast IP
address (IPv6: every address starting with FF00::/8; IPv4: every address from 224.0.0.0
to 239.255.255.255).
6
2.2.5 Mobile IP
With mobile IP a computer can be reachable over the same IP address although it is not
connected over the same internet connection every time.
There is a home agent, which is assigned to one IP address. If now a computer isn’t
connected directly over this to the internet it sends a “Binding Update” to the home
agent. As request it gets a “Binding Acknowledgement”. Now the home agent routes
every packet to the the foreign link where the Binding Update came from. If the computer
changes its location, it has to execute Binding Update again. [JPA04]
2.2.6 IPSec
IPSec is a collection of IP security protocols and is integrated in IPv6 by default and it is
also possible to use IPSec with IPv4. But IPSec will be discussed more specific later so I
will not go in detail here.
3 IP Security Protocol
3.1 How it works and how to use
The main difference to other security systems is that IPsec takes is operating on the
network layer, instead of the transport layer (like SSH, SSL,...). Some protocols are very
7
Figure 2: Trust Relationship
complex, especially the internet key exchange protocol, which base is the Diffie-Hellman
key exchange.
8
3.1.2 The symmetric cryptosystem
The main difference between asymmetric and symmetric systems is that the same key is
used to de- and encrypting the message in the symmetric mode. At first both partners try
to find a shared prime number and a primitive root. Two random numbers are generated
which must remain secret. Then two variables A and B are generated and are sent over
the insecure link. With A and B K can be computed, where K is the key.
Figure 3: IP layers
Security Association Database and the Security Policy Database decide what happens
to an IP-packet. The SPD describes which traffic is being dropped or allowed and it
9
controls the outgoing packets, referring to the SAD entries.
• SPI(cookie)
• Sequence counter
• Lifetime info
• PATH MTUinfo
Figure 4:
Transport mode In the transport mode the IP-payload is encrypted, but the original
header files are left intact. It is used for end-to-end communication or for end-to-gateway
communication, but it is generally not used for gateway to gateway communication, here
the tunnel mode is used.
Tunnel mode Unlike the transport mode the whole IP-packet is encrypted in the tunnel
mode. There are two different tunnel modes: The AH (authentication header mode) and
the ESP (encapsulating security payload).
10
3.1.6 IP authentication header
The IP Authentication Header provides connectionless integrity, data origin authentica-
tion, and an optional anti-replay service.
The Encapsulating Security Payload may provide confidentiality (encryption), and limited
traffic flow confidentiality. It also may provide connectionless integrity, data origin authen-
tication, and an anti-replay service. (One or the other set of these security services must
be applied whenever ESP is invoked.)
AH is also used to provide protection against replay attacks . Technique used in this
case is called : technique of sliding windows .
Sliding window protocol is data transmission protocol in data link layer , which is used to
keep records of sequence numbers and acknowledgments sent from both sides .
Example for sliding window would be case in which sender fails to receive packet acknowl-
edgment for the first packet send , then sender slides the window or resets the window and
sends second package . Process is being repeated until sender interupts transmission.
AH provides authentication for many IP headers possible , and protects all header fields. In
this case there could be some exceptions too . For example some IP header can be changed
during the transit , and such can not be protected by AH . Its use can be combined with
Encapsulating Security Payload (ESP) , or it can be used through Tunnel Mode . The
difference betwen AH and ESP lies in the domain of coverage . For example ESP can not
cover IP header values .
11
Next Header is a set of 8 bit fields which defines next payload . Values are defined
through Assigned Numbers predefined from Internet Assign Numbers Authority (IANA)
Payload Length 8 bit field , which defines the length of AH . It is measured in 32 bit
words.
Reserved This field is reserved for future use, and therefore must be set to zero
Security parameters index (SPI ) Its length is 32 bit word , and the values are set
from 1-255 , defined and preset from IANA . In case that SPI value is zero (0) , it must be
used only for local network purposes , therefore should not be sent online . SPI together
with AH defines Security of a certain datagram .
Sequence Number Field Is also 32 bit field , and it hold the number of sequence sender
transmits . At the beginning it is always set to zero (0) . So the first package sent would
have the sequence number one (1) . Packet processing is defined in that way that sender
must always send this field with SN , but receiver is not obligated to accept it .
Authentication Data It is also 32 bit length and contains Integrity Check Value (ICV).
ICV is need for authentication of the packages .
Transport Mode In Transport Mode AH is inserted before and after Upper Layer Pro-
tocol or Header . In those cases we can talk about two different versions of implementations.
12
Figure 7: IPv6 - AH in Transport Mode
Tunnel Mode In Tunnel Mode, AH can be implemented in hosts and gateways. Here
we also apply Ipv4 and Ipv6 and illustrate different positioning.
It is also very important to mention Authentication Algorithms which are specified
by SA. Couple of algorithmscan be used, like e.g. those that are based on symmetric
encryption (DES) or the hash functions (MD5 or SH-1). Others besides those, can also be
used.
Security Parameters Index ( SPI Is a 32 bit in length, and together with ESP
defines security of a certain datagram.It uses the values 1-255 ,and in case that SPI value
13
Figure 9: Encapsulating Security Payload Packet Format
is zero (0) , it must be used only for local network purposes , therefore should not be sent
“online”. Basically works the same as SPI used for AH.
Sequence Number Just like in case of SPI , SN in ESP works exactly the same as in
the AH (allready mentioned above).
Payload Data is somewhat different in ESP , as it has not fixed value in length , and
it contains data for the Next Header field.
Pad Length Indicates number of pad bytes , and has values in range from 0-255 , where
0 means that no Padding bytes are present.
14
Next Header Is 8 bit field , that is used to indicated what type of data is currently in
Payload Data field .
Just the same way the AH is implemented in two modes (Tunnel , Transport ) , ESP
has the same capabilities .
Transport Mode In Transport Mode , ESP is being implemented after and before IP
header or Upper Layer Protocol . In this mode , we can also discuss two versions of
implementation :
Tunnel Mode ESP , just the same as AH can be employed in hosts or gateways .
ESP is designed to work both with Encryption and Authentication Algorithm’s . The
both are specified by SA , and the ones that are defined as mandatory to use are :
• DES in CBC mode
15
Figure 12: ESP in Tunnel Mode
16
• not being able to handle UDP/TCP traffic
• mapping timeouts
• not able to handle incoming/outgoing fragments
3. Helper issues
Helper functionalities in case of IPSec-NAT include :
There are couple of allready existing solutions to this problem , solutions like RSIP ,
so called 6to 4 , in Tunnel Mode solutions like : IPSec ESP , No Address Validation , No
Fragmentation , Active Sessions, Single Client Operation , Any to Any SPD entries .
There are also many security considerations in that IPSec-Nat compatibility require-
ment . Many problems are created from basic principles of IPSec , which should be able to
process IP headers that are not encrypted or protected by any cryptography algorithm’s.
This means that IPSec-Nat usage is not able to process AH , AH cannot pass through
IPSec-NAT, so in this case ESP should be use , but ESP with no encryption.The flaud in
this system is , that ESP with zero encryption does not provide the same security as AH
does.
17
Figure 13: VPN Gateway
IPSec’s tunnel mode. Other standards that many VPN devices apply are X.509 certifi-
cates, the Lightweight Directory Access Protocol (LDAP), and RADIUS for authentication.
A firewall protects your network from unwanted visitors and allows only VPN users.
Most VPN Packages do not implement firewalls directly, but they are an Integral part of
a VPN. Packet filtration firewall is the most common firewall, which blocks specified IP
Services from crossing the gateway router.
Authentication techniques ensure that the correct user or host is accessing the network,
which is essential to VPNs. Authentication is analogous to ”logging in” to a system with a
username and password. The shared key system, the Challenge Handshake Authentication
Protocol (CHAP) and RSA are the most common authentication systems used for VPN.
18
change, much of the basic framework has been good enough for companies to finalize, test
and distribute their VPN products.
There are two encryption modes that are supported by IPSec: transport mode and
tunnel mode. The transport mode is used for the protection of the payload portion of each
packet, while the tunnel mode is applied for the encryption of both the header and payload.
Obviously the tunnel mode provides more security, as it protects the identity of both of
the sender and receiver, not only that it hides also certain other IP fields that may give
a middleman useful information. Thus transport mode is perfectly suited for providing
end-to-end security, whereas tunnel mode is perfectly suited for providing protection to
transient traffic.
For working with IPSec properly, it is recommended that all devices must share a com-
mon key. Even though the protocols used to cipher the important data of the system are
used, the engineers have done also great work for the authentication and exchange of keys
by the sender and the receiver. For this purpose public digital certificates have been used
to create and swap keys which are achieved through the IKE protocol and the X.509 digital
certificate system.
IPSec-protected datagrams are themselves IP datagrams. For this reason IPSec can
be used serially and recursively, allowing for hub-and-spoke deployments, or end-to-end
IPSec-secured packets being tunneled through an IPSec-protected VPN.
If IPSec is used with a Bastion host or screening host, the performance of the network
could be badly affected. Bastion has some failure for protecting the traffic which leads
this host to a substandard method for network security. It has also many limitations for
using the algorithms like random number generation, key exchange and strong payload
encryption. Further, Bastion host uses general-purpose microprocessor to handle these
algorithms in software, while specialized hardware is used for the same task as suitable
solutions placed in an organizations gateway.
There are many other network security systems that provide security in higher-level com-
munications. Point-to-point tunneling protocol (PPTP) is one of them. These solutions are
still much focused and complex, and requires depth knowledge to configure and maintain
them. IPSec is more flexible and powerful which makes it the standards-based replacements
for PPTP.
19
4.3 Building and Implementation of IPSec into VPN
IPSec can be applied in IP processing by adding an extra step. A packet may or may
not require IPSec. If IPSec is not required the packet is forwarded to the next step in IP
processing. If IPSec is required the packet is encapsulated and then sent back through IP
processing where it is decided if another IPSec encapsulation may be required or not. This
simple method is used for describing various deployment scenarios.
A simple policy language is used for describing the policy that applied for the implemen-
tation of each configuration scenario. IPSec is implemented probably by using a different
grammar to specify configuration, like solely graphical or solely command-line based or a
mix of two. No matter how a particular device is configured, the information that needs
to be configured should remain same.
A policy must be defined by identifying which traffic is to protect, with whom it should
be protected, how it should be protected, and lastly how an authenticated connection with
our remote peer is build up. To make our policy pseudo language simple but powerful, we
will use:
• two methods of authentication with IKE: pre-shared keys and RSA signatures
which indicates what traffic to protect, to whom, how to protect it, and how to speak IKE.
• permit selector
• deny selector
Now we shall define the configuration options themselves. What to protect consists of
a selector which identifies a flow:
20
selector: address ¡– –¿ address [ ULP [port]]
This describes a policy to protect all traffic between the 192.168.0.0/16 network and
the 10.10.1.0/24 network using ESP with HMAC-SHA and CAST in tunnel mode with a
peer gateway at gateway 172.16.20.1, and to speak IKE with AES, SHA, pre-shared keys
and the Diffie-Hellman group with the 1536 bit prime modulus.
21
Policy to allow traffic from 128.220.230.1 to 10.20.0.35 and deny everything else would
be:
permit 128.220.230.1 ←→10.20.0.35
deny 0.0.0.0 ←→ 0.0.0.0
5 Disadvantages of IP Security
The reliance on public keys security is major minus for IPSec security , especially in the
case when users do not pay attention to the management of them. IPSec can also over-
whelm the traffic , for exp in case of using VPN concentrators .
• Trying to encrypt small packages can overwhelm network traffic , and create bottle-
neck
• Key exchange can also present itself as a problem . Exp DES Algorithm is subjective
to brute force attacks
I above mentioned complexity can lead to a major flauds in system . Exp usage of
IPSec-NAT , can be also described as one disadvantage of IPSec . Because of its large
compatibility requirements and incompatibilities, can be considered as minus in IP security
. The greatest minus in IPSec-NAT usage lies in usage of other encryption methods .
There is also a problem when using Firewall with IPSec , which is in most of cases pointless
( one defeats the other ) , except in the case when the Firewall is used along side the IPSec
like decryption .
22
References
[AD04] B. Aboba and W. Dixon. IPsec-Network Address Translation (NAT) Compatibil-
ity Requirements. Available online at ftp://ftp.rfc-editor.org/in-notes/
rfc3715.txt, March 2004.
[Aie] Dan Aiello. A criticism of IPv6. Available online at http://tech.hellyeah.
com/display_doc.phtml?id=28.
[Atk95a] R. Atkinson. IP Authentication Header. Available online at http://rfc.net/
rfc1826.html, August 1995.
[Atk95b] R. Atkinson. IP Encapsulating Security Payload (ESP). Available online at
http://rfc.net/rfc1827.html, August 1995.
[Bro06] Stuard Brown. Ip Assignment, Per Capita. Available online at http://
www.modernlifeisrubbish.co.uk/article/ips-assigned-per-capita, July
2006.
[DH98] S. Deering and R. Hinden. Internet Protocol, Version 6 Specification. Available
online at http://tools.ietf.org/html/rfc2460, December 1998.
[DH03] Naganand Doraswamy and Dan Harkins. IPSec: The New Security Standard for
the Internet, Intranets, and Virtual Private Networks, Second Edition . Prentice
Hall PTR, 2003.
[Inc05] Javvin Technologies Inc. Network Protocols Handbook, 2005.
[IPs] IPsec for dummies. Available online at http://people.freebsd.org/~julian/
IPSEC_4_Dummies.html.
[JPA04] D. Johnson, C. Perkins, and J. Arkko. Mobility Support in IPv6. Available
online at http://tools.ietf.org/html/rfc3775, June 2004.
[KA98a] S. Kent and R. Atkinson. IP Authentication Header. Available online at http:
//rfc.net/rfc2402.html, November 1998.
[KA98b] S. Kent and R. Atkinson. IP Encapsulating Security Payload (ESP). Available
online at http://rfc.net/rfc2406.html, November 1998.
[Koz05] Charles M. Kozierok. IPsec modes: transport and tunnel. Available online at
http://www.tcpipguide.com/free/t_IPSecModesTransportandTunnel.htm,
September 2005.
[Mic05a] Microsoft. IPsec Transport Mode. Available online at
http://technet2.microsoft.com/windowsserver/en/library/
c3a956bf-704b-4980-9655-762985e380f61033.mspx?mfr=true, January
2005.
23
[Mic05b] Microsoft. IPsec Tunnel Mode. Available online at
http://technet2.microsoft.com/windowsserver/en/library/
12eb6a6f-25cb-4af4-a659-59d9ff8de3361033.mspx?mfr=true, January
2005.
[Sri99] P. Srisuresh. Security Model with Tunnel-mode IPsec for NAT Domains. Avail-
able online at http://rfc.net/rfc2709.html, Oktober 1999.
[SWE99] Charlie Scott, Paul Wolfe, and Mike Erwin. Virtual Private Networks, Second
Edition. O’Reilly, 1999.
24