Etiketler

5 Ocak 2014 Pazar

IPsec


 IPSec is a bundle of protocols and algorithms defining a flexible framework in which it is the user who selects the actual parameters of the algorithms and methods to be used. As a result, one should assume that two IPSec implementation instances are not necessarily identical.
IPsec is defined in RFC 2401 to 2411 and 2451.

 In a communications network, security has a few different aspects, the most important being:
Authentication
Making sure that the data received is indeed coming from the expected partner
(avoiding unauthorized sources to transmit data to a station)
Integrity
Making sure that the data received is indeed what was transmitted by the source
(avoiding modifications to the data by unknown parties, executed while the data traveled from source to destination)
Rejection of replayed data
Making sure that receivers identify and discard packets that have been already received
(avoiding multiple executions of same command, generated by unknown parties)
Confidentiality
Making sure that nobody “listens and understands” the data on its way from source to destination

 IPsec addresses all the above services and defines the necessary tools for their provision.
The basic idea of IPsec is to “mark” packets before being injected into the communications network, and use this “mark” at the receiving side in order to decide whether the packet arrived from the correct source (authentication), whether the packet content is exactly the one generated by the source, without any modifications (integrity) and whether the packet is not a replay of one of the previous packets, already received (rejection of replayed data).
In addition, IPsec also defines a framework for data encryption ensuring that potential “listeners” in the network would not be able to understand the information carried in the packet (confidentiality).
The “marking” process results in new fields being added to the packet to be protected.
The "marking" of the packets before their transmission may be executed by:
- the user computer (client), or by
- the ingress edge router (the first router met by the transmitted packet, the router connecting the user to the communications network)
When the user computer is the one marking the transmitted packets, it is said that IPsec is used in “transport mode”.
When the ingress router is doing the job on behalf of the user (acting as a proxy IPsec entity), it is said that IPsec is used in “tunnel mode”.


Authentication / Integrity Check Principles
Authentication and integrity check processes are based on the addition to the packet to be protected of an Integrity Check Value (ICV) field allowing the receiving party to be sure that:
a.- The packet was indeed sent by the expected partner (authentication)
b.- The packet has not been modified (tampered with) during its trip through the network (integrity check)
Generating and Using the ICV
Observations:
1.- Messages encrypted with a specific key can be correctly decoded ONLY by using the same key.
2.- A decoding process using a specific key, applied to a message encrypted with a different key, results in a message different than the original one.
Generic Authentication Process  Transmission
ICV is the result of two consecutive processes executed to the packet to be protected.
- step 1 - A hash value is calculated for the packet to be protected.
- step 2 - The hash value obtained in step 1 is encrypted using a secret key, generating the ICV value to be added to the packet.



IP Sec Marking Location and Protection Areas

Depending on the specific IP Sec protocol used, and the selected mode (transport or tunnel), IP Sec marking appears in different locations in the protected packet.
When authentication is used, the marking protects the whole packet.
When confidentiality marking is used, the transport and tunnel mode provide different types of services.
In transport mode the encryption process is executed by the end station, and routers in the network are expected to route the encrypted packet toward its destination.
As a result, the encrypting station cannot encrypt the IP header, as it includes the vital information needed by routers for correct operation. The only part that can be protected in this case is the payload itself (the upper layers).
In tunnel mode the encryption process is executed by the ingress router, and the resulting packet is sent via the network to another router (the other end of the tunnel) as indicated in a NEW IP header, added by the ingress router.

As a result, the ingress router can encrypt the whole original packet (payload and original IP addresses). Both authentication and confidentiality services are based on packet marking executed at transmission site, followed by decoding executed at the receiving site.

Security Associations (SA)

Obviously, the receiving party should be aware of the marking executed by the transmitting party. The two parties, have to enter into a logical relationship, known as a “Security Association (SA)”, where the actual parameters regarding the algorithms and keys to be used are agreed.
Security Associations are unidirectional.
In a bi-directional link in which both directions have to be protected by IPsec, there will be two Security Associations: A-to-B and B-to-A.
Security Associations are uniquely identified by fields present in the protected packet, allowing the receiving party to associate a received packet to a specific Security Association and (as a result) to activate the correct algorithms for its processing.


IPSec consists of 3 major parts:

1.- AH - Authentication Header protocol (RFC 2402): Provides marking for authentication, integrity and replay protection

2.- ESP - Encapsulating Security Payload (RFC 2406): Provides marking for authentication, integrity and replay protection as well as for confidentiality. As both authentication and encryption algorithms imply the use of encryption keys, one more element is needed; a protocol to handle the encryption key selection and other administrative issues related to the creation and maintenance of a Security Association between nodes.
3.- IKE - Internet Key Exchange (RFC 2409) : Establishes and maintains Security Associations.
AH - Authentication Header protocol (RFC 2402)


- Next header - type of next payload
- Payload length
- SPI - Arbitrary value that, together with the IP DA of the packet, identifies the actual Security Association (SA) to which the packet belongs.
- Stations identify the SA to be used for the processing of an incoming packet, based on:
- IP DA
- SPI
- security service (as indicated by the "protocol” value in the field preceding the security header – AH or ESP)
- Sequence number - avoids replay of the packet
- Authentication data - includes Integrity Check Value (ICV), used to authenticate the packet
ESP - Encapsulating Security Payload (RFC 2406)


- SPI - Arbitrary value that, together with the IP DA of the packet, identifies the actual Security Association (SA) to which the packet belongs.
- Stations identify the SA to be used for the processing of an incoming packet, based on:
- IP DA
- SPI
- security service (as indicated by the ‘protocol” value in the field preceding the security header - AH or ESP)
- Sequence number - avoids replay of the packet .
- Pad length
- Next header - type of payload in the packet .
- Authentication data - includes Integrity Check Value (ICV), used to authenticate the packet.


IKE - Internet Key Exchange protocol (RFC 2409)
The purpose of the IKE protocol is to negotiate the protection parameters (protocols, keys, keys life time, etc.) to be used by the partners.
IKE is a protocol built as a combination of

- ISAKMP (Internet Security Association and Key Management Protocol) defined by NSA (National Security Agency) for the negotiation of the SA parameters, and
- OAKLEY protocol, based on Diffie-Hellman, for the selection of the encryption keys
For an effective protection of the data, the parameters negotiation should be itself protected.
IKE defines therefore two different phases:
- Phase 1 - Creates a protected environment (an SA) between the partners, to protect the negotiation of the authentication and encryption parameters to be used in the actual data transfer phase.
Phase 1 can be executed either via the Main Mode protocol (MM) or via the Aggressive Mode protocol (AM).
- Phase 2 - Partners negotiate the protection parameters to be used in the data transfer phase. The negotiation is protected by the elements defined in phase 1.
Phase 2 is executed through the protocol known as the Quick Mode.
Phase 1 Main Mode concept:
- Step a - One party sends an offer including all the parameters needed to define a Security Association (SA), EXCEPT the keys.
Receiving party answers with the selected parameters.
- Step b - Parties exchange their public keys and some random sequences (nonce) to be used in step c.
- Step c - Using the keys and nonces exchanged in step b, parties authenticate each other.
At the end of these three steps, the two partners have been authenticated, and keys have been generated for the protection of the messages to be exchanged in Phase 2.
At the end of Phase 2, all the parameters and the keys necessary for operation are defined, and partners can start the actual data transfer phase, generating AH or ESP protected packets.

Source :
www.sorin-schwartz.com   by Sorin M. SCHWARTZ
Paul Asadoorian
Interpeak
http://www.openbsd.org/faq/faq13.html – OpenBSD Doc
http://www.freeswan.org/ – Linux IPsec Support
http://www.ietf.org/html.charters/ipsec-charter.html – All RFC's &
Drafts
http://www.cisco.com/warp/public/105/IPSECpart1.html – Intro from
Cisco
http://www.counterpane.com/ipsec.pdf – An eval of IPsec