IPsecIPsec IPsec (IP security)IPsec (IP security) Security for transmission over IP Security for transmission over IP

networksnetworks• The InternetThe Internet

• Internal corporate IP networksInternal corporate IP networks

• IP packets sent over public switched IP packets sent over public switched data networks (PSDN)data networks (PSDN)

LocalNetwork

Internet LocalNetwork

IPsecIPsec Why do we need IPsec?Why do we need IPsec?

• IP has no securityIP has no security• Add security to create a Add security to create a virtual virtual

private network (VPN)private network (VPN) to give to give secure communication over the secure communication over the Internet or another IP networkInternet or another IP network

LocalNetwork

Internet LocalNetwork

IPsecIPsec

GenesisGenesis• Being created by the Internet Being created by the Internet

Engineering Task ForceEngineering Task Force• For both IP version 4 and IP version 6For both IP version 4 and IP version 6

IPsecIPsec

Two Two ModesModes of operation of operation Tunnel ModeTunnel Mode

• IPsec serverIPsec server at each site at each site

• Secures messages going through the Secures messages going through the InternetInternet

LocalNetwork

Internet LocalNetwork

Secure Communication

IPsecServer

IPsecIPsec

Tunnel ModeTunnel Mode• Hosts operate in their usual wayHosts operate in their usual way

Tunnel mode IPsec is Tunnel mode IPsec is transparenttransparent to the to the hostshosts

• No security within the site networks No security within the site networks

LocalNetwork

Internet LocalNetwork

Secure Communication

IPsecServer

IPsecIPsec Two Modes of operationTwo Modes of operation Transport ModeTransport Mode

• End-to-end securityEnd-to-end security between the between the hostshosts

• Security within site networks as well Security within site networks as well • Requires hosts to implement IPsecRequires hosts to implement IPsec

LocalNetwork

Internet LocalNetwork

Secure Communication

IPsecIPsec

Transport ModeTransport Mode• Adds a Adds a security headersecurity header to IP packet to IP packet• AfterAfter the main IP header the main IP header• Source and destination addresses of Source and destination addresses of

hosts can be learned by interceptorhosts can be learned by interceptor• Only the original data field is protectedOnly the original data field is protected

ProtectedOriginal Data Field

OriginalIP Header

TransportSecurityHeader

IPsecIPsec Tunnel ModeTunnel Mode

• Adds a Adds a security headersecurity header beforebefore the the original IP headeroriginal IP header

• Has IP addresses of the source and Has IP addresses of the source and destination IPsec servers only, not destination IPsec servers only, not those of the source and destination those of the source and destination hostshosts

• Protects the main IP header Protects the main IP header

ProtectedOriginal Data Field

ProtectedOriginal

IP Header

TunnelSecurityHeader

IPsecIPsec Can combine the two modesCan combine the two modes

• Transport mode for end-to-end Transport mode for end-to-end securitysecurity

• Plus tunnel mode to hide the IP Plus tunnel mode to hide the IP addresses of the source and addresses of the source and destination hosts during passage destination hosts during passage through the Internetthrough the Internet

LocalNetwork

Internet LocalNetwork

Tunnel Mode Transport Mode

IPsecIPsec Two forms of protectionTwo forms of protection Encapsulating Security Protocol (ESP)Encapsulating Security Protocol (ESP)

security provides security provides confidentialityconfidentiality as well as as well as authenticationauthentication

Authentication Header (AH)Authentication Header (AH) security security provides provides authenticationauthentication but but not not confidentialityconfidentiality• Useful where encryption is forbidden by lawUseful where encryption is forbidden by law• Provides slightly better authentication by Provides slightly better authentication by

providing authentication over a slightly larger providing authentication over a slightly larger part of the message, but this is rarely decisive part of the message, but this is rarely decisive

IPsecIPsec

Modes and protection methods can Modes and protection methods can be applied in any combinationbe applied in any combination

Tunnel Tunnel ModeMode

Transport Transport ModeMode

ESPESP SupportedSupported SupportedSupported

AHAH SupportedSupported SupportedSupported

IPsecIPsec Security Associations (SAs)Security Associations (SAs) are are

agreements between two hosts or agreements between two hosts or two IPsec servers, depending on two IPsec servers, depending on the modethe mode

““Contracts” for how security will be Contracts” for how security will be performedperformed

NegotiatedNegotiated

Governs subsequent transmissionsGoverns subsequent transmissions

Host A Host B

NegotiateSecurity Association

IPsecIPsec Security Associations (SAs) can be Security Associations (SAs) can be

asymmetricalasymmetrical• Different strengths in the two Different strengths in the two

directionsdirections• For instance, clients and servers may For instance, clients and servers may

have different security needshave different security needs

Host A Host B

SA for messagesFrom A to B

SA for messagesFrom B to A

IPsecIPsecPoliciesPolicies may limit what SAs can be may limit what SAs can be

negotiatednegotiated• To ensure that adequately strong SAs To ensure that adequately strong SAs

for the organization’s threatsfor the organization’s threats• Gives uniformity to negotiation Gives uniformity to negotiation

decisionsdecisions

Host A Host B

Security AssociationNegotiations Limited

By Policies

IPsecIPsec First, two parties negotiate First, two parties negotiate IKE IKE

(Internet Key Exchange)(Internet Key Exchange) Security Security AssociationsAssociations• IKE is IKE is not IPsec-specificnot IPsec-specific• Can be used in other security Can be used in other security

protocolsprotocols

Host A Host BCommunication

Governed byIKE SA

IPsecIPsec

Under the protection of Under the protection of communication governed by this IKE communication governed by this IKE SA, negotiate SA, negotiate IPsec-specificIPsec-specific security security associationsassociations

Host A Host BCommunication

Governed byIKE SA

IPsec SA Negotiation

IPsecIPsec Process of Creating IKE SAs (and other Process of Creating IKE SAs (and other

SAs)SAs)

• Negotiate security parameters within Negotiate security parameters within policy limitationspolicy limitations

• Authenticate the parties using SA-agreed Authenticate the parties using SA-agreed methodsmethods

• Exchange a symmetric session key using Exchange a symmetric session key using SA-agreed methodSA-agreed method

• Communicate securely with Communicate securely with confidentiality, message-by-message confidentiality, message-by-message authentication, and message integrity authentication, and message integrity using SA-agreed methodusing SA-agreed method

IPsecIPsec

IPsec has IPsec has mandatory security mandatory security algorithmsalgorithms

• Uses them as Uses them as defaultsdefaults if no other if no other algorithm is negotiatedalgorithm is negotiated

• Other algorithms may be negotiatedOther algorithms may be negotiated

• But these mandatory algorithms But these mandatory algorithms MUSTMUST be supportedbe supported

IPsecIPsec

Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement• To agree upon a symmetric session key To agree upon a symmetric session key

to be used for confidentiality during this to be used for confidentiality during this sessionsession

• Also does authenticationAlso does authentication

Party A Party B

IPsecIPsec

Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement• Each party sends the other a Each party sends the other a noncenonce

(random number)(random number)• The nonces will almost certainly be The nonces will almost certainly be

differentdifferent • Nonces are not sent confidentiallyNonces are not sent confidentially

Party A Party BNonce B

Nonce A

IPsecIPsec Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement

• From the different nonces, each party From the different nonces, each party will be able to compute the same will be able to compute the same symmetric session key for subsequent symmetric session key for subsequent useuse

• No No exchangeexchange of the key; instead, of the key; instead, agreementagreement on the key on the key

Party A Party B

Symmetric Key Symmetric KeyFrom nonces,

independently computesame symmetric

session key