1

IP Security

(IPSec)

Thomas Lee

Chief Technologist –QA

thomas.lee@qa.com

2

Agenda

What is IPSec?

How does IPSec Work?

Configuring/Using IPSec

Issues

Best Practices

Resources

3

What is IPSec?

Framework of open standards for ensuring private, secure

communications over Internet Protocol (IP) networks

IPSec provides authenticated and encrypted traffic between hosts

at the IP protocol level

Provides aggressive protection against private network and Internet

attacks through end-to-end security.

Protects communication between workgroups, local area network

computers, domain clients and servers, branch offices (which

might be physically remote), extranets, and roving clients.

IPSec is the long-term direction for secure networking

4

IPSec Objectives

To protect the contents of IP packets.

To provide a defense against network attacks through

packet filtering

To enforce trusted communication based on either local

or central policy

These objectives are met through the use of

cryptography-based protection services, security

protocols, dynamic key management and Windows

Group Policy.

5

Why IPSec?

IPv4 not designed with security in mind

Attacks possible with IPv4• Eavesdropping

• Data modification

• Identity spoofing (IP address spoofing)

• Denial-of-service attack

• Man-in-the-middle attack

These can be avoided by use of IPSec

6

IPSec Protection

Eavesdropping• The Encapsulating Security Payload (ESP) protocol in IPSec provides data

confidentiality by encrypting the payload of IP packets

Data modification • Cryptography-based keys, shared only by the sending and receiving computers,

are use to create a cryptographic checksum for each IP packet. • Modification of the data alters the checksum, which indicates to the receiving

computer that the packet was modified in transit

Identity spoofing• IPSec allows verification of identities without exposing that information to an

attacker. • Mutual authentication establishes trust between the hosts.

Man-in-the-middle attacks • IPSec combines mutual authentication with shared, cryptography-based keys.

Denial-of-service attacks • IPSec uses IP packet filtering allow, secure, or block traffic based on IP address

ranges, IP protocols, or even specific TCP/UDP ports.

7

Agenda

What is IPSec?

How does IPSec Work?

Configuring/using IPSec

Issues

Best Practices

Resources

8

filtersfiltersfiltersfilters

How Components Interacts?

Internet Key Exchange (IKE) - Identity Protect Mode – defined in RFC 2409 Phase 1 “Main Mode” establishes IKE SA – trusted channel between systems, negotiation establishes

encrypted channel, mutual trust, and dynamically generates shared secret key (“master” key) Phase 2 “Quick Mode” establishes IPSec SAs – for data protection, one SA for each direction identified by

packet label (SPI), algorithms and packet formats agreed, generates shared “session” secret keys derived from “master” key

NICNIC

TCPIPTCPIP

ApplicationApplicationServer or GatewayServer or Gateway

IPSecIPSecDriverDriver

IPSecIPSecPolicyAgentPolicyAgentIKE (ISAKMP)IKE (ISAKMP)

IPSecIPSecDriverDriver

IPSecIPSecPolicy Policy AgentAgent IKE (ISAKMP)IKE (ISAKMP)

NICNIC

TCPIPTCPIP

Application/ServiceApplication/Serviceclientclient

““IKE Responder”IKE Responder”““IKE Initiator”IKE Initiator”

UDP port 500 UDP port 500 negotiationnegotiation 1 IKE SA 1 IKE SA

2 IPSec SAs2 IPSec SAs

IP protocol 50/51IP protocol 50/51

9

IPSec Policy

One Active IPSec Policy• Multiple IPSec Policies can be defined

Policy Consists of• ISAKMP Policy

• IPSec rules– An IPSec policy can have many rules

IPSec Rules• Filter – identifies the traffic to secure/drop/etc

• Filter action – drop, deny, authenticate, encrypt

• Authentication, encryption, etc

10

IPSec Policy Components

Polling interval used to detect changes

in policy

IKE parameters, such as encryption key

lifetimes.

IPSec behavior for the policy

The types of traffic to which an action is

applied

Permit, block, or secure

Kerberos, certificate, or preshared key

LAN, Dialup, or both

11

IPSec packet filtering

Filters allow and block traffic Filters can overlap

• Most specific match determines action

NO stateful inspection

Example: to open only port 80 on the IIS:

From IP To IP Protocol Src Port Dest Port Action

Any My Internet IP Any n/a n/a Block

Any My Internet IP TCP Any 80 Permit

12

Negotiation of Protection

Require two messages

• Initiator to Responder : (contains proposals)

• Responder to Initiator: (contains a selected proposal)

• Details later!

Protection suites:

Attribute Attribute Value

Encryption algorithm DES, 3DES, Null

Integrity algorithm MD5, SHA-1, Null

Authentication method Kerberos, preshared key, certificate

Diffie-Hellman group Group 1 (768-bit), Group 2 (1024-bit)

13

IPSec Modes

Transport mode• Used for IPSec peers doing end-to-end security

• Provides protection for upper-layer protocol data units (PDUs)

Tunnel mode• Used by network routers to protect IP datagrams passing

across insecure network

• Provides protection for entire IP datagrams

14

Security Associations

Combination of mutually agreed security services, protection

mechanisms, and cryptographic keys

ISAKMP SA

IPSec SAs

• One for inbound traffic

• One for outbound traffic

Security Parameters Index (SPI)

• Helps identify an SA

Creating SAs

• Main Mode for ISAKMP SA

• Quick Mode for IPSec SAs

15

Agenda

What is IPSec?

How does IPSec Work? (at the packet level!)

Configuring/using IPSec

Issues

Best Practices

Resources

16

Internet Key Exchange

How IPSec peers establish SAs

Combines ISAKMP and the Oakley Key

Determination Protocol• ISAKMP is used to identify and authenticate peers, manage

SAs, and exchange key material

• Oakley Key Determination Protocol is used to generate secret key material for secure communications (Diffie-Hellman key exchange algorithm)

17

ISAKMP Message Structure

IP header ISAKMP payloads

UDP message

IP datagram

UDP header

ISAKMPheader

ISAKMP uses UDP source/destination port 500

18

ISAKMP Header

Initiator CookieResponder Cookie

Next PayloadMajor VersionMinor Version

Exchange TypeFlags

Message IDLengthA

19

ISAKMP Payloads

SA

Proposal

Transform

Vendor ID

Nonce

Key Exchange

Notification

Delete

Identification

Hash

Certificate Request

Certificate

Signature

20

IPSec Headers

IPSec Headers live inside IP datagrams and define

IPSec contents

Authentication Header (AH)• Provides data origin authentication, data integrity, and

replay protection for the entire IP datagram

Encapsulating Security Payload (ESP)• Provides data origin authentication, data integrity, replay

protection, and data confidentiality for the ESP-encapsulated portion of the packet

21

AH Transport Mode

IP Upper layer PDU

IP AH

Authenticated

Upper layer PDU

22

AH Tunnel Mode

AH

Authenticated

IP

IP

IP (new)

Upper layer PDU

Upper layer PDU

23

Next HeaderPayload Length

ReservedSecurity Parameters Index

Sequence NumberAuthentication Data

Payload

. . .

Authentication Header (AH)

. . .

24

ESP Transport Mode

IP ESP ESPAuthData

Encrypted

Authenticated

IP Upper layer PDU

Upper layer PDU

25

ESP with AH Transport Mode

IP ESP ESPESPAuth

Encrypted

Authenticated with AH

IP

AH

Upper layer PDU

Upper layer PDU

Authenticated with ESP

26

ESP Tunnel Mode

IP (new) ESP ESPAuthData

IP

Encrypted

Authenticated

IP Upper layer PDU

Upper layer PDU

27

Security Parameters IndexSequence Number

Payload

PaddingPadding Length

Next Header

Authentication Data

. . .

. . .

. . .

ESP Header and Trailer

28

Internet Key Exchange

Standard that defines a mechanism to establish SAs

Combines ISAKMP and the Oakley Key

Determination Protocol• ISAKMP is used to identify and authenticate peers, manage

SAs, and exchange key material

• Oakley Key Determination Protocol is used to generate secret key material for secure communications (Diffie-Hellman key exchange algorithm)

29

Main Mode Negotiation

Phases of main mode negotiation:

1. Negotiation of protection suites

2. A Diffie-Hellman exchange

3. Authentication

Six ISAKMP messages• 1, 2 – all authentication types

• 3, 4, 5, and 6 - vary by Authentication type

30

Authentication in MM Negotiation

Kerberos Authentication• Kerberos Tokens exchanged and validated

Certificate Authentication• Certificates and signatures exchanged and validated

Preshared Key Authentication• Hash payloads exchanged and validated

31

Main Mode Negotiation Messages

Message 1• Sent by initiator

• Contains proposed security association details, vendor ID

Message 2• Sent by responder

• Contains acceptable SA proposal, vendor ID

These messages negotiate:• Encryption (DES, 3DES)

• Identity Algorithm (MD5, SHA-1)

• Authentication Method (Kerberos, Pre-shared key, Certificate)

• Diffie-Hellman group (768-bit, 1024-bit, 2048-bit)

32

Main Mode – Kerberos Authentication

Message 3 - Sent from initiator• Contains key exchange, Nonce, initiator’s Kerberos Token, NAT

Discovery information

Message 4 - Sent from responder• Contains key exchange, Nonce, responder’s Kerberos Token ,

NAT Discovery information

Message 5 - Sent from initiator (encrypted)• Contains identification (of initiator), plus hash

Message 6 - Sent from responder (encrypted)• Contains identification (of responder), plus hash

33

Main Mode – Certificate Authentication

Message 3 - Sent from initiator• Contains key exchange, Nonce, NAT Discovery information

Message 4 - Sent from responder• Contains key exchange, Nonce, NAT Discovery information

• Also contains certificate request (list of trusted root CAs)

Message 5 - Sent from initiator (encrypted)• Contains Initiator’s Certificate, signature

Message 6 - Sent from responder (encrypted)• Contains Responder’s certificate, signature

34

Main Mode – Pre-Shared Key Authentication

Message 3 - Sent from initiator• Contains Key Exchange, Nonce, NAT Discovery

Message 4 - Sent from responder• Contains Key Exchange, Nonce, NAT Discovery

Message 5 - Sent from initiator (encrypted)• Contains Identification (of initiator), hash

Message 6 - Sent from responder (encrypted)• Contains Identification (of responder), hash

35

Quick Mode Negotiation

Four ISAKMP messages to determine traffic to be

secured and how it is secured

Initiator and responder exchange:• SA payloads (how to secure traffic)

• Identification payloads (the traffic to secure)

36

IPSec On the WireIPSec On the WireOrOr

Fun With NetMon!Fun With NetMon!

Demo

37

Agenda

What is IPSec?

How does IPSec Work?

Configuring/Using IPSec

Issues

Best Practices

Resources

38

Issues with IPSec

Need for machine certificates

Interoperability

Performance/Overhead

NAT traversal

39

Need for Machine Certificates/Keys

IPSec is based on machine to machine communication• User credentials not used

• You therefore need machine certificates

For Kerberos• Machine is the security principal

• Only works for Windows 2000/2003/XP

For Certificate based authentication• How to manage/deliver certificates

40

Performance/Overhead

IPSec incurs three sets of overhead:• Startup

• Wire protocol overheads

• Speed of encryption

Start up over-head• Main Mode – 6 packets

• Quick Mode – 10 packets

41

Wire Protocol Overhead

Mode Inbound Outbound Total Bytes

Normal IP Traffic 2,084,031 94,646,227 96,730,257

AH Traffic 2,700,627 96,174,275 98,874,902

ESP Traffic 2,867,099 96,941,132 99,808,231

AH Overhead 616,596 1,528,048 2,144,645

ESP Overhead 783,068 2,294,905 3,077,974

% AH Overhead 29.59% 1.61% 2.22%

% ESP Overhead 37.57% 2.42% 3.18%

42

IPSec Hardware Acceleration

IPSec per-packet hardware acceleration for 10/100 Ethernet

Client/Svr cards retail circa $100

3Com• 3CR990B-97 - 10/100 UTP• 3CR990B-FX-97 – 10/100 Fiber • Wire Speed IPSec• Max 75 SAs supported• http://www.3com.com/other/pdfs/products/en/400833.pdf

- Or -• http://tinyurl.com/3er3f

Intel• Intel® PRO/100 S Desktop/Server• http://www.intel.com/network/connectivity/resources/doc_library/

documents/pdf/intel_ipsec_final.pdf- Or -

• http://tinyurl.com/37hcn

43

XP IPSec Performance Improvements

Doubled number of new SAs per minute

Reliable delete handling in IKE

Doubled packet filtering speed (throughput)

Client LDAP retrieval of AD policy 5 times faster than Windows

2000

Both Intel and 3Com 32bit x86 10/100Ethernet offload support

shipping in the box

44

IPSec NAT-T

Network Address Translators (NATs) invalidate

IPSec packet protections

IPSec NAT Traversal (NAT-T):• Encapsulates ESP-protected payloads with a UDP header

• Defines additional Main Mode payloads to detect IPSec NAT-T-capable peers and whether either is behind a NAT

• Defines an additional Quick Mode payload to indicate untranslated addresses

• Allows ESP-protected traffic to traverse a NAT

45

Agenda

What is IPSec?

How does IPSec Work?

Configuring/Using IPSec

Issues

Best Practices

Resources

46

Scripting

NETSH –C IPSEC – with Windows Server 2003

Netsh IPsec

No dump command • It is included

• It does nothing!

Help text has few examples

Error messages generally totally unhelpful

Lots of trial and error seems to be needed!

47

Best Practices

Establish an IP Security deployment plan

Avoid Pre-shared keys

Configuration of certificate requests

Script, script, script