Multilayer Security Architecture for Internet Protocols

Muhammad Nasir Mumtaz BhuttaCentre for Communication Systems Research

University of SurreyGuildford, Surrey

GU2 7XHEmail: [email protected],

Tel: 01483 68 3036

www.surrey.ac.uk

Multilayer Security Architecture for Internet

Protocol (ML-IPSec)

1 October, 2010

www.ee.surrey.ac.uk/CCSR2

• Demonstrate “Security Architecture for Internet Protocol” (IPSec) protection model.

• Highlight the limitations of IPSec. • Demonstrate the working or ML-IPSec. • Demonstrate the detailed experiment

plans.

Objectives


Introduction

• Security Architecture for Internet Protocol (IPSec) provides security services at IP layer in protocol stack.

• All upper layers than IP layer can get security services without reengineering the applications.

• IPSec operates in two modes, tunnel and transport, to secure path(s) between communicating nodes.


Path(s) Security

• Between Pairs of Gateways– Gateways need to implement IPSec.– Works in Tunnel Mode (complete IP

packet is protected & new IP header is appended).

– Different source and destination addresses in dual IP headers.

Protected Subnet

Tunnel EndpointGateway

Un Protected SubnetIPSec Tunnel

Tunnel EndpointGateway

Protected Subnet


Path(s) Security

• Between Pair of Hosts– End nodes need to implement IPSec. – Works in Transport Mode (Upper layers

headers and IP data are protected). – IP addresses are unchanged.

Un Protected SubnetIPSec Tunnel OR Transport mode

Protected EndpointProtected Endpoint


Path(s) Security

• Between Host and Gateway– Both end hosts and gateways implement

IPSec. – Usually works in tunnel mode to take

benefits of hiding external characteristics of communication.

Un Protected SubnetIPSec Tunnel

Protected Endpoint

Protected SubnetAND/ORInternet

Protected Endpoint


Security Goals

• Access Control– Prevent unauthorized access to

resources. • Connectionless Integrity

– Check any modifications in IP datagram without caring about the arrival order of IP datagrams.

• Origin Authentication– Identify claimed source of data.


Security Goals (continued..)

• Partial Sequence Integrity– Check for duplicate packets (Replay

attacks).• Data Confidentiality

– Protect against disclosure of data to unauthorized entities.

• Limited Traffic Flow Confidentiality – Protect external characteristics of

communications (e.g. source and destination addresses etc.).


Major IPSec Components

• Security Policies– Provides rules for user access and control level.

• Security Protocols– Authentication Header (AH)

• Provides origin authentication, connectionless integrity and optional partial sequence integrity.

– Encapsulating Security Payload (ESP)• Provides all services provided by AH, data

confidentiality and limited traffic flow confidentiality as well.


Major IPSec Components (continued..)

• Cryptographic Algorithms– Helps to achieve integrity and

confidentiality. • Key Management

– All security operations are provided by cryptographic means, so keys are required.

– Internet Key Exchange (IKE v2) is used to provide key management.


Assumptions

• To achieve high quality of security services, certain assumptions need to be met: – Good implementation of IPSec.– Security is dependent on many things in

over all system (e.g. personnel & physical procedures, security policies etc.), so IPSec just play its role as a part.

– Good Implementation of Operating System (OS) security services.


IPSec Components to Help in Achieving Security Goals

• Security Association (SA)– SA is a one way traffic secure

connection between communicating parties.

– For Bidirectional communication, two SAs are established.

– SA, providing actually all security services, is setup by IKE.

– Functionality is dependent upon security protocols, mode of IPSec working, endpoints of SA and chosen security services.


IPSec Components to Help in Achieving Security Goals (continued..)

• Security Policy Database (SPD)– Stores security policies. – Provides information about security policy rules

to be applied.– At least one SPD implementation must be

supported in IPSec.– Three logical components

• SPD-Secure (S) contains rules for all IPSec protected traffic.

• SPD-Outbound (O) contains rules for all outbound traffic

• SPD-Inbound (I) contains rules for all inbound traffic or bypassed.


IPSec Components to Help in Achieving Security Goals (continued..)

• Security Association Database (SAD)– Stores SAs. – Provides information about security

associations. – For outbound processing SAD is pointed by

SPD-S part. – For inbound processing SAD is pointed by SPD-I

part.• Peer Authorization Database (PAD)

– Stores information about links between SPD and SAD.

– Helps IPSec components in security services practice.


IPSec Working & Role of IKE

• IKE helps in setup of security associations (SAs). – The functionality of all cryptographic protocols

is dependent on these SAs. – Control information exchange also requires SA

setup. • IKE provides this setup by message

exchanges. – IKE_SA_INIT, IKE_AUTH– IKE_CHILD_SA– Informational Exchanges


IPSec Working & Role of ESP

• ESP provides origin authentication, connectionless and sequence integrity, data and limited traffic flow confidentiality.

• Security services are offered in three modes by ESP.– Confidentiality Only (may be supported) – Integrity Only (must be supported) – Confidentiality and Integrity (must be

supported)


IPSec Working & Role of ESP (continued..)

• Data Confidentiality– Data confidentiality is provided via encryption.– Encryption scheme selection is dependent

upon SA out of various encryption algorithms. • Origin Authentication and Connectionless

Integrity – Integrity of IP datagram is validated via

Message Authentication Code (MAC). – Origin authentication is provided indirectly by

binding of the key with the holding entity (origin).


IPSec Working & Role of ESP (continued..)

• Anti-Replay Service (Partial Sequence Integrity)– This is service to detect arrival of

duplicate packets. – Provides sequential integrity and may

be supported in ESP. • Limited Traffic Flow Confidentiality

– This service hides source and destination addresses and usually employed in Tunnel Mode.


Limitations of IPSec

• IPSec follows very strict layering and protection model works end-to-end.

• With advancement in wireless technology according to characteristics of networks, certain cross-layer optimizations are performed.

• Some examples of wireless technology highlights the functionality of new network applications.


Limitations of IPSec (continued..)

• Conflicts between IPSec and TCP PEPs– TCP PEPs work on two pieces of

information, TCP flow identification and sequence numbers.

– IPSec encapsulate whole TCP packet. • Traffic Analysis

– For functioning of upper layers, some information from headers is required at intermediate nodes.

– IPSec hides all upper layer headers.


Limitations of IPSec (continued..)

• Traffic Engineering– Flow classification is essential in providing rich

classes of service and QoS (RED, RSVP). – The flow information present in upper layers

such ac TCP is hidden by IPSec. • Application Layer Agents/Proxies

– Some modern routers can serve the HTTP requests from their local cache in order to improve performance.

– They need information from upper layers like HTTP but, that is hidden by IPSec.


Summary of IPSec Limitations and Conclusion

• All above defined mechanisms, try to access upper layers information for their working.

• IPSec works on end-to-end basis and encrypts all the upper layer information.

• So IPSec has basic functioning conflict with many intermediate devices.

• Need to resolve these issues for optimal performance.


Problem Statement for ML-IPSec

• Develop a security scheme with below defined features:– Supports the services and applications

which have conflict with IPsec working. – Should grant trusted intermediate nodes

a secure, controlled and limited access to a selected portion of IP datagram.

– Should preserve the end-to-end security protection for user data.


• Using a transport-layer security mechanism as an alternative to IPsec to provide security services.

• The transport-layer mechanism, such as secure sockets layer (SSL) or transport layer security (TLS) operates above TCP and works well with TCP PEP: – it encrypts the TCP data while leaving the TCP

header in unencrypted and unauthenticated form

• Limitations:– Vulnerable to traffic analysis attack– SSL/TLS only works on TCP but not on UDP so

the range of applications is limited

Approaches - Transport Layer Security


• This approach tries to use transport layer security protocols, SSL/TLS, inside IPsec.

• SSL/TLS will protect the TCP data and IPSec will protect TCP header information

• Limitations:– wastage of resources because TCP data

will be encrypted twice by SSL/TLS and IPsec,

– IPsec still encrypts the whole TCP information including header and data part

Approaches – Tunnelling one security protocol


• The transport-friendly ESP (TF-ESP) protocol format was proposed:– The TCP state information (such as flow

identifications and sequence numbers) are in a disclosure header outside the encryption scope, bbut authenticated.

• Limitations:– Vulnerable to traffic analysis attack– it does not work well with TCP spoofing

when a write access is needed

Approaches - Using a Transport Friendly ESP Format


• IPsec protection can be applied twice, once between sender and security gateway and second time between security gateway and destination.

• Limitations:– It exposes the information to

intermediate nodes while confidentiality is only meant for end-to-end

Approaches – Splitting IPsec into Two Segments


• ML-IPsec breaks the IP datagram into different parts and apply different security mechanisms on different parts:– one security mechanism for transport

header– different security mechanism for

application data• This approach allows the intermediate

nodes to co-exist with end-to-end IPsec

• Limitations:– More complex than IPsec

Approaches – Multi - Layer IP Security Protocol


Standardization & Issues

• Many meetings were attended at IETF to present the idea of IPSec and internet draft was written.

• IETF Concerns: – Application domains is limited (Satellite

Networks only). – Implementation complexity is increased.

(shown feasible via implementation in IPSec).– Two more implementations required to prove

the points.• Key Management Complexity is major

issue.

www.ee.surrey.ac.uk/CCSR

Applications

30


Principle of ML-IPSec Security Protection• Multilayer protection model:

• Divides IP datagram into zones

• Different protection schemes for different zones (e.g. SA, public/private keys, access control rules etc.)


General Model of IPSec Processing

• .

MulticastKey Exchange


Composite Security Association (CSA)

• Security Association

• one-way relationship between sender and receiver.

• defines set of parameters (e.g. sequence number, anti-replay window, lifetime of SA, Path MTU etc).

• Controls outbound, inbound processing.


CSA Continued..

• CSA has two elements: – Zone Map: defines coverage of each

zone in IP datagram. – Zone List: is a list of all SAs for all zones.

(all stored in “Security Association Database (SAD)”).


Zones and Zone Map• A zone is any portion of IP datagram under same

security protection.

• Entire IP datagram can be broken into zones.

• Zones can not overlap.

• A zone can be split into multiple sub zones (continuous part of IP datagram).

• A zone map is a mapping relationship between IP octets and zones.

• Remains Constant for a security relationship.

• zones that covers last part of IP datagram (data) should be variable according to size.


Composite Security Association (CSA)

• Zone Map

• Zone List – In zone list area we show the SAs, their

parameters and access control.


Zone List continued

• SA (designated)– Sequence Number Counter (64 bit)– Sequence Counter Overflow – Anti-Replay Window (64 bit)– Protocol mode (Transport or Tunnel)– Path MTU – Lifetime – Encryption algorithm (DES-CBC)– Encryption Key – Authentication algorithm (HMAC-MD5-32)– Authentication Key


Outbound Processing (zone by zone)

Outbound: IP datagram

Zone map

Plain Text (masked and concatenated)

Encryption (using ESP)

Cipher Text (ESP)

Authentication

AH

ICV

SA

AH or ESP authentication data

ESP paylod data


Inbound Processing (zone by zone)

Outbound: IP datagram

Zone map

Plain Text (masked and concatenated)

Decryption (using ESP)

Cipher Text (ESP)

Authentication

AH

ICV

SA

AH or ESP authentication data

ESP paylod data


ESP Header

• Security Parameter Index: Identifies Security Association (SA).

• Sequence Number: Counts the packet sent.

• Encrypted Payload Data for Zone: contains the encrypted payload data (IP payload data, padding, pad length, Next Header).

• Authentication Data for Zone: Contains the Integrity Check Values (ICV) for each zone.

40


Implementation and Evaluation

• Two different evaluations of ML-IPSec shall be performed. – Simulations based, to see the scalability

and reliability behaviour. • Impact of network bandwidth on

Performance ( SA establishment latency, TCP throughput and delay).

• Impact of different data packet size on performance and security protocol behaviour.

– Reference Implementation of ML-IPSec to see the overhead on real network. 41


Testbed Experiment Requirements

• Use Cases– IP Only: running standard IP with no security. – IPSec: running IPSec using ESP with

authentication mode enabled. – ML-IPSec (1 Zone) = IPSec– ML-IPSec (2 Zone) – ML-IPSec (3 Zones)

• The ML-IPSec experiment will be evaluated for processing delays, CPU overload and bandwidth overhead

42


Testbed Experiment Requirements

Processing Delay • The processing delay will

be measured by taking following parameters into consideration: – One Host pinging other– Packet size will be fixed. – Processing Time will be

evaluated.

Bandwidth Overhead– One host generate and

send packets as fast as it can and other counting after receiving.

– CPU speed will be fixed.

– Network speed will be fixed.

– Throughput and protocol overhead relationship will be studied

Comparing CPU Overload• For evaluation of CPU

overhead environment will be configured as given below: – One host generate and

send packets as fast as it can and other counting after receiving.

– CPU speed will be fixed. – Network speed will be

fixed. . – Throughput and CPU load

relationship will be studied.

43


ML-IPSec Testbed

• Current Status– Fedora 13

Installed– Computers are

configured as shown in diagram.

• Future Plans– Need to configure

network’s speed. – Need to configure

NIST Net according to requirements.

44


Simulations & Standalone Implementation Plans

• NIST has performed IPSec simulations as part of project “NIIST(NIST IPSec and IKE Simulation Tool”.

45

• SPD: Security Policy Database

• SAD: Security Association Database

• PF_Key: Generic Socket Key Management API


Simulations & Standalone Implementation Plans

46


Conclusion

• Intermediate gateways can have access to partial IP datagram (e.g. TCP header) by partial keys.

• Can solve the conflict between IPSec and TCP PEPs being used in satellite networks.

• The current new and future networks can improve quality of service using fair queuing, differential services etc.

• IPSec problems are solved.

Technology

Multilayer Security Architecture for Internet Protocols