Distributed Systems Security Protocols (Network-/Transport Layer)
Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck http://www.itm.uni-luebeck.de/people/pfisterer
Overview • Until now – Security on Different Layers – Security on Physical & Data-Link Layer • Mostly security in wireless networks • Bluetooth, GSM / GPRS / UMTS, Wireless LANs
• Today – Security on Network & Transport Layer – IPsec – Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Security - 07c Network and Transport Layer
#2
Why is IP unsecure? Attack Security Objective Traffic-Analysis Anonymity Message Interception Confidentiality Modification of Messages Integrity Discard messages / Availability (Denial-of-Service attack) TTL-Field modification IP-address spoofing Authenticity Security - 07c Network and Transport Layer
#3
IPsec
IPsec
HTTP
FTP
SMTP
TCP
• IPsec = IP security – Initiated 1994 by Internet Architecture Board (IAB) – Reaction to increasing attacks on IP (IP Spoofing,…) – Addition to IPv6, integral part of IPv6
IP / IPsec
• Defined in numerous RFCs – Architecture, Authentication, Confidentiality, and Key Management/Distribution – RFC 4301: Security Architecture for the Internet Protocol – RFC 4302: IP Authentication Header – RFC 4303: IP Encapsulating Security Payload (ESP) – RFC 4306: Internet Key Exchange (IKEv2) Protocol Security - 07c Network and Transport Layer
#5
Fundamentals & Concepts
Protocols
Algorithms
Architecture (RFC 4301)
ESP (RFC 4303)
AH (RFC 4302)
Encryption (RFC 2405)
Authentication (RFC 2404)
DOI (RFC 2407)
Key Management DOI: Domain of Interpretation
ISAKMP, IKE, others Security - 07c Network and Transport Layer
#6
IPsec • Security service on ISO/OSI-Layer 3 (network) – Typically supplied by the operating system – Transparent for applications (can remain unchanged)
• Often used for Virtual Private Networks (VPNs) – Secure data transmission over unsecure Internet links – Interconnection of different organization-internal networks – Cost-effective interconnection means Security - 07c Network and Transport Layer
#7
IPsec application examples
Security - 07c Network and Transport Layer
#8
IPsec architecture • Security mechanisms implemented using IP Extension Header • Two types
– Authentication Header (AH) – Encapsulating Security Payload Header (ESP)
• Implemented security services AH
ESP (w/o auth.)
ESP (with Auth)
Access Control
✪
✪
✪
Integrity (connection-less)
✪
✪
Authentication
✪
✪
Replay-Mitigation
✪
✪
✪
Confidentiality
✪
✪
Traffic Flow Confidentiality
✪
✪
Security - 07c Network and Transport Layer
#9
Modes of Operation • Both, AH and ESP, can be used in to different ways – Transport mode – Tunnel mode
• Transport mode – Only the packets payload is treated / secured – Mostly used for point-to-point communication – E.g., VPN access for mobile users
• Tunnel mode – The full IP packet (incl. header) is treated / secured – Provide a virtual "secure hop" between two gateways – Mostly used to interconnect networks Security - 07c Network and Transport Layer
#10
Modes of operation: Tunnel vs. Transport Transport Mode
Tunnel Mode
AH
Authenticates full inner IP Authenticated IP payload and packets and (parts of ) the outer (parts of ) the IP header. IP header.
ESP (w/o auth.)
Encrypts IP payload and all IP extension headers following the ESP header.
Encrypts the full inner IP packet.
ESP (with Auth.)
Like ESP w/o auth but with additional authentication of the IP payload.
Encrypts and authenticates inner IP packet.
Security - 07c Network and Transport Layer
#11
Authentication Header • Authentication based on Message Authentication Code (MAC) – Required algorithms: MD5 and SHA-1
• Example of AH in tunnel mode:
New IP header
Extension headers
AH
IP header
Extension Headers (if present)
TCP header
Data
Orig. IP header
Extension Headers (if present)
TCP header
Data
Authentication protected (excluding those modified in transit, such as TTL or header checksum) Security - 07c Network and Transport Layer
#12
AH Protokoll • AH adds an extension header to IP datagrams – Security Parameter Index : identifies security association (details later); basically indicates which algorithms and keys are used – Sequence number to avoid replay attacks – Authentication data: MAC value authenticating payload and all non-volatile IP header fields 0
8
16
Next Header
Payload Length
Reserved
31
Security Parameters Index (SPI) Sequence Number Authentication Data (variable length) Security - 07c Network and Transport Layer
#13
AH: Transport & Tunnel Mode • AH in transport mode Original IP Header
AH (Len, SPI, SeqNo, MAC)
Payload (e.g., TCP, UDP, ICMP)
MAC scope (alle unveränderlichen Felder)
• AH in tunnel mode Outer IP Header
AH (Len, SPI, SeqNo, MAC)
Inner IP Header
Payload (e.g., TCP, UDP, ICMP)
MAC scope (alle unveränderlichen Felder)
Security - 07c Network and Transport Layer
#14
0
IPSec and IP
Vers ion
Hdr Len
8
16
Type of Service
Total Length
Identification TTL
31
Flag s
Protocol
Fragment Offset Header Checksum
Source Address Destination Address Options & Padding Data (