Presented By:

Kulwinder
Priya
Priyanka
IPSec is a framework of open standards
developed by the Internet Engineering Task
Force (IETF). A network layer security
protocol providing cryptographic security
services that can support various
combinations of authentication, integrity,
access control, and confidentiality

Creates secure, authenticated, reliable
communications over IP networks



Access control : Prevention of unauthorized use
of a resource
Connectionless integrity : Assurance that
received traffic has not been modified.
Integrity includes anti-replay defenses.
Data origin authentication : Assurance that
traffic is sent by legitimate party or parties.
Rejection of replayed packets: a form of partial
sequence integrity
Confidentiality (encryption): Assurance that
users traffic is not examined by non-
authorized parties.
Limited traffic flow confidentiality


IPsec provides the capability to secure
communications
across a LAN
across private and public WANs
across the Internet
can encrypt and/or authenticate all traffic
at the IP level. Thus, all distributed
applications (including remote logon,
client/server, e-mail, file transfer, Web
access, and so on) can be secured.


VPNs



Wireless
Internet
SG
Internet
Encrypted / Authenticated
Secure branch office connectivity over the Internet: A
company can build a secure virtual private network over
the Internet or over a public WAN
Secure remote access over the Internet: An end user
whose system is equipped with IP security protocols can
make a local call to an Internet Service Provider (ISP) and
gain secure access to a company network.
Establishing extranet and intranet connectivity with
partners: IPsec can be used to secure communication with
other organizations, ensuring authentication and
confidentiality and providing a key exchange mechanism.
Enhancing e-commerce security: Even though some Web
and electronic commerce applications have built-in
security protocols, the use of IPsec enhances that security.
IPsec guarantees that all traffic designated by the network
administrator is both encrypted and authenticated, adding
an additional layer of security to whatever is provided at
the application layer.

Routing applications:
assure that router advertisments come from
authorized routers
neighbor advertisments come from authorized
routers
insure redirect messages come from the router
to which initial packet was sent
insure no forging of router updates

in a firewall/router provides strong security to
all traffic crossing the perimeter
is resistant to bypass
is below transport layer, hence transparent to
applications
can be transparent to end users
can provide security for individual users if
desired

IPSec has two modes of operation:

Transport Mode: Transport mode encrypts only the data
portion (payload) of each packet, but leaves the header
untouched. It is more efficient and the end points are
obvious.

Tunnel Mode: is the way Mobile-IP works or the VPN are
constructed. It is less efficient but hides the network
behind the security gateways. the traffic of the several
networks can be concealed in one tunnel making traffic
analysis difficult. It encrypts both the data and the header.
IPSec implemented between security gateways.
IPSec implementation in end-to-end communication scheme
Internet Key Exchange (IKE) protocol
For negotiating security parameters and establishing
authenticated keys
Uses UDP port 500 for ISAKMP
Encapsulating Security Payload (ESP) protocol
For encrypting, authenticating, and securing data
IP protocol 50
Authentication Header (AH) protocol
For authenticating and securing data
IP protocol 51


defines the parameters associated with each SA:
Security Parameter Index: 32-bit value selected by the
receiving end of an SA to uniquely identify the SA.
outbound SA = SPI used to construct packets AH or ESP
header. inbound SA= SPI is used to map traffic to
the appropriate SA.
Sequence Number Counter: 32-bit value used to
generate the SequenceNumber field in AH or ESP headers
Sequence Counter Overflow: A flag indicating whether
overflow of the Sequence Number Counter should
generate an auditable event and prevent further
transmission of packets on this SA .
Anti-Replay Window: Used to determine whether an
inbound AH or ESP packet is a replay.
AH Information: Authentication algorithm, keys, key
lifetimes, and related parameters being used with AH.
ESP Information: Encryption and authentication
algorithm, keys, initialization values, key lifetimes, and
related parameters being used with ESP
Lifetime of this Security Association: A time interval or
byte count after which an SA must be replaced with a
new SA (and new SPI) or terminated, plus an indication
of which of these actions should occur.
IPsec Protocol Mode: Tunnel, transport, or
wildcard.
Path MTU: Any observed path maximum
transmission unit (maximum size of a packet that
can be transmitted without fragmentation) and
aging variables
The means by which IP traffic is related to
specific SAs (or no SA in the case of traffic
allowed to bypass IPsec) is the nominal
Security Policy Database (SPD).
Each SPD entry is defined by a set of IP and
upper-layer protocol field values, called
selectors.








This table reflects the following configuratioA local network
configuration consists of two networks.The basic corporate
network configuration has the IP network number 1.2.3.0/24.
The local configuration also includes a secure LAN, often
known as a DMZ, that is identified as 1.2.4.0/24. The DMZ is
protected from both the outside world and the rest of the
corporate LAN by firewalls. The host in this example has the
IP address 1.2.3.10, and it is authorized to connect to the
server 1.2.4.10 in the DMZ.
Is it for IPSec?
If so, which policy
entry to select?

SPD
(Policy)

SA
Database
IP Packet
Outbound packet (on A)
A B
SPI & IPSec
Packet
Send to B
Determine the SA
and its SPI
IPSec processing
Use SPI to
index the SAD

SA Database
Original IP Packet
SPI & Packet
Inbound packet (on B)
A B
From A

SPD
(Policy)
Was packet properly
secured?

un-process

AUTHENTICATION HEADER
The Authentication Header (AH) protocol
provides
data origin authentication : secret shared key
data integrity : Checksum that a message
authentication code, like MD5, generates
replay protection: sequence number field within
the AH header.

AH does NOT provide data confidentiality,
which means that all of your data is sent in
the clear.
AH authenticates as much of the IP datagram
as possible, the values of certain fields in the
IP header cannot be predicted by the
receiver. AH does not protect these fields,
known as mutable fields. However, AH
always protects the payload of the IP packet.

Next Header
identifies the type of the next payload after the
Authentication Header. The value of this field is chosen
from the set of IP Protocol Numbers defined on the web
page of Internet Assigned Numbers Authority (IANA).

a value of 4 indicates IPv4, a value of 41 indicates IPv6,
and a value of 6 indicates TCP.
Payload Length
specifies the length of AH in 32-bit words (4-byte units),
minus "2".

Example: if an integrity algorithm yields a 96-bit
authentication value, this length field will be "4" (3 32-bit
word fixed fields plus 3 32-bit words for the ICV, minus 2).

For IPv6, the total length of the header must be a multiple of
8-octet units. (Note that although IPv6 characterizes AH as an
extension header, its length is measured in 32-bit words, not
the 64-bit words used by other IPv6 extension headers).
Reserved
For future use.
MUST be set to "zero" by the sender, and it SHOULD be ignored by
the recipient. (although included in the ICV calculation, but is
otherwise ignored by the recipient.)
Security Parameters Index (SPI)
32-bit value that is used by a receiver to identify the SA to which an
incoming packet is bound.

range 1 through 255 is reserved by the Internet Assigned Numbers
Authority (IANA) for future use
The SPI value of zero (0) is reserved for local, implementation-
specific use and MUST NOT be sent on the wire

Sequence Number
contains a counter value that increases by one for each packet sent,
i.e., a per-SA packet sequence number.

AH provides no means of synchronizing packet counters among
multiple senders or meaningfully managing a receiver packet
counter and window in the context of multiple senders. Thus, for a
multi-sender SA, the anti-reply features of AH are not available.
mandatory and MUST always be present even if the receiver does
not elect to enable the anti-replay service for a specific SA.
all AH implementations MUST be capable of performing "Sequence
Number Generation", and "Sequence Number Verification".
The sender's counter and the receiver's counter are initialized to 0
when an SA is established.
Integrity Check Value (ICV)
This is a variable-length field that contains the Integrity Check Value (ICV)
for this packet. The field must be an integral multiple of 32 bits (IPv4 or
IPv6) in length.

This field may include explicit padding, if required to ensure that the length
of the AH header is an integral multiple of 32 bits (IPv4) or 64 bits (IPv6). All
implementations MUST support such padding and MUST insert only enough
padding to satisfy the IPv4/IPv6 alignment requirements.

The integrity algorithm employed for the ICV computation is specified by
the SA. For point-to-point communication, suitable integrity algorithms
include keyed Message Authentication Codes (MACs) based on symmetric
encryption algorithms or on one-way hash functions (e.g., MD5, SHA-1, SHA-
256, etc.)
Extended (64-bit) Sequence Number
To support high-speed IPsec implementations, a
new option for sequence numbers SHOULD be
offered, as an extension to the current, 32-bit
sequence number field.

The ESN facility allows use of a 64-bit sequence
number for an SA.
Only the low-order 32 bits of the sequence
number are transmitted in the AH header of each
packet, thus minimizing packet overhead. The
high-order 32 bits are maintained as part of the
sequence number counter by both transmitter and
receiver and are included in the computation of
the ICV, but are not transmitted.


Encapsulating Security Payload
data confidentiality: uses a symmetric key that
both communicating parties use to encrypt and
decrypt the data they exchange. The sender and
the receiver must agree on the key before
secure communication takes place between
them. VPN uses DES, 3DES, RC5, RC4, or AES for
encryption.
data origin authentication : ESP uses HMAC-
MD5 and HMAC-SHA algorithms to provide
authentication functions. Both MD5 and SHA take
variable-length input data and a secret key to
produce fixed-length output data (called a hash
value.
data integrity checking
replay protection.


The difference between ESP and the AH is that
ESP provides encryption, while both protocols
provide authentication, integrity checking, and
replay protection. With ESP, both communicating
systems use a shared key for encrypting and
decrypting the data they exchange.
If you decide to use both encryption and
authentication, then the responding system first
authenticates the packet and then, if the first
step succeeds, the system proceeds with
decryption. This type of configuration reduces
processing overhead, as well as reduces your
vulnerability to denial-of-service attacks.

The sequence number
a monotonically increasing 32-bit counter used to
protect against replay attacks
when an SA is established the sequence number is
reset to zero

Payload data
a variable length field that typically contains the data
payload, whose type is denoted by the next header
field
it may also contain cryptographic synchronization
data, such as an IV
Padding
used to fill the payload data to a specific block size
multiple required by a particular encryption algorithm,
or to randomize the length of the payload in order to
protect against traffic flow analysis
Pad length
an 8-bit field whose value indicates in bytes the
length of the padding field
Next header
an 8-bit field whose value indicates the type of
data contained in the payload data field
Authentication data
a variable length field containing an integrity
check value (ICV), which is computed (using an
authentication algorithm) from the rest of the
ESP packet, to provide data integrity protection
Integrity Check Value (variable):
A variable-length field (must be an integral
number of 32-bit words) that contains the
Integrity Check Value computed over the ESP
packet minus the Authentication Data field.
Additional fields :

Initialization Value (IV), or nonce
is present if this is required by the encryption or authenticated
encryption algorithm used for ESP.
optional. It is present only if the integrity service is selected
and is provided by either a separate integrity algorithm or a
combined mode algorithm that uses an ICV.
ICV is computed after the encryption is performed. Facilitates
rapid detection and rejection of replayed or bogus packets by
the receiver prior to decrypting the packet, hence potentially
reducing the impact of denial of service (DoS) attacks.
also allows for the possibility of parallel processing of packets
at the receiver, i.e., decryption can take place in parallel with
integrity checking.
Traffic flow confidentiality (TFC) padding
In tunnel mode only
After the Payload Data and before the Padding field




The term security association bundle refers to a sequence of
SAs through which traffic must be processed to provide a
desired set of IPsec services. The SAs in a bundle may
terminate at different endpoints or at the same endpoints.
Security associations may be combined into bundles in two
ways:
Transport adjacency:
Refers to applying more than one security protocol to the same
IP packet without invoking tunneling. This approach to
combining AH and ESP allows for only one level of combination;
further nesting yields no added benefit since the processing is
performed at one IPsec instance: the (ultimate) destination.
Iterated tunneling:
Refers to the application of multiple layers of security
protocols effected through IP tunneling. This approach allows
for multiple levels of nesting, since each tunnel can originate
or terminate at a different IPsec site along the path.


Advantages
- Provides seamless security to application and transport
layers (ULPs).
- Allows per flow or per connection security and thus allows
for very fine-grained security control.


Disadvantages
- More difficult to to exercise on a per user basis on a multi-
user machine.

The Internet was not created with security in mind.

Communications can be altered, examined and exploited.

There is a growing need to protect private information
crossing the public networks that make up the Internet
infrastructure.

IPSec is a set of protocols and methodologies to create secure
IP connections.