Cry.docx

SUBJECT: Cryptography

DISCUSSION

Find attached PPT as reference.

After reading chapter 20, analyze how a VPN is used for telework and how it helps to keep data safe .

Make sure to cover 300 words and 2 references.

Stallings_8e_Accessibl

e_fullppt_20.pdf

Cryptography and Network Security:

Principles and Practice Eighth Edition

Chapter 20

IP Security

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

IP Security Overview

• RFC 1636

– “Security in the Internet Architecture”

– Issued in 1994 by the Internet Architecture Board (I A B)

– Identifies key areas for security mechanisms

▪ Need to secure the network infrastructure from

unauthorized monitoring and control of network traffic

▪ Need to secure end-user-to-end-user traffic using

authentication and encryption mechanisms

– I A B included authentication and encryption as necessary

security features in the next generation I P (I P v 6)

▪ The IPsec specification now exists as a set of Internet

standards

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

IPsec Documents (1 of 2)

• IPsec Documents

– Architecture

▪ Covers the general concepts, security requirements,

definitions, and mechanisms defining IPsec technology

▪ The current specification is RFC4301, Security Architecture for

the Internet Protocol

– Authentication Header (AH)

▪ An extension header to provide message authentication

▪ The current specification is RFC 4302, IP Authentication

Header

– Encapsulating Security Payload (ESP)

▪ Consists of an encapsulating header and trailer used to

provide encryption or combined encryption/authentication

▪ The current specification is RFC 4303, IP Encapsulating

Security Payload (ESP)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

IPsec Documents (2 of 2)

– Internet Key Exchange (IKE)

▪ A collection of documents describing the key management

schemes for use with IPsec

▪ The main specification is RFC 7296, Internet Key Exchange

(IKEv2) Protocol, but there are a number of related RFCs

– Cryptographic algorithms

▪ This category encompasses a large set of documents that

define and describe cryptographic algorithms for encryption,

message authentication, pseudorandom functions (PRFs), and

cryptographic key exchange

– Other

▪ There are a variety of other IPsec-related RFCs, including

those dealing with security policy and management information

base (MIB) content

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Applications of IPsec

• IPsec provides the capability to secure communications across

a L A N, private and public W A N s, and the Internet

• Examples include:

– Secure branch office connectivity over the Internet

– Secure remote access over the Internet

– Establishing extranet and intranet connectivity with partners

– Enhancing electronic commerce security

• Principal feature of I Psec is that it can encrypt and/or

authenticate all traffic at the I P level

– Thus all distributed applications (remote logon, client/server,

e-mail, file transfer, Web access) can be secured

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

I Psec Services

• IPsec provides security services at the IP layer by enabling a system to:

– Select required security protocols

– Determine the algorithm(s) to use for the service(s)

– Put in place any cryptographic keys required to provide the requested

services

• RFC 4301 lists the following services:

– Access control

– Connectionless integrity

– Data origin authentication

– Rejection of replayed packets (a form of partial sequence integrity)

– Confidentiality (encryption)

– Limited traffic flow confidentiality

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.1 IPsec Architecture

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Security Association (S A)

• A one-way logical connection between a sender and a receiver that affords security services to the traffic carried on it

• In any I P packet, the S A is uniquely identified by the Destination Address in the I P v 4 or I P v 6 header and the S P I in the enclosed extension header (A H or E S P)

Uniquely identified by three parameters:

• Security Parameters Index (SPI)

– A 32-bit unsigned integer assigned to this SA and having local

significance only

• IP Destination Address

– Address of the destination endpoint of the SA, which may be an end-user system or a network system such as a firewall or router

• Security protocol identifier

– Indicates whether the association is an AH or ESP security association

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Security Association Database (S A D) • Defines the parameters associated with each S A

• Normally defined by the following parameters in a S A D entry:

– Security parameter index

– Sequence number counter

– Sequence counter overflow

– Anti-replay window

– A H information

– E S P information

– Lifetime of this security association

– I Psec protocol mode

– Path M T U

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Security Policy Database (S P D)

• The means by which I P traffic is related to specific S A s

– Contains entries, each of which defines a subset of I P

traffic and points to an S A for that traffic

• In more complex environments, there may be multiple

entries that potentially relate to a single S A or multiple SAs

associated with a single S P D entry

– Each S P D entry is defined by a set of I P and upper-

layer protocol field values called selectors

– These are used to filter outgoing traffic in order to map

it into a particular S A

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

SPD Entries (1 of 2)

• The following selectors determine an SPD entry:

• Remote IP address

– This may be a single IP address, an enumerated list or

range of addresses, or a wildcard (mask) address

– The latter two are required to support more than one

destination system sharing the same SA

• Local IP address

– This may be a single IP address, an enumerated list or

range of addresses, or a wildcard (mask) address

– The latter two are required to support more than one

source system sharing the same SA

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

SPD Entries (2 of 2)

• Next layer protocol

– The IP protocol header includes a field that designates

the protocol operating over IP

• Name

– A user identifier from the operating system

– Not a field in the IP or upper-layer headers but is

available if IPsec is running on the same operating

system as the user

• Local and remote ports

– These may be individual TCP or UDP port values, an

enumerated list of ports, or a wildcard port

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 20.1 Host S P D Example

Protocol Local IP Port Remote IP Port Action Comment

UDP 1.2.3.101 500 * 500 BYPASS IKE

ICMP 1.2.3.101 * * * BYPASS Error

messages

* 1.2.3.101 * 1.2.3.0/24 * PROTECT: ESP

intransport-mode

Encrypt

intranet

traffic

TCP 1.2.3.101 * 1.2.4.10 80 PROTECT: ESP

intransport-mode

Encrypt to

server

TCP 1.2.3.101 * 1.2.4.10 443 BYPASS TLS: avoid

double

encryption

* 1.2.3.101 * 1.2.4.0/24 * DISCARD Others in

DMZ

* 1.2.3.101 * * * BYPASS Internet

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.2 Processing Model for

Outbound Packets

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.3 Processing Model for

Inbound Packets

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.4 E S P Packet Format

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Encapsulating Security Payload (E S P) (1 of 2)

• Used to encrypt the Payload Data, Padding, Pad Length, and

Next Header fields

– If the algorithm requires cryptographic synchronization data

then these data may be carried explicitly at the beginning of

the Payload Data field

• An optional I C V field is present only if the integrity service is

selected and is provided by either a separate integrity algorithm

or a combined mode algorithm that uses an I C V

– I C V is computed after the encryption is performed

– This order of processing facilitates reducing the impact of

DoS attacks

– Because the I C V is not protected by encryption, a keyed

integrity algorithm must be employed to compute the I C V

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Encapsulating Security Payload (E S P) (2 of 2)

• The Padding field serves several purposes:

– If an encryption algorithm requires the plaintext to be a

multiple of some number of bytes, the Padding field is

used to expand the plaintext to the required length

– Used to assure alignment of Pad Length and Next

Header fields

– Additional padding may be added to provide partial

traffic-flow confidentiality by concealing the actual

length of the payload

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.5 Anti-replay Mechanism

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.6 Scope of ESP Encryption

and Authentication

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.7 End-to-end IPsec

Transport-Mode Encryption

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Transport Mode (1 of 2)

• Transport mode operation may be summarized as follows:

– At the source, the block of data consisting of the E S P trailer plus the entire transport-layer segment is encrypted and the plaintext of this block is replaced with its ciphertext to form the I P packet for transmission. Authentication is added if this option is selected

– The packet is then routed to the destination. Each intermediate router needs to examine and process the I P header plus any plaintext I P extension headers but does not need to examine the ciphertext

– The destination node examines and processes the I P header plus any plaintext I P extension headers. Then, on the basis of the S P I in the E S P header, the destination node decrypts the remainder of the packet to recover the plaintext transport-layer segment

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Transport Mode (2 of 2)

• Transport mode operation provides confidentiality for any

application that uses it, thus avoiding the need to

implement confidentiality in every individual application

• One drawback to this mode is that it is possible to do traffic

analysis on the transmitted packets

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Tunnel Mode (1 of 3)

• Tunnel mode provides protection to the I P packet

– To achieve this, after the A H or E S P fields are added

to the I P packet, the entire packet plus security fields is

treated as the payload of new outer I P packet with a

new outer I P header

– The entire original, inner, packet travels through a

tunnel from one point of an I P network to another; no

routers along the way are able to examine the inner I P

header

– Because the original packet is encapsulated, the new,

larger packet may have totally different source and

destination addresses, adding to the security

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Tunnel Mode (2 of 3)

– Tunnel mode is used when one or both ends of a

security association (S A) are a security gateway, such

as a firewall or router that implements I Psec

– With tunnel mode, a number of hosts on networks

behind firewalls may engage in secure communications

without implementing IPsec

– The unprotected packets generated by such hosts are

tunneled through external networks by tunnel mode S

As set up by the IPsec software in the firewall or

secure router at the boundary of the local network

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Tunnel Mode (3 of 3)

• Tunnel mode is useful in a configuration that includes a

firewall or other sort of security gateway that protects a

trusted network from external networks

• Encryption occurs only between an external host and the

security gateway or between two security gateways

– This relieves hosts on the internal network of the processing burden of encryption and simplifies the key distribution task by reducing the number of needed keys

– It thwarts traffic analysis based on ultimate destination

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

V P N

• Tunnel mode can be used to implement a secure virtual private

network

– A virtual private network (V P N) is a private network that is

configured within a public network in order to take advantage of

the economies of scale and management facilities of large

networks

▪ V P N s are widely used by enterprises to create wide area

networks that span large geographic areas, to provide site-to-

site connections to branch offices, and to allow mobile users to

dial up their company L A N s

▪ The pubic network facility is shared by many customers, with

the traffic of each customer segregated from other traffic

▪ Traffic designated as V P N traffic can only go from a V P N

source to a destination in the same V P N

▪ It is often the case that encryption and authentication facilities

are provided for the V P N

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.8 Example of Virtual Private

Network Implemented with IPsec

Tunnel Mode

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 20.2 Tunnel Mode and

Transport Mode Functionality

Blank Transport Mode S A Tunnel Mode S A

A H Authenticates I P payload

and selected portions of I P

header and IPv6 extension

headers.

Authenticates entire inner I P

packet (inner header plus I P

payload) plus selected

portions of outer I P header

and outer I P v 6 extension headers.

E S P Encrypts I P payload and any

IPv6 extension headers

following the ESP header.

Encrypts entire inner I P

packet.

E S P with

Authentication

Encrypts I P payload and any

IPv6 extension headers

following the E S P header.

Authenticates I P payload but

not I P header.

Encrypts entire inner I P

packet. Authenticates inner I P

packet.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.9 Protocol Operation for E S P

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Combining Security Associations • An individual SA can implement either the AH or ESP protocol but not both

• Security association bundle

– Refers to a sequence of SAs through which traffic must be processed to

provide a desired set of IPsec services

– The SAs in a bundle may terminate at different endpoints or at the same endpoint

• May be combined into bundles in two ways:

• Transport adjacency

– Refers to applying more than one security protocol to the same IP packet

without invoking tunneling

– This approach allows for only one level of combination

• Iterated tunneling

– Refers to the application of multiple layers of security protocols effected

through IP tunneling

– This approach allows for multiple levels of nesting

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

E S P with Authentication Option

• In this approach, the first user applies E S P to the data to be

protected and then appends the authentication data field

• Transport mode E S P

– Authentication and encryption apply to the I P payload

delivered to the host, but the I P header is not protected

• Tunnel mode E S P

– Authentication applies to the entire I P packet delivered to

the outer I P destination address and authentication is

performed at that destination

– The entire inner I P packet is protected by the privacy

mechanism for delivery to the inner I P destination

• For both cases authentication applies to the ciphertext rather

than the plaintext

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Transport Adjacency

• Another way to apply authentication after encryption is to use

two bundled transport S A s, with the inner being an E S P S A and

the outer being an A H S A

– In this case E S P is used without its authentication option

– Encryption is applied to the I P payload

– A H is then applied in transport mode

– Advantage of this approach is that the authentication covers

more fields

– Disadvantage is the overhead of two S A s versus one S A

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Transport-Tunnel Bundle

• The use of authentication prior to encryption might be preferable

for several reasons:

– It is impossible for anyone to intercept the message and

alter the authentication data without detection

– It may be desirable to store the authentication information

with the message at the destination for later reference

• One approach is to use a bundle consisting of an inner A H

transport S A and an outer E S P tunnel S A

– Authentication is applied to the I P payload plus the I P

header

– The resulting I P packet is then processed in tunnel mode by

E S P

▪ The result is that the entire authenticated inner packet is

encrypted and a new outer I P header is added

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.10 Basic Combinations of

Security Associations

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Internet Key Exchange

• The key management portion of I Psec involves the determination and distribution of secret keys

– A typical requirement is four keys for communication between two applications

▪ Transmit and receive pairs for both integrity and confidentiality

• The I Psec Architecture document mandates support for two types of key management:

• Manual

– A system administrator manually configures each system with its own keys and with the keys of other communicating systems

– This is practical for small, relatively static environments

• Automated

– Enables the on-demand creation of keys for S A s and facilitates the use of keys in a large distributed system with an evolving configuration

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

I S A K M P/Oakley

• The default automated key management protocol of IPsec

• Consists of:

– Oakley Key Determination Protocol

▪ A key exchange protocol based on the Diffie-Hellman

algorithm but providing added security

▪ Generic in that it does not dictate specific formats

– Internet Security Association and Key Management Protocol

(I S A K M P)

▪ Provides a framework for Internet key management and

provides the specific protocol support, including formats,

for negotiation of security attributes

▪ Consists of a set of message types that enable the use

of a variety of key exchange algorithms

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Features of I K E Key Determination

• Algorithm is characterized by five important features:

1.

– It employs a mechanism known as cookies to thwart clogging

attacks

2.

– It enables the two parties to negotiate a group; this, in essence,

specifies the global parameters of the Diffie-Hellman key

exchange

3.

– It uses nonces to ensure against replay attacks

4.

– It enables the exchange of Diffie-Hellman public key values

5.

– It authenticates the Diffie-Hellman exchange to thwart man-in-the-

middle-attacks

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.11 IKEv2 Exchanges

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 20.12 I K E Formats

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 20.3 IKE Payload Types Type Parameters

Security Association Proposals

Key Exchange DH Group #, Key Exchange Data

Identification ID Type, ID Data

Certificate Cert Encoding, Certificate Data

Certificate Request Cert Encoding, Certification Authority

Authentication Auth Method, Authentication Data

Nonce Nonce Data

Notify Protocol-ID, SPI Size, Notify Message Type, SPI, Notification Data

Delete Protocol-ID, SPI Size, # of SPIs, SPI (one or more)

Vendor ID Vendor ID

Traffic Selector Number of TSs, Traffic Selectors

Encrypted IV, Encrypted IKE payloads, Padding, Pad Length, ICV

Configuration CFG Type, Configuration Attributes

Extensible Authentication

Protocol

EAP Message

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Summary

• Present an overview of I P security (I Psec)

• Explain the difference between transport mode and tunnel mode

• Understand the concept of security association

• Explain the difference between the security association database and

the security policy database

• Present an overview of Encapsulating Security Payload

• Summarize the traffic processing functions performed by I Psec for out-

bound packets and for inbound packets

• Discuss the alternatives for combining security associations

• Present an overview of Internet Key Exchange

• Summarize the alternative cryptographic suites approved for use with

IPsec

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.