网络安全-IPSec

2Chapter12:IPSecIntroductionBriefintroductiontotheInternetProtocol(IP)suiteSecurityproblemsofIPandobjectivesofIPSecTheIPSecarchitecture:OverviewIPReplayProtectionIPSecsecurityprotocolmodes:•Transportmode•TunnelmodeIPSecurityPoliciesandtheSecurityPolicyDatabase(SPD)Securityassociations(SA)andtheSADatabase(SAD)ImplementationalternativesIPSecsecurityprotocols:EncapsulatingSecurityPayload(ESP)AuthenticationHeader(AH)EntityAuthenticationandKeyEstablishmentwiththeInternetKeyExchange(IKE)Chapter12:TheIPSecSecurityArchitecture3Chapter12:IPSecTheTCP/IPProtocolSuiteIP(InternetProtocol)unreliable,connectionlessnetworkprotocolTCP(TransmissionControlProtocol)reliable,connection-orientedtransportprotocolUDP(UserDatagramProtocol)unreliable,connectionlesstransportprotocolapplicationprotocols:Examples:HTTP(HypertextTransferProtocol),SMTP(SimpleMailTransferProtocol),…HostBHostCHostAApplicationProtocolIPAccessProtocolTCPUDPApplicationProtocolIPAccessProtocolTCPUDPApplicationProtocolIPAccessProtocolTCPUDPInternet4Chapter12:IPSecTheIPv4PacketFormat(1)Version(Ver.):4bit•Currently,version4iswidelydeployed•Currently,version6isgraduallytakingoverInternetheaderlength(IHL):4bit•LengthoftheIPheaderin32-bitwords(i.e.nooptionsIHL=5)Typeofservice(TOS):8bit•Originallydefinedtoindicateservicerequirements•RedefinedforDiffServCodePointsandExplicitCongestionNotificationDestinationAddressSourceAddressTTLIPIdentificationProtocolIPChecksumFlagsFragmentOffsetLengthTOSVer.IHLTCP/UDP/...PayloadIPOptions(ifany)5Chapter12:IPSecTheIPPacketFormat(2)Length:16bit•Thelengthofthepacketincludingtheheaderinoctets•Thisfieldis,likeallotherfieldsintheIPsuite,in“bigendian”representation(i.e.,networkbyteorder)Identification:16bit•Usedto“uniquely”identifyanIPdatagram•ImportantforreassemblingoffragmentedIPpacketsFlags:3bit•Bit1:donotfragment•Bit2:datagramfragmented•Bit3:reservedforfutureuseFragmentationoffset:13bit•ThepositionofthispacketinthecorrespondingIPdatagramTimetolive(TTL):8bit•Ateveryprocessingnetworknode,thisfieldisdecrementedbyone•WhenTTLreaches0,thepacketisdiscardedtoavoidpacketlooping6Chapter12:IPSecTheIPPacketFormat(3)Protocol:8bit•Indicatesthe(transport)protocolofthepayload•Forexample:TCP,UDP,...Checksum:16bit•Protectionofheaderagainsttransmissionerrors•Notewell:itisnotacryptographicchecksumSourceaddress:32bit•TheIPaddressofsenderDestinationaddress:32bit•TheIPaddressoftheintendedreceiverIPOptions:variablelength•IPheaderscanoptionallycarryadditionalinformation7Chapter12:IPSecSecurityProblemsoftheInternetProtocolWhenanentityreceivesanIPpacket,ithasnoassuranceof:•Dataoriginauthentication/dataintegrity:•Thepackethasactuallybeensentbytheentitywhichisreferencedbythesourceaddressofthepacket•Thepacketcontainstheoriginalcontentthesenderplacedintoit,sothatithasnotbeenmodifiedduringtransport•Thereceivingentityisinfacttheentitytowhichthesenderwantedtosendthepacket•Confidentiality:•Theoriginaldatawasnotinspectedbyathirdpartywhilethepacketwassentfromthesendertothereceiver8Chapter12:IPSecSecurityObjectivesofIPSecIPSecaimstoensurethefollowingsecurityobjectives:•Dataoriginauthentication/connectionlessdataintegrity:•ItisnotpossibletosendanIPdatagramwithneitheramasqueradedIPsourcenordestinationaddresswithoutthereceiverbeingabletodetectthis•ItisnotpossibletomodifyanIPdatagramintransit,withoutthereceiverbeingabletodetectthemodification•Replayprotection:itisnotpossibletolaterreplayarecordedIPpacketwithoutthereceiverbeingabletodetectthis•Confidentiality:•ItisnotpossibletoeavesdroponthecontentofIPdatagrams•LimitedtrafficflowconfidentialitySecuritypolicy:•Sender,receiverandintermediatenodescandeterminetherequiredprotectionforanIPpacketaccordingtoalocalsecuritypolicy•IntermediatenodesandthereceiverwilldropIPpacketsthatdonotmeettheserequirements9Chapter12:IPSecIntroductionBriefintroductiontotheInternetProtocol(IP)suiteSecurityproblemsofIPandobjectivesofIPSecTheIPSecarchitecture:OverviewIPReplayProtectionIPSecsecurityprotocolmodes:•Transportmode•TunnelmodeIPSecurityPoliciesandtheSecurityPolicyDatabase(SPD)Securityassociations(SA)andtheSADatabase(SAD)ImplementationalternativesIPSecsecurityprotocols:EncapsulatingSecurityPayload(ESP)AuthenticationHeader(AH)EntityAuthenticationandKeyEstablishmentwiththeInternetKeyExchange(IKE)Overview10Chapter12:IPSecOverviewoftheIPSecArchitecture(1)(1)Authentication,keyestablishmentandnegotiationofcryptographicalgorithmsProtocols:ISAKMP,InternetKeyExchange(IKE),IKEv2(2)Setkeysandcryptographicalgorithms(3)Securechannel,whichprovides•Dataintegrity:usingtheAuthenticationHeader(AH)protocolortheEncapsulatingSecurityPayload(ESP)•ConfidentialityusingESP•Note:ESPcanprovidebothdataintegrityandencryptionwhileAHprovidesonlydataintegrity1223IKEIKE11Chapter12:IPSecOverviewoftheIPSecStandardizationDocumentsIPSec-Architecture[RFC4301]EncapsulatingSecurityPayload[RFC4303]AuthenticationHeader[RFC4302]KeyManagementISAKMP[RFCs2407,2408]InternetKeyExchange[RFC2409]CryptographicAlgorithmImplementationRequirementsforESPandAH([RFC4305]consistsofInternetKeyExchangeVersio