1、Cryptography and Network SecurityChapter 16Fourth Editionby William StallingsLecture slides by Lawrie BrownChapter 16 IP SecurityIf a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom the secret was told.The Art of War, Sun TzuI

2、P Securityhave a range of application specific security mechanismseg. S/MIME, PGP, Kerberos, SSL/HTTPShowever there are security concerns that cut across protocol layerswould like security implemented by the network for all applicationsIPSecgeneral IP Security mechanismsprovidesauthenticationconfide

3、ntialitykey managementapplicable to use over LANs, across public & private WANs, & for the InternetIPSec UsesBenefits of IPSecin a firewall/router provides strong security to all traffic crossing the perimeterin a firewall/router is resistant to bypassis below transport layer, hence transparent to a

4、pplicationscan be transparent to end userscan provide security for individual userssecures routing architectureIP Security Architecturespecification is quite complexdefined in numerous RFCsincl. RFC 2401/2402/2406/2408many others, grouped by categorymandatory in IPv6, optional in IPv4have two securi

5、ty header extensions:Authentication Header (AH)Encapsulating Security Payload (ESP)IPSec ServicesAccess controlConnectionless integrityData origin authenticationRejection of replayed packetsa form of partial sequence integrityConfidentiality (encryption)Limited traffic flow confidentialitySecurity A

6、ssociationsa one-way relationship between sender & receiver that affords security for traffic flowdefined by 3 parameters:Security Parameters Index (SPI)IP Destination AddressSecurity Protocol Identifierhas a number of other parametersseq no, AH & EH info, lifetime etchave a database of Security Ass

7、ociationsAuthentication Header (AH)provides support for data integrity & authentication of IP packetsend system/router can authenticate user/appprevents address spoofing attacks by tracking sequence numbersbased on use of a MACHMAC-MD5-96 or HMAC-SHA-1-96parties must share a secret keyAuthentication

8、 HeaderTransport & Tunnel ModesEncapsulating Security Payload (ESP)provides message content confidentiality & limited traffic flow confidentialitycan optionally provide the same authentication services as AHsupports range of ciphers, modes, paddingincl. DES, Triple-DES, RC5, IDEA, CAST etcCBC & othe

9、r modespadding needed to fill blocksize, fields, for traffic flowEncapsulating Security PayloadTransport vs Tunnel Mode ESPtransport mode is used to encrypt & optionally authenticate IP datadata protected but header left in clearcan do traffic analysis but is efficientgood for ESP host to host traff

10、ictunnel mode encrypts entire IP packetadd new header for next hopgood for VPNs, gateway to gateway securityCombining Security AssociationsSAs can implement either AH or ESPto implement both need to combine SAsform a security association bundlemay terminate at different or same endpointscombined byt

11、ransport adjacencyiterated tunnelingissue of authentication & encryption order Combining Security AssociationsKey Managementhandles key generation & distributiontypically need 2 pairs of keys2 per direction for AH & ESPmanual key managementsysadmin manually configures every systemautomated key manag

12、ementautomated system for on demand creation of keys for SAs in large systemshas Oakley & ISAKMP elementsOakleya key exchange protocolbased on Diffie-Hellman key exchangeadds features to address weaknessescookies, groups (global params), nonces, DH key exchange with authenticationcan use arithmetic

13、in prime fields or elliptic curve fieldsISAKMPInternet Security Association and Key Management Protocolprovides framework for key managementdefines procedures and packet formats to establish, negotiate, modify, & delete SAsindependent of key exchange protocol, encryption alg, & authentication methodISAKMPISAKMP Payloads & Exchangeshave a number of ISAKMP payload types:Security, Proposal, Transform, Key, Identification, Certificate, Certificate, Hash, Signature, Nonce, Notification, D