Presented by
arun saraswat

---

[attachment=12301]
The need...
 In CERTs 2001 annual report it listed 52,000 security incidents
 the most serious involving:
 IP spoofing
 intruders creating packets with false address then taking advantages of OS exploits
 eavesdropping and sniffing
 attackers listen for userids and passwords and then just walk into target systems
 as a result the IAB included authentication and encryption in the next generation IP (IPv6)
IP Security Scenario
IP Security Overview
IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
IP Security Overview
Applications of IPSec
◦ Secure branch office connectivity over the Internet
◦ Secure remote access over the Internet
◦ Establsihing extranet and intranet connectivity with partners
◦ Enhancing electronic commerce security
◦ IP Security Architecture
IPSec documents:
◦ RFC 2401: An overview of security architecture
◦ RFC 2402: Description of a packet encryption extension to IPv4 and IPv6
◦ RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6
◦ RFC 2408: Specification of key managament capabilities
IPSec
 general IP Security mechanisms
 provides
◦ authentication
◦ confidentiality
◦ key management
 applicable to use over LANs, across public & private WANs, & for the Internet
IPSec Services
• Two protocols are used to provide security:
– Authentication Header Protocol (AH)
– Encapsulation Security Payload (ESP)
• Services provided are:
– Access control
– Connectionless integrity
– Data origin authentication
– Rejection of replayed packets
• a form of partial sequence integrity
– Confidentiality (encryption)
– Limited traffic flow confidentiality
Security Associations
• a one-way relationship between sender & receiver that affords security for traffic flow
• defined by 3 parameters:
– Security Parameters Index (SPI)
• a bit string
– IP Destination Address
• only unicast allowed
• could be end user, firewall, router
– Security Protocol Identifier
• indicates if SA is AH or ESP
• has a number of other parameters
– seq no, AH & EH info, lifetime etc
• have a database of Security Associations
Transport and Tunnel Modes
 Both AH and ESP have two modes
◦ transport mode is used to encrypt & optionally authenticate IP data
 data protected but header left in clear
 can do traffic analysis but is efficient
 good for ESP host to host traffic
◦ tunnel mode encrypts entire IP packet
 add new header for next hop
 good for VPNs, gateway to gateway security
Encryption and Authentication Algorithms
 Encryption:
◦ Three-key triple DES
◦ RC5
◦ IDEA
◦ Three-key triple IDEA
◦ CAST
◦ Blowfish
 Authentication:
◦ HMAC-MD5-96
◦ HMAC-SHA-1-96
Key Management
 Two types:
◦ Manual
◦ Automated
 Oakley Key Determination Protocol
 Internet Security Association and Key Management Protocol (ISAKMP)
Oakley
 Three authentication methods:
◦ Digital signatures
◦ Public-key encryption
◦ Symmetric-key encryption
Summary
 have considered:
◦ IPSec security framework
◦ AH Protocol
◦ ESP Protocol
◦ key management & Oakley/ISAKMP