Network layers • Application • Transport CS 4803 • Network Computer and Network Security • Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly… Examples • Application layer: the communicating processes themselves and • Application layer: PGP, SSH the actual messages transmitted • Transport layer: SSL/TLS • Transport layer: handles transmissions on an “end-to-end” • Network layer: IPsec basis • Security at the lower layer? • Network layer: handles transmissions on a “hop-by-hop” basis 3 4
Security in what layer? Example: PGP vs. SSL vs. IPsec • Depends on the purpose… • PGP is an application-level protocol for “secure email” • What information needs to be protected? • Can provide security on “insecure” systems • What is the attack model? • Users choose when to use PGP; user must be involved • Who shares keys in advance? • Alice’s signature on an email proves that Alice actually • Should the user be involved? generated the message, and it was received unaltered; also • E.g., a network-layer protocol cannot authenticate two end- non-repudiation users to each other • In contrast, SSL would secure “the connection” from Alice’s • An application-layer protocol cannot protect IP header computer information • Also affects efficiency, ease of deployment, etc. 5 6 Example: PGP vs. SSL vs. IPsec Example: PGP vs. SSL vs. IPsec • SSL sits “on top of” the transport layer • IPsec sits “on top of” the network layer • End-to-end security, best for connection-oriented sessions • End-to-end or hop-by-hop security • User does not need to be involved • Best for connectionless channels • The OS does not have to be changed • Need to modify OS • Easy to modify applications to use SSL • All applications are “protected” by default, without requiring any change to applications or actions on behalf of users • If SSL rejects packet accepted by TCP, then TCP rejects • Can only authenticate hosts, not users “correct” packet when it arrives! • User completely unaware that IPsec is running • SSL must then close the connection… 7 8
Take home message… Overview • Best solution may involve changes at both the OS and IPSec = AH + ESP + IKE applications layers • The “best” solution is not to run SSL and IPsec! Protection for IP traffic Sets up keys and algorithms AH provides integrity and for AH and ESP origin authentication ESP also confidentiality • Would have been better to design system with security in mind from the beginning… • (Keep in mind for future systems…) 9 10 Security associations (SAs) AH vs. ESP • An SA is a crypto-protected connection • Authentication header (AH) • One SA in each direction… • Provides integrity only • At each end, the SA contains a key, the identity of the other • Encapsulating security payload (ESP) party, the sequence number, and crypto parameters • Provides encryption and/or integrity • IPsec header indicates which SA to use • Both provide cryptographic protection of everything beyond the • Parties will maintain a database of SAs for currently-open IP headers connections • AH additionally provides integrity protection of some fields of • Used both to send and receive packets the IP header 11 12
Transport vs. tunnel mode Transport vs. tunnel mode • Transport mode: add IPsec information between IP header and • Tunnel mode: keep original IP packet intact; add new header rest of packet information IP header IPSec header IP header TCP/UDP header + data • Most logical when IPsec used end-to-end • (gateway) (real dest) • Can be used when IPSec is applied at intermediate point IP header IPSec header TCP/UDP header + data (real dest) along path (e.g., for firewall-to-firewall traffic) • E.g., change source/destination info… • Results in slightly longer packet 13 14 Tunnel mode illustration More on AH • AH provides integrity protection on header • But some fields change en route ! • Only immutable fields are included in the integrity check Implements Implements IPSec IPSec • Mutable but predictable fields are also included in the integrity check • E.g., payload length • The final value of the field is used 15 16
More on AH vs. ESP The future of IPsec? • Recall that ESP provides encryption and/or authentication • In the long run, it seems that AH will become obsolete • So why do we need AH? • Better to encrypt everything anyway • AH also protects the IP header • No real need for AH • Export restrictions • Certain performance disadvantages • Firewalls need some high-level data to be unencrypted • AH is complex… • None of these are compelling… • Etc. • IPsec is still evolving 17 18
Recommend
More recommend