A Virtual Private Network Breakdown: Paper 2.
IPSec At A Glance
Author: Enigma (enigma@fatelabs.com)
www.fatelabs.com


Table of Contents
  1. Introduction
  2. IPSec Background
  3. Understanding What IPSec Is
  4. Why IPSec Is Required
  5. IPSec Technologies
  6. Details Of IPSec
  7. IPSec Packets Explained
  8. IPSec Modes Of Operation
  9. Security Association
  10. Understanding the Internet Key Management Protocol
  11. Using IKE and IPSec Together
  12. Conclusion

Introduction
This paper was written to educate the average reader on several issues and the technology behind Internet Protocol Security. This paper is the second in a series of papers that will cover a spectrum of VPN issues and technology pertaining to them. In this issue the reader will be educated on the fundamentals of IPSec.

IPSec Background
IPSec was developed by an organization of network designers, operators, vendors, and researchers, called the Internet Engineering Task Force. The IETE developed IPSec to increase the security of data in networking by giving authentication and encryption to IP packets. They did this by developing a protocol that used the power of IP and extended it by providing encryption and authentication services at the IP level of the network protocol stack

Understanding What IPSec Is
IPSec is a security standard defined by the IETF for IP network layer security. IPSec allows for end-to-end encryption and authentication making TCP/IP communications more secure in both public and private networks. IPSec can be used to secure communications across a LAN, but its initial use is to enable secure communications across public networks (Internet, Frame Relay) and private networks (VPN’s).

Why IPSec Is Required
The Internet is used as a gateway to a digital world. It has changed the way people interact and do business. Although the Internet provides freedoms and ease it doesn’t come without a risk of some sort. Without proper controls, most dada is a risk and vulnerable to several attacks. Some of these attacks are:

  1. Loss of Privacy
  2. Lost of Data Integrity
  3. Identity Spoofing
  4. Denial-of-service

Loss of Privacy
An intruder can observe the data flowing through a network or across the Internet in a variety of ways using certain tools. This attack makes transactions and business data vulnerable. Intruders and attackers install packet sniffers on root-compromised systems. The sniffers allow them to gain information on account names and passwords, then replacing common files with Trojans. Any untrained person who wishes to break into a system can use these programs.

Loss of data Integrity
It is important that the documents and data that you send at one end of a system is the same as the other end of the system. For example, it might not matter that people on the network view routine business documents, but it is important that they are not changed on the way to the destination.

Identity Spoofing
An intruder trying to access permissions behind a firewall could do several things to penetrate the network. One of these the easiest ways is to impersonate someone and access confidential information on the network. Today systems rely on IP addresses to identify users, system can be easily be compromised by IP spoofing.

Denial-Of-Service
When an organization takes advantage of the Internet they should take the proper precautions to make sure that their system are available. The TCP/IP protocol suite can allow attackers to cause computers to crash repeatedly. These attacks can mean lost time, data, and profits for companies and organizations.

IPSec Technologies
IPSec combines several security technologies into one system that can be used easily to ensure network security. In particular IPSec uses the following:

  1. Bulk encryption algorithms, such as DES for encrypting the data
  2. Public key encryption for signing the Diffie-Hellman Exchanges to guarantee the identity of the two parties and avoid the man-in-the-middle attacks
  3. Diffie-Hellman exchange for deriving key material between peers on a public network
  4. Keyed hash algorithms, such as HMAC, combined with traditional hash algorithms
  5. Md5 or SHA for packet authentication
  6. Digital certificates signed by a certificate authority to act as digital ID cards

Details Of IPSec
IPSec combines the several security technologies into a complete system that provides confidentiality, integrity, and authenticity of IP datagrams. IPSec actually refers to several related protocol standards these standards include:

IP Security Protocol, which uses the information to add to an IP packet to enable confidentiality, integrity, and authenticity controls (Authentications Headers) as well as defining how to encrypt the packet data. This ensures that the information sent in the packet is kept private during the transitions.

Internet Key Exchange, which negotiates the security association between two entities and exchanges key material so data can be encrypted and decrypted by the people with privileges to the data. It is not necessary to use IKE, but manually configuring security associations is a difficult and manually intensive process. IKE should be used in most applications to enable secure communications.

IPSec Packets Explained
With all IP packets transferred through a network a header is attached to the packet to ensure that the packet reaches its final destination. IPSec introduced an new set of headers to be added to the IP datagrams. The new headers are placed after the IP header, and before the Layer 4 protocol (TCP or UDP). The new headers contain information that is udes for securing the payload of the IP packets. They are as follows:

Authentication header (AH)
This header is added to an IP datagram, it ensures the integrity and authenticity of the data. It does not provide confidentiality protection. AH uses a keyed-hash function rather than digital signatures, because digital signature technology is too slow and would greatly reduce network throughput.

Encapsulating security payload (ESP)
This header, when added to an IP datagram, protects the confidentiality, integrity, and authenticity of the data. If ESP is used to validate data integrity, it does not include the invariant fields in the IP header.

AH and ESP can be used independently or together, although for most applications just one of them is sufficient. For both of these protocols, IPSec does not define the specific security algorithms to use, but rather, provides an open framework for implementing industry-standard algorithms.

IPSec Modes Of Operation
IPSec provides two modes of operation, they are: Transport mode and Tunnel mode.

In transport mode, only the IP payload is encrypted, and the original IP headers are left intact. This mode has the advantage of adding only a few bytes to each packet decreasing the overall size of the packet being transmitted. It also allows devices on the public network to see the final source and destination of the packet. This capability allows you to enable special processing in the intermediate network based on the information in the IP header. An example of this would be quality of service. However, the Layer 4 header will be encrypted, limiting the examination of the packet. Unfortunately, by passing the IP header in the clear, transport mode allows an attacker to perform some traffic analysis. For example, an attacker could see when a user on the network sent a lot of packets to another user. However, the attacker would only know that IP packets were sent; the attacker would not be able to determine if they were files, e-mail, or another application.

In tunnel mode, the entire original IP datagram is encrypted, and it becomes the payload in a new IP packet. This mode allows a network device, to act as an IPSec proxy. That way, the network device performs encryption on behalf of the hosts. The source's network device encrypts packets and forwards them along the IPSec tunnel. The destination's network device decrypts the original IP datagram and forwards it on to the destination system. The major advantage of tunnel mode is that the end systems do not need to be modified to enjoy the benefits of IP Security. Tunnel mode also protects against traffic analysis. With tunnel mode, an attacker can only determine the tunnel endpoints and not the true source and destination of the tunneled packets, even if they are the same as the tunnel endpoints. This secures the information about the network as well as the data being sent along it.

Security Association
IPSec provides several ways of providing network encryptions and authentication. Each connections made with IPSec can provide integrity and authenticity, encryption or combinations of both. Once the security services are determined the two nodes that are connecting to each other on the network need to determine which encryption algorithms to use. The next stem is for the two nodes to determine what session key to use. These steps show how much information is actually being used within the connection, it’s a lot of information to manage. The security association is the method that IPSec uses to track all the particulars concerning a given IPSec communication session. A Security Association (SA) is a relationship between two or more entities that describes how the entities will use security services to communicate securely.

The security association is unidirectional, meaning that for each pair of communicating systems there are at least two security connections one from A to B and one from B to A. The security association is identified by a randomly chosen unique number called the security parameter index (SPI), and the destination IP address. When a system sends a packet that requires IPSec protection, it looks up the security association in its database then applies the specified processing, and then inserts the SPI from the security association into the IPSec header. When the IPSec peer receives the packet, it looks up the security association in its database by destination address and SPI and then processes the packet as required.

Understanding The Internet Key Management Protocol
IPSec provides the packet-level processing, while the Internet Key Management Protocol (IKMP) negotiates security associations. IKE creates an authenticated, secure tunnel between two entities and then negotiates the security association for IPSec. This process requires that the two entities authenticate themselves to each other and establish shared keys.

Authentication
Both nodes on the network must be authenticated to each other. IKE is very flexible and supports multiple authentication methods. The two nodes must agree on a common authentication protocol through a negotiation process. At this time, the following mechanisms are generally implemented:

  1. Pre-shared keys—The same key is pre-installed on each host. IKE peers authenticate each other by computing and sending a keyed hash of data that includes the pre-shared key. If the receiving peer is able to create the same hash using its pre-shared key, it knows that both parties must share the same secret, thus authenticating the other party.
  2. Digital signature—Each device digitally signs a set of data and sends it to the other party. This method is similar to the next one, except that it provides non-repudiation.
  3. Public key cryptography—Each party generates a pseudo-random number and encrypts it in the other party's public key. The ability for each party to compute a keyed hash containing the other peer's nonce, decrypted with the local private key as well as other publicly and privately available information, authenticates the parties to each other. This system provides for deniable transactions. That way, either side of the exchange can deny that it took part in the exchange.
Key Exchange
Both parties must have a shared session key in order to encrypt the IKE tunnel. The Diffie-Hellman protocol is used to agree on a common session key. The exchange is authenticated as described above. This process guards against "man-in-the-middle" attacks.

Using IKE and IPSec Together
The two steps provided above (Authentication and Key Exchange), create a IKE SA, or a secure tunnel between two devices. One side of the tunnel offers a set of algorithms, and the other side must then accept one of the offers or reject the entire connection. When the two sides have agreed on which algorithms to use, they must derive key material to use for IPSec with AH, ESP, or both together. IPSec uses a different shared key than IKE. The IPSec shared key can be derived by using Diffie-Hellman again to ensure perfect forward secrecy, or by refreshing the shared secret derived from the original Diffie-Hellman exchange that generated the IKE SA by hashing it with pseudo-random numbers (nonces). The first method provides greater security but is slower. After this is complete, the IPSec SA is established.

Conclusion
IP Security Protocol is a standard based method to provide privacy, integrity and authenticity to information transfer across IP networks. The Internet poses many threats, which include loss of privacy, loss of data integrity, identity spoofing and denial-of-service. The objective of IPSec is to deal with all these threats in the network infrastructure itself, without the host and applications undergoing expensive modifications. IPSec works with IP network-layer encryption. The standards define several new packet formats consisting of the authentication header (AH) to provide data integrity and the encapsulating security payload (ESP) to provide confidentiality and data integrity. Key management and security associations, the IPSec parameters between two devices are negotiated with the Internet Key exchange. To enable large encryption networks by device authentication IKE uses digital certificates without the support of which IPSec solutions would not scale to the Internet.