cry

Discussion

SUBJECT: Cryptography

DISCUSSION

Find attached PPT as reference.

After reading chapter 20, analyze how a VPN is used for telework and how it helps to keep data safe .

Make sure to cover 300 words and 2 references.

Stallings_8e_Accessibl

e_fullppt_20

Cryptography and Network Security:
Principles and Practice
Eighth Edition
Chapter 20
IP Security
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
IP Security Overview
• RFC 1636
– “Security in the Internet Architecture”
– Issued in 1994 by the Internet Architecture Board (I A B)
– Identifies key areas for security mechanisms
▪ Need to secure the network infrastructure from
unauthorized monitoring and control of network traffic
▪ Need to secure end-user-to-end-user traffic using
authentication and encryption mechanisms
– I A B included authentication and encryption as necessary
security features in the next generation I P (I P v 6)
▪ The IPsec specification now exists as a set of Internet
standards

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
IPsec Documents (1 of 2)
• IPsec Documents
– Architecture
▪ Covers the general concepts, security requirements,
definitions, and mechanisms defining IPsec technology
▪ The current specification is RFC4301, Security Architecture for
the Internet Protocol
– Authentication Header (AH)
▪ An extension header to provide message authentication
▪ The current specification is RFC 4302, IP Authentication
Header
– Encapsulating Security Payload (ESP)
▪ Consists of an encapsulating header and trailer used to
provide encryption or combined encryption/authentication
▪ The current specification is RFC 4303, IP Encapsulating
Security Payload (ESP)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
IPsec Documents (2 of 2)
– Internet Key Exchange (IKE)
▪ A collection of documents describing the key management
schemes for use with IPsec
▪ The main specification is RFC 7296, Internet Key Exchange
(IKEv2) Protocol, but there are a number of related RFCs
– Cryptographic algorithms
▪ This category encompasses a large set of documents that
define and describe cryptographic algorithms for encryption,
message authentication, pseudorandom functions (PRFs), and
cryptographic key exchange
– Other
▪ There are a variety of other IPsec-related RFCs, including
those dealing with security policy and management information
base (MIB) content

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Applications of IPsec
• IPsec provides the capability to secure communications across
a L A N, private and public W A N s, and the Internet
• Examples include:
– Secure branch office connectivity over the Internet
– Secure remote access over the Internet
– Establishing extranet and intranet connectivity with partners
– Enhancing electronic commerce security
• Principal feature of I Psec is that it can encrypt and/or
authenticate all traffic at the I P level
– Thus all distributed applications (remote logon, client/server,
e-mail, file transfer, Web access) can be secured

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
I Psec Services
• IPsec provides security services at the IP layer by enabling a system to:
– Select required security protocols
– Determine the algorithm(s) to use for the service(s)
– Put in place any cryptographic keys required to provide the requested
services
• RFC 4301 lists the following services:
– Access control
– Connectionless integrity
– Data origin authentication
– Rejection of replayed packets (a form of partial sequence integrity)
– Confidentiality (encryption)
– Limited traffic flow confidentiality

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.1 IPsec Architecture

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Security Association (S A)
• A one-way logical connection between a sender and a receiver that affords
security services to the traffic carried on it
• In any I P packet, the S A is uniquely identified by the Destination Address in the
I P v 4 or I P v 6 header and the S P I in the enclosed extension header (A H or E S
P)
Uniquely identified by three parameters:
• Security Parameters Index (SPI)
– A 32-bit unsigned integer assigned to this SA and having local
significance only
• IP Destination Address
– Address of the destination endpoint of the SA, which may be an end-user
system or a network system such as a firewall or router
• Security protocol identifier
– Indicates whether the association is an AH or ESP security association

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Security Association Database (S A D)
• Defines the parameters associated with each S A
• Normally defined by the following parameters in a S A D entry:
– Security parameter index
– Sequence number counter
– Sequence counter overflow
– Anti-replay window
– A H information
– E S P information
– Lifetime of this security association
– I Psec protocol mode
– Path M T U

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Security Policy Database (S P D)
• The means by which I P traffic is related to specific S A s
– Contains entries, each of which defines a subset of I P
traffic and points to an S A for that traffic
• In more complex environments, there may be multiple
entries that potentially relate to a single S A or multiple SAs
associated with a single S P D entry
– Each S P D entry is defined by a set of I P and upper-
layer protocol field values called selectors
– These are used to filter outgoing traffic in order to map
it into a particular S A

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
SPD Entries (1 of 2)
• The following selectors determine an SPD entry:
• Remote IP address
– This may be a single IP address, an enumerated list or
range of addresses, or a wildcard (mask) address
– The latter two are required to support more than one
destination system sharing the same SA
• Local IP address
– This may be a single IP address, an enumerated list or
range of addresses, or a wildcard (mask) address
– The latter two are required to support more than one
source system sharing the same SA

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
SPD Entries (2 of 2)
• Next layer protocol
– The IP protocol header includes a field that designates
the protocol operating over IP
• Name
– A user identifier from the operating system
– Not a field in the IP or upper-layer headers but is
available if IPsec is running on the same operating
system as the user
• Local and remote ports
– These may be individual TCP or UDP port values, an
enumerated list of ports, or a wildcard port

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 20.1 Host S P D Example
Protocol Local IP Port Remote IP Port Action Comment
UDP 1.2.3.101 500 * 500 BYPASS IKE
ICMP 1.2.3.101 * * * BYPASS Error
messages
* 1.2.3.101 * 1.2.3.0/24 * PROTECT: ESP
intransport-mode
Encrypt
intranet
traffic
TCP 1.2.3.101 * 1.2.4.10 80 PROTECT: ESP
intransport-mode
Encrypt to
server
TCP 1.2.3.101 * 1.2.4.10 443 BYPASS TLS: avoid
double
encryption
* 1.2.3.101 * 1.2.4.0/24 * DISCARD Others in
DMZ
* 1.2.3.101 * * * BYPASS Internet

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.2 Processing Model for
Outbound Packets

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.3 Processing Model for
Inbound Packets

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.4 E S P Packet Format

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Encapsulating Security Payload (E S P) (1 of 2)
• Used to encrypt the Payload Data, Padding, Pad Length, and
Next Header fields
– If the algorithm requires cryptographic synchronization data
then these data may be carried explicitly at the beginning of
the Payload Data field
• An optional I C V field is present only if the integrity service is
selected and is provided by either a separate integrity algorithm
or a combined mode algorithm that uses an I C V
– I C V is computed after the encryption is performed
– This order of processing facilitates reducing the impact of
DoS attacks
– Because the I C V is not protected by encryption, a keyed
integrity algorithm must be employed to compute the I C V

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Encapsulating Security Payload (E S P) (2 of 2)
• The Padding field serves several purposes:
– If an encryption algorithm requires the plaintext to be a
multiple of some number of bytes, the Padding field is
used to expand the plaintext to the required length
– Used to assure alignment of Pad Length and Next
Header fields
– Additional padding may be added to provide partial
traffic-flow confidentiality by concealing the actual
length of the payload

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.5 Anti-replay Mechanism

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.6 Scope of ESP Encryption
and Authentication

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.7 End-to-end IPsec
Transport-Mode Encryption

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Transport Mode (1 of 2)
• Transport mode operation may be summarized as follows:
– At the source, the block of data consisting of the E S P trailer
plus the entire transport-layer segment is encrypted and the
plaintext of this block is replaced with its ciphertext to form
the I P packet for transmission. Authentication is added if this
option is selected
– The packet is then routed to the destination. Each
intermediate router needs to examine and process the I P
header plus any plaintext I P extension headers but does not
need to examine the ciphertext
– The destination node examines and processes the I P
header plus any plaintext I P extension headers. Then, on
the basis of the S P I in the E S P header, the destination node
decrypts the remainder of the packet to recover the plaintext
transport-layer segment

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Transport Mode (2 of 2)
• Transport mode operation provides confidentiality for any
application that uses it, thus avoiding the need to
implement confidentiality in every individual application
• One drawback to this mode is that it is possible to do traffic
analysis on the transmitted packets

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Tunnel Mode (1 of 3)
• Tunnel mode provides protection to the I P packet
– To achieve this, after the A H or E S P fields are added
to the I P packet, the entire packet plus security fields is
treated as the payload of new outer I P packet with a
new outer I P header
– The entire original, inner, packet travels through a
tunnel from one point of an I P network to another; no
routers along the way are able to examine the inner I P
header
– Because the original packet is encapsulated, the new,
larger packet may have totally different source and
destination addresses, adding to the security

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Tunnel Mode (2 of 3)
– Tunnel mode is used when one or both ends of a
security association (S A) are a security gateway, such
as a firewall or router that implements I Psec
– With tunnel mode, a number of hosts on networks
behind firewalls may engage in secure communications
without implementing IPsec
– The unprotected packets generated by such hosts are
tunneled through external networks by tunnel mode S
As set up by the IPsec software in the firewall or
secure router at the boundary of the local network

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Tunnel Mode (3 of 3)
• Tunnel mode is useful in a configuration that includes a
firewall or other sort of security gateway that protects a
trusted network from external networks
• Encryption occurs only between an external host and the
security gateway or between two security gateways
– This relieves hosts on the internal network of the
processing burden of encryption and simplifies the key
distribution task by reducing the number of needed
keys
– It thwarts traffic analysis based on ultimate destination

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
V P N
• Tunnel mode can be used to implement a secure virtual private
network
– A virtual private network (V P N) is a private network that is
configured within a public network in order to take advantage of
the economies of scale and management facilities of large
networks
▪ V P N s are widely used by enterprises to create wide area
networks that span large geographic areas, to provide site-to-
site connections to branch offices, and to allow mobile users to
dial up their company L A N s
▪ The pubic network facility is shared by many customers, with
the traffic of each customer segregated from other traffic
▪ Traffic designated as V P N traffic can only go from a V P N
source to a destination in the same V P N
▪ It is often the case that encryption and authentication facilities
are provided for the V P N

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.8 Example of Virtual Private
Network Implemented with IPsec
Tunnel Mode

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 20.2 Tunnel Mode and
Transport Mode Functionality
Blank Transport Mode S A Tunnel Mode S A
A H Authenticates I P payload
and selected portions of I P
header and IPv6 extension
headers.
Authenticates entire inner I P
packet (inner header plus I P
payload) plus selected
portions of outer I P header
and outer I P v 6 extension
headers.
E S P Encrypts I P payload and any
IPv6 extension headers
following the ESP header.
Encrypts entire inner I P
packet.
E S P with
Authentication
Encrypts I P payload and any
IPv6 extension headers
following the E S P header.
Authenticates I P payload but
not I P header.
Encrypts entire inner I P
packet. Authenticates inner I P
packet.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.9 Protocol Operation for E S P

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Combining Security Associations
• An individual SA can implement either the AH or ESP protocol but not both
• Security association bundle
– Refers to a sequence of SAs through which traffic must be processed to
provide a desired set of IPsec services
– The SAs in a bundle may terminate at different endpoints or at the same
endpoint
• May be combined into bundles in two ways:
• Transport adjacency
– Refers to applying more than one security protocol to the same IP packet
without invoking tunneling
– This approach allows for only one level of combination
• Iterated tunneling
– Refers to the application of multiple layers of security protocols effected
through IP tunneling
– This approach allows for multiple levels of nesting

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
E S P with Authentication Option
• In this approach, the first user applies E S P to the data to be
protected and then appends the authentication data field
• Transport mode E S P
– Authentication and encryption apply to the I P payload
delivered to the host, but the I P header is not protected
• Tunnel mode E S P
– Authentication applies to the entire I P packet delivered to
the outer I P destination address and authentication is
performed at that destination
– The entire inner I P packet is protected by the privacy
mechanism for delivery to the inner I P destination
• For both cases authentication applies to the ciphertext rather
than the plaintext

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Transport Adjacency
• Another way to apply authentication after encryption is to use
two bundled transport S A s, with the inner being an E S P S A and
the outer being an A H S A
– In this case E S P is used without its authentication option
– Encryption is applied to the I P payload
– A H is then applied in transport mode
– Advantage of this approach is that the authentication covers
more fields
– Disadvantage is the overhead of two S A s versus one S A

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Transport-Tunnel Bundle
• The use of authentication prior to encryption might be preferable
for several reasons:
– It is impossible for anyone to intercept the message and
alter the authentication data without detection
– It may be desirable to store the authentication information
with the message at the destination for later reference
• One approach is to use a bundle consisting of an inner A H
transport S A and an outer E S P tunnel S A
– Authentication is applied to the I P payload plus the I P
header
– The resulting I P packet is then processed in tunnel mode by
E S P
▪ The result is that the entire authenticated inner packet is
encrypted and a new outer I P header is added

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.10 Basic Combinations of
Security Associations

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Internet Key Exchange
• The key management portion of I Psec involves the determination and
distribution of secret keys
– A typical requirement is four keys for communication between two
applications
▪ Transmit and receive pairs for both integrity and confidentiality
• The I Psec Architecture document mandates support for two types of
key management:
• Manual
– A system administrator manually configures each system with its
own keys and with the keys of other communicating systems
– This is practical for small, relatively static environments
• Automated
– Enables the on-demand creation of keys for S A s and facilitates the
use of keys in a large distributed system with an evolving
configuration

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
I S A K M P/Oakley
• The default automated key management protocol of IPsec
• Consists of:
– Oakley Key Determination Protocol
▪ A key exchange protocol based on the Diffie-Hellman
algorithm but providing added security
▪ Generic in that it does not dictate specific formats
– Internet Security Association and Key Management Protocol
(I S A K M P)
▪ Provides a framework for Internet key management and
provides the specific protocol support, including formats,
for negotiation of security attributes
▪ Consists of a set of message types that enable the use
of a variety of key exchange algorithms

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Features of I K E Key Determination
• Algorithm is characterized by five important features:
1.
– It employs a mechanism known as cookies to thwart clogging
attacks
2.
– It enables the two parties to negotiate a group; this, in essence,
specifies the global parameters of the Diffie-Hellman key
exchange
3.
– It uses nonces to ensure against replay attacks
4.
– It enables the exchange of Diffie-Hellman public key values
5.
– It authenticates the Diffie-Hellman exchange to thwart man-in-the-
middle-attacks

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.11 IKEv2 Exchanges

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 20.12 I K E Formats

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 20.3 IKE Payload Types
Type Parameters
Security Association Proposals
Key Exchange DH Group #, Key Exchange Data
Identification ID Type, ID Data
Certificate Cert Encoding, Certificate Data
Certificate Request Cert Encoding, Certification Authority
Authentication Auth Method, Authentication Data
Nonce Nonce Data
Notify Protocol-ID, SPI Size, Notify Message Type, SPI, Notification Data
Delete Protocol-ID, SPI Size, # of SPIs, SPI (one or more)
Vendor ID Vendor ID
Traffic Selector Number of TSs, Traffic Selectors
Encrypted IV, Encrypted IKE payloads, Padding, Pad Length, ICV
Configuration CFG Type, Configuration Attributes
Extensible Authentication
Protocol
EAP Message

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Summary
• Present an overview of I P security (I Psec)
• Explain the difference between transport mode and tunnel mode
• Understand the concept of security association
• Explain the difference between the security association database and
the security policy database
• Present an overview of Encapsulating Security Payload
• Summarize the traffic processing functions performed by I Psec for out-
bound packets and for inbound packets
• Discuss the alternatives for combining security associations
• Present an overview of Internet Key Exchange
• Summarize the alternative cryptographic suites approved for use with
IPsec

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright
This work is protected by United States copyright laws and is
provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or sale of
any part of this work (including on the World Wide Web) will
destroy the integrity of the work and is not permitted. The work
and materials from it should never be made available to students
except by instructors using the accompanying text in their
classes. All recipients of this work are expected to abide by these
restrictions and to honor the intended pedagogical purposes and
the needs of other instructors who rely on these materials.