Future of Internet Security - IPSec

{LANG_NAVORIGIN} Encryption IPSec
By: Bhajandeep Singh and Sh.Sanjeev Sofat, 01/26/2005



Abstract

Secure IP or IPSec is a standard that provides authentication, verification and encryption at the IP networking layer. This paper will describe the overview of IPSec, protocol and standards which apply to IPSec. This paper will also focus on the advantages of IPSec (network layer security) over security at other layers. This paper will analyze the various weaknesses that have been or could be identified within this powerful security protocol. There is also an attempt to show the IPSec/Quality of Security Service (QoSS) scenario. This powerful technology has many uses including virtual private networks(VPN) that stretch across global networks. This paper will also discuss the present status of IPSec and from here where it will go in the future.


I. IPSec Overview

IPSec is an internet engineering task force standard suite of protocol developed that provides data authentication, integrity and confidentiality as data is transferred between Communication points across input networks. IPSec provides data security at the packet level. It aids in having private data transmitted over public insecure networks without being interrupted in any sense.

IPSec contains ESP(Encapsulating Security Payload) that provides confidentiality, authentication, and integrity. ESP provides all encryption services. IPSec also contains AH(Authentication Header) that provides Authentication and integrity, which protect against data tampering and unauthorized retransmission of packets. The last component it has IKE (Internet Key Exchange) that provides key management and security association management.

IPSec has introduced the concept of security association(SA). A SA is a logical connection between two devices transferring data. A SA provides data protection for unidirectional traffic by using defined IPSec protocol.

IPSec Services
IPSec is designed to provide the following services at Network layer:

• Access control
• Connectionless integrity
• Origin authentication
• Replay protection
• Privacy/confidentiality

Of course the quality of these services depends upon the decision of the security administrator. IPSec is a tool, a powerful tool, but its effectiveness depends upon how it was implemented.

IPSec Protocol Suite
The IPSec services are provided by two traffic security protocols, the Authentication Header(AH) and the Encapsulation Security Payload(ESP). Additional other protocols are employed such as Key Management Protocol, which are not defined in the IPSec specification. AH and ESP are part of IPSec.

IPSec Authentication Header (AH)
IPSec AH provides connectionless integrity, data origin Authentication and anti-replay integrity. The later is optional and not enforced at the receiver’s end. Figure 1 depicts the IPSec AH header format. The “Next Header” field is of 8 bit size and specifies the type of the Transport protocol used in the upper layer. The “Payload Length” field is also an 8-bit size, and contains the IPSec Header length in words (32bit) minus 2 words, e.g. 3+3-2= 4, If authentication data is 3 words (96bits). The sender always transmits the “Sequence Number” field (32 bits), but the receiver might optionally act on it. Finally, the “Authentication Data” field, variable size, multiple of 32 bits, ICV for the attached packet (Including the AH header itself).“Reserved” bits Must Be Zero (MBZ). Other fields are Next Header Payload Length Reserved [32] (MBZ), Security Parameter Index (SPI) [32], Sequence Number field [32] and Authentication Data. The ICV is computed first at the transmitter by the use of a common authentication algorithm that is also known to the receiver. Then ICV is recomputed at the receiver and compared to match the received value for authentication integrity. ICV computation excludes non-predictable IP Header (IPH) fields like Time To Live (TTL), Flags, Type of Service (TOS), Fragment offset, Checksum, etc. If IP fragmentation occurs at the sender, it should be performed after AH processing. The IP reassembly should then be performed before AH processing at the receiver.

IPSec Encapsulating Security Payload (ESP)
Provides confidentiality(encryption), connectionless integrity(optional, not enforced at receiver end), data origin authentication(optional, not enforced at receiver end), and anti-replay integrity.

Figure 2. depicts the ESP header format. The “Next Header” field is exactly as in IPSec AH. The “Pad Length” contains the number of pad bytes inserted by the encryption algorithm. The “Sequence Number” field is used same way as in IPSec AH.

Finally, the “Authentication Data” field (variable size, multiple of 32 bits) contains ICV for the encapsulated packet and the ESP header/trailer (not including The authentication data itself.) The ICV computation steps are the same as in IPSec AH.

IPSec Technologies
IPSec combines several different security technologies into a complete system to provide confidentiality, integrity, and authenticity. In particular, IPSec uses:

• Diffie-Hellman key exchange for deriving key material between peers on a public network
• Public key cryptography for signing the Diffie-Hellman exchanges to guarantee the identity of the two parties and avoid man-in-the-middle attacks
• Encryption algorithms, such as DES,3DES for encrypting the data
• Keyed hash algorithms, such as HMAC, combined with traditional hash algorithms such as MD5 or SHA for providing packet authentication.
• Digital certificates signed by a certificate authority to act as digital ID cards.

IPSec Operation
The purpose of IPSec is to provide various services to traffic traveling between a source and a destination. The destination/source may be a router or a host. The services may be provided to all traffic or only to specific types of traffic.

There are different types of protection provided by IPSec and there are also different modes for IPSec to operate upon. IPSec may operate upon certain types of data while other data is transmitted on an unprotected path.

In terms of packet construction and TCP/IP stack IPSec is implemented at the network layer. The diagram below shows the location of the IPSec protocol in the stack. The arrows show the path of a packet traveling from Host A to Host B. Notice that Host B implements IPSec as a separate layer, whereas Host A and the Routers include IPSec as part of the Network layer. These are two different types of host implementation known as OS Integrated or bump in the Stack (BITS). There are drawbacks and advantages for both types of implementation; OS Integration can be difficult for external companies providing solutions to existing networks, however, OS Integration can make use of services in an existing network layer. IPSec physically interacts with the stack by modifying, encapsulating or inserting data into the IP Packet before it is passed to the Data Link Layer on the way out, and again modifying the packet before it is passed up to the Network or Transport Layer on the way in.

Operating Modes of IPSec
IPSec defines two types of operating modes:

Transport Mode: in the transport mode of IPSec operation, authentication is provided directly between a client and a server workstation. The workstation can be on the same network as the server or on a different network. As long as the workstation and server share a protected secret key authentication process and is secure.

AH in Transport Mode:


In Transport mode, only the Transport layer of the IP packet is transformed.

ESP in Transport Mode:


This transformation means authentication or encryption, or both. When AH is used in Transport mode the whole packet is authenticated but nothing is done to provide confidentiality.

Tunnel Mode: - In tunnel mode of IPSec operation a remote workstation authenticates itself to the corporate firewall. Either to the entire internal network or because the requested server does not support the authentication feature.

AH in Tunnel Mode:


ESP in Tunnel Mode:


In Tunnel Mode, the whole packet is processed including the IP header. Original IP source and destination addresses and other header components are protected by AH or ESP, and a new IP Header is inserted into the packet. The new IP source and destination addresses typically are those of the gateways. Based on the transformation method used, (AH or ESP), the whole packet is Either authenticated, encrypted or both.


II. IPSec vs. Other Layers Security:

IPSec differ from security provided at other layers of TCP/IP stack in following ways:

• Higher-level services protect a single protocol.
• Lower level services protect a single medium.

For example a pair of encryption boxes on the ends of a line makes wiretaps on that line unless the attacker is capable of breaking the encryption. IPSec however, can protect any protocol, running above IP and any medium, which IP runs over. It can protect a mixture of applications protocols running over a complex combination of media

• IPSec can provide some security services in the background with no impact on user.
• Layer 4-security protocol (SSL) develops something at user level without changing underlying OS. But layer3 means goal of IPSec is to develop something with in the OS and not required changes to the application so can provide security to diverse range of application protocols.

The philosophy behind IPSec is that if only the OS need to change, then by deploying an IPSec-enhanced OS all the application would automatically benefit from IPSec encryption and integrity protocol services.


III. Vulnerability of IPSec

IPSec protocols are an excellent step in the right direction for Internet security. If correctly implemented and configured, the protocol could provide E_business and organization like defense with ability to take advantage of speed and reach of internet without being as prone to the dangers of attack in an unpoliced environment.

So, where could possible vulnerability in IPSec lie?

Vulnerabilities in IPSec can be broken into following categories:

Vulnerability in IPSec Protocols
There are numerous scenarios and speculation in which the protocol defined for operation of IPSec can be challenged.

Cut-and-Paste Attack:
This attack will only be possible on two networks that use IPSec as a tunnel between the two routers that link the networks. There is also a requirement that the attacker has access to a second machine in each of the two networks.

The attack works by an attacker sniffing a legitimate encrypted packet from Host A to Host B. Attacker also sniffs a planned packet sent from Host C to Host D. Attacker copies encrypted data from Host A’s packet into a packet from Host C to Host D. Router B is tricked into decrypting Host A packet for Host B and sending it to Host D. This exploit is not as straightforward as it may appear, as there are some other requirements relating to the sequence numbers used in IPSec packets and ensuring that Host A genuine packets don’t reach Router B before the false packets do. IPSec includes various replay-attack protection methods that would make this attack a little more difficult to successfully carry out in a real world situation.

Session Hijacking:
Similar to the previous attack, Host C could have created packets that are intended to arrive at Host B as if they were sent from Host A. Instead of stealing Host A’s packet and asking Router B to decrypt it for Host D, Attacker now pastes Host C Data into Host A’s packet and it is decrypted by Router B and sent to Host B as though it came from Host A. These attacks are much more complicated to conduct in practice, as sequence numbers and other authentication issues must be overcome. Despite this, the attacks appear feasible.

So, these are the types of attacks which can occur due to the weaknesses found in IPSec protocols.

Vulnerabilities in Underlying Protocols or Host
The IPSec protocols rely on a number of underlying technologies to achieve encryption and authentication. The initial establishment of SA’s is also completed using Key Exchange methods defined by other protocols.

These Key Exchanges and communications designed to set up the parameters of an SA are themselves reliant on various forms of encryption and authentication. There is a requirement for the storage of keys and certificates on the local system.

Algorithms such as Diffe-Helman are used to establish shared secrets between two hosts over an untrusted link. Weakness or vulnerability’s in the specific methods for key exchange, in hashing or encryption algorithms could easily affect the security of IPSec. It is now widely accepted that the DES encryption algorithm is now susceptible to brute-force attacks (brute force attacks try to decrypt data by simply trying every possible key value) using readily available software and hardware. If the protection surrounding the SADB(Security Association Data Base) is broken, then every key and IPSec links set up using that database is easily obtainable. Even if there is a secure tunnel between hosts for a specific type of traffic, if the host itself is compromised from a separate unprotected connection, then all protected data will be available to the attacker. The sensible placement and monitoring of secure links created with IPSec is critical. IPSec is simply a tool and must be combined with other security measures such as Host Intrusion Detection Systems (HIDS), good key management, well-configured firewalls, and many others.

IPSec Can't be Secure if the System Can't
System security on an IPSec gateway machine is an essential requirement if IPSec is to function as designed. No system can be trusted if the underlying machine has been subverted.

IPSec is Not End-End
IPSec can’t provide the same end-end security as a system working at a higher level. IPSec encrypts an IP connection between two machines. That is quite different from encrypting messages between users or between applications.


IV. IPSec/Quality of Security Service:

For security to be a real part of QoS, security choices must be presented to the user and QoS mechanisms must be able to modulate related variables to provide predictable security service levels to those users.

The IPSec protocols themselves do not include an approach for managing the policies that control which host is allowed to establish SAs with other hosts or what kind of characteristics they have. So, by activating local policy for IPSec based upon the current selection of the network mode and security level, QoS can be provided. e.g. when we are in “Normal” mode and “low” security level, we apply no IPSec processing to finger traffic, and we encrypt telnet traffic with DES. and if we change security level to “high” the subsequent traffic authenticated with SHA and encrypted with AES. Other things could change as a result of our selection: the set of hosts we are willing to communicate using IPSec, the SA lifetimes, the key length of variable key-size, variable round algorithm.

Currently we have predefined sets of alternate local security policies that describe the characteristics we want our SAs to have for each <network mode, security level> pair. And we activate proper selection through one of our programs.

Work is going on to identify an architecture that would allow the trust management system and/or the automated daemon to automatically be notified of changes to QoSS, parameter like network mode, and security level, and also to adjust properly the SA characteristics they are willing to negotiate.


V. IPSec Future

Where do we go from here? IPV6 has been designed with IPSec at its center. Hopefully, this will create a more secure protocol by engineering IPV6 with IPSec built-in.(rather than retroactively applying it in the case of IPv4. Research work related to IPSec has been around and is providing secure IPSec-VPN solutions, but the future demands much more flexibility, scalability, and compatibility like with NAT from this security protocol.. New implementation should have inbuilt intrusion detection and prevention capability also, so that a single secure centralized system can provide the entire feature to secure a network from any sort of attacks. There should also be an efficient compression technique to be used with encryption techniques so as to improve path MTU of IPSec protocols.

Since IPSec depends upon some other protocols like key management protocols for implementing security associations (SA), encryption algorithms like DES for encrypting IP traffic etc.

So to avoid any sort of weaknesses in IPSec, the performance analysis of these algorithms is a must, so as to implement flexible IPSec product with the highest level of protection.


VI. Conclusion

IPSec is an excellent set of protocols, developed out of significant work and collaboration from within the networking security community. IPSec at the network layer has certain advantages over other security layers but there are vulnerabilities in this powerful security tool. These weaknesses can be in the IPSec protocol suite or can be in underlying protocols. It can be avoided by having a comparative study of other technologies implemented within IPSec and choosing the best of them. There are further recommendations for implementing IPV6-IPSec while concerning things like IPSec/QoSS (Quality of Security Service), data compression with IPSec encryption and authentication for fast secure network transactions.


References

[1] S.Kent, and R.Atkinson, IP Authentication Header, IETF RFC 2402,1998.
[2] S.Kent, and R.Atkinson, IP Encapsulating Security Payload, IETF RFC 2406, 1998.
[3] S.Kent, and R.Atkinson, Security Architecture for the Internet protocol, IETF RFC 2401,1998.
[4] Naganand,Doraswamy and Harkins, The New Security Standard for Internet, Intranet and Virtual Private Network, New Jersey: prentice Hall, Inc.
[5]ICSALABS URL:http://www.icsalabs.com (13 March 2002).
[6]O.Elkeelany, M. M. Matalgah, K. P. Sheikh, M. Thaker, G. Choudry, D.Medhi, J.Qaddour, performace analysis of IPSec protocol: Encryption and Authentication, computer communication, IEEE 2002.
[7]Cisco System White Paper-IPSec. URL: http://www.cisco.com/warp/public/cc/so/neso/sqso/ipsec_w p.htm
[8] Cynthia Irvine, Tim Levin, Evie Spyropoulou and Bruce Allen, Security As a Dimension of Quality of service in Active Service Environments, computer communication, IEEE 2002.
[9] Daniel Clark, Vulnerability’s of IPSec: A discussion of possible weaknesses in IPSec implementation and protocols ,version 1.3,SANS institute 2002.
[10] Christopher Smith, IPSec’s role in Network Security: Past, Present, Future, version 1.2f SANS institute 2001.
[11]Uyles Black, Internet Security Protocols :Protecting IP traffic, Pearson Education Asia, 1st Edition 2001.
[12] William Stallings, Network Security Essential: Protocol and Standard Pearson Education Asia,1st Edition 2001.
[13]John P.Mcgregor and Ruby B. Lee, Performance impact Of Data Compression on Virtual Private Network Transactions, Computer Communication, IEEE 2000.
[14]Linux IPSec/Free Swan Web Site: http://www.xs4all.nl/~freeswan/
[15]Szalay, Mate, ”A Special Attack Against IPSec”, Helsinki University Of Technology, March2002. URL: http://www.hut.fi/~mszalay/essay.html/

E-Mail Link

Your IP address will be sent with this e-mail

From e-mail to e-mail