INTRODUCTION
Ipsec (IP security) is suite of protocols that provided security ate the network layer. Before entering Specific IPSec, do a few steps back and consider what it means to provide security layer of the network.
The layer of the network being able to provide some degree of certainty whether all data carried by all IP datagram were encrypted.
This means that whenever a host wants to send a datagram, it should encrypt the data field before sending the datagram in the network.
Obviously, being able to encrypt the entire datagram as well as the only field data, would allow for even greater security by hiding also information regarding the source and destination of the flow.
The data field maybe a UDP segment, an ICMP message, and so on. If this network service is available, all data sent the host would hidden to any third party to intercept the network.
In addition to privacy, you may wish that the layer of the network to provide authentication the source. In this case, when a host receives any IP datagram, it should authenticate “the sender” overseeing the effective match between the received packet and the sender Based on the above considerations we can say that allows the IPSec standard to provide the following service:
1. Data confidentiality (encryption);
2. Confidentiality of the parties actually involved in the flow of traffic;
3. Data integrity;
4. Sender authentication:
5. Protection against replay attacks.
To do this we need the following IPSec Protocols: AH (Autentication Header) and ESP (Encapsulating Security Payload). The AH protocol provides source authentication and data integrity but not confidentiality, the ESP provides data integrity, authentication and privacy. If the AH then in the case of ESP, before sending datagram “safe” on the channel, the source host and the destination, must first exchange the handshake, creating a logical connection on the network layer.
This logical channel is called the Security Association SA (Security Association).
Therefore the IPSec transforms traditional network layer “no connected oriented” of the internet, in a layer with connections logic.
An SA in unique identified by:
A security protocol identifier (AH or ESP);
The destination IP address for a connection simplex;
A 32-bit identifier of the connection, said security parameters index. For a given IPsec SA each datagram will have a special field for the SPI. In this field all datagram’s that SA will us the same SPI value.
For an efficient operation of IPSec, you need an automatic scale and pattern of SA for key management. To do this there are two main protocols used:
The internet protocol for managing security associations and keys ISAKMP .
ISAKMP provides two-stage bargaining: a first phase where the end–points of communication are authenticated and agree upon a set of functions encryption for data exchange (IKE SA), a second phase in which the exchange takes place real of their own SA (IPsec SA);
The protocol for Internet key exchange (IKE Internet Key Exchange) RFC 2409.
In the next chapters will go into detail about each of these features by trying to analyze how these have led IPSec to be considered the de facto standard for a “secure connectivity”.
SECURITY ASSOCIATION (RFC 2401)
IPSec can be used in two modes: transport and tunnel. In transport mode, the data related to the IPSec protocol are included in the IP datagram, including the IP header and the next higher (usually TCP or UDP). This type of solution may be necessary in case of end-to-end communications. In all other cases it is mandatory to use the tunnel mode. In this case the IP packet is incorporated in the IPSec to which, in turn, adds a new IP header containing the addresses of security gateways that are at both ends of the tunnel.
From this picture it becomes clear that the IP header fields are not absolutely protected in case of transport mode. To get the service referred to in paragraph 2 stated above, you must use tunnel mode. In the following sections we will see how it can make use of Security Association These modalities also trying to identify the possible real-world applications.
SA IN TRASPORT MODE
It is used in case of connection between two hosts. In the IPv4 header of the security protocol is immediately after the IP header and options, and before higher layer protocols (TCP or UDP).
In the event that is using ESP, a transport mode SA to provide security level protocols.
IP header or more but not all that precedes the ESP header. In the case of AH, the protection is also extended to selected portions of IP header and its extensions and / or options.
SA IN A TUNNEL MODE
You should always use when one of two extremes is a security gateway, to avoid (potential) problems related to fragmentation / reassembly of IPSec packets (see Appendix B for more depth), and in situations where there are multiple paths (after a gateway) to reach the same destination.
I can also use it in case of connection between two hosts.
For a tunnel mode SA, there is an external IP header, which specifies where the package will be processed by IPsec and an internal IP header, which specifies the final destination (apparently) 1 of package. The header of the security protocol is used between the two.
APPLICATION IPSEC
The Internet community has developed application-specific security mechanisms in numerous application areas, including electronic mail, network management (, Web access, and others. However, users have some security concerns that cut across protocol layers. By implementing security at the IP level, an organization can ensure secure networking not only for applications that have security mechanisms but also for the many security-ignorant applications.
IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
- Secure branch office connectivity over the Internet: A company can build a secure virtual private network over the Internet or over a public WAN. This enables a business to rely heavily on the Internet and reduce its need for private networks, saving costs and network management overhead.
- Secure remote access over the Internet: An end user whose system is equipped with IP security protocols can make a local call to an Internet Service Provider (ISP) and gain secure access to a company network. This reduces the cost of toll charges for traveling employees and telecommuters.
- Establishment of extranet and intranet connectivity with partners: IPSec can be used to secure communication with other organizations, ensuring authentication and confidentiality and providing a key exchange mechanism.
- Enhancement of electronic commerce security: Most efforts to date to secure electronic commerce on the Internet have relied upon securing Web traffic with SSL since that is commonly found in Web browsers and is easy to set up and run. There are new proposals that may utilize IPSec for electronic commerce.
The principal feature of IPSec that enables it to support these varied applications is that it can encrypt or authenticate all traffic at the IP level. Thus, all distributed applications, including remote logon, client/server, e-mail, file transfer, Web access, and so on, can be secured. Figure 1 shows a typical scenario of IPSec usage. An organization maintains LANs at dispersed locations. Traffic on each LAN does not need any special protection, but the devices on the LAN can be protected from the untrusted network with firewalls. Since we live in a distributed and mobile world, the people who need to access the services on each of the LANs may be at sites across the Internet. These people can use IPSec protocols to protect their access. These protocols can operate in networking devices, such as a router or firewall that connects each LAN to the outside world, or they may operate directly on the workstation or server. In the diagram, the user workstation can establish an IPSec tunnel with the network devices to protect all the subsequent sessions. After this tunnel is established, the workstation can have many different sessions with the devices behind these IPSec gateways. The packets going across the Internet will be protected by IPSec but will be delivered onto each LAN as a normal IP packet.
IPSec provides three main facilities: an authentication-only function, referred to as Authentication Header (AH), a combined authentication/ encryption function called Encapsulating Security Payload (ESP), and a key exchange function. For virtual private networks, both authentication and encryption are generally desired, because it is important both to (1) assure that unauthorized users do not penetrate the virtual private network and (2) assure that eavesdroppers on the Internet cannot read messages sent over the virtual private network. Because both features are generally desirable, most implementations are likely to use ESP rather than AH. The key exchange function allows for manual exchange of keys as well as an automated scheme. The IPSec specification is quite complex and covers numerous documents. The most important of these, issued in November 1998, are RFCs 2401, 2402, 2406, and 2408.
BENEFITS AND DISADVANTAGES IPSEC
In view of the surface at least seen so far would suggest that the IPSec technology is the solution to all security problems. So much so during the planning of this we expected a chapter list any flaws inherent in that technology. We were hoping not to discover truth in many “loopholes” and not write much about it. But some problems exist and are not negligible.
This does not mean that technology is “throw”, because each type of solution in security has a “downside”. But it is not advisable to rely solely on one tool considering that the solution should rather combine multiple instruments,
Synergy, looking for a level of security acceptable to the company policy.
But we begin to list the problems of IPsec, consider starting with the performance. The fact that IPsec uses an encryption algorithm to encrypt all traffic between a peer and one can only affect of the connection.
Each host or security gateway involved in the route (IPsec) between sender and recipient is obliged to consume resources in order to calculate the cryptographic algorithms used.
All this is partly solved by using external co–processor dedicated to cryptographic work.
However, given the increasingly urgent development of the hardware and the increasing availability of bandwidth, this does not seem to be the worse problem that plagues this technology.
COMPABILITILY BETWEEN IMPLEMENTATIONS
Another problem that should not be underestimated is the difficulty implementing the proposed standard by the IETF in a manner compatible. Unfortunately, despite the theoretical source in common (RFC 2401 etc..) correspond to different implementations of different vendors. Also because some parts of the RFC, since highly theoretical, they are still too questionable and subject to different interpretations. All this is the dissatisfaction of end effect that is too often the unfortunate situation will not come to communicate with each other implementations (eg Microsoft and Cisco IPSec IPsec are not fully compatible).
IPSec VULNERABILITY
The denial of service attack is the availability of information that is thrown by one or more locations (Distributed Denial of service) to a service can be used as a public web site.
The victim made up of one or more servers are bombarded with useless information, but still within the specification of the accepted incoming traffic.
Today, this type of attack is the most dreaded because hardly predictable.
For this second example of attack we wanted to insert a slide to clarify the concept. The purpose of the impostor in this case, C is intercept the traffic that flows regularly between two part A and B. First, the wrong do her “sniff” packets that travel over the network to discover the details of address. After that use this data to build the packages to be sent back to another and hoc peer ignorant of everything. The details of this technique outside the scope of this paragraph and they are not treated, it is important to understand how such an attack could be launched on a fully encrypted traffic such as IPsec.
The problem does not seem to relate to the suite in question we see that the first algorithm used in the installation of the IPsec connection is that of Diffie Hellman. It is just that the weak link in the chain. This algorithm provides the generation and exchange of a symmetric key. The two peers use, as it happens, just encrypt it for the first tunnel SA, one relating to the IKE negotiation. The man in the middle could intercept the symmetric key, decode the first tunnel, and then also intercept the encryption key of the second, one referring to IPsec, which as we pass sensitive information. At this point it is easy to understand how our criminal could at a stroke bring down the entire “castle” for IPsec.
CONCLUSION
In this report we have tried to illustrate one of the many tools offered to provide security to information systems in particular on a Internet protocol IP. It ‘important to emphasize that this should not be considered the ultimate tool and because, as we have seen, has defects, and because it alone without the help of other instruments, can not cover all the “holes” of security.
It is the “redundancy” so, the desirable feature for a secure system, because if this is true that “A chain is only as strong as is its weakest link“, it is also true that most chains use the easier it is to obtain a really tough.
BIBLIOGRAPHY AND REFERENCES
[1] Cisco Systems Inc. – Configuring Internet Key Exchange Security Protocol – retrieved November 2001.
[2] Cisco Systems Inc. – Configuring IPSec Network Security – July 1999.
[3] Rivest R, Shamir A., Adleman L. – A Method for Obtaining Digital Signatures and Public-Key Cryptosystems.
[4] Diffie W., Hellman M. – New Directions in Cryptography – IEEE Transaction of Information Theory, V. IT-22 n.6, June 1977.
[5] Khetan A., Wang C., Beadles M., French L., Vyncke E. – Use of GRE for routing support in IPSec VPNs
[6] Simpson W. A. – IKE/ISAKMP Considered Dangerous – June 1999
Internet Draft “draft-khetan-sp-greipsec-00.txt