CNS Unit-6
CNS Unit-6
UNIT - VII
IP SECURITY: IP SECURITY OVERVIEW, IP SECURITY ARCHITECTURE, AUTHENTICATION HEADER,
ENCAPSULATING SECURITY PAYLOAD, COMBINING SECURITY ASSOCIATIONS AND KEY MANAGEMENT.
INTRUSION DETECTION: OVERVIEW, APPROACHES FOR IDS/IPS, SIGNATURE BASED IDS, HOST BASED
IDS/IPS (TEXT BOOK 2)
IP SECURITY OVERVIEW:
The main feature of IPSec is IP level security by encrypting and/or authenticate all traffic at
the IP level.
The following figure shows is a typical scenario of IPSec usage. An organization maintains
LANs at dispersed locations. The IPSec networking device will typically encrypt and compress
all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN;
these operations are transparent to workstations and servers on the LAN. Secure
transmission is also possible with individual users who dial into the WAN. Such user
workstations must implement the IPSec protocols to provide security.
AMRN ::1::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
IPSec Documents
IPSec specifications are described in various documents. Few important documents
and specifications are described in the following table.
S. No. Documents Specifications
1. RFC 2401 An overview of a security architecture
2. RFC 2402 Description of a packet authentication extension to IPv4 and
IPv6
3. RFC 2406 Description of a packet encryption extension to IPv4 and
IPv6
4. RFC 2408 Specification of key management capabilities
AMRN ::2::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
IP Sec Services
IPSec provides security services at the IP layer by selecting required security protocols,
algorithm(s) and cryptographic keys as per the services requested.
The services provided by these protocols are:
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets (a form of partial sequence integrity)
Confidentiality (encryption)
Limited traffic flow confidentiality
AMRN ::3::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
Security Parameter Index (SPI): SPI is a string of bit assigned to this SA and has local
significance only. SPI is located in AH and ESP headers. SPI enables the receiving system
under which packet is to be processed.
IP Destination Address: It is the end point address of SA, which can be end user system
or a network system (firewall/router)
SA Parameters
A Security Association is normally defined by the following parameters:
Sequence Number Counter: It is a 32-bit value that indicates the Sequence
Number field in AH or ESP headers.
Sequence Counter Overflow: Sequence Counter overflow is a flag used to indicate
whether overflow of the Sequence Number Counter should generate an auditable
event and prevent further transmission of packets on SA (required for all
implementations).
Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is
a replay.
AH Information: Authentication algorithm, keys, key lifetimes, and related
parameters being used with AH (required for AH implementations).
ESP Information: Encryption and authentication algorithm, keys, initialization
values, key lifetimes, and related parameters being used with ESP (required for ESP
implementations).
IPSec Protocol Mode: Tunnel, transport, or wildcard (required for all
implementations).
Path (MTU) Maximum Transmission Unit: Any observed path maximum
transmission unit (maximum size of a packet that can be transmitted without
fragmentation) and aging variables (required for all implementations).
AMRN ::4::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
AMRN ::5::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
ESP Format
The following figure shows the format of an ESP packet. It contains the following fields:
Security Parameters Index (32 bits): Identifies a security association.
Sequence Number (32 bits): A monotonically increasing counter value; this
provides an anti-replay function, as discussed for AH.
Payload Data (variable): This is a transport-level segment (transport mode) or IP
packet (tunnel mode) that is protected by encryption.
Padding (0255 bytes): The purpose of this field is discussed later.
Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this
field.
Next Header (8 bits): Identifies the type of data contained in the payload data
field by identifying the first header in that payload (for example, an extension header
in IPv6, or an upper-layer protocol such as TCP).
Authentication Data (variable): It is variable-length field (must be an integral
number of 32-bit words) that contains the Authentication called as the Integrity
Check Value for the datagram.
AMRN ::6::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
Padding
The Padding field serves several purposes:
If an encryption algorithm requires the plaintext to be a multiple of some number of
bytes (e.g., the multiple of a single block for a block cipher), the Padding field is used
to expand the plaintext (consisting of the Payload Data, Padding, Pad Length, and
Next Header fields) to the required length.
The ESP format requires that the Pad Length and Next Header fields be right aligned
within a 32-bit word. Equivalently, the ciphertext must be an integer multiple of 32
bits. The Padding field is used to assure this alignment.
Additional padding may be added to provide partial traffic flow confidentiality by
concealing the actual length of the payload.
AMRN ::7::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
In Case 1, all security is provided between end systems that implement IPSec. For any two
end systems to communicate via an SA, they must share the appropriate secret keys. Among
the possible combinations:
a. AH in transport mode
b. ESP in transport mode
c. ESP followed by AH in transport mode (an ESP SA inside an AH SA)
d. Any one of a, b, or c inside an AH or ESP in tunnel mode
AMRN ::8::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
For Case 2, security is provided only between gateways (routers, firewalls, etc.) and no hosts
implement IPSec. This case illustrates simple virtual private network support. The security
architecture document specifies that only a single tunnel SA is needed for this case. The
tunnel could support AH, ESP, or ESP with the authentication option. Nested tunnels are not
required because the IPSec services apply to the entire inner packet.
For Case 3 builds on Case 2 by adding end-to-end security. The same combinations
discussed for cases 1 and 2 are allowed here. The gateway-to-gateway tunnel provides either
authentication or confidentiality or both for all traffic between end systems. When the
gateway-to-gateway tunnel is ESP, it also provides a limited form of traffic confidentiality.
Individual hosts can implement any additional IPSec services required for given applications
or given users by means of end-to-end SAs.
Case 4 provides support for a remote host that uses the Internet to reach an organization's
firewall and then to gain access to some server or workstation behind the firewall. Only
tunnel mode is required between the remote host and the firewall. As in Case 1, one or two
SAs may be used between the remote host and the local host.
Manual: A system administrator manually configures each system with its own keys
and with the keys of other communicating systems. This is practical for small,
relatively static environments.
Automated: An automated system enables the on-demand creation of keys for SAs
and facilitates the use of keys in a large distributed system with an evolving
configuration.
Key management protocol for IPSec is referred to as ISAKMP/Oakley and it has the following
elements;
AMRN ::9::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
ISAKMP
ISAKMP defines procedures and packet formats to establish, negotiate, modify, and delete
security associations. As part of SA establishment, ISAKMP defines payloads for exchanging
key generation and authentication data.
AMRN ::10::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
using the encryption algorithm for this SA. The Commit bit is used to ensure that
encrypted material is not received prior to completion of SA establishment.
Message ID (32 bits): Unique ID for this message.
Length (32 bits): Length of total message (header plus all payloads) in octets.
The Next Payload field has a value of 0 if this is the last payload in the message; otherwise
its value is the type of the next payload. The Payload Length field indicates the length in
octets of this payload, including the generic payload header. There are many different
ISAKMP payload types. They are:
AMRN ::11::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
ISAKMP Exchanges
ISAKMP provides a framework for message exchange, with the payload types serving as the
building blocks. The specification identifies five default exchange types that should be
supported.
1. Base Exchange: allows key exchange and authentication material to be transmitted
together. This minimizes the number of exchanges at the expense of not providing
identity protection.
2. Identity Protection Exchange: expands the Base Exchange to protect the users'
identities.
3. Authentication Only Exchange: used to perform mutual authentication, without a
key exchange
4. Aggressive Exchange: minimizes the number of exchanges at the expense of not
providing identity protection.
5. Informational Exchange: used for one-way transmittal of information for SA
management.
INTRUSION DETECTION: OVERVIEW, APPROACHES FOR IDS/IPS, SIGNATURE BASED IDS, HOST BASED
IDS/IPS (TEXT BOOK 2)
AMRN ::12::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
The following figure illustrates the difference between IDS and IPS. As indicated, IDS is
performed through a wire tap, and is clearly an out-of-band operation. In contrast, IPS is
performed inline. And by preventing intrusions, IPSs eliminate the need for keeping and
reading extensive intrusion-incident logs, which contributes to IDSs’ considerable CPU,
memory, and I/O overhead.
AMRN ::13::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
While this signature-based detection usually has a lower false positive rate, it may not detect
zero-day and mutated attacks. Malware can be stealthy by embedding its communications
into protocols that are likely to be present in normal network operations or incorporate
polymorphism and metamorphism to avoid a fixed signature. A Botnet might coordinate with
its C&C at irregular intervals and at low rates to avoid generating significant anomalies. The
big challenges to signature-based IDS/IPS are the size of signature database, and the
processing time of packets against all entries in the signature database. These can make the
IDS vulnerable to DoS attacks. Some IDS evasion tools flood signature-based IDSs with too
many packets, thus making the IDS drop packets and fail detection.
The HIDS/HIPS detect and prevent attacks on host computers, including Web servers and
database servers. The inputs to HIDS/HIPS are network packets, system logs, system events
and hardware information.
AMRN ::14::
CRYPTOGRAPHY AND NETWORK SECURITY – UNIT VI
Combined signature- and anomaly-based methods detect and block abnormal activity
patterns, and generate the system alarms and event reports. The time window of an event
may be different due to its characteristics. HIDS/HIPS can update the system profiles based
on the newly observed network patterns and system calls in order to improve the false alarm
rate. HIDS/HIPS builds a dynamic database of system objects that can be monitored. Then
an analysis and comparison of a number of items is performed with respect to the database.
These items include system calls and the sequence of these calls, logs and their modification,
system binaries modifications, password files, access control lists, shell commands and
backdoor software installations. HIDS/HIPS inspects packet content after decrypting received
VPN, P2P or SSL packets, and uses anti-malware software for decrypting or emulating
malware that employs mutations. In contrast, NIDS/NIPS cannot inspect encrypted traffic and
detect mutated malware. Hence, both NIDS/NIPS and HIDS/HIPS are deployed for optimal
protection, in which the combination is greater than the sum of its individual parts. This
approach yields a more accurate result for quarantining hosts and blocking/filtering traffic as
well as providing the basis for NAC/NAP products. A trusted platform module (TPM) on the
motherboard, which is external to the CPU thus making it much harder for an intruder to
corrupt its object and checksum databases, can be used to protect the integrity of the
database used for inspection.
AMRN ::15::