Security Goals
Computer security can be said to embody three general goals.
Authentication The ability to reliably determine that data has been received as it was sent and to verify that the entity that sent the data is what it claims to be. Successful authentication means preventing attackers from impersonating an authorized entity.
Integrity The ability to reliably determine that the data has not been modified during transit from its source to its destination. Successfully maintaining data integrity means preventing an attacker from modifying authentic data without detection as well as preventing the acceptance of data that has been corrupted somewhere in the network clouds (as happens occasionally).
Confidentiality The ability to transmit data that can be used or read only by its intended recipient and not by any other entity. Successfully maintaining data confidentiality means preventing anyone other than the intended recipient(s) from being able to access private data.
Developments in modern cryptography, specifically in the use of public key cryptography (discussed in the next section), make possible the combination of these three goals in one set of functions. These goals-authentication, integrity, and confidentiality-are achieved through three related functions.
Digital signatures unequivocably link the holder of a particular secret with data represented as having been signed by that entity.
Secure hashes digitally " summarize " a sequence of data using a repeatable process that will produce identical results only if the data sequence being verified matches the data sequence produced by the sender.
Encryption is the process of performing a reversible transformation on readable data so as to render it unreadable by anyone other than the holder of the appropriate decryption key.
Some or all of these functions are possible in combination or individually in protocols at every layer of the TCP/IP stack, from IP (through IPsec) to the transport layer (through TLS, the Transport Layer Security protocol) to security functions provided through applications.
The goal of IPsec is to provide security mechanisms for all versions of IP. IPsec provides security services at the IP layer, and systems may require other systems to interact with it securely with IPsec and a particular set of security algorithms and protocols. While IPsec mandates support for a basic set of algorithms, it also allows nodes to negotiate acceptably secure interaction with other systems with optional algorithms. IPsec provides the framework within which nodes can negotiate appropriate algorithms, protocols, key lengths, and other aspects of secure communication.
IPsec allows maintenance of the following.
Access control IPsec allows security protocols to be invoked governing the secure exchange of keys, allowing authentication of users for access control purposes.
Connectionless integrity IPsec allows nodes to validate each IP packet independent of any other packet. There is no need to verify sequences of packets or even to have access to other packets exchanged by the same nodes. Connectionless integrity is enabled through use of secure hashing techniques, similar to the use of check digits but with greater reliability and less likelihood of tampering from unauthorized entities.
Data origin authentication Identifying the source of the data contained in an IP packet is another security service provided by IPsec. This function is accomplished through the use of digital signatures.
Defense against packet replay attacks As a connectionless protocol, IP is subject to the threat of replay attacks, where an attacker sends a packet that has already been received by the destination host. Replay attacks can harm system availability by tying up receiving system resources. IPsec provides a packet countermechanism that protects against this ploy.
Encryption Data confidentiality-keeping access to data from anyone but those with proper authorization-is provided through the use of encryption.
Limited traffic flow confidentiality Encrypting data is not always sufficient to protect systems; merely knowing the endpoints of an encrypted exchange, the frequency of such interaction, or other information about the transmissions can provide a determined attacker with enough information to disrupt or subvert systems. IPsec provides some limited traffi c flow confidentiality through the use of IP tunneling, especially when coupled with security gateways.
All of these functions are possible through proper use of the Encapsulating Security Payload (ESP) Header and the Authentication Header (AH). A handful of cryptographic functions is specified for IPsec and is described briefly in the next section.
Public key encryption provides a mechanism for performing almost all of these functions with a single set of processes. AH provides mechanisms for applying authentication algorithms to an IP packet, whereas ESP provides mechanisms for applying any kind of cryptographic algorithm to an IP packet including encryption, digital signature, and/or secure hashes. IPsec is aimed at eliminating certain types of attacks, including the following.
Denial of service (DoS) attacks These occur when an entity uses network transmissions to prevent legitimate users from using network resources. For example, an attacker may flood a host with TCP SYN requests and thereby crash a system, or the attack may consist of repeated transmission of long mail messages with the intention of filling up a user's or site's bandwidth with nuisance traffic.
Spoofing attacks These occur when an entity transmits packets that misrepresent the packets ' origins. For example, one type of spoofing attack occurs when the attacker sends a mail message with the From: header indicating the source of the message as, say, the president of the United States. More insidious and almost as easy to engineer are those attacks that occur when packets are sent out with an incorrect source address in the headers.
Man-in-the-middle attacks (MITMs) These occur when an attacker (Alice) positions herself between two communicating entities (call them Bob and Carol) and intercepts all their transmissions. Alice poses as Bob when communicating with Carol, and as Carol when communicating with Bob. Alice, as a result, is able to send whatever data she wants to Bob instead of what Carol wants to send to Bob. MITM attacks are relatively easy when transmissions are not encrypted or authenticated. However, Alice can successfully attack even a protected data stream if she is able to either gain access to Carol's secret keys (or be issued a set of her own public/secret key pairs that is sufficiently similar to Carol's that Bob will be fooled).
This last attack is important because it raises the issue of handling keys. As just noted, encryption and digital signature functions require the use of keys to decrypt and/or verify data, and digital certificates are one mechanism by which public keys can be distributed. Although all public key infrastructure ( PKI ) providers, including Verisign, make their own efforts to validate all applications, the problem is not a matter of technology. As noted earlier, Verisign issued two digital certificates to someone who improperly posed as a representative of Microsoft; a sufficiently motivated attacker will presumably use every possible tactic to get a desired certification. An attacker's ability to forge credentials (from letterhead on which to type a request for a corporate digital certificate to passport, birth certificate, or other documents submitted to support a fraudulent application) may exceed the ability of the PKI provider to detect them.
As a result of this potential vulnerability, IPsec requires a mechanism by which keys can be securely administered and distributed in a way that associates public keys with the entities that are supposed to own them.
As just noted, IPsec secures IP- not the Internet and certainly not the systems connected to the Internet or the processes running on those systems. IPsec must be considered only one part of the organizational security strategy. While IPsecprotected traffic may pass unscathed across the global Internet, before it leaves its source and after it arrives at its destination, that traffic will be vulnerable to attacks on local links, local systems, processes, and the protocols used there.
In this tutorial:
- IP Security
- IP Security Issues
- Security Goals
- Encryption and Authentication Algorithms
- Symmetric Encryption
- Public Key Encryption
- Key Management
- Secure Hashes
- Digital Signature
- IPSEC: The Protocols
- IP and IPSEC
- Security Associations
- Using Security Associations
- Tunnel and Transport Mode
- Encapsulating Security Payload (ESP)
- Authentication Header
- Calculating the Integrity Check Value (ICV)
- IPsec Headers in Action
- Implementing and Deploying IPSEC