Security in Computer Networks

8.8.3 Network-Layer Security: IPsec

Home | Introduction | 8.1 What Is Network Security? | 8.2 Principles of Cryptography | 8.3 Authentication | 8.4 Integrity | 8.5 Key Distribution and Certification | 8.6 Access Control: Firewalls | 8.7 Attacks and Countermeasures | 8.8 Security in Many Layers: Case Studies

The IP security protocol, nore commonly known as IPsec, is a suite of protocols that provides security at the network layer.  IPsec is a rather complex animal--parts fo it are secribed in more than a dozen RFCs.
 
Consider first what it means to provide network-layer confidentiality.  The network layer would porvide confidentiallity if all the data carried by all IP datagrams were encrypted.  This meas that whenever a host wants to send a datagram, it encrypts the data field of the datagram before shipping it out into the network.  In principle, the encryption could be done with symmetric key encryption, public key encryption, or with session keys that arenegotiated using public key encryption.  The data field could be a TCP segment, a UDP segment, anICMP message, and so on.  If such a network-layer service were in place, all data sent by hosts--including e-mail, Web pages, control messages, and management messages--would be hidden from any thrid party that was wire tapping the network.
 
In addition to confidentiality, one might also want the network layer to also provide source authentication.  When a destination host receives an IP datagram with a particular IP source address, it authenticates the source by making sure that the IP datagram was indeed generated by the host with that IP source address.  Such a serciver prevents datagrams with spoofed IP addresses from being authenticated.
 
In the IPsec protocol suite there are two principal protocols: the Authentication Header (AH) protocol and the Encapsulation Security Payload (ESP) protocol.  When a source host sends secure datagrams to a destination host, it does so with either the AH protocol or the ESP protocol.  The AH protocol provides source authentication and data integrity but does not provide confiedntiality.  The ESP protocol provides authentication, data integirty, and confidentiality.  Providing more services, the ESP protocol is naturally more complicated and requires more porcessing than the AH protocol.
 
IN both the AH and the ESP protocols, before secured datagrams are sent from a source host to a destination host, the source and network hosts handshake and create a network-layer logical connection.  This logical channel is called a security association (SA). 
An SA is uniquely identified by a three-tuple consiting of:
  • A security protocol (AH or ESP) identintifier.
  • The source IP address for the simplex connection
  • A 32-bit connection identifier called the Security Parameter Index (SPI).
Authentication Header (AH) Protocol
 
The AH protocol provides source host authentication and data integrity but not confiedntiality.  When a particular source host wants to send one or more datagrams to a particular destination, it first establishes an SA withthe destination.  After having established the SA, the source can send secure datagrams to the destination host.  The secure datagrams include the AH header, which is inserted between the original IP datagram data and the IP header.
 
The AH Header includes several fields:
 
  • Next Header field, which has the role that the protocol field has for an ordinary datagram.
  • Security Parameter Index (SPI) field, an arbitrary 32-bit value that, in combination with the destination IP address and the security protocol, uniquely identifies the SA for the datagram.
  • Sequence Number field, a 32-bit field containing a sequence number for each datagram.
  • Authentication Data field, a variable-length field containing a signed message digest for this datagram.

When the destination host receives an IP datagram with an AH header, it determines the SA for the datagram and then authenticates the datagram's integrity by processing the authentication data field.

The ESP Protocol

The ESP protocol provides network-layer confidentiality as well as source host authentication and data integrity.  It all begins with a source host establisheing an SA with a destination host.  Then the source host can send secured datagrams to the destination host.  A secured datagram is created by surrounding the original IP datagram into the data field of an IP datagram.  For the protocol field in the header of the IP datagram, the value 50 is used to indicate that the datagram includes an ESP header and trailer.  When the destination host receives the IP datagram, it takes note of the 50 in the protocol field and porcesses the datagram using the ESP protocol.

SA and Key Management

For successful deployment of IPsec, a scalable and automated SA and key management scheme is necessary.  Several protocols have been defined for these taskes.

  • The Internet Key Exchange (IKE) algorithm is the default key management protocol for IPsec.
  • The Internet Security Association and Key Managemetn Protocol (ISKMP) defines procedures for establishing and tearing down SAs.