Tài liệu IP security pdf

NATO workshop on Advanced Security Technologies in Networking (Portoroz, May 29 - June 2, 2000) 1

IP security

Madalina Baltatu Antonio Lioy

Dip. Automatica e Informatica

Politecnico di Torino

Torino, Italy

Abstract—This paper presents the network level security

services currently available for the Internet infrastructure.

Since IPsec is likely to become the largely accepted standard

as far as IP level security is concerned, the paper describes

the IPsec architecture including its defined security formats

and the related key management procedures. Finally, com￾mon IPsec applications are presented and the future direc￾tions are outlined.

Keywords— network level security, authentication, in￾tegrity, confidentiality, anti-replay

I. INTRODUCTION

TCP/IP networks are plagued with security problems

because they have been designed to work in a friendly

environment, with physically secure connections. When

these assumptions are no more valid - as it is nowadays -

the many security weaknesses of TCP/IP become manifest

and can be easily exploited. In general, IP communications

are exposed to several types of attack:

• packet sniffing: due to network topology, IP packets sent

from a source to a specific destination can also be read by

other nodes that can then get hold of the payload, which

may contain passwords or other private information;

• IP spoofing: IP addresses can be very easily spoofed

both to attack those services whose authentication is based

on the sender’s address (as the rlogin service or several

WWW servers) and to supply wrong information to sub￾vert the logical organization of the network (for example,

by forging false ICMP messages of the type ”destination

unreachable” or ”redirect”);

• connection hijacking: whole IP packets can be forged to

appear as legal packets coming from one of the two com￾municating parties, the goal of the attack being to insert

wrong data in an existing channel.

Effective solutions to these and other attacks are not al￾ways available. When countermeasures do exist, they are

usually placed at the application level. As a consequence,

solutions are not always interoperable. Moreover, several

functions are duplicated inside different applications.

The IP Security architecture (IPsec) [1] defines basic se￾curity mechanisms at the network level, so that they can be

available to all the layered applications. The security tech￾niques adopted in IPsec have been designed to be easily

inserted in both IPv4 and IPv6, as detailed in [1].

Somebody can question if it is right to locate the secu￾rity functions at the network level. Quite obviously there

is not a definitive answer, because in general the security

of a system is not based on a single element, rather it is

the result of a combination of several ones. The IP level

is surely the right one to block many low-level attacks, as

those mentioned at the beginning of this section, that ac￾count for a large percentage of all the network attacks due

to their simple implementation. On the other hand, IPsec

is not a complete solution when the applications to be pro￾tected are user-oriented (as in the case of electronic mail)

rather than network-oriented.

II. IPSEC FEATURES

IPsec security services are offered by means of two ded￾icated extension headers, the Authentication Header (AH)

[2] and the Encapsulating Security Payload (ESP) [3], and

through the use of cryptographic key management proce￾dures and protocols.

The AH header was designed to ensure authenticity and

integrity of the IP packet. It also provides an optional anti￾replay service. Its presence guards against illegal modifi￾cation of the IP fixed fields, packet spoofing and, option￾ally, against replayed packets. On the other hand, the ESP

header provides data encapsulation with encryption to en￾sure that only the destination node can read the payload

conveyed by the IP packet. ESP may also provide packet

integrity and authenticity, and an anti-reply service. The

two headers can be used separately or they can be com￾bined to provide the desired security features for IP traffic.

Each header can be used in one of the two defined

modalities: transport mode and tunnel mode. While in

transport mode the security headers provide protection pri￾marily for upper layer protocols, in tunnel mode the head￾ers are applied to tunneled IP packets, thus providing pro￾tection to all fields of the original IP header.

Both AH and ESP exploit the concept of ”security asso￾ciation” (SA) to agree upon the security algorithms, trans￾forms and parameters shared by the sender and the receiver

of a protected traffic flow. Each IP node manages a set of