Cryptography and IPSec

advertisement
Discussion-11-14-2005-Information Security Management
Cryptography (30 minutes)
1.
2.
3.
4.
5.
6.
Discuss the basic components of cryptography. (Symmetric, Asymmetric)
Discuss the weakness of symmetric cryptography.
Discuss the weakness of the public key encryption
Why is a hybrid crypto system preferred over symmetric and public key
encryption systems?
Discuss the role of digital signatures in modern communication.
Discuss the limitations of a KDC system in modern communication.
IPSec (30 minutes)
1.
2.
What services are provided by IPSec, how?
What parameters identify an SA and what parameters characterize the nature of a
particular SA?
3.
What is the difference between transport mode and tunnel mode?
4.
What is a replay attack?
5.
Why does ESP include a padding field?
Advanced:
6.
End-to-End authentication and encryption are desired between two hosts. Draw
figures and show.
a. Transport adjacency, with encryption applied before authentication
b. A transport SA bundled inside a tunnel SA, with encryption applied before
authentication.
c. A transport SA bundled inside a tunnel SA, with authentication applied
before encryption.
1
Answers:
1. Discuss the basic components of cryptography. (Symmetric, Asymmetric)
2. Discuss the weakness of symmetric cryptography.
Symmetric encryption, although fast, suffers from several problems in the modern
digital communication environment. These are a direct result of the nature of
symmetric encryption. Perhaps the biggest problem is that a single key must be
shared in pairs of each sender and receiver. In a distributed environment with
large numbers of combination pairs involved in many-to-one communication
topology, it is difficult for the one recipient to keep so many keys in order to
support all communication.
In addition to the key distribution problem above, the size of the communication
space presents problems. Because of the massive potential number of individuals
who can carry on communication I a many-to-one, one-to-many, and many-tomany topologies supported by the Internet for example, the secret-key
cryptography, if strictly used, requires billions of secret keys pairs to be created,
shared, and stored. The can be a nightmare! Large numbers of potential
correspondents in the many-to-one, one-to-many, and many-to-many
communication topologies may cause symmetric encryption to fail because of its
requirement of prior relationships with the parties to establish the communication
protocols like the setting up of and acquisition of the secret key.
Besides the problems discussed above and as a result of them, the following
additional problems are also observable:
 The integrity of data can be compromised because the receiver can not verify
the message has not been altered before receipt.
 It is possible for the sender to repudiate the message because there are no
mechanisms for the receiver to make sure that the message has been sent by
the claimed sender.
 The method does not give a way to ensure secrecy even if the encryption
process is compromised.
 The secret key may not be changed frequently enough to ensure
confidentiality.
3. Discuss the weakness of the public key encryption
Although public key encryption seems to have solved the major chronic
encryption problems of key exchange and message repudiation, it still has its own
problems. The biggest problem for public key cryptographic scheme is sped.
Public key algorithms are extremely slow compared to symmetric algorithms.
This is because public key calculations take longer than symmetric key
calculations since they involve the use of exponentiation of very large numbers
which in turn take longer to compute. For example, the fastest public key
cryptography algorithm such as RSA is still far slower than any typical symmetric
algorithm. This makes these algorithms and the public key scheme less desirable
for use in cases of long messages.
2
In addition to speed, public key encryption algorithms have a potential to suffer
from the man-in-the-middle attack. The man-in-the-middle attack is a well
known attack, especially in network communication where an attacker sniffs
packets off a communication channel, sniffs packets. The intruder convinces the
correspondents that the intruder is the legitimate communication partner.
4. Why a hybrid crypto system preferred over symmetric and public key encryption
systems?
Symmetric algorithms, although faster than public key algorithms, are beset with a
number of problems. Similarly public key encryption also suffers slowness and the
potential of the man in the middle attacker. To address theses concerns and preserve
both efficiency and privacy of the communication channel, and increase the
performance of the system, a hybrid crypto system that uses the best of both and at
the same time mitigating the worse in each system is widely used.
5. Discuss the role of digital signatures in modern communication.
6. Discuss the limitations of a KDC system in modern communication.
KDC has several disadvantages including the following:
 The two network communicating elements must belong to the same KDC.
 Security becomes a problem because a central authority having access to
keys is vulnerable to penetration. Because of the concentration of trust, a
single security breach on the KDC would compromise the entire system.
 In large networks that handle all communication topologies, the KDC then
becomes a bottleneck since each pair of users needing a key must access a
central node at least once. Also failure of the central authority could
disrupt the key distribution system.
3
1. What services are provided by IPSec, how?
a) Access control, to prevent an unauthorized access to the resource. Both AH and
ESP are vehicles for access control, based on the distribution of cryptographic keys
and the management of traffic flows relative to these security protocols.
b) Connectionless Integration. To give an assurance that the traffic received has not
been modified in any way.
c) Data Origin authentication. Particularly source authentication so that when a
destination host receives an IP datagram, with a particular IP source address, it is
possible to be sure that the IP datagram was indeed generated by the host with the
source IP address. This prevents spoofed IP addresses.
d) Rejection or replayed packets. (Sequence number): to guarantee that each packet
exchanged between two parties is different.
f) Confidentiality (encryption): to ensure that internet trafficked is not examined by
non-authorized parties. This requires all IP datagrams to have their data field, TCP,
UDP, ICMP, or any other datagram data field segment, encrypted.
g) Limited traffic flow confidentiality (padding)
AH
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
confidentiality
Limited traffic flow confidentiality
ESP(encryption ESP (encryption and
only)
authentication)
y
y
y
y
y
y
y
y
y
y
y
y
y
y
2. What parameters identify an SA and what parameters characterize the nature of a
particular SA?
An association is a one-way relationship between a sender and a receiver that affords
security services to the traffic carried on it. If a peer relationship is needed, for two
way secure exchange, then two security associations are required. Security services
are afforded to an SA for the use of AH, ESP, but not both. A security association is
uniquely identified by three parameters:

Security Parameters Index: a bit string assigned to this SA and having local
significance only. The SPI is carried in AH and ESP headers to enable the
receiving system to select the SA under which a received packet will be
processed.

IP Destination Address: Currently, only unicast addresses are allowed; this is
the address of the destination endpoint of the SA, which may be an end user
system or a network system such as a firewall or router.

Security Protocol Identifier: this indicates whether the association is an AH or
ESP security association.
Additional parameters:
4


Secret key—which defines the keys to be sued
Encapsulation mode – defining how encapsulation headers are created and which
parts of the header and user traffic are protected during the communication
process.
3. What is the difference between transport mode and tunnel mode?
Transport mode
Transport mode provides host-to-host protection to higher layer protocols. That is,
transport mode protection extends to the payloads of an IP packet. Examples include
a TCP or UDP segment or an ICMP packet, all of which operate directly above IP in
a host protocol stack. Typically, transport mode is used for end-to-end
communication between two hosts. When a host runs AH or ESP over IPv4, the
payload is the data that normally follow the IP header. For IPv6, the payload is the
data that normally follow both the IP header and any IPv6 extensions headers that are
present, with the possible exception of the destination options header, which may be
include dint eh protection.
ESP in transport mode encrypts and optionally authenticates the IP payload but not
the IP header. AH in transport mode authenticates the IP payload and selected
portions of the IP header.
Tunnel mode
Tunnel mode provides protection to the entire IP packet. To achieve this, after the
AH or ESP fields are added to the IP packet, the entire packet plus security fields is
treated as the payload of new “outer” IP packet with a new outer IP header. The
entire original, or inner, packet travels through a “tunnel” from one point of an IP
network to another; no routers along the way are able to examine the inner IP header.
Because the original packet is encapsulated, the new larger packet may have totally
different source and destination addresses, adding to the security. Tunnel mode is
used when one or both ends of an SA is a security gateway, such as a firewall or
router that implements IPSec. With tunnel model, a number of hosts on networks
behind firewalls may engage in security communications without implementing
IPSec. The unprotected packets generated by such hosts are tunneled through
external networks by tunnel mode SAs set up by the IPSec software in the firewall or
secure router at the boundary of the local network.
Original
IP
IP packet header
TCP
header
Transport mode
protected packet
IP
header
IPsec
header
Tunnel mode
protected packet
IP
header
IPsec
header
data
TCP
header
5
IP
header
data
TCP
header
data
4. What is a reply attack?
A replay attack is one in which an attacker obtains a copy of an authenticated packet
and later transmits it to the intended destination. The receipt of duplicate,
authenticated IP packets may disrupt service in some way or may have some other
undesired consequence. The sequence number field is designed to thwart such
attacks.
5. Why does ESP include a padding field?
The padding field serves several purposes:
 If an encryption algorithm requires the plaintext to be a multiple of some number
of bytes (e.g., the multiple of a single block for a block cipher), the Padding field
is used to expand the plaintext (consisting of the Payload Data, Padding, Pad
Length, and Next Header fields) to the required length.
 The ESP format requires hat the PAD length and Next header fields be right
aligned within a 32-bit word. Equivalently, the cipher text must be an integer
multiple of 32 bits. The padding field is used to assure this alignment.
 Additional padding may be added to provide partial traffic flow confidentiality by
concealing the actual length of the payload.
Advanced:
6. End-to-End authentication and encryption are desired between two hosts. Draw
figures and show
a) Transport adjacency, with encryption applied before authentication
b) A transport SA bundled inside a tunnel SA, with encryption applied before
authentication.
c) A transport SA bundled inside a tunnel SA, with authentication applied before
encryption.
6
Download