A Technical Comparison of Ipsec and SSL
Total Page:16
File Type:pdf, Size:1020Kb
A Technical Comparison of IPSec and SSL y Ab delNasir Alshamsi Takamichi Saito Tokyo University of Technology Abstract p osed but the most famous secure and widely de ployed are IPSec IP Security and SSL Secure So cket Layer IPSec IP Security and SSL SecureSocket Layer In this pap er we will provide a technical comparison have been the most robust and most potential tools of IPSec and SSL the similarities and the dierences available for securing communications over the Inter of the cryptographic prop erties The results of per net Both IPSec and SSL have advantages and short formance are based on comparing FreeSWAN as comings Yet no paper has been found comparing the IPSec and Stunnel as SSL two protocols in terms of characteristic and functional ity Our objective is to present an analysis of security and performancepr operties for IPSec and SSL IPSec IPSec is an IP layer proto col that enables the Intro duction sending and receiving of cryptographically protected packets of any kind TCPUDPICMPetc without any provides two kinds of crypto mo dication IPSec Securing data over the network is hard and compli graphic services Based on necessity IPSec can provide cated issue while the threat of data mo dication and condentiality and authenticity or it can provide data interruption is rising The goal of network security authenticity only is to provide condentiality integrity and authenticity Condentiality is keeping the data secret from the ESP Encapsulated SecurityPayload unintended listeners on the network Integrity is en suring that the received data is the data was actually AH Authentication Header sent Authenticity is proving the identity of the end ESP provides condentiality authenticity and in point to ensure that the end p ointistheintended entity tegrity protection for the communication and it is dis to communicate with tinguished by the ESP header attached to the packet The combination of these prop erties is the pillar of AH on the other hand ensures that authenticity and the security proto cols How to combine them is the integrity of the data is protected and it is identied ers Using a strong crypto question with many answ by the AH header attached to the packet ESP header graphic key with a weak authentication algorithm may includes the necessary information for decrypting and allow an attacker to disrupt the data Using a strong authenticating the data where AH header includes the authentication algorithm with a weak encryption algo necessary information required for authenticating the rithm may allowanattacker to decrypt the data Using protected data both strong authentication and encryption algorithm Establishing IPSec connection requires two phases protects the data but it will decrease the transmission Phase ISAKMP SA and Phase IPSec SA rate and could induce CPU consumption Therefore see table it is complicated to provide the b est protection the maximum throughput and the lowest overhead Phase With the recent development of the securitytools so many proto cols and powerful to ols have been pro Phase p erforms mutual authentication and pro Graduate Scho ol of System Electronics Katakurcho duces the encryption key required to protect Phase Hachiouji City Japan alshamsiaquatsitteuacjp y Phase has two mo des Main Mo de and Aggressive Department of Computer Science Katakurcho Ha Mo de The dierences between these two mo des are chiouji City Japan saitoccteuacjp the numb er of messages exchanged and the ID protec SA Security Asso ciation tion see table KE DieHellman exchanged public value Main Mo de Ni Nr the nonce I ID R the Initiator Resp onder ID CERT the certicate SIG I SIG R the signature for the Initiator Re sp onder resp ectively x x is optional Figure IPSec Main Mo de encryption must b egin after the header Key Exchange and Authentication AggressiveMode Various metho ds of Key Exchange mechanism and Authentication metho ds are supp orted by IPSec Key Exchange Metho d DH KINK Authentication Metho d Figure IPSec AggressiveMode PreShared Key PSK Phase Digital Signature Phase negotiates the cipher and authentication Public Key algorithm required to protect further transactions Phase has one mo de QuickMode KINK see The Hash Algorithms used by IPSec are MD and SHA see Table IPSec Mo de Phase Key Exchange Mo de Msg Exchanged Phase Main Mo de Figure IPSec QuickMode AggressiveMode Phase QuickMode The notations below were used to describ e Figure and IPSec Notation KINK is a Kerb eros based proto col that provides Key Ex change and authentication mechanism Not standardized yet HDR ISAKMP header such as RSA Digital Signature and DSA Digital Signature Server Authentication Table ID Protection ClientAuthentication Mo de Authentication Metho d ID Protection PSK yes Anonymous see Main RSADSA Digital Sig yes Client Authentication is in fact mutual authentica Public Key yes tion but the develop ers of SSL has referred to it as PSK no Client Authentication The Hash Algorithms used Aggressive RSADSA Digital Sig no by SSL are MD and SHA see Public Key yes An example of a SSL Handshake is describ ed in Fig ure SSL SSL Secure So cket Layer is an Application layer proto col SSL is mostly utilized to protect HTTP transactions and has b een used for other purp oses like IMAP and POP etc SSL is compatible with applica tions running only over TCPbut some mo dications are required for the applications to run over SSL Re centdevelopment of SSL software like Stunnel has added an easiness of use to SSL SSL is comp osed of the following proto cols Handshake proto col Change Cipher Sp ec proto col Alert proto col Application Data proto col Figure SSL Handshake Handshake proto col is used to p erform authentica tion and key exchanges Change Cipher Sp ec proto col Figure describ es SSL handshake in Client Authen is used to indicate that the chosen keys will now be tication The remove of the attached exchanges rep used Alert proto col is used for signaling errors and resents Server Authentication session closure Application Data proto col transmits and receives encrypted data SSL Notation ClientHello Client prop oses supp orted cipher suite Authentication Key Exchange and ServerHello Server sends chosen cipher suite Key Exchange Metho d Certicate Server sends certicate RSA CerticateRequest Server requests Clients Certi Client sends the pre master secret after encrypt cate ing it with Servers public key ServerHelloDone Server has sent all Handshake DH messages ClientandServer exchange DH public values and pro duce the pre master secret indep endently Certicate Client sends Certicate Other Key Exchange metho ds are used with SSL but ClientKeyExchange Client sends pre master secret in this pap er we will only refer to the ab ove mentioned encrypted with Servers public key metho ds Authentication Metho d ChangeCipherSp ec Client sends New chosen ci Kerb eros FORTEZZA pher suite will b e selected Finished nished message Table HMAC Algorithm Typ e ChangeCipherSp ec Server sends New chosen ci Proto col MAC Algorithm Hash Length pher suite will b e selected IPSec HMACSHA Byte HMACMD Byte Finished nished message SSL HMACSHA Byte HMACMD Byte Comparison of IPSec and SSL Authentication Algorithm to pro duce message digest The strength of the Hash IPSec supp orts the use of Digital Signature and the Algorithm is based on the length of the output see ta use of a Secret Key Algorithm where SSL supp orts ble only the use of Digital Signature The use of a random bit Secret Key is considered as strong as any other authentication metho ds In the absence of Digital Sig Connection Mo de nature algorithm IPSec can still b e implemented using the Secret Key but SSL cant b e implemented IPSec has two connection mo des Tunnel Mo de Authentication Metho d This is established b etween GatewaytoGateway GatewaytoHost and HosttoHost It establishes IPSec supp orts one typ e of authentication metho d a tunnel between the endp oint and it requires while SSL supp orts a various typ es of authentication adding a new IP header to the original packet They are describ ed in table and Transp ort Mo de Table IPSec Authentication Metho d Transp ort Mo de is HosttoHost connection The data b etween the twoentities are encrypted Authentication Metho d Authentication Algorithm The advantage of Tunnel Mo de is the elimination of Mutual Authentication PSK the overhead caused by eachchannel But the disad RSADSA Digital Signature vantage is what could happ en to the connection if the RSA Public Key key was compromised KINK SSL is a vice versa situation SSL is one connec tion p er one session typ e Each session is indep endent but the throughput could fall down as the number of sessions increases Table SSL Authentication Metho d Remote Access Authentication Metho d Authentication Algorithm Server Authentication RSA ChallengeResp onse IPSec encoun ters some problems when it comes to DSA Digital Signature remote access with PSK authentication in Main Mo de Client Authentication RSADSA Digital Signature In the case of PSK the ID is restricted to the IP ad Anonymous none dress only Since the IP address is not static the prop er shared key cant be lo cated and as a result Remote Host cant b e established Toavoid such incidentthe following metho ds are prop osed MAC Setting the remote host IP to and using one MAC Message Authentication Co de is used for au Shared Key for remote host access thenticating the exchanged messages after the connec Using Aggressive Mo de where the ID typ e is