Practical Aspects of Modern Cryptography 3 March 12, 2002 Practical Aspects of Modern Cryptography 4 March 12, 2002

Practical Aspects of Modern Cryptography 3 March 12, 2002 Practical Aspects of Modern Cryptography 4 March 12, 2002

Practical Aspects of Lecture 10: Modern Cryptography IPSEC and Crypto Politics Josh Benaloh & Brian LaMacchia But First...We Need to Vote IPSEC ! Two choices for the final project schedule: ! IPSEC = IP (Internet Protocol) Security ! Option 1: ! Suite of protocols that provide encryption, integrity and authentication services for IP ! Tuesday, March 19 @ UW EE1-003 packets ! Thursday, March 21 @ Redmond (room TBD) ! Mandatory-to-implement for IPv6, optional (but ! Option 2: available) for IPv4 ! Tuesday, March 19 @ Redmond (room TBD) ! Consists of two main components: ! Thursday, March 21 @ UW EE1-003 ! IPSEC proper (encryption & auth of IP packets) ! Which do you prefer? ! IPSEC key management Practical Aspects of Modern Cryptography 3 March 12, 2002 Practical Aspects of Modern Cryptography 4 March 12, 2002 IPSEC Operation IPSEC Protection Protocols ! Provides two modes of protection ! Authentication Header (AH) ! Tunnel Mode ! Authenticates payload data ! Transport Mode ! Authenticates network header ! Protection protocols ! Gives anti-replay protection ! Authentication and Integrity (AH) ! Encapsulated Security Payload (ESP) ! Confidentiality (ESP) ! Encrypts payload data ! Replay Protection ! Authenticates payload data ! Gives anti-replay protection Practical Aspects of Modern Cryptography 5 March 12, 2002 Practical Aspects of Modern Cryptography 6 March 12, 2002 1 Authentication Header (AH) IPSEC Authentication Header (AH) in Transport Mode ! Authentication is applied to the entire packet, with the mutable fields in the IP header Orig IP Hdr TCP Hdr Data zeroed out Insert ! If both ESP and AH are applied to a packet, Orig IP Hdr AH Hdr TCP Hdr Data AH follows ESP Integrity hash coverage (except for mutable fields in IP hdr) Next Hdr Payload Len Rsrv SecParamIndex Seq# Keyed Hash AH is IP protocol 51 24 bytes total Practical Aspects of Modern Cryptography 7 March 12, 2002 Practical Aspects of Modern Cryptography 8 March 12, 2002 IPSEC AH in Tunnel Mode Encapsulated Security Payload (ESP) Orig IP Hdr TCP Hdr Data ! Must encrypt and/or authenticate in each packet ! Encryption occurs before authentication IP Hdr AH Hdr Orig IP Hdr TCP Hdr Data ! Authentication is applied to data in the IPSEC header as well as the data contained Integrity hash coverage (except for mutable new IP hdr fields) as payload New IP header with source & destination IP address Practical Aspects of Modern Cryptography 9 March 12, 2002 Practical Aspects of Modern Cryptography 10 March 12, 2002 IPSEC ESP in Transport Mode IPSEC ESP in Transport Mode Orig IP Hdr TCP Hdr Data Insert Append Orig IP Hdr TCP Hdr Data Orig IP Hdr ESP Hdr TCP Hdr Data ESP Trailer ESP Auth Insert Append Usually encrypted Orig IP Hdr ESP Hdr TCP Hdr Data ESP Trailer ESP Auth integrity hash coverage Usually encrypted integrity hash coverage SecParamIndex Seq# InitVector Keyed Hash 22-36 bytes total Padding PadLength NextHdr ESP is IP protocol 50 Practical Aspects of Modern Cryptography 11 March 12, 2002 Practical Aspects of Modern Cryptography 12 March 12, 2002 2 IPSEC ESP Tunnel Mode IPSEC Key Management ! IPSEC Key Management is all about Orig IP Hdr TCP Hdr Data establishing and maintaining Security Associations (SAs) between pairs of communicating hosts IPHdr ESP Hdr IP Hdr TCP Hdr Data ESP Trailer ESP Auth Usually encrypted integrity hash coverage New IP header with source & destination IP address Practical Aspects of Modern Cryptography 13 March 12, 2002 Practical Aspects of Modern Cryptography 14 March 12, 2002 Security Associations (SA) Internet Key Exchange (IKE) ! New concept for IP communication ! Phase I ! SA not a “connection”, but very similar ! Establish a secure channel(ISAKMP SA) ! Establishes trust between computers ! Authenticate computer identity ! If securing with IPSEC, need SA ! Phase II ! ISAKMP protocol negotiates security parameters ! Establishes a secure channel between computers according to policy intended for the transmission of data (IPSEC ! Manages cryptographic keys and lifetime SA) ! Enforces trust by mutual authentication Practical Aspects of Modern Cryptography 15 March 12, 2002 Practical Aspects of Modern Cryptography 16 March 12, 2002 ISAKMP/OAKLEY ISAKMP/OAKLEY (2) ! Merge of two key management protocols ! What’s used today is a combination ! ISAKMP: Internet Security Association and Key ! ISAKMP provides the protocol framework Management Protocol ! OAKLEY provides the security mechanisms ! NSA-designed protocol to exchange security parameters (but not establish keys) ! OAKLEY ! Diffie-Hellman based key management protocol Practical Aspects of Modern Cryptography 17 March 12, 2002 Practical Aspects of Modern Cryptography 18 March 12, 2002 3 Main Mode Main Mode (Pre-shared Key) ! Main mode negotiates an ISAKMP SA which will be used to create IPSEC SA ! Three steps Initiator Responder ! SA negotiation Header, SA Proposals ! Diffie-Hellman and nonce exchange Header, Selected SA Proposal ! Authentication Header, D-H Key Exchange, Noncei Header, D-H Key Exchange, Noncer Encrypted Header, Idi,Hashi Header, Idr,Hashr Practical Aspects of Modern Cryptography 19 March 12, 2002 Practical Aspects of Modern Cryptography 20 March 12, 2002 Main Mode (Kerberos) Main Mode (Certificate) Initiator Responder Initiator Responder Header, SA Proposals Header, SA Proposals Header, Selected SA Proposal Header, Selected SA Proposal Header, D-H Key Exchange, Nonce , i Header, D-H Key Exchange, Noncei Kerberos Tokeni Header, D-H Key Exchange, Noncer, Header, D-H Key Exchange, Kerberos Tokenr Noncer,Certificate Request Encrypted Encrypted Header, Id ,Hash i i Header, Idi, Certificatei, Signaturei, Header, Idr,Hashr Certificate Request Header, Idr, Certificater, Signaturer Practical Aspects of Modern Cryptography 21 March 12, 2002 Practical Aspects of Modern Cryptography 22 March 12, 2002 Quick Mode Quick Mode Negotiation ! All traffic is encrypted using the ISAKMP Security Association ! Each quick mode negotiation results in two Initiator Responder IPSec Security Associations (one inbound, Encrypted one outbound) Header, IPSec Proposed SA Header, IPSec Selected SA Header, Hash Header, Connected Notification Practical Aspects of Modern Cryptography 23 March 12, 2002 Practical Aspects of Modern Cryptography 24 March 12, 2002 4 How It All Fits Together IPSEC Bundling/Wrapping Transport ! Multiple IPSEC transforms may be wrapped Tunnel successively around a single IP datagram ! Example: IPSEC transport sent over an IPSEC tunnel Practical Aspects of Modern Cryptography 25 March 12, 2002 Practical Aspects of Modern Cryptography 26 March 12, 2002 Sending in Transport Mode Sending in Tunnel Mode Application IPSec IP IP IPSec Transport Physical Physical IP IPSec Physical Application Physical IP IPSec TCP Data Application Application Physical IP IPSec TCP IP IPSec TCP Data Data Outer Inner Application Physical IPSec IPSec TCP IP IP Data Practical Aspects of Modern Cryptography 27 March 12, 2002 Practical Aspects of Modern Cryptography 28 March 12, 2002 Receiving in Tunnel Mode Receiving in Transport Mode Application IPSec IP IP IPSec Transport Physical Physical IPSec IP Physical Outer Inner Application Physical IPSec IPSec TCP IP IP Data Application IP IPSec TCP Application Data Physical IP IPSec TCP Data Application Physical IP IPSec TCP Data Practical Aspects of Modern Cryptography 29 March 12, 2002 Practical Aspects of Modern Cryptography 30 March 12, 2002 5 What is Network Address Translation NATs Rewrite Address/Port (NAT) ? Pairs ! Network Address Translation (NAT) User Kernel TCPIP.SYS IPNAT.SYS Translation Table ! Dynamically modifies source address S 10.0.0.2 S 10.0.0.2 10.0.0.2, 1185, 23 =172.31.249.14 D 131.107.1.7 D 131.107.1.7 Kernel mode 10.0.0.3, 1185, 23 =172.31.249.14 ! Dynamically recomputes interior UDP/TCP firewall hook checksums S 172.31.249.14 S 172.31.249.14 D 131.107.1.7 D 131.107.1.7 ! Port Address Translation (PAT) ! Dynamically modifies TCP/UDP source address and port ! Dynamically recomputes interior UDP/TCP checksums Practical Aspects of Modern Cryptography 31 March 12, 2002 Practical Aspects of Modern Cryptography 32 March 12, 2002 IPSEC AH and NAT IPSEC ESP and NAT ! Change in address or port will cause message ! Can change IP header in special cases only integrity check to fail ! Special TCP/UDP ignores pseudo header used in ! Packet will be rejected by destination IPSEC checksum calculation ! AH cannot be used with NAT or PAT devices ! Port information encrypted! ! Can’t change ESP header because integrity hash coverage Orig IP Hdr AH Hdr TCP Hdr Data Message Integrity Check coverage (except for mutable fields) Orig IP Hdr ESP Hdr TCP Hdr Data ESP Trailer ESP Auth encrypted integrity hash coverage Practical Aspects of Modern Cryptography 33 March 12, 2002 Practical Aspects of Modern Cryptography 34 March 12, 2002 Why Talk About Crypto Politics? ! You can’t really avoid the political aspects of crypto, especially if you’re trying to ship a The Politics of Crypto product that depends on good crypto ! In the past, the regulations have been so complex & time consuming that companies had dedicated individuals/departments for dealing with regs. ! Often public pronouncements don’t match reality ! Just because a government body says “crypto is freely exportable” doesn’t make it so Practical Aspects of Modern Cryptography 36 March 12, 2002 6 Topics in Crypto Politics Caveats... ! I’m going to present a U.S.-centric view of ! Export controls the issues ! Key Escrow ! Each country deals differently with these issues, ! Patents but the U.S. typically

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    13 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us