Table of contents
AH (Authentication Header, authentication header)
ESP (Encapsulating Security Payload, encapsulating security payload)
IKE (Internet Key Exchange, Internet Key Exchange)
IP Security Overview
A variety of network protocols (TCP/IP, IPX/SPX, NETBEUA, etc.) are run in large network systems, and these network protocols are not designed for secure communication. The IP protocol maintains the entire TCP/IP protocol architecture. Except for the data link layer, all TCP/IP protocol data are transmitted in the form of IP datagrams.
The TCP/IP protocol suite has two IP versions: version 4 (IPv4) and version 6 (IPv6). IPv6 is a subsequent version of IPv4. IPv6 simplifies the IP header and makes its datagrams more flexible. At the same time, IPv6 also increases security consideration.
IPv4 is currently dominant. IPv4 was not designed with security in mind. IP packets themselves do not have any security features, making data transmitted on the network vulnerable to various attacks: for example, forged IP packets. address, modify its content, replay previous packets, intercept and view the contents of packets during transmission, etc. Therefore, the communicating parties cannot guarantee the authenticity of the IP datagrams received.
IPSec protocol suite
In order to strengthen the security of the Internet, starting in 1995, the IETF began to develop a set of IP security protocols (IP Security, IPSec) for protecting IP communications. IPSec is a component of IPv6 and an optional extension protocol of IPv4. IPSec makes up for the lack of security considerations in IPv4 protocol design.
IPSec defines a standard, robust, and inclusive mechanism that can be used to provide security guarantees for IP and upper-layer protocols (such as TCP or UDP). The goal of IPSec is to provide strong interoperability, high-quality, and password-based security functions for IPv4 and IPv6, and to implement a variety of security services at the IP layer, including access control, data integrity, confidentiality, etc. IPSec ensures the confidentiality of communicating parties by supporting a series of encryption algorithms such as DES, Triple DES, IDEA, and AES.
The IPSec protocol cluster mainly includes three protocols: IKE/AH/ESP
-
IKE (Internet Key Exchange, Internet Key Exchange): The IKE protocol is an application layer protocol based on UDP. It is mainly used for SA negotiation and key management.
- AH protocol (Authentication Header): It can prove the origin of data, ensure the integrity of data and prevent the same data packet from being replayed on the Internet.
- ESP protocol (Encapsulating Security Payload, encapsulating security payload): It has all the functions of AH, and can also use encryption technology to ensure data confidentiality.
Although AH can protect communications from tampering, it does not transform the data and the data is still clear to hackers. In order to effectively ensure data transmission security, ESP further provides data confidentiality and prevents tampering. That is, AH provides data reliability and integrity, but confidentiality is protected by ESP. Although both AH and ESP can provide identity authentication, they have two differences: ESP requires the use of high-strength encryption algorithms and is subject to many restrictions. In most cases, using AH's authentication service can meet the requirements, but ESP is relatively expensive. Having two different sets of security protocols at the same time means that the IPSec network can be controlled at a more fine-grained level, and the security solution can be selected with greater flexibility.
How IPSec is implemented
There are two implementation methods of IPSec: transport mode and tunnel mode, both of which can be used to protect communications.
Transport mode is used between two hosts to protect the transport layer protocol header and achieve end-to-end security. When the data packet is transmitted from the transport layer to the network layer, AH and ESP will intercept it, and an IPSec header needs to be inserted between the IP header and the upper layer protocol. When applying AH and ESP to transport mode at the same time, ESP should be applied first and then AH.
The packets in transport mode are as follows:
Tunnel mode is used between hosts and servers, or servers and servers, to protect the entire IP data packet, encapsulate the entire IP data packet (called the internal IP header), and then add an IP header (called the external IP header), and Insert an IPSec header between the inner and outer IP headers.
The tunnel mode packet is as follows
IPSec can be implemented and configured at the end host, gateway/router, or both. As for where IPSec is configured on the network, it is determined by the user's requirements for security and confidentiality. Host implementation is particularly useful when end-to-end communications need to be secure. However, when it is necessary to secure communications within a part of the network, it is important to implement IPSec in routers.
AH (Authentication Header, authentication header)
AH improves data integrity checking and authentication for IP packets, and also has optional replay attack protection, but does not provide data encryption protection. AH does not encrypt any part of the protected IP datagram, but otherwise has all the other features of ESP. AH and ESP protect data at the same time. In order, AH comes after ESP. The AH format is as follows:
The header (8 bits) indicates the payload type after AH, which is 6 (TCP) or 17 (UDP) in transmission mode and 5 (TCP) or 41 (UDP) in tunnel mode. The payload length (8 bits) is the length of the entire AH minus 2, with the length in units of 32. The reserved (16) bits are reserved fields and are all 0. The security parameter index (32 bits) is used together with the destination address of the external IP header to authenticate and verify the integrity of the message. The sequence number (32 bits) is a one-way incrementing counter that provides anti-replay capabilities. The length of the verification data is determined by the specific verification algorithm.
The processing of AH is divided into 2 parts:
- Add AH header to sent packets
- Restore received data packets containing AH
ESP (Encapsulating Security Payload, encapsulating security payload)
ESP provides data integrity verification, identity verification, data encryption, and replay attack protection for IP packets. In addition to all services provided by AH, confidentiality services are also provided. ESP can be used in transport mode as well as tunnel mode. The ESP header can be placed between the IP header and the upper layer protocol, or it can be used to encapsulate the entire IP datagram. ESP header format:
The security parameter index (32 bits) is used to identify the security association handling the packet. The sequence number (32 bits) is similar to AH and provides resistance to replay attacks. Padding item (0~255 bits), the length is determined by the specific encryption algorithm. Padding length (8 bits): The actual length of the data payload that the receiving end can recover. Next header (8 bits): Indicates the type of payload protected by ESP. May be 6 (TCP) or 17 (UDP) in transport mode, 5 (IPv4) or 41 (IPV6) in tunnel mode
AH and ESP can be used individually or simultaneously. When AH and ESP are used at the same time, the packet will be encapsulated by ESP first, and then encapsulated by AH; when decapsulating by IPsec, the packet will be decapsulated by AH first, and then decapsulated by ESP.
IKE (Internet Key Exchange, Internet Key Exchange)
The entire IKE protocol specification is mainly defined by three documents: RFC2407, RFC2408 and RFC2409
- RFC2407 defines the Internet IP Security Interpretation Domain
- RFC2408 describes the Internet Security Association and Key Manangement Protocol (ISAKMP)
- RFC2409 describes how the IKE protocol uses Oakley, SKEME and ISAKMP to negotiate security associations.
The following text is from Huawei’s official website:
The IKE protocol is a hybrid protocol that combines three protocols: ISAKMP (Internet Security Association and Key Management Protocol), Oakley protocol, and SKEME protocol. Among them, ISAKMP defines the establishment process of IKE SA. The core of Oakley and SKEME protocols is the DH (Diffie-Hellman) algorithm, which is mainly used to safely distribute keys and verify identities on the Internet to ensure the security of data transmission. The encryption keys and verification keys required by IKE SA and IPSec SA are generated through the DH algorithm, and it also supports dynamic key refresh.
Two stages of IKE
The first phase of IKE - main mode exchange and aggressive mode exchange
The main task of the first phase is to establish IKE SA to provide a secure communication channel for subsequent exchanges. Use main mode swapping and aggressive mode swapping. Both modes can establish SA. The difference between the two is that active mode only uses half of the messages in main mode, so the negotiation ability of active mode is limited, and it does not provide identity protection. But active mode can have some special uses, such as remote access, etc. In addition, if the initiator already knows the responder's policy, aggressive mode can be used to quickly establish an IKE SA.
Both main mode and aggressive mode allow 4 different authentication methods:
- preshared key
- DSS digital signature
- RSA digital signature
- exchange encryption
The second phase of IKE—quick mode exchange
Quick mode exchange mainly negotiates the specific parameters of IPSec SA for the communicating parties and generates related keys. IKE SA protects quick mode exchanges through data encryption and message authentication. The quick mode exchange and the first phase exchange are interrelated to generate the keying material and negotiate the IPSec sharing policy. The information exchanged in quick mode is protected by IKE SA, that is, in addition to the ISA KMP header, all payloads need to be encrypted, and the messages must also be authenticated.