Analysis of IPSec Security Mechanism

Abstract: IETF provides IPSEC security specifications for network layer security risks. This article discusses the IPSec architecture, several working methods and current methods, and analyzes the principles and mechanisms of providing security services.
Keywords: IPSec; network security; Authentication Header; security load encapsulation; security alliance

1 Introduction
Security issues have always been an important topic related to the Internet. Since the security of the IP protocol was not fully considered at the beginning of the design, therefore, in the early days, the Internet often experienced such unfortunate events as attacks on the networks of certain enterprises and organizations and theft of confidential data. To enhance Internet security, IETF has developed a set of security protocols for IP communication since 1995. IPSec provides IP-based network layer security. It serves all IP-based network communication and is completely transparent to upper-layer protocol applications.
2. IPSec architecture

 
Figure 1 IPSec architecture Diagram

IPSec is a set of specifications. It consists of Security Consortium (Security Association, SA) [1] and security protocols (including authentication header (AH) [2]. Security load ESP (Encapsulating Security Payload, ESP) [3]. Key Management (Internet Key Management, Ike) [4] and authentication and encryption algorithms constitute a complete security system. Structure 1.
2.1 Security Alliance (SA)
Security Alliance is the basis of IPSec. It determines the IPSec security protocol, hash mode, encryption algorithm, key, and other security parameters used in communication, it is usually uniquely represented by a triplet (security parameter index, destination IP address, and security protocol. Sa always appears in pairs. The peer existence exists at both ends of the communication entity and is the result of mutual negotiation between the communication parties.
Sa is stored in security associationdatabase (SAD) [1]. In addition, a security policy database (SPD) [1] is maintained in the IPsec environment. Each IPSec network interface has a pair of sad and SPD, which are used together to process incoming and outgoing IP packets. A sad database record corresponds to a SA. Each SPD record describes a security policy that specifies the packet processing action (discard, bypass, and application ). When sending data, get the corresponding policy record from SPD based on parameters such as the destination IP address. When the recorded action is "application, obtain the corresponding SA from sad Based on the SA pointer in the record (if it does not exist, call Ike to create a new SA and insert it into sad ), use the security protocol and Authentication Encryption Algorithm specified by SA to process packets securely and then send the destination IP address. After receiving the data, the receiver finds the SA through the SPI and other parameters in the message to check whether the data is retransmitted. If not, the data is decrypted and verified using the Protocol and algorithm specified in the SA. SPD may have multiple records for the same IP address, and these records may conflict with each other. Therefore, the records must be sorted and queried in sequence, only the first policy record found is applied.
2.2 Authentication Header (Ah)
Ah supports data integrity and IP packet verification. The features of data integrity ensure that undetected changes cannot be made during transmission, the authentication function enables end systems or network devices to authenticate users or applications and filter the traffic volume as needed. It can also prevent address spoofing attacks on the Internet. In addition, ah can also prevent repeated attacks in this region. Ah is inserted between the IP address header and the transport layer header, as shown in table 1.

Table 1 Ah format

The next header field (eight bits) identifies the type of the followed header. The payload attribute (8 bits) indicates the length of the entire ah. SPI (32-bit) is a random value used together with an external destination IP address to specify the SA. The serial number (32-bit) indicates the position of the current IP packet in the entire packet series. This field is mandatory and provides the anti-Replay Function. When the SA is created, the value is initialized to 0 and then increases sequentially, when the value reaches 232, the SA is re-created. Even if a specific SA does not require the anti-Replay Function, it must be filled in at the sender, and only the receiver does not perform the replay check. Ah's last field authentication data is variable-length, but must be aligned with the two characters. The default length is 96 BITs, which is the integrity check value (icv) of the package ), it is a delete section of the Identity Verification Code calculated by SA's one-way hash alogrithm algorithm, symmetric encryption algorithm, and key.
2.3 encapsulation security load (ESP)
Ah does not provide any confidentiality service. It does not encrypt the protected data packets. The confidentiality service is provided by ESP, which includes the confidentiality of message content and the confidentiality of limited traffic. As an optional function, esp can also provide Ah authentication service. The Security Service uses cryptographic algorithms to encrypt IP data packets. cryptographic algorithms use symmetric cryptographic systems, such as triple DES, RC5, idea, and cast. The basic idea of ESP is to encapsulate the entire IP package or transport layer data and encrypt the vast majority of ESP data. The Header Format is shown in table 2.

Table 2 ESP Header Format

In ESP, some encryption algorithms require that the plaintext be an integer multiple of some bytes, So ESP has a length of 0 ~ 255-byte filling field, which is also used to ensure the dual-character alignment of the ciphertext. It also hides the real length of the payload, thus providing certain confidential protection for transmission traffic, however, this field also increases the transmission bandwidth.
2.4 Key allocation (IKE)
Before performing IPSec communication, you must first establish SA on both sides of the communication. Ike is used to dynamically establish SA (IPSec requires that SA be created manually to ensure protocol interoperability ). Ike is a hybrid protocol that follows the ISAKMP (Internet Security Association and key management protocol) framework, the Oakley mode, and the skeme (Secure Key Exchange mechanic) and key update technology, combined into their own Authentication Encryption material Generation Technology and negotiation sharing policy.
Ike uses the ISAKMP two-phase negotiation mechanism. In the first phase, each communication party establishes an authentication and security protection channel, that is, isakmp sa. In the second stage, the SA created in the first stage is used to negotiate specific security alliances for IPSec. In the first phase, Ike uses the main mode switch to provide identity protection. In the "Aggressive Mode", the number of responses is relatively small, and if the public key encryption algorithm is used, the "Aggressive Mode" can also provide identity protection. In the second stage, ike defines a fast mode exchange, creates a SA for communication through negotiation, and completes key exchange. One first stage can create multiple second stages, and one second stage can create multiple SAS. This optimization mechanism is applied, at least one switching and one Diffie hell-man (DH) power is reduced during each SA creation process. ISAKMP is a framework. The domain of interpretation (DOI) of IPSec is instantiated, And the mark naming and load interpretation are defined, ike is currently the only instance of ISAKMP.
2.5 encryption and authentication algorithms
High-strength encryption and authentication algorithms are the basis for IPSec to achieve security performance. IPSec requires that various encryption algorithms can be used. Both parties negotiate with each other beforehand, but all IPSec implementations must support des. Due to insufficient des strength and low efficiency of asymmetric algorithms, low-cost and high-strength algorithms such as 3DES and AES will become the trend of IPSec implementation.
IPSec uses HMAC as the authentication hash algorithm to calculate the icv of AH and ESP. When both parties use the same algorithm and key to hash the data content, the data packet is considered credible if the results are consistent. As long as both parties negotiate, the hash algorithm can also be arbitrary, IPSec defines the HMAC-SHA-1 (Secure Hash alogrithm version 1) and MHAC-MD5 (Message Digest version 5) as the default algorithm.

3. IPSec service content
Through the AH and ESP mechanisms, IPSec provides services such as content confidentiality, source address verification, data integrity verification, and anti-replay protection for IP-based network communication.
3.1 confidentiality Service
IPSec provides data confidentiality services to ensure that data is not intercepted by unauthorized users during transmission. It is provided by ESP and the algorithm uses the encrypted block Link (Cipher Block Chaining, CBC) [5] mode, this ensures that even if the information is eavesdropped during transmission, illegal users cannot learn the real content of the information.
3.2 source address verification and integrity service
The authentication data of AH and ESP are HMAC (hash-based message authentication code) calculated by the unidirectional hash function for fields that remain unchanged during packet source IP addresses and data content transmission ). HMAC is unique. Modifying the data content will make it unable to pass verification at the receiving end, thus ensuring that the source IP address and information content of the data will not be tampered with during the forwarding process.
3.3 Anti-replay Service
The ipsec ah and ESP headers define a serial number field, which is unique in a SA life cycle. The receiver uses the Sliding Window Technology to discard all replay packets, this further provides the IPsec anti-replay service.

4. IPSec Working Mode
IPsec can be used in either of the following ways: transmission mode or tunnel mode. Both AH and ESP can be used in this mode. Transmission Mode is usually used for peer-to-peer communication between hosts. This mode requires hosts to support IPSec. The tunnel mode is applied to the gateway mode, that is, loading IPsec on the gateway (firewall, router) of the host. The Gateway is upgraded to the security gateway (SG) [1] at the same time.
4.1 Transmission Mode
Transmission mode provides protection for upper-layer protocols. AH and/or ESP headers are inserted between IP headers and transport layer protocol headers. The packet structure 2 shows that ESP does not encrypt the IP Address Header in transmission mode, and the content of the source and destination IP addresses is visible, while ah authenticates the entire IP address header, integrity protection is stronger than ESP.
 
Figure 2 structure of transmission mode package

4.2 tunnel mode
In tunneling mode, the entire IP packet is encapsulated in a new IP packet, and an IPsec header (AH/ESP) is inserted between the new IP packet header and the original IP packet header ). Its structure 3 is shown in.

Figure 3 tunnel Baotou Structure

As shown in figure 3, if ESP is applied in tunneling mode, the original IP address header is encrypted and the real source and destination IP addresses are hidden, the source and destination IP addresses specified in the new IP header are generally the addresses of the Source and Destination security gateways.

5 IPSec implementation
The IPSec protocol document provides three specific implementation solutions: implement and deploy IPSec in the host, router/firewall (create a security gateway), or both, no matter how it is implemented, it is transparent to upper-layer protocols and applications.
① Integrated with the operating system (OS. IPSec is implemented as part of the network layer. In this way, you need to access the IP source code and use the services at the IP layer to build an IP header.
② Bits method. "(Bump-in-the-stack, BITs) [1] In the stack to modify the communication protocol stack and insert IPSec between the IP protocol stack and the link layer. The IP Source Code does not need to be processed. It is applicable to the upgrade and transformation of the original system and is usually used in the host mode.
③ Bitw mode. The block (bump-in-the-wire, bitw) [1] In the cable is implemented. IPSec is used as a plug-in and implemented in a device directly connected to a router or host. When it is used to support a host, it is very similar to the bits implementation. However, when it supports routers or firewalls, it must act as a security gateway.

6 conclusion
IPSec defines a set of standard protocols for authentication, protection of confidentiality and integrity. It provides a transparent end-to-end security channel for upper-layer protocols, so that you do not need to modify the application or upper-layer protocols with the application. It supports a series of encryption and hash algorithms with good scalability and interoperability. However, IPSec also has some disadvantages. For example, public keys are required for implementation in the Client/Server mode. IPSec requires IP addresses of a known range or a fixed range. Therefore, it is not suitable for IPSec when IP addresses are dynamically allocated.

References:
[1] Kent S, athinson R. security architecture for the Internet Protocol [J]. RFC 2401,199 8.11
[2] Kent S, athinson R. IP authentication for the Internet Protocol [J]. rfc2402.1998.11
[3] Kent S, athinson R. IP Encapsulating Security Payload [J]. rfc2406.1998.11.
[4] Harkins R, Carrell D. The Internet Key Exchange [J]. rfc2409.1998.11
[5] Pereira R, Adams R. The ESP cbc2mode cipher algorithms [J]. RFC 2451.1998.11