Quick Guide to IPsec

Notions

IKE = management of encryption keys

Secure connections are achieved at different levels of the ISO model: 7/Application (eg. S/MIME), 4/Transport (TLS/SSL, SSH), 2/Data Link (IPsec), or 1/Physical (dedicated devices).

IPsec relies on two protocols:

• AH (Authentication Header): Only provides integrity and authentication; Adds an extra field in the IP datagram to check data integrity
• ESP (Encapsulating Security Payload): Although ESP can also authentication, its primary goal is to provide encryption; Generate a new IP datagram which encapsulates an encrypted datagram (either just the data part, or also the header)

Those two protocols can be used alone or combined depending on the requirements.

A connection is secured in one direction through a Security Association (SA). To secure a connection in both directions, two SA's are required. An SA is a data structure used by both ends of the communication to agree on which security settings to use (encryption algos, keys, etc.) If both AH and ESP are used, they both require an SA to work (SA bundle). An SA is uniquely indentified through a triplet generated using three informations: destination address of packets + identifier of the security protocol used (AH or ESP) + Security Parameter Index (SPI, a 32-bit block written in clear text in the header section of all packets and chosen by the the target host).

Active SA's are handled through a Security Association Database (SAD) to record all necessary information before transmitting or receiving packets.

Key handling is not protocol-specific as this part is handled through SA's. SA's, including transmission of encryption keys, are usually set up dynamically. Keys are transmitted out of band through eg. UDP or TCP so as to make key management independent from other security mechanisms.

SA negotiation is achieved through ISAKMP (Internet Security Association and Key Management Protocol), which is a generic mechanism to use other key management schemes. When used with protocols SKEME and Oakley, ISAKMP is known as IKE (Internet Key Exchange.)

Each packet can be transmited using a different seuciry policy based on a Security Policy Database (SPD), where a packet can be sent using additional security services, as-is, or be rejected. Informations are extracted from headers, either IP or transport layers.

Before sending a packet, IPsec queries the SPD to check if security mechanisms must be used. If that is the case, IPsec reads SA informations from the SAD, and either uses IKE to create a new SA, or uses one that is already running. IPsec reads the headers of incoming packets to check if they hold IPsec information, in which case it reads the SAD for the corresponding SA to know how to verify and/or decrypt packets. Finally, it checks the SPD to make sure that the SA that was applied does match the security policy.

All IPsec security mechanisms provide two modes: transport (only the data part of the datagram are protected) and tunnel (the IP header is also protected). The former is used when connecting with an end-point equipment, eg. PC client, to make sure that the packet is correctly handled at the receiving end (which can't be guaranteed if packets go through multiple equipments before reaching their destination.)

Resources

• ISO/OSI Network Model
• IPsec: a technical overview