Toshiba Research and Development Center
IPsec performs security functions of encryption and non-repudiation protection on IP layer. IPsec standard itself supports both IPv4 and IPv6, but in IPv6, IPsec is defined as a mandatory feature.
In IPv4, widely-used NATs rewrite IP headers, which inherently makes IPsec non-repudiation feature useless. But IPv6 expands address space, making NAT unnecessary. IPv6 is expected to increase the use of IPsec in terminal-to-terminal communications. This article explains IPsec, especially its use in IPv6.
IPsec architecture
IPsec architecture is defined in RFC2401. IPsec is realized through the following components:
- AH and ESP security protocols
- Two modes of operation: tunnel mode and transport mode
- Security Policy Database (SPD) for managing security policy (SP) and selector that correlates SP with actual data traffic.
- Security Association Database (SAD) for containing Security Association (SA), parameters necessary for expressing IPsec connections and applying IPsec.
- Key exchange protocols
Security Protocols
IPsec defines two security protocols: AH and ESP. Both AH and ESP are defined as IPv6 extension headers. Both or either of them is used in applying IPsec to data packets. Figure 1 shows the positions of AH and ESP headers in IPv6 extension header.
|
AH (Authentication Header)
AH is provided for integrity for data packets. It uses authentication algorithm and key agreed by sender and receiver to compute Integrity Check Value (ICV) on entire IP packets1 [0] and add the result as authentication data. Receiver can compute the ICV of received packets to check their integrity, thereby avoiding repudiation. AH format is shown in Figure 2.
Authentication algorithm used is not limited to one. It can be one of several options agreed on beforehand with communication partners. At present, HMAC-MD5 and HMAC-SHA1 are the most widely used. AH doesn't provide encryption, so it doesn't offer data confidentiality.
|
||||||||||||
Security Parameter Index (SPI) is the value agreed on by sender and receiver to identify SA
2 [0], 3DES-CBC and AES-CBC are the most widely used.
[0]Figure 3 ESP format
[0]Figure 4 Tunnel mode
[0]Figure 5 Transport mode
Security Policy (SP)
Security Policy is a rule that defines application of the following actions to which types of packets in IPsec:
- discard _ discard packets
- bypass - no IPsec processing
- apply _ apply IPsec
How SP, SPD, and Selector are employed is up to each IPsec system, as it causes no interoperability issue.
Security Association (SA)
Security Association (SA) shows secure connection controlled under the same IPsec rules (SPs). SA is directional: transmission and reception with the same opponent are treated as separate SA. Each SA is uniquely identified by three parameters of SPI, sender address, and security protocol. SA is registered in Security Association Database (SAD).
How SA and SAD are employed is up to each IPsec system, as it causes no interoperability issue.
IPsec transmission process
Transmission
When transmitted packets are judged by Selector to match SP in SPD, SA that corresponds to this SP is searched in SAD. Then, actual IPsec processing (such as encryption) is performed based on SA parameters for transmission (Figure 6).
[0]Figure 6 IPsec transmission process
Receipt
When received packet has no IPsec headers (AH or ESP), the receiver searches SPD to check relevant SP (for rejecting packets classified for discard). When received packet has IPsec headers (AH or ESP), SPI, sender address and security protocol information is used to search SAD. The receiver obtains SA to conduct decryption, integrity check and other actions, followed by the check with SP obtained by the search in SAD (Figure 7).
In PART2, I will explain IKE, a protocol for exchange of encryption/authentication keys with communication opponents, as well as IPsec revisions being discussed in IETF.
[0]Figure 7 IPsec reception process
この記事のトラックバックURL
http://www.ipv6style.jp/trackback/523