Course: CS125
Name: Daniel Meredith
Due Date: 02/09/00
Submit Date: 02/09/00
Abstract Title: IP Encapsulating Security Payload
Journal Ref: IETF RFC2406
The IETF specification for IPsec is broken down into many different documents
which explain different sections of the new protocol. Two of the main protocols
which will secure IPsec are the IP Authentication Header (AH) and the IP
Encapsulating Security Payload (ESP) header. I summarized the overall layout of
IPsec for IPv4 and IPv6 in my last abstract. Now I will begin looking deeper
into the specification.
ESP is used to "provide confidentiality, data origin authentication,
connection-less integrity, an anti-replay service ... and limited traffic flow
confidentiality." In short, it is another method of protecting the data payload
of a packet from wrongful interception and tampering. At the time of
establishing a Security Association (see last abstract) a set of security
services in determined and then used on every packet transmitted during that
Security Association. Among other services that may be implemented during a
Security Association, confidentiality or authentication must be implemented.
This brings us to my first observation about the ESP header. In the packet
diagram included in the RFC the packet is laid out byte by byte. The ratio of
space for security to space for data is ridiculous. The more security we add to
every packet on the net, the less space is available for the data we are trying
to protect in the first place. ESP does just what it's name says. It wraps a
packet, TCP or other, with another header and then encrypts the original
packet.
ESP is a changing algorithm. By that I mean that the exact keys and services
used vary for every different Security Association. The ESP header includes a
32 bit value called a "Security Parameters Index" or (SPI). This value varies
from 1 to 255 and specifies the identity of which Security Association should
be used for the datagram that contains it. The SPI of 0 is reserved for local
protocol use only. Also in the ESP header is a sequence number. This is a 32
bit field that not only sets the packet order for re-assembly, but sets the
time limit for a Security Association. Once the 2^32nd packet has been sent in
a Security Association, the SA must end and a new association begun. This
means that an entirely new set of encryption keys must be generated and
services negotiated. Thus in a very large transfer, multiple SA's will be used,
making it even harder to tamper with transmissions.
The main security provided by ESP is that it completely encrypts the original
data packet. This is all well and good, but in order for most encryption
algorithms to work at an efficient level the data must be in sections that are
multiples of 4 bytes. Thus the ESP header has made allowances for this in the
form of padding at the end of the packet. The padding can be as large as 255
bytes. This is another area where the packet size continues to bloat. The
padding for encryption is optional, but all implementations of ESP must support
the generation and consumption of padding in order to be considered compliant.
The ESP header includes other multi-bit fields for extra headers,
authentication data and other various packet information. After all of the
headers comes the payload. The payload is the original packet "encapsulated"
by the ESP protocol headers and then encrypted using one of the approved
algorithms. The construction of the packet is quite simple:
- The packet is encapsulated.
- Padding is then added to allow for proper encryption.
- The payload is then encrypted.
I should note here that the whole original datagram is only encrypted if tunnel
mode was selected in the services negotiation of the Security Association.
Otherwise only the upper layer protocol information is encrypted. This is
referred to as transport mode.
The order in which the steps are performed is quite important. Currently with
the authentication being performed before the encryption the detection of
replay (spoofed) or bogus packets is facilitated. In light of the recent
denial of service attacks on sites such as Yahoo!, eBay and Amazon, this
feature would reduce the impact of such attacks to almost nothing. This is due
to the fact that a packet with an impossible address or origin will never make
it passed a gateway using ESP encryption on the out bound traffic or into a
subnet using a similar gateway.
Packets that do not conform to the ESP format are discarded at any point en
route where they are checked, not just at the origin gateway and destination
gateway. Packets can be dropped for many reasons including:
- Duplication
- Improper Security Association Identification field
- Erroneous encryption pad length
- General packet corruption
Overall, ESP adds many feature to help protect transmission of data via the
public internet. Protocols such as IPsec help not only protect the data they
encrypt, but the rights of those sending the data. With government asking for
more power to use electronic surveillance on the internet, protocols that make
it harder to intercept data protect the privacy of the individual. One of the
great powers of the internet is not only the sharing of information, but the
ability to have anonymous free speech, and without anonymity there is no
guarantee of protection from oppression of ideas. Let us never lose sight of
that fact.