Notes

Outline

Chapter 13 IPsec

IPsec (IP Security)


	A collection of protocols used to create VPNs
	A network layer security protocol providing cryptographic security services that can support various combinations of authentication, integrity, access control, and confidentiality
	Allows creation of an encrypted tunnel between two private networks
	Supports authentication of the two ends of the tunnel
	Cannot directly encrypt non-IP traffic
	Can encrypt GRE tunnel containing non-IP data
	Comprises of IKE, ESP, and AH

Types of IPsec VPNs


	LAN-to-LAN or site-to-site
		Used to connect two private networks to form one combined virtual private network
	Remote-access client IPsec
		Used to allow road warriors to be part of the trusted network

LAN-to-LAN and Site-to-Site IPsec

Remote-Access IPsec

IPsec Protocol Suite


	Internet Key Exchange (IKE) protocol
		For negotiating security parameters and establishing authenticated keys
		Uses UDP port 500 for ISAKMP
	Encapsulating Security Payload (ESP) protocol
		For encrypting, authenticating, and securing data
		IP protocol 50
	Authentication Header (AH) protocol
		For authenticating and securing data
		IP protocol 51

IKE’s Responsibilities
in IPsec Protocol


	Negotiates IPsec tunnel characteristics between two IPsec peers
	Negotiates IPsec protocol parameters
	Exchanges public keys
	Authenticates both sides
	Manages keys after the exchange
	Automates entire key-exchange process

Composition of IKE

IPsec Tunnel Creation
using IKE


	Identify interesting traffic by an IPsec peer that has been configured to initiate an IPsec session for this traffic
	IPsec peers negotiate a secure authenticated communication channel using main mode or aggressive mode negotiation, resulting in creation of an IKE Security Association (SA) between the two IPsec peers (IKE phase I)
	Create two IPsec SAs between the two IPsec peers via IKE quick mode negotiation (IKE phase II)
	Send data over encrypted tunnel using ESP and/or AH encapsulation

IKE Main Mode, Aggressive Mode, and Quick Mode

Goals of Main Mode and Aggressive Mode


	Agreeing on a set of parameters that are to be used to authenticate the two peers
	Agreeing on parameters used to encrypt a portion of the main mode and all of the quick mode messages
	None of the aggressive mode messages are encrypted
	Authenticate the two peers to each other
	Generate keys used to generate keying material for subsequent encryption of data
	All of the parameters negotiated and the keys used to generate keys for encryption are stored as IKE or ISAKMP security association (SA)

Types of Negotiations by IKE


	Main mode using preshared key authentication followed by quick mode negotiation
	Main mode using digital signature authentication followed by quick mode negotiation
	Aggressive mode using preshared key authentication followed by quick mode negotiation
	Main mode using nonces authentication followed by quick mode negotiation
	Aggressive mode using digital signature authentication followed by quick mode negotiation

Goals of Quick Mode


	To have two peers agree on a set of attributes for creating the IPsec security associations that could be used by ESP to encrypt the data
	To redo Diffie-Hellman (DH) exchange so that new keying material can be used to generate IPsec encryption keys

IKE Main Mode Message 1
using preshared key authentication

IKE Main Mode Message 2

Diffie-Hellman Algorithm


	Used in IKE by two peers to generate a shared DH secret and to generate keying material for later use
	DH secret also used with preshared secret to authenticate two peers to each other

Diffie-Hellman Algorithm (cont.)


	There exists X_a such that X_a = g^a mod p where g is the generator, p is a large prime number, and a is a private secret known only to the initiator
	There exists X_b such that X_b = g^b mod p where g is the generator, p is a large prime number, and b is a private secret known only to the responder
	Initiator and responder can generate a shared secret known only to the two of them by exchanging the values X_a and X_b with each other
	Initiator secret = (X_b)^a mod p = (X_a)^b mod p = responder secret = g^ab

IKE Main Mode Message 3

IKE Main Mode Message 4

Session Keys Generated by the Initiator

Session Keys Generated
by the Responder

IKE Main Mode Message 5

IKE Main Mode Message 6

Completion of IKE Phase I
(Main Mode) using Preshared Key


	IKE SA established
	Main mode using preshared key authentication completed
	Quick mode will be used to negotiate parameters of IPsec SA

IKE Phase 2 (Quick Mode)


	Negotiate parameters of IPsec SA
	Perfect Forward Secrecy (PFS) may be used by initiator to request that a new DH secret be generated over an encrypted channel
		New nonces generated: N_i` and N_r`
		New DH public values:
			X_a`=g^a mod p
			X_b`=g^b mod p

IKE Quick Mode Message 1

IKE and IPsec Lifetime Negotiation

IKE Quick Mode Message 2

Generation of IPsec
Keying Material


	Both peers generate new DH shared secret = (X_b`)^a mod p = (X_a`)^b mod p
	Both peers generate shared session keys for incoming and outgoing IPsec SAs based on SKEYID_d, new DH shared secret, SPI, and N_i` and N_r`

IKE Quick Mode Message 3

Main Mode Using
Digital Signature Authentication followed by Quick Mode Negotiation

Session Keys Generated
by the Initiator in Digital Signatures Method of Main Mode Negotiation

Session Keys Generated
by the Responder in Digital Signatures Method of Main Mode Negotiation

IKE Main Mode Message 5
(using Digital Signatures)

IKE Main Mode Message 6
(using Digital Signatures)

Aggressive Mode of IKE Phase 1
using Preshared Key Authentication

IKE Aggressive Mode Message 1

IKE Aggressive Mode Message 2

IKE Aggressive Mode Message 3

IKE Device Authentication Methods


	Preshared keys
	Digital signatures
	Encrypted nonces

Contents of a Digital Certificate

Using Digital Certificates

IKE Main Mode Using Encrypted Nonces

Encryption Methods in IPsec


	Data Encryption Standard (DES)
	Triple DES (3DES)

DES Encryption using
Cipher Block Chaining (CBC)

3DES Encryption

Integrity Checking Mechanism
in IPsec

Integrity Checking Using Hashes

Use of Hashes in ESP and AH

Packet Encapsulation in IPsec


	Transport mode
	Tunnel mode

Packet Format Using AH in Tunnel and Transport Modes

Packet Format Using ESP in Tunnel and Transport Modes

ESP Header Format

AH Header Format

IKE Enhancements for
Remote-Access Client IPsec

Extended Authentication and Mode Config in IKE

Negotiation of X-Auth During
IKE Negotiation

Start of X-Auth with Exchange of Attribute Payloads Using ISAKMP Messages

Completion of X-Auth with Exchange of Attribute Payloads Using ISAKMP Messages

Mode Configuration During
IKE Negotiation

Exchanging Attribute Payloads Between the Gateway and the IPsec Client

NAT Transparency

Tagging on a UDP Header to Traverse PAT