|
|
|
|
A collection of protocols used to create VPNs |
|
A network layer security protocol providing
cryptographic security services
that can support various combinations of authentication, integrity,
access control, and confidentiality |
|
Allows creation of an encrypted tunnel between
two private networks |
|
Supports authentication of the two ends of the
tunnel |
|
Cannot directly encrypt non-IP traffic |
|
Can encrypt GRE tunnel containing non-IP data |
|
Comprises of IKE, ESP, and AH |
|
|
|
|
|
LAN-to-LAN or site-to-site |
|
Used to connect two private networks to form one
combined virtual private network |
|
Remote-access client IPsec |
|
Used to allow road warriors to be part of the
trusted network |
|
|
|
|
|
|
|
|
|
Internet Key Exchange (IKE) protocol |
|
For negotiating security parameters and
establishing authenticated keys |
|
Uses UDP port 500 for ISAKMP |
|
Encapsulating Security Payload (ESP) protocol |
|
For encrypting, authenticating, and securing
data |
|
IP protocol 50 |
|
Authentication Header (AH) protocol |
|
For authenticating and securing data |
|
IP protocol 51 |
|
|
|
|
Negotiates
IPsec tunnel characteristics
between two IPsec peers |
|
Negotiates IPsec protocol parameters |
|
Exchanges public keys |
|
Authenticates both sides |
|
Manages keys after the exchange |
|
Automates entire key-exchange process |
|
|
|
|
|
Identify interesting traffic by an IPsec peer
that has been configured to initiate an IPsec session for this traffic |
|
IPsec peers negotiate a secure authenticated
communication channel using main mode or aggressive mode negotiation, resulting in creation of an IKE Security
Association (SA) between the two IPsec peers (IKE phase I) |
|
Create two IPsec SAs between the two IPsec peers
via IKE quick mode negotiation (IKE phase II) |
|
Send data over encrypted tunnel using ESP and/or
AH encapsulation |
|
|
|
|
|
Agreeing on a set of parameters that are to be
used to authenticate the two peers |
|
Agreeing on parameters used to encrypt a portion
of the main mode and all of the quick mode messages |
|
None of the aggressive mode messages are
encrypted |
|
Authenticate the two peers to each other |
|
Generate keys used to generate keying material
for subsequent encryption of data |
|
All of the parameters negotiated and the keys
used to generate keys for encryption are stored as IKE or ISAKMP security
association (SA) |
|
|
|
|
Main mode using preshared key authentication
followed by quick mode negotiation |
|
Main mode using digital signature authentication
followed by quick mode negotiation |
|
Aggressive
mode using preshared key authentication followed by quick mode
negotiation |
|
Main mode using nonces authentication followed
by quick mode negotiation |
|
Aggressive
mode using digital signature authentication followed by quick mode
negotiation |
|
|
|
|
To have two peers agree on a set of attributes
for creating the IPsec security associations that could be used by ESP to
encrypt the data |
|
To redo Diffie-Hellman (DH) exchange so that new
keying material can be used to generate IPsec encryption keys |
|
|
|
|
|
|
Used in IKE by two peers to generate a shared DH
secret and to generate keying material for later use |
|
DH secret also used with preshared secret to
authenticate two peers to each other |
|
|
|
|
|
|
There exists Xa such that Xa
= ga mod p where g is the generator, p is a large prime number,
and a is a private secret known only to the initiator |
|
There exists Xb such that Xb
= gb mod p where g is the generator, p is a large prime number,
and b is a private secret known only to the responder |
|
Initiator and responder can generate a shared
secret known only to the two of them by exchanging the values Xa
and Xb with each other |
|
Initiator secret = (Xb)a
mod p = (Xa)b mod p = responder secret = gab |
|
|
|
|
|
|
|
|
|
|
IKE SA established |
|
Main mode using preshared key authentication
completed |
|
Quick mode will be used to negotiate parameters
of IPsec SA |
|
|
|
|
|
|
Negotiate parameters of IPsec SA |
|
Perfect Forward Secrecy (PFS) may be used by
initiator to request that a new DH secret be generated over an encrypted
channel |
|
New nonces generated: Ni` and Nr` |
|
New DH public values: |
|
Xa`=ga mod p |
|
Xb`=gb mod p |
|
|
|
|
|
|
|
|
|
Both peers generate new DH shared secret = (Xb`)a
mod p = (Xa`)b
mod p |
|
Both peers generate shared session keys for
incoming and outgoing IPsec SAs based on SKEYID_d, new DH shared secret,
SPI, and Ni` and Nr` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Preshared keys |
|
Digital signatures |
|
Encrypted nonces |
|
|
|
|
|
|
|
|
|
Data Encryption Standard (DES) |
|
Triple DES (3DES) |
|
|
|
|
|
|
|
|
|
Transport mode |
|
Tunnel mode |
|
|
|
|
|
|
|
|
|
|
|
|
|
|