Notes
Outline
Chapter 13 IPsec
IPsec (IP Security)
A collection of protocols used to create VPNs
A network layer security protocol providing cryptographic security services  that can support various combinations of authentication, integrity, access control, and confidentiality
Allows creation of an encrypted tunnel between two private networks
Supports authentication of the two ends of the tunnel
Cannot directly encrypt non-IP traffic
Can encrypt GRE tunnel containing non-IP data
Comprises of IKE, ESP, and AH
Types of IPsec VPNs
LAN-to-LAN or site-to-site
Used to connect two private networks to form one combined virtual private network
Remote-access client IPsec
Used to allow road warriors to be part of the trusted network
LAN-to-LAN and Site-to-Site IPsec
Remote-Access IPsec
IPsec Protocol Suite
Internet Key Exchange (IKE) protocol
For negotiating security parameters and establishing authenticated keys
Uses UDP port 500 for ISAKMP
Encapsulating Security Payload (ESP) protocol
For encrypting, authenticating, and securing data
IP protocol 50
Authentication Header (AH) protocol
For authenticating and securing data
IP protocol 51
IKE’s Responsibilities
in IPsec Protocol
Negotiates  IPsec  tunnel characteristics between two IPsec peers
Negotiates IPsec protocol parameters
Exchanges public keys
Authenticates both sides
Manages keys after the exchange
Automates entire key-exchange process
Composition of IKE
IPsec  Tunnel Creation
using IKE
Identify interesting traffic by an IPsec peer that has been configured to initiate an IPsec session for this traffic
IPsec peers negotiate a secure authenticated communication channel using main mode or aggressive mode negotiation,  resulting in creation of an IKE Security Association (SA) between the two IPsec peers (IKE phase I)
Create two IPsec SAs between the two IPsec peers via IKE quick mode negotiation (IKE phase II)
Send data over encrypted tunnel using ESP and/or AH encapsulation
IKE Main Mode, Aggressive Mode, and Quick Mode
Goals of Main Mode and Aggressive Mode
Agreeing on a set of parameters that are to be used to authenticate the two peers
Agreeing on parameters used to encrypt a portion of the main mode and all of the quick mode messages
None of the aggressive mode messages are encrypted
Authenticate the two peers to each other
Generate keys used to generate keying material for subsequent encryption of data
All of the parameters negotiated and the keys used to generate keys for encryption are stored as IKE or ISAKMP security association (SA)
Types of Negotiations by IKE
Main mode using preshared key authentication followed by quick mode negotiation
Main mode using digital signature authentication followed by quick mode negotiation
Aggressive  mode using preshared key authentication followed by quick mode negotiation
Main mode using nonces authentication followed by quick mode negotiation
Aggressive  mode using digital signature authentication followed by quick mode negotiation
Goals of Quick Mode
To have two peers agree on a set of attributes for creating the IPsec security associations that could be used by ESP to encrypt the data
To redo Diffie-Hellman (DH) exchange so that new keying material can be used to generate IPsec encryption keys
IKE Main Mode Message 1
using preshared key authentication
IKE Main Mode Message 2
Diffie-Hellman Algorithm
Used in IKE by two peers to generate a shared DH secret and to generate keying material for later use
DH secret also used with preshared secret to authenticate two peers to each other
Diffie-Hellman Algorithm (cont.)
There exists Xa such that Xa = ga mod p where g is the generator, p is a large prime number, and a is a private secret known only to the initiator
There exists Xb such that Xb = gb mod p where g is the generator, p is a large prime number, and b is a private secret known only to the responder
Initiator and responder can generate a shared secret known only to the two of them by exchanging the values Xa and Xb with each other
Initiator secret = (Xb)a mod p = (Xa)b mod p = responder secret = gab
IKE Main Mode Message 3
IKE Main Mode Message 4
Session Keys Generated by the Initiator
Session Keys Generated
by the Responder
IKE Main Mode Message 5
IKE Main Mode Message 6
Completion of IKE Phase I
(Main Mode) using Preshared Key
IKE SA established
Main mode using preshared key authentication completed
Quick mode will be used to negotiate parameters of IPsec SA
IKE Phase 2 (Quick Mode)
Negotiate parameters of IPsec SA
Perfect Forward Secrecy (PFS) may be used by initiator to request that a new DH secret be generated over an encrypted channel
New nonces generated: Ni` and Nr`
New DH public values:
Xa`=ga mod p
Xb`=gb mod p
IKE Quick Mode Message 1
IKE and IPsec Lifetime Negotiation
IKE Quick Mode Message 2
Generation of IPsec
Keying Material
Both peers generate new DH shared secret = (Xb`)a mod p  = (Xa`)b mod p
Both peers generate shared session keys for incoming and outgoing IPsec SAs based on SKEYID_d, new DH shared secret, SPI, and Ni` and Nr`
IKE Quick Mode Message 3
Main Mode Using
Digital Signature Authentication followed by Quick Mode Negotiation
Session Keys Generated
by the Initiator  in Digital Signatures Method of Main Mode Negotiation
Session Keys Generated
by the Responder  in Digital Signatures Method of Main Mode Negotiation
IKE Main Mode Message 5
(using Digital Signatures)
IKE Main Mode Message 6
(using Digital Signatures)
Aggressive Mode of IKE Phase 1
using Preshared Key Authentication
IKE Aggressive Mode Message 1
IKE Aggressive Mode Message 2
IKE Aggressive Mode Message 3
IKE Device Authentication Methods
Preshared keys
Digital signatures
Encrypted nonces
Contents of a Digital Certificate
Using Digital Certificates
IKE Main Mode  Using Encrypted Nonces
Encryption Methods in IPsec
Data Encryption Standard (DES)
Triple DES (3DES)
DES Encryption using
Cipher Block Chaining (CBC)
3DES Encryption
Integrity Checking Mechanism
 in IPsec
Integrity Checking Using Hashes
Use of Hashes in ESP and AH
Packet Encapsulation in IPsec
Transport mode
Tunnel mode
Packet Format Using AH in Tunnel and Transport Modes
Packet Format Using ESP in Tunnel and Transport Modes
ESP Header Format
AH Header Format
IKE Enhancements for
Remote-Access Client IPsec
Extended Authentication and Mode Config in IKE
Negotiation of X-Auth During
IKE Negotiation
Start of X-Auth with Exchange of Attribute Payloads Using ISAKMP Messages
Completion of X-Auth with Exchange of Attribute Payloads Using ISAKMP Messages
Mode Configuration During
IKE Negotiation
Exchanging Attribute Payloads Between the Gateway and the IPsec Client
NAT Transparency
Tagging on a UDP Header to Traverse PAT