1 / 20

IPsec – IKE

IPsec – IKE. CSE 548 Advanced Computer Network Security Instructor: Dijiang Huang. Green circle : Security is retained inspite of the mounted attacks Red circle : Security threats are realized by successful attacks Attacker tries to adversely affect the information flow:.

louis
Télécharger la présentation

IPsec – IKE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPsec – IKE CSE 548 Advanced Computer Network Security Instructor: Dijiang Huang IPsec – IKE

  2. Green circle: Security is retained inspite of the mounted attacks Red circle: Security threats are realized by successful attacks Attacker tries to adversely affect the information flow: A basic model for network security concepts constructed Helps to form a general view of the related concepts and their relations Network security concepts 1(2)

  3. Network security concepts 2(2) Cryptographic methods are the building blocks of IPSec and IKE • Secret and Public key encryption • Provides confidentiality • Digital signature and hash functions, MAC (Message Authentication Code) • Provides integrity • Random numbers • Add unpredictability to cryptographic algorithms and protocols • Used for example for creating keys, nonces and cookies • Diffie-Hellman key exchange protocol • Two parties agree over an insecure channel on a shared secret • Shared secret is used to protect the following traffic

  4. Encapsulated Security Payload (ESP) • Must encrypt and/or authenticate in each packet • Encryption occurs before authentication • Authentication is applied to data in the IPSec header as well as the data contained as payload

  5. Orig IP Hdr Orig IP Hdr ESP Auth IPSec Encapsulating Security Payload (ESP) in Transport Mode TCP Hdr Data Insert Append Data ESP Hdr TCP Hdr ESP Trailer Usually encrypted integrity hash coverage SecParamIndex Seq# InitVector Keyed Hash Padding PadLength NextHdr 22-36 bytes total ESP is IP protocol 50

  6. Orig IP Hdr TCP Hdr Data ESP Auth Data IPHdr ESP Hdr IP Hdr TCP Hdr IPSec ESP Tunnel Mode ESP Trailer Usually encrypted integrity hash coverage New IP header with source & destination IP address

  7. Authentication Header (AH) • Authentication is applied to the entire packet, with the mutable fields in the IP header zeroed out • If both ESP and AH are applied to a packet, AH follows ESP

  8. Orig IP Hdr AH Hdr IPSec Authentication Header (AH)in Transport Mode Orig IP Hdr TCP Hdr Data Insert TCP Hdr Data Integrity hash coverage (except for mutable fields in IP hdr) Next Hdr Payload Len Rsrv SecParamIndex Seq# Keyed Hash AH is IP protocol 51 24 bytes total

  9. Orig IP Hdr Orig IP Hdr TCP Hdr TCP Hdr Data Data IPSec AH Tunnel Mode IP Hdr AH Hdr Integrity hash coverage (except for mutable new IP hdr fields) New IP header with source & destination IP address

  10. History of IKE • Early contenders: • Photuris: Authenticated DH with cookies & identity hiding • SKIP: Auth. DH with long-term exponents • ISAKMP: • A protocol specifying only payload formats & exchanges (i.e., an empty protocol) • Adopted by the IPsec working group • Oakley: Modified Photuris; can work with ISAKMP • IKE: A particular Oakley-ISAKMP combination IPsec – IKE

  11. IPsec and IKE protocols 1(2) Internal structure of IPsec protocol suite AH = Authentication Header API = Application Programming Interface DOI = Domain of Interpretation ESP = Encapsulated Security Payload ISAKMP = Internet Security Association and Key Management Protocol Oakley = Key Exchange Protocol SA = Security Association SAD = Security Association Database SKEME = Secure Key Exchange Mechanism SPD = Security Policy Database

  12. IKE SA and IPsec SA establisment Main mode : IPsec and IKE protocols 2(2) Aggressive mode: HDR = ISAKMP Header, HDR* = Payloads are encrypted SA = Security Association payload KE = Key Exchange payload (Diffie-Hellman public value) Ni, Nr = Nonce payload (of Initiator, Responder) IDii, Idir = Identification payload HASH_I, HASH_R = Hash payload (of Initiator, Responder)

  13. Photuris CA CA: Alice’s cookie; for connection ID CB: Bob’s cookie; against DoS CA,CB, crypto offered CA,CB, ga mod p, crypto selected Alice Bob CA,CB, gb mod p (K = gab mod p) CA,CB, K{“Alice”, signature on previous messages} CA,CB, K{“Bob”, signature on previous messages} IPsec – IKE

  14. IKE/ISAKMP Phases Phase 1: • does authenticated DH, establishes session key & “ISAKMP SA” • two possible modes: Main & Aggressive • two keys are derived from the session key:SKEYID_e: to encrypt Phase 2 messagesSKEYID_a: to authenticate Phase 2 messages Phase 2: • IPsec SA & session key established; messages encrypted & authenticated with Phase 1 keys • Additional DH exchange is optional for perfect forward secrecy (PFS). IPsec – IKE

  15. Phase 1 Exchange Two possible modes: • Main mode: 6 rounds; provides identity hiding • Aggressive mode: 3 rounds Types of authentication: • MAC with pre-shared secret key • digital signatures IPsec – IKE

  16. Phase 1: Main Mode • Main mode negotiates an ISAKMP SA which will be used to create IPSec SAs • Three steps • SA negotiation • Diffie-Hellman and nonce exchange • Authentication

  17. Phase 1 – Main Mode (generic) crypto offered crypto selected ga mod p Alice Bob gb mod p (K = gab mod p) K{“Alice”, proof I’m Alice} K{“Bob”, proof I’m Bob} IPsec – IKE

  18. Phase 1 – Aggressive Mode (generic) ga mod p, “Alice”, crypto offered gb mod p, crypto selected, proof I’m Bob Alice Bob proof I’m Alice IPsec – IKE

  19. Phase 2: Quick Mode • All traffic is encrypted using the ISAKMP Security Association • Each quick mode negotiation results in two IPSec Security Associations (one inbound, one outbound)

  20. Phase 2(Quick Mode) • X: pair of cookies generated in Phase 1 • Y: session identifier • traffic: IPsec traffic selector (optional) Phase1 SA X, Y, CP, SPIA, nonceA, [traffic], [ga mod p] Alice Bob X, Y, CPA, SPIB, nonceB, [traffic], [gb mod p] X, Y, ack IPsec – IKE

More Related