Document Sample
IKE Powered By Docstoc
					       IPsec – IKE

             CSE 548
Advanced Computer Network Security
     Instructor: Dijiang Huang

             IPsec – IKE             1
                 Network security concepts 1(2)
• A basic model for network                                                                                     • Green circle: Security is
  security concepts constructed                                                                                   retained inspite of the
• Helps to form a general view of                                                                                 mounted attacks
  the related concepts and their                                                                                • Red circle: Security threats
  relations                                                                                                       are realized by successful
   Attacker's intentions to
   adversely affect the
   information flow of the network:                                         Consist of:
   - Interception                                                           - Confidentiality
   - Fabrication                                                            - Authentication
   - Modification                                                           - Integrity and non-repudiation
   - Interruption
                                      Security threats threaten
                                         security services
                                                                            - Availability
                                                                                                                   Attacker tries to adversely
         Security threats
                                                    Security services
                                                                                 Security services                 affect the information flow:
                                                  defeat security threats
                 Security threats are                                                     Security services                                       channel
               carried out by mounting                                                   make use of security
                   security attacks                                                         mechanisms
                                                                                                                                          Source          Destination
   Successful security                                              Security mechanisms
     attacks realize                                               ensure security services                                               (a) Normal information flow
    security threats                   Security attacks try to
                                      exploit vulnerabilities in
                                       security mechanisms
         Security attacks                                                     Security mechanisms

   Attacker's actions to                   Security mechanisms try to
   penetrate the system:                   detect and prevent security Consist of:                                     (b) Interruption                          (c) Interception
   - Passive attacks                      attacks, or recover from them - Security protocols
                                                                        - Cryptographic algorithms and
     - Disclosure of information
     - Traffic analysis
                                                                        - Processes and practices
   - Active attacks
     - Masquerade
     - Replay
     - Modification of messages
     - Denial of service                                                                                               (d) Modification                          (e) Fabrication
       Network security concepts 2(2)
Cryptographic methods are the building blocks of IPSec and IKE
• Secret and Public key encryption
    – Provides confidentiality
• Digital signature and hash functions, MAC (Message Authentication
    – Provides integrity
• Random numbers
    – Add unpredictability to cryptographic algorithms and protocols
    – Used for example for creating keys, nonces and cookies
• Diffie-Hellman key exchange protocol
    – Two parties agree over an insecure channel on a shared secret
    – Shared secret is used to protect the following traffic
 Encapsulated Security Payload (ESP)
• Must encrypt and/or authenticate in each packet
• Encryption occurs before authentication
• Authentication is applied to data in the IPSec
  header as well as the data contained as payload
   IPSec Encapsulating Security Payload
         (ESP) in Transport Mode

                  Orig IP Hdr         TCP Hdr            Data

                        Insert                                    Append

Orig IP Hdr   ESP Hdr        TCP Hdr              Data       ESP Trailer     ESP Auth

                                      Usually encrypted

                                           integrity hash coverage

  SecParamIndex          Seq#       InitVector                             Keyed Hash

  22-36 bytes total              Padding         PadLength      NextHdr
ESP is IP protocol 50
                 IPSec ESP Tunnel Mode

                   Orig IP Hdr     TCP Hdr            Data

IPHdr    ESP Hdr     IP Hdr      TCP Hdr       Data     ESP Trailer   ESP Auth

                                   Usually encrypted

                                     integrity hash coverage

  New IP header with source & destination IP
       Authentication Header (AH)
• Authentication is applied to the entire packet,
  with the mutable fields in the IP header zeroed
• If both ESP and AH are applied to a packet, AH
  follows ESP
    IPSec Authentication Header (AH)
           in Transport Mode
            Orig IP Hdr      TCP Hdr                Data

   Orig IP Hdr        AH Hdr              TCP Hdr          Data

             Integrity hash coverage (except for mutable fields in IP hdr)

Next Hdr      Payload Len          Rsrv    SecParamIndex       Seq#   Keyed Hash

           AH is IP protocol 51                     24 bytes total
              IPSec AH Tunnel Mode

         Orig IP Hdr      TCP Hdr        Data

IP Hdr     AH Hdr      Orig IP Hdr    TCP Hdr          Data

           Integrity hash coverage (except for mutable new IP hdr fields)

New IP header with source &
destination IP address
                  History of IKE
• Early contenders:
  – Photuris: Authenticated DH with cookies & identity
  – SKIP: Auth. DH with long-term exponents
  – A protocol specifying only payload formats & exchanges
    (i.e., an empty protocol)
  – Adopted by the IPsec working group
• Oakley: Modified Photuris; can work with ISAKMP
• IKE: A particular Oakley-ISAKMP combination

                         IPsec – IKE                     10
              IPsec and IKE protocols 1(2)
Internal structure of IPsec protocol suite
                                                                  Error logs
                                                                  to system
AH = Authentication Header               System Manager
                                                                   audit file
                                                                                       ISAKMP     DOI     Application
API = Application Programming Interface   Configures
                                        IPsec policies                                 Oakley,SKEME
DOI = Domain of Interpretation
                                                                Negotiates, modifies                      Application
ESP = Encapsulated Security Payload                              and deletes SAs                           Protocol

ISAKMP = Internet Security Association                   SAD

          and Key Management Protocol
                                                 Points to               API
Oakley = Key Exchange Protocol                                                                  Socket layer
SA = Security Association                                             Asks for
                                                                    SA creation        Transport Protocol (TCP/UDP)
SAD = Security Association Database                              Security Protocol
                                              SPD                                                   IP
SKEME = Secure Key Exchange Mechanism                   Consults     AH, ESP
                                                                                            Link Layer Protocol
SPD = Security Policy Database
                   IPsec and IKE protocols 2(2)
                                                                     Main mode :
   IKE SA and IPsec SA                                                      Initiator
                                                                                                           message nr

      establisment                                                                 HDR, SA
                                                                                                                                  HDR, SA
                                                                                   HDR, KE, Ni
                  Phase 1 negotiation                                                                            3
            (Main mode or Aggressive mode)                                                                                     HDR, KE, Nr
                  establishes IKE SA                                                    HDR*, IDii, HASH_I
                   Phase 2 negotiation                                                                               HDR*, IDir, HASH_R
Initiator             (Quick mode)                 Responder                                                     6
                  establishes IPsec SAs
                                                                      Aggressive mode:
                                                                              Initiator                                                   Responder
                                                                                                             message nr
 UDP            IPsec (AH/ESP) protected IP          UDP
                                                                                         HDR, SA, KE, Ni, IDii
              IPsec        traffic        IPsec                                                                1
   IP                                                 IP                                                 HDR, SA, KE, Nr, IDir, HASH_R
            (AH/ESP)                    (AH/ESP)
                                                                                         HDR, HASH_I

                                                               HDR = ISAKMP Header,
                                                               HDR* = Payloads are encrypted

                                                               SA = Security Association payload
                                                               KE = Key Exchange payload (Diffie-Hellman public value)
                                                               Ni, Nr = Nonce payload (of Initiator, Responder)
                                                               IDii, Idir = Identification payload
                                                               HASH_I, HASH_R = Hash payload (of Initiator, Responder)

                        CA,CB, crypto offered

                   CA,CB, ga mod p, crypto selected

                            CA,CB, gb mod p
                             (K = gab mod p)
           CA,CB, K{“Alice”, signature on previous messages}

           CA,CB, K{“Bob”, signature on previous messages}

CA: Alice’s cookie; for connection ID
CB: Bob’s cookie; against DoS

                                IPsec – IKE                          13
            IKE/ISAKMP Phases
Phase 1:
  – does authenticated DH, establishes session key &
  – two possible modes: Main & Aggressive
  – two keys are derived from the session key:
    SKEYID_e: to encrypt Phase 2 messages
    SKEYID_a: to authenticate Phase 2 messages
Phase 2:
  – IPsec SA & session key established; messages
    encrypted & authenticated with Phase 1 keys
  – Additional DH exchange is optional for perfect
    forward secrecy (PFS).
                        IPsec – IKE                    14
                 Phase 1 Exchange

Two possible modes:
   – Main mode: 6 rounds; provides identity hiding
   – Aggressive mode: 3 rounds

Types of authentication:
   – MAC with pre-shared secret key
   – digital signatures

                              IPsec – IKE            15
            Phase 1: Main Mode
• Main mode negotiates an ISAKMP SA which will
  be used to create IPSec SAs
• Three steps
  – SA negotiation
  – Diffie-Hellman and nonce exchange
  – Authentication
Phase 1 – Main Mode (generic)

              crypto offered

             crypto selected

                 ga mod p

                 gb mod p
              (K = gab mod p)
         K{“Alice”, proof I’m Alice}

          K{“Bob”, proof I’m Bob}

                 IPsec – IKE                 17
Phase 1 – Aggressive Mode (generic)

              ga mod p, “Alice”, crypto offered

          gb mod p, crypto selected, proof I’m Bob

                      proof I’m Alice

                          IPsec – IKE                      18
           Phase 2: Quick Mode
• All traffic is encrypted using the ISAKMP
  Security Association
• Each quick mode negotiation results in two
  IPSec Security Associations (one inbound, one
                       Phase 2
                     (Quick Mode)
                              Phase1 SA

             X, Y, CP, SPIA, nonceA, [traffic], [ga mod p]

             X, Y, CPA, SPIB, nonceB, [traffic], [gb mod p]

                               X, Y, ack

• X: pair of cookies generated in Phase 1
• Y: session identifier
• traffic: IPsec traffic selector (optional)

                               IPsec – IKE                          20

Shared By: