Ike tutorial
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

IKE Tutorial PowerPoint PPT Presentation


  • 105 Views
  • Uploaded on
  • Presentation posted in: General

IKE Tutorial. Agenda. Cryptography Basics IPSEC IKE IKE Hybrid Mode. Cryptography - Basics. Cryptography is used for Confidentiality Integrity Authentication (signature) 2 categories Symetric cryptography Asymetric cryptography. Symetric Cryptography.

Download Presentation

IKE Tutorial

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ike tutorial

IKE Tutorial


Agenda

Agenda

  • Cryptography Basics

  • IPSEC

  • IKE

  • IKE Hybrid Mode


Cryptography basics

Cryptography - Basics

  • Cryptography is used for

    • Confidentiality

    • Integrity

    • Authentication (signature)

  • 2 categories

    • Symetric cryptography

    • Asymetric cryptography


Symetric cryptography

Symetric Cryptography

  • Same Key is performing encryption and decryption

Hi Bob !

*  ^1

’’h’

Hi Bob !

BOB

ALICE


Symetric cryptography1

Symetric Cryptography

  • Symetric Encryption Algorythms :

    • DES, 3DES

    • RC2, RC4, RC5

    • IDEA

    • BlowFish

    • CAST

    • FWZ-1


Symetric cryptography2

Symetric Cryptography

  • Advantages :

    • Fast

    • Reliable (depends on the Key lenght)

  • Disadvantages

    • The Key must remain secret

    • Key Management

      • Large number of people / sites

      • Key changes


Asymetric cryptography

Asymetric Cryptography

  • 2 Keys

    • 1 Public

    • 1 Private

    • Both are linked together

  • Algorytms :

    • RSA (Rivest Shamir Adleman)

    • Diffie Helmann

Private key

Confidential

Public key

Published


Asymetric cryptography rsa

Receiver’s Private key

Sender’s Private key

Receiver’s Public key

Sender’s Public key

Asymetric Cryptography (RSA)

Confidentiality

Authentication

Encryption

Decryption

Encryption

Decryption


Asymetric cryptography1

*&^1)[email protected]

Hi Bob !

Hi Bob !

Bob’s

public key

Bob’s

private key

Asymetric Cryptography

  • Ex. : confidentiality with RSA

BOB

ALICE


Asymetric cryptography dh

DH private

key

Bob’s DH

public key

Alice’s DH

public key

Bob’s DH

public key

Alice’s DH

public key

DH private

key

DH Secret key

Asymetric Cryptography : DH

BOB

ALICE


Symetric cryptography3

Symetric Cryptography

  • Advantages :

    • No need to distribute Secret Keys

  • Disadvantages

    • Slow (100 to 1000 times slower than Symetric cryptography)


Agenda1

Agenda

  • Cryptography Basics

  • IPSEC

  • IKE

  • IKE Hybrid Mode


Ipsec

Encrypted

New IP

Header

Header

AH

Original

IP Header

New IP

Header

Header

ESP

Original

IP Header

Authentication / Integrity

Authentication / Integrity

IPSEC

  • Tunnel mode :

    • AH (ip protocol 33)

    • ESP (ip protocol 32)

AH

ESP


Agenda2

Agenda

  • Cryptography Basics

  • IPSEC

  • IKE

  • IKE Hybrid Mode


Ike tutorial1

IKE Tutorial

  • Before we begin, one necessary term. HMAC is an “authenticated” hash computation. It is a method to digitally sign data without using public key cryptography.

HMAC(key, data) = HASH(mix(key,data))


Ike tutorial2

IKE Tutorial

  • Basic concept in IKE: Security Association (SA).

  • An SA contains all information necessary for two entities to exchange secured messages.

  • Each SA has an identifier, sometimes called an SPI.

  • Example SA:

SPI: 12345

Encryption algorithm: DES

HMAC algorithm: MD5

Encryption key: 0x65f3dde…

HMAC key: 0xa3b443d9…

Expiry: 15:06:09 13Oct98


Ike tutorial3

IKE Tutorial

  • In IP security, there are two types of SAs:

    • IKE SA: used for securing key negotiations.

    • IPSEC SA: used for securing IP data.

  • When two IP entities wish to secure IP data between them, the following will occur:

    • Negotiate IKE SA.

    • Use IKE SA to negotiate IPSEC SA.

    • Use IPSEC SA to encrypt IP data.

  • The IKE SA is long term. It will typically be used to secure many IPSEC SA negotiations.


Ike tutorial4

IKE Tutorial

  • The negotiation of IKE SAs is called “Phase 1”.

    • Phase 1 is authenticated using either PKI, or pre-shared secrets.

    • There are two types of Phase 1 negotiations: “Main Mode” and “Aggressive Mode”.

    • Aggressive Mode is more efficient (shorter negotiation), but does not provide identity protection.

  • Negotiating IPSEC SAs is called “Phase 2”.

    • There is only one type of Phase 2 negotiation, called “Quick Mode”.


Ike tutorial phase 1 first message pair

IKE TutorialPhase 1: First Message Pair

  • Phase 1, Main Mode consists of three pairs of messages. Remember: goal is to establish an IKE SA.

  • First pair: negotiation of parameters for the IKE SA: algorithms, authentication type, expiry. Simplified example:

“We can do 3DES and SHA1,

or DES and MD5”

Alice

Bob

“Let’s do 3DES and SHA1”


Ike tutorial phase 1 second message pair

IKE TutorialPhase 1: Second Message Pair

  • Second pair: exchange of cryptographic data. Goal is to establish a shared secret between two entities:

  • Note: the DH key is used only for this exchange, and then thrown away.

“Here’s a DH public key, and

some random data”

Alice

Bob

“Here’s a DH public key, and

some random data”

Alice and Bob both compute a shared secret which

is a function of the DH keys and the random data.


Ike tutorial phase 1

IKE TutorialPhase 1

  • Some notes before the third pair of messages:

    • Alice and Bob now have a shared secret, and they can use it to encrypt the third pair of messages.

    • First and second pairs do not provide any authentication. Alice and Bob could be masquerading, or Eve could be attacking using the “man-in-the-middle” technique.

    • Furthermore, Alice and Bob do not know who they are negotiating with. All they know is an IP address from which the messages are arriving.


Ike tutorial phase 1 third message pair

IKE TutorialPhase 1: Third Message Pair

  • Third pair of messages is encrypted. The goal is to exchange identities, prove the identities, and retroactively authenticate all the previous messages. The authentication can be based on either pre-shared secrets, or on PKI. Example:

Alice

I’m [email protected] Here’s an HMAC over

all the data we exchanged, using our pre-shared secret.

Bob

I’m 204.53.10.4. Here’s an HMAC over all the

data we exchanged, using our pre-shared secret.


Ike tutorial phase 11

IKE TutorialPhase 1

  • Some remarks:

    • How does this work with PKI? Addressed in PKI presentation.

    • Identity types include X.500 Distinguished Names, E-mail addresses, IP addresses and more.

    • Result of negotiation is a single, bi-directional IKE SA.

    • Authentication with pre-shared secrets allows dictionary attacks on the pre-shared secret.


Ike tutorial phase 2

IKE TutorialPhase 2

  • Phase 2 is always secured by an IKE SA. The IKE SA provides secrecy, authentication, and data integrity.

  • Remember: the goal is to establish an IPSEC SA.

  • Three messages in Phase 2:

    • Message 1: Suggestion of parameters, and identities for whom we’re negotiating.

    • Message 2: Choice of parameters, and HMAC signature on first message.

    • Message 3: HMAC signature on previous messages.

  • HMAC signatures use a key from the IKE SA.


Ike tutorial phase 21

IKE TutorialPhase 2

  • Example Phase 2 (simplified) exchange:

Alice

Let’s do either ESP DES/MD5, or AH SHA1.

I’m negotiating on behalf of subnets 189.63.71.0

and 204.53.10.0. Here’s some random data.

Bob

Let’s use AH SHA1. Here’s an HMAC of the

previous message using our IKE SA HMAC

key. Here’s some random data

Here’s an HMAC of the previous messages

using our IKE SA HMAC key.


Ike tutorial phase 22

IKE TutorialPhase 2

  • Remarks:

    • The keys in the resulting IPSEC SA are a function of the IKE SA key and the random data.

    • The result of the negotiation are two uni-directional IPSEC SAs, each with a distinct SPI (SPI are also part of the negotiation).

    • The SAs can only be used to encrypt IPSEC traffic between the negotiated identities.

    • Identity types are IP addresses, IP ranges, IP subnets.


Ike tutorial phase 23

IKE TutorialPhase 2

  • More Remarks:

    • Perfect Forward Secrecy (PFS) can be turned on to provide additional security. It includes an additional exchange of DH keys.

    • When an SA is about to expire, the entities can start a new negotiation. If the IKE SA is valid, only Phase 2 is required. Otherwise, both Phase 1 and Phase 2 are required.

  • One other types of IKE message: “informational”. Examples: error messages, requests to delete Sas.


Agenda3

Agenda

  • Cryptography Basics

  • IPSEC

  • IKE

  • IKE Hybrid Mode


Hybrid mode ike what is it

Hybrid Mode IKE - What is it?

  • A method of using Authentication Schemes other than a Pre-shared Secret, or a Digital Certificate with IKE

  • IKE Standard did not originally allow for authentication schemes like:

    • Token Cards - SecurID, etc.

    • LDAP

    • RADIUS

    • NT Domain

    • Firewall-1 Password

    • etc


Hybrid mode

Hybrid Mode

  • Challenge: integrate all FW-1 authentication schemes with IKE

    • Standards based solution does not exist

  • Requirements:

    • Open: integrates well with all authentication schemes

    • Secure: mutual (user vs. gateway) authentication

    • Standards based: suggest solution to IETF (draft-ietf-ipsec-isakmp-hybrid-auth-03)

  • Existing solutions are:

    • Proprietary (hard to determine their security)

    • Or, insecure suggested standards (XAUTH)


Hybrid mode1

Hybrid Mode

  • Solution:

    • Gateway cannot use an “interactive” authentication scheme, unlike a user:

      • Gateway uses PKI

      • User uses of the FW-1 authentication schemes

        • FW-1 Password, LDAP, TACACS+, RADIUS, etc.

  • CP management station includes simple PKI abilities

    • Sufficient to deploy certificates to the gateways

    • NOT a full blown PKI for users


Hybrid mode example radius

SA Negotiation

Establish encrypted channel

Establish encrypted channel

A’s certificate + A’s signature over previous data

Radius challenge (“enter password”)

Password 1232456

User identity, hash of previous data

Hybrid Mode Example (Radius)

User

GW

Check identity in certificate and validate

Check identity

Validate password


  • Login