Chapter 12: IPsec Overview

IPsec features:

• Data confidentiality
• Data integrity
• Data origin authentication (peer authentication)
• Anti-replay

IPsec Protocols

Internet Key Exchange (IKE)

IKE handles secure exchange of keys and other information over a nonsecure channel.

Rides TCP port 500.

Encapsulating Security Payload (ESP)

Provides for both data encryption and integrity.

DES, 3DES, or AES can be used for encryption.

Hash-based Message Authentication Code (HMAC) provides data integrity, using either SHA-1 or MD5.

Defined as IP protocol 50.

Authentication Header (AH)

Does not provide for data encryption.

Like ESP, uses HMAC to provide data integrity.

Defined as IP protocol 51.

IPsec Modes

• Transport mode - An ESP or AH header is inserted between the IP header and layer 4 header
• Tunnel mode - A new IP header is generated, followed by ESP/AH and the entire original packet (which is encrypted if ESP is used)

Peer Authentication

IPsec can use any of the following methods to authenticate a peer:

• Username and password
• One-time password (OTP)
• Biometrics
• Preshared keys
• Digital certificates

Internet Key Exchange (IKE)

IKE Protocols

• Internet Secure Association and Key Management Protocol (ISAKMP) - Manages security associations, parameter negotiation, and peer authentication
• Oakley - Uses the Diffie-Hellman algorithm to exchange keys

IKE Phases

Phase 1

A bidirectional security association (SA) is established between peers, and peers may optionally be authenticated.

Phase 1 is accomplished in either main mode or aggressive mode.

Parameters such as hash methods and transform sets are negotiated.

Phase 1.5 (Optional)

Xauth (Extended Authentication) can optionally authenticate the user of the IPsec endpoint.

Phase 2

Unidirectional SA's are set up between endpoints in IKE quick mode using the parameters agreed upon in phase 1. Separate keys are used for each direction.

IKE Modes

Main Mode

Six messages are exchanged, in three pairs:

• IPsec parameters and security policy - The initiator sends one or more proposals, and the responder selects the appropriate one.
• Diffie-Hellman public key exchange - Public keys are exchanged
• ISAKMP session authentication - Each end is authenticated by the other

Aggressive Mode

An abbreviated version of main mode:

• The initiator sends all its configuration data
• The responder authenticates the packet and replies with its configuration data
• The initiator authenticates the packet

IKE Quick Mode

Used only in phase 2, to setup unidirectional SA's over an established bidirectional SA.

Other IKE Functions

• Dead peer detection - Keepalives
• NAT traversal - NAT existence and support are determined in IKE phase 1; NAT traversal is accomplished by UDP encapsulation and negotiated in phase 2
• Mode configuration - Pushing IPsec configuration details to the remote client
• Xauth - Optional user authentication in phase 1.5

Encryption Algorithms

Symmetric algorithms:

• DES - 56-bit key
• 3DES - Three instances of DES using three different keys
• AES - Originally termed Rijndael, uses 128-, 192-, or 256-bit keys

Asymmetric algorithms:

• RSA - Minimum key length of 1024 bits; can be used for encryption and digital signatures

Public Key Infrastructure (PKI)

• Peers - End hosts with the need for secure communication
• Certification Authority (CA) - Grants and maintains digital certificates
• Digital certificate - Used to identify and authenticate a peer
• Registration authority (RA) - An optional entity which handles certificate requests for the CA
• Distribution mechanism - A means to distribute certification revocation lists (CRLs)