IPsec: IKE (Internet Key...
Transcript of IPsec: IKE (Internet Key...
![Page 1: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/1.jpg)
1
IPsec: IKE (Internet Key Exchange)
![Page 2: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/2.jpg)
2
Key Management
• Why do we need Internet Key Management– AH and ESP require encryption and authentication
keys
• Process to negotiate and IPsec SA’s between two entities
![Page 3: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/3.jpg)
3
Security Principles
• Basic security principles for session keys– Compromise of a session key
• Does not permit reuse of the compromised session key
• Does not compromise future session keys and long-term keys
• Perfect Forward Secrecy (PFS)– Compromise of current keys (session key or long-
term key) does not compromise past session keys
– Concern for encryption keys but not for authentication keys
Please refer to p. 407 of the textbook
![Page 4: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/4.jpg)
4
Diffie-Hellman for PFS using Signature Keys
![Page 5: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/5.jpg)
5
Internet Key Management
• Manual Key Management– Mandatory
– Useful when IPsec developers are debugging
– Keys exchanged offline (phone, email, etc.)
– Set up SPI and negotiate parameters
![Page 6: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/6.jpg)
6
IPsec Architecture revisited
![Page 7: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/7.jpg)
7
Internet Key Management
• Automatic key management– Simple Key-Management for Internet Protocols
(SKIP)
– ISAKMP/OAKLEY• Photuris
– Ephemeral D-H + authentication + Cookie
– The first to use cookie to thwart DoS attacks
• SKEME (extension to Photuris)
• Oakley (RFC 2412)
• ISAKMP (RFC 2408)
• ISAKMP/OAKLEY -> IKE (RFC 2409)
![Page 8: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/8.jpg)
8
Stateless Cookie Protocol
Please refer to p. 410-411 of the textbook
![Page 9: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/9.jpg)
9
SKIP: Simple Key-Management for Internet Protocols
• Pre-Distribution and authenticated D-H public key
• Packet-specific encryption keys are included in the IP packet
• No concept of SA: difficult to work with current IPsec architecture
![Page 10: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/10.jpg)
10
IKE Phases
• Phase 1– Negotiate protection suite– Use Diffie-Hellman to establish shared secrets– Authenticate the shared secret, IKE SA– Based on three types of keys
• Pre-shared secret key• Public encryption key
– A public key pair whose usage is restricted to encryption/decryption
• Public signature key– A public key pair whose usage is restricted to signing/signature
verification
![Page 11: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/11.jpg)
11
IKE Phase 1
General Idea for all IKE phase-1 protocol – Aggressive Mode
![Page 12: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/12.jpg)
12
IKE Phase 1
General Idea for all IKE phase-1 protocol – Main Mode
![Page 13: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/13.jpg)
13
IKE Phase 1
• Four Authentication Methods– Original public key encryption
– Revised public key encryption
– Public key signature
– Pre-shared secret key encryption
• For each authentication method– Main mode protocol
– Aggressive mode protocol
![Page 14: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/14.jpg)
14
IKE Keys
• SKEYID:– Signature public key: prf(nonces, gxy)
– Encryption public key: prf(hash(nonces), cookies)
– Pre-shared key: prf(pre-shared secret key, nonces)
![Page 15: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/15.jpg)
15
IKE Keys
• Three groups of keys– Derived key for non-ISAKMP negotiations
• SKEYID_d = prf(SKEYID, (gxy, cookies, 0))
– Authentication Key (Integrity Protection Key)• SKEYID_a = prf(SKEYID, (SKEYID_d, (gxy, cookies, 1))
– Encryption Key• SKEYID_e = prf(SKEYID, (SKEYID_a, (gxy, cookies, 2))
• To authenticate the established key– Initiator generates
• Proof: prf(SKEYID, (gx, gy, cookies, A’s initial crypto-parameters proposal, A’s identity))
– Responder generates• Proof: prf(SKEYID, (gy, gx, cookies, A’s initial crypto-parameters
proposal, B’s identity))
![Page 16: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/16.jpg)
16
Public Signature Keys, main mode
![Page 17: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/17.jpg)
17
Public Signature Keys, Aggressive mode
![Page 18: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/18.jpg)
18
Public Encryption Keys, main mode, original protocol
![Page 19: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/19.jpg)
19
Public Encryption Keys, aggressive mode, original protocol
![Page 20: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/20.jpg)
20
Public Encryption Keys, main mode, revised protocol
![Page 21: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/21.jpg)
21
Public Encryption Keys, aggressive mode, revised protocol
![Page 22: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/22.jpg)
22
Pre-shared secret, main mode
![Page 23: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/23.jpg)
23
Pre-shared secret, aggressive mode
![Page 24: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/24.jpg)
24
IKE Phase 2 – Quick ModeSetting Up IPsec SAs
• Not a complete exchange itself
– Must be bound to a phase 1 exchange
• Used t derive keying materials for IPsec SAs
• Information exchanged with quick mode must be protected by the ISAKMP SA
• Essentially a SA negotiation and an exchange of nonce
– Generate fresh key material
– Prevent replay attack
![Page 25: IPsec: IKE (Internet Key Exchange)galaxy.cs.lamar.edu/~bsun/security/lecture_notes/lecture_18.pdf · 5 Internet Key Management † Manual Key Management – Mandatory – Useful when](https://reader034.fdocuments.net/reader034/viewer/2022042910/5f3f6adcc7f7dc67df4118e9/html5/thumbnails/25.jpg)
25
IKE Quick Mode