CSC Network Security

Similar documents
CSC Network Security

Outline. CSC/ECE 574 Computer and Network Security. Key Management. Security Principles. Security Principles (Cont d) Internet Key Management

CSC/ECE 574 Computer and Network Security. Outline. Key Management. Key Management. Internet Key Management. Why do we need Internet key management

Outline. Key Management. Security Principles. Security Principles (Cont d) Escrow Foilage Protection

Outline. Key Management. CSCI 454/554 Computer and Network Security. Key Management

CSCI 454/554 Computer and Network Security. Topic 8.2 Internet Key Management

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

IP Security II. Overview

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

draft-ietf-ipsec-isakmp-oakley-03.txt February 1997 Expire in six months The resolution of ISAKMP with Oakley <draft-ietf-ipsec-isakmp-oakley-03.

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Cisco Live /11/2016

Internet Engineering Task Force Mark Baugher(Cisco) Expires: April, 2003 October, 2002

IPsec and Secure VPNs

Advanced IKEv2 Protocol Jay Young, CCIE - Technical Leader, Services. Session: BRKSEC-3001

IP Security IK2218/EP2120

AIT 682: Network and Systems Security

Advanced IPSec Algorithms and Protocols

IP Security Discussion Raise with IPv6. Security Architecture for IP (IPsec) Which Layer for Security? Agenda. L97 - IPsec.

draft-ietf-ipsec-nat-t-ike-00.txt W. Dixon, B. Swander Microsoft V. Volpe Cisco Systems L. DiBurro Nortel Networks 10 June 2001

draft-ietf-ipsec-nat-t-ike-01.txt W. Dixon, B. Swander Microsoft V. Volpe Cisco Systems L. DiBurro Nortel Networks 23 October 2001

IP Security Protocol Working Group (IPSEC) draft-ietf-ipsec-nat-t-ike-03.txt. B. Swander Microsoft V. Volpe Cisco Systems 24 June 2002

IPSec Guide. ISAKMP & IKE Formats

draft-ietf-ipsec-isakmp-oakley-00.txt June 1996 Expire in six months The resolution of ISAKMP with Oakley <draft-ietf-ipsec-isakmp-oakley-00.

Network Security: IPsec. Tuomas Aura

Chapter 11 The IPSec Security Architecture for the Internet Protocol

The IPSec Security Architecture for the Internet Protocol

ECC Based IKE Protocol Design for Internet Applications

Table of Contents 1 IKE 1-1

Advanced IKEv2 Protocol

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Virtual Private Networks

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Chapter 6/8. IP Security

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Configuration of an IPSec VPN Server on RV130 and RV130W

Configuring Internet Key Exchange Security Protocol

Step Initiator (I) Responder (R) ((1)) Precomputation Precomputation Computation ((2)) by using PK R and/or SK I ((3)) Request Message =) Computation

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

CSCE 715: Network Systems Security

8. Network Layer Contents

Network Working Group. November 1998

The EN-4000 in Virtual Private Networks

VPN Ports and LAN-to-LAN Tunnels

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Some optimizations can be done because of this selection of supported features. Those optimizations are specifically pointed out below.

Real-time protocol. Chapter 16: Real-Time Communication Security

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

CS 494/594 Computer and Network Security

3. Use the RF material for authentication. 4. Carry an acknowledgment material derived from the reconstructed RF material by Acknowledgment Message ((

L13. Reviews. Rocky K. C. Chang, April 10, 2015

CSC 774 Advanced Network Security

Network Security IN2101

show crypto group summary, page 1 show crypto ikev2-ikesa security-associations summary spi, page 2

Cryptography and Network Security. Sixth Edition by William Stallings

XEP-0102: Security Extensions

Network Security (NetSec) IN2101 WS 16/17

Introduction to Information Security

Virtual Private Network

CIS 6930/4930 Computer and Network Security. Final exam review

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Securing Networks with Cisco Routers and Switches

VPNs and VPN Technologies

IKE and Load Balancing

YANG Data Model for Internet Protocol Security (IPSec) dra:- tran- ipecme- yang- ipsec- 00 K. Tran, Ericsson

Key Encryption as per T10/06-103

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Internet Engineering Task Force (IETF) Request for Comments: ISSN: Check Point P. Eronen Independent September 2010

Securify, Inc. M. Schneider. National Security Agency. J. Turner RABA Technologies, Inc. November 1998

Configuring Security for VPNs with IPsec

Configuring an IPSec Tunnel Between a Cisco VPN 3000 Concentrator and a Checkpoint NG Firewall

CSC 474/574 Information Systems Security

VPN Overview. VPN Types

The Simplicity property is motivated by several factors. Efficiency is one; increased likelihood of correctness is another. But our motivation is espe

Service Managed Gateway TM. Configuring IPSec VPN

Sample excerpt. Virtual Private Networks. Contents

Virtual Tunnel Interface

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

VPN Auto Provisioning

CSC 474/574 Information Systems Security

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Lecture 9: Network Level Security IPSec

Configure IKEv1 IPsec Site-to-Site Tunnels with the ASDM or CLI on the ASA

Chapter 5: Network Layer Security

Key Management in IP Multicast

IPSec Network Applications

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A

Network Working Group Request for Comments: 4718 Category: Informational VPN Consortium October 2006

Firepower Threat Defense Site-to-site VPNs

BCRAN. Section 9. Cable and DSL Technologies

Implementing Internet Key Exchange Security Protocol

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Verification of Security Protocols

Transcription:

CSC 774 -- Network Security Topic 3.1: IKE Dr. Peng Ning CSC 774 Network Security 1 IKE Overview IKE = ISAKMP + part of OAKLEY + part of SKEME ISAKMP determines How two peers communicate How these messages are constructed How to secure the communication between the two peers No actual key exchange Oakley Key exchange protocol Combining these two requires a Domain of Interpretation (DOI) RFC 2407 Dr. Peng Ning CSC 774 Network Security 2

IKE Overview (Cont d) A separate RFC has been published for IKE RFC 2409 Request-response protocol Two phases Phase 1: Establish an IKE (ISAKMP) SA Essentially the ISAKMP phase 1 Bi-directional Phase 2: Use the IKE SA to establish IPsec SAs Key exchange phase Directional Dr. Peng Ning CSC 774 Network Security 3 IKE Overview (Cont d) Several Modes Phase 1: Main mode: identity protection Aggressive mode Phase 2: Quick mode Other modes New group mode Establish a new group to use in future negotiations Not in phase 1 or 2; Must only be used after phase 1 Informational exchanges ISAKMP notify payload ISAKMP delete payload Dr. Peng Ning CSC 774 Network Security 4

IPSEC Architecture Revisited IPSec module 1 What to establish IPSec module 2 SPD SPD IKE IKE SAD IPSec SA IPSec SAD IKE policies (How to establish the IPsec SAs): 1. Encryption algorithm; 2. Hash algorithm; 3. D-H group; 4. Authentication method. Dr. Peng Ning CSC 774 Network Security 5 A Clarification About PFS In RFC 2409: When used in the memo Perfect Forward Secrecy (PFS) refers to the notion that compromise of a single key will permit access to only data protected by a single key. The key used to protect transmission of data MUST NOT be used to derive any additional keys. If the key used to protect transmission of data was derived from some other keying material, that material MUST NOT be used to derive any more keys. Is this consistent with what we discussed? Dr. Peng Ning CSC 774 Network Security 6

IKE Phase 1 Four authentication methods Digital signature Authentication with public key encryption The above method revised Authentication with a pre-shared key Dr. Peng Ning CSC 774 Network Security 7 IKE Phase 1 (Cont d) IKE Phase 1 goal: Establish a shared secret SKEYID With signature authentication SKEYID = prf(ni_b Nr_b, g xy ) With public key encryption SKEYID = prf(hash(ni_b Nr_b), CKY-I CKY-R) With pre-shared key SKEYID = prf(pre-shared-key, Ni_b Nr_b) Notations: prf: keyed pseudo random function prf(key, message) CKY-I/CKY-R: I s (or R s) cookie Ni_b/Nr_b: the body of I s (or R s) nonce Dr. Peng Ning CSC 774 Network Security 8

IKE Phase 1 (Cont d) Three groups of keys Derived key for non-isakmp negotiations SKEYID_d = prf(skeyid, g xy CKY-I CKY-R 0) Authentication key SKEYID_a = prf(skeyid, SKEYID_d g xy CKY-I CKY-R 1) Encryption key SKEYID_e = prf(skeyid, SKEYID_a g xy CKY-I CKY-R 2) Dr. Peng Ning CSC 774 Network Security 9 IKE Phase 1 (Cont d) To authenticate the established key generates HASH_I = prf(skeyid, g xi g xr CKY-I CKY-R SAi_b IDii_b) generates HASH_R = prf(skeyid, g xr g xi CKY-R CKY-I SAi_b IDir_b) Authentication with digital signatures HASH_I and HASH_R are signed and verified Public key encryption or pre-shared key HASH_I and HASH_R directly authenticate the exchange. Dr. Peng Ning CSC 774 Network Security 10

IKE Phase 1 Authenticated with Signatures Main Mode HDR, KE, Ni HDR, KE, Nr HDR*, IDii, [CERT,] SIG_I HDR*, IDir, [CERT,] SIG_R Dr. Peng Ning CSC 774 Network Security 11 IKE Phase 1 Authenticated with Signatures Aggressive Mode, KE, Ni, IDii HDR, [CERT,] SIG_I, KE, Nr, IDir, [CERT,] SIG_R Dr. Peng Ning CSC 774 Network Security 12

IKE Phase 1 Authenticated with Public Key Encryption Main Mode HDR, KE, [HASH(1),] <IDii_b>PubKey_r, <Ni_b>PubKey_r HDR*, HASH_I HDR, KE, <IDir_b>PubKey_i, <Nr_b>PubKey_i HDR*, HASH_R Dr. Peng Ning CSC 774 Network Security 13 IKE Phase 1 Authenticated with Public Key Encryption Aggressive Mode, [HASH(1),] KE, <IDii_b>PubKey_r, <Ni_b>PubKey_r HDR, HASH_I, KE, <IDir_b>PubKey_i, <Nr_b>PubKey_I, HASH_R Dr. Peng Ning CSC 774 Network Security 14

Observations Authenticated using public key encryption No non-repudiation No evidence that shows the negotiation has taken place. More difficult to break An attacker has to break both DH and public key encryption Identity protection is provided in aggressive mode. Four public key operations Two public key encryptions Two public key decryptions Dr. Peng Ning CSC 774 Network Security 15 IKE Phase 1 Authenticated with A Revised Mode of Public Key Encryption Main Mode HDR, [HASH(1),] <Ni_b>PubKey_r <KE_b>Ke_i <IDii_b>Ke_i, [<Cert-I_b>Ke_i] HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDir_b>Ke_r HDR*, HASH_I HDR*, HASH_R Dr. Peng Ning CSC 774 Network Security 16

IKE Phase 1 Authenticated with A Revised Mode of Public Key Encryption Aggressive Mode, [HASH(1),] <Ni_b>PubKey_r, <KE_b>Ke_i, <IDii_b>Ke_i [, <Cert-I_b>Ke_i] HDR, HASH_I, <Nr_b>PubKey_i, <Ke_b>Ke_r, <IDir_b>Ke_r, HASH_R Dr. Peng Ning CSC 774 Network Security 17 Further Details Ne_i=prf(Ni_b, CKY-I) Ne_r=prf(Nr_b, CKY-R) Ke_i and Ke_r are taken from Ne_i and Ne_r, respectively. Dr. Peng Ning CSC 774 Network Security 18

IKE Phase 1 Authenticated with Pre-Shared Key Main Mode HDR, KE, Ni HDR, KE, Nr HDR*, IDii, HASH_I HDR*, IDir, HASH_R Dr. Peng Ning CSC 774 Network Security 19 IKE Phase 1 Authenticated with Pre-Shared Key (Cont d) What provide the authentication? Why does it work? Dr. Peng Ning CSC 774 Network Security 20

IKE Phase 1 Authenticated with Pre-Shared Key Aggressive Mode, KE, Ni, IDii, KE, Nr, IDir, HASH_R HDR, HASH_I Dr. Peng Ning CSC 774 Network Security 21 IKE Phase 2 -- Quick Mode Not a complete exchange itself Must be bound to a phase 1 exchange Used to derive keying materials for IPsec SAs Information exchanged with quick mode must be protected by the ISAKMP SA Essentially a SA negotiation and an exchange of nonces Generate fresh key material Prevent replay attack Dr. Peng Ning CSC 774 Network Security 22

IKE Phase 2 -- Quick Mode (Cont d) Basic Quick Mode Refresh the keying material derived from phase 1 Quick Mode with optional KE payload Transport additional exponentiation Provide PFS Dr. Peng Ning CSC 774 Network Security 23 IKE Phase 2 -- Quick Mode (Cont d) HDR*, HASH(1), SA, Ni, [,KE] [, IDci, IDcr] HDR*, HASH(2), SA, Nr, [, KE] [, IDci, IDcr] HDR*, HASH(3) HASH(1) = prf(skeyid_a, M-ID SA Ni [ KE ] [ IDci IDcr ) HASH(2) = prf(skeyid_a, M-ID Ni_b SA Nr [ KE ] [ IDci IDcr ) HASH(3) = prf(skeyid_a, 0 M-ID Ni_b Nr_b) Dr. Peng Ning CSC 774 Network Security 24

IKE Phase 2 -- Quick Mode (Cont d) If PFS is not needed, and KE payloads are not exchanged, the new keying material is defined as KEYMAT = prf(skeyid_d, protocol SPI Ni_b Nr_b) If PFS is desired and KE payloads were exchanged, the new keying material is defined as KEYMAT = prf(skeyid_d, g(qm) xy protocol SPI Ni_b Nr_b) where g(qm) xy is the shared secret from the ephemeral Diffie-Hellman exchange of this Quick Mode. In either case, "protocol" and "SPI" are from the ISAKMP Proposal Payload that contained the negotiated Transform. Dr. Peng Ning CSC 774 Network Security 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback