This chapter covers the role and operational impact of IPsec’s main components and its modes of operation in various scenarios. It provides a detailed description of the phases of IPsec connectivity. It also provides an overview of IPv6 VPNs.
Chapter 13 IPsec Fundamentals © 2012 Cisco and/or its affiliates All rights reserved Contents This chapter addresses the protocols and algorithms that IPsec uses and the different security services that IPsec provides • Analyzes the architecture of the IPsec protocol • Details the role and operational impact of IPsec’s main components • Describes IPsec modes of operation in various scenarios • Describes the phases of IPsec connectivity • Describes the role and component of IKE • Provides an overview of the operations of IPv6 VPNs © 2012 Cisco and/or its affiliates All rights reserved IPsec Framework • An IP Security (IPsec) virtual private network (VPN) is an essential tool for providing a secure network for business communication • IPsec works at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers) • IPsec is not bound to any specific encryption, authentication, or security algorithms or keying technology • IPsec is a framework of open standards © 2012 Cisco and/or its affiliates All rights reserved IPsec Framework • Confidentiality • Integrity • Authentication • Username and password • One-time password • Biometric • Preshared keys (PSK) Digital certificates Antireplay protection â 2012 Cisco and/or its affiliates All rights reserved Encryption Algorithms • The following are some of the encryption algorithms and key lengths that VPNs use: – Date Encryption Standard (DES) – 3DES – Advanced Encryption Standard (AES) – Rivest, Shamir, and Adleman (RSA) – Software-Optimized Encryption Algorithm (SEAL) algorithm © 2012 Cisco and/or its affiliates All rights reserved Key Exchange: Diffie-Hellman • Encryption algorithms, such as DES and 3DES, require a symmetric shared-secret key to perform encryption and decryption • You can use email, courier, or overnight express to send the shared- secret keys to the administrators of the devices • But the easiest key-exchange method is a public-key exchange method between the encrypting and decrypting devices The method has two variants: • The Diffie-Hellman (DH) key agreement • ECDH is a variant of the DH protocol using elliptic curve cryptography (ECC) It is part of the Suite B standards © 2012 Cisco and/or its affiliates All rights reserved Diffie-Hellman Group • DH1: 768-bit key • DH2: 1024-bit key • DH5: 1536-bit key • DH7: 163-bit ECDH key • DH14: 2048-bit key • DH15: 3072-bit key • DH16: 4096-bit key • DH19: 256-bit ECDH key • DH20: 384-bit ECDH key DH24: 2048-bit ECDH key â 2012 Cisco and/or its affiliates All rights reserved Data Integrity • VPN data is typically transported over the public Internet Potentially, this data could be intercepted and modified • To guard against this problem, you can use a data-integrity algorithm • Three common HMAC algorithms: – HMAC-Message Digest (HMAC-MD5) – HMAC-Secure Hash Algorithm (HMAC-SHA-1) – HMAC-Secure Hash Algorithm (HMAC-SHA-2) © 2012 Cisco and/or its affiliates All rights reserved Authentication • When you are conducting business long distance, it is necessary to know who is at the other end of the phone, email, or fax • The same is true of VPN networks • The device on the other end of the VPN tunnel must be authenticated before the communication path is considered secure – Preshared keys – RSA signatures – RSA encrypted nonces – Elliptic Curve Digital Signature Algorithm (ECDSA) © 2012 Cisco and/or its affiliates All rights reserved IPsec Framework Components © 2012 Cisco and/or its affiliates All rights reserved 10 IKEv1 Modes • Main mode • Aggressive mode • Quick mode © 2012 Cisco and/or its affiliates All rights reserved 20 IKEv1 Phases • IKE Phase 1: Two IPsec peers perform the initial negotiation of SAs In this phase, the SA negotiations are bidirectional; data may be sent and received using the same encryption key • IKE Phase 2: SAs are negotiated by the IKE process ISAKMP on behalf of other services, such as IPsec, that need encryption key material for operation Quick mode negotiates the IKE Phase SAs In this phase, the SAs that IPsec uses are unidirectional; therefore, a separate key exchange is required for each data flow © 2012 Cisco and/or its affiliates All rights reserved 21 IKEv1 Phase © 2012 Cisco and/or its affiliates All rights reserved 22 Main Mode Main mode has three two-way exchanges between the initiator and receiver: • First exchange: Peers negotiate and agree on the algorithms and hashes that will be used to secure the IKE communications • Second exchange: DH generates public and private values The peers exchange their public values, and the result is a shared secret The shared-secret key is used to generate all the other encryption and authentication keys • Third exchange: The identity of the other side is verified The main outcome of main mode is a secure communications path for subsequent exchanges between the peers © 2012 Cisco and/or its affiliates All rights reserved 23 Aggressive Mode • Aggressive mode, as explained earlier, compresses the IKE SA negotiation phases into a total of three messages • Negotiation is quicker, and the initiator and responder IDs pass in plaintext © 2012 Cisco and/or its affiliates All rights reserved 24 IKEv1 Phase 1, First Exchange: Policy Is Negotiated © 2012 Cisco and/or its affiliates All rights reserved 25 IKEv1 Phase 1, Second Exchange: DH Key Exchange © 2012 Cisco and/or its affiliates All rights reserved 26 IKEv1 Phase 1, Third Exchange: Authenticate Peer Identity As mentioned earlier, there are four data origin authentication methods with IKEv1: • PSKs: Pre-shared keys are a secret key value that is entered into each peer manually and is used to authenticate the peer • RSA signatures: RSA signatures are the exchange of digital certificates that is used to authenticate the peers in addition to sending a hash value of a message encrypted with its private key as proof of its identity • RSA encrypted nonces: Nonces are random numbers that are generated by each peer and then encrypted and exchanged between peers The two nonces are used during the peer-authentication process © 2012 Cisco and/or its affiliates All rights reserved 27 IKEv1 Phase • Negotiates IPsec security parameters, known as IPsec transform sets • Establishes IPsec SAs • Periodically renegotiates IPsec SAs to ensure security • Optionally, performs an additional DH exchange to generate IPsec SA keys that have no relation to the IKE keys Generating IPsec keys from scratch for the purpose of IPsec SAs is referred to as Perfect Forward Secrecy (PFS), which is described after IKEv2 quick mode © 2012 Cisco and/or its affiliates All rights reserved 28 IKE Version • In IKEv2, there is a simplified initial exchange of messages that, compared to IKEv1, reduces latency and increases the connection establishment speed • The IKEv2 base specification includes all the functionality of IKEv1 as well as additional functionality • It preserves most of the features of version 1, including the two negotiation phases © 2012 Cisco and/or its affiliates All rights reserved 29 IKEv2: A Simplified Approach © 2012 Cisco and/or its affiliates All rights reserved 30 IKEv1 Versus IKEv2 © 2012 Cisco and/or its affiliates All rights reserved 31 IPv6 VPNs • IPsec is mandatory for IPv6 • IPsec is native to IPv6 • Includes built-in confidentiality, integrity, authentication, and antireplay • Offers flexibility and low overhead through extension headers • The IPsec framework and behavior are the same as IPsec for IPv4 • Strong encryption (Suite B) and mobility enhancements (IKEv2) are key in IPv6 • Only site-to-site tunnel mode VPNs are supported in Cisco IOS as of version 15.1 © 2012 Cisco and/or its affiliates All rights reserved 32 IPsec Services for Transitioning to IPv6 © 2012 Cisco and/or its affiliates All rights reserved 33 © 2012 Cisco and/or its affiliates All rights reserved 34 ... reserved Diffie-Hellman Group • DH1: 768-bit key • DH2: 1024-bit key • DH5: 1536-bit key • DH7: 163-bit ECDH key • DH14: 2048-bit key • DH15: 3072-bit key • DH16: 4096-bit key • DH19: 256-bit ECDH... can use a data-integrity algorithm • Three common HMAC algorithms: – HMAC-Message Digest (HMAC-MD5) – HMAC-Secure Hash Algorithm (HMAC-SHA-1) – HMAC-Secure Hash Algorithm (HMAC-SHA-2) © 2012 Cisco...Contents This chapter addresses the protocols and algorithms that IPsec uses and the different security services that IPsec provides • Analyzes the architecture of the IPsec protocol • Details