Chapter 13: IPsec Fundamentals

Chapter 13. IPsec FundamentalsThis chapter addresses the protocols and algorithms that IPsec uses and the different security services that IPsec provides.• Analyzes the architecture of the IPsec protocol• Details the role and operational impact of IPsec’s main components• Describes IPsec modes of operation in various scenarios• Describes the phases of IPsec connectivity• Describes the role and component of IKE• Provides an overview of the operations of IPv6 VPNsContentsAn IP Security (IPsec) virtual private network (VPN) is an essential tool for providing a secure network for business communication.IPsec works at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers). IPsec is not bound to any specific encryption, authentication, or security algorithms or keying technology. IPsec is a framework of open standards.IPsec FrameworkConfidentialityIntegrityAuthentication• Username and password• One-time password• Biometric• Preshared keys (PSK)• Digital certificatesAntireplay protectionIPsec FrameworkThe following are some of the encryption algorithms and key lengths that VPNs use:Date Encryption Standard (DES)3DESAdvanced Encryption Standard (AES)Rivest, Shamir, and Adleman (RSA)Software-Optimized Encryption Algorithm (SEAL) algorithmEncryption AlgorithmsEncryption algorithms, such as DES and 3DES, require a symmetric shared-secret key to perform encryption and decryption.You can use email, courier, or overnight express to send the shared-secret keys to the administrators of the devices.But the easiest key-exchange method is a public-key exchange method between the encrypting and decrypting devices. The method has two variants:• The Diffie-Hellman (DH) key agreement• ECDH is a variant of the DH protocol using elliptic curve cryptography (ECC). It is part of the Suite B standards.Key Exchange: Diffie-Hellman• DH1: 768-bit key• DH2: 1024-bit key• DH5: 1536-bit key• DH7: 163-bit ECDH key• DH14: 2048-bit key• DH15: 3072-bit key• DH16: 4096-bit key• DH19: 256-bit ECDH key• DH20: 384-bit ECDH key• DH24: 2048-bit ECDH keyDiffie-Hellman GroupVPN data is typically transported over the public Internet. Potentially, this data could be intercepted and modified. To guard against this problem, you can use a data-integrity algorithmThree common HMAC algorithms:HMAC-Message Digest 5 (HMAC-MD5)HMAC-Secure Hash Algorithm 1 (HMAC-SHA-1)HMAC-Secure Hash Algorithm 2 (HMAC-SHA-2)Data IntegrityWhen you are conducting business long distance, it is necessary to know who is at the other end of the phone, email, or fax. The same is true of VPN networks. The device on the other end of the VPN tunnel must be authenticated before the communication path is considered securePreshared keysRSA signaturesRSA encrypted noncesElliptic Curve Digital Signature Algorithm (ECDSA) AuthenticationIPsec Framework ComponentsIPsec ProtocolAH Authentication and IntegrityESP provides confidentiality by encrypting the payload. It supports a variety of symmetric encryption algorithms. The lowest common algorithm for IPsec is 56-bit DES. Cisco products also support the use of 3DES and especially AES for stronger encryption.Encapsulating Security PayloadESP ProtocolEncapsulation with Tunnel Mode and Transport ModeIPsec implements a VPN solution using an encryption process that involves the periodic changing of encryption keys. IPsec uses the IKE protocol to authenticate a peer computer and to generate encryption keys. IKE negotiates a security association (SA), which is an agreement between two peers engaging in an IPsec exchange and consists of all the required parameters necessary to establish successful communication. An IPsec peer accepting incoming IKE requests listens on UDP port 500IKE ProtocolIPsec uses the IKE protocol to provide these functions:• Negotiation of SA characteristics• Automatic key generation• Automatic key refresh• Manageable manual configurationIKE FunctionsThere are two versions of the IKE protocol: IKEv1 and IKEv2. IKEv2 was created to overcome some of the limitations of IKEv1. IKEv2 provides the following enhancements:• Simplicity, by requiring fewer transactions to establish security associations. A simplified initial exchange of messages reduces latency and increases connection establishment speed.• Stronger security, through DoS protection and other functions.• Reliability, by using sequence numbers, acknowledgements, and error correction.• Flexibility, through support for Extensible Authentication Protocol (EAP) as a method for authenticating VPN endpoints.• Mobility, by using the IKEv2 Mobility and Multihoming Protocol (MOBIKE) extension. This enhancement allows mobile users to roam and change IP addresses without disconnecting their IPsec session.IKE versionVisual Representation of IKEv1 and IPsec Tunnels Being Built from the Ground UpMain mode Aggressive modeQuick modeIKEv1 Modes• IKE Phase 1: Two IPsec peers perform the initial negotiation of SAs. In this phase, the SA negotiations are bidirectional; data may be sent and received using the same encryption key.• IKE Phase 2: SAs are negotiated by the IKE process ISAKMP on behalf of other services, such as IPsec, that need encryption key material for operation. Quick mode negotiates the IKE Phase 2 SAs. In this phase, the SAs that IPsec uses are unidirectional; therefore, a separate key exchange is required for each data flowIKEv1 PhasesIKEv1 Phase 1Main mode has three two-way exchanges between the initiator and receiver:• First exchange: Peers negotiate and agree on the algorithms and hashes that will be used to secure the IKE communications.• Second exchange: DH generates public and private values. The peers exchange their public values, and the result is a shared secret. The shared-secret key is used to generate all the other encryption and authentication keys.• Third exchange: The identity of the other side is verified. The main outcome of main mode is a secure communications path for subsequent exchanges between the peersMain ModeAggressive mode, as explained earlier, compresses the IKE SA negotiation phases into a total of three messages. Negotiation is quicker, and the initiator and responder IDs pass in plaintext.Aggressive ModeIKEv1 Phase 1, First Exchange: Policy Is NegotiatedIKEv1 Phase 1, Second Exchange: DH Key ExchangeAs mentioned earlier, there are four data origin authentication methods with IKEv1:• PSKs: Pre-shared keys are a secret key value that is entered into each peer manually and is used to authenticate the peer.• RSA signatures: RSA signatures are the exchange of digital certificates that is used to authenticate the peers in addition to sending a hash value of a message encrypted with its private key as proof of its identity.• RSA encrypted nonces: Nonces are random numbers that are generated by each peer and then encrypted and exchanged between peers. The two nonces are used during the peer-authentication process.• ECDSA signatures: Exchange of certificates. ECDSA certificates are smaller than RSA signatures of similar cryptographic strength, resulting in improved communications efficiency. ECDSA is available with Suite B.IKEv1 Phase 1, Third Exchange: Authenticate Peer Identity• Negotiates IPsec security parameters, known as IPsec transform sets.• Establishes IPsec SAs.• Periodically renegotiates IPsec SAs to ensure security.• Optionally, performs an additional DH exchange to generate IPsec SA keys that have no relation to the IKE keys. Generating IPsec keys from scratch for the purpose of IPsec SAs is referred to as Perfect Forward Secrecy (PFS), which is described after IKEv2 quick mode.IKEv1 Phase 2In IKEv2, there is a simplified initial exchange of messages that, compared to IKEv1, reduces latency and increases the connection establishment speed. The IKEv2 base specification includes all the functionality of IKEv1 as well as additional functionality. It preserves most of the features of version 1, including the two negotiation phasesIKE Version 2IKEv2: A Simplified ApproachIKEv1 Versus IKEv2• IPsec is mandatory for IPv6.• IPsec is native to IPv6.• Includes built-in confidentiality, integrity, authentication, and antireplay.• Offers flexibility and low overhead through extension headers.• The IPsec framework and behavior are the same as IPsec for IPv4.• Strong encryption (Suite B) and mobility enhancements (IKEv2) are key in IPv6.• Only site-to-site tunnel mode VPNs are supported in Cisco IOS as of version 15.1.IPv6 VPNsIPsec Services for Transitioning to IPv6