IPSEC Overview
IPSEC Control Plane
> ISAKMP & IKE Negotiation
IPSEC data plane
> ESP & AH Encapsulations
VPN Overview :
Extension of a private n/w over a public n/w
VPN doesn't necessarily imply encryption
Examples:
Layer 2 VPNs
Ethernet VLANs , QinQ , FR, PVCs , ATM
Layer 3 VPNs
GRE, MPLS, Layer 3 VPN , IPSEC
IPSEC Features:
Data origin authentication : Who did the packet come from ?
Data integrity : was the packet changed in the transit path
Data Confidentiality : can anyone read the packet in the transit path
Anti-replay : Did i already receive this packet
Why use IPSEC VPN
Does not need static SP provisioning link MPLS
independent of SP access method
> IPv4/IPv6 transport is the only requirement
- Allows both site to site & remote access
- Always on VS dial on demand
- offers data protection
-- Main motivation for IPSEC
+++++++ HOW IPSEC WORKS ++++++
- IPSEC is a N/W layer protocol (layer 3)
-- Different from SSL(7) or 802.1AE macsec (2)
- Main goal is to encrypt and authenticate IPv4 or IPv6 packets
- Uses symmetric ciphers for encryption ( e.g 3DES)
- Keyed hashing for authentication ( e.g MD5 )
- Used to create P2P tunnels between endpoints
- GetVPN is an exception , which can use P2MP
++++ HOW IPSEC TUNNELS WORK ++++
- Tunnels are dynamically negotiated through IKE
- Main goal is to not define crypto keys manually
- IPSEC use two data structures to build a tunnel
Security association (SA)
- An agreement of ipsec parameters
- Maintains encryption & authentication keys on peers
Security parameter index ( SPI)
- Field in packet header to select SA on receiver
- Analogous to VLAN header or MPLS Label
ISAKMP vs IKE
-- ISAKMP / IKE are the negotiation protocols used to form SAs
-- Internet security association key management protocol is the framwork
-- says that authentication & keying occurs
-- Internet key exchange ( IKE)
-- IKE is the actual implementation
-- Defines how authentication and keying occurs
In general ISAKMP/IKE terms are interchangeable
IKEv1 VS. IKEv2 Negotiation
-- IKE v1 was the original implementation
-- spread across lots of RFCs
-- Problem with Interoperability with same feature
-- IKE v2 adds new improvements
-- Simplified RFC & Packet formats , better interoperability
-- More flexible designs
-- E.g use pre-shared keys on one but certificates on the other
-- supports more secure "suite B" algorithm
-- No change to IPSEC data plane only control plane (IKE)
IPSEC Tunnel Negotiation with IKE
-- goal of ipsec exchange is to establish SAs
-- occurs through two main negotiation phase using IKE
-- IPSEC phase 1
-- Authenticate endpoints and build a secure tunnel for further negotiation
-- Result is called the ISAKMP SA
-- IPSEC phase 2
-- Establish the tunnel used to protect the actual data traffic
-- Result is called the IPSEC SA
Negotiating the ISAKMP SA
-- During IKE phase 1 , peers negotiate 4 main parameters
-- Authentication method
-- Diffi - hellman group ( 1/2/5/ ----)
-- Encryption type (DES/ 3DES / AES)
-- Hash algorithm ( MD5 / SHA 1 )
IKE Authentication - 2 ways
-- Pre-shared keys (PSK)
-- X.509 Certificates (PKI)
PSK is easy , but PKI is scalable
o PSKs are difficult to maintain and change
o PKI allows easy revocation & also hierarchy
IKE v2 adds improved authentication : e.g EAP methods
IKE Diffie-Hellman group
-- DH is the method to exchange crypto keys
-- DH group number determines strength of keys
-- Higher group is better , but at expense of CPU
-- Result of DH is what 3DES , AES etc , use as their symmetric keys
IKE Encryption
o Encryption algorithm used to protect the traffic
o DES, 3 DES , AES-128,256 etc
o Higher is better but at the expense of CPU
o Some can be h/w accelerated
i.e AES crypto offload card
IKE v2 ------- RFC 4307
IKE Hashing
-- One way hash used to authenticate the packet
o if hashes match , the packet was not modified in transit
o Higher is better , but again at the expense of CPU
Hashes supported depends on IKE version
o IKE v1 MD5 & SHA-1
o IKE v2 SHA - 256 , SHA - 384 etc
ISAKMP Policies:
o Combinations of IKE params are ISAKMP policy
o IKE initiator sends all its policies through a proposal
o IKE respond checks received policies against its own
o First match is used , based on lowest priority value
o Else , connection is rejected
After phase 1 completes , an encrypted tunnel exists between the peers
o phase 2 negotiation can now be hidden from devices in transit
Negotiating the IPSEC SA
o In phase 2 peers agree on more parameters ......
>> security protocol
encapsulating security payload (ESP ) or Authentication header (AH)
>> encapsulation mode
tunnel mode or transport mode
>> encryption
DES, 3 DES , AES , etc
>> authentication
MD5, SHA, SHA-256, SHA - 512 etc
>> Combination of these is called IPSEC Transform set
IPSEC security protocols:
>> IPSEC supports two data plane encapsulations
AH & ESP
AH vs ESP
AH
o IP Protocol number 51
o Data origin authentication includes IP Header
o Data integrity
ESP
o IP Protocol number 50
o Data origin authentication encludes IP Header
o Data integrity
o Data encryption
o Anti - reply
AH supports only authentication
o Rarely used for VPNs due to this reason
o IPv6 OSPFv3 can use AH for neighbor authentication
ESP supports authentication & encryption
o Preferred method of IPSEC . VPNs
o Most remote access clients only supports ESP
Tunnel vs Transport
AH & ESP supports 2 modes of encapsulation
Transport :
o original ip header retained
o payload and layer 4 header authenticated encrypted with ESP
o complete pkt authenticated with AH
o typically used in host to host IPSEC
Tunnel :
o adds new ip header
o original header & payload authenticated / encrypted with ESP
o complete packet authenticated with AH
o typically used between ipsec gateways or host to IPSEC gateway
Negotiating the IPSEC SA (cont.)
>> Phase 2 negotiation also includes .....
>> Proxy identities
o Defines what traffic will be protected
o Also called " proxy acls "
>> Security Association (SA) lifetime
o How often should we re-key
>> Perfect forward secrecy (PFS)
o Should we re-negotiated DH before we re-key
IPSEC proxy identities
>> Defines what traffic goes into the ipsec-tunnel
o i.e the "interesting traffic " to trigger the tunnel
>> Proxy ACLs should be mirror images
o Take a tunnel from peer A to Peer B
o Peer A says traffic from X > Y
o Peer B says traffic from Y > X
Like any other parameter mismatch , misconfiguration will cause tunnel failure
SA Lifetimes:
>> ISAKMP/ IPSEC SA both have finite lifetime
o Before expiration , SA is re-keyed
o Lifetime can be time or bits
o Lower value of initiator or receive is negotiated
What do we re-key with ?
o previous DH exchange or new DH exchange
o depends on PFS
Perfect Forward secrecy (PFS)
o without PFS, IPSEC SA re-keying is done from the initially negotiated master key
o one compromised key theoretically means all keys compromised
>> PFS cause new DH exchange prior to rekeying
o makes IPSEC SA keys independent from previous ones
o more secure but at the expense of CPU
IPSEC control plane vs Data plane
>> All traffic is unicast IPv4 / IPv6
>> IPSEC control plane (ISAKMP)
o udp 500
o UDP 4500 if going through NAT
>> IPSEC Data Plane
o ESP (50) or AH (51)
o ESP over udp 4500 if going through NAT
>> Some platforms allow custom ports
o e.g ASA firewall
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IPSEC Control Plane
> ISAKMP & IKE Negotiation
IPSEC data plane
> ESP & AH Encapsulations
VPN Overview :
Extension of a private n/w over a public n/w
VPN doesn't necessarily imply encryption
Examples:
Layer 2 VPNs
Ethernet VLANs , QinQ , FR, PVCs , ATM
Layer 3 VPNs
GRE, MPLS, Layer 3 VPN , IPSEC
IPSEC Features:
Data origin authentication : Who did the packet come from ?
Data integrity : was the packet changed in the transit path
Data Confidentiality : can anyone read the packet in the transit path
Anti-replay : Did i already receive this packet
Why use IPSEC VPN
Does not need static SP provisioning link MPLS
independent of SP access method
> IPv4/IPv6 transport is the only requirement
- Allows both site to site & remote access
- Always on VS dial on demand
- offers data protection
-- Main motivation for IPSEC
+++++++ HOW IPSEC WORKS ++++++
- IPSEC is a N/W layer protocol (layer 3)
-- Different from SSL(7) or 802.1AE macsec (2)
- Main goal is to encrypt and authenticate IPv4 or IPv6 packets
- Uses symmetric ciphers for encryption ( e.g 3DES)
- Keyed hashing for authentication ( e.g MD5 )
- Used to create P2P tunnels between endpoints
- GetVPN is an exception , which can use P2MP
++++ HOW IPSEC TUNNELS WORK ++++
- Tunnels are dynamically negotiated through IKE
- Main goal is to not define crypto keys manually
- IPSEC use two data structures to build a tunnel
Security association (SA)
- An agreement of ipsec parameters
- Maintains encryption & authentication keys on peers
Security parameter index ( SPI)
- Field in packet header to select SA on receiver
- Analogous to VLAN header or MPLS Label
ISAKMP vs IKE
-- ISAKMP / IKE are the negotiation protocols used to form SAs
-- Internet security association key management protocol is the framwork
-- says that authentication & keying occurs
-- Internet key exchange ( IKE)
-- IKE is the actual implementation
-- Defines how authentication and keying occurs
In general ISAKMP/IKE terms are interchangeable
IKEv1 VS. IKEv2 Negotiation
-- IKE v1 was the original implementation
-- spread across lots of RFCs
-- Problem with Interoperability with same feature
-- IKE v2 adds new improvements
-- Simplified RFC & Packet formats , better interoperability
-- More flexible designs
-- E.g use pre-shared keys on one but certificates on the other
-- supports more secure "suite B" algorithm
-- No change to IPSEC data plane only control plane (IKE)
IPSEC Tunnel Negotiation with IKE
-- goal of ipsec exchange is to establish SAs
-- occurs through two main negotiation phase using IKE
-- IPSEC phase 1
-- Authenticate endpoints and build a secure tunnel for further negotiation
-- Result is called the ISAKMP SA
-- IPSEC phase 2
-- Establish the tunnel used to protect the actual data traffic
-- Result is called the IPSEC SA
Negotiating the ISAKMP SA
-- During IKE phase 1 , peers negotiate 4 main parameters
-- Authentication method
-- Diffi - hellman group ( 1/2/5/ ----)
-- Encryption type (DES/ 3DES / AES)
-- Hash algorithm ( MD5 / SHA 1 )
IKE Authentication - 2 ways
-- Pre-shared keys (PSK)
-- X.509 Certificates (PKI)
PSK is easy , but PKI is scalable
o PSKs are difficult to maintain and change
o PKI allows easy revocation & also hierarchy
IKE v2 adds improved authentication : e.g EAP methods
IKE Diffie-Hellman group
-- DH is the method to exchange crypto keys
-- DH group number determines strength of keys
-- Higher group is better , but at expense of CPU
-- Result of DH is what 3DES , AES etc , use as their symmetric keys
IKE Encryption
o Encryption algorithm used to protect the traffic
o DES, 3 DES , AES-128,256 etc
o Higher is better but at the expense of CPU
o Some can be h/w accelerated
i.e AES crypto offload card
IKE v2 ------- RFC 4307
IKE Hashing
-- One way hash used to authenticate the packet
o if hashes match , the packet was not modified in transit
o Higher is better , but again at the expense of CPU
Hashes supported depends on IKE version
o IKE v1 MD5 & SHA-1
o IKE v2 SHA - 256 , SHA - 384 etc
ISAKMP Policies:
o Combinations of IKE params are ISAKMP policy
o IKE initiator sends all its policies through a proposal
o IKE respond checks received policies against its own
o First match is used , based on lowest priority value
o Else , connection is rejected
After phase 1 completes , an encrypted tunnel exists between the peers
o phase 2 negotiation can now be hidden from devices in transit
Negotiating the IPSEC SA
o In phase 2 peers agree on more parameters ......
>> security protocol
encapsulating security payload (ESP ) or Authentication header (AH)
>> encapsulation mode
tunnel mode or transport mode
>> encryption
DES, 3 DES , AES , etc
>> authentication
MD5, SHA, SHA-256, SHA - 512 etc
>> Combination of these is called IPSEC Transform set
IPSEC security protocols:
>> IPSEC supports two data plane encapsulations
AH & ESP
AH vs ESP
AH
o IP Protocol number 51
o Data origin authentication includes IP Header
o Data integrity
ESP
o IP Protocol number 50
o Data origin authentication encludes IP Header
o Data integrity
o Data encryption
o Anti - reply
AH supports only authentication
o Rarely used for VPNs due to this reason
o IPv6 OSPFv3 can use AH for neighbor authentication
ESP supports authentication & encryption
o Preferred method of IPSEC . VPNs
o Most remote access clients only supports ESP
Tunnel vs Transport
AH & ESP supports 2 modes of encapsulation
Transport :
o original ip header retained
o payload and layer 4 header authenticated encrypted with ESP
o complete pkt authenticated with AH
o typically used in host to host IPSEC
Tunnel :
o adds new ip header
o original header & payload authenticated / encrypted with ESP
o complete packet authenticated with AH
o typically used between ipsec gateways or host to IPSEC gateway
Negotiating the IPSEC SA (cont.)
>> Phase 2 negotiation also includes .....
>> Proxy identities
o Defines what traffic will be protected
o Also called " proxy acls "
>> Security Association (SA) lifetime
o How often should we re-key
>> Perfect forward secrecy (PFS)
o Should we re-negotiated DH before we re-key
IPSEC proxy identities
>> Defines what traffic goes into the ipsec-tunnel
o i.e the "interesting traffic " to trigger the tunnel
>> Proxy ACLs should be mirror images
o Take a tunnel from peer A to Peer B
o Peer A says traffic from X > Y
o Peer B says traffic from Y > X
Like any other parameter mismatch , misconfiguration will cause tunnel failure
SA Lifetimes:
>> ISAKMP/ IPSEC SA both have finite lifetime
o Before expiration , SA is re-keyed
o Lifetime can be time or bits
o Lower value of initiator or receive is negotiated
What do we re-key with ?
o previous DH exchange or new DH exchange
o depends on PFS
Perfect Forward secrecy (PFS)
o without PFS, IPSEC SA re-keying is done from the initially negotiated master key
o one compromised key theoretically means all keys compromised
>> PFS cause new DH exchange prior to rekeying
o makes IPSEC SA keys independent from previous ones
o more secure but at the expense of CPU
IPSEC control plane vs Data plane
>> All traffic is unicast IPv4 / IPv6
>> IPSEC control plane (ISAKMP)
o udp 500
o UDP 4500 if going through NAT
>> IPSEC Data Plane
o ESP (50) or AH (51)
o ESP over udp 4500 if going through NAT
>> Some platforms allow custom ports
o e.g ASA firewall
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
No comments:
Post a Comment