ISA 662 - PowerPoint PPT Presentation

About This Presentation
Title:

ISA 662

Description:

DH public keys need to be authenticated. authentication can be done by many techniques ... sandwiched between phase 1 and 2. group can be negotiated in phase 1 ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 29
Provided by: ravis4
Learn more at: https://cs.gmu.edu
Category:
Tags: isa | keys

less

Transcript and Presenter's Notes

Title: ISA 662


1
ISA 662 IKE Key management for IPSEC
Prof. Ravi Sandhu
2
INTERNET KEY EXCHANGE(IKE)
  • Hybrid protocol

IKE
3
ISAKMP
  • Internet security association and key management
    protocol
  • separates key management from key exchanges
  • complex general protocol used in a specific way
    in IKE
  • can apply to protocols other than IPSEC
  • for IPSEC uses UDP over IP

4
IKE
  • ISAKMP phase 1 establishes ISAKMP SA
  • Main mode (DH with identity protection)
  • Aggressive mode (DH without identity protection)
  • Between phases
  • New group mode
  • ISAKMP phase 2 establishes SA for target
    protocol
  • Quick mode

5
DIFFIE-HELLMANKEY ESTABLISHMENT
yAaxA mod p public key
yBaxB mod p public key
A
B
private key xA
private key xB
k yBxA mod p yAxB mod p axAxB mod p
system constants p prime number, a integer
6
PERFECT FORWARD SECRECY
  • Use a different DH key-pair on each exchange
  • DH public keys need to be authenticated
  • authentication can be done by many techniques
  • Loss of long-term (authentication) keys does not
    disclose session keys

7
PHASE 1 AUTHENTICATION ALTERNATIVES
  • public-key signature
  • preshared-key
  • public-key encryption
  • revised public-key encryption

8
COOKIE EXCHANGE
  • Phase 1 employs cookie exchange to thwart (not
    prevent) denial of service attacks
  • A -gt B Cookie_Request
  • As cookie, 64 bit random number
  • B -gt A Cookie_Response
  • includes A and Bs cookies
  • all further Phase 1 and Phase 2 messages include
    both cookies
  • ISAKMP SA is identified by both cookies
  • IPSEC protocol SA is identified by SPI

9
COOKIE GENERATION
  • hash over
  • IP Source and Destination Address
  • UDP Source and Destination Ports
  • a locally generated random secret
  • timestamp

10
IKE DEFAULT OAKLEY DH GROUPS
  • Group 1
  • MODP, 768 bit prime p, g2
  • Group 2
  • MODP, 1024 bit prime p, g2
  • Group 3
  • EC2N, 155 bit field size
  • Group 4
  • EC2N, 185 bit field size
  • private groups can be used

11
IKE NOTATION
12
IKE NOTATION
13
SKEYS, HASH AND SIG
14
MAIN MODE WITHDIGITAL SIGNATURES
15
AGGRESSIVE MODE WITHDIGITAL SIGNATURES
16
MAIN AND AGGRESSIVE MODE WITH PRE-SHARED KEY
17
MAIN MODE WITHPUBLIC KEY ENCRYPTION
18
AGGRESSIVE MODE WITHPUBLIC KEY ENCRYPTION
19
AUTHENTICATION WITH PUBLIC-KEY ENCRYPTION
  • does not provide non-repudiation
  • provides additional security since attacked must
    break both
  • DH key exchange
  • public-key encryption
  • provides identity protection in aggressive mode
  • revised protocol reduces public-key operations

20
MAIN MODE WITH REVISED PUBLIC KEY ENCRYPTION
21
MAIN MODE WITH REVISED PUBLIC KEY ENCRYPTION
22
AGGRESSIVE MODE WITH REVISED PUBLIC KEY ENCRYPTION
23
PHASE 2 QUICK MODE
24
PHASE 2 QUICK MODE
25
PHASE 2 QUICK MODE
26
PHASE 2 QUICK MODE
27
NEW GROUP MODE
  • sandwiched between phase 1 and 2
  • group can be negotiated in phase 1
  • new group mode allows nature of group to be
    hidden
  • in phase 1 only group id is communicated in clear

28
NEW GROUP MODE
Write a Comment
User Comments (0)
About PowerShow.com