Presentation is loading. Please wait.

Presentation is loading. Please wait.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial."— Presentation transcript:

1

2 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial

3 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Agenda Cryptography Basics Cryptography Basics IPSEC IPSEC IKE IKE IKE Hybrid Mode IKE Hybrid Mode

4 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Cryptography - Basics Cryptography is used for Cryptography is used for  Confidentiality  Integrity  Authentication (signature) 2 categories 2 categories  Symetric cryptography  Asymetric cryptography

5 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Symetric Cryptography Same Key is performing encryption and decryption Same Key is performing encryption and decryption Hi Bob ! *  ^1 ’  ’h’ Hi Bob ! ALICE BOB

6 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Symetric Cryptography Symetric Encryption Algorythms : Symetric Encryption Algorythms :  DES, 3DES  RC2, RC4, RC5  IDEA  BlowFish  CAST  FWZ-1

7 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Symetric Cryptography Advantages : Advantages :  Fast  Reliable (depends on the Key lenght) Disadvantages Disadvantages  The Key must remain secret  Key Management  Large number of people / sites  Key changes

8 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Asymetric Cryptography 2 Keys 2 Keys  1 Public  1 Private  Both are linked together Algorytms : Algorytms :  RSA (Rivest Shamir Adleman)  Diffie Helmann Public key Published Private key Confidential

9 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Asymetric Cryptography (RSA) ConfidentialityAuthentication Receiver’s Private key Decryption Receiver’s Public key Encryption Sender’s Private keySender’s Public key EncryptionDecryption

10 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Asymetric Cryptography Ex. : confidentiality with RSA Ex. : confidentiality with RSA ALICE BOB Hi Bob ! *&^1 )-h@’ Hi Bob ! Bob’s private key Bob’s public key

11 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Asymetric Cryptography : DH ALICEBOB DH private key DH private key Alice’s DH public key Bob’s DH public key Bob’s DH public key Alice’s DH public key DH Secret key

12 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Symetric Cryptography Advantages : Advantages :  No need to distribute Secret Keys Disadvantages Disadvantages  Slow (100 to 1000 times slower than Symetric cryptography)

13 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Agenda Cryptography Basics Cryptography Basics IPSEC IPSEC IKE IKE IKE Hybrid Mode IKE Hybrid Mode

14 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IPSEC Tunnel mode : Tunnel mode :  AH (ip protocol 33)  ESP (ip protocol 32) Authentication / Integrity Encrypted New IP Header ESP Original IP Header Authentication / Integrity New IP Header AH Original IP Header ESPAH

15 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Agenda Cryptography Basics Cryptography Basics IPSEC IPSEC IKE IKE IKE Hybrid Mode IKE Hybrid Mode

16 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Before we begin, one necessary term. HMAC is an “authenticated” hash computation. It is a method to digitally sign data without using public key cryptography. Before we begin, one necessary term. HMAC is an “authenticated” hash computation. It is a method to digitally sign data without using public key cryptography. HMAC(key, data) = HASH(mix(key,data))

17 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Basic concept in IKE: Security Association (SA). Basic concept in IKE: Security Association (SA). An SA contains all information necessary for two entities to exchange secured messages. An SA contains all information necessary for two entities to exchange secured messages. Each SA has an identifier, sometimes called an SPI. Each SA has an identifier, sometimes called an SPI. Example SA: Example SA: SPI: 12345 Encryption algorithm: DES HMAC algorithm: MD5 Encryption key: 0x65f3dde… HMAC key: 0xa3b443d9… Expiry: 15:06:09 13Oct98

18 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial In IP security, there are two types of SAs: In IP security, there are two types of SAs:  IKE SA: used for securing key negotiations.  IPSEC SA: used for securing IP data. When two IP entities wish to secure IP data between them, the following will occur: When two IP entities wish to secure IP data between them, the following will occur:  Negotiate IKE SA.  Use IKE SA to negotiate IPSEC SA.  Use IPSEC SA to encrypt IP data. The IKE SA is long term. It will typically be used to secure many IPSEC SA negotiations. The IKE SA is long term. It will typically be used to secure many IPSEC SA negotiations.

19 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial The negotiation of IKE SAs is called “Phase 1”. The negotiation of IKE SAs is called “Phase 1”.  Phase 1 is authenticated using either PKI, or pre- shared secrets.  There are two types of Phase 1 negotiations: “Main Mode” and “Aggressive Mode”.  Aggressive Mode is more efficient (shorter negotiation), but does not provide identity protection. Negotiating IPSEC SAs is called “Phase 2”. Negotiating IPSEC SAs is called “Phase 2”.  There is only one type of Phase 2 negotiation, called “Quick Mode”.

20 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 1: First Message Pair Phase 1, Main Mode consists of three pairs of messages. Remember: goal is to establish an IKE SA. Phase 1, Main Mode consists of three pairs of messages. Remember: goal is to establish an IKE SA. First pair: negotiation of parameters for the IKE SA: algorithms, authentication type, expiry. Simplified example: First pair: negotiation of parameters for the IKE SA: algorithms, authentication type, expiry. Simplified example: AliceBob “We can do 3DES and SHA1, or DES and MD5” “Let’s do 3DES and SHA1”

21 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 1: Second Message Pair Second pair: exchange of cryptographic data. Goal is to establish a shared secret between two entities: Second pair: exchange of cryptographic data. Goal is to establish a shared secret between two entities: Note: the DH key is used only for this exchange, and then thrown away. Note: the DH key is used only for this exchange, and then thrown away. AliceBob “Here’s a DH public key, and some random data” “Here’s a DH public key, and some random data” Alice and Bob both compute a shared secret which is a function of the DH keys and the random data.

22 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 1 Some notes before the third pair of messages: Some notes before the third pair of messages:  Alice and Bob now have a shared secret, and they can use it to encrypt the third pair of messages.  First and second pairs do not provide any authentication. Alice and Bob could be masquerading, or Eve could be attacking using the “man-in-the-middle” technique.  Furthermore, Alice and Bob do not know who they are negotiating with. All they know is an IP address from which the messages are arriving.

23 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 1: Third Message Pair Third pair of messages is encrypted. The goal is to exchange identities, prove the identities, and retroactively authenticate all the previous messages. The authentication can be based on either pre- shared secrets, or on PKI. Example: Third pair of messages is encrypted. The goal is to exchange identities, prove the identities, and retroactively authenticate all the previous messages. The authentication can be based on either pre- shared secrets, or on PKI. Example: Alice Bob I’m alice@wonderland.com. Here’s an HMAC over all the data we exchanged, using our pre-shared secret. I’m 204.53.10.4. Here’s an HMAC over all the data we exchanged, using our pre-shared secret.

24 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 1 Some remarks: Some remarks:  How does this work with PKI? Addressed in PKI presentation.  Identity types include X.500 Distinguished Names, E-mail addresses, IP addresses and more.  Result of negotiation is a single, bi-directional IKE SA.  Authentication with pre-shared secrets allows dictionary attacks on the pre-shared secret.

25 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 2 Phase 2 is always secured by an IKE SA. The IKE SA provides secrecy, authentication, and data integrity. Phase 2 is always secured by an IKE SA. The IKE SA provides secrecy, authentication, and data integrity. Remember: the goal is to establish an IPSEC SA. Remember: the goal is to establish an IPSEC SA. Three messages in Phase 2: Three messages in Phase 2:  Message 1: Suggestion of parameters, and identities for whom we’re negotiating.  Message 2: Choice of parameters, and HMAC signature on first message.  Message 3: HMAC signature on previous messages. HMAC signatures use a key from the IKE SA. HMAC signatures use a key from the IKE SA.

26 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 2 Example Phase 2 (simplified) exchange: Example Phase 2 (simplified) exchange: Alice Bob Let’s do either ESP DES/MD5, or AH SHA1. I’m negotiating on behalf of subnets 189.63.71.0 and 204.53.10.0. Here’s some random data. Let’s use AH SHA1. Here’s an HMAC of the previous message using our IKE SA HMAC key. Here’s some random data Here’s an HMAC of the previous messages using our IKE SA HMAC key.

27 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 2 Remarks: Remarks:  The keys in the resulting IPSEC SA are a function of the IKE SA key and the random data.  The result of the negotiation are two uni- directional IPSEC SAs, each with a distinct SPI (SPI are also part of the negotiation).  The SAs can only be used to encrypt IPSEC traffic between the negotiated identities.  Identity types are IP addresses, IP ranges, IP subnets.

28 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential IKE Tutorial Phase 2 More Remarks: More Remarks:  Perfect Forward Secrecy (PFS) can be turned on to provide additional security. It includes an additional exchange of DH keys.  When an SA is about to expire, the entities can start a new negotiation. If the IKE SA is valid, only Phase 2 is required. Otherwise, both Phase 1 and Phase 2 are required. One other types of IKE message: “informational”. Examples: error messages, requests to delete Sas. One other types of IKE message: “informational”. Examples: error messages, requests to delete Sas.

29 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Agenda Cryptography Basics Cryptography Basics IPSEC IPSEC IKE IKE IKE Hybrid Mode IKE Hybrid Mode

30 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Hybrid Mode IKE - What is it? A method of using Authentication Schemes other than a Pre-shared Secret, or a Digital Certificate with IKE A method of using Authentication Schemes other than a Pre-shared Secret, or a Digital Certificate with IKE IKE Standard did not originally allow for authentication schemes like: IKE Standard did not originally allow for authentication schemes like:  Token Cards - SecurID, etc.  LDAP  RADIUS  NT Domain  Firewall-1 Password  etc

31 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Hybrid Mode Challenge: integrate all FW-1 authentication schemes with IKE Challenge: integrate all FW-1 authentication schemes with IKE  Standards based solution does not exist Requirements: Requirements:  Open: integrates well with all authentication schemes  Secure: mutual (user vs. gateway) authentication  Standards based: suggest solution to IETF (draft-ietf- ipsec-isakmp-hybrid-auth-03) Existing solutions are: Existing solutions are:  Proprietary (hard to determine their security)  Or, insecure suggested standards (XAUTH)

32 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Hybrid Mode Solution: Solution:  Gateway cannot use an “interactive” authentication scheme, unlike a user:  Gateway uses PKI  User uses of the FW-1 authentication schemes  FW-1 Password, LDAP, TACACS+, RADIUS, etc. CP management station includes simple PKI abilities CP management station includes simple PKI abilities  Sufficient to deploy certificates to the gateways  NOT a full blown PKI for users

33 ©2000 Check Point Software Technologies Ltd. - Proprietary & Confidential Hybrid Mode Example (Radius) GW User A’s certificate + A’s signature over previous data User identity, hash of previous data Check identity in certificate and validate Check identity SA Negotiation Radius challenge (“enter password”) Password 1232456 Validate password Establish encrypted channel

34 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Questions ?

Download ppt "W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
IPsec – IKE CS 470 Introduction to Applied Cryptography

IPsec – IKE CS 470 Introduction to Applied Cryptography
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Similar presentations

Ads by Google