Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 16: IPsec IKE history of IKE Photurus IKE phases –phase 1 aggressive mode main mode –phase 2.

Published byGiles Holland Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Lecture 16: IPsec IKE history of IKE Photurus IKE phases –phase 1 aggressive mode main mode –phase 2."— Presentation transcript:

1 1 Lecture 16: IPsec IKE history of IKE Photurus IKE phases –phase 1 aggressive mode main mode –phase 2

2 2 History of IKE Early contenders: –Photuris: Authenticated D-H with cookies & identity hiding –SKIP: Auth. D-H with long-term public exponents known to the other party ISAKMP: –a protocol specifying only payload formats & exchanges (i.e., an empty protocol) –adopted by the IPsec working group Oakley: modified Photuris; can work with ISAKMP IKE: a particular Oakley-ISAKMP combination

3 3 Photuris C A : Alice’s cookie; for connection identification (in case she initiates multiple connections to Bob) C B : Bob’s cookie, stateless; against DoS (why?) Alice Bob CACA C A,C B, crypto offered C A,C B, g a mod p, crypto selected C A,C B, g b mod p C A,C B, K{“Alice”, signature on previous messages} (K = g ab mod p) C A,C B, K{“Bob”, signature on previous messages}

4 4 IKE/ISAKMP Phases Phase 1 : –does authenticated D-H, establishes session key & “ISAKMP SA or IKE SA” (security association, what’s that again?) –two possible modes: Main & Aggressive –two keys are derived from the session key: SKEYID_e: to encrypt Phase 2 messages SKEYID_a: to authenticate Phase 2 messages Phase 2: –IPsec (AH or ESP) SA established; messages encrypted & authenticated with Phase 1 keys –optional additional D-H exchange for PFS why two phases? –ISAKMP may possibly used for other things besides IPsec –may have different conversations on top of same phase 1 (with different security characteristics) –key rollover is easier on phase 2 rather than repeating phase 1

5 5 Phase 1 Modes two possible modes: –main mode: 6 rounds; provides identity hiding –aggressive mode: 3 rounds types of authentication: –MAC with pre-shared secret key –digital signatures –public key encryption original: all public key encryption revised: public + secret key encryption

6 6 Phase 1 – Aggressive Mode previous messages are used to compose the proof, what else? one problem – if Bob does not support any of the Alice’s crypto choices it just has to terminate the connection without informing Alice (why?) Alice Bob g a mod p, “Alice”, crypto offered g b mod p, crypto selected, proof I’m Bob proof I’m Alice

7 7 Phase 1 – Main Mode Alice Bob crypto offered crypto selected g a mod p g b mod p K{“Alice”, proof I’m Alice} (K = g ab mod p) K{“Bob”, proof I’m Bob}

8 8 Phase 1 Issues crypto parameters: Alice presents all algorithm combinations she can support – may be too costly – what if she supports any combination proof of identity: –certain fields of the previous messages are hashed & signed/encrypted in the final rounds –not included: Bob’s accepted parameters (problematic) cookies: –similar to Photuris cookies –yet cookies include the crypto parameters Alice offered, Bob is no longer stateless (why? why is this a problem?)

9 9 Phase 2 X: pair of cookies generated in Phase 1 Y: session identifier within Phase 1 (could be multiple sessions) each message is encrypted/authenticated with Phase 1 keys traffic: optional description of acceptable traffic key generation: based on Phase 1 key, SPI, nonces what’s SPI (security parameter index)? Alice Bob X, Y, CP, SPI A, nonce A, [traffic], [g a mod p] X, Y, CPA, SPI B, nonce B, [traffic], [g b mod p] X, Y, ack Phase1 SA

Download ppt "1 Lecture 16: IPsec IKE history of IKE Photurus IKE phases –phase 1 aggressive mode main mode –phase 2."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Header and Payload Formats

Header and Payload Formats
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec – IKE CS 470 Introduction to Applied Cryptography

IPsec – IKE CS 470 Introduction to Applied Cryptography
IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.

IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Internet Key Exchange. IPSec – Reminder SPI SA1 2 3 …… SAD.

Internet Key Exchange. IPSec – Reminder SPI SA1 2 3 …… SAD.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

Similar presentations

Ads by Google