Advanced Security Technology Concepts PDF

Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
1
1 1999, Cisco Systems, Inc.
318
0944_05F9_c1 1 1999, Cisco Systems, Inc.
318
0944_05F9_c1
318
0944_05F9_c1
Advanced Security Advanced Security
Technology Concepts Technology Concepts
Session 318 Session 318
Presentation_ID.scr
2
318
0944_05F9_c1
What Is Cryptography What Is Cryptography
A way of keeping information private
Provides authentication and integrity
Nonrepudiation
Requires key management
A communications enabler
Communication with confidence
318
0944_05F9_c1
Agenda Agenda
Encryption Concepts and Terminology
The PKI and CEP
A Day In the Life of an IPSec Packet
IPSec Implementation Issues
Presentation_ID.scr
3
318
0944_05F9_c1
Encryption Concepts Encryption Concepts
and Terminology and Terminology
318
0944_05F9_c1
318
0944_05F9_c1
Confidentiality Confidentiality
Confidentialitycommunicating such
that the intended recipients know
what was being sent but unintended
parties cannot determine what
was sent
Presentation_ID.scr
4
318
0944_05F9_c1
Pub Pub
Keys Keys
Each device has three keys:
1. A private key that is kept secret and never shared.
Used to sign messages
2. A public key that is shared. Used by others to verify
a signature
3. A shared secret key that is used to encrypt data
using a symmetric encryption algorithm (e.g., DES)
DES DES
DES DES
Pri Pri
Pub Pub
WAN
Pri Pri
318
0944_05F9_c1
Cost 40 56 64 80 112 128
100 K 2 secs 35 hours 1 year 70,000 yrs 10
14
yrs 10
19
yrs
1 M .2 secs 3.5 hours 37 days 7000 years 10
13
yrs 10
18
yrs
10 M .02 secs 21 mins 4 days 700 years 10
12
yrs 10
17
yrs
100 M 2 millisecs 2 mins 9 hours 70 years 10
11
yrs 10
16
yrs
1 B .2 millisec 13 secs 1 hour 7 years 10
10
yrs 10
15
yrs
Estimated Time for Brute-Force Attack
(1995) on Symmetric Keys
Key Sizes Key Sizes
Presentation_ID.scr
5
318
0944_05F9_c1
Public Key
Decryption Decryption
Private Key
Networkers Networkers &^$!@#l:{Q &^$!@#l:{Q Networkers Networkers
Encryption Encryption
Asymmetric or Asymmetric or
Public-Key Encryption Public-Key Encryption
Encryptor and decryptor use different
mathematical functions
Encryptor and decryptor use different keys
Example: Public key algorithms
(RSA, Diffie-Hellman)
Generate a secret key
318
0944_05F9_c1
Y
B

= g

mod p
Secret Value,
X
B
Public Value,
Alice Alice Bob Bob
Secret Value, X
A
Public Value, Y
A
Y
A
Y
A
=g mod p
X
A
Y
B
X
B
(Shared Secret)
g is a large prime
p size is based on D-H group
Y
B
mod p = g mod p = Y
A
mod p
X
B
X
A
X
B
X
A
The Diffie-Hellman The Diffie-Hellman
Public Key Exchange Public Key Exchange
Presentation_ID.scr
6
318
0944_05F9_c1
Host A
prime p = 5, primitive g = 3
Choose Xa such that
0 <= Xa < p, Xa = 2
Ya = g ^Xa mod p
= 3^2 mod 5
= 4
Exchange Values
p, g, Ya
Ke = Yb^ Xa mod p
= 1^2 mod 5
= 1
Host B
prime p =5, primitive g = 3
Choose Xb such that
0 <= Xb < p, Xb =4
Yb = g^Xb mod p
= 3^4 mod 5
=1
Exchange Values
p, g, Yb
Ke = Ya^Xb mod p
= 4^4 mod 5
= 1
Diffie-Hellman Example Diffie-Hellman Example
318
0944_05F9_c1
Secret Key Secret Key
Decryption Decryption
Networkers Networkers &^$!@#l:{Q &^$!@#l:{Q Networkers Networkers
Encryption Encryption
Symmetric Encryption Symmetric Encryption
Encryption and decryption use same
mathematical function
Encryption and decryption use same key
Example: Data Encryption Standard (DES, IDEA
RC2, RC4)
Presentation_ID.scr
7
318
0944_05F9_c1
Decryption Decryption Encryption Encryption
Clear-Text
Original
Clear-Text
Cipher-Text
Networkers Networkers
&^$!@#l:{Q &^$!@#l:{Q
Networkers Networkers
DES Encryption DES Encryption
Peer routers now have identical keys
DES encryption turns cleartext
into ciphertext
Decryption restores cleartext
from ciphertext
318
0944_05F9_c1
IV
E
K
E
K
C
i-1
P
i+1
C
i+1
P
i
C
i
DES TransformsCFB DES TransformsCFB
Presentation_ID.scr
8
318
0944_05F9_c1
IV
E
K
C
i-1
P
i
E
K
C
i
P
i+1
E
K
C
i+1
DES TransformsCBC DES TransformsCBC
318
0944_05F9_c1
64 bit block plain text
Initial Permutation
32 bits 32 bits
Expansion Permutation
S-Box Substitution
Compression
Permutation
Choose 48 bits
L
i-1
56 bit Key
R
i-1
P-Box Permutation
L
i
R
i
Shift 28 bits Shift 28 bits
56 bit Key
XOR XOR
XOR XOR
DES Explained DES Explained
Presentation_ID.scr
9
318
0944_05F9_c1
Integrity Integrity
Integrityensuring that data
is transmitted from source to
destination without
undetected alteration
318
0944_05F9_c1
Message
Secret
Key
Secret
Key
Hash
Function
Hash
Function
Hash
Message-Digest Algorithms Message-Digest Algorithms
Secret key and message
are hashed together
Recomputation of digest
verifies that message
originated with peer and
that message was not
altered in transit
Also used in
digital signatures
Examples HMAC-MD5,
HMAC-SHA
Presentation_ID.scr
10
318
0944_05F9_c1
Hash Algorithms Hash Algorithms
Produces a 128 bit hash
value
Input 512 bit block split as
16 x 32 bit blocks
Output is 4 x 32 bit blocks
concatenated
4 Chaining variables
4 rounds of 16 operations
with 4 functions per round
value
16 x 32 bit blocks
concatenated
4 rounds of 16 operations
with 4 functions per round
value
16 x 32 bit blocks,
expanded to 80 x 32 bit
blocks
concatenated
4 rounds of 20 ops
value
16 x 32 bit blocks,
expanded to 80 x 32 bit
blocks
concatenated
4 rounds of 20 ops
MD5 MD5 SHA SHA
318
0944_05F9_c1
Authentication Authentication
AuthenticationKnowing that the
data received is the same as the data
that was sent and that the claimed
sender is in fact the actual sender.
Presentation_ID.scr
11
318
0944_05F9_c1
Sign Hash with Private Key
Hash of Message
Signature = Encrypted
Hash of Message
Alice Alice
Hash
Function
Hash
Function
Message
s74hr7sh7040236fw
7sr7ewq7ytoj56o457 7sr7ewq7ytoj56o457
One-way function. Easy to
produce hash from message,
impossible to produce
message from hash
0872_05F7_c1
Digital Signatures Digital Signatures
318
0944_05F9_c1
Message
A
lice
A
lice
Hash
Function
Hash
Function
Decrypt the
Received
Signature
Decrypt Using
Alices Public Key
Hash of
Message Hash Message
Message with
Appended
Signature
If Hashes are
Equal, Signature
is Authentic
Re-Hash the
Received
Message
Message
Signature Signature
Signature Signature
Signature Verification Signature Verification
Presentation_ID.scr
12
318
0944_05F9_c1
Message
S
ecret
S
ecret
S
ecret
S
ecret
B
o
b
B
o
b
+
Alice Encrypts
Message
with a Random
Secret Key
Encrypt the
Secret Key
with Bobs
Public Key
S
ecret
S
ecret
B
o
b
B
o
b
Bob Decrypts the
Secret Key with His
Private Key, then
Decrypts the
Message
Used During CA Transactions Used During CA Transactions
Digital Envelope Digital Envelope
318
0944_05F9_c1
PKI and CEP PKI and CEP
318
0944_05F9_c1
Presentation_ID.scr
13
318
0944_05F9_c1
Certificate
Authority
Key Recovery
Certificate
Revocation
Registration and
Certification Issuance
Certificate
Distribution
Key
Generation
Support for Non-
Repudiation
Trusted Time
Service
Key Storage
PKI Components PKI Components
318
0944_05F9_c1
Certificate Life Cycle and Certificate Life Cycle and
ManagementPKIX ManagementPKIX
Expiration Expiration Revocation Revocation
Useful Life Useful Life
Certification Certification
Initialization Initialization
Presentation_ID.scr
14
318
0944_05F9_c1
Certificates and Certificates and CAs CAs
Certificate Authority (CA) verifies identity
CA signs digital certificate containing
devices public key
Verisign On-Site, Entrust PKI, Netscape
CA, Microsoft CA
Internet Internet
B A N K
318
0944_05F9_c1
Certificate :: = Certificate :: =
{{
Version (v3) Version (v3)
Serial Number Serial Number
Sign Algorithm ID Sign Algorithm ID
Issuer Name Issuer Name
Validity Period Validity Period
Subject Name Subject Name
Subject Public Key Subject Public Key
Issuer Unique ID Issuer Unique ID
Subject Unique ID Subject Unique ID
Extensions Extensions
Signature Signature
}}
X.509v3 Certificate X.509v3 Certificate
Binds user identity
(Subject Name) to a
public key via signature
Issuer (CA) signs cert
Note cert has defined lifetime
Identifies which signature
algorithm was used to
sign cert
Extension fields allow other
information to be bound to
cert (e.g., subjects
clearances)=
Presentation_ID.scr
15
318
0944_05F9_c1
Home-gw
10.1.2.3
Home-gw
10.1.2.3
Enrolling a Device with a CA Enrolling a Device with a CA
Generate public/private keys
Send certificate request to CA
CA signs certificate
Retrieve certificate from CA
318
0944_05F9_c1
Cert 12345
Cert 12241
Cert 22333
Certificate Revocation List Certificate Revocation List
List of revoked
certificates signed
by CA
Stored on CA or
directory service
No requirement on
devices to ensure
CRL is current
Revoked Revoked
Presentation_ID.scr
16
318
0944_05F9_c1
Certificate Authority
Certificate User
Certificate (points issuer to subject)
Cross Certificate
Alice
Bob
Carol
CA RelationshipsHierarchy CA RelationshipsHierarchy
and Cross-Certification and Cross-Certification
CA CA
CA CA
CA CA
CA CA
CA CA
CA CA
CA CA
318
0944_05F9_c1
Certificate Enrollment Protocol Certificate Enrollment Protocol
PKCS #7 for signing and enveloping
PKCS #10 for certificate request
HTTP and LDAP for transport
Requires manual authentication
during enrollment
CRL distribution is manual
Presentation_ID.scr
17
318
0944_05F9_c1
A Day In the Life of an A Day In the Life of an
IPSec Packet IPSec Packet
318
0944_05F9_c1
318
0944_05F9_c1
I
P

H
e
a
d
e
r
I
P

H
e
a
d
e
r
IPSec Header(s)
AH/ESP
IP
D
a
t
a (
E
n
c
r
y
p
t
e
d
)
IP
D
a
t
a (
E
n
c
r
y
p
t
e
d
)
IPSec Overview IPSec Overview
Interoperable authentication,
integrity and encryption
Presentation_ID.scr
18
318
0944_05F9_c1
All Data in Clear Text
Router
Firewall
Authentication Header Authentication Header
Data integrityno twiddling of bits
Origin authenticationdefinitely
came from Router
Uses keyed-hash mechanism
Does NOT provide confidentiality
Replay protection
318
0944_05F9_c1
AH AH
Authentication
Data (00ABCDEF)
Authentication
Data (00ABCDEF)
IP Header + Data IP Header + Data
Router
Firewall
IP HDR IP HDR Data Data
AH Authentication and Integrity AH Authentication and Integrity
Presentation_ID.scr
19
318
0944_05F9_c1
Next
Header
Next
Header
Payload
Length
Payload
Length
RESERVED RESERVED
Security Parameter Index (SPI) Security Parameter Index (SPI)
Sequence Number Field Sequence Number Field
Authentication Data Authentication Data
IPSec Authentication IPSec Authentication
Header (AH) Header (AH)
AH header is
prepended to IP
datagram or to
upper-layer protocol
IP datagram, part of
AH header, and
message itself are
authenticated with a
keyed hash function
318
0944_05F9_c1
Encapsulating Security Payload Encapsulating Security Payload
Data confidentiality
Limited traffic flow confidentiality
Data integrity
Data origin authentication
Anti-replay protection
Does not protect IP Header
Presentation_ID.scr
20
318
0944_05F9_c1
Encryption with a Keyed-MAC
Authenticated
Firewall
Encrypted
ESP ESP IP HDR IP HDR Data Data
ESP Confidentiality and Integrity ESP Confidentiality and Integrity
Router
318
0944_05F9_c1
IPSec Encapsulating Security IPSec Encapsulating Security
Payload Header (ESP) Payload Header (ESP)
ESP header is
prepended to
IP datagram
Confidentiality
through encryption
of IP datagram
Integrity through
keyed hash function
Security Parameter Index (SPI) Security Parameter Index (SPI)
Sequence Number Field Sequence Number Field
Padding (If Any) Padding (If Any)
Pad
Length
Pad
Length
Next
Header
Next
Header
Initialization Vector Initialization Vector
Authentication Data Authentication Data
Payload Data Payload Data
Presentation_ID.scr
21
318
0944_05F9_c1
IP HDR IP HDR
Encrypted
IP HDR IP HDR DATA DATA
IPSec HDR IPSec HDR DATA DATA
IP HDR IP HDR DATA DATA
IPSec HDR IPSec HDR IP HDR IP HDR New IP HDR New IP HDR
Encrypted
DATA DATA
Tunnel Mode
Transport Mode
IPSec Modes IPSec Modes
318
0944_05F9_c1
Router
Firewall
Insecure Channel
Security Association (SA) Security Association (SA)
Agreement between two entities
on method to communicate securely
Unidirectionaltwo-way communication
consists of two SAs
Presentation_ID.scr
22
318
0944_05F9_c1
Tunnel-Mode
AH-HMAC-SHA
PFS 50
Tunnel-Mode
AH-HMAC-SHA
PFS 50
Transport-Mode
ESP-DES-HMAC-MD5
PFS 15
Transport-Mode
ESP-DES-HMAC-MD5
PFS 15
Security Associations Enable Security Associations Enable
Your Chosen Policy Your Chosen Policy
318
0944_05F9_c1
Destination Address
Security Parameter Index (SPI)
IPSec Transform
Key
Additional SA Attributes
(e.g., lifetime)
205.49.54.237 205.49.54.237
7A390BC1 7A390BC1
AH, HMAC-MD5 AH, HMAC-MD5
7572CA49F7632946 7572CA49F7632946
One Day or 100MB One Day or 100MB
IPSec Security Association (SA) IPSec Security Association (SA)
Presentation_ID.scr
23
318
0944_05F9_c1
IKE IKE
Negotiates policy to
protect communication
Authenticated Diffie-Hellman
key exchange
Negotiates (possibly multiple)
security associations for IPSec
A flavor of ISAKMP/Oakley for IPSec
Provides PFS
318
0944_05F9_c1
Perfect Forward Secrecy (PFS) Perfect Forward Secrecy (PFS)
Compromise of a single key will
permit access to only data
protected by that particular key
IKE provides PFS if required by using
Diffie-Hellman for each rekey
If PFS not required, can refresh key
material without using Diffie-Hellman
Presentation_ID.scr
24
318
0944_05F9_c1
IKE Authentication IKE Authentication
Signatures (RSA or DSS)
Diffie-Hellman secret, identity, hashed together and signed
Nonrepudiable proof of communication
Encrypted nonces (RSA only)
Pseudo-random nonce encrypted in other partys public key
Nonces, Diffie-Hellman secret, identities hashed
Repudiable, deniable exchange
Preshared key
Key is agreed-upon out-of-band
Key, Diffie-Hellman secret, identities hashed
Limited applicability
318
0944_05F9_c1
Cisco IOS Cisco IOS
IPSec Configuration IPSec Configuration

crypto isakmp policy 2
authentication pre-share
! If we are using pre-shared keys they must be
! manually defined on each peer
crypto isakmp key 1234 address 192.168.0.6
crypto isakmp key fred address 192.168.0.20
! These are the transforms or algorithms to be proposed for use
! by IPSec. They may include both an AH and ESP mechanism or
! one of either mechanism. Tunnel Mode is the default.
crypto ipsec transform-set test2 esp-des
crypto ipsec transform-set router esp-des esp-
sha-hmac
mode transport
! These are the SA policies that will be proposed during Phase 1.
! The policy with the highest priority that is acceptable to each
! peer is chosen
Presentation_ID.scr
25
318
0944_05F9_c1
Cisco IOS IPSec Configuration Cisco IOS IPSec Configuration
! If certain traffic matches the rules in access-list 101, then apply
! the crypto map or template. The map is called test1, it requires
! SAs for both ISAKMP and IPSec. The appropriate peer is
! 192.168.0.20 (Fred) and the transform-sets router and test2
! should be proposed to Fred in order to find the best match to
! be the basis of the IPSec SA. The ISAKMP SAs will be based
! on the ISAKMP policies defined earlier in the config
crypto map test1 10 ipsec-isakmp
set peer 192.168.0.20
set transform-set router test2
match address 101
! Apply the crypto map to an interface
interface Ethernet0
ip address 192.168.0.2 255.255.255.0
crypto map test1
access-list 101 permit ip host 192.168.0.2 host
192.168.0.20
318
0944_05F9_c1
SA Request IPSec (triggered by ACL)
Fred Fred
Wilma Wilma
IKE SA Offerdes, sha, rsa sig, D-H group 1, lifetime
Policy Match accept offer
Fred D-H exchange : KE, nonce
Wilma D-H exchange : KE, nonce
Fred Authenticate D-H apply Hash
Wilma Authenticate D-H apply Hash
ISAKMP
Phase 1
Oakley Main
Mode
ISAKMP
Phase 1
Oakley Main
Mode
IKE Bi-Directional SA Established IKE Bi-Directional SA Established
In the Clear
Protected
In the Clear
Protected
Establishing the IKE SA Establishing the IKE SA
Presentation_ID.scr
26
318
0944_05F9_c1
Fred Fred
Wilma Wilma
IPSec SA Offertransform, mode,pfs, authentication,lifetime
Policy Match accept offer
Fred D-H exchange or refresh IKE key
Wilma D-H exchange or refresh IKE key
ISAKMP
Phase 2
Oakley
Quick Mode
ISAKMP
Phase 2
Oakley
Quick Mode
IPSec Outbound SA Established
IPSec Inbound SA Established
IPSec Outbound SA Established
IPSec Inbound SA Established
Protected
by the
IKE SA
Protected
by the
IKE SA
Establishing IPSec SAs Establishing IPSec SAs
318
0944_05F9_c1
IKE with preshared keys
Fred proposes using esp-des to Wilma,
access-list 101 triggers the
IPSec requirement.
fred#telnet 192.168.0.2
Trying 192.168.0.2
A Day Debug A Day Debug
Presentation_ID.scr
27
318
0944_05F9_c1
Traffic matching an ACL specification triggers a policy
formulation by the sender. If more than one policy
exists for a particular destination, then gather all
relevant policies.
IPSEC(sa_request): ,
(key eng. msg.) src= 192.168.0.20, dest= 192.168.0.2,
src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),
dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des ,
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004
318
0944_05F9_c1
ISAKMP Phase One using Oakley Main Mode.
Negotiate an ISAKMP security association
(policy). This SA will protect any key and/or
parameter negotiation required by other services
such as IPSec.
ISAKMP (26): beginning Main Mode exchange
ISAKMP (26): processing SA payload. message ID = 0
ISAKMP (26): Checking ISAKMP transform 1 against priority
1 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP (26): atts are acceptable. Next payload is 0
Presentation_ID.scr
28
318
0944_05F9_c1
Exchange public/shared keys and nonces.
This is the actual Diffie-Hellman shared secret
calculation. Process KE which is the pre-shared
key information, then process the nonces and
generate the shared key SKEYID which will be
used as the actual encryption key.
CRYPTO: DH gen phase 1 status for conn_id 26 slot 0:OK
ISAKMP (26): SA is doing pre-shared key authentication
ISAKMP (26): processing KE payload. message ID = 0
CRYPTO: DH gen phase 2 status for conn_id 26 slot 0:OK
ISAKMP (26): processing NONCE payload. message ID = 0
ISAKMP (26): SKEYID state generated
318
0944_05F9_c1
Next, authenticate the Diffie-Hellman Exchange
using SHA as the hash algorithm to make sure
the payload information has not be intercepted
and tampered with.
ISAKMP (26): processing ID payload. message ID = 0
ISAKMP (26): processing HASH payload. message ID = 0
ISAKMP (26): SA has been authenticated
Presentation_ID.scr
29
318
0944_05F9_c1
Now, negotiate an SA for IPSec
This is ISAKMP Phase 2 using Oakley Quick Mode
ISAKMP (26): beginning Quick Mode exchange, M-ID of -652741699
IPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 258023605 for SA
from 192.168.0.2 to 192.168.0.20 for prot 3
ISAKMP (26): processing SA payload. message ID = -652741699
ISAKMP (26): Checking IPSec proposal 1
ISAKMP: transform 1, ESP_DES
ISAKMP: attributes in transform:
ISAKMP: encaps is 1
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
318
0944_05F9_c1
ISAKMP: SA life type in kilobytes
ISAKMP: SA life duration (VPI) of
0x0 0x46 0x50 0x0
ISAKMP (26): atts are acceptable.
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 192.168.0.2, src= 192.168.0.20,
dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),
src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
Presentation_ID.scr
30
318
0944_05F9_c1
Generate a shared key for encryption for IPSec.
Generally the original D-H generated shared secret
key is refreshed via combining it with a random value
(another nonce) as shown below.
ISAKMP (26): processing NONCE payload. message ID = -
652741699
ISAKMP (26): processing ID payload. message ID = -652741699
ISAKMP (26): processing ID payload. message ID = -652741699
318
0944_05F9_c1
ISAKMP (26): Creating IPSec SAs
inbound SA from 192.168.0.2 to 192.168.0.20 (proxy
192.168.0.2
to 192.168.0.20 )
has spi 258023605 and conn_id 27 and flags 4
lifetime of 3600 seconds
lifetime of 4608000 kilobytes
outbound SA from 192.168.0.20 to 192.168.0.2 (proxy
192.168.0.20
to 192.168.0.2 )
has spi 251200955 and conn_id 28 and flags 4
lifetime of 3600 seconds
lifetime of 4608000 kilobytes
IPSEC(key_engine): got a queue event...
Presentation_ID.scr
31
318
0944_05F9_c1
IPSEC(initialize_sas): ,
(key eng. msg.) dest= 192.168.0.20, src= 192.168.0.2,
dest_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),
src_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),
spi= 0xF6120B5(258023605), conn_id= 27, keysize= 0,
flags= 0x4
IPSEC(initialize_sas): ,
(key eng. msg.) src= 192.168.0.20, dest= 192.168.0.2,
src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1),
dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1),
spi= 0xEF905BB(251200955), conn_id= 28, keysize= 0,
flags= 0x4
318
0944_05F9_c1
Each SA is unidirectional so we need to see
two SAs created on each participating peer,
one outbound and one inbound :
IPSEC(create_sa): sa created,
(sa) sa_dest= 192.168.0.20, sa_prot= 50,
sa_spi= 0xF6120B5(258023605),
sa_trans= esp-des , sa_conn_id= 27
IPSEC(create_sa): sa created,
(sa) sa_dest= 192.168.0.2, sa_prot= 50,
sa_spi= 0xEF905BB(251200955),
sa_trans= esp-des , sa_conn_id= 28
Presentation_ID.scr
32
318
0944_05F9_c1
Using a CA Using a CA
Entrust Configuration Entrust Configuration
ip domain-name cisco.com
crypto ca identity cisco.com
enrollment mode ra
enrollment url http://10.0.0.2/cgi-bin
query url ldap://10.0.0.2
crl optional
318
0944_05F9_c1
Step 1Generate Public/Private Keys Step 1Generate Public/Private Keys
barney(config)#crypto key gen rsa usage
The name for the keys will be: barney.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
Generating RSA keys ...
[OK]
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
Generating RSA keys ...
[OK]
CA and CEP Example CA and CEP Example
Presentation_ID.scr
33
318
0944_05F9_c1
barney#sho crypto key mypublic rsa
% Key pair was generated at: 01:18:43 UTC Mar 1 1999
Key name: barney.cisco.com
Usage: Signature Key
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00BEDC6C FBD327FC
2AFC7521 F2DE3D04 D3239759 7908C8F1 64F0E58F 0116CF6A 897D6210 2D4BFC80
CE41DF7B AA75ECAA 6680B13F 30F079BE DD361565 A325B72A 3D020301 0001
% Key pair was generated at: 01:18:45 UTC Mar 1 1993
Key name: barney.cisco.com
Usage: Encryption Key
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C06DC2 3AE2BF72
CE9FD6F6 55C13A0D A3C183D5 1E7E4523 E8863DDC D852FD32 86461BBC F10EEA77
8A6A5AC9 AFEF6B0A 03107565 03384DB4 4E6C4A77 0C594B10 31020301 0001
Step 1Generate Public/Private Keys Step 1Generate Public/Private Keys
318
0944_05F9_c1
barney(config)#cryp ca auth cisco.com
Certificate has the following attributes:
Fingerprint: 1A5416D6 2EEE8943 D11CCEE1 3DEE9CE7
% Do you accept this certificate? [yes/no]: y
Step 2Request the CA and RA Certificates
Manually verify Fingerprint of CA
Presentation_ID.scr
34
318
0944_05F9_c1
318
0944_05F9_c1
barney(config)#cry ca enrol cisco.com
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password:
Re-enter password:
% The subject name in the certificate will be: barney.cisco.com
% Include the router serial number in the subject name? [yes/no]: n
% Include an IP address in the subject name? [yes/no]: n
Request certificate from CA? [yes/no]: y
Step 3Enrol the Router with the CA Step 3Enrol the Router with the CA
Presentation_ID.scr
35
318
0944_05F9_c1
barney(config)#
Signing Certificate Request Fingerprint:
4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB
Encryption Certificate Request Fingerprint:
D33447FE 71FF2F24 DA98EC73 822BE4F7
Step 3Enrol the Router with the CA
Fingerprints sent to CA for manual verification
318
0944_05F9_c1
Presentation_ID.scr
36
318
0944_05F9_c1
barney#sho cryp ca cert
Certificate
Subject Name
Name: barney.cisco.com
Status: Pending
Key Usage: Signature
Fingerprint: 4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB
Certificate
Subject Name
Name: barney.cisco.com
Status: Pending
Key Usage: Encryption
Fingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7
Step 4CA grants Certificates
Status Pending -> Available
Step 4CA grants Certificates
Status Pending -> Available
318
0944_05F9_c1
Step 4CA grants Certificates Step 4CA grants Certificates
Presentation_ID.scr
37
318
0944_05F9_c1
00:02:29: ISAKMP (2): Checking ISAKMP transform 1 against priority
5 policy
00:02:29: ISAKMP: encryption DES-CBC
00:02:29: ISAKMP: hash MD5
00:02:29: ISAKMP: default group 1
00:02:29: ISAKMP: auth RSA sig
Certificate Debug Certificate Debug
318
0944_05F9_c1
Certificate Debug Certificate Debug
00:02:29: ISAKMP (2): atts are acceptable. Next payload is 0
00:02:29: ISAKMP (2): SA is doing RSA signature authentication
00:02:29: ISAKMP (2): processing KE payload. message ID = 0
00:02:29: ISAKMP (2): processing NONCE payload. message ID = 0
00:02:29: ISAKMP (2): SKEYID state generated
00:02:30: ISAKMP (2): processing ID payload. message ID = 0
00:02:30: ISAKMP (2): processing CERT payload. message ID = 0
00:02:30: ISAKMP (2): processing a CT_X509_SIGNATURE cert
00:02:30: ISAKMP (2): cert approved with warning
00:02:30: ISAKMP (2): processing CERT_REQ payload. message ID = 0
00:02:30: ISAKMP (2): peer wants a CT_X509_SIGNATURE cert
00:02:30: ISAKMP (2): processing SIG payload. message ID = 0
00:02:30: ISAKMP (2): SA has been authenticated with 10.0.0.3
00:02:30: ISAKMP (2): processing SA payload. message ID = 1451572340
Presentation_ID.scr
38
318
0944_05F9_c1
IPSec Implementation IPSec Implementation
Issues Issues
318
0944_05F9_c1
318
0944_05F9_c1
IPSec and Scaling IPSec and Scaling
192.168.100.0
172.21.114.0
172.21.115.0
.1 .2
.2
Charlie
IPSec IPSec
172.21.116.0
.1
.1
.2 IPSec IPSec
Famous
IPSec IPSec
Detective
192.168.150.0
HQ
Presentation_ID.scr
39
318
0944_05F9_c1
Scaling Example 1 Scaling Example 1
Central Site Router Central Site Router
crypto map HQ 10 ipsec-isakmp
set peer 172.21.115.1
set peer 172.21.116.1
set transform-set encrypt-des
match address 101
318
0944_05F9_c1
set peer 172.21.115.1
match address 101
set peer 172.21.116.1
match address 102
Presentation_ID.scr
40
318
0944_05F9_c1
crypto dynamic-map AcceptRemote 20
crypto map dynamicHQ 10 ipsec-
isakmp dynamic AcceptRemote
318
0944_05F9_c1
Scaling for Large Scaling for Large
Networks Options Networks Options
Multihop encryption
Tunnel endpoint discovery
All-or-nothing approach
Registration server
Presentation_ID.scr
41
318
0944_05F9_c1
IPSec and
IKE
Layer 2TP
PPP
Enable Mobile Users Enable Mobile Users
with Layer 2TP and IPSec with Layer 2TP and IPSec
1. Client dials ISP uses PPP via modem
2. Client dials gateway using Layer 2TP
via VPN port
3. AAA and assign configuration by gateway
4. IPSec transport mode established between
client and gateway
318
0944_05F9_c1
IKE SA
ISAKMP Transaction
Exchange
IPSec
SAs
PPP
Enable Mobile Users Enable Mobile Users
with Mode Config IKE Extension with Mode Config IKE Extension
1. Dial ISP using PPP via modem
2. Establish the IKE SA with gateway
3. Send ISAKMP_CFG_REQUEST to gateway
4. Gateway sends ISAKMP_CFG_REPLY
5. Client has internal attributes, establish IPSec SAs
Presentation_ID.scr
42
318
0944_05F9_c1
192.168.0.0
255.255.255.0
10.0.0.0
255.255.255.240
192.168.1.0
255.255.255.0
.1
.2
.6
.2
.1
LO0: 30.30.30.30
255.255.255.0
Cisco IPSec Peer
IRE Client
Workstation
IPSec Peer
.12
.20
172.17.11.0
255.255.255.0
.1
.2
IPSec, NAT and IPSec, NAT and
Cisco IOS Firewall Cisco IOS Firewall
318
0944_05F9_c1
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname wilma
!
enable secret 5 $1$baf6$1VAnALbAuaJheCXi.u3fV0
enable password cisco
!
ip subnet-zero
! NAT Config translate all inside source addresses matching access-
! list 1 to those addresses defined in the pool outside. Also define a
!static translation for the inside web server 192.168.0.20
ip nat pool outside 172.17.1.30 172.17.1.50 netmask 255.255.255.0
ip nat inside source list 1 pool outside
ip nat inside source static 192.168.0.20 172.17.1.20
Presentation_ID.scr
43
318
0944_05F9_c1
! IOS Firewall Timeout declarations
ip inspect name firewall tcp timeout 3600
ip inspect name firewall udp timeout 15
!
! Define your IKE Policies. All will be offered to the Peer and the most
! secure match will be used
hash md5
!
! If the peer can accept this policy, then it will be used as it is more
! secure than Policy 1
group 2
lifetime 360
!
! Define the Pre-Shared Keys of your Peers
crypto isakmp key ciscosys address 10.0.0.6
318
0944_05F9_c1
! IPSec policies are defined here. These include your AH and ESP
! choices as well as the mode of operation.
crypto ipsec transform-set dessha esp-des esp-sha-hmac
crypto ipsec transform-set ahmd5 ah-md5-hmac
crypto ipsec transform-set desmd5tr esp-des esp-md5-hmac
mode transport
crypto ipsec transform-set desmd5 esp-des esp-md5-hmac
!
! When dealing with multiple clients a dynamic crypto map can be
! used so that the peers identity need not be defined here. Note
! that this router must still authenticate the incoming client via
! either a Pre-Shared key, or a certificate. This is the dynamic
! maps template.
crypto dynamic-map remotes 1
set transform-set desmd5
match address 120
Presentation_ID.scr
44
318
0944_05F9_c1
! Regular crypto maps are defined here. The first map allows the
! use of PFS such that a brand new Diffie-Hellman exchange is
! performed during each IKE quick mode. The identity of this peer
! is defined by its loopback address. If the loopback is used it must
! be a public address, IPSec is done first, then NAT
crypto map iosirepfs local-address Loopback0
crypto map iosirepfs 1 ipsec-isakmp
set peer 10.0.0.6
set transform-set desmd5
set pfs group1
match address 120
! This crypto map uses the dynamic template defined above.
crypto map iosirerem 1 ipsec-isakmp dynamic remotes
318
0944_05F9_c1
interface Loopback0
ip address 30.30.30.30 255.255.255.0
no ip directed-broadcast
!
! We want to use NAT and also make sure we trigger the
! IOS Firewall such that conversations initiated on the
! inside have a dynamic stateful (CBAC) access-list
! created.
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip access-group 110 in
ip nat inside
ip inspect firewall in
Presentation_ID.scr
45
318
0944_05F9_c1
! Inside source addresses are translated to the outside
! pool. All incoming traffic is examined by the
! firewall via access-group 111. For IPSec, the crypto
! map is applied.
interface Serial0
ip address 192.168.1.1 255.255.255.0
ip access-group 111 in
ip nat outside
no ip mroute-cache
no keepalive
crypto map iosirerem
318
0944_05F9_c1
! ACL for NAT translation, any source IP from the
! 192.168.0.0 subnet will be translated
access-list 1 permit 192.168.0.0 0.0.0.255
!
! ACL triggers CBAC on traffic initiated on the inside of
! the firewall
access-list 110 permit tcp any any
access-list 110 permit udp any any
access-list 110 permit icmp any any
Presentation_ID.scr
46
318
0944_05F9_c1
! Before the firewall will allow traffic initiated on the outside in,
! that traffic must satisfy this list
access-list 111 permit udp host 10.0.0.6 host 192.168.1.1
access-list 111 permit esp host 10.0.0.6 host 192.168.1.1
access-list 111 permit ahp host 10.0.0.6 host 192.168.1.1
access-list 111 permit tcp host 10.0.0.6 host 172.17.1.20 eq www
access-list 111 permit icmp host 10.0.0.6 any
access-list 111 permit udp host 10.0.0.6 host 172.17.1.20 eq tftp
!
! Encrypt any traffic matching these conditions. Note that the
! NATd addresses are the source addresses.
access-list 120 permit ip 172.17.1.0 0.0.0.255 host 10.0.0.6
318
0944_05F9_c1
crypto map
my_crypto_map 10
set algorithm 40-bit-des
set peer r3-4k
match address 128
interface Tunnel0
ip address 5.5.5.3 255.255.255.0
tunnel source Loopback0
tunnel destination 1.1.6.1
crypto map my_crypto_map
interface Serial0
ip address 2.2.5.3 255.255.255.0
crypto map my_crypto_map
access-list 128 permit gre host
2.2.6.3 host 1.1.6.1
Configuring GRE Tunnels Configuring GRE Tunnels
Presentation_ID.scr
47
318
0944_05F9_c1
1750 Router
name: vvpn_1
Phone Number: 1750-120 Phone Number: 1750-220
201.168.4.1 201.168.2.1
Internet
VOIP and IPSec VOIP and IPSec
IPSec ACL must specify WAN
endpoints/subnets to facilitate RTP, H.225
Port numbers used for VOIP may not be
well-known and may be negotiated
1750 Router
name: vvpn_2
318
0944_05F9_c1
VOIP and IPSec Notes VOIP and IPSec Notes
Due to additional headers and packet
expansion,an RTP frame of G.729
encoded voice is 100 bytes across
an IPSEC facility
At 50pps 100 byteframes, a 56kb link
can only accommodate a single call
(50 x 100bytes = 40kb)
RTP header compression is not
available to IPSEC frames
Presentation_ID.scr
48
318
0944_05F9_c1
VOIP and IPSec Notes VOIP and IPSec Notes
RTP packets cannot be distinguished
within an ESP encrypted flow.
So interleaving between fragments
is not possible
Increasing bandwidth for smaller
packets sizes is good for IPSec
and VOIP
318
0944_05F9_c1
QOS and IPSec QOS and IPSec
Diff-serventire TOS byte is copied
to the IPSEC header so precedence
can be applied. The additional length
may change the packets service
characteristics
QOS must be implemented
before IPSec
Presentation_ID.scr
49
318
0944_05F9_c1
Model Suggested Bandwidth
1600 up to 64Kb - 128Kb
2500 up to 128Kb
2600 up to 512Kb
3640 up to 1.5Mb
4700 up to 2.0Mb
7206 up to 2.5Mb
7505 up to 6.0Mb
Model Suggested Bandwidth
1600 up to 64Kb - 128Kb
2500 up to 128Kb
2600 up to 512Kb
3640 up to 1.5Mb
4700 up to 2.0Mb
7206 up to 2.5Mb
7505 up to 6.0Mb
Performance Performance
318
0944_05F9_c1
Encryption Performance Stats Encryption Performance Stats
Model Baseline CET Auth.
only
Encrypt
only
Auth. and
Encrypt.
Suggested
Bandwidth
2514 2.49.9 0.2
0.3
0.11.0 0.16
0.25
0.10.2 up to 128
kbps
3640 9.9+ 2.0
4.0
0.66.1 0.72.5 0.52.1 up to 1.5
Mbps
4700 9.59.9 4.9
5.3
1.49.1 1.53.1 1.12.6 up to 2.0
Mbps
7206 9.9+ 2.9
5.5
1.09.1 1.13.5 0.92.9 up to 2.5
Mbps
7505* 9.9+ 9.2
9.9
2.99.4 3.69.1 2.67.9 up to 6.0
Mbps
* The processing of IPSec is done on the RSP.
Presentation_ID.scr
50
318
0944_05F9_c1
Reference Material Reference Material
Applied Cryptography [2nd Edition],
Bruce Schneier, Addison-Wesley
Cryptography and Network Security, William
Stallings, Prentice Hall
Web Security and Commerce, Garfinkel and
Spafford, OReilly
Internet Cryptography, Richard E Smith,
Addison Wesley
Internet Drafts and RFCswww.ieft.org,
Public-Key Infrastructure and IP Security
Protocol Charters
318
0944_05F9_c1
Please Complete Your Please Complete Your
Evaluation Form Evaluation Form
Session 318 Session 318
318
0944_05F9_c1
Presentation_ID.scr
51
318
0944_05F9_c1

Advanced Security Technology Concepts PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advanced Security Technology Concepts PDF

Uploaded by

Copyright:

Available Formats

Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.

IPSec Configuration IPSec Configuration

You might also like