Professional Documents
Culture Documents
A Virtual Private Network (VPN) provides a secure tunnel across a public (and thus, insecure)
network. This provides a mechanism for organizations to connect users and offices together,
without the high costs of dedicated leased lines
What is IPSEC?
IPSEC, short for IP Security, is a suite of protocols, standards, and algorithms to secure traffic
over an untrusted network, such as the Internet. IPSEC is supported on both Cisco IOS devices
and PIX Firewalls. IPSEC provides three core services:
•Integrity – ensures that data is not tampered or altered, using a hashing algorithm.
•Authentication – confirms the identity of the host sending data, using pre-shared keys or a
Certificate Authority (CA).
Keys are generated values used to both encrypt and decrypt data. The longer the key, the
more secure that key is. The length of a key is measured in bits.
Asymmetric keys require a separate key for encryption (the public key) and decryption (the
private key). Public keys are openly exchanged between devices to encrypt data during
transfer. Private keys are never exchanged.
Characteristics of Asymmetric Encryption Keys (Public Key and Private Key) are
• If Public Key is used for encryption, the associated private key MUST BE used for decryption.
• If Private Key is used for encryption, the associated public key MUST BE used for decryption
Note that encryption and decryption using the same key is not possible in Asymmetric
Encryption. The Private Key is possessed only by the user or computer that generates the
Public/Private Key pair. The Public Key can be distributed to any person who wishes to send
encrypted data to the Private key holder. It is impossible to compute the private key if you
know the public key. Hence it is safe to publish the public key
Consider the above diagram. Assume we are using a public/private key infrastructure:
•Both Router A and Router B have their own unique private key.
•When Router B encrypts data destined for Router A, it uses Router A’s public key. (and vice
versa)
Only the private keys can decrypt the data. Thus, even if the data and the public key were
intercepted, confidentiality is ensured.
D-H is not used to encrypt data, but rather to generate the keys that are used to
encrypt and decrypt data.
The Diffie–Hellman key exchange method allows two parties that have no prior
knowledge of each other to jointly establish a shared secret key over an insecure
channel. This key can then be used to encrypt subsequent communications
Alice and Bob decide, publicly on a number (15). Alice then chooses a secret number(2)
that no one knows and takes the public number and puts it to the power of her secret
number (15^2=225) and sends the result (225) to Bob.
Bob then does the same exact thing that Alice does, but with his secret number(3). So
he takes the public number(15) and puts it to the power of his secret number
(15^3=3375) and then sends the result (3375) to Alice.
At this point in the game Alice has Bob's result 3375 and Bob has Alice's result of 225.
Now the fun part. Alice takes' Bob's result (3375) and puts it to the power of her secret
number(3375^2=11390625). Then Bob takes Alice's result and puts it to the power of
his secret number (225^3=11390625). Magically(or shall we say "mathically") they
come up with the same number!
Diffie-Hellman Group
Diffie-Hellman Groups are used to determine the strength of the key used in the Diffie-
Hellman key exchange process. Higher Diffie-Hellman Group numbers are more secure,
but Higher Diffie-Hellman Groups require additional processing resources to compute
the key
VPN Negotiations
Phase 1
The main purpose of Phase 1 is to set up a secure encrypted channel through which the two peers
can negotiate Phase 2. When Phase 1 finishes successfully, the peers quickly move on to Phase 2
negotiations. If Phase 1 fails, the devices cannot begin Phase 2. The IKE phase 1 tunnel is only
used for management traffic
Phase 2
The purpose of Phase 2 negotiations is for the two peers to agree on a set of parameters that define
what traffic can go through the VPN, and how to encrypt and authenticate the traffic. This
agreement is called a Security Association. IKE phase 2 tunnel (or IPsec tunnel) that we can use
to protect our user data.
The Phase 1 and Phase 2 configurations must match for the devices on either end of the tunnel.
To combat this, a hashing algorithm computes and appends a specific hashvalue as each packet is
sent. Once the data is received, it is run through the hashing algorithm again. If the hash value is
different, the packet was altered in transit.
Hashed Message Authentication Code (HMAC) is used to perform this hashing function. HMAC
utilizes a secret key when computing the hash value, thus preventing an attacker from altering the
packet and then recomputing the correct hash.
Authentication
For an IPSEC VPN tunnel to be established, both sides of the tunnel must be authenticated. To
accomplish this, either pre-shared keys or RSA digital signatures are used.
When using pre-shared keys, a secret string of text is used on each device to authenticate each
other. This string must be pre-agreed upon and identical on each device. This string is then hashed
into a digital signature.
When using RSA Digital signatures, a Certificate Authority (CA) is used to apply a verified digital
signature.
One of the above options must be correctly configured before the VPN tunnel will become active
When using RSA Digital signatures, a Certificate Authority (CA) is used to apply a verified digital
signature. This provides a more scalable solution than pre-shared keys. The certificate process
works as follows:
1.First, a client creates a “blank” or unsigned certificate, and sends it to the CA. Included on this
blank certificate is the client’s ID. This communication is secured using a D-H private/public key
exchange.
2.Next, the CA computes an encrypted hash, which is applied to the blank certificate. Thus, the
certificate is now signed with the CA’s digital signature. The signed certificate is sent back to the
client, where it is stored until it is deleted or expires.
3.The client then sends the signed certificate, along with its keys, to any VPN peers,
“authenticating” its origin.
IPSec Modes
Each IPSEC protocol (AH or ESP) can operate in one of two modes:
•Transport mode – Original IP headers are left intact. Used when securing communication from one
device to another single device.
•Tunnelmode – the entire original packet is hashed and/or encrypted, including both the payload
and any original headers. A temporary IP header is applied to the packet during transit. so he has
the information about IPSec endpoints as new source and destination. Used to tunnel traffic
from one site to another.
IKE (Internet Key Exchange) is one of the primary protocols for IPsec since it establishes the
security association between two peers. There are two versions of IKE:
IKEv1
IKEv2
IKEv1 was introduced around 1998 and superseded by IKEv2 in 2005. There are some differences
between the two versions:
The IKE phase 1 tunnel is only used for management traffic between the peers . We use this
tunnel as a secure method to establish the second tunnel called the IKE phase 2 tunnel or
IPsec tunnel and for management traffic like keepalives.
we have an IKE phase 2 tunnel (or IPsec tunnel) that we can use to protect our user data(the
encryption of the users transit traffic).
Message 1
1. The first packet is sent from the initiator of the IPSec tunnel to its remote endpoint, this
packet contains the ISAKMP policy
2. The second packet is sent from the remote endpoint back to the initiator, this packet will be
the exact same information matching the ISAKMP policy sent by the initiator.
3. The third packet is sent from the initiator to the remote endpoint, this packet contains the
Key Exchange payload and the Nonce payload, the purpose of this packet is generate the
information for the DH secret key
4. This fourth packet as you would expect comes from the remote endpoint back to initiator
and contains the remote endpoints Key Exchange and Nonce payload.
5. The fifth packet is from the initiator back to the remote endpoint with identity and hash
payloads, the identity payload has the device’s IP Address in, and the hash payload is a
combination of keys (including a PSK, if PSK authentication is used)
6. The sixth packet from the remote endpoint to the initiator contains the corresponding hash
payloads to verify the exchange.
First Packet
The initiator (peer that wants to build the tunnel) will send the first message. This is a proposal
for the security association.
The initiator uses IP address 192.168.12.1 and is sending a proposal to responder (peer we
want to connect to) 192.168.12.2.
IKE uses UDP port 500 for this. In the output above you can see an initiator SPI (Security
Parameter Index), this is a unique value that identifies this security association.
In the transform payload you can find the attributes that we want to use for this security
association.
Message 2
When the responder receives the first message from the initiator, it will reply. This message is used
to inform the initiator that we agree upon the attributes in the transform payload. You can also see
that the responder has set its own SPI value
Message 3
Since our peers agree on the security association to use, the initiator will start the Diffie
Hellman key exchange. In the output above you can see the payload for the key exchange and
the nonce.
Message 4
The responder will also send his/her Diffie Hellman nonces to the initiator, our two peers can
now calculate the Diffie Hellman shared key.
Message 5
The last two messages are encrypted so we can’t see its contents anymore. These two are
used for identification and authentication of each peer. The initiator starts.
And above we have the 6th message from the responder with its identification and
authentication information. IKEv1 main mode has now completed and we can continue with
IKE phase 2.
Aggressive Mode
IKEv1 aggressive mode only requires three messages to establish the security association.
Main mode is considered more secure since identification is encrypted, aggressive mode does
this in clear-text.
The first packet from the initiator contains enough information for the remote endpoint to
generate its DH secret, so this one packet is equivalent to the first four packets in main mode.
The second packet from the remote endpoint back to the initiator contains its DH secret
The third packet from the initiator includes identity and hash payloads. After the remote
endpoint receives this packet it simply calculates its hash payload and verifies it matches, if it
matches then phase one is established
IKE Phase 2
IKE Phase 2 occurs after phase 1 and is also known as quick mode and this process is only 3
packets.
Perfect Forward Secrecy PFS, if PFS is configured on both endpoints the will generate a
new DH key for phase 2/quick mode.
1. Contained in this first packet from the initiator to the remote device are some of the
hashes/keys negotiated from phase 1, along with some IPSec parameters IE: Encapsulation
(ESP or AH), HMAC, DH-group, and the mode (tunnel or transport)
2. The second packet contains the remote endpoint’s response with matching IPSec
parameters.
3. The last packet is sent to the remote device to verify the other device is still there and is an
active peer.
That last packet concludes the forming an IPSec tunnel and the phase 1/2 process.