IPSec

IPSec provides: Integrity, Authentication, Confidentiality.

  • Integrity means that received data is not altered by someone this is done by hashing.
  • Authentication means per should provide its identity to prove what he claims to be is correct this is done by PSK, PKI.
  • Confidentiality means that only the intended recipients know what was being sent, but unintended parties cannot determine it this is done by encryption.

IPSec have three main protocols:

  1. IKE (RFC 2409)
  2. ESP
  3. AH

IKE (Internet key exchange) protocol is used to negotiate the parameter that are used to build tunnel between two devices.

IPSec ESP tunnel mode: In tunnel mode a new IP header is added to the packet. We can use tunnel mode when the IP address are not routable on the network.

+--------+--------------+-----+-------+------+-------------+------------------+
| New IP |  ESP  header |  IP |  TCP  | Data | ESP trailer | ESP Auth Trailer |
+--------+--------------+-----+-------+------+-------------+------------------+

IPSec ESP Transport mode: In transport mode original IP header is copied and added to packet.

+-------------+--------------+------+-------+------+-------------+------------------+
| Original IP |  ESP  header |  IP  |  TCP  | Data | ESP trailer | ESP Auth Trailer |
+-------------+--------------+------+-------+------+-------------+------------------+

ISAKMP have two phases (Phase 1 and Phase 2). Phase 1 can be negotiated in one of two ways: Main mode, Aggressive mode.

Phase 1:

The goal of phase 1 is to negotiate the phase 1 parameter, authenticate the peer to each other and generate a key that will be used to generate another key which will be used fo encryption. The negotiated information is used in ISAKMP SA.

The D-H algorithm is began by two users exchanging public information.  Each user then mathematically combines the other’s public information along with their own secret information to compute a shared secret value.  This secret value can be used as a session key or as a key encryption key for encrypting a randomly generated session key.  This method generates a session key based on public and secret information held by both users.

Main mode messages:

ISAKMP phase 1 messages:

Message 1:

ISAKMP header contain Initiator and responder cookie. The responder cookie will be filled by responder in message 2.
SA payload contain DOI field which tells that this message exchange is for IPSec.
Transform payload have life time and life time is negotiated.

isakmp-phase1-message-1

Message 3:

Peer will get all the information needed for message 3 like nonce, DH public key.

  1. Key Exchange payload. KE payload contain key data. KE data will have public key of initiator (g^a mod p)
  2. Nonce payload. Nonce is a random number.isakmp-phase-1-message-3

Message 5:
Both peer will calculate DH shared secret key. Peer also calculate three more key:

  1. SKEYID_a: This key will be used for authentication and integrity of the data.
  2. SKEYID_d: This key will be used to calculate subsequent key material.
  3. SKEYID_e: This key will be used to encrypt IKE phase 1 and phase 2 messages.

SKEYID = prf(pre-shared-key, Ni | Nr)

SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0)
SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1)
SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2)

CKY-I and CKY-R are the Initiator’s cookie and the Responder’s cookie
prf is pseudo-random function.
g^xy is the Diffie-Hellman shared secret.
Ni,Nr is the nonce payload of initiator, responder

Message 5,6 will have ID payload and Hash payload.

ID payload: ID payload is used to identify the initiator of negotiation. Identity can have ipv4 address, fqdn,hostname… Message 5 and 6 are encrypted so we cannot see ID payload in main mode. However in case of aggressive mode ID payload is sent as un encrypted.

id-payload

Hash Payload:

When preshared key is used than Hash payload is calculated as follows:
prf(SKEYID | CKY-I | CKY-R | pre shared key | SA payload, Proposal payload, Transform payload,  ID payload )

= = = = =  = = = = = =  = = = = = =  = = = = = =  = = = = = =  = = = = = =  = = = = = =  = = = = = =  =

Maine mode  phase 2:

Message 1:

PFS(Perfect forward secrecy):
PFS is a method which forces peers to generate new phase 2 DH key. If PFS is not used then phase 1 key SKEYID_d will used to derive phase 2 key.
Peer negotiate whether they support PFS or not in message 1 and 2 of quick mode. Peer exchange DH group to be used for PFS. If PFS is supported then Peer will generate new DH secret for encryt traffic. DH group to be used for PFS should be matching on both side.
If pfs is supported then both peer create new nonce and exchange new DH public key.

Message 1 contains:
Hash payload
SA payload
proposal payload
Transform payload
Key payload
Nonce payload
ID payload

  • Hash payload will have hash of following:
    HASH(1) = prf(SKEYID_a, Message-ID, Nonce, proposals, transforms, New public DH key)
  • The proposal payload includes the type of encapsulation to use (AH or ESP) , SPI number. SPI is a 32-bit number that is chosen by the initiator to uniquely identify the outgoing IPsec SA.
  • The transform payload includes parameters such as tunnel or transport mode, Hash algorithm for integrity checking in ESP or AH, lifetimes for the IPsec security association, DH group for PFS.
  • Key payload will have new DH public key of initiator.
  • The Identity payload contains the proxy identities on whose behalf the initiator does the negotiation

Message 2 contains:

  • Hash payload contain hash of accepted proposal payload, transform payload.
  • Proposal payload contain the outgoing SPI of responder.
  • Proposal payload and transform payload contain accepted algo.
  • Identity payload contain proxy ID configured local. If proxy ID are mismatched the negotiation fails.

Message 3:

  • Both peer will generate new DH secret key. Session key for incoming and outgoing SA.
  • Session key for incoming SA
    PRF (SKEYID_d, protocol(ISAKMP), new DH shared secret, SPIr, Ni’, Nr’)
  • Session key for outgoing SA
    PRF (SKEYID_d, protocol(ISAKMP), new DH shared secret, SPIi, Ni’, Nr’)

Message 3 will have only a hash payload. Hash data will be calculated as follows:
PRF (SKEYID_a,Message ID,Ni’,Nr’)

Ni’,Nr’ is nonce of responder and initiator.

Aggressive mode:

Message 1:

Message 1 will have following payloads:

  • SA payload
  • Proposal payload
  • Transform payload
  • Key payload
  • Nonce payload
  • Identity payload

Message 2 will have following payload:

  • SA payload.
  • Proposal payload
  • Transform payload
  • Key payload
  • Nonce payload
  • Identity payload.
  • Hash payload

Message 3:

Once the initiator gets the message 2 from responder it calculate HASH and compare with the received hash if both are same then it means authentication is succeeded Message 3 will have only hash payload

Value in hash payload will be calculated as follows:

prf(SKEYID | CKY-I | CKY-R | pre shared key | SA payload, Proposal payload, Transform payload,  ID payload )

ISAKMP header:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                      Initiator Cookie                         !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                      Responder Cookie                         !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!  Next Payload ! MjVer ! MnVer ! Exchange Type !     Flags     !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                          Message ID                           !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                            Length                             !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

isakmp-header

Initiator and responder cookie:
These are 8 byte field. The cookie creation method is implementation dependent. However RFC state that cookie can be generated by

md5{(src_ip, dest_ip), random number, time, and date}

Values of next payload:

Next Payload Type             Value
========================================
NONE                           0
Security Association (SA)      1
Proposal (P)                   2
Transform (T)                  3
Key Exchange (KE)              4
Identification (ID)            5
Certificate (CERT)             6
Certificate Request (CR)       7
Hash (HASH)                    8
Signature (SIG)                9
Nonce (NONCE)                 10
Notification (N)              11
Delete (D)                    12
Vendor ID (VID)               13
RESERVED                      14 - 127
Private USE                   128 - 255
Major version + Minor version = 1.0
    (4 bit)        (4 bit)

Exchange type:

Exchange Type           Value
NONE                    0
Base                    1
Identity Protection     2
Authentication Only     3
Aggressive              4
Informational           5
ISAKMP Future Use       6 - 31
DOI Specific Use        32 - 239
Private Use             240 - 255

Flags:

Message ID:

Message ID is used to identify protocol state during Phase 2 negotiations.  Initiator of phase 2 will generate this random number.

Length:
Length will have length of header + length payload.

SA payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!              Domain of Interpretation  (DOI)                  !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                           Situation                           ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SA payload.png

Proposal payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!  Proposal #   !  Protocol-Id  !    SPI Size   !# of Transforms!
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                        SPI (variable)                         !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

proposal-payload

Value of protocol ID can be ISAKMP, IPSEC ESP,IPSEC AH, OSPF, TLS etc

Transform payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!  Transform #  !  Transform-Id !           RESERVED2           !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                        SA Attributes                          ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

transform-payload

Vendor ID payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                                                               !
~                        Vendor ID (VID)                        ~
!                                                               !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

vendor-id

Key Exchange payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                       Key Exchange Data                       ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Nonce payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                            Nonce Data                         ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Identification payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!   ID Type     !             DOI Specific ID Data              !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                   Identification Data                         ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

ID type can have following field:

ID Type                   Value
-------                   -----
RESERVED                    0
ID_IPV4_ADDR                1
ID_FQDN                     2
ID_USER_FQDN                3
ID_IPV4_ADDR_SUBNET         4
ID_IPV6_ADDR                5
ID_IPV6_ADDR_SUBNET         6
ID_IPV4_ADDR_RANGE          7
ID_IPV6_ADDR_RANGE          8
ID_DER_ASN1_DN              9
ID_DER_ASN1_GN              10
ID_KEY_ID                   11

Hash payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                           Hash Data                           ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Notification payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!              Domain of Interpretation  (DOI)                  !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!  Protocol-ID  !   SPI Size    !      Notify Message Type      !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                Security Parameter Index (SPI)                 ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~                       Notification Data                       ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Notification message type:

      Errors                  Value
INVALID-PAYLOAD-TYPE            1
DOI-NOT-SUPPORTED               2
SITUATION-NOT-SUPPORTED         3
INVALID-COOKIE                  4
INVALID-MAJOR-VERSION           5
INVALID-MINOR-VERSION           6
INVALID-EXCHANGE-TYPE           7
INVALID-FLAGS                   8
INVALID-MESSAGE-ID              9
INVALID-PROTOCOL-ID             10
INVALID-SPI                     11
INVALID-TRANSFORM-ID            12
ATTRIBUTES-NOT-SUPPORTED        13
NO-PROPOSAL-CHOSEN              14
BAD-PROPOSAL-SYNTAX             15
PAYLOAD-MALFORMED               16
INVALID-KEY-INFORMATION         17
INVALID-ID-INFORMATION          18
INVALID-CERT-ENCODING           19
INVALID-CERTIFICATE             20
CERT-TYPE-UNSUPPORTED           21
INVALID-CERT-AUTHORITY          22
INVALID-HASH-INFORMATION        23
AUTHENTICATION-FAILED           24
INVALID-SIGNATURE               25
ADDRESS-NOTIFICATION            26
NOTIFY-SA-LIFETIME              27
CERTIFICATE-UNAVAILABLE         28
UNSUPPORTED-EXCHANGE-TYPE       29
UNEQUAL-PAYLOAD-LENGTHS         30
RESERVED (Future Use)           31 - 8191
Private Use                     8192 - 16383

Delete payload:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Next Payload  !   RESERVED    !         Payload Length        !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!              Domain of Interpretation  (DOI)                  !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!  Protocol-Id  !   SPI Size    !           # of SPIs           !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
!                                                               !
~               Security Parameter Index(es) (SPI)              ~
!                                                               !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

 

Advertisements
This entry was posted in ipsec, Networking and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s