1 Methods and Protocols for Secure Key Negotiation Using IKE Author : Michael S. Borella, 3Com Corp.

Slides:



Advertisements
Similar presentations
IKE : Internet Key Exchange
Advertisements

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Internet Protocol Security (IP Sec)
Secure Mobile IP Communication
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
CSC 474 Information Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
ISAKMP RFC 2408 Internet Security Association & Key Management Protocol Protocol Establish, modify, and delete SAs Negotiate crypto keys Procedures Authentication.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.
Chapter 5 Network Security Protocols in Practice Part I
1 IP Security (IPSec) Thomas Lee Chief Technologist –QA
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
IPsec – IKE CS 470 Introduction to Applied Cryptography
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
1 Network Security Lecture 5 Secure Protocols – IPSec.
IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Internet Key Exchange. IPSec – Reminder SPI SA1 2 3 …… SAD.
Just Fast Keying (JFK) Protocol 18739A: Foundations of Security and Privacy Anupam Datta CMU Fall
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
Implementing Secure Converged Wide Area Networks (ISCW) Module 3.2.
406 NW’98 1 © 1998, Cisco Systems, Inc. IPSec Loss of Privacy Security Threats Impersonation Loss of Integrity Denial of Service m-y-p-a-s-s-w-o-r-d.
IPSec Chapter 3 – Secure WAN’s. Definition IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering Task Force,
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
COEN 350 IPSec, SSL, SSH,. IPSec RFC 1636 identified key areas where the internet needs to be made more secure. Spoofing: Creating packets with false.
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
1 Lecture 16: IPsec IKE history of IKE Photurus IKE phases –phase 1 aggressive mode main mode –phase 2.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.
IPSec VPN: How does it really work? Yasushi Kono (ComputerLinks Frankfurt)
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Internet Key Exchange IKE ● RFC 2409 ● Services – Constructs shared authenticated keys – Establishes shared security parameters – Common SAs between IPSec.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
IPSec VPN Chapter 13 of Malik. 2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
Network Layer Security Network Systems Security Mort Anvari.
1 Internet Key Exchange Rocky K. C. Chang 20 March 2007.
Security Data Transmission and Authentication Lesson 9.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
IP Security (IPSec) Internet Key Exchange (IKE) Dr Milan Marković.
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Somesh Jha University of Wisconsin
CSE 4905 IPsec II.
IPSec VPN Chapter 13 of Malik.
CSE 5/7349 – February 15th 2006 IPSec.
Presentation transcript:

1 Methods and Protocols for Secure Key Negotiation Using IKE Author : Michael S. Borella, 3Com Corp.

2 Outline  What is IKE  Introduction of Diffie-Hellman  How IKE do the secure Key negotiation  Conclusion

3 What is IKE  Internet Key Exchange  Default IPSec method for secure key negotiation  Based-on Diffie-Hellman  Allow two entities to derive session key with authentication

4 Diffie-Hellman introduction A 選擇 X,g,nB 選擇 Y g,n, g X mod n B 計算 (g X ) Y mod nA 計算 (g Y ) X mod n g Y mod n Shared secret key : g XY mod n

5 Diffie-Hellman introduction(cont.) A 選擇 X,g,nB 選擇 Y g, n, g X mod n B 計算 (g Z ) Y mod nA 計算 (g Z ) X mod n g Z mod n C 選擇 Z g, n, g Z mod n g Y mod n  Man-in-the-middle-attack

6 How IKE do the secure Key negotiation  Diffie-Hellman disadvantages –Man-in-the-middle attack –Denial of Service  IKE can solve these problem!! How??  Solving man-in-the-middle attack –authentication  Solving Denial of Service attack –cookie

7 How IKE do the secure Key negotiation(cont.)  Cookie – How to solve DoS attack?? CICI CRCR 產生 C I 產生 C R 選擇 g,p 產生 x C I, C R, g x mod p 產生 y C I, C R, g y mod p

8 How IKE do the secure Key negotiation(cont.)  Cookie  If either the initiator or the responder receives a cookie pair from an IP address not associated with that cookie pair, the message will be discarded  Uniquely identifying a particular key exchange among several may take place between two hosts

9 How IKE do the secure Key negotiation(cont.)  IKE phase1 –Creates an IKE SA –Establish a secure channel so that that phase2 negotiation can occur privately  IKE phase2 –Establishing IPSec SA(ESP,AH) to protect non-IKE sessions

10 How IKE do the secure Key negotiation(cont.)

11 IKE phase1 detailed  Phase 1 –Main Mode Identity protection –Aggressive Mode Reduce round trips –Authentication with Pre-shared key Signatures Public Key Encryption Revised Public Key Encryption

12 IKE phase1 detailed(cont.)  Negotiation Generate C I (1)C I, ISA I Generate C R (2)C I, C R, ISA R : (1)Proposal:ENC = DES or 3DES, AUTH = MD5 Proposal:ENC = 3DES, AUTH = MD5 (2)Proposal:ENC = 3DES, AUTH = MD5

13 IKE phase1 detailed(cont.)  SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0)  SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1)  SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2)

14 IKE phase1 detailed(cont.)  Pre-shared key ; Main mode  Initiator Responder C I,ISA I --> <-- *C I,C R, ID R,HASH R

15 IKE phase1 detailed(cont.)  Pre-shared key ; Aggressive mode  Initiator Responder C I,ISA I,g x, N I, ID I -->  SKEYID = prf(PSKEY, N I | N R )  HASH I = prf(SKEYID,g x | g y | C I | C R | ISA I | ID I )  HASH R = prf(SKEYID, g x | g y | C R | C I | ISA I | ID I )

16 IKE phase1 detailed(cont.)  Signatures ; Main mode  Initiator Responder C I, ISA I --> <-- *C I,C R,ID R,SIG R

17 IKE phase1 detailed(cont.)  Signatures ; Aggressive mode  Initiator Responder C I,ISA I,g x,N I,ID I -->  SKEYID = prf(NI | NR,g xy )  SIG I = PRVKEY I (HASH I )  SIG R = PRVKEY R (HASH R )

18 IKE phase1 detailed(cont.)  public key ; Main mode  Initiator Responder C I,ISA I --> C I,C R,g y,PUBKEY I (ID R ), <-- *C I,C R,HASH R

19 IKE phase1 detailed(cont.)  public key ; Aggressive mode  Initiator Responder C I,ISA I,g x PUBKEY R (ID I PUBKEY R (N I ) --> C I,C R,ISA R,g y, PUBKEY I (ID R ),  SKEYID = prf(hash(N I | N R ), C I | C R )

20 IKE phase2 detailed  Quick Mode  Initiator Responder *CI,CR,HASH(1),SA I, N I, [, g x ] [, ID I, ID R ] --> <-- *C I,C R,HASH(2),SA R, N R, [, g y ] [, ID I,ID R ] *C I,C R,HASH(3) -->

21 IKE phase2 detailed(cont.)  With PFS  HASH(1) = prf(SKEYID_a, M-ID | SA I | N I )  HASH(2) = prf(SKEYID_a, M-ID | SA R | NI|NR)  HASH(3) = prf(SKEYID_a, 0 | M-ID | N I | N R )  NEWKEY = prf(SKEYID_d, g xy | protocol | SPI | N I | N R )  Without PFS  HASH(1) = prf(SKEYID_a, M-ID | SA I | N I | x | ID I | ID R )  HASH(2) = prf(SKEYID_a, M-ID | SA R | N I | N R | y | ID I | ID R )  HASH(3) = prf(SKEYID_a, 0 | M-ID | Ni_b | Nr_b)  NEWKEY = prf(SKEYID_d, protocol | SPI | N I | N R ).

22 conclusion  IKE is vary complexity  Hard to evaluate it’s security and performance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.