Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Methods and Protocols for Secure Key Negotiation Using IKE Author : Michael S. Borella, 3Com Corp.

Published byBeverly Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Methods and Protocols for Secure Key Negotiation Using IKE Author : Michael S. Borella, 3Com Corp."— Presentation transcript:

1 1 Methods and Protocols for Secure Key Negotiation Using IKE Author : Michael S. Borella, 3Com Corp.

2 2 Outline  What is IKE  Introduction of Diffie-Hellman  How IKE do the secure Key negotiation  Conclusion

3 3 What is IKE  Internet Key Exchange  Default IPSec method for secure key negotiation  Based-on Diffie-Hellman  Allow two entities to derive session key with authentication

4 4 Diffie-Hellman introduction A 選擇 X,g,nB 選擇 Y g,n, g X mod n B 計算 (g X ) Y mod nA 計算 (g Y ) X mod n g Y mod n Shared secret key : g XY mod n

5 5 Diffie-Hellman introduction(cont.) A 選擇 X,g,nB 選擇 Y g, n, g X mod n B 計算 (g Z ) Y mod nA 計算 (g Z ) X mod n g Z mod n C 選擇 Z g, n, g Z mod n g Y mod n  Man-in-the-middle-attack

6 6 How IKE do the secure Key negotiation  Diffie-Hellman disadvantages –Man-in-the-middle attack –Denial of Service  IKE can solve these problem!! How??  Solving man-in-the-middle attack –authentication  Solving Denial of Service attack –cookie

7 7 How IKE do the secure Key negotiation(cont.)  Cookie – How to solve DoS attack?? CICI CRCR 產生 C I 產生 C R 選擇 g,p 產生 x C I, C R, g x mod p 產生 y C I, C R, g y mod p

8 8 How IKE do the secure Key negotiation(cont.)  Cookie  If either the initiator or the responder receives a cookie pair from an IP address not associated with that cookie pair, the message will be discarded  Uniquely identifying a particular key exchange among several may take place between two hosts

9 9 How IKE do the secure Key negotiation(cont.)  IKE phase1 –Creates an IKE SA –Establish a secure channel so that that phase2 negotiation can occur privately  IKE phase2 –Establishing IPSec SA(ESP,AH) to protect non-IKE sessions

10 10 How IKE do the secure Key negotiation(cont.)

11 11 IKE phase1 detailed  Phase 1 –Main Mode Identity protection –Aggressive Mode Reduce round trips –Authentication with Pre-shared key Signatures Public Key Encryption Revised Public Key Encryption

12 12 IKE phase1 detailed(cont.)  Negotiation Generate C I (1)C I, ISA I Generate C R (2)C I, C R, ISA R : (1)Proposal:ENC = DES or 3DES, AUTH = MD5 Proposal:ENC = 3DES, AUTH = MD5 (2)Proposal:ENC = 3DES, AUTH = MD5

13 13 IKE phase1 detailed(cont.)  SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0)  SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1)  SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2)

14 14 IKE phase1 detailed(cont.)  Pre-shared key ; Main mode  Initiator Responder ---------- ----------- C I,ISA I --> <-- *C I,C R, ID R,HASH R

15 15 IKE phase1 detailed(cont.)  Pre-shared key ; Aggressive mode  Initiator Responder ----------- ----------- C I,ISA I,g x, N I, ID I -->  SKEYID = prf(PSKEY, N I | N R )  HASH I = prf(SKEYID,g x | g y | C I | C R | ISA I | ID I )  HASH R = prf(SKEYID, g x | g y | C R | C I | ISA I | ID I )

16 16 IKE phase1 detailed(cont.)  Signatures ; Main mode  Initiator Responder ----------- ----------- C I, ISA I --> <-- *C I,C R,ID R,SIG R

17 17 IKE phase1 detailed(cont.)  Signatures ; Aggressive mode  Initiator Responder ----------- ----------- C I,ISA I,g x,N I,ID I -->  SKEYID = prf(NI | NR,g xy )  SIG I = PRVKEY I (HASH I )  SIG R = PRVKEY R (HASH R )

18 18 IKE phase1 detailed(cont.)  public key ; Main mode  Initiator Responder ----------- ----------- C I,ISA I --> C I,C R,g y,PUBKEY I (ID R ), <-- *C I,C R,HASH R

19 19 IKE phase1 detailed(cont.)  public key ; Aggressive mode  Initiator Responder ----------- ----------- C I,ISA I,g x PUBKEY R (ID I PUBKEY R (N I ) --> C I,C R,ISA R,g y, PUBKEY I (ID R ),  SKEYID = prf(hash(N I | N R ), C I | C R )

20 20 IKE phase2 detailed  Quick Mode  Initiator Responder ----------- ----------- *CI,CR,HASH(1),SA I, N I, [, g x ] [, ID I, ID R ] --> <-- *C I,C R,HASH(2),SA R, N R, [, g y ] [, ID I,ID R ] *C I,C R,HASH(3) -->

21 21 IKE phase2 detailed(cont.)  With PFS  HASH(1) = prf(SKEYID_a, M-ID | SA I | N I )  HASH(2) = prf(SKEYID_a, M-ID | SA R | NI|NR)  HASH(3) = prf(SKEYID_a, 0 | M-ID | N I | N R )  NEWKEY = prf(SKEYID_d, g xy | protocol | SPI | N I | N R )  Without PFS  HASH(1) = prf(SKEYID_a, M-ID | SA I | N I | x | ID I | ID R )  HASH(2) = prf(SKEYID_a, M-ID | SA R | N I | N R | y | ID I | ID R )  HASH(3) = prf(SKEYID_a, 0 | M-ID | Ni_b | Nr_b)  NEWKEY = prf(SKEYID_d, protocol | SPI | N I | N R ).

22 22 conclusion  IKE is vary complexity  Hard to evaluate it’s security and performance

Download ppt "1 Methods and Protocols for Secure Key Negotiation Using IKE Author : Michael S. Borella, 3Com Corp."

Similar presentations

IKE : Internet Key Exchange

IKE : Internet Key Exchange
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
ISAKMP RFC 2408 Internet Security Association & Key Management Protocol Protocol Establish, modify, and delete SAs Negotiate crypto keys Procedures Authentication.

ISAKMP RFC 2408 Internet Security Association & Key Management Protocol Protocol Establish, modify, and delete SAs Negotiate crypto keys Procedures Authentication.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.

1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
1 IP Security (IPSec) Thomas Lee Chief Technologist –QA

1 IP Security (IPSec) Thomas Lee Chief Technologist –QA
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Similar presentations

Ads by Google