duplicated. IPsec packets are protected by
comparing the sequence number of the received packets and a
sliding window on the destination host, or security gateway. A
packet whose sequence number is before the sliding window is
considered late, or a duplicate. Late and duplicate packets are
dropped.
Content 3.2
Understanding IPsec Components and IPsec VPN Features
3.2.2 IPsec Protocols and Headers The IPsec
standard provides a method to manage authentication and data
protection between multiple peers engaging in secure data
transfer. IPsec includes a protocol for exchanging keys called
Internet Key Exchange (IKE) and two IPsec IP protocols,
Encapsulating Security Payload (ESP) and Authentication Header
(AH). In simple terms, IPsec provides secure tunnels between
two peers, such as two routers. The sender defines what packets
need protection and will be sent through these secure tunnels
and then defines the parameters that are needed to protect
these sensitive packets by specifying the characteristics of
these tunnels. Then, when the IPsec peer sees such a sensitive
packet, the IPsec peer sets up the appropriate secure tunnel
and sends the packet through the tunnel to the remote peer.
More accurately, these tunnels are sets of Security
Associations (SA)s). established between two remote IPsec
peers. The Security Associations define which protocols and
algorithms should be applied to sensitive packets and specify
the keying material to be used by the two peers. Security
Associations are unidirectional and are established by the
security protocol that is being used (AH or ESP). IPsec uses
three main protocols to create a security framework:
- IKE: Provides a framework for the negotiation of
security parameters and establishes authenticated keys. IPsec
uses symmetrical encryption algorithms for data protection,
which are more efficient and easier to implement in hardware
than other types of algorithms. These algorithms need a secure
method of key exchange to ensure data protection. The IKE
protocols provide the capability for secure key exchange.
- AH: The IP Authentication Header (AH) provides
connectionless integrity and data origin authentication for IP
datagrams and optional protection against replays. AH is
embedded in the data that needs to be protected. ESP has
replaced the AH protocol, and AH is no longer used very often
in IPsec.
- ESP: Encapsulating Security Payload
(ESP) provides a framework for encrypting, authenticating, and
securing data. ESP provides data privacy services, optional
data authentication, and anti-replay services. ESP encapsulates
the data that needs protection. Most IPsec implementations use
the ESP protocol.
Note
RFC 2401 defines
the architecture for IPsec, including the framework and the
services that are provided. RFC 2401 also defines how the
services work together and how and where to use the services.
Other RFCs define individual protocols. Beyond these protocols,
the framework consists of the implementation specifics, such as
the exact encryption algorithm and the key length that is used
for ESP. IPsec Headers
IPsec provides
authentication, integrity, and encryption via the insertion of
one or both of two specific headers, AH or ESP, into the IP
datagram. The AH provides authentication and integrity checks
on the IP datagram. Successful authentication means that the
packet was, indeed, sent by the apparent sender. Integrity
means the packet was not changed during transport. The ESP
header provides information that indicates encryption of the
datagram payload contents. The ESP header also provides
authentication and integrity checks.
AH and ESP are used
between two hosts. These hosts may be end stations or
gateways. Note
AH and ESP provide services to
transport layer protocols such as TCP and User Datagram
Protocol (UDP). AH and ESP are Internet protocols and are
assigned numbers 51 (AH) and 50 (ESP) by the Internet Assigned
Numbers Authority (IANA). AH and ESP solutions require a
standards-based way to secure data from modification and being
read by a third party. IPsec has a choice of different
encryptions (Data Encryption Standard [DES], Triple Data
Encryption Standard [3DES], and Advanced Encryption Standard
[AES]) so that users can choose the strength of their data
protection. IPsec also has several hash methods to choose from
(Hash-based Message Authentication Code [HMAC], Message Digest
5 [MD5], and Secure Hash Algorithm 1 [SHA-1]), each giving
different levels of protection.
Content 3.2
Understanding IPsec Components and IPsec VPN Features
3.2.3 Internet Key Exchange To implement a VPN
solution with encryption, it is necessary to periodicaly change
the encryption keys. Failure to change these keys makes the
network susceptible to brute-force attacks. IPsec solves the
problem of suseptability with the Internet Key Exchange (IKE)
protocol, which uses two other protocols to authenticate a peer
and generate keys. The IKE protocol uses the DH key exchange to
generate symmetrical keys to be used by two IPsec peers. IKE
also manages the negotiation of other security parameters, such
as data to be protected, strength of the keys, hash methods
used, and whether packets are protected from replay. IKE uses
UDP port 500. IKE negotiates a security association (SA), which
is an agreement between two peers engaging in an IPsec
exchange, and consists of all the parameters that are required
to establish successful communication. IPsec uses the IKE
protocol to provide these functions: - Negotiation of
SA characteristics
- Automatic key generation
- Automatic key refresh
- Manageable manual
configuration
A security association (SA) requires
the following: - Internet Security Association and
Key Management Protocol (ISAKMP): ISAKMP is a protocol
framework that defines the mechanics of implementing a key
exchange protocol and negotiating a security policy. ISAKMP can
be implemented over any transport protocol. The reference
document for ISAKMP is RFC 2408.
- SKEME: A key
exchange protocol that defines how to derive authenticated
keying material with rapid key refreshment.
-
OAKLEY: A key exchange protocol that defines how to
acquire authenticated keying material. The basic mechanism for
OAKLEY is the DH key exchange algorithm. The reference document
is RFC 2412: The OAKLEY Key Determination
Protocol.
IKE automatically negotiates IPsec SAs
and enables IPsec secure communications without costly manual
preconfiguration. IKE includes these features: -
Eliminates the need to manually specify all of the IPsec
security parameters at both peers
- Allows
specification for a lifetime for the IPsec SA
- Allows
encryption keys to change during IPsec sessions
-
Allows IPsec to provide anti-replay services
- Permits
certification authority (CA) support for a manageable, scalable
IPsec implementation
- Allows dynamic authentication of
peers
Interactive Media Activity
Checkbox: The Benefits of IKE Upon completion of this
activity, the student will be able to better understand how
IPsec uses IKE and the benefits of IKE.
Content
3.2 Understanding IPsec Components and IPsec VPN
Features 3.2.4 IKE Phases and Modes IKE is
executed in two phases to establish a secure communication
channel between two peers: - IKE Phase 1: Phase
1 is the initial negotiation of SAs between two IPsec peers.
Optionally, Phase 1 can also include an authentication in which
each peer is able to verify the identity of the other. This
conversation between two IPsec peers can be subject to
eavesdropping with no significant vulnerability of the keys
being discovered by the third party. Phase 1 SAs are
bidirectional; data can be sent and received using the same key
material that is generated. IKE Phase 1 occurs in two modes:
main mode or aggressive mode. These modes are explained in the