Advanced Security Technology Concepts

318 0944_05F9_c1
1999, Cisco Systems, Inc.
Advanced Security Technology Concepts

Session 318
318 0944_05F9_c1 1999, Cisco Systems, Inc.
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
What Is Cryptography
A way of keeping information private Provides authentication and integrity Nonrepudiation Requires key management A communications enabler Communication with confidence
318 0944_05F9_c1
Agenda
Encryption Concepts and Terminology The PKI and CEP A Day In the Life of an IPSec Packet IPSec Implementation Issues
318 0944_05F9_c1
Encryption Concepts and Terminology
318 318 0944_05F9_c1 1999, Cisco Systems, Inc. 0944_05F9_c1 1999, Cisco Systems, Inc.
55
Confidentiality
Confidentialitycommunicating such that the intended recipients know what was being sent but unintended parties cannot determine what was sent
318 0944_05F9_c1
Keys
Pub Pri Pub Pri
WAN
DES DES
Each device has three keys:

1. A private key that is kept secret and never shared. Used to sign messages 2. A public key that is shared. Used by others to verify a signature 3. A shared secret key that is used to encrypt data using a symmetric encryption algorithm (e.g., DES)
318 0944_05F9_c1
Key Sizes
Estimated Time for Brute-Force Attack (1995) on Symmetric Keys
Cost 40 100 K 2 secs 1M .2 secs 10 M .02 secs 100 M 2 millisecs 1 B .2 millisec 56 64 80 35 hours 1 year 70,000 yrs 3.5 hours 37 days 7000 years 21 mins 4 days 700 years 2 mins 9 hours 70 years 13 secs 1 hour 7 years 112 1014 yrs 1013 yrs 1012 yrs 1011 yrs 1010 yrs 128 1019 yrs 1018 yrs 1017 yrs 1016 yrs 1015 yrs
318 0944_05F9_c1
Asymmetric or Public-Key Encryption

Public Key Private Key
Networkers
Encryption
&^$!@#l:{Q
Decryption
Networkers
Encryptor and decryptor use different mathematical functions Encryptor and decryptor use different keys Example: Public key algorithms (RSA, Diffie-Hellman) Generate a secret key
318 0944_05F9_c1
The Diffie-Hellman Public Key Exchange

Alice
Secret Value, XA Public Value, YA Secret Value, XB Public Value,
Bob
YA =g
XA
mod p
YA YB
YB = g XB mod p
YB
XA
mod p = g
XA XB
mod p = YA
XB
mod p
(Shared Secret) g is a large prime p size is based on D-H group

318 0944_05F9_c1
10
Diffie-Hellman Example
Host A prime p = 5, primitive g = 3 Choose Xa such that 0 <= Xa < p, Xa = 2 Ya = g ^Xa mod p = 3^2 mod 5 =4 Exchange Values p, g, Ya Host B prime p =5, primitive g = 3 Choose Xb such that 0 <= Xb < p, Xb =4 Yb = g^Xb mod p = 3^4 mod 5 =1 Exchange Values p, g, Yb
Ke = Yb^ Xa mod p = 1^2 mod 5 =1

318 0944_05F9_c1
Ke = Ya^Xb mod p = 4^4 mod 5 =1

11
Symmetric Encryption
Secret Key
Secret Key
Networkers
Encryption
&^$!@#l:{Q
Decryption
Networkers
Encryption and decryption use same mathematical function Encryption and decryption use same key Example: Data Encryption Standard (DES, IDEA RC2, RC4)
318 0944_05F9_c1
12
DES Encryption
Original Clear-Text
Networkers
Clear-Text
Cipher-Text
Networkers Encryption &^$!@#l:{Q Decryption
Peer routers now have identical keys DES encryption turns cleartext into ciphertext Decryption restores cleartext from ciphertext
318 0944_05F9_c1
13
DES TransformsCFB
IV Pi P i+1
EK
EK
C i-1
318 0944_05F9_c1
Ci
C i+1
14
DES TransformsCBC
IV Pi P i+1
EK
EK
EK
C i-1
318 0944_05F9_c1
Ci
C i+1
15
DES Explained
64 bit block plain text
Initial Permutation 32 bits 32 bits Shift 28 bits Shift 28 bits
56 bit Key
i-1
R i-1
Expansion Permutation Compression Permutation Choose 48 bits
XOR
S-Box Substitution
P-Box Permutation
XOR
56 bit Key Ri
16
L
318 0944_05F9_c1
Integrity
Integrityensuring that data is transmitted from source to destination without undetected alteration
318 0944_05F9_c1
17
Message-Digest Algorithms
Secret key and message are hashed together Recomputation of digest verifies that message originated with peer and that message was not altered in transit Also used in digital signatures Examples HMAC-MD5, HMAC-SHA
318 0944_05F9_c1
Secret Key
ge Messa
Hash Function
Hash
18
Hash Algorithms
MD5
Produces a 128 bit hash value Input 512 bit block split as 16 x 32 bit blocks Output is 4 x 32 bit blocks concatenated 4 Chaining variables 4 rounds of 16 operations with 4 functions per round
SHA
Produces a 160 bit hash value Input 512 bit block split as 16 x 32 bit blocks, expanded to 80 x 32 bit blocks Output is 5 x 32 bit blocks concatenated 5 Chaining variables 4 rounds of 20 ops
318 0944_05F9_c1
19
Authentication
AuthenticationKnowing that the data received is the same as the data that was sent and that the claimed sender is in fact the actual sender.
318 0944_05F9_c1
20
10
Digital Signatures
ge Messa
One-way function. Easy to produce hash from message, impossible to produce message from hash
Hash Function
Alice Alice
Hash of Message
s74hr7sh7040236fw 7sr7ewq7ytoj56o457
Sign Hash with Private Key Signature = Encrypted Hash of Message

318 0944_05F9_c1 0872_05F7_c1
21
Signature Verification
Message
Decrypt the Received Signature Signature

e Alic e Alic
Signature Message with Appended Signature
M es sa
ge
Re-Hash the Received Message
Decrypt Using Alices Public Key
Hash Function
Hash of Message
If Hashes are Equal, Signature is Authentic
Hash Message
318 0944_05F9_c1
22
11
Digital Envelope
ge Messa
rett Sec re Sec Bob Bob
rett Sec re Sec Bob Bob
rett Sec re Sec
+
Alice Encrypts Message with a Random Secret Key Encrypt the Secret Key with Bobs Public Key Bob Decrypts the Secret Key with His Private Key, then Decrypts the Message
Used During CA Transactions

318 0944_05F9_c1
23
PKI and CEP
24
12
PKI Components
Registration and Certification Issuance Key Recovery Key Generation Key Storage Certificate Authority Certificate Revocation Certificate Distribution Trusted Time Service
Support for NonRepudiation

318 0944_05F9_c1
25
Certificate Life Cycle and ManagementPKIX
Initialization Certification Useful Life Expiration

318 0944_05F9_c1
Revocation
26
13
Certificates and CAs

BANK
Internet Certificate Authority (CA) verifies identity CA signs digital certificate containing devices public key Verisign On-Site, Entrust PKI, Netscape CA, Microsoft CA
318 0944_05F9_c1
27
X.509v3 Certificate
Binds user identity (Subject Name) to a public key via signature Issuer (CA) signs cert Note cert has defined lifetime Identifies which signature algorithm was used to sign cert Extension fields allow other information to be bound to cert (e.g., subjects clearances)=
318 0944_05F9_c1
Certificate :: = { Version (v3) Serial Number Sign Algorithm ID Issuer Name Validity Period Subject Name Subject Public Key Issuer Unique ID Subject Unique ID Extensions Signature }
28
14
Enrolling a Device with a CA

Home-gw 10.1.2.3 Home-gw 10.1.2.3

318 0944_05F9_c1
Generate public/private keys Send certificate request to CA CA signs certificate Retrieve certificate from CA
29
Certificate Revocation List

List of revoked certificates signed by CA Stored on CA or directory service No requirement on devices to ensure CRL is current
318 0944_05F9_c1
Revoked
Cert 12345 Cert 12241 Cert 22333
30
15
CA RelationshipsHierarchy and Cross-Certification
CA CA CA
Alice Certificate (points issuer to subject) Cross Certificate
318 0944_05F9_c1
CA CA
CA
Bob Carol
CA Certificate Authority
Certificate User
31
Certificate Enrollment Protocol
PKCS #7 for signing and enveloping PKCS #10 for certificate request HTTP and LDAP for transport Requires manual authentication during enrollment CRL distribution is manual
318 0944_05F9_c1
32
16
A Day In the Life of an IPSec Packet
33
IPSec Overview
Interoperable authentication, integrity and encryption
IP (En D a t a cryp ted)
IPSec Header(s) IP AH/ESP

He ad er
318 0944_05F9_c1
34
17
Authentication Header
Firewall Router
All Data in Clear Text
Data integrityno twiddling of bits Origin authenticationdefinitely came from Router Uses keyed-hash mechanism Does NOT provide confidentiality Replay protection
318 0944_05F9_c1
35
AH Authentication and Integrity

IP Header + Data IP Header + Data
Authentication Data (00ABCDEF)
Authentication Data (00ABCDEF)
Firewall Router IP HDR AH Data
318 0944_05F9_c1
36
18
IPSec Authentication Header (AH)

AH header is prepended to IP datagram or to upper-layer protocol IP datagram, part of AH header, and message itself are authenticated with a keyed hash function
318 0944_05F9_c1
Next Payload RESERVED Header Length Security Parameter Index (SPI) Sequence Number Field
Authentication Data
37
Encapsulating Security Payload

Data confidentiality Limited traffic flow confidentiality Data integrity Data origin authentication Anti-replay protection Does not protect IP Header
318 0944_05F9_c1
38
19
ESP Confidentiality and Integrity

Encryption with a Keyed-MAC
Firewall Router IP HDR ESP Data
Authenticated Encrypted
318 0944_05F9_c1
39
IPSec Encapsulating Security Payload Header (ESP)

ESP header is prepended to IP datagram Confidentiality through encryption of IP datagram Integrity through keyed hash function
318 0944_05F9_c1
Security Parameter Index (SPI) Sequence Number Field Initialization Vector Payload Data Padding (If Any) Pad Length Next Header
Authentication Data
40
20
IPSec Modes
IP HDR DATA
Tunnel Mode
New IP HDR IPSec HDR IP HDR DATA Encrypted
IP HDR
DATA
Transport Mode
IP HDR IPSec HDR DATA Encrypted
318 0944_05F9_c1
41
Security Association (SA)

Firewall Router Insecure Channel
Agreement between two entities on method to communicate securely Unidirectionaltwo-way communication consists of two SAs
318 0944_05F9_c1
42
21
Security Associations Enable Your Chosen Policy

Tunnel-Mode AH-HMAC-SHA PFS 50 Transport-Mode ESP-DES-HMAC-MD5 PFS 15
318 0944_05F9_c1
43
IPSec Security Association (SA)

Destination Address Security Parameter Index (SPI) IPSec Transform Key Additional SA Attributes (e.g., lifetime)
205.49.54.237 7A390BC1 AH, HMAC-MD5 7572CA49F7632946 One Day or 100MB
318 0944_05F9_c1
44
22
IKE
Negotiates policy to protect communication Authenticated Diffie-Hellman key exchange Negotiates (possibly multiple) security associations for IPSec A flavor of ISAKMP/Oakley for IPSec Provides PFS
318 0944_05F9_c1
45
Perfect Forward Secrecy (PFS)

Compromise of a single key will permit access to only data protected by that particular key IKE provides PFS if required by using Diffie-Hellman for each rekey If PFS not required, can refresh key material without using Diffie-Hellman
318 0944_05F9_c1
46
23
IKE Authentication
Signatures (RSA or DSS)
Diffie-Hellman secret, identity, hashed together and signed Nonrepudiable proof of communication
Encrypted nonces (RSA only)

Pseudo-random nonce encrypted in other partys public key Nonces, Diffie-Hellman secret, identities hashed Repudiable, deniable exchange
Preshared key
Key is agreed-upon out-of-band Key, Diffie-Hellman secret, identities hashed Limited applicability
318 0944_05F9_c1
47
Cisco IOS IPSec Configuration

! These are the SA policies that will be proposed during Phase 1. ! The policy with the highest priority that is acceptable to each ! peer is chosen
crypto isakmp policy 2 authentication pre-share

! If we are using pre-shared keys they must be ! manually defined on each peer
crypto isakmp key 1234 address 192.168.0.6 crypto isakmp key fred address 192.168.0.20
! These are the transforms or algorithms to be proposed for use ! by IPSec. They may include both an AH and ESP mechanism or ! one of either mechanism. Tunnel Mode is the default.
crypto ipsec transform-set test2 esp-des crypto ipsec transform-set router esp-des espsha-hmac mode transport
318 0944_05F9_c1
48
24
Cisco IOS IPSec Configuration

! If certain traffic matches the rules in access-list 101, then apply ! the crypto map or template. The map is called test1, it requires ! SAs for both ISAKMP and IPSec. The appropriate peer is ! 192.168.0.20 (Fred) and the transform-sets router and test2 ! should be proposed to Fred in order to find the best match to ! be the basis of the IPSec SA. The ISAKMP SAs will be based ! on the ISAKMP policies defined earlier in the config
crypto map test1 10 ipsec-isakmp set peer 192.168.0.20 set transform-set router test2 match address 101
! Apply the crypto map to an interface
interface Ethernet0 ip address 192.168.0.2 255.255.255.0 crypto map test1 access-list 101 permit ip host 192.168.0.2 host 192.168.0.20
318 0944_05F9_c1
49
Establishing the IKE SA

SA Request IPSec (triggered by ACL) Fred Wilma IKE SA Offerdes, sha, rsa sig, D-H group 1, lifetime Policy Match accept offer ISAKMP Phase 1 Oakley Main Mode Fred D-H exchange : KE, nonce Wilma D-H exchange : KE, nonce Fred Authenticate D-H apply Hash Wilma Authenticate D-H apply Hash IKE Bi-Directional SA Established
318 0944_05F9_c1
In the Clear
Protected
50
25
Establishing IPSec SAs
Wilma IPSec SA Offertransform, mode,pfs, authentication,lifetime Policy Match accept offer ISAKMP Phase 2 Oakley Quick Mode Fred D-H exchange or refresh IKE key Wilma D-H exchange or refresh IKE key IPSec Outbound SA Established IPSec Inbound SA Established Protected by the IKE SA
Fred
318 0944_05F9_c1
51
A Day Debug
IKE with preshared keys Fred proposes using esp-des to Wilma, access-list 101 triggers the IPSec requirement. fred#telnet 192.168.0.2 Trying 192.168.0.2
318 0944_05F9_c1
52
26
A Day Debug
Traffic matching an ACL specification triggers a policy formulation by the sender. If more than one policy exists for a particular destination, then gather all relevant policies.
IPSEC(sa_request): , (key eng. msg.) src= 192.168.0.20, dest= 192.168.0.2, src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1), dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-des , lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004
318 0944_05F9_c1
53
A Day Debug
ISAKMP Phase One using Oakley Main Mode. Negotiate an ISAKMP security association (policy). This SA will protect any key and/or parameter negotiation required by other services such as IPSec.
ISAKMP (26): beginning Main Mode exchange ISAKMP (26): processing SA payload. message ID = 0 ISAKMP (26): Checking ISAKMP transform 1 against priority 1 policy ISAKMP: encryption DES-CBC ISAKMP: hash SHA ISAKMP: default group 1 ISAKMP: auth pre-share ISAKMP (26): atts are acceptable. Next payload is 0
318 0944_05F9_c1
54
27
A Day Debug
Exchange public/shared keys and nonces. This is the actual Diffie-Hellman shared secret calculation. Process KE which is the pre-shared key information, then process the nonces and generate the shared key SKEYID which will be used as the actual encryption key.
CRYPTO: DH gen phase 1 status for conn_id 26 slot 0:OK ISAKMP (26): SA is doing pre-shared key authentication ISAKMP (26): processing KE payload. message ID = 0 CRYPTO: DH gen phase 2 status for conn_id 26 slot 0:OK ISAKMP (26): processing NONCE payload. message ID = 0 ISAKMP (26): SKEYID state generated
318 0944_05F9_c1
55
A Day Debug
Next, authenticate the Diffie-Hellman Exchange using SHA as the hash algorithm to make sure the payload information has not be intercepted and tampered with.
ISAKMP (26): processing ID payload. message ID = 0 ISAKMP (26): processing HASH payload. message ID = 0 ISAKMP (26): SA has been authenticated
318 0944_05F9_c1
56
28
A Day Debug
Now, negotiate an SA for IPSec This is ISAKMP Phase 2 using Oakley Quick Mode
ISAKMP (26): beginning Quick Mode exchange, M-ID of -652741699 IPSEC(key_engine): got a queue event... IPSEC(spi_response): getting spi 258023605 for SA from 192.168.0.2 to 192.168.0.20 for prot 3 ISAKMP (26): processing SA payload. message ID = -652741699 ISAKMP (26): Checking IPSec proposal 1 ISAKMP: transform 1, ESP_DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: SA life type in seconds ISAKMP: SA life duration (basic) of 3600
318 0944_05F9_c1
57
A Day Debug
ISAKMP: SA life type in kilobytes ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 ISAKMP (26): atts are acceptable.
IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) dest= 192.168.0.2, src= 192.168.0.20, dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1), src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-des , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
318 0944_05F9_c1
58
29
A Day Debug
Generate a shared key for encryption for IPSec. Generally the original D-H generated shared secret key is refreshed via combining it with a random value (another nonce) as shown below.
ISAKMP (26): processing NONCE payload. message ID = 652741699 ISAKMP (26): processing ID payload. message ID = -652741699 ISAKMP (26): processing ID payload. message ID = -652741699
318 0944_05F9_c1
59
A Day Debug
ISAKMP (26): Creating IPSec SAs inbound SA from 192.168.0.2 to 192.168.0.20 (proxy 192.168.0.2 to 192.168.0.20 ) has spi 258023605 and conn_id 27 and flags 4 lifetime of 3600 seconds lifetime of 4608000 kilobytes outbound SA from 192.168.0.20 to 192.168.0.2 (proxy 192.168.0.20 to 192.168.0.2 ) has spi 251200955 and conn_id 28 and flags 4 lifetime of 3600 seconds lifetime of 4608000 kilobytes IPSEC(key_engine): got a queue event...
318 0944_05F9_c1
60
30
A Day Debug
IPSEC(initialize_sas): , (key eng. msg.) dest= 192.168.0.20, src= 192.168.0.2, dest_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1), src_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-des , lifedur= 3600s and 4608000kb, spi= 0xF6120B5(258023605), conn_id= 27, keysize= 0, flags= 0x4 IPSEC(initialize_sas): , (key eng. msg.) src= 192.168.0.20, dest= 192.168.0.2, src_proxy= 192.168.0.20/255.255.255.255/0/0 (type=1), dest_proxy= 192.168.0.2/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-des , lifedur= 3600s and 4608000kb, spi= 0xEF905BB(251200955), conn_id= 28, keysize= 0, flags= 0x4
318 0944_05F9_c1
61
A Day Debug
Each SA is unidirectional so we need to see two SAs created on each participating peer, one outbound and one inbound :
IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.0.20, sa_prot= 50, sa_spi= 0xF6120B5(258023605), sa_trans= esp-des , sa_conn_id= 27 IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.0.2, sa_prot= 50, sa_spi= 0xEF905BB(251200955), sa_trans= esp-des , sa_conn_id= 28
318 0944_05F9_c1
62
31
Using a CA Entrust Configuration

318 0944_05F9_c1
ip domain-name cisco.com crypto isakmp policy 4 crypto ca identity cisco.com enrollment mode ra enrollment url http://10.0.0.2/cgi-bin query url ldap://10.0.0.2 crl optional
63
CA and CEP Example

Step 1Generate Public/Private Keys
barney(config)#crypto key gen rsa usage The name for the keys will be: barney.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your Signature Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: Generating RSA keys ... [OK] Choose the size of the key modulus in the range of 360 to 2048 for your Encryption Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: Generating RSA keys ... [OK]
318 0944_05F9_c1
64
32
CA and CEP Example

Step 1Generate Public/Private Keys
barney#sho crypto key mypublic rsa % Key pair was generated at: 01:18:43 UTC Mar 1 1999 Key name: barney.cisco.com Usage: Signature Key Key Data: 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00BEDC6C FBD327FC 2AFC7521 F2DE3D04 D3239759 7908C8F1 64F0E58F 0116CF6A 897D6210 2D4BFC80 CE41DF7B AA75ECAA 6680B13F 30F079BE DD361565 A325B72A 3D020301 0001 % Key pair was generated at: 01:18:45 UTC Mar 1 1993 Key name: barney.cisco.com Usage: Encryption Key Key Data: 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C06DC2 3AE2BF72 CE9FD6F6 55C13A0D A3C183D5 1E7E4523 E8863DDC D852FD32 86461BBC F10EEA77 8A6A5AC9 AFEF6B0A 03107565 03384DB4 4E6C4A77 0C594B10 31020301 0001
318 0944_05F9_c1
65
CA and CEP Example

Step 2Request the CA and RA Certificates Manually verify Fingerprint of CA
barney(config)#cryp ca auth cisco.com Certificate has the following attributes: Fingerprint: 1A5416D6 2EEE8943 D11CCEE1 3DEE9CE7 % Do you accept this certificate? [yes/no]: y
318 0944_05F9_c1
66
33
CA and CEP Example

Step 2Request the CA and RA Certificates Manually verify Fingerprint of CA
318 0944_05F9_c1
67
CA and CEP Example

Step 3Enrol the Router with the CA
barney(config)#cry ca enrol cisco.com % Start certificate enrollment .. % Create a challenge password. You will need to verbally provide this password to the CA Administrator in order to revoke your certificate. For security reasons your password will not be saved in the configuration. Please make a note of it. Password: Re-enter password: % The subject name in the certificate will be: barney.cisco.com % Include the router serial number in the subject name? [yes/no]: n % Include an IP address in the subject name? [yes/no]: n Request certificate from CA? [yes/no]: y
318 0944_05F9_c1
68
34
CA and CEP Example

Step 3Enrol the Router with the CA Fingerprints sent to CA for manual verification
barney(config)# Signing Certificate Request Fingerprint: 4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB Encryption Certificate Request Fingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7
318 0944_05F9_c1
69
CA and CEP Example

Step 3Enrol the Router with the CA Fingerprints sent to CA for manual verification
318 0944_05F9_c1
70
35
CA and CEP Example

Step 4CA grants Certificates Status Pending -> Available
barney#sho cryp ca cert Certificate Subject Name Name: barney.cisco.com Status: Pending Key Usage: Signature Fingerprint: 4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB Certificate Subject Name Name: barney.cisco.com Status: Pending Key Usage: Encryption Fingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7
318 0944_05F9_c1
71
CA and CEP Example

Step 4CA grants Certificates
318 0944_05F9_c1
72
36
Certificate Debug
00:02:29: ISAKMP (2): Checking ISAKMP transform 1 against priority 5 policy 00:02:29: ISAKMP: encryption DES-CBC 00:02:29: ISAKMP: hash MD5 00:02:29: ISAKMP: default group 1 00:02:29: ISAKMP: auth RSA sig
318 0944_05F9_c1
73
Certificate Debug
00:02:29: ISAKMP (2): atts are acceptable. Next payload is 0 00:02:29: ISAKMP (2): SA is doing RSA signature authentication 00:02:29: ISAKMP (2): processing KE payload. message ID = 0 00:02:29: ISAKMP (2): processing NONCE payload. message ID = 0 00:02:29: ISAKMP (2): SKEYID state generated 00:02:30: ISAKMP (2): processing ID payload. message ID = 0 00:02:30: ISAKMP (2): processing CERT payload. message ID = 0 00:02:30: ISAKMP (2): processing a CT_X509_SIGNATURE cert 00:02:30: ISAKMP (2): cert approved with warning 00:02:30: ISAKMP (2): processing CERT_REQ payload. message ID = 0 00:02:30: ISAKMP (2): peer wants a CT_X509_SIGNATURE cert 00:02:30: ISAKMP (2): processing SIG payload. message ID = 0 00:02:30: ISAKMP (2): SA has been authenticated with 10.0.0.3 00:02:30: ISAKMP (2): processing SA payload. message ID = 1451572340
318 0944_05F9_c1
74
37
IPSec Implementation Issues
318 318 0944_05F9_c1 1999, Cisco Systems, Inc. 0944_05F9_c1 1999, Cisco Systems, Inc.
75 75
IPSec and Scaling

Famous
IPSec IPSec
192.168.100.0
.2 172.21.115.0 172.21.114.0 Charlie .1 .1 .2

IPSec IPSec
HQ
.1
Detective
.2
IPSec IPSec
172.21.116.0
192.168.150.0
318 0944_05F9_c1
76
38
Scaling Example 1 Central Site Router

crypto map HQ 10 ipsec-isakmp set peer 172.21.115.1 set peer 172.21.116.1 set transform-set encrypt-des match address 101
318 0944_05F9_c1
77

crypto map HQ 10 ipsec-isakmp set peer 172.21.115.1 set transform-set encrypt-des match address 101 crypto map HQ 20 ipsec-isakmp set peer 172.21.116.1 set transform-set encrypt-des match address 102
318 0944_05F9_c1
78
39
crypto dynamic-map AcceptRemote 20 set transform-set encrypt-des crypto map dynamicHQ 10 ipsecisakmp dynamic AcceptRemote
318 0944_05F9_c1
79
Scaling for Large Networks Options
Multihop encryption Tunnel endpoint discovery All-or-nothing approach Registration server
318 0944_05F9_c1
80
40
Enable Mobile Users with Layer 2TP and IPSec

IPSec and IKE PPP Layer 2TP 1. Client dials ISP uses PPP via modem 2. Client dials gateway using Layer 2TP via VPN port 3. AAA and assign configuration by gateway 4. IPSec transport mode established between client and gateway
318 0944_05F9_c1
81
Enable Mobile Users with Mode Config IKE Extension

IKE SA IPSec SAs ISAKMP Transaction Exchange 1. Dial ISP using PPP via modem 2. Establish the IKE SA with gateway 3. Send ISAKMP_CFG_REQUEST to gateway 4. Gateway sends ISAKMP_CFG_REPLY 5. Client has internal attributes, establish IPSec SAs
318 0944_05F9_c1
PPP
82
41
IPSec, NAT and Cisco IOS Firewall

10.0.0.0 255.255.255.240 .2 .20 172.17.11.0 255.255.255.0 .1 .1 .2 LO0: 30.30.30.30 255.255.255.0 Cisco IPSec Peer .6 .1 192.168.1.0 255.255.255.0 .2 .12
IRE Client Workstation IPSec Peer
192.168.0.0 255.255.255.0
318 0944_05F9_c1
83

version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname wilma ! enable secret 5 $1$baf6$1VAnALbAuaJheCXi.u3fV0 enable password cisco ! ip subnet-zero ! NAT Config translate all inside source addresses matching access! list 1 to those addresses defined in the pool outside. Also define a !static translation for the inside web server 192.168.0.20 ip nat pool outside 172.17.1.30 172.17.1.50 netmask 255.255.255.0 ip nat inside source list 1 pool outside ip nat inside source static 192.168.0.20 172.17.1.20
318 0944_05F9_c1
84
42

! IOS Firewall Timeout declarations ip inspect name firewall tcp timeout 3600 ip inspect name firewall udp timeout 15 ! ! Define your IKE Policies. All will be offered to the Peer and the most ! secure match will be used crypto isakmp policy 1 hash md5 authentication pre-share ! ! If the peer can accept this policy, then it will be used as it is more ! secure than Policy 1 crypto isakmp policy 2 authentication pre-share group 2 lifetime 360 ! ! Define the Pre-Shared Keys of your Peers crypto isakmp key ciscosys address 10.0.0.6
318 0944_05F9_c1
85

! IPSec policies are defined here. These include your AH and ESP ! choices as well as the mode of operation. crypto ipsec transform-set dessha esp-des esp-sha-hmac crypto ipsec transform-set ahmd5 ah-md5-hmac crypto ipsec transform-set desmd5tr esp-des esp-md5-hmac mode transport crypto ipsec transform-set desmd5 esp-des esp-md5-hmac ! ! When dealing with multiple clients a dynamic crypto map can be ! used so that the peers identity need not be defined here. Note ! that this router must still authenticate the incoming client via ! either a Pre-Shared key, or a certificate. This is the dynamic ! maps template. crypto dynamic-map remotes 1 set transform-set desmd5 match address 120
318 0944_05F9_c1
86
43

! Regular crypto maps are defined here. The first map allows the ! use of PFS such that a brand new Diffie-Hellman exchange is ! performed during each IKE quick mode. The identity of this peer ! is defined by its loopback address. If the loopback is used it must ! be a public address, IPSec is done first, then NAT crypto map iosirepfs local-address Loopback0 crypto map iosirepfs 1 ipsec-isakmp set peer 10.0.0.6 set transform-set desmd5 set pfs group1 match address 120 ! This crypto map uses the dynamic template defined above. crypto map iosirerem 1 ipsec-isakmp dynamic remotes
318 0944_05F9_c1
87

interface Loopback0 ip address 30.30.30.30 255.255.255.0 no ip directed-broadcast ! ! We want to use NAT and also make sure we trigger the ! IOS Firewall such that conversations initiated on the ! inside have a dynamic stateful (CBAC) access-list ! created. interface Ethernet0 ip address 192.168.0.1 255.255.255.0 ip access-group 110 in no ip directed-broadcast ip nat inside ip inspect firewall in
318 0944_05F9_c1
88
44

! Inside source addresses are translated to the outside ! pool. All incoming traffic is examined by the ! firewall via access-group 111. For IPSec, the crypto ! map is applied. interface Serial0 ip address 192.168.1.1 255.255.255.0 ip access-group 111 in no ip directed-broadcast ip nat outside no ip mroute-cache no keepalive crypto map iosirerem
318 0944_05F9_c1
89
! ACL for NAT translation, any source IP from the ! 192.168.0.0 subnet will be translated access-list 1 permit 192.168.0.0 0.0.0.255 ! ! ACL triggers CBAC on traffic initiated on the inside of ! the firewall access-list 110 permit tcp any any access-list 110 permit udp any any access-list 110 permit icmp any any
318 0944_05F9_c1
90
45

! Before the firewall will allow traffic initiated on the outside in, ! that traffic must satisfy this list access-list 111 permit udp host 10.0.0.6 host 192.168.1.1 access-list 111 permit esp host 10.0.0.6 host 192.168.1.1 access-list 111 permit ahp host 10.0.0.6 host 192.168.1.1 access-list 111 permit tcp host 10.0.0.6 host 172.17.1.20 eq www access-list 111 permit icmp host 10.0.0.6 any access-list 111 permit udp host 10.0.0.6 host 172.17.1.20 eq tftp ! ! Encrypt any traffic matching these conditions. Note that the ! NATd addresses are the source addresses. access-list 120 permit ip 172.17.1.0 0.0.0.255 host 10.0.0.6
318 0944_05F9_c1
91
Configuring GRE Tunnels

crypto map my_crypto_map 10 set algorithm 40-bit-des set peer r3-4k match address 128 interface Tunnel0 ip address 5.5.5.3 255.255.255.0 tunnel source Loopback0 tunnel destination 1.1.6.1 crypto map my_crypto_map interface Serial0 ip address 2.2.5.3 255.255.255.0 crypto map my_crypto_map access-list 128 permit gre host 2.2.6.3 host 1.1.6.1
318 0944_05F9_c1
92
46
VOIP and IPSec

1750 Router name: vvpn_1 201.168.4.1
Internet
201.168.2.1
1750 Router name: vvpn_2
Phone Number: 1750-120
Phone Number: 1750-220
IPSec ACL must specify WAN endpoints/subnets to facilitate RTP, H.225 Port numbers used for VOIP may not be well-known and may be negotiated
318 0944_05F9_c1
93
VOIP and IPSec Notes

Due to additional headers and packet expansion,an RTP frame of G.729 encoded voice is 100 bytes across an IPSEC facility At 50pps 100 byteframes, a 56kb link can only accommodate a single call (50 x 100bytes = 40kb) RTP header compression is not available to IPSEC frames
318 0944_05F9_c1
94
47
VOIP and IPSec Notes
RTP packets cannot be distinguished within an ESP encrypted flow. So interleaving between fragments is not possible Increasing bandwidth for smaller packets sizes is good for IPSec and VOIP
318 0944_05F9_c1
95
QOS and IPSec
Diff-serventire TOS byte is copied to the IPSEC header so precedence can be applied. The additional length may change the packets service characteristics QOS must be implemented before IPSec
318 0944_05F9_c1
96
48
Performance
Model 1600 2500 2600 3640 4700 7206 7505
318 0944_05F9_c1
Suggested Bandwidth up to 64Kb - 128Kb up to 128Kb up to 512Kb up to 1.5Mb up to 2.0Mb up to 2.5Mb up to 6.0Mb
97
Encryption Performance Stats

Model Baseline 2514 2.49.9 CET Auth. Encrypt Auth. and only only Encrypt. 0.11.0 0.16 0.10.2 0.25 0.66.1 0.72.5 0.52.1 Suggested Bandwidth up to 128 kbps up to 1.5 Mbps up to 2.0 Mbps up to 2.5 Mbps up to 6.0 Mbps
0.2 0.3 3640 9.9+ 2.0 4.0 4700 9.59.9 4.9 1.49.1 1.53.1 1.12.6 5.3 7206 9.9+ 2.9 1.09.1 1.13.5 0.92.9 5.5 7505* 9.9+ 9.2 2.99.4 3.69.1 2.67.9 9.9 * The processing of IPSec is done on the RSP.
318 0944_05F9_c1
98
49
Reference Material
Applied Cryptography [2nd Edition], Bruce Schneier, Addison-Wesley Cryptography and Network Security, William Stallings, Prentice Hall Web Security and Commerce, Garfinkel and Spafford, OReilly Internet Cryptography, Richard E Smith, Addison Wesley Internet Drafts and RFCswww.ieft.org, Public-Key Infrastructure and IP Security Protocol Charters
318 0944_05F9_c1
99
Please Complete Your Evaluation Form

Session 318
100
50
318 0944_05F9_c1
101
51

Advanced Security Technology Concepts

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Advanced Security Technology Concepts

Încărcat de

Drepturi de autor:

Formate disponibile

318 0944_05F9_c1

1999, Cisco Systems, Inc.