ISAKMP IKE - PowerPoint PPT Presentation

About This Presentation
Title:

ISAKMP IKE

Description:

Policy Negotiation. ISAKMP Protocols are constructed by ... Negotiate security services. 3. ISAKMP Exchange Types. Basic = 1. Authentication. Key Exchange ... – PowerPoint PPT presentation

Number of Views:421
Avg rating:3.0/5.0
Slides: 21
Provided by: sud2
Learn more at: http://www.cs.fsu.edu
Category:
Tags: ike | isakmp | negotiate

less

Transcript and Presenter's Notes

Title: ISAKMP IKE


1
Lecture 14
  • ISAKMP / IKE
  • Internet Security Association and Key Management
    Protocol / Internet Key Exchange
  • CIS 4362 - CIS 5357
  • Network Security

2
ISAKMP
  • Policy Negotiation
  • ISAKMP Protocols are constructed by chaining
    together ISAKMP payloads to an ISAKMP header
  • Two Phases
  • Establish a key-exchange SA
  • Negotiate security services

3
ISAKMP Exchange Types
  • Basic 1
  • Authentication
  • Key Exchange
  • Saturation protection
  • Identity Protection 2 (Main mode IKE)
  • Authentication
  • Key Exchange
  • Protects users identities
  • Authentication Only 3
  • Authentication
  • Aggressive 4 (Aggressive Mode IKE)
  • Authentication
  • Key exchange
  • No saturation protection
  • Informational 5
  • Information only

4
ISAKMP Data Exchange Phases
  • Establish a secure channel
  • Use the secure channel to exchange information
    for a protocol (such as IPSEC)

5
ISAKMP Payload Types
  • Certificate request
  • Hash
  • Signature
  • Nonce
  • Notification
  • Delete SA
  • Initiate SA
  • Protocol cipher Proposal
  • Transform ltSA attributegt
  • Key Exchange
  • Identification
  • Certificate

6
ISAKMP Fixed Header Format
  • Initiator Cookie (64 bits)
  • Responder Cookie (64 bits) (null in message from
    the originator
  • Next Payload (8 bits)
  • Major ISAKMP Version (4 bits)
  • Minor ISAKMP Version (4 bits)
  • Exchange Type (8 bits)
  • Flags (8 bits)
  • Message ID (32 bits)
  • Message length (32 bits)

7
Example ISAKMP Header Payload
ISAKMP Header
Key Exchange Payload
Nonce Payload
8
IKE Phases
  • In a design similar to Kerberos, IKE performs a
    phase 1 mutual authentication based on public
    keys and phase 2 re-authentication based on
    shared secrets (from phase 1).
  • This allows multiple SAs to re-use the same
    handshake.
  • Phase 1 has two modes
  • Aggressive mode (3 messages)
  • Main mode (6 messages)

9
IKE Phase 1 Aggressive Mode
Alice
Bob
In aggressive mode, Alice chooses some Elgamal
context (p, g). Bob may not support it, and
reject the connection. If that happens, Alice
should try and connect to Bob using main
mode. Aggressive mode provides mutual
authentication, and a shared secretgab mod p,
which can be used to derive keys for the
symmetric crypto protocols.
10
IKE Phase 1 Main Mode
Alice
Bob
K gab mod p
11
Reasoning about IKE
  • The SIGn-and-MAc (SIGMA) family of key exchange
    protocols.
  • Introduced by Krawczyk to the IPsec working group
    (1995), replaced Photuris.
  • Several interesting properties, tried to plug
    certain holes in existing Key Exchange Protocols.

12
Security Goals of SIGMA
  • Mutual Authentication
  • Key-binding Consistency
  • If honest A establishes a key K, believing that B
    is the other session peer, and B establishes the
    same key K, it should believe that A is the peer
    in this exchange
  • Secrecy (of the computed key)
  • Optional
  • Identity Protection, providing anonymity against
    eavesdroppers for the two parties in a
    communication

13
Example of a BADH protocol(Basic Authenticated
DH)
Alice
Bob
K derived from gxy
The inclusion of both exponentials in each
signature prevents replay attacks, but does not
provide for key binding consistency.
14
Key Binding Inconsistency
Alice
Bob
E
Outcome Alice thinks she shares key K with Bob,
while Bob thinks that he shares the same K with
Eve. Eve does not know the key, so this does not
violate authentication and/or secrecy.
15
STS Protocol
Alice
Bob
K derived from gxy
  • Intuitively this solves the consistency problem,
    but no proof exists.
  • What if Eve registers Alices public key on her
    name?
  • Even if Eve does not know Alices secret key, she
    may be able to perform replay attacks to violate
    consistency of key binding

16
ISO Key Exchange
Alice
Bob
  • Does not provide identity protection.
  • Could be fixed by having Alice send an alias
  • A h(A, r), which is revealed later, and have
    the other
  • messages be encrypted under the DH key.

17
Sigma Protocol (Basic)
Alice
Bob
Output from DH-value gxy encryption key Ke, mac
key Km
18
SIGMA-I
Alice
Bob
Identity of the sender is protected against both
passive and active attacks. The identity of the
receiver is protected against passive attacks.
19
Phase 1 Main mode, (shared secret
authentication)
Alice
Bob
Pre-shared secret J
K f(J, gab mod p, nA, nB, cA, cB)
20
IKE Phase 2quick mode
Alice
Bob
  • X, Y are session-identifiers for this flow
  • X contains the cookies of the corresponding phase
    1,
  • Y is 32-bit to identify this particular
    connection.
  • Optionally some tags may be included to identify
  • the type of traffic to be sent.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ISAKMP IKE" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!