© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs IPsec Components and IPsec VPN Features

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec Overview

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v What Is IPsec? IPsec is an IETF standard that employs cryptographic mechanisms on the network layer: –Authentication of every IP packet –Verification of data integrity for each packet –Confidentiality of packet payload Consists of open standards for securing private communications Scales from small to very large networks Is available in Cisco IOS software version 11.3(T) and later Is included in PIX Firewall version 5.0 and later

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec Security Features IPsec is the only standard Layer 3 technology that provides: Confidentiality Data integrity Authentication Replay detection

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec Protocols IPsec uses three main protocols to create a security framework: Internet Key Exchange (IKE): –Provides framework for negotiation of security parameters –Establishment of authenticated keys Encapsulating Security Payload (ESP): –Provides framework for encrypting, authenticating, and securing of data Authentication Header (AH): –Provides framework for authenticating and securing of data

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec Headers IPsec ESP provides the following: Authentication and data integrity (MD5 or SHA-1 HMAC) with AH and ESP Confidentiality (DES, 3DES, or AES) only with ESP

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Peer Authentication Peer authentication methods: Username and password OTP (Pin/Tan) Biometric Preshared keys Digital certificates

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Internet Key Exchange

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Internet Key Exchange IKE solves the problems of manual and unscalable implementation of IPsec by automating the entire key exchange process: Negotiation of SA characteristics Automatic key generation Automatic key refresh Manageable manual configuration

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IKE Phases Phase 1: –Authenticate the peers –Negotiate a bidirectional SA –Main mode or aggressive mode Phase 1.5: –Xauth –Mode config Phase 2: –IPsec SAs/SPIs –Quick mode

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IKE Modes

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IKE: Other Functions

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IKE: Other Functions Dead peer detection (DPD): –Bidirectional –Sent on periodic intervals –Sender must receive a reply or disconnect IKE keepalives are unidirectional and are sent every 10 seconds. NAT traversal: –Defined in RFC 3947 –Encapsulates IPsec packet in UDP packet Mode config (Push Config) and Xauth (User Authentication)

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec and NAT: The Problem

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec NAT Traversal Need NAT traversal with IPsec over TCP/UDP: NAT traversal detection NAT traversal decision UDP encapsulation of IPsec packets UDP encapsulated process for software engines

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Mode Configuration Mechanism used to push attributes to IPsec VPN clients

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Easy VPN Dynamically updated: –Central services and security policy –Offload VPN function from local devices –Client and network extension mode Centralized control: –Configuration and security policy pushed at the time of the VPN tunnel establishment

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Xauth Mechanism used for user authentication for VPN clients

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v ESP and AH

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v ESP and AH IPsec protocols: –ESP or AH –ESP uses IP protocol number 50 –AH uses IP protocol number 51 IPsec modes: –Tunnel or transport mode –Tunnel mode creates a new additional IP header –The Message is concatenated with a symmetric key

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v ESP and AH Header ESP allows encryption and authenticates the original packet. AH authenticates the whole packet (including the header) and does not allow encryption.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v AH Authentication and Integrity

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v ESP Protocol Provides confidentiality with encryption Provides integrity with authentication

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Tunnel and Transport Mode

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Message Authentication and Integrity Check

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Message Authentication and Integrity Check Using Hash A MAC is used for message authentication and integrity check. Hashes are widely used for this purpose (HMAC).

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Commonly Used Hash Functions MD5 provides 128-bit output. SHA-1 provides 160-bit output (only first 96 bits used in IPsec). SHA-1 is computationally slower than MD5, but more secure.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Symmetric vs. Asymmetric Encryption Algorithms

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Symmetric vs. Asymmetric Encryption Algorithms Symmetric algorithm: –Secret key cryptography –Encryption and decryption use the same key –Typically used to encrypt the content of a message –Examples: DES, 3DES, AES Asymmetric algorithm: –Public key cryptography –Encryption and decryption use different keys –Typically used in digital certification and key management –Example: RSA

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Key Lengths of Symmetric vs. Asymmetric Encryption Algorithms Symmetric Key LengthAsymmetric Key Length ,360 Comparable key lengths required for asymmetric keys compared to symmetric keys

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Security Level of Cryptographic Algorithms Security LevelWork FactorAlgorithms WeakO(2 40 )DES, MD5 LegacyO(2 64 )RC4, SHA-1 BaselineO(2 80 )3DES StandardO(2 128 )AES-128, SHA-256 HighO(2 192 )AES-192, SHA-384 UltraO(2 256 )AES-256, SHA-512

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Symmetric Encryption: DES Symmetric key encryption algorithm Block cipher: Works on 64-bit data block, uses 56-bit key (last bit of each byte used for parity) Mode of operation: Apply DES to encrypt blocks of data

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Symmetric Encryption: 3DES 168-bit total key length Mode of operation decides how to process DES three times Normally: encrypt, decrypt, encrypt 3DES requires more processing than DES

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Symmetric Encryption: AES Formerly known as Rijndael Successor to DES and 3DES Symmetric key block cipher Strong encryption with long expected life AES can support 128-, 192-, and 256-bit keys; 128-bit key is considered safe

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Asymmetric Encryption: RSA Based on Diffie-Hellman key exchange (IKE) principles Public key to encrypt data, and to verify digital signatures Private key to decrypt data, and to sign with a digital signature Perfect for insecure communication channels

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Diffie-Hellman Key Exchange

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Diffie-Hellman Key Exchange (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v PKI Environment

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v PKI Environment

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Certificate Authority The trust basis of a PKI system Verifies user identity, issues certificates by binding identity of a user to a public key with a digital certificate Revokes certificates and publishes CRL In-house implementation or outsourcing

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v X.509 v3 Certificate

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v PKI Message Exchange

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v PKI Credentials How to store PKI credentials: RSA keys and certificates NVRAM eToken: –Cisco 871, 1800, 2800, 3800 Series router –Cisco IOS Release 12.3(14)T image –Cisco USB eToken –A k9 image

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Summary IPsec provides a mechanism for secure data transmission over IP networks. The IKE protocol is a key management protocol standard used in conjunction with the IPsec standard. IKE has some additional functions: DPD, NAT traversal, encapsulation in UDP packet, config mode, and Xauth. The two IP protocols used in the IPsec standard are ESP and AH. For message authentication and integrity check, an HMAC is used. The two types of encryption are symmetric encryption and asymmetric encryption. PKI provides customers with a scalable, secure mechanism for distributing, managing, and revoking encryption and identity information in a secured data network.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v