UNH-IOL IPsec Introduction - ESP 5996 - IKEv2 4835 - Required Algorithms 4945 - Public Key Infrastructure (PKI) Really ... Conformance - Most Tests Required, we test all anyway Interoperability

tjcarlin 1 / 43

UNH-IOLIPsec Introduction

Timothy Carlin

May 23, 2012

Overview

Overview

What you’ll learn

ipsec, IPSec, IPSEC,IPsec

IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 2 / 43

What you’ll learn

Overview

What you’ll learn


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 3 / 43

■ IPsec as a Technology■ IPsec as an Architecture■ What the packets look like■ How to read them■ Tools

ipsec, IPSec, IPSEC, IPsec

Overview


What it can mean

What it is

Really

IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 4 / 43

What it can mean

Overview


What it can mean

What it is

Really

IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 5 / 43

■ A lot!■ Can refer to:

◆ Encryption◆ Protection◆ Keying◆ VPNs◆ Generic Security (Think Firewall)

What it is

Overview


What it can mean

What it is

Really

IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 6 / 43

■ Lots of RFCs!

◆ 4301 - IPsec◆ 4303 - ESP◆ 5996 - IKEv2◆ 4835 - Required Algorithms◆ 4945 - Public Key Infrastructure (PKI)

Really

Overview


What it can mean

What it is

Really

IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 7 / 43

■ Infrastructure/Guidelines/Rules to offer Protection of NetworkTraffic

◆ What traffic to protect◆ How protect it

■ That’s it.■ It’s not difficult!■ But it is detailed.

IPsec Architecture

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry

Security Association

Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 8 / 43

RFC4301

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 9 / 43

Defines:

1. Databases2. Modes3. External Behavior4. . . .

Databases

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 10 / 43

■ Security Policy Database (SPD)

◆ Stores Policies◆ Packet Oriented◆ Specify Action (What)

■ Security Association Database (SAD)

◆ Stores Algorithm Information◆ Linked to by a Policy◆ Specify Protection (How)

■ Peer Authorization Database (PAD)

◆ More on this later (Dynamic Keying)

These Databases and the entries are completely independent, yet

inextricably intertwined!

Policy Entry

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 11 / 43

Stores items associated with processing and diverting traffic.

■ Source/Destination (Data Endpoints)■ Upper Layer/Next Protocol

(e.g. TCP/ICMPv6/UDP)■ Source/Dest Port or Protocol Type

(e.g. Port 21, 80, or ICMP Type 0x80, 0x81■ Direction■ Mode (Transport or Tunnel)■ Action (Bypass, Discard, IPsec)■ Link, Pointer, or index to SA■ And more.


Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 12 / 43

Stores items associated with processing traffic for IPsec

■ Source/Destination (Tunnel Endpoints)■ SPI (Security Parameter Index)■ Encryption Algorithm and Key■ Authentication Algorithm and Key■ Mode (Transport or Tunnel)■ Sequence Numbers■ Protocol (ESP, . . .)■ Timers, Counters, etc.

Device Types

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 13 / 43

Two types of IPsec Devices:

■ End-Node

◆ Like it sounds, provides services only for itself◆ Hosts are usually End-Nodes

■ Security Gateway

◆ Provides tunneled IPsec services for other devices◆ Routers can usually be SGWs, Hosts can be, without being a

router

Don’t think of these as Host/Router!! They are different, andindependent device types!

Packet Modes

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 14 / 43

Two ways to process packets:

■ Transport Mode

◆ Data Occuring after IP is Encrypted

◆ End-to-End Encryption

◆ Addresses in the Clear

◆ End-Node - MUST, SGW - MAY

■ Tunnel Mode

◆ New IP Header Inserted (Outer/Inner)

◆ Like other tunneling

◆ End Devices Need not be aware of services

◆ End Devices Identity protected

◆ Somewhat more complicated

◆ MUST for End-Node and SGW

Configuration

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 15 / 43

Two different methods of Configuration, or Keying:

Conf. Method #1

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 16 / 43

Manual

■ There is a lot to configure, and it’s required to support it■ Obviously, this leaves room for error■ Mostly used for debugging (though usually causes it)■ Should NEVER be used in production networks (keys never

change!)■ Pay attention OSPF.■ Exponentially bad.

Conf. Method #2

Overview


IPsec Architecture

RFC4301

Databases

Policy Entry


Device Types

Packet Modes

Configuration

Conf. Method #1

Conf. Method #2

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 17 / 43

Automated

■ There is still a lot to configure!■ Still a lot of room for error!■ But! Once it’s configured correctly, it’s good forever.

Protocols

Overview


IPsec Architecture

Protocols

ESP

ESP (cont.)

IKEv2

IKEv2 (cont.)

IKEv2 (cont.)

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 18 / 43

ESP

Overview


IPsec Architecture

Protocols

ESP

ESP (cont.)

IKEv2

IKEv2 (cont.)

IKEv2 (cont.)

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 19 / 43

ESP (Encapsulating Security Payload)

■ Just a packet format■ No handshake, no hello’s, no negotiation■ Slides directly above IP in Transport Mode■ Slides between two IP Headers in Tunnel Mode

ESP (cont.)

Overview


IPsec Architecture

Protocols

ESP

ESP (cont.)

IKEv2

IKEv2 (cont.)

IKEv2 (cont.)

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 20 / 43

Visible Fields

■ SPI■ Sequence Number

Encoded Fields

■ IV (Initialization Vector)■ Payload Data■ TFC Padding■ Padding■ Pad Length■ Next Header■ ICV

IKEv2

Overview


IPsec Architecture

Protocols

ESP

ESP (cont.)

IKEv2

IKEv2 (cont.)

IKEv2 (cont.)

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 21 / 43

Internet Key Exchange

■ Second version of the protocol, the first was lousy■ Automatically negotiates algorithms and keys■ No need to worry about correct key length■ Still needs configuration■ Authentication is a huge deal with IKE

IKEv2 (cont.)

Overview


IPsec Architecture

Protocols

ESP

ESP (cont.)

IKEv2

IKEv2 (cont.)

IKEv2 (cont.)

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 22 / 43

Protocal has 3 Parts:

■ Protect Negotiation

◆ Negotitate Algorithms and Keys◆ Uses Diffie-Hellman, complicated math

■ Authenticate Identity of Yourself and Peer

◆ Pre-Shared Keys - Password◆ Public Key Infrastructure (PKI) - Certs◆ EAP - Something Else

■ Negotiate who to protect, and how to protect

◆ Another set of Algorithms and Keys◆ Data Endpoint - Traffic Selectors

◆ Other Things (Configuration, VPN info, Vendor IDs, ...)

IKEv2 (cont.)

Overview


IPsec Architecture

Protocols

ESP

ESP (cont.)

IKEv2

IKEv2 (cont.)

IKEv2 (cont.)

Algorithms

USGv6 and Logo

Tools

Cryptography

tjcarlin 23 / 43

Required Configuration

■ Remote Tunnel Endpoint (The other guy)■ Authentication Credentials

◆ Pre-Shared Key OR◆ Certificate Chain

Optional Configuration

■ Mode (Transport/Tunnel)■ Protected Range of Addresses■ Algorithm Limitations■ Different Identification Types■ SA Lifetimes■ Rekeying Timers■ Mobility■ Perfect Forward Secrecy■ Sequence Numbers■ Probably More! (Implementation Dependent)

Algorithms

Overview


IPsec Architecture

Protocols

Algorithms

Encryption

Authentication/Integrity

USGv6 and Logo

Tools

Cryptography

tjcarlin 24 / 43

Encryption

Overview


IPsec Architecture

Protocols

Algorithms

Encryption


USGv6 and Logo

Tools

Cryptography

tjcarlin 25 / 43

Required (Get used to these)

■ 3DES-CBC■ AES-CBC■ NULL

Others

■ AES-CTR■ Camellia


Overview


IPsec Architecture

Protocols

Algorithms

Encryption


USGv6 and Logo

Tools

Cryptography

tjcarlin 26 / 43

Required (Get used to these)

■ HMAC-SHA1■ HMAC-SHA256■ AES-XCBC

Others

■ NULL■ HMAC-MD5

USGv6 and Logo

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 27 / 43

IPsec Test Suites

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 28 / 43

IPsec

■ Conformance and Interoperability■ End-Node and SGW■ Different algorithms■ Different situations/topologies■ Only a couple error condition tests■ Pretty small

IKEv2 Test Suites

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 29 / 43

IKEv2

■ Conformance and Interoperability■ End-Node and SGW■ Lots of protocol testing. (Somewhere between the state-machine

tests and DAD)■ Also tests Algorithms and situations/topologies■ Lots of different error condition tests■ Big

USGv6 and Logo

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 30 / 43

■ Both the USGv6 and IPv6Ready Logo Programs use the sametest documents.

■ Unlike IPv6 Base, and AddrArch, with IPsec the two programshave different requirements.

■ This is something to pay attention to, depending on what thevendor is looking for.

USGv6 IPsec

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 31 / 43

■ Conformance - All Tests Required■ Interoperability - 3 Devices

◆ 1 End Node◆ 1 SGW◆ 1 More (Either Type)

■ This amounts to 2 Rounds

Logo IPsec

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 32 / 43

■ Conformance - Most Tests Required, we test all anyway■ Interoperability - 4 Devices

◆ 2 Transport Mode◆ 2 Tunnel Mode

■ Tunnel Mode Not Required!

What It Means

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

IPsec Test Suites

IKEv2 Test Suites

USGv6 and Logo

USGv6 IPsec

Logo IPsec

What It Means

Tools

Cryptography

tjcarlin 33 / 43

■ We run everything, as much as we can■ Then figure out what it means later■ Sometimes end up having 5 Interop partners■ A lot of testing is just configuration, everything is in the test

suites!!

Tools

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Setkey

ip xfrm

Strongswan

Racoon2

Scripts

Cryptography

tjcarlin 34 / 43

Setkey

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Setkey

ip xfrm

Strongswan

Racoon2

Scripts

Cryptography

tjcarlin 35 / 43

Setkey is our favorite.

■ Linux Based (also similar on FreeBSD)■ Manual Configuration■ Display All Configuration (Manual or Auto)■ We have lots of experience with this, and lots of scripts to make

testing easy.■ man setkey for more information!

ip xfrm

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Setkey

ip xfrm

Strongswan

Racoon2

Scripts

Cryptography

tjcarlin 36 / 43

Similar to setkey

■ Also Linux Based■ Manual Configuration■ Display All Configuration (Manual or Auto)■ Configuration looks different, but has all of the same options as

setkey■ The wiki is the best source for more info

Strongswan

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Setkey

ip xfrm

Strongswan

Racoon2

Scripts

Cryptography

tjcarlin 37 / 43

Use Strongswan for IKEv2 Go-to-Device

■ Linux (of course, others too!)■ Well Documented■ Use it all the time■ Does everything■ http://wiki.strongswan.org/wiki/strongswan/IpsecConf

Racoon2

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Setkey

ip xfrm

Strongswan

Racoon2

Scripts

Cryptography

tjcarlin 38 / 43

Another IKEv2 Implementation

■ Linux (and others)■ Not a ton of documentation, but some■ Use it when you must■ Certificate support is not fully implemented! (No IKEv2 Interop)■ IOL Wiki https://tommy.iol.unh.edu/wiki/Racoon Config Help

Scripts

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Setkey

ip xfrm

Strongswan

Racoon2

Scripts

Cryptography

tjcarlin 39 / 43

■ Configuration Scripts exist for almost everything that has beentested.

■ Depending on the device and if we are using Manual Keys orIKEv2, I usually have something to make it easier, check with mebefore despair.

■ When testing a new device, or a device for the first time, savethe config you used for every test!

■ Also try to save the keys that were negotiated when testingIKEv2. This is the only way we’ll be able to decrypt the packets.

■ You’ll thank yourself later.

Cryptography

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

Cryptography 401

Cryptography 401cont.

Caesar Shift

tjcarlin 40 / 43

Cryptography 401

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

Cryptography 401


Caesar Shift

tjcarlin 41 / 43

■ We aren’t the NSA.■ But it’s worth it to know the basics

Types of Protection:

Encryption Provides ConfidentialityIntegrity Data UnmodifiedAuthentication Establishing IdentityHash/Checksum/CRC Weak - no key needed! Not IPsec!

Cryptography 401 cont.

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

Cryptography 401


Caesar Shift

tjcarlin 42 / 43

■ Unfortunately, Integrity and Authenticity are often usedincorrectly.

■ For now, we’ll worry about Encryption, and Authentication asboth Authenticity and Integrity

Caesar Shift

Overview


IPsec Architecture

Protocols

Algorithms

USGv6 and Logo

Tools

Cryptography

Cryptography 401


Caesar Shift

tjcarlin 43 / 43

YG OADVUSLKideas?

Algorithm called an Alphabetic Rotation

Okay, but how far?Key is the Distance of rotation

What is the key?

Algorithm=Rot(ation) Key=18 ⇒ Rot-18

So: Y → g O → w, etc...This is a form of encryption.

UNH-IOL IPsec Introduction - ESP 5996 - IKEv2 4835 - Required Algorithms 4945 - Public Key Infrastructure (PKI) Really ... Conformance - Most Tests Required, we test all anyway Interoperability

Documents