Session 4: IPsec & Key management Flashcards
What are the two modes IPsec may operate in?
Transport mode: IPsec protects the payload from transport to network layer. Here the header is not protected.
Tunnel mode: The entire packet including headers is encapsulated with ipsec headers and then prefixed with a separate IP header.
Which are the two protocols ipsec uses?
Authentication header (AH): This protocol provides a mechanism for atuhentication only. With this we can ensure data integrity, data origin authentication and replay protection. Data origin authentication ensured by shared secret key to create message hash. Replay protection is provided by a sequence number field in AH header. Encapsulating Security Payload (ESP): ESP does everything AH does, plus data confidentiality by using encryption.
How does the two protocols ensure secure secret key exchange?
Internet Key Exchange (IKE) is used for this, using UDP. Messages are identified to allow linking of requests and responses and also identify retransmission. Request is repeated if not answered within an interval. The IKE protocol is made of three phases.
ISE_SA_INIT: Authenticates participants and establishes Security Association (SA) parameters.
IKE_AUTH: Authenticates participants and creates first “child” SA
CREATE_CHILD_SA: Cloning of child SA
Describe the IKE_SA_INIT and IKE_AUTH exchange.
As always, there is a sender (here called initiator) and a receiver (responder). Logically, the initiator starts the conversation. The first message from the initiator includes: Proposal for crypto algorithm, SPI value for IKE SA, Diffie-Hellman pbluc value, Nonce. The response then contains agreed upon crypto algorithm (responder chooses from the list proposed by initiator), SPI value for IKE SA, DH public value, Nonce. After a successful IKE_SA_INIT phase, borth initiator and responder creates seven keys stored in the IKE SA. After the keys have been established, the initiator and responder moves on to the IKE_AUTH exchange. In the IKE_AUTH exchange, the nonces previously transmitted are used as challenges, while encryption and authentication relies on keys exchanged earlier.
What is one possible attack on IKE and a possible countermeasure against this attack?
INIT exchange can easily be used for DDOS, as this is expensive. One possible countermeasure is to include two more messages in the IKE_SA_INIT exchange containing a cookie which is a hash of initiator’s original message and secret known only to responder (telling if this is a replay or not)
