ikev2 with cga
play

IKEv2 with CGA Jean-Michel Combes jeanmichel.combes@orange.com - PowerPoint PPT Presentation

Oct 01, 2022 •370 likes •744 views

IKEv2 with CGA Jean-Michel Combes jeanmichel.combes@orange.com Aurlien Wailly aurelien.wailly@orange.com Maryline Laurent Maryline.Laurent@it-sudparis.eu 2011-10-25 ICSNA 2011 1 Outline IPsec IKEv2 CGA IKEv2 with CGA?

  1. IKEv2 with CGA Jean-Michel Combes jeanmichel.combes@orange.com Aurélien Wailly aurelien.wailly@orange.com Maryline Laurent Maryline.Laurent@it-sudparis.eu 2011-10-25 ICSNA 2011 1

  2. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 2

  3. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 3

  4. IPsec (1/2) • IPsec [RFC4301] – IP security – Authentication Header (AH) for authentication – Encapsulating Security Payload (ESP) for authentication/encryption – 2 modes • Transport • Tunnel (e.g., "VPN" is ESP/Tunnel) 2011-10-25 ICSNA 2011 4

  5. IPsec (2/2) • 3 databases – Security Policy Database (SPD) • Allow/Discard/IPsec policy for a specific IP flow – Security Association Database (SAD) • Configuration of an IPsec connection – Peer Authorization Database (PAD) • Configuration of the security material used by an IPsec peer 2011-10-25 ICSNA 2011 5

  6. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 6

  7. IKEv2 • Internet Key Exchange version 2 (IKEv2) [RFC5996] – To configure SAD dynamically – Use SPD and PAD – Security material • pre-shared keys • X.509 certificates • Extensible Authentication Protocol (EAP), not mandatory 2011-10-25 ICSNA 2011 7

  8. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 8

  9. CGA (1/3) • Cryptographically Generated Addresses (CGA) [RFC3972] – IPv6 addresses resulting from the hash of parameters – Used with Secure Neighbor Discovery (SEND) [RFC3971] • Neighbor Discovery "equivalent" to ARP for IPv6 • SEND, security for Neighbor Discovery 2011-10-25 ICSNA 2011 9

  10. CGA (2/3) • IPv6 address – Subnet Prefix (64 bits) || Interface ID (64 bits) • Public/private key pair • CGA Parameters Modifier Subnet Prefix Collision Count Public Key Extension Fields • Interface ID = First64(Hash(CGA Parameters)) 2011-10-25 ICSNA 2011 10

  11. CGA (3/3) • CGA ownership checking – Step 1: regeneration of the CGA, based on received CGA Parameters – Step 2: validity of data signed with the CGA private key associated to the public one 2011-10-25 ICSNA 2011 11

  12. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 12

  13. IKv2 with CGA? (1/4) • EAP – not mandatory in IKEv2 implementations • Pre-shared keys – complex provision – not scalable • X.509 certificates – require a Public Key Infrastructure (PKI) • associated costs • introduction of potential vulnerabilities 2011-10-25 ICSNA 2011 13

  14. IKEv2 with CGA? (2/4) • CGA, an alternative security material for IKEv2? – Based on an academic paper [CMLN04] and an IETF draft [LMK07] 2011-10-25 ICSNA 2011 14

  15. IKEv2 with CGA? (3/4) • Advantages – No need of a PKI – Self-generated by the owner – All the needed material to check a CGA sent directly to the receiver 2011-10-25 ICSNA 2011 15

  16. IKEv2 with CGA? (4/4) • Drawbacks – Identity • CGA, hard to remember for a human • Need to be associated to a Fully Qualified Domain Name (FQDN) stored in Domain Name Server (DNS) – "Hard-coded" cryptographic algorithms • SHA-1 mandatory • RSA (minimum key length is 384 bits) – No revocation 2011-10-25 ICSNA 2011 16

  17. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 17

  18. IKEv2 exchanges (1/2) • IKEv2 exchanges – IKE_SA_INIT • Diffie-Hellman key exchange (KEi, KEr) • IKEv2 Security Association (SA) negotiation (SAi1, SAr1) 2011-10-25 ICSNA 2011 18

  19. IKEv2 exchanges (2/2) – IKE_AUTH • Peers identification (IDi, IDr) • Peers' security material exchange (CERTREQ, CERT) • Peers authentication (AUTH) • IPsec SA negotiation (SAi2, SAr2, TSi, TSr) 2011-10-25 ICSNA 2011 19

  20. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 20

  21. IPsec/IKEv2 modifications (1/3) • IPsec – Peer Authorization Database (PAD) • Peer identity (ID_IPV6_ADDR) associated with CGA authentication method • IKEv2 – IDi, IDr • ID_IPV6_ADDR == CGA 2011-10-25 ICSNA 2011 21

  22. IPsec/IKEv2 modifications (2/3) – CERT • New type: 222 • Includes CGA parameters • Format looks like a self-signed certificate – CERTREQ • New type: 222 – AUTH • Signature based on the private key associated to the CGA public one 2011-10-25 ICSNA 2011 22

  23. IPsec/IKEv2 modifications (3/3) – AUTH validity • CGA ownership checking – Step 1: regeneration of the CGA, based on received CGA Parameters – Step 2: validity of data signed with the CGA private key associated to the public one 2011-10-25 ICSNA 2011 23

  24. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 24

  25. Implementation (1/3) • Based on – StrongSwan • Linux IPsec/IKEv2 implementation – Docomo USA Labs • FreeBSD/Linux SEND/CGA implementation • Debian 2011-10-25 ICSNA 2011 25

  26. Implementation (2/3) • StrongSwan modifications – IPsec configuration file parser – IKEv2 payloads(ID, CERTREQ, CERT) • CERT: new plugin for StrongSwan – IKEv2 AUTH – IKEv2 State Machine (AUTH checking) • CGA ownership checking 2011-10-25 ICSNA 2011 26

  27. Implementation (3/3) • Wireshark – Plugin to check the IKEv2+CGA exchanges 2011-10-25 ICSNA 2011 27

  28. 2011-10-25 ICSNA 2011 28

  29. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 29

  30. IKEv2+CGA improvements (1/2) • Identity: DNS use – To keep same security level • DNSSEC: FQDN <-> CGA • TSIG, SIG(0): for the CGA registration – Partially implemented (issue with StrongSwan) • Based on BIND 2011-10-25 ICSNA 2011 30

  31. IKEv2+CGA improvements (2/2) – "Hard-coded" cryptographic algorithms • SHA-1 – Replaced by SHA-3 in CGA IETF RFC • RSA – Allow ECC use – No revocation • Potential solution based on Time To Live (TTL) field in DNS ressource records??? 2011-10-25 ICSNA 2011 31

  32. Outline • IPsec • IKEv2 • CGA • IKEv2 with CGA? • IKEv2 exchanges • IPsec/IKEv2 modifications • Implementation • IKEv2+CGA improvements • Conclusion 2011-10-25 ICSNA 2011 32

  33. Conclusion • IKEv2+CGA works – Implementation (PoC) • CGA RFC needs modifications – SHA-3 and ECC integrations • IKEv2+CGA with DNSSEC – Needs of more works on (i.e., a PoC) • CGA revocation – Still an open issue … 2011-10-25 ICSNA 2011 33

  34. Questions? 2011-10-25 ICSNA 2011 34

  35. Thanks! 2011-10-25 ICSNA 2011 35

  36. References [RFC4301] S. Kent and K. Seo. Security Architecture for the Internet Protocol. RFC 4301, Internet Engineering Task Force, December 2005. [RFC5996] C. Kaufman, P. Homan, Y. Nir, and P. Eronen. Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996, Internet Engineering Task Force, September 2010. [RFC3972] T. Aura. Cryptographically Generated Addresses (CGA). RFC 3972, Internet Engineering Task Force, March 2005. [RFC3971] J. Arkko, J. Kempf, B. Zill, and P. Nikander. SEcure Neighbor Discovery (SEND). RFC 3971, Internet Engineering Task Force, March 2005. [CMLN04] Claude Castelluccia, Gabriel Montenegro, Julien Laganier, and Christoph Neumann. Hindering eavesdropping via ipv6 opportunistic encryption. In in Proceedings of the European Symposium on Research in Computer Security, Lecture Notes in Computer Science, pages 309{321. Springer-Verlag, 2004. [LMK07] J. Laganier, G. Montenegro, and A. Kukec. Using IKE with IPv6 Cryptographically Generated Addresses. Internet-Draft draft-laganier-ike-ipv6-cga-02, Internet Engineering Task Force, July 2007. Obsolete. StrongSwan http://www.strongswan.org/ Wireshark http://www.wireshark.org/ 2011-10-25 ICSNA 2011 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Minimal IKEv2 AuthenTec Oy Tero Kivinen kivinen@iki.fi draft-kivinen-ipsecme-minimal-ikev2-01

Minimal IKEv2 AuthenTec Oy Tero Kivinen kivinen@iki.fi draft-kivinen-ipsecme-minimal-ikev2-01

Minimal IKEv2 AuthenTec Oy Tero Kivinen kivinen@iki.fi draft-kivinen-ipsecme-minimal-ikev2-01 What Problem Does This Document Solve Tries to educate implementors that IKEv2 is not complex and difficult to implement. Why Do People

363 views • 5 slides
Overview of IKEv2 Dan Harkins Charlie Kaufman Radia Perlman 1 Radia Perlman A n a l y s i s

Overview of IKEv2 Dan Harkins Charlie Kaufman Radia Perlman 1 Radia Perlman A n a l y s i s

A n a l y s i s o f I K E Overview of IKEv2 Dan Harkins Charlie Kaufman Radia Perlman 1 Radia Perlman A n a l y s i s o f I K E What we were trying to do Consolidate RFCs 2407, 2408, and 2409 in one document Not make gratuitous

643 views • 16 slides
Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk,

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk,

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk, Sebastian Lauer Ruhr-University Bochum Classical Key Exchange Setting m1 Bob Alice m2 skA skB pkB pkA mq-1 mq derive K derive K 2

185 views • 18 slides
CGA as alternative security credentials with IKEv2: implementation and analysis SAR-SSI 2012

CGA as alternative security credentials with IKEv2: implementation and analysis SAR-SSI 2012

CGA as alternative security credentials with IKEv2: implementation and analysis SAR-SSI 2012 Orange Labs Jean-Michel Combes (France Telecom - Orange) Aurlien Wailly (France Telecom - Orange) Maryline Laurent (Telecom Sud Paris)

580 views • 26 slides
Use of IKEv2 and IPsec with Multiple CoA support MONAMI6 WG, IETF 68 Vijay Devarapalli

Use of IKEv2 and IPsec with Multiple CoA support MONAMI6 WG, IETF 68 Vijay Devarapalli

Use of IKEv2 and IPsec with Multiple CoA support MONAMI6 WG, IETF 68 Vijay Devarapalli (vijay.devarapalli@azairenet.com) Assumptions in RFC 3775, 3963 There is only one primary care-of address per mobile node The primary care-of

240 views • 7 slides
Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich

Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich

Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich Overview What is IKE ? Internet Key Exchange , part of IPsec Formal analysis of IKE Previously considered infeasible Using Scyther

410 views • 19 slides
IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised by Cunsheng Ding IP Security Architecture IPSec module 1 IPSec module 2 SPD SPD IKE IKE AH/ESP AH/ESP SAD SAD SA IKE: Internet Key

702 views • 26 slides
ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen June 4, 2014 Lukas Grillmayer and Linus Lotz: ilab 2 -

1.39k views • 51 slides
Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt draft-jml-ipsec-ikev2-security-context-00.txt Presented by: Joy Latten Document authors: Serge Hallyn, Trent Jaeger, Joy Latten, and George Wilson Problem Description Mandatory

295 views • 6 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
QUIC - Next generation multiplexed transport over UDP Mehdi Yosofie Friday 25 th January, 2019

QUIC - Next generation multiplexed transport over UDP Mehdi Yosofie Friday 25 th January, 2019

Chair of Network Architectures and Services Department of Informatics Technical University of Munich QUIC - Next generation multiplexed transport over UDP Mehdi Yosofie Friday 25 th January, 2019 Chair of Network Architectures and Services

495 views • 22 slides
Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security

Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security

IP Security Cunsheng Ding HKUST, Kong Kong, China C. Ding - COMP4631 - L21 1 Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database

694 views • 33 slides
Interaction Protocols Martin Thompson - @mjpt777 Code How significant are protocols to software

Interaction Protocols Martin Thompson - @mjpt777 Code How significant are protocols to software

Interaction Protocols Martin Thompson - @mjpt777 Code How significant are protocols to software development? protocol noun \ pr -t - k l \ Source: http://www.merriam-webster.com/ protocol noun \ pr -t - k l \ : a

1.37k views • 105 slides
Communication Systems IPSec University of Freiburg Computer Science Computer Networks and

Communication Systems IPSec University of Freiburg Computer Science Computer Networks and

Communication Systems IPSec University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

496 views • 20 slides
Internet of Things System Architectures Paul Patras Image: sns-it.ca Thousands of new

Internet of Things System Architectures Paul Patras Image: sns-it.ca Thousands of new

Internet of Things System Architectures Paul Patras Image: sns-it.ca Thousands of new applications spanning numerous domains. Each comes with its own requirements; combining these leads to complex (difficult to manage) and often

609 views • 22 slides
Introduction 1989: a bug in the Internets core routing algorithm inconvenienced a few

Introduction 1989: a bug in the Internets core routing algorithm inconvenienced a few

Preliminaries Syllabus and lecture slides on web site Welcome to COS 461 assume youll keep up with the reading Computer Networks Send me an e-mail name, year, preferred email address jpeg image of yourself Larry

359 views • 7 slides
Real-World Performance of current Mesh Protocols in a small-scale Dual-Radio Multi-Link

Real-World Performance of current Mesh Protocols in a small-scale Dual-Radio Multi-Link

Real-World Performance of current Mesh Protocols in a small-scale Dual-Radio Multi-Link Environment Karl Jonas Manuel Hachtkemper Michael Rademacher manuel.hachtkemper@inf.h-brs.de karl.jonas@h-brs.de michael.rademacher@h-brs.de 22. ITG

450 views • 17 slides
Internet Explorer turns your personal computer into a public File Server Black Hat DC 2010 |

Internet Explorer turns your personal computer into a public File Server Black Hat DC 2010 |

Internet Explorer turns your personal computer into a public File Server Black Hat DC 2010 | Jorge Luis Alvarez Medina 1 Jorge Luis Alvarez Medina | CORE Security Technologies | February 2010 Outline Attack results Internet Explorer

609 views • 38 slides
Can your site work on IE3? By: Chen Hui Jing @hj_chen Talk CSS #39 (22 May 2019) Yeo Kheng Meng

Can your site work on IE3? By: Chen Hui Jing @hj_chen Talk CSS #39 (22 May 2019) Yeo Kheng Meng

Can your site work on IE3? By: Chen Hui Jing @hj_chen Talk CSS #39 (22 May 2019) Yeo Kheng Meng @yeokm1 1 1 Agenda 1. Background 2. Quick Live Demo 3. How I got DOS 6.22, Win3.1 and networking to work 4. Live coding/debugging 2

146 views • 13 slides
LEDBAT A PPLICATIONS P RACTICES AND R ECOMMENDATIONS Presenter: Reinaldo Penno,

LEDBAT A PPLICATIONS P RACTICES AND R ECOMMENDATIONS Presenter: Reinaldo Penno,

LEDBAT A PPLICATIONS P RACTICES AND R ECOMMENDATIONS Presenter: Reinaldo Penno, rpenno@juniper.net Co-Authors: Joe Touch, touch@ISI.EDU Richard Woundy, richard_woundy@cable.comcast.com Vijay K. Gurbani, vkg@bell-labs.com Satish Raghunath,

642 views • 15 slides
Cyber@UC Meeting 79 Metasploit If Youre New! Join our Slack: cyberatuc.slack.com Check

Cyber@UC Meeting 79 Metasploit If Youre New! Join our Slack: cyberatuc.slack.com Check

Cyber@UC Meeting 79 Metasploit If Youre New! Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of

693 views • 12 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
THE BROWSER IS DEAD Dan North Dan North &amp; Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North &amp; Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North &amp; Associates LONG LIVE THE BROWSER! Dan North Dan North &amp; Associates The gangs 1990: Tim Berners-Lee - (WorldWideWeb) 1993: NCSA Mosaic 1994: Netscape - Navigator 1995: Microsoft -

971 views • 21 slides
1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of

1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of

1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of the Application that runs on the server. It is a Microsoft application that is designed to enable people to Collaborate on documents. 3 One feature

434 views • 18 slides

More recommend