isakmp ● rfc 2408 ● internet security association & key management protocol ● protocol –...
TRANSCRIPT
ISAKMP
● RFC 2408
● Internet Security Association & Key Management Protocol
● Protocol
– Establish, modify, and delete SAs
– Negotiate crypto keys
● Procedures
– Authentication of peers
– Threat mitigation
ISAKMP
● Defines procedures and packet formats to deal with SAs
and keys
● Provides a framework for secure communication on the
Internet
● Does not specify algorithms, formats, or protocols
● ISAKMP is a framework in which a specific secure
communication definition can be implemented
ISAKMP
● Security Associations
● Authentication
● Public Key Cryptography
● Protection
● DoS – Anti-Clogging
● Hijacking a connection
● Man in the middle attacks
ISAKMP Terminology
● DOI – Domain Of Interpretation: defines payload
formats, exchange types, naming conventions
IISAKMP – Phases
● Phase 1: Two entities agree on how to protect further
negotiation traffic. They negotiate an ISAKMP SA for
an authenticated and secure channel
● Phase 2:The phase 1 secure channel is used to negotiate
security services for IPSec.
ISAKMP Header
Next Payload Exchange Type
Initiator Cookie
Message ID
Length
Responder Cookie
MajorVersion
MinorVersion Flags
Header Fields
● Initiator Cookie (8 octets) – Cookie of entity that initiated SA
establishment, notification or deletion.
● Responder Cookie (8 octets) – Cookie of the responder
● Next Payload (1 octet) – Type of first payload
● Major/Minor Version (4 bits each) – Version of ISAKMP in use
● Exchange Type (1 octet) – Type of exchange being used
● Flags (1 octet) – More stinking flags, encrypt, commit authentication
only
● Message ID (4 octets) – Unique ID to identify things in Phase 2
● Length (4 octets) – Length of total message (headers + payloads)
Next Payload Types
Next Payload Type Value
NONE 0
SA 1
Proposal 2
Transform 3
Key Exchange 4
Identification 5
Certificate 6
Cert Request 7
Next Payload Type Value
Hash 8
Signature 9
Nonce 10
Notification 11
Delete 12
Vendor ID 13
Reserved 14 –
127
Private Use 128 -
255
Exchange Types
Exchange Type
Value
NONE 0
Base 1
Id Protection 2
Auth Only 3
Aggressive 4
Informational 5
Exchange Type Value
ISAKMP Future Use 6 - 31
DOI Specific Use 32 –
127
Private Use 128 -
255
Generic Payload Header
Next Payload Payload Length
Payload Data
Reserved
SA Payload
Next Payload Payload Length
Situation
Reserved
Domain of Interpretation (DOI)
~
DOI (4 octets) – Identifies the DOI under which this negotiation is taking place. A
value of 0 (zero) during Phase 1 specifies a Generic ISAKMP SA
which can be used for any protocol during Phase 2.
Situation - A DOI-specific field that identifies the situation under which this
negotiation is taking place.
Proposal Payload
Next Payload Payload Length
SPI (variable)
Reserved
Proposal No. Proposal ID SPI Size No. of Transforms
Proposal Payload
●Payload Length (2 octets) – Length is octets of the entire Proposal payload
including the generic payload header, the Proposal payload, and all
Transform payloads associated with this proposal.
●Proposal No. - Identifies the Proposal number for the current payload.
●Proposal ID – Specifies the protocol identifier such as IPSEC ESP, IPSEC
AH, OSPF, TLS, etc.
●SPI Size – Length in octets of the SPI as defined by the Protocol ID.
●No. of Transforms – Specifies the number of transforms for the proposal.
●SPI (variable) – The sending entity's SPI.
Transform Payload
Next Payload Payload Length
SA Attributes
Reserved
Transform No. Transform ID Reserved2
~
Transform Payload
●Payload Length (2 octets) – Length is octets of the current payload,
including the generic payload header, Transform values, and all SA
attributes
●Transform No. - Identifies the Transform number for the current payload.
●Transform ID – Specifies the Transform identifier fmor the protocol within
the current proposal.
●Reserved 2 (2 octets) – Set to zero.
●SA Attributes (Variable length) – SA attributes should be represented using
the Data Attributes format.
Key Exchange Payload
Next Payload Payload Length
Key Exchange Data
Reserved
~
Key Exchange Data (variable length) – Data required to generate a session key.
This data is specified by the DOI and the associated Key
Exchange algorithm.
Certificate Payload
Next Payload Payload Length
Key Exchange Data
Reserved
~
Cert Encoding (1 octet) – Indicates the type of certificate contained in the
Certificate field.
Cert Encoding
Certificate Types
Certificate Type
Value
NONE 0
PKCS #7 1
PGP Certificate 2
DNS Signed Key 3
X.509 Cert - Signature 4
X.509 Cert – Key Exchange 5
Certificate Type Value
Kerberos Token 6
Cert Revoc List 7
Authority Revoc List 8
SPKI Cert. 9
X.509 Cert – Attribute 10
Reserved 11 -
255
Other Payloads
Next Payload Payload Length
Hash Data
Reserved
~
Next Payload Payload Length
Signature Data
Reserved
~
Next Payload Payload Length
Nonce Data
Reserved
~
Notification Payload
Next Payload Payload Length
SPI
Reserved
Protocol ID SPI Size Notify Message Type
~
DOI
Notification Data~
Notify Messages
Errors Value
INVALID-PAYLOAD-TYPE 1 DOI-NOT-SUPPORTED 2 SITUATION-NOT-SUPPORTED 3 INVALID-COOKIE 4 INVALID-MAJOR-VERSION 5 INVALID-MINOR-VERSION 6 INVALID-EXCHANGE-TYPE 7 INVALID-FLAGS 8 INVALID-MESSAGE-ID 9 INVALID-PROTOCOL-ID 10 INVALID-SPI 11 INVALID-TRANSFORM-ID 12 ATTRIBUTES-NOT-SUPPORTED 13 NO-PROPOSAL-CHOSEN 14 BAD-PROPOSAL-SYNTAX 15
Errors Value
PAYLOAD-MALFORMED 16 INVALID-KEY-INFORMATION 17 INVALID-ID-INFORMATION 18 INVALID-CERT-ENCODING 19 INVALID-CERTIFICATE 20 CERT-TYPE-UNSUPPORTED 21 INVALID-CERT-AUTHORITY 22 INVALID-HASH-INFORMATION 23 AUTHENTICATION-FAILED 24 INVALID-SIGNATURE 25 ADDRESS-NOTIFICATION 26 NOTIFY-SA-LIFETIME 27 CERTIFICATE-UNAVAILABLE 28 UNSUPPORTED-EXCHANGE-TYPE 29 UNEQUAL-PAYLOAD-LENGTHS 30 RESERVED (Future Use) 31 - 8191 Private Use 8192 – 16383
ISAKMP Message Construction
NP = Nonce KE Payload Length
Key Exchange Data
Reserved
NP = 0 Nonce Payload Length
Nonce Data
Reserved
NP = KE Exchange Type
Initiator Cookie
Message ID
Total Message Length
Responder Cookie
MajorVersion
MinorVersion
Flags
Proposal Syntax
Proposal #
Transform #
Transform #
Proposal #
Transform #
Proposals with the same Proposal
number are taken as a logical AND.
Proposals with different numbers are
taken as a logical OR.
Different Transform within a proposal
are taken as a logical OR.
Proposal Example
Proposal 1: AH
Transform 1: HMAC-SHA
Transform 2: HMAC-MD5
Proposal 2: ESP
Transform 1: 3DES with HMAC-SHA
Transform 2: 3DES with HMAC-MD5
Transform 3: AES with HMAC-SHA-256
Proposal 3: ESP
Transform 1: 3DES with HMAC-SHA
Proposal 4: PCP
Transform 1: LZS
Exchange Types
Exchange Type
Value
NONE 0
Base 1
Id Protection 2
Auth Only 3
Aggressive 4
Informational 5
Exchange Type Value
ISAKMP Future Use 6 - 31
DOI Specific Use 32 –
127
Private Use 128 -
255
Base Exchange
Initiator Direction Responder Note
Header, SA, Nonce => Begin ISAKMP-SA
negotiation
<= HDR, SA, Nonce Basic SA agreed
upon
Header, KE, Idii, Auth => Key generated by responder
Initiator Ident verified
<= HDR, KE, Idir, Auth Responder Ident verified
Initiator key generated, SA est.