In almost every form of commercially available cryptographic scheme, which would include all of the components used in IPsec, the cipher used is generally known. It is the key that is used within the cipher that makes the encryption harder to crack. Consider the asymmetric key encryption scheme used by James and Charlie. Charlie and James must have each other's public key to encrypt communications that are decipherable by the other party. Let's say that another party, Olivia in this case, decided to play a trick on James and Charlie by convincing them that she was Charlie and James, respectively. Figure 2-9 illustrates how a public key can be compromised by a user inserting themselves between two cryptographic endpoints. Figure 2-9. Compromised Keys in an Asymmetric ExchangeCharlie's keypair has been compromised. Olivia can now send messages to Charlie and decrypt messages from Charlie originally intended for James and vice versa. The type of attack that Olivia executes on James' and Charlie's conversation is typically referred to as a man-in-the-middle attack. The steps in Figure 2-9 are as follows:
Apply this type of attack to an exchange of financial account information between large global financial organizations, the exchange of patient health care records between regional hospitals and their insurance providers, or a customer and retailer exchanging credit card information over the Internet, and it becomes apparent why it is absolutely critical that the keys used in the exchange of encrypted data be exchanged securely and privately. ISAKMP employs several operations to protect the authenticity and integrity of cryptographic keys. There are generally three different methods for doing so, all of which will be discussed later in this chapterPreshared Authentication Keys, RSA Encrypted Nonces, and RSA Signatures. As we'll discuss at several points throughout this text, many of these methods are secured by the computational difficulty of factoring two large prime numbers. Let us begin our exploration of these techniques by discussing the RSA encryption algorithm. RSA Public-Key TechnologiesRon Rivest, Adi Shamir, and Leonard Adleman developed the RSA encryption algorithm in 1977. To this day, RSA encryption has served as a critical authentication component in many large-scale commercial ISAKMP deployments. Two key cryptographic operations that leverage the RSA encryption algorithm are RSA encryption and RSA signatures. In this section, we will explore the operation of both RSA technologies within the context of the IPsec protocol suite. RSA EncryptionRSA encryption uses an asymmetric cryptographic exchange to secure data. However, the strength of RSA encryption lies within the generation of the public and private key pair. Although the generation of RSA keypairs is somewhat expensive computationally relative to IKE preshare keys, RSA encryption is asymmetric, and therefore yields an added level of security in authentication over manually defined IKE preshared keys (see Figures 2-4 and 2-6 for the added value of asymmetric cryptography). Consider the exchange of information between James and Charlie in Figure 2-9. Figure 2-10 shows how the encryption and decryption processes work when using RSA encryption. Figure 2-10. Encrypting Data with the RSA Encryption AlgorithmThe following sequence of events describes the generation of RSA keys and the methods used to encrypt data between two cryptographic endpoints using RSA encryption:
The encryption function in RSA encryption is [(PT)E]mod(M) where:
In the above example, small prime numbers were used for generating RSA keys. In reality, these numbers must be much larger, for the larger they are, the harder RSA encrypted messages are to crack. RSA derives its strength from the computational difficulty of factoring large numbers. As such, encryption mechanisms that effectively use the RSA algorithm use values for P and Q of at least 100 decimal values in length. Note Cisco manufactures crypto engines that can support key length (modulus) sizes of up to 2048 bits in length. As we've discussed, generation of RSA key pairs can be computationally expensive. The longer the key modulus selected when generating RSA keypairs, the longer it takes the processor to generate the keys. RSA encryption is useful in certain site-to-site VPN topologies. However, as the number of crypto peers scales upwards, the maintenance of RSA keypairs can become cumbersome, both in terms of processor load on network devices and in terms of key maintenance and administration required. In order to solve these issues, RSA signatures can be deployed to increase the scalability of an RSA encryption environment and ease the administrative overhead required to maintain the RSA-encrypted environment without sacrificing the cryptographic strength delivered by deploying the RSA encryption algorithm. RSA SignaturesIPsec crypto endpoints running Cisco IOS support authentication using RSA Signatures using X.509-based Certificates and Certificate authorities. This method of authentication, though more complicated to configure, offers a more scalable configuration alternative to RSA encryption and preshared keys. Crypto endpoints using RSA signatures use X.509 certificates to authenticate and enroll with the CA. Using a central resource for authentication services, the Certificate Authority, simplifies maintenance on both crypto endpoints. This is particularly useful in large networks, as administrators now configure each crypto endpoint to use the CA for authentication, instead of manually configuring preshared keys for each peer. Cisco IOS supports RSA signatures when negotiating ISAKMP SAs. The operation and configuration of crypto endpoints using RSA signatures is covered in greater detail in Chapter 11, "Public Key Infrastructure and IPsec VPNs." Diffie-Hellman Key ExchangeNetwork infrastructures are increasingly relied on for transferring bulk amounts of data, which lends itself more to a symmetric crypto solution. Given this trend, many network architects turn to the Diffie-Hellman algorithm to securely derive shared keys across an untrusted network infrastructure. Note Diffie-Hellman is a core component of the IKE protocol. Aspects of the Diffie-Hellman algorithm will be covered in additional detail in the IKE and perfect forward secrecy (PFS) section of this chapter. Diffie-Hellman key exchange was designed for crypto endpoints to derive shared secret session keys across unsecured media. The shared secret keys are negotiated between crypto endpoints dynamically. As such, administrators need to specify only the prime modulus (MODP) size for use in the Diffie-Hellman exchange. IKE uses Diffie-Hellman keys to encrypt the ISAKMP SA over which IPsec SAs are established. Likewise, Diffie-Hellman is used to generate keys to be used in the ciphers specified in IPsec transforms. These transforms, when used in conjunction with Diffie-Hellman keys, will be used by IPsec to encrypt and decrypt data as it passes through the VPN tunnel. |