Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
4
Replies

IPSEC final key used

MahmoudDawoud0323
Level 1
Level 1

‎01-07-2020 05:51 PM

Hey Guys,

 

I would like to know a specific thing regarding IPSEC, the final key used to encrypt/decrypt data traffic how it is derived? 

I know that we use DH key exchange in phase 1 creating a secret key to further be used in negotiating IPSEC SAs in phase two, so after phase two is done what exactly happens here? do we use some sort of random numbers (nonces) to generate the new secret key derived from the DH in phase 1 ?

Can someone explain in much detail starting phase 2 in IPSEC ?

 

Thanks in advance !

Best Regards,
Dawoud
CCNP NSE4 CEH
Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎01-08-2020 01:10 AM

When Phase2 is done, the two peers are ready to exchange protected data. But *while* doing Phase2 the two peers negotiate and calculate session keys used for the encryption. For IKEv1 it is defined in RFC 2409:

KEYMAT = prf(SKEYID_d, protocol | SPI | Ni_b | Nr_b).

Basically, they run a pseudo random function over material the peers have calculated in Phase1 and negotiated in Phase2.

0 Helpful

MahmoudDawoud0323
Level 1
Level 1
In response to Karsten Iwen

‎01-08-2020 02:55 AM

Great so after phase two they use this key mat for encryption and decryption, correct?

Best Regards,
Dawoud
CCNP NSE4 CEH
0 Helpful

Karsten Iwen
VIP
VIP
In response to MahmoudDawoud0323

‎01-08-2020 03:41 AM

There are typically some more steps involved as the different algorithms need a different amount of key-material. And the key-material is also used for the HMAC calculation that gives you integrity-protection. But, yes, that is all based on this calculation.

0 Helpful

MahmoudDawoud0323
Level 1
Level 1
In response to Karsten Iwen

‎01-18-2020 05:45 PM

However I have another questions, I would like to know the usage of Nonces other than that the fact that they are being exchanged in messages 3 and 4 and used for the SKEYID creation which also used the DH key derived g^xy , I know for a fact that it prevents replay attacks but that's if no one sniffed for the messages 3 and 4 , because there is no encryption there. As per RFC2409 below sample example of Authentication with PreShared Key:-

HDR, SA -->
                                               <-- HDR, SA
HDR, KE, Ni -->
                                               <-- HDR, KE, Nr
HDR*, IDii, HASH_I -->
                                               <-- HDR*, IDir, HASH_R

As you can see , if someone is sniffing on the start, he will know the nonces and yes sequence numbers will prevent anti replay attacks ok , but am I explaining it correct tho till this point ? Please correct me if I am wrong.


Also another thing is in messages 5 and 6 , messages are encrypted with SKEYIDe and the for example AES and hashed using HMAC (SHA and SKEYIDa), I noticed while calculating those values we have a value called cookies , so what are the cookies and what is their usage and where to find it in a wireshark capture?


Also for the Hashes in messages 5 and 6 being exchanged , they are exchanged as per RFC except for the signature authentication where we sign that HASH values for each by using the certificate private key and sending the certificate with the public key to decrypt the signature.


Please correct me if I am wrong and sorry for the long post.


Appreciate any one contribution !


Best Regards.

Dawoud

Best Regards,
Dawoud
CCNP NSE4 CEH
0 Helpful
Customers Also Viewed These Support Documents