Encryption Technology Overview 235
Example 5-14 Sample HGY/LNS Configuration (Continued)
|
local name LNS |
|
lcp renegotiation always |
|
l2tp tunnel password 0 secretpwd |
|
interface Virtual-Template1 |
|
ip unnumbered FastEthernet0/0 |
|
peer default ip address pool IPaddressPool |
|
ppp authentication chap |
|
ip local pool IPaddressPool 11.11.11.1 11.11.11.254 |
|
! |
|
tacacs-server host 3.3.3.3 |
|
tacacs-server key easypwd |
|
! |
|
end |
|
|
|
|
NOTE |
You are not expected to demonstrate your IOS syntax knowledge for VPDN. They are presented |
|
here for completeness, along with the two sample configuration files. For more quality |
|
examples, please visit www.cisco.com/warp/public/471/#vpdn. |
|
|
Encryption Technology Overview
When prominent Internet sites, such as www.cnn.com, are exposed to security threats, the news reaches all parts of the globe. Ensuring that data across any IP network is secure and not prone to vulnerable threats is one of today’s most challenging topics in the IP storage arena (so much so that Cisco released an entirely new CCIE certification track).
Major problems for network administrators include the following:
•Packet snooping (eavesdropping)—When intruders capture and decode traffic obtaining usernames, passwords, and sensitive data, such as salary increases for the year
•Theft of data—When intruders use sniffers, for example, to capture data over the network and steal that information for later use
•Impersonation—When an intruder assumes the role of a legitimate device but, in fact, is not legitimate
The solution to these and numerous other problems is to provide encryption technology to the IP community and allow network administrators the ability to ensure that data is not vulnerable to any form of attack or intrusion. This ensures that data is confidential, authenticated, and has not lost any integrity during the routing of packets through an IP network.
Encryption is defined as the process by which plain data is converted into ciphered data (a system in which plain text is arbitrarily substituted according to a predefined algorithm) so that only the intended recipient(s) can observe the data. Encryption ensures data privacy, integrity, and authentication.
236 Chapter 5: Security Protocols
Figure 5-7 displays the basic methodology behind data encryptions.
Figure 5-7 Encryption Methodologies
1.
Data, for
example 123...
2.
Data is encrypted using mathematical formulae to scramble data.
Data is encrypted and only readable if decrypted by the correct key.
3.
Encrypted data is decrypted using the key.
4.
Clear text data, 123...
Figure 5-7 demonstrates the basic principles of data encryption, including the following:
Step 1 User data is forwarded over the network.
Step 2 Data (clear text) is modified according to a key. The key is a sequence of digits that decrypts and encrypts messages. Typically, each device has three keys:
—A private key used to sign messages that is kept secret and never shared
—A public key that is shared (used by others to verify a signature)
—A shared secret key that is used to encrypt data using a symmetric encryption algorithm, such as DES
Step 3 A mathematical formula is applied to scramble the data. In Figure 5-7, the mathematical formula is applied during Step 2.
Step 4 The data flows throughout the network and can be decrypted only if the correct key is applied.
Encryption can take place at the application layer, the network layer, or the data link layer. Be aware of the following encryption technologies for the written exam:
•
•
•
Data Encryption Standard (DES)
Triple DES (DES3)
IP Secure (IPSec)
Encryption Technology Overview 237
Cisco IOS routers support the following industry standards to accomplish network layer encryption:
•
•
•
•
•
DES/3DES
Digital signature standard (DSS)
Diffie-Hellman exchange
MD5
IPSec
Data Encryption Standard (DES) and Triple Data Encryption
Standard (3DES)
DES is one of the most widely used encryption methods. DES turns clear text data into cipher text with an encryption algorithm. The receiving station will decrypt the data from cipher text into clear text. The encryption key is a shared secret key used to encrypt and decrypt messages.
Figure 5-8 demonstrates DES encryption.
Figure 5-8 DES Encryption Methodologies
Data is encrypted using |
|
mathematical formulae |
|
to scramble data with the |
|
shared private key. |
$%^$%&@& |
Data 123...
Encrypted Data
$%^$%&@&
Data is encrypted using mathematical formulae to scramble data with the
shared private key. 
Clear Text data is received.
Data 123...
Figure 5-8 demonstrates the PC’s clear text generation. The data is sent to the Cisco IOS router where it is encrypted with a shared key, sent over the IP network in unreadable format until the receiving router decrypts the message and forwards in clear text form.
238 Chapter 5: Security Protocols
DES is a block cipher algorithm, which means that DES performs operations on fixed-length data streams. DES uses a 56-bit key to encrypt 64-bit datagrams.
DES is a published, U.S. Government-approved encryption algorithm.
3DES is the DES algorithm that performs three times sequentially. Three keys are used to encrypted data, resulting in a 168-bit encryption key.
3DES is an improved encryption algorithm standard and is summarized as follows:
•The sending device encrypts the data with the first 56-bit key.
•The sending device decrypts the data with the second key, also 56 bits in length.
•The sending device encrypts for a final time with another 56-bit key.
•The receiving device decrypts the data with the first key.
•The receiving device then encrypts the data with the second key.
•Finally, the receiving devices decrypt the data with the third key.
A typical hacker uses a Pentium III computer workstation and takes approximately 22 hours to break a DES key. In 3DES’s case, the documented key-breaking times are approximately 10 billion years when one million PC III computers are used. Encryption ensures that information theft is difficult.
Encryption can be used to enable secure connections over the LAN, WAN, and World Wide Web.
The end goal of DES/3DES is to ensure that data is confidential by keeping data secure and hidden. The data must have integrity to ensure that it has not been modified in any form, and be authenticated by ensuring that the source or destination is indeed the proper host device. The following section describes one method of making sure that data has not been tampered with— Digital Signature Standard (DSS).
Digital Signature Standard (DSS)
Hashing data is one method used to ensure that data has not been tampered with. Hashing involves taking a variable length of data and producing a fixed output. A HASH is defined as a one-way mathematical summary of a message (data) such that the hash value cannot be easily reconstructed into the original message.
DSS is a mechanism that protects data from an undetected change while traversing the network. DSS verifies the identity of the person sending the data just as you verify your signature to a bank manager.
For example, consider routing updates sent from one router to another as clear text; they are clearly visible to network sniffers or probes. Hashing and DSS can ensure that the routing updates are unreadable, except to the protected sources.
Encryption Technology Overview 239
Figure 5-9 displays the DSS signature generation that ensures data is protected from an unsecured device. Cisco IOS Router R1 is configured to send all routing updates using a hash function.
Figure 5-9 DSS Signature Generation
Router R1 hashes the routing updates.
+adds the private key.
=
Router R1
Finally R1 sends DSS and routing updates 
to neighboring router, R2.
DSS Routing Update
Hashing
R1 encrypts hash using private key and creates a DSS signature.
signature
Router R2
Neighboring router receives
IP routing updates.
Routing updates are prone to network sniffers. By hashing the routing updates, as shown in Figure 5-9, the routing networks exchanged between Cisco IOS routers can be protected from unsecured devices.
The steps to ensure that network routing updates (in Figure 5-9) are secure follow:
Step 1 Router R1 hashes the routing update. (Cisco IOS routers can use MD5).
Step 2 R1 encrypts the hashed routing update using its own private key.
Step 3 R1 appends the routing update with the DSS.
Step 4 The DSS is verified by neighboring router, R2.
Step 5 R2 decrypts the DSS using R1’s own public key and obtains the hash that was originally generated by R1.
Step 6 R2 compares the hash received from R1 with the hash it just generated. If they are the same, the routing update is assured legitimate and was not modified by any network intruder.
Message Digest 5 (MD5) and Secure Hash Algorithm (SHA)
Several hashing algorithms are available. The two discussed here are MD5 and SHA (sometimes called SHA-1).
240 Chapter 5: Security Protocols
Message hashing is an encryption technique that ensures a message or data has not be tampered with or modified.
MD5 Message hashing is supported on Cisco IOS routers. A variable-length message is taken, the MD5 algorithm is performed (for example, the enable secret passwords command), and a final fixed-length hashed output message is produced. MD5 is defined in RFC 1321.
Figure 5-10 displays the MD5 message operation.
Figure 5-10 MD5 Operation
Clear Text message of variable length "Hello, it’s me"
MD5 hash algorithm
MD5
applied here.
Unreadable message is now hashed, fixed length.
4w5645968234t43ty34t5n
45y654y67365346316464n
Figure 5-10 displays the simple clear text message, “Hello, it’s me,” which can be of any variable length. This message is sent to the MD5 process, where the clear text message is hashed and a fixed-length, unreadable message is produced. The data can include routing updates or username/password pairings, for example. MD5 produces a 128-bit hash output.
Secure Hash Algorithm (SHA) is the newer, more secure version of MD5, and Hash-based Message Authentication (HMAC) provides further security with the inclusion of a key exchange. SHA produces a 160-bit hash output, making it even more difficult to decipher. SHA follows the same principles as MD5 and is considered more CPU-intensive.
For more details on Cisco IOS encryption capabilities, please visit the following website:
www.cisco.com/en/US/tech/tk583/tk209/tech_protocol_family_home.html
Diffie-Hellman
The Diffie-Hellman protocol allows two parties to establish a shared secret over insecure channels, such as the Internet. This protocol allows a secure shared key interchange over the public network, such as the World Wide Web, before any secure session and data transfer is initiated. The Diffie-Hellman ensures that by exchanging just the public portions of the key, both devices can generate a session and ensure data is encrypted and decrypted by valid sources only. Only public keys (clear text) are exchanged over the public network. Using each device’s
Encryption Technology Overview 241
public key and running the key through the Diffie-Hellmann algorithm generates a common session key. Only public keys will ever be exchanged.
Figure 5-11 displays the Diffie-Hellman exchange between Cisco routers, R1 and R2.
Figure 5-11 Diffie-Hellman Key Exchange
R1 Private Key and |
1 |
R1 Private Key and |
|||||||
Public Key |
|
Public Key |
|||||||
1. Public keys are exchanged |
|||||||||
|
|
|
|
|
|
|
|
||
|
|
|
|
in clear text. |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
2. Random Integer |
2. Random Integer |
|||||
|
|
|
generated. |
|
generated. |
||||
3
+ prime number "A" 
+ prime number "B" 3.Each router uses the random
integer to generate a private key.
4
4. R1 and R2 then combine with the known prime number A and B to generate a public key.
Shared Secret
The Diffie-Hellman key exchange takes place over a public domain. With the private key secret, it is very difficult for an outside intruder to generate the same key, and the private key is never exchanged over the public domain, making the process very secure.
The shared prime numbers (mathematically, this means any positive integer greater than 1 and divisible without a remainder only by 1 and itself) have a special relationship that makes agreeing on a shared secret possible. An analogy would be to have two milkshake blenders making a chocolate milkshake, but with one blender supplied with apples and the other with oranges. The Diffie-Hellman algorithm is the secret ingredient that, when mixed in with both blenders, produces the chocolate milkshake. Remember, it really is a superb algorithm.
NOTE RSA is another public key cryptographic algorithm (named after its inventors, Rivest, Shamir, and Adleman) with a variable key length. RSA’s main weakness is that it is significantly slow to compute compared to popular secret-key algorithms, such as DES or 3DES. Cisco’s IKE implementation uses a Diffie-Hellman exchange to get the secret keys. This exchange can be authenticated with RSA (or pre-shared keys). With the Diffie-Hellman exchange, the DES key never crosses the network, which is not the case with the RSA encryption and signing techniques. RSA is not public domain like DES/3DES, and to apply RSA, you must be licensed from RSA Data Security. An RSA signature is defined as the host (for example PC or routers) public and private key, which is bound with a digital certificate.
242 Chapter 5: Security Protocols
IP Security IPSec
IPSec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. RFC 2401 for IP
IPSec is a defined encryption standard that encrypts the upper layers of the OSI model by adding a new predefined set of headers. A number of RFCs defined IPSec. IPSec is a mandatory requirement for IP version 6. (IPV6 is not covered in the examination.) IPSec ensures that the network layer of the OSI model is secured. In TCP/IP’s case, this would be the IP network layer.
IPSec can be configured in two protection modes, which are commonly referred to as Security Association (SA). These modes provide security to a given IP connection. The modes are as follows:
•Transport mode—Protects payload of the original IP datagram; typically used for end- to-end sessions
•Tunnel mode—Protects the entire IP datagram by encapsulating the entire IP datagram in a new IP datagram
SA is required for inbound and outbound connection. In other words, IPSec is unidirectional. IKE, discussed in this chapter, allows for bidirectional SAs.
Figure 5-12 displays the extension to the current IP packet frame format for both transport and tunnel modes.
Figure 5-12 IPSec Protection Modes
|
Original IP Datagram |
|
|
|
|
IP Header |
|
IP Data (Not Encrypted) |
|
|
|
Transport |
|
IP Header |
IPSec |
|
Data (Encrypted) |
|
Mode |
|
Header |
|
|||
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
New IP Header |
|
Encrypted |
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tunnel |
|
New IP |
IPSec |
Original |
Data |
|
Mode |
|
Header |
Header |
Header |
||
|
|
|
||||
|
|
|
|
|
|
|
IP Header |
|
IP Data (Not Encrypted) |
|
|
|
|
Original IP Datagram |
|
Encrypted
244 Chapter 5: Security Protocols
Figure 5-14 ESP Frame Format
IP Header (Port 50) |
|
|
Security Parameter Index (SPI) |
|
|
Sequence Number |
|
|
Payload Data (variable) |
|
|
PAD (0-255 bytes) |
Authenticated |
|
PAD Length |
Next Header |
|
Encrypted |
|
|
|
IP Data |
|
Authentication Data |
|
|
The Next Header is an 8-bit field that identifies the type of data contained in the Payload Data field. The IP data field contains the data to be sent. The Authentication Data field is a variablelength field containing an Integrity Check Value (ICV) computed over the ESP packet minus the Authentication Data.
Authentication Header (AH)
AH is described in RFC 2402. The IP protocol destination port is 51. Figure 5-15 highlights the fields in the IP datagram that are encrypted and authenticated. Note that not all fields, such as the Time to Live fields, are encrypted.
NOTE |
AH provides data origin authentication and optional replay-detection services. AH doesn’t |
|
provide data confidentiality (or encryption). Authentication is done by applying one-way hash |
|
to create a message digest of the packet. Replay detection can be implemented using the |
|
sequence number in the IP packet header. |
|
|
