Newbie: VPN Phases 1 and 2-need clear explanation



  • Hi all,

    FoA, sorry for my long post. I am new to Security field with Juniper as my first product. Before getting hands on, i want to know the clear picture involved in both the phases of VPN. I have browsed thorough several articles and let me post my inferences on the VPN. Please correct me wherever i go wrong.

    Considering the IKE phase with Main mode, there are 6 packets(Three 2-way exchanges) involved in forming a tunnel:

    1st exchange: Both the peers exchange their encryption(DES,3DES, AES) and authentication algorithms(MD5, SHA1) and arrive at a conclusion

    2nd exchange: Diffie Hellman shared secret is computed by exchanging the public keys. In this exchange itself, the encryption keys (DES,3DES, AES) and authentication keys (MD5, SHA1) are negotiated. This negotiation is encrypted by the Shared secret and decrypted by the respective private keys at the gateways.And both the ends shud possess the same keys, since it is going to be symmetric

    3rd exchange: Both the gateways authenticate themselves to each other. Assuming a pre-shared key authentication mechanism(let me not dive into Digital certificates or PKI at this level), how it takes place? I mean how the pre-shared secret is compared at both the ends? My opinion is that the pre-shared secret is hashed and encrypted by the private key. So at the receivin end it is decrypted by the Diffie-HellMan shared secret and now it has a hashed value of the pre-shared secret. This receiving gateway then hashes the pre-shared secret on its side and compares with the received one. If it matches, then authenticity is guaranteed.

    Pls correct me for errors, if any. Also what actually happens in Phase 2? Apart from the ESP/AH negotiations in Phase 2, what else is there?

    Wil be rejoiced if sumone corrects me



  • No probs dude… 🙂

    Couple of questions:

    1. Are the 1st two packets in Phase 2, encrypted by the symmetric encryp key formed in Phased 1?
    2. DH Group (which is 0 if no Perfect Forward Secrecy will be used)
      Encryption Algo

    Why is the need for encryp algo again in Phase 2?
    3. In Packet 3 what is acknowledged and by whom?



  • sorry for the delay - I have been travelling since last friday
    In Phase 2 (Quick Mode), there are only 3 packets.

    Using the secure/authenticated channel from Phase 1 :

    • in the first 2 packets, the proposals for the tunnel are exchanged :
      ESP and/or AH indicator ?
      DH Group (which is 0 if no Perfect Forward Secrecy will be used)
      Encryption Algo
      Key lifetime
      Proxy ID
      and DH Public Keys (if PFS is going to be used)

    Packet 3 acknowledges the information

    From that point on, data will be encrypted using the proposals that were exchanged in the first 2 packets, and using the symmetric encryption key that was derived in Phase 1



  • Ok.Now wats exactly happening in Phase 2? Pls let me know packet-wise



  • the local ID can be an IP address, fqdn, u-fqdn, certificate CN…  it all depends on the type of tunnel
    for regular site-to-site VPN’s with static IP’s, in main mode, the local ID’s are the gateway IP addresses



  • What is Local ID anyways?



  • (assuming that you mean “the Encryption Protocol for Phase 1” with 3DES… after all, it may be something else than 3DES :-))

    Only the Local ID is encrypted, and then the hash of (local ID + the PSK string) is added to it, and sent to the other side



  • I was expecting sumthing like this. Ok. You mean to say that the 3DES encryp key formed via the DH Key encrypts the Hash(Local ID+Preshared secret)?



  • ok - I made a mistake in one of my previous posts
    the preshared secret (PSK) is in fact used in packet 5 and 6

    packet 5 =
    Local ID (encrypted with the symmetric key (exchange and calculated via DH) + the hash of (local ID + the PSK string)

    packet 6 = the same, again containing the encrypted local ID + the hash of (local ID + PSK)

    these 2 messages will in fact authenticate both sides (because the hash of the ID+PSK needs to match what is calculated at the other side) AND will verify the encryption (symmetric) key, because it uses this encryption key to decrypt the packet it has received and encrypt the packet it sends



  • Ok.Next is, where does the authentication comes into picture in the Phase 1 Main Mode? Say, fi we choose preshared secret for authentication, where this is verified?



  • yes



  • Ok. So the DH Shared secret is used by the encryp algo decided in 1st two packets to form a symmetric 3DES encryp key. This symmetric 3DES encryp key(formed by DH) encrypts the Hash(Local ID+DH Shared secret key)



  • Lets assume that at 1st two packets, both the parties agree on 3DES encryp algo. In 3rd and 4th packets DH Shared secret is formed. The DH is as shared secret agreed btwn them. Apart from this DH, there shud be a symmetric key formed by the 3DES algo agreed in packets 1 and 2. quote]
    No - 3DES does not form a key. It uses a key to encrypt.    DH forms the key.

    There is only one key in Phase 1 : the symmetric key (which is formed by DH, and used by 3DES)



  • Lets assume that at 1st two packets, both the parties agree on 3DES encryp algo. In 3rd and 4th packets DH Shared secret is formed. The DH is as shared secret agreed btwn them. Apart from this DH, there shud be a symmetric key formed by the 3DES algo agreed in packets 1 and 2. Two questions at this point:

    1. When is this symmetric 3DES key is negotiated? My understanding is that, after DH Shared secret is formed in packets 3 and 4, this 3DES key is negotiated via the DH Shared secret

    2. What actually encrypts the 5th and 6th packets? Is that the 3DES Key or the DH Shared secret?



  • I don’t think it is contradictory…

    how can you ever encrypt on one side and decrypt on the other side if both sides don’t agree on the encryption algo to use ?
    so first they agree on what algo’s to use  (1st and 2nd packet)
    then they agree on a key (3rd and 4th)
    and then then encrypt and decrypt at the other side (5th and 6th packet), using the encryption algo (1st and 2nd packet), the hashing algo (1st and 2nd packet) and the key (3rd and 4th packet)



  • Hey…This seems to be contradictory.You agreed to my pt that the DH Shared secret is used to encrypt the Hash(DH Shared Secret + Local ID).

    This means that there needs to be consent on both sides about the encryption algo to use. That is why there are encryption algo’s proposed/exchanged in the first 2 packets of Phase 1 - When the very DH Shared secret is used to encrypt the 5th and 6th packets, why is the need to to have a concern abt the encryp algo in 1st two packets?



  • Ok. So, in the 5th and 6th packets the (DH Key+ Local ID) is hashed and its encrypted by the same DH Key as well? (Since u say that there is no separate encryp key apart frm the DH Key in Phase1 )

    Yes

    Then what is the need for exchanging the encryption algorithms in packets 1 and 2 in Phase1?

    In 5th and 6th packet, the (DH Key + Local ID) are hashed and encrypted.
    This means that there needs to be consent on both sides about the encryption algo to use
    That is why there are encryption algo’s proposed/exchanged in the first 2 packets of Phase 1



  • Ok. So, in the 5th and 6th packets the (DH Key+ Local ID) is hashed and its encrypted by the same DH Key as well? (Since u say that there is no separate encryp key apart frm the DH Key in Phase1 )

    Then what is the need for exchanging the encryption algorithms in packets 1 and 2 in Phase1?



  • no

    the DH Shared Secret is the encryption key. There is no separate negotiation of the encryption key, because the symmetric key = the encryption key

    so : in packet 3 and 4, the symmetric key (= shared secret = encryption key = session key) is formed



  • So can i say that in the 3rd and 4th packets itself, the DH Shared secret is formed and via this DH SHared secret, the encryption key(DES/3DES/AES) is negotiated and agreed?


 

29
Online

38.4k
Users

12.7k
Topics

44.5k
Posts