Ike internet key exchange ike is the main key es

Info icon This preview shows pages 9–10. Sign up to view the full content.

IKE Internet Key Exchange (IKE) is the main key es- tablishment protocol used for IPsec VPNs. There are two versions, IKEv1 [22] and IKEv2 [25], which differ in mes- sage structure but are conceptually similar. For the sake of brevity, we will use IKEv1 terminology. Each IKE session begins with a Phase 1 handshake, in which the client and server select a Diffie-Hellman group from a small set of standardized parameters and perform a key exchange to establish a shared secret. The shared secret is combined with other cleartext values transmitted by each side, such as nonces and cookies, to derive a value called SKEYID . IKE provides several authentication mechanisms, including symmetric pre-shared keys (PSK); when IKEv1 is authenticated with a PSK, this value is incorporated into the derivation of SKEYID . The resulting SKEYID is used to encrypt and authenticate a Phase 2 handshake. Phase 2 establishes the parameters and key material, KEYMAT , for a cryptographic transport protocol used to protect subsequent traffic, such as Encapsu- lating Security Payload (ESP) [27] or Authenticated Header (AH) [26]. In some circumstances, this phase includes an additional round of Diffie-Hellman. Ultimately, KEYMAT is derived from SKEYID , additional nonces, and the result of the optional Phase 2 Diffie-Hellman exchange. NSA’s VPN exploitation process The documents pub- lished by Der Spiegel describe a system named TURMOIL that is used to collect and decrypt VPN traffic. The evidence indicates that this decryption is performed using passive eavesdropping and does not require message injection or man-in-the-middle attacks on IPsec or IKE. Figure 4, an excerpt from one of the documents [67], illustrates the flow of information through the TURMOIL system The initial phases of the attack involve collecting IKE and ESP payloads and determining whether the traffic matches any tasked selector [65]. If so, TURMOIL transmits the complete IKE handshake and may transmit a small amount of ESP ciphertext to NSA’s Cryptanalysis and Exploitation Services (CES) [56,65] via a secure tunnel. Within CES, a specialized VPN Attack Orchestrator (VAO) system manages a collection of high-performance grid computing resources located at NSA Headquarters and in a data center at Oak Ridge National Laboratory, which perform the computation required to generate the ESP session key [61,62,67]. VAO also maintains a database, CORALREEF, that stores cryp- tographic values, including a set of known PSKs and the resulting “recovered” ESP session keys [60,61,67]. The ESP traffic itself is buffered for up to 15 minutes [64], until CES can respond with the recovered ESP keys if they were generated correctly. Once keys have been returned, the ESP traffic is decrypted via hardware accelerators [59] or in software [68,69]. From this point, decrypted VPN traffic is reinjected into TURMOIL processing infrastructure and passed to other systems for storage and analysis [69]. The documents indicate that NSA is recovering ESP keys at large scale, with a target of 100,000 per hour [64].
Image of page 9

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Image of page 10
This is the end of the preview. Sign up to access the rest of the document.
  • Spring '14
  • Cryptography, Real World Cryto, Prime number, Logarithm, Transport Layer Security, Integer factorization, discrete log

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern