I’ll now discuss encryption.
Data Encryption Standard
IPSec can use either the 56−bit Data Encryption Standard (DES) algorithm or the 168−bit 3DES algorithm for encryption. After two IPSec peers obtain their shared secret key, they can use the key to communicate with each other using the DES encryption algorithm. The 56−bit DES system consists of an algorithm and a key. The key has a length of 64 bits, of which 56 are used as the key. The remaining 8 bits are parity bits used in checking for errors. Even with just 56 bits, there are more than 70 quadrillion possible keys (simply, 256). The digits in the key must be independently determined to take full advantage of 70 quadrillion possible keys.
The mechanics of DES are relatively simple. DES enciphers data in blocks of 64 bits of binary data. Given a message that needs to be encrypted, one must first pick a 64−bit key and then convert the plaintext into binary form. It takes a string of only 5 bits to describe our alphabet, because 2Ø532 and the alphabet is 26 letters long. This is relatively easy to do. Now within the blocks or strings of 64 bits, order is very important. The leftmost bit is known as the 1st bit or is in the first position. The rightmost bit is the 64th bit.
The first step in the DES procedure is to change the order within each block. For example, the 52nd bit in the original string becomes the 1st bit in this new block. Bit 40 becomes bit 2 and so forth, as specified by a table. This step is called the initial permutation. Permutation is used in the strict mathematical sense that only order is changed. The results of this initial permutation are broken down into two halves. The first 32 bits become L0. The last 32 bits are called R0. Now the data is subjected to the following transformation 16 times:
Ln = Rn−1 where R0 occurs at n=1
Rn = Ln−1 ( ((Rn−1, Kn) where L0 occurs at n=1
After the first iteration, we are presented with the following:
Ln+1 = Rn in essence Ln+1 = Ln−1 ( ((Rn, K0)
Rn+1 = Ln ( ((Rn, K0) in essence Rn+1 = Rn−1 ( ((Rn, K0)
Cisco’s encryption algorithm incorporates cipher feedback (CFB), which further guarantees the integrity of the data received by using feedback. This is the essence of DES. The key and the message become interwoven and inseparable, which makes it difficult to break apart the cipher text into its constituent parts. This procedure is performed 16 times. The expression Rn = Ln‘ (((Rn+1, Kn) is simply saying, “Add L, bit by bit in modulo 2, from one iteration ago to the term ((Rn‘, Kn).” This function is determined by R, one iteration ago and Kn, which is based on the key. Kn is, in turn, given by another formula, Kn= KS(n, KEY). Because this algorithm goes through 16 iterations, Kn will be of length 48. The calculation of Kn is another operation in which DES looks in a table. The calculation of the function ((Rn+1,Kn) is likewise simple. First, however, notice that R is of 32−bit length and K is 48 bits long. R is expanded to 48 bits using another table. The resulting R is added to K (using bit−by−bit addition in mod base 2). The result of this addition is broken into eight 6−bit strings. One enters into another table that gives the primitive function Sn. There is one S function for each 6−bit block. The result of entering into these S functions is a 32−bit string. After 16 iterations, the result should be, L16 and R16. These two strings are united where R forms the first 32 bits and L forms the last 32. The 64−bit result is entered into the inverse of the initial permutation function. The result of this last step is cipher text. Decoding is accomplished by simply running the process backwards.
When the encryption services provided by the 56−bit DES algorithm are not deemed as being strong enough from a mathematical standpoint for encryption of data, the Triple DES (3DES) symmetrical encryption algorithm can be used. Cisco products support the use of the 168−bit 3DES encryption algorithm with IPSec implementations. 3DES has been standardized by the National Institute of Standards and Technology (NIST) and is a variant of 56−bit DES. 3DES takes data and breaks it into 64−bit blocks just as DES does, yet 3DES processes each block three times. Each time 3DES uses an independent 56−bit key, the encryption strength over 56−bit DES is tripled.
MD5 Message Digest
The MD5 algorithm, an extension to the MD4 message digest, can be used to ensure that a message has not been altered. The MD5 algorithm takes as input a message of arbitrary length—for example, a username and password—and after running the message through the algorithm, MD5 produces as output a 128−bit message digest of the input. It is considered computationally infeasible to produce two messages having the same message digest or to produce a message that has a predefined message digest.
Generally, there are two accepted schemes for implementing IPSec. The first is for each end station to perform IPSec directly. This provides the advantage of not having an impact on the network design, topology, or any routing decisions. The disadvantage is that each end station usually must possess special software or needs an upgrade in addition to the added configuration. Complicating the issue is that the user must be aware of when encryption is required. Because users make the decisions, they potentially must make a change to the configuration. When using this scheme, encryption is not transparent to the end user.
The second is for the network devices to provide the service of IPSec. An advantage to this scheme is that the end stations and users are not directly involved. Another consideration is that, when you design a network to use encryption and the end stations won’t be doing the encryption, the enrypting end points impose a very simple constraint. All traffic that has security services applied to it must go through the two peering crypto end points. This setup places some limits on asymmetric traffic paths. After a packet is processed by one enrypting end point (one end of the SA), the packets may take any route between the two encrypting end points; however, the route must bring the packet back to the peer encrypting end point for processing. This requirement means that there are single points in a network where IPSec traffic must traverse. For enterprises with multiple access points onto the Internet, care must be taken in how network addresses are advertised to enforce the symmetric relationship between IPSec peers.
The security associations are unique between the two peering encrypting end points and are not shared with other possible encrypting devices. When applying security, make sure that it is indeed secure; that is, make sure that the “state” of any particular data flow in the SAD is restricted to the two peers.