NIST IPSec and IKE Simulation Tool

IKEv2 Features
IKEv2 Modeling

IKEv2 Features

This page describes modeling of IKEv2-specific features, machanisms and changes thereof. NIIST IKEv2 is based on IETF IKEv2 Proposal Revision 12. Unless otherwise specifically mentioned in this section, the same techniques and mechanisms such as cryptographic functions are used as described in IKEv1.
Re-keying
Any security gateway can initiate the re-keying process depending upon the local security policy. In IKEv2, SA lifetimes are not negotiated. The user is provided an option of specifying global lifetime for both IKE and IPsec. The user can also use the system default values. See the System Modeling Section below.
The IKE module supports only continuous channel mode if the policy requires. Once a new IKE SA is set-up, the new IKE SA inherits all the valid child SAs of the old IKE SA. These child SAs can be accessed from both the old and new SAs until the old SA expires. As for the IPSec re-keying, a Delete message is used to set-up new SAs.
Retransmission
In IKEv2, the message initiator is responsible for retransmission of an IKE request in case of no response for the request. The initiator sets a retransmission timer and a retry count when sending an IKE request message. The retransmission timer values are dynamically adjusted with the measured round trip time using exponential backoff.
Dead Peer Detection
As a mechanism for dead peer detection, an IKE endpoint sends a NULL query notify (i.e., IKE ping) message in the event of keepalive timeout. The SA responder sets an Inactivity timer to check half-open connections when received an IKE SA initiation request.
Window Management
As specified in IKEv2, a security gateway as the initiator can initiate one or more IKE requests up to an agreed upon window size between peer gateways. The initiator maintains a couple of queues:
- request send queue; and
- response send queue.
The request send queue keeps copies of all the requests previously sent for retransmission in case it does not receive the matching responses. The responder accepts and processes requests out of order and maintains a response send queue that keeps copies of previously sent responses equal to the negotiated window size. This is in preparation for responding in case of retransmission requests from the initiator.
The Message ID counters are maintained for both requests and responses. These counters increase as requests are generated and responses received.

System Modeling

To Model A Security Gateway
```
graph [
  cpudelay true
  ProtocolSession [ name ike 
      use SSF.niist2.IKE.IKEManager
      _find .dictionary.ikeinit 
      _find .dictionary.ike_instrument ]
  ProtocolSession [ name socket 
      use SSF.niist2.keyAPI.NiistSocketMaster]
  ProtocolSession [ name udp 
      use SSF.OS.UDP.udpSessionMaster ]
  ProtocolSession [ name ip use SSF.niist2.IPSec.IPSec
      _find .dictionary.ipsecinit
      _find .dictionary.ipsec_instrument ]
]
security [
  use_encrypt_delay        true

  # the global default life duration values.
  ike_lifetype SECONDS ike_lifeduration 2700
  user_ike_soft true ike_soft_threshold 85 ike_random_delay 10
  ipsec_lifetype SECONDS  ipsec_lifeduration 900
  user_ipsec_soft true ipsec_soft_threshold 85 ipsec_random_delay 10

  _extends .dictionary.crypto_delay
  _extends .dictionary.ikespd
  ipsec_policy [
    ipsec_interface [ id 1
       _extends .dictionary.ipsec_spd
    ]
  ]
]    # end of security
```
A new security policy schema for IKEv2 is modeled due to the protocol change. Since the SA lifetime is not included in negotiating security attributes, the user is provided, for simplicity, an option of specifying global lifetime for both IKE and IPSec, as specified above. The user can also specify an SA specific lifetime in the SA policy section, if preferred. The following attributes can be specified globally:
- ike[ipsec]_lifetype
- ike[ipsec]_lifeduration
- user_ike[ipsec]_soft: A global flag that indicates whether or not the user provides soft_threshold and random_delay. If the value is false (default), the system-provided values are used.
- ike[ipsec]_soft_threshold: The percentage (%) of expiration of lifetime of an existing SA, which triggers the re-negotiation of the SA for a replacement SA. The value of 0 means that no re-keying of the SA is allowed. The value of 100 means that the re-negotiation starts after the life duration of the existing SA has been expired.
- ike[ipsec]_random_delay: It is used to adjust (jitter) the calculated soft time in order to prevent the simultaneous negotiation from both ends.
To Model IKE Security Policy
```
ikespd [
  spdentry [ 
    id 0 
    nhi_remoteSG 1:500(1) identity_type IPV4_ADDR 
    auth_method RSA_SIG 
    proposal [ id 1
      protection [ id 1 protocol IKE
        policy [ type encrypt id AES_CBC ]
        policy [ type prf id SHA1 ]
        policy [ type auth id HMAC_SHA1 ]
        policy [ type DH_group id MODP_1024_G2 ]
      ]
    ]
  ]
  # .. more ike spd entries
]
```
Each IKE entry specifies the following:
- id the identifier of the entry.
- nhi_remoteSG the remove security gateway as a means of discovering remote gateway.
- identity_type the type of identity.
- auth_method the method of authentication used.
- proposal a proposal.
- protection specifies a protocol IKE and consists of one or more policies which are ANDed when encoding. A preferential order is not required in this list.
  A policy contains security policy with the following attributes:
  - type the type of transform. The supported transforms are:
    - encrypt the encryption algorithm;
    - prf the pseudo-random function (e.g., SHA1 or MD5);
    - auth the integrity algorithm; and
    - DH_group the Diffie-Hellman group (e.g., MODP_1024_G2);
  - id the value of the specific transform defined by type. Multiple values can be provided, which are ORed in preferential order.
To Model IPSec Security Policy
```
ipsec_spd [ 
  # the first two entries are for IKE traffic.
  spd_outbound [   
    spdentry [ id 0
      selector [ type TP_PROTOCOL value_type S value UDP]
      selector [ type DEST_PORT value_type S value 500]
      action bypass
    ]
    spdentry [ id 1
      selector [ type TP_PROTOCOL value_type S value UDP]
      selector [ type SRC_PORT value_type S value 500]
      action bypass
    ]
    spdentry [ id 2
      selector [ type SRC_IP value_type R 
                 value_range [ from 0:0(0) to 0:5(0) ] ]
      selector [ type DEST_IP value_type R 
                 value_range [ from  1:0(0) to 1:5(0) ] ]
      # more selectors
      action APPLY encap_mode TUNNEL remoteSG 1:500(0) 
      sourceSG 0:500(0) usepfs true 
      proposal [ id 1
         protection [ id 1 protocol ESP
            policy [ type encrypt id AES_CBC ]
            policy [ type auth id HMAC_SHA1 ]
         ]
      ]
      # more proposals
    ]
  # .. more ipsec spd entries
  ]
  spd_inbound [
    spdentry [ id 0
      _extends .ipsec.bypass0
    ]
    spdentry [ id 1
      _extends .ipsec.bypass1
    ]
    spdentry [ id 2
      selector [ type SRC_IP value_type R 
                 value_range [ from 0:0(0) to 0:9(0) ] ]
      selector [ type DEST_IP value_type R 
                 value_range [ from 1:0(0) to 1:9(0) ] ]
      action APPLY encap_mode TUNNEL remoteSG 0:500(0) 
      sourceSG 1:500(0) usepfs true 
      proposal [ id 1
         protection [ id 1 protocol ESP
            policy [ type encrypt id AES_CBC ]
            policy [ type auth id HMAC_SHA1 ]
         ]
      ]
      # more proposals
    ]
    # .. more ipsec spd entries
  ]  # end of spd_inbound
]
```
Each SPD entry spdentry specfies the following attributes:
- id the entry identifier.
- selector one or more selectors which is used to map traffic to a specific SA or SAs. The following selector parameters are defined:
  - type the selector parameter identifier. The parameters currently supported are SRC_IP, DEST_IP, DEST_PORT, SRC_PORT, TP_PROTOCOL.
  - value_type the type of the value: either the single value (S) or the range of values (R).
  - value or value_range the specific value. If the value type is R, value_range must be used and the range of values must be provided.
- action the specific action to be applied. If an SPD entry requires secure communication (APPLY), the entry must specify SA attributes as follows:
  - encap_mode the encapsulation mode. The TUNNEL mode is supported.
  - remoteSG the remote security gateway as a means of discovering remote gateway.
  - sourceSG IP address of the source SG to be used. This attribute is needed to support BGP.
  - usepfs the use of pfs.
  - proposal one or more proposals which are ORed in preferential order. A proposal specifies:
    - protection one or more protections. If more than one protection is specified, those entries are ANDed, which is generally used when required both ESP and AH protections. A protection, in turn, specifies:
      - id the protection identifier.
      - protocol a security protocol to be used (e.g., ESP or AH);
      - policy one or more policies which are ANDed when encoding. A policy specifies the following attributes:
        
        type the type of transform. The supported transforms are:
        
        encrypt the encryption algorithm;
        auth the integrity algorithm
        
        id one or more values of the specific transform defined by type. The values of the transform are ORed in preferential order.
Comments to niist-dev@antd.nist.gov
Last Modified: December 18, 2003

NIST IPSec and IKE Simulation Tool

IKEv2 Features

System Modeling