CARACTERIZACIÓN DE AGUAS GRISES

In UMTS and IMS networks, Internet Key Exchange IKE protocol is responsible for cryptographic keys distribution between two communication security gateways. IKE protocols facilitate the negotiation, establishment and maintenance of security association when two network elements try to make a secure connection for data transmission. For security association IKE use encryption algorithms, hash algorithm, authentication mechanisms and information about the group for the sake of Diffie-Hellman. These parameters are must to be implemented by IKE; also it must have support for DES in CBC, 3DES [9], AES [10] (encryption algorithms), MD-5 [11] and SHA [12] (authentication algorithms). The IKE use two methods for authenticated key exchange i.e. main mode and aggressive mode. Each of these modes makes use of Diffie-Hellman key exchange algorithm for key exchange. There is another mode called quick mode in which is responsible for fresh keying material.

As explained in section 5.2.3.2, IKE is supposed to be used for SAs establishment for IPSec security. Besides the security association negotiation there are some additional parameters that IKE has to support in context of inter-domain security, explained below in the form of phases.

IKEv1 Phase I

(ISAKMP Security Association)

- IKE must support the per-shared secret keys for authentication - In phase I main mode is the only mode that is supported

- For identification the IP Address and fully qualified domain name (FQDN) should be used

- For authentication SHA-1 should be supported

- For key exchange procedure the support of Diffie-Hellman is mandatory

The life time of IKE SAs is dependent on the life time of IPSec SAs i.e. the shortest life time of IKE SAs should be equal to the life time of IPSec SAs. As for the expiry of a SA is concerned; a new SA must be created before the expiry of an old SA. Further more, there should be a time slot of reasonable length between the elapses of old and new SA to avoid any kind of data lose (there is a possibility of data lose if the packet is transported to the old SA or expired SA).

IKEv1 Phase II

(IPSec Security Association)

- The secrecy forwarding procedure is optional in phase II

- The address types that are compulsory to support are IP addresses and Subnet IDs - Notification procedure must be supported

- The key exchange algorithm “Diffie-Hellman Group 2” must be supported [3]

The IKE uses AES-CBC algorithm for authentication procedure. AES-CBC supports 64, 128 and 256 bits key length and in case of IKE the AES uses 128 bit key both for phase I and phase II.

The mandatory requirements for IKEv2 in case of inter-domain security are given below [13].

For IKE_SA_INIT Exchange

- Support for 3DES in CBC mode

- Support AES in CBC mode (with 128 bit key)

- Support for HMAC-SHA1 (Pseudo-Random Function) - Support for HMAC-SHA1-96

- Support for Diffie-Hellman Group 2, 1024-bit MODP [13] - Support for Pseudo-Random Function: AES-XCBC-PRF-128 - Support for AES-XCBC-MAC-96

For IKE_AUTH Exchange

- Use of pre-shared secrets must be supported for authentication procedure

- IP address and Fully Qualified Domain Names (FQDN) should be used for

Identification.

- Re-Keying (creation of new SA and when old SA is discarded) of IPsec SAs and IKE

SAs should be supported.

For CREATE_CHILD_SA Exchange

- Optional support for Perfect Forward Secrecy

5.2.2.3.1 IKEv1 and IKEv2 Interoperability

As I have elaborated the IKEv1 and IKEv2 above and it can be seen that about 70% of the features are identical in both the versions of IKE but still they are not interoperable with each other. For interoperability of network domain security entities using different versions of IKE some additional setup is needed.

- SEGs must be equipped with both the IKEv1 and IKEv2, to ensure the IKE SAs establishment with common version of IKE on Za interface. If a SEG equipped with IKEv1 and IKEv2 communicate with a SEG equipped with only IKEv1 then according the 3GPP standards the security association is established using IKEv1. - If both the SEGs are equipped with IKEv1 and IKEv2 then IKEv2 is used for security

association.

- If a SEG implemented with IKE v1 and v2 have to utilize Zb interface for communication with network entities that only support IKEv1 then the SA is established with IKEv1.

Figure 5.5 Implementation of IKEv1 and IKEv2

- In case if two NEs of the same network domain need to communicate with each other (Zb Interface) and both of them have different versions of IKE implemented then as mentioned earlier IKEv1 and IKEv2 are not compatible with each other, SEG is introduced in this scenario as mediator. SEG must be equipped with both v1 and v2 and it enables both the requesting NE to establish SA for communication.

- It is recommended to install the IKEv2 on new NE as IKEv2 have some advantages over IKEv1 in terms of security and performance.

Chapter 6

Encryption and Authentication

IMS Network domain security both Inter and Intra Domain is dependent on the authentication and encryption algorithms used to provide data integrity, encryption and source authentication.

The algorithms implanted in IMS can be categorized in two different categories i.e. authentication algorithms and encryption algorithms. MD5 [11] and SHA-1 [12] are used to provide authentication and integrity while triple DES-CBC [9] and AES-CBC [10] are the algorithms responsible for data encryption or data confidentiality. Although there is DES algorithm that can be used for encryption but the network security design engineers recommend the use 3DES instead of DES because of the weak key structure of DES.