Crypto Lingo
Authentication Header (AH):
A security protocol that provides authentication and optional replay-detection services. AH is embedded in the data to be protected (a full IP datagram, for example). AH can be used either by itself or with Encryption Service Payload (ESP). Refer to the RFC 2402Authentication:
One of the functions of the IPSec framework. Authentication establishes the integrity of datastream and ensures that it is not tampered with in transit. It also provides confirmation about datastream origin.Certification Authority (CA):
A third-party entity that is responsible for issuing and revoking certificates. Each device that has its own certificate and public key of the CA can authenticate every other device within a given CA's domain. This term is also applied to server software that provides these services.certificate:
A cryptographically signed object that contains an identity and a public key associated with this identity.Classic crypto:
Cisco proprietary encryption mechanism used in Cisco IOS release 11.2. Classic crypto will be available in Cisco IOS release 11.3, however, IPSec will not be "retrofitted" to Cisco IOS release 11.2. You may also see the name "classic crypto" referred to as "Encryption Express" or "Cisco Encryption Technology" (CET) in the marketing literature.Certificate Revocation List (CRL):
A digitally signed message that lists all of the current but revoked certificates listed by a given CA. This is analogous to a book of stolen charge card numbers that allow stores to reject bad credit cards.Crypto map:
A Cisco IOS software configuration entity that performs two primary functions: (1)it selects data flows that need security processing and (2)defines the policy for these flows and the crypto peer that traffic needs to go to.A crypto map is applied to an interface. The concept of a crypto map was introduced in classic crypto but was expanded for IPSec.
Data integrity:
Data integrity mechanisms, through the use of secret-key based or public-key based algorithms, that allow the recipient of a piece of protected data to verify that the data has not been modified in transit.Data confidentiality:
Method where protected data is manipulated so that no attacker can read it. This is commonly provided by data encryption and keys that are only available to the parties involved in the communication.Data origin authentication:
A security service where the receiver can verify that protected data could have originated only from the sender. This service requires a data integrity service plus a key distribution mechanism, where a secret key is shared only between the sender and receiver.Data Encryption Standard (DES):
The DES was published in 1977 by the National Bureau of Standards and is a secret key encryption scheme based on the Lucifer algorithm from IBM. The contrast of DES is public-key. Cisco uses DES in classic crypto (40-bit and 56-bit key lengths), IPSec crypto (56-bit key), and on the PIX Firewall (56-bit key).Diffie-Hellman:
A method of establishing a shared key over an insecure medium. Diffie-Hellman is a component of Oakley.DSS:
A digital signature algorithm designed by The US National Institute of Standards and Technology (NIST) based on public key cryptography. DSS doesn't do user datagram encryption. DSS is a component in classic crypto, as well as the Redcreek IPSec card, but not in IPSec implemented in Cisco IOS software.Encryption Service Adapter (ESA):
A hardware based encryption accelerator that is used in:
- Cisco 7204 and 7206 routers
- Second-generation Versatile Interface Processor2-40s (VIP2-40s) in all Cisco 7500 series routers
- VIP2-40 in the Cisco 7000 series routers that have the Cisco 7000 series Route Switch Processor (RSP7000) and Cisco 7000 series Chassis Interface (RSP7000CI) cards installed.
IPSec does not use the ESA acceleration, but will work in a box that has an ESA card on a software-only basis.
Encapsulating Security Payload (ESP):
A security protocol that provides data confidentiality and protection with optional authentication and replay-detection services. ESP completely encapsulates user data. ESP can be used either by itself or in conjunction with AH. Check out RFC 2406: IP Encapsulating Security Payload (ESP).Hash: A one way function that takes an input message of arbitrary length and produces a fixed length digest. Cisco uses both Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) hashes within our implementation of the IPSec framework (see HMAC below).
HMAC:
A mechanism for message authentication using cryptographic hashes such as SHA and MD5. For an exhaustive discussion of HMAC, check out RFC 2104Internet Key Exchange (IKE):
A hybrid protocol that uses part Oakley and part of another protocol suite called SKEME inside the Internet Security Association and Key Management Protocol (ISAKMP) framework. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require keys. Before any IPSec traffic can be passed, each router/firewall/host must be able to verify the identity of its peer. This can be done by manually entering pre-share keys into both hosts, by a CA service, or the forthcoming secure DNS (DNSSec). This is the protocol formerly known as ISAKMP/Oakley, and is defined in RFC 2409: The Internet Key Exchange (IKE). A potential point of confusion is that the acronyms "ISAKMP" and "IKE" are both used in Cisco IOS software to refer to the same thing. These two items are somewhat different, as you will see in the next definition.Internet Security Association and Key Management Protocol (ISAKMP): A protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy. ISAKMP is defined in the Internet Security Association and Key Management Protocol (ISAKMP).
ISAKMP/Oakley:
See IKE.Message Digest 5 (MD5):
A one way hashing algorithm that produces a 128-bit hash. Both MD5 and Secure Hash Algorithm (SHA) are variations on MD4, which is designed to strengthen the security of this hashing algorithm. SHA is more secure than MD4 and MD5. Cisco uses hashes for authentication within the IPSec framework.Oakley:
A key exchange protocol that defines how to acquire authenticated keying material. The basic mechanism for Oakley is the Diffie-Hellman key exchange algorithm. You can find the standard in RFC 2412: The OAKLEY Key Determination Protocol.Perfect Forward Secrecy (PFS):
PFS ensures that a given IPSec SA's key was not derived from any other secret (like some other keys). In other words, if someone were to breaks a key, PFS ensures that the attacker would not be able to derive any other key. If PFS were not enabled, someone could hypothetically break the IKE SA secret key, copy all the IPSec protected data, and then use knowledge of the IKE SA secret to compromise the IPSec SAs setup by this IKE SA. With PFS, breaking IKE would not give an attacker immediate access to IPSec. The attacker would have to break each IPSec SA individually. Cisco's IOS IPSec implementation uses PFS group 1 (D-H 768 bit) by default.Replay-detection:
A security service where the receiver can reject old or duplicate packets in order to defeat replay attacks (replay attacks rely on the attacker sending out older or duplicate packets to the receiver and the receiver thinking that the bogus traffic is legitimate). Replay-detection is done by using sequence numbers combined with authentication, and is a standard feature of IPSec.RSA:
A public key cryptographic algorithm named(after its inventors, Rivest, Shamir and Adleman) with a variable key length. RSA's main weakness is that it is significantly slow to compute compared to popular secret-key algorithms, such as DES. Cisco's IKE implementation uses a Diffie-Hellman exchange to get the secret keys. This exchange can be authenticated with RSA (or pre-share keys). With the Diffie-Hellman exchange, the DES key never crosses the network (not even in encrypted form), which is not the case with the RSA encrypt and sign technique. RSA is not public domain, and must be licensed from RSA Data Security.Security Association (SA):
An instance of security policy and keying material applied to a data flow. Both IKE and IPSec use SAs, although SAs are independent of one another. IPSec SAs are unidirectional and they are unique in each security protocol. A set of SAs are needed for a protected data pipe, one per direction per protocol. For example, if you have a pipe that supports ESP between peers, one ESP SA is required for each direction. SAs are uniquely identified by destination (IPSec endpoint) address, security protocol (AH or ESP), and security parameter index (SPI).IKE negotiates and establishes SAs on behalf of IPSec. A user can also establish IPSec SAs manually.
An IKE SA is used by IKE only, and unlike the IPSec SA, it is bi-directional.
Secure Hash Algorithm (SHA):
A one way hash put forth by NIST. SHA is closely modeled after MD4 and produces a 160-bit digest. Because SHA produces a 160-bit digest, it is more resistant to brute-force attacks than 128-bit hashes (such as MD5), but it is slower.Transform:
A transform describes a security protocol (AH or ESP) with its corresponding algorithms. For example, ESP with the DES cipher algorithm and HMAC-SHA for authentication.Transport Mode:
An encapsulation mode for AH/ESP. Transport Mode encapsulates the upper layer payload (such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP)) of the original IP datagram. This mode can only be used when the peers are the endpoints of the communication. The contrast of Transport Mode is Tunnel Mode.Tunnel Mode:
Encapsulation of the complete IP Datagram for IPSec. Tunnel Mode is used to protect datagrams sourced from or destined to non-IPSec systems (such as in a Virtual Private Network (VPN) scenario).