Using Internet Protocol Security
When using ICT equipment or software that implements IPsec, security controls for using AACPs also need to be consulted in the ASD Approved Cryptographic Protocols section of these guidelines.
Internet Security Association Key Management Protocol authentication
Most IPsec implementations handle a number of methods for authentication as part of Internet Security Association Key Management Protocol (ISAKMP). These can include digital certificates, encrypted nonces or pre-shared keys. These methods are all considered suitable for use.
Mode of operation
IPsec can be operated in transport mode or tunnel mode. The tunnel mode of operation provides full encapsulation of IP packets while the transport mode of operation only encapsulates the payload of the IP packet.
Security Control: 0494; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS
Tunnel mode is used for IPsec connections; however, if using transport mode, an IP tunnel is used.
IPsec contains two major protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP). In order to provide a secure Virtual Private Network style connection, both authentication and encryption are needed. AH and ESP can provide authentication for the entire IP packet and the payload respectively. However, ESP is generally preferred for authentication since AH by its nature has network address translation limitations. However, if maximum security is desired at the expense of network address translation functionality, then ESP can be wrapped inside of AH, which will then authenticate the entire IP packet and not just the encrypted payload.
Security Control: 0496; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
The ESP protocol is used for IPsec connections.
There are several methods for establishing shared keying material for an IPsec connection, including manual keying and Internet Key Exchange (IKE) version 1 and 2. IKE addresses a number of security risks associated with manual keying, and for this reason is the preferred method for key establishment.
Security Control: 1233; Revision: 1; Updated: Sep-18; Applicability: O, P, S, TS
IKE is used for key exchange when establishing an IPsec connection.
Internet Security Association Key Management Protocol modes
ISAKMP main mode provides greater security than aggressive mode since all exchanges are protected.
Security Control: 0497; Revision: 5; Updated: Sep-18; Applicability: O, P, S, TS
If using ISAKMP in IKE version 1, aggressive mode is disabled.
Security association lifetimes
Using a secure association lifetime of four hours, or 14400 seconds, provides a balance between security and usability.
Security Control: 0498; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS
A security association lifetime of less than four hours, or 14400 seconds, is used.
Hashed Message Authentication Code algorithms
The approved Hashed Message Authentication Code (HMAC) algorithms are HMAC-SHA256, HMAC-SHA384 or HMAC-SHA512.
Security Control: 0998; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
HMAC-SHA256, HMAC-SHA384 or HMAC-SHA512 is used as a HMAC algorithm.
Using a larger DH group provides more security for the key exchange. The minimum modulus size needed is specified in the ASD Approved Cryptographic Algorithms section of these guidelines.
Security Control: 0999; Revision: 5; Updated: Sep-18; Applicability: O, P, S, TS
The largest modulus size possible for all relevant components in the network is used when conducting a key exchange.
Perfect Forward Secrecy
Using PFS reduces the impact of the compromise of a security association.
Security Control: 1000; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
PFS is used for IPsec connections.
Internet Key Exchange Extended Authentication
XAuth using IKE version 1 has documented security vulnerabilities associated with its use.
Security Control: 1001; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
The use of XAuth is disabled for IPsec connections using IKE version 1.
Further information on IPsec can be found in IETF RFC 4301 and its updates:
- IETF RFC 4301, Security Architecture for the Internet Protocol, at https://tools.ietf.org/html/rfc4301
- IETF RFC 6040, Tunnelling of Explicit Congestion Notification, at https://tools.ietf.org/html/rfc6040
- IETF RFC 7619, The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2), at https://tools.ietf.org/html/rfc7619.