Cisco Cisco IOS Software Release 12.4(23)
6. TOE Summary Specification
Document Organization
25
Security Target For Cisco IOS IPSec
6. TOE Summary Specification
This section presents the Security Functions implemented by the TOE and the Assurance Measures
applied to ensure their correct implementation.
applied to ensure their correct implementation.
6.1 IT Security Functions
This section presents the security functions performed by the TOE and provides a mapping between the
identified security functions and the Security Functional Requirements that it must satisfy.
identified security functions and the Security Functional Requirements that it must satisfy.
6.1.1 IPSec Implementation
The TOE implements the IETF IPSec protocols (RFCs 2401-2410) to provide confidentiality,
authenticity and integrity for packet flows transmitted from and received by the TOE. The TOE IPSec
implementation contains a number of functional components that meet the IPSec TSF.
authenticity and integrity for packet flows transmitted from and received by the TOE. The TOE IPSec
implementation contains a number of functional components that meet the IPSec TSF.
IPSEC.1 - IPSec Internet Key Exchange (IKE)
IKE authenticates IPSec peers (remote TOEs) using pre-shared keys, RSA keys,
1
or digital certificates.
It also handles the agreement of secure session keys using the Diffie-Hellman algorithm and negotiates
the parameters used during IPSec ESP (IPSEC.2)
the parameters used during IPSec ESP (IPSEC.2)
IKE maintains a trusted channel, referred to as a Security Association (SA), between IPSec peers that is
also used to manage IPSec connections, including:
also used to manage IPSec connections, including:
•
The negotiation of mutually acceptable IPSec options between peers,
•
The establishment of additional Security Associations to protect packets flows using ESP (as per
IPSEC.2), and
IPSEC.2), and
•
The agreement of secure bulk data encryption (3DES (168-bit) or AES (128, 192, or 256 bit)) keys
for use with ESP (IPSEC.2).
for use with ESP (IPSEC.2).
IPSEC.2 - IPSec Encapsulating Security Payload (ESP)
The TOE uses ESP to protect packet flows between IPSec peers (instances of the TOE) across
intervening untrusted networks in accordance with a TOE security policy (TSP). ESP is a method of
encapsulating IP Packets and provides confidentiality using the 3DES and AES ciphers, integrity and
authenticity using the MD5 and SHA-1 algorithms, and a mechanism to detect the capture and
retransmission of packets (replay attacks).
intervening untrusted networks in accordance with a TOE security policy (TSP). ESP is a method of
encapsulating IP Packets and provides confidentiality using the 3DES and AES ciphers, integrity and
authenticity using the MD5 and SHA-1 algorithms, and a mechanism to detect the capture and
retransmission of packets (replay attacks).
The parameters used by ESP, including session encryption keys, are negotiated via IPSec security
associations (SAs) established via IKE (IPSEC.1) in accordance with the TSP. Note that security
associations are unidirectional so that between IPSec peers protecting a packet flow (labelled A and B
for example) there are at least two SA’s - one from A to B and one from B to A. Each SA, and associated
session encryption key, has a lifetime, which upon expiry results in a new SA and session encryption key
being established by the SA peers.
associations (SAs) established via IKE (IPSEC.1) in accordance with the TSP. Note that security
associations are unidirectional so that between IPSec peers protecting a packet flow (labelled A and B
for example) there are at least two SA’s - one from A to B and one from B to A. Each SA, and associated
session encryption key, has a lifetime, which upon expiry results in a new SA and session encryption key
being established by the SA peers.
The packet flows between two remote IPSec peers that are to be protected by the TOE are defined by
way of cryptographic maps (IPSEC.3).
way of cryptographic maps (IPSEC.3).
1. Support for RSA public/private key pairs for IKE authentication requires the use of an IPSec hardware
acceleration module. Models listed as using “Built In” modules do not support RSA public/private key pairs
for IKE authentication.
for IKE authentication.