Specifications
Cisco ISR-800 Security Target
53
TOE SFRs
How the SFR is Met
lets two peers agree on how to build an IPsec Security Association (SA). The
strength of the symmetric algorithm negotiated to protect the IKEv1 Phase 1 and
IKEv2 IKE_SA connection is greater than or equal to the strength of the
symmetric algorithm negotiated to protect the IKEv1 Phase 2 or IKEv2
CHILD_SA connection. The IKE protocols implement Peer Authentication using
RSA and ECDSA along with X.509v3 certificates, or pre-shared keys. IKE
separates negotiation into two phases: phase 1 and phase 2. Phase 1 creates the
first tunnel, which protects later ISAKMP negotiation messages. The key
negotiated in phase 1 enables IKE peers to communicate securely in phase 2.
During Phase 2 IKE establishes the IPsec SA. IKE maintains a trusted channel,
referred to as a Security Association (SA), between IPsec peers that is also used to
manage IPsec connections, including:
• The negotiation of mutually acceptable IPsec options between peers
(including peer authentication parameters, either signature based or pre-
shared key based),
• The establishment of additional Security Associations to protect packets
flows using Encapsulating Security Payload (ESP), and
• The agreement of secure bulk data encryption AES keys for use with
ESP.
After the two peers agree upon a policy, the security parameters of the policy are
identified by an SA established at each peer, and these IKE SAs apply to all
subsequent IKE traffic during the negotiation.
The TOE supports both IKEv1 and IKEv2 session establishment. As part of this
support, the TOE can be configured to not support aggressive mode for IKEv1
exchanges and to only use main mode using the ‘crypto ISAKMP aggressive-
mode disable’ command. The TOE supports configuration lifetimes of both Phase
1 SAs and Phase 2 SAs using the following command, lifetime. The time values
for Phase 1 SAs can be limited to 24 hours and for Phase 2 SAs to 8 hour, but it is
configurable to 8 hours. The
IKEv2 SA lifetimes can also be configured by an
Administrator based on number of packets. The TOE supports Diffie-Hellman
Group 14, 19, 24, 20, 15 and 16. Group 14 (2048-bit keys) can be set by using the
“group 14” command in the config mode.
The nonces used in IKE exchanges are
generated in a manner such that the probability that a specific nonce value will be
repeated during the life a specific IPsec SA is less than 1 in 2^[128]. The secret
value
‘x’ used in the IKE Diffie-Hellman key exchange (“x” in g
x
mod p) is
generated using a NIST-approved AES-CTR Deterministic Random Bit Generator
(DRBG). Preshared keys can be configured using the ‘crypto isakmp key’ key
command and may be proposed by each of the peers negotiating the IKE
establishment.
The TOE provides AES-CBC-128 and AES-CBC-256 for encrypting the IKEv1
and IKEv2 payloads. The administrator is instructed in the AGD to ensure that the
size of key used for ESP must be greater than or equal to the key size used to
protect the IKE payload.
FCS_SSH_EXT.1
The TOE implementation of SSHv2 supports the following:
• public key algorithms for authentication: RSA Signature Verification.
• local password-based authentication for administrative users accessing
the TOE through SSHv2, and optionally supports deferring authentication
to a remote AAA server.
• encryption algorithms, AES-CBC-128, AES-CBC-256 to ensure