User guide

Rev 2.2 Jun.11 24

B: IPsec Architecture

Standards of the M2M IPSec Support

SierraWirelessM2MIPSecsupportsthefollowi ngstandards:

• RFC1829–“TheESPDES‐CBCTransform”

• RFC2401–“SecurityArchitecturefortheInternet

Protocol”

• RFC2403–“TheUseofHMAC‐MD5‐96withinESPand

AH”

• RFC2404–“TheUseofHMAC‐SHA‐1‐96withinESPand

AH”

• RFC2405–“TheESPDES‐CBCCipherAlgorithmWith

ExplicitIV”

• RFC2406–“IPEncapsulatingSecurityPayload(ESP)”

• RFC2410–“TheNULLEncryptionAlgorithmandItsUse

WithIPSec”

• RFC2451–“TheESPCBC‐ModeCipherAlgorithms”

• RFC3602–“TheAES‐CBCCipherAlgorithmandItsUse

withIPSec”(futureenhancement)

Security Algorithms:

1. InternetKeyExchange(IKE)

a. AuthenticationforIKEMessages(Hashing

Algorithms)

· MD5

· SHA1

b. ExchangeModesSupportedinPhase1andPhase2of

IKE

· MainMode

· AggressiveMode

· QuickMode

· InformationalMode

c. AuthenticationMethods(usedinPhase1)

· Authenticationusingpre‐sharedkeys

· AuthenticationusingRSAsignatures

d. OakleyGroups:usedduringPhase1tocalculatekeys

fortheIKESecurityAssociation

· FirstOakleyGroup(MODP768)

· SecondOakleyGroup(MODP1024)

· FifthOakleyGroup(MODP1536)

· MODP2048(available,butnotcurrentlysupported)

· MODP3072(available,butnotcurrentlysupported)