IPSECME S. Kampati Internet-Draft Huawei Intended status: Standards Track Feb 18, 2019 Expires: Aug 22, 2019 IKEv2 Optional SA&TS Payloads in Child Exchange draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-00 Abstract This document describes a method for reduce the size of the Internet Key Exchange version 2 (IKEv2) exchanges at time of IKE rekey and Child SA Rekey by removing or making optional of SA & TS payloads. Reducing size of IKEv2 exchange is desirable for low power consumption battery powered devices. It also helps to avoid IP fragmentation of IKEv2 messages. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on Aug 22, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Kampati. Expires Aug 22, 2019 [Page 1] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 3. Protocol Details . . . . . . . . . . . . . . . . . . . . . . . 3 3.1 Negotiation . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2 Rekeying IKE SAs with the CREATE_CHILD_SA . . . . . . . . . 4 3.2.1 Exchange with out SA payload . . . . . . . . . . . . . 4 3.2.2 Exchange with optional SA payload . . . . . . . . . . 5 3.2.3 Exchange when there is change in responder . . . . . . 6 3.3 Exchange without SA and TS payload . . . . . . . . . . . . . 7 4 Security Considerations . . . . . . . . . . . . . . . . . . . . 7 5 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Normative References . . . . . . . . . . . . . . . . . . . 8 4.2. Informative References . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction The Internet Key Exchange protocol version 2 (IKEv2) specified in [RFC7296] is used in the IP Security (IPsec) architecture for the purposes of Security Association (SA) parameters negotiation and authenticated key exchange. The protocol uses UDP as the transport for its messages, which size varies from less than one hundred bytes to several kBytes. In 4G network security gateways/ePDG and in 5G networks cRAN/Cloud will support more than one 100000 IKE/IPSEC tunnels. So on an average, for every second we encounter many rekeys. This takes huge amount of bandwidth, packet fragmentation and more processing. This can be solved by introducing this solution. This is useful in Internet of Things (IoT) devices which utilizing lower power consumption technology. The appendix A of [IPSEC-IOT- REQS] gives some estimate data. Kampati. Expires Aug 22, 2019 [Page 2] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 Most of devices they don't preferred to change suits frequently. Taking this advantage we can make SA and TS as optional payloads at time of IKE SA rekey and IPSEC SA rekey. In ESP transport mode if when protocol ID and port numbers are any to any than no need to send TS payloads. In case of Rekeying IKE SAs with the CREATE_CHILD_SA Exchange Minimum size of (single set of cryptographic suite)SA payload 52 bytes, we can replace these payloads with Notify payload N(NEW_SPI) to get SPI which of Size is 16 bytes. So we are have reduced 36 bytes. In case of Rekeying Child SAs with the CREATE_CHILD_SA Exchange Minimum size of SA payload 40 bytes, each TS size 24 bytes (2*24 = 48 bytes). total Size 88 bytes. we can replace these payloads with Notify payload N(NEW_SPI) to get SPI which of Size is 12 bytes, So total reduced size is 76 bytes. 2. Conventions Used in This Document 2.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Protocol Details This section provides protocol details and contains the normative parts. 3.1 Negotiation The initiator indicates its support for IKE optional payloads at rekey and willingness to use it by including a Notification payload of type IKEV2_REKEY_OPTIONAL_PAYLOAD_SUPPORTED in the IKE_SA_INIT request message. If the responder also supports this extension and is willing to use it, it includes this notification in the response message. Initiator Responder ----------------------------------------------------------------- Kampati. Expires Aug 22, 2019 [Page 3] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 HDR(A,0), SAi1, KEi, Ni, --> N(IKEV2_REKEY_OPTIONAL_PAYLOAD_SUPPORTED) <-- HDR, SAr1, KEr, Nr, [CERTREQ,] N(IKEV2_REKEY_OPTIONAL_PAYLOAD_SUPPORTED) The Notify payload is formatted as follows: 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID(=0)| SPI Size (=0) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ o Protocol ID (1 octet) - MUST be zero. o SPI Size (1 octet) - MUST be zero, meaning no Security Parameter Index (SPI) is present. o Notify Message Type (2 octets) - MUST be , the value assigned for the IKEV2_REKEY_OPTIONAL_PAYLOAD_SUPPORTED notification. 3.2 Rekeying IKE SAs with the CREATE_CHILD_SA IKE REKEY optional SA payloads support MUST NOT be used unless both peers have indicated their support for it. The NEW_SPI notification MUST be included in a CREATE_CHILD_SA exchange when there is no SA payload, The New IKE SA is created with the SPI values in the NEW_SPI Notify payload. 3.2.1 Exchange with out SA payload At time of IKE rekey initiator sends NEW_SPI notification payload instead SA payload when there is no change in initial negotiated cryptographic suite. Responder sends NEW_SPI notification payload instead SA payload when there is no change in initial negotiated cryptographic suite. An IKEv2 message exchange with this modification is shown below: Initiator Responder ---------------------------------------------------------------- Kampati. Expires Aug 22, 2019 [Page 4] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 HDR, SK {N(NEW_SPI), Ni} --> Initiator sends NEW_SPI notification payload, Nonce payload and a Diffie-Hellman value in the KEi payload. A new initiator SPI is supplied in the SPI field of the NEW_SPI notification payload. The CREATE_CHILD_SA response for creating a new Child SA is: <-- HDR, SK {N(NEW_SPI), Nr} The responder replies (using the same Message ID to respond) with the NEW_SPI notification payload, Nonce payload and a Diffie-Hellman value in the KEr payload A new responder SPI is supplied in the SPI field of the SA payload. NEW_SPI notification payload is included, MUST NOT include NEW_SPI notification payload. The Notify payload is formatted as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID(=1)| SPI Size (=8) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Security Parameter Index (SPI) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ o Protocol ID (1 octet) - MUST be 1. o SPI Size (1 octet) - this field MUST be 8. o Notify Message Type (2 octets) - MUST be , the value assigned for the NEW_SPI notification. o SPI - IKE SPI (4 octets), initiator will send initiator IKE SPI. Responder will send responder IKE SPI 3.2.2 Exchange with optional SA payload Kampati. Expires Aug 22, 2019 [Page 5] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 Initiator side new cryptographic suites are added after initial SA creation, So at time of CREATE_CHILD_SA initiator sends SA payload when multiple cryptographic suite, but responder selected previous suits at time of CREATE_CHILD_SA Exchange, so responder MAY send NEW_SPI notification payload instead of SA payload. so initiator need to use old IKE SA negotiated cryptographic suits to new IKE SA. Initiator Responder -------------------------------------------------------------------- HDR, SK {SA, Ni, KEi} --> <-- HDR, SK {N(NEW_SPI), Nr} 3.2.3 Exchange when there is change in responder At time of IKE rekey initiator sends NEW_SPI notification payload instead SA payload when there is no change in initial negotiated cryptographic suite. Responder side there is change in cryptographic suite so responder send NO_PROPOSAL_CHOSEN notification payload to initiator. Initiator need to send new rekey request with SA payload. Initiator Responder -------------------------------------------------------------------- HDR, SK {N(NEW_SPI), Ni, KEi} --> <-- HDR, SK {N(NO_PROPOSAL_CHOSEN), Nr, KEr} HDR, SK {SA, Ni, KEi} --> <-- HDR, SK {SA, Ni, KEi} Kampati. Expires Aug 22, 2019 [Page 6] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 3.3 Exchange without SA and TS payload Child SA REKEY optional SA and TS paylaods, support MUST NOT be used unless both peers have indicated their support for it. The NEW_SPI notification MUST be included in a CREATE_CHILD_SA exchange when there is no SA payload, The New Child SA is created with the SPI values in the NEW_SPI Notify payload. An Rekeying Child SAs with the CREATE_CHILD_SA Exchange exchange with this modification is shown below: Initiator Responder ------------------------------------------------------------------ HDR, SK {N(NEW_SPI), Ni, [KEi,]} --> <-- HDR, SK {N(NEW_SPI), Nr, [KEr,]} The Notify payload is formatted as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID | SPI Size (=4) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Security Parameter Index (SPI) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ o Protocol ID (1 octet) - this field MUST contain either (2) to indicate AH or (3) to indicate ESP. o SPI Size (1 octet) - MUST be 4. o Notify Message Type (2 octets) - MUST be , the value assigned for the NEW_SPI notification. o SPI (variable length) - AH/ESP SPI (4 octets), initiator will send initiator SPI. Responder will send responder SPI 4 Security Considerations TBD Kampati. Expires Aug 22, 2019 [Page 7] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 5 IANA Considerations This document defines two new Notify Message Types in the "Notify Message Types - Status Types" registry. IANA is requested to assign codepoints in this registry. NOTIFY messages: status types Value ---------------------------------------------------------- NEW_SPI TBD IKEV2_REKEY_OPTIONAL_PAYLOAD_SUPPORTED TBD 4. References 4.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2014, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 4.2. Informative References [IPSEC-IOT-REQS] Migault, D., Guggemos, T., and C. Bormann, "Requirements for Diet-ESP the IPsec/ESP protocol for IoT", draft-mglt-6lo-diet- esp-requirements-02 (work in progress), July 2016. Kampati. Expires Aug 22, 2019 [Page 8] Internet-Draft IKEv2 Optional Child SA&TS Payloads Feb 18, 2019 Authors' Addresses Sandeep Kampati Huawei Technologies Divyashree Techno Park, Whitefield Bangalore, Karnataka 560066 India Email: sandeepkampati@huawei.com Kampati. Expires Aug 22, 2019 [Page 9]