Sierra Wireless IPSec, User Manual

Page: 30 / 32

Rev 2.2 Aug.08 24
B B: IPsec Architecture
Standards of the M2M IPSec Support
Sierra Wireless M2M IPSec supports the following standards:
• RFC 1829 – “The ESP DES ‐ CBC Transform”
• RFC 2401 – “Security Architecture for the Internet
Protocol”
• RFC 2403 – “The Use of HMAC ‐ MD5 ‐ 96 within ESP and
AH”
• RFC 2404 – “The Use of HMAC ‐ SHA ‐ 1 ‐ 96 within ESP and
AH”
• RFC 2405 – “The ESP DES ‐ CBC Cipher Algorithm With
Explicit IV”
• RFC 2406 – “IP Encapsulating Security Payload (ESP)”
• RFC 2410 – “The NULL Encryption Algorithm and Its Use
With IPSec”
• RFC 2451 – “The ESP CBC ‐ Mode Cipher Algorithms”
• RFC 3602 – “The AES ‐ CBC Cipher Algorithm and Its Use
with IPSec” (future enhancement)
Security Algorithms:
1. Internet Key Exchange (IKE)
a. Authentication for IKE Messages (Hashing
Algorithms)
· MD5
· SHA1
b. Exchange Modes Supported in Phase 1 and Phase 2 of
IKE
· Main Mode
· Aggressive Mode
· Quick Mode
· Informational Mode
c. Authentication Methods (used in Phase 1)
· Authentication using pre ‐ shared keys
· Authentication using RSA signatures
d. Oakley Groups: used during Phase 1 to calculate keys
for the IKE Security Association
· First Oakley Group (MODP 768)
· Second Oakley Group (MODP 1024)
· Fifth Oakley Group (MODP 1536)
· MODP 2048 (available, but not currently supported)
· MODP 3072 (available, but not currently supported)