In Shot:
In cryptography, forward secrecy (also known as perfect forward secrecy or PFS) is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. The key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data is derived from some other keying material, then that material must not be used to derive any more keys.
In this way, compromise of a single key permits access only to data protected by that single key.
Explanation:
A public-key system demonstrates a property referred to as perfect forward secrecy when it:
generates random public keys per session for the purposes of key agreement, and does not use any sort of deterministic algorithm in doing so.
This means that the compromise of one message cannot lead to the compromise of others, and also that there is not a single secret value which can lead to the compromise of multiple messages.
Forward secrecy is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations. However, forward secrecy (including perfect forward secrecy) cannot defend against a successful cryptanalysis of the underlying ciphers being used, since a cryptanalysis consists of finding a way to decrypt an encrypted message without the key, and forward secrecy only protects keys, not the ciphers themselves.
A patient attacker can capture a conversation whose confidentiality is protected through the use of public-key cryptography and wait until the underlying cipher is broken (e.g. large quantum computers could be created which allow the discrete logarithm problem to be computed quickly). This would allow the recovery of old plaintexts even in a system employing forward secrecy. It should be noted that such attacks are purely theoretical.
Forward secrecy is an optional feature in IPsec
Use: Forward secrecy is seen as an important security feature by several large Internet information providers.
On the Aruba controller:
Yes, we do support PFS setting on the IPSEC tunnel creation and formation. But by default it will be disabled on the Aruba controller.
If you enable Perfect Forward Secrecy (PFS) mode, new session keys are not derived from previously used session keys. Therefore, if a key is compromised, that compromised key will not affect any previous session keys. To enable this feature, specify one of the following Perfect
Forward Secrecy modes:
group1 : 768-bit Diffie Hellman prime modulus group.
group2: 1024-bit Diffie Hellman prime modulus group.
group14: 2048-bit Diffie Hellman prime modulus group.
group19: 256-bit random Diffie Hellman ECP modulus group. (For IKEv2 only)
group20: 384-bit random Diffie Hellman ECP modulus group. (For IKEv2 only)
Range:
group1
group2
group19
group20
How to check PFS is enabeld or disabled:
(Aruba7210) #show crypto-local ipsec-map
Crypto Map Template"test" 100
IKE Version: 1
IKEv1 Policy: All
Security association lifetime seconds : [300 -86400]
Security association lifetime kilobytes: N/A
PFS (Y/N): N <-- PFS is disabled here
Transform sets={ default-transform }
Peer gateway: 0.0.0.0
Interface: VLAN 0
Source network: 0.0.0.0/0.0.0.0
Destination network: 0.0.0.0/0.0.0.0
Pre-Connect (Y/N): N
Tunnel Trusted (Y/N): N
Forced NAT-T (Y/N): N
How to enable PFS for IPSEC tunnel:
(Aruba7210) #configure terminal
(Aruba7210) (config) #crypto-local ipsec-map test 100
(Aruba7210) (config-ipsec-map)# set pfs
Note: If we decide to enable PFS(As a additional Security for IPSEC tunnel), then we need to enable it on both the end(Initiator and Responder).