Title: Crossing the Styx: Taming the Underworld Using Cerberus and PlutoPlus ITLs Contributions in the Area
1Crossing the StyxTaming the Underworld Using
Cerberus and PlutoPlus(ITLs Contributions in
the Area of Internet Security)
- Sheila Frankel
- Systems and Network Security Group, ITL
2Unsolved Problems of the 1990s
- World Peace
- A Drinkable Diet Cola
- Secure Communications over an Insecure Network
3Types of Security Protection
- Data Origin Authentication
- Connectionless Integrity
- Replay Protection
- Confidentiality (Encryption)
- Traffic Flow Confidentiality
4At Which Network Layer Should Security Be
Provided?
- Application Layer
- Transport (Sockets) Layer
- Internet Layer
5Why Internet Layer Security?
- Implement once, in a consistent manner, for
multiple applications
- Centrally-controlled access policy
- Enable multi-level, layered approach to security
6Internet Packet Format
IP Header
Upper Protocol Headers and Packet Data
7Authentication Header (AH)
- Data origin authentication
- Connectionless integrity
- Replay protection (optional)
- Transport or tunnel mode
- Mandatory algorithms
- HMAC-MD5
- HMAC-SHA1
- Other algorithms optional
8Internet Packet Format with AH
IP Header
AH Header
Upper Protocol Headers and Packet Data
Transport Mode
Tunnel Mode
9Encapsulating Security Payload (ESP)
- Confidentiality
- Limited traffic flow confidentiality (tunnel mode
only)
- Data origin authentication
- Connectionless integrity
- Replay protection (optional)
- Transport or tunnel mode
10Encapsulating Security Payload (ESP) (contd)
- Mandatory algorithms
- DES-CBC
- HMAC-MD5
- HMAC-SHA1
- Other algorithms optional
11Internet Packet Format with ESP
IP Header
ESP Header
Upper Protocol Headers and Packet Data
Transport Mode
New IP Header
Old IP Header
ESP Header
Upper Protocol Headers and Packet Data
Tunnel Mode
12Transport vs. Tunnel Mode
13Constructs Underlying IP Security
- Security Association (SA)
- Security Association Database (SAD)
- Security Parameter Index (SPI)
14Internet Key Exchange (IKE)
- Negotiate
- Communication Parameters
- Security Features
- Authenticate Communicating Peer
- Protect Identity
- Generate, Exchange, and Establish Keys in a
Secure Manner
- Delete Security Associations
15Internet Key Exchange (IKE) (contd)
- Threat Mitigation
- Denial of Service
- Replay
- Man in Middle
- Perfect Forward Secrecy
- Usable by Ipsec and other domains (e.g., private
keys for VPNs)
16Internet Key Exchange (IKE) (contd)
- Components
- Internet Security Association and Key Management
Protocol (ISAKMP)
- Internet Key Exchange (IKE, aka ISAKMP/Oakley)
- IP Security Domain of Interpretation (IPsec DOI)
17IKE Negotiations - Phase 1
- Purpose
- Establish ISAKMP SA (Secure Channel)
- Steps (4-6 messages exchanged)
- Negotiate Security Parameters
- Diffie-Hellman Exchange
- Authenticate Identities
- Main Mode vs. Aggressive Mode
18IKE Negotiations - Phase 2
- Purpose
- Establish IPsec SA
- Steps (3-5 messages exchanged)
- Negotiate Security Parameters
- Optional Diffie-Hellman Exchange
- Final Verification
- Quick Mode
19IKE Network Placement
Application Process
DOI Definition
Application Protocol
IKE
Security Protocol (IPsec)
20IKE Peer Negotiation
Application
Application
5
1
IKE
Application Space
Application Space
IKE
Kernel Space
4
2
Kernel Space
4
3
3
IPSEC
IPSEC
5
Physical Network
21Current Status of IPsec
- Most documents in Internet-Draft last call,
headed for RFC status
- IPsec Working Group disbanded
- IPsecond Working Group starting up
- Multiple implementations (Sun, IBM, Microsoft,
DEC, Cisco, Telebit, others) deployed, in beta
test, or under development
22Current Status of Ipsec (contd)
- Periodic interoperability/conformance testing
using reference implementations
- Auto Industry eXchange (ANX) pushing for early
deployment
- PKI work underway in IETF, industry, government
(NIST et. al.)
23The IETFs Direction in IP Security
- IETF has mandated use of IPsec and IKE wherever
feasible
- Testing support needed for emerging
implementations
- Need publicly-available sites that are willing to
provide IPsec testing
- Requested at 38th IETF meeting
24NISTs Contributions to IPsec
- Cerberus - Linux-based reference implementation
of Ipsec
- (http//snad.ncsl.nist.gov/cerberus)
- PlutoPlus - Linux-based reference implementation
of IKE
- IPsec-WIT - Web-based IPsec interoperability test
facility
- (http//ipsec-wit.antd.nist.gov)
25NISTs Contributions to IPsec (contd)
- Goals
- Enable smaller industry vendors to jump-start
their entry into IPsec
- Facilitate ongoing interoperability testing of
multiple IPsec implementations
26IPsec - Missing Pieces
- Policy specification and control
- Communication with CAs
27IPsec Internet Drafts - Basic Documents
- IP Security Document Roadmap
- (draft-ietf-ipsec-doc-roadmap-02.txt)
- Security Architecture for the Internet Protocol
(draft-ietf-ipsec-arch-sec-04.txt)
- IP Authentication Header
- (draft-ietf-ipsec-auth-header-05.txt)
- IP Encapsulating Security Payload (ESP)
(draft-ietf-ipsec-esp-v2-04.txt)
28IPsec Internet Drafts - Authentication
Algorithms
- The Use of HMAC-MD5-96 within ESP and AH
(draft-ietf-ipsec-auth-hmac-md5-96-03.txt)
- The Use of HMAC-SHA-1-96 within ESP and AH
(draft-ietf-ipsec-auth-hmac-sha1-96-03.txt)
- The Use of HMAC-RIPEMD-160-96 within ESP and AH
- (draft-ietf-ipsec-auth-hmac-ripemd-160-96-01.txt)
29IPsec Internet Drafts -Cryptographic Transforms
- The ESP ARCFOUR Algorithm
- (draft-ietf-ipsec-ciph-arcfour-00.txt)
- The ESP Blowfish-CBC Algorithm Using an Explicit
IV
- (draft-ietf-ipsec-ciph-blowfish-cbc-00.txt)
- The ESP CAST128-CBC Algorithm
- (draft-ietf-ipsec-ciph-cast128-cbc-00.txt)
- The ESP CAST5-128-CBC Transform
- (draft-ietf-ipsec-ciph-cast-div-00.txt)
30IPsec Internet Drafts - Cryptographic Transforms
(contd)
- The ESP CBC-Mode Cipher Algorithms
- (draft-ietf-ipsec-ciph-cbc-02.txt)
- ESP with Cipher Block Chaining (CBC)
- (draft-ietf-ipsec-cbc-00.txt)
- The ESP DES-CBC Transform
- (draft-ietf-ipsec-ciph-des-derived-00.txt)
- The ESP DES-CBC Cipher Algorithm With Explicit
IV
- (draft-ietf-ipsec-ciph-des-expiv-02.txt)
31IPsec Internet Drafts - Cryptographic Transforms
(contd)
- The ESP Triple DES Transform
- (draft-ietf-ipsec-ciph-des3-00.txt)
- The ESP 3DES-CBC Algorithm Using an Explicit IV
(draft-ietf-ipsec-ciph-3des-expiv-00.txt)
- The ESP DES-XEX3-CBC Transform
- (draft-ietf-ipsec-ciph-desx-00.txt)
- The ESP IDEA-CBC Algorithm Using Explicit IV
(draft-ietf-ipsec-ciph-idea-cbc-00.txt)
32IPsec Internet Drafts - Cryptographic Transforms
(contd)
- The ESP RC5-CBC Algorithm
- (draft-ietf-ipsec-ciph-rc5-cbc-00.txt)
- The NULL Encryption Algorithm and Its Use With
Ipsec
- (draft-ietf-ipsec-ciph-null-00.txt)
33IPsec Internet Drafts -Key Management
- Internet Security Association and Key Management
Protocol (ISAKMP)
- (draft-ietf-ipsec-isakmp-09.txt, .ps)
- The OAKLEY Key Determination Protocol
- (draft-ietf-ipsec-oakley-02.txt)
- The Internet Key Exchange (IKE)
- (draft-ietf-ipsec-isakmp-oakley-07.txt)
34IPsec Internet Drafts - Key Management (contd)
- The Internet IP Security Domain of Interpretation
for ISAKMP
- (draft-ietf-ipsec-ipsec-doi-08.txt)
- Inline Keying within the ISAKMP Framework
- (draft-ietf-ipsec-inline-isakmp-01.txt)
35IPsec Internet Drafts -Additional Key Management
Modes
- Extended Authentication Within ISAKMP/Oakley
- (draft-ietf-ipsec-isakmp-xauth-01.txt)
- A GSS-API Authentication Mode for ISAKMP/Oakley
- (draft-ietf-ipsec-isakmp-gss-auth-00.txt)
- The ISAKMP Configuration Method
- (draft-ietf-ipsec-isakmp-mode-cfg-02.txt)
36IPsec Internet Drafts - Additional Key Mgmt
Modes (contd)
- A revised encryption mode for ISAKMP/Oakley
- (draft-ietf-ipsec-revised-enc-mode-01.txt)
- Revised SA negotiation mode for ISAKMP/Oakley
- (draft-ietf-ipsec-isakmp-SA-revised-00.txt)
37IPsec Internet Drafts -Additional Documents
- Implementation of Virtual Private Network (VPNs)
with IP Security
- (draft-moskowitz-ipsec-vpn-00.txt)
- Dynamic remote host configuration over IPSEC
using DHCP
- (draft-ietf-ipsec-dhcp-00.txt)
- IPSec Policy Data Model
- (draft-ietf-ipsec-policy-model-00.txt)