1 / 17

Speaker:ChungYi Wang Advister:Quincy Wu 2007/4/23

RFC 4835 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH). Speaker:ChungYi Wang Advister:Quincy Wu 2007/4/23. Outline. Motivation ESP & AH ESP & AH table Changes from RFC 2402 and RFC 2406 to RFC 4305

lecea
Download Presentation

Speaker:ChungYi Wang Advister:Quincy Wu 2007/4/23

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFC 4835 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) Speaker:ChungYi Wang Advister:Quincy Wu 2007/4/23

  2. Outline • Motivation • ESP & AH • ESP & AH table • Changes from RFC 2402 and RFC 2406 to RFC 4305 • Changes from RFC 4305 • Reference

  3. Motivation • The IPsec series of protocols makes use of various cryptographic algorithms in order to provide security services. • To ensure interoperability between disparate implementations, it is necessary to specify a set of mandatory-to- implement algorithms to ensure that there is at least one algorithm that all implementations will have available.

  4. ESP & AH(1/3) • Encapsulating Security Payload (ESP) • 內容保密 • Authentication Header (AH) • 身分認證,重送確認

  5. ESP & AH(2/3) • AH http://en.wikipedia.org/wiki/IPsec#Encapsulated_Security_Payload_.28ESP.29 IP address, key … Integrity Check Value

  6. ESP & AH(3/3) • ESP http://en.wikipedia.org/wiki/IPsec#Encapsulated_Security_Payload_.28ESP.29

  7. ESP & AH table(1/7)

  8. ESP & AH table(2/7) • SHOULD+ • 未來可能變成MUST • SHOULD- • 未來可能變成MAY • MUST- • 未來可能不再是MUST

  9. ESP & AH table - DES(3/7) • DES (Data Encryption Standard) • small key size(56bits), publicly demonstrated, open-design special-purpose cracking hardware Questionable security for general use • TripleDES • Key size:168 bits • Rounds:48 DES-equivalent rounds http://en.wikipedia.org/wiki/TripleDES

  10. ESP & AH table - AES(4/7) • AES (Advanced Encryption Standard) • NIST 宣佈,於1998 第一次提出,也就是Rijndael • Key Size:128bits, 192bits, 256bits • Block size:128bits • 於軟體和硬體上的運算都很快, 容易實作, 並且不需要太多的記憶體操作。

  11. ESP & AH table - HMAC(5/7) • HMAC (keyed-hash message authentication code) • 利用雜湊函式進行 身分驗證,資料完整性的演算法。 • MD5 • Digest size:128bits • Rounds:4 • SHA-1 • Digest size:128bits • Rounds:80

  12. ESP & AH table - Collision(6/7) • H(x) = H(y) • X 不等於 y • 不同來源卻有相同的認證hash • 如果很不容易找到ㄧ對 x, y, 符合 H(x) = H(y),就是一個強壯的(strong)雜湊函式演算法。

  13. ESP & AH table(7/7)

  14. Changes from RFC 2402 and RFC 2406 to RFC 4305

  15. Changes from RFC 4305

  16. Reference • RFC 4835 • http://www.faqs.org/rfc/rfc4835.txt • IPsec (ESP & AH) • http://en.wikipedia.org/wiki/IPsec#Encapsulated_Security_Payload_.28ESP.29 • DES • http://en.wikipedia.org/wiki/Data_Encryption_Standard • AES • http://en.wikipedia.org/wiki/Advanced_Encryption_Standard • NIST:http://www.commerce.gov/opa/photo/NIST/events.html

  17. Reference • HMAC • http://en.wikipedia.org/wiki/HMAC • Hash collision : http://en.wikipedia.org/wiki/Hash_collision • MD5 • http://en.wikipedia.org/wiki/MD5 • SHA1 • http://en.wikipedia.org/wiki/SHA

More Related