1 / 37

Crossing the Styx: Taming the Underworld Using Cerberus and PlutoPlus (ITL’s Contributions in Internet Security)

This book explores the unsolved problems of the 1990s in internet security, including topics such as world peace, drinkable diet cola, and secure communications over an insecure network. It discusses different types of security protection and the network layer at which security should be provided.

maryccarter
Download Presentation

Crossing the Styx: Taming the Underworld Using Cerberus and PlutoPlus (ITL’s Contributions in Internet Security)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Crossing the Styx:Taming the Underworld Using Cerberus and PlutoPlus(ITL’s Contributions in the Area of Internet Security) Sheila Frankel Systems and Network Security Group, ITL

  2. Unsolved Problems of the 1990s • World Peace • A Drinkable Diet Cola • Secure Communications over an Insecure Network

  3. Types of Security Protection • Data Origin Authentication • Connectionless Integrity • Replay Protection • Confidentiality (Encryption) • Traffic Flow Confidentiality

  4. At Which Network Layer Should Security Be Provided? • Application Layer • Transport (Sockets) Layer • Internet Layer

  5. Why Internet Layer Security? • Implement once, in a consistent manner, for multiple applications • Centrally-controlled access policy • Enable multi-level, layered approach to security

  6. Internet Packet Format IP Header Upper Protocol Headers and Packet Data

  7. Authentication Header (AH) • Data origin authentication • Connectionless integrity • Replay protection (optional) • Transport or tunnel mode • Mandatory algorithms: • HMAC-MD5 • HMAC-SHA1 • Other algorithms optional

  8. New IP Header AH Header Old IP Header Upper Protocol Headers and Packet Data Internet Packet Format with AH IP Header AH Header Upper Protocol Headers and Packet Data • Transport Mode • Tunnel Mode

  9. Encapsulating Security Payload (ESP) • Confidentiality • Limited traffic flow confidentiality (tunnel mode only) • Data origin authentication • Connectionless integrity • Replay protection (optional) • Transport or tunnel mode

  10. Encapsulating Security Payload (ESP) (cont’d) • Mandatory algorithms: • DES-CBC • HMAC-MD5 • HMAC-SHA1 • Other algorithms optional

  11. Internet Packet Format with ESP IP Header ESP Header Upper Protocol Headers and Packet Data • Transport Mode New IP Header ESP Header Old IP Header Upper Protocol Headers and Packet Data • Tunnel Mode

  12. Transport vs. Tunnel Mode

  13. Constructs Underlying IP Security • Security Association (SA) • Security Association Database (SAD) • Security Parameter Index (SPI)

  14. Internet Key Exchange (IKE) • Negotiate: • Communication Parameters • Security Features • Authenticate Communicating Peer • Protect Identity • Generate, Exchange, and Establish Keys in a Secure Manner • Delete Security Associations

  15. Internet Key Exchange (IKE) (cont’d) • Threat Mitigation • Denial of Service • Replay • Man in Middle • Perfect Forward Secrecy • Usable by Ipsec and other domains (e.g., private keys for VPNs)

  16. Internet Key Exchange (IKE) (cont’d) • Components: • Internet Security Association and Key Management Protocol (ISAKMP) • Internet Key Exchange (IKE, aka ISAKMP/Oakley) • IP Security Domain of Interpretation (IPsec DOI)

  17. IKE Negotiations - Phase 1 • Purpose: • Establish ISAKMP SA (“Secure Channel”) • Steps (4-6 messages exchanged): • Negotiate Security Parameters • Diffie-Hellman Exchange • Authenticate Identities • Main Mode vs. Aggressive Mode

  18. IKE Negotiations - Phase 2 • Purpose: • Establish IPsec SA • Steps (3-5 messages exchanged): • Negotiate Security Parameters • Optional Diffie-Hellman Exchange • Final Verification • Quick Mode

  19. Socket Layer Protocol Transport Protocols (TCP/UDP) Internet Protocol (IP) Link Layer Protocol IKE Network Placement Application Process DOI Definition Application Protocol IKE Security Protocol (IPsec)

  20. IKE Peer Negotiation Application Application 5 1 IKE Application Space Application Space IKE Kernel Space 4 2 Kernel Space 4 3 3 IPSEC IPSEC 5 Physical Network

  21. Current Status of IPsec • Most documents in Internet-Draft last call, headed for RFC status • IPsec Working Group disbanded • IPsecond Working Group starting up • Multiple implementations (Sun, IBM, Microsoft, DEC, Cisco, Telebit, others) deployed, in beta test, or under development

  22. Current Status of Ipsec (cont’d) • Periodic interoperability/conformance testing using reference implementations • Auto Industry eXchange (ANX) pushing for early deployment • PKI work underway in IETF, industry, government (NIST et. al.)

  23. The IETF’s Direction in IP Security • IETF has mandated use of IPsec and IKE wherever feasible • Testing support needed for emerging implementations • Need publicly-available sites that are willing to provide IPsec testing • Requested at 38th IETF meeting

  24. NIST’s Contributions to IPsec • Cerberus - Linux-based reference implementation of Ipsec • (http://snad.ncsl.nist.gov/cerberus) • PlutoPlus - Linux-based reference implementation of IKE • IPsec-WIT - Web-based IPsec interoperability test facility • (http://ipsec-wit.antd.nist.gov)

  25. NIST’s Contributions to IPsec (cont’d) • Goals: • Enable smaller industry vendors to jump-start their entry into IPsec • Facilitate ongoing interoperability testing of multiple IPsec implementations

  26. IPsec - Missing Pieces • Policy specification and control • Communication with CAs

  27. IPsec Internet Drafts - Basic Documents • IP Security Document Roadmap • (draft-ietf-ipsec-doc-roadmap-02.txt) • Security Architecture for the Internet Protocol (draft-ietf-ipsec-arch-sec-04.txt) • IP Authentication Header • (draft-ietf-ipsec-auth-header-05.txt) • IP Encapsulating Security Payload (ESP) (draft-ietf-ipsec-esp-v2-04.txt)

  28. IPsec Internet Drafts -Authentication Algorithms • The Use of HMAC-MD5-96 within ESP and AH (draft-ietf-ipsec-auth-hmac-md5-96-03.txt) • The Use of HMAC-SHA-1-96 within ESP and AH (draft-ietf-ipsec-auth-hmac-sha1-96-03.txt) • The Use of HMAC-RIPEMD-160-96 within ESP and AH • (draft-ietf-ipsec-auth-hmac-ripemd-160-96-01.txt)

  29. IPsec Internet Drafts -Cryptographic Transforms • The ESP ARCFOUR Algorithm • (draft-ietf-ipsec-ciph-arcfour-00.txt) • The ESP Blowfish-CBC Algorithm Using an Explicit IV • (draft-ietf-ipsec-ciph-blowfish-cbc-00.txt) • The ESP CAST128-CBC Algorithm • (draft-ietf-ipsec-ciph-cast128-cbc-00.txt) • The ESP CAST5-128-CBC Transform • (draft-ietf-ipsec-ciph-cast-div-00.txt)

  30. IPsec Internet Drafts -Cryptographic Transforms (cont’d) • The ESP CBC-Mode Cipher Algorithms • (draft-ietf-ipsec-ciph-cbc-02.txt) • ESP with Cipher Block Chaining (CBC) • (draft-ietf-ipsec-cbc-00.txt) • The ESP DES-CBC Transform • (draft-ietf-ipsec-ciph-des-derived-00.txt) • The ESP DES-CBC Cipher Algorithm With Explicit IV • (draft-ietf-ipsec-ciph-des-expiv-02.txt)

  31. IPsec Internet Drafts -Cryptographic Transforms (cont’d) • The ESP Triple DES Transform • (draft-ietf-ipsec-ciph-des3-00.txt) • The ESP 3DES-CBC Algorithm Using an Explicit IV (draft-ietf-ipsec-ciph-3des-expiv-00.txt) • The ESP DES-XEX3-CBC Transform • (draft-ietf-ipsec-ciph-desx-00.txt) • The ESP IDEA-CBC Algorithm Using Explicit IV (draft-ietf-ipsec-ciph-idea-cbc-00.txt)

  32. IPsec Internet Drafts -Cryptographic Transforms (cont’d) • The ESP RC5-CBC Algorithm • (draft-ietf-ipsec-ciph-rc5-cbc-00.txt) • The NULL Encryption Algorithm and Its Use With Ipsec • (draft-ietf-ipsec-ciph-null-00.txt)

  33. IPsec Internet Drafts -Key Management • Internet Security Association and Key Management Protocol (ISAKMP) • (draft-ietf-ipsec-isakmp-09.txt, .ps) • The OAKLEY Key Determination Protocol • (draft-ietf-ipsec-oakley-02.txt) • The Internet Key Exchange (IKE) • (draft-ietf-ipsec-isakmp-oakley-07.txt)

  34. IPsec Internet Drafts -Key Management (cont’d) • The Internet IP Security Domain of Interpretation for ISAKMP • (draft-ietf-ipsec-ipsec-doi-08.txt) • Inline Keying within the ISAKMP Framework • (draft-ietf-ipsec-inline-isakmp-01.txt)

  35. IPsec Internet Drafts -Additional Key Management Modes • Extended Authentication Within ISAKMP/Oakley • (draft-ietf-ipsec-isakmp-xauth-01.txt) • A GSS-API Authentication Mode for ISAKMP/Oakley • (draft-ietf-ipsec-isakmp-gss-auth-00.txt) • The ISAKMP Configuration Method • (draft-ietf-ipsec-isakmp-mode-cfg-02.txt)

  36. IPsec Internet Drafts -Additional Key Mgmt Modes (cont’d) • A revised encryption mode for ISAKMP/Oakley • (draft-ietf-ipsec-revised-enc-mode-01.txt) • Revised SA negotiation mode for ISAKMP/Oakley • (draft-ietf-ipsec-isakmp-SA-revised-00.txt)

  37. IPsec Internet Drafts -Additional Documents • Implementation of Virtual Private Network (VPNs) with IP Security • (draft-moskowitz-ipsec-vpn-00.txt) • Dynamic remote host configuration over IPSEC using DHCP • (draft-ietf-ipsec-dhcp-00.txt) • IPSec Policy Data Model • (draft-ietf-ipsec-policy-model-00.txt)

More Related