Diet-ESP: A flexible and compressed format for IPsec/ESP

Similar documents
Network Security: IPsec. Tuomas Aura

Some optimizations can be done because of this selection of supported features. Those optimizations are specifically pointed out below.

July 2, Diet-IPsec: Requirements for new IPsec/ESP protocols according to IoT use cases draft-mglt-ipsecme-diet-esp-requirements-00.

Geneve Header Authentication and Encryption Option

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

July 3, Diet-IPsec: ESP Payload Compression of IPv6 / UDP / TCP / UDP-Lite draft-mglt-ipsecme-diet-esp-payload-compression-00.

The IPsec protocols. Overview

Cryptography and Network Security. Sixth Edition by William Stallings

Internet Engineering Task Force (IETF) Request for Comments: 7791 Category: Standards Track. March 2016

IP Security. Have a range of application specific security mechanisms

IPSec. Overview. Overview. Levente Buttyán

Firewalls, Tunnels, and Network Intrusion Detection

Internet Engineering Task Force (IETF) Request for Comments: ISSN: Check Point P. Eronen Independent September 2010

Virtual Private Network

Lecture 13 Page 1. Lecture 13 Page 3

CSCE 715: Network Systems Security

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Auto Discovery VPN Protocol

Secure RTP Library API Documentation. David A. McGrew Cisco Systems, Inc.

Internet security and privacy

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Compression of IPsec AH and ESP Headers for Constrained Environments dra%-raza-6lo-ipsec-04

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov- Dec 2012

Lecture 12 Page 1. Lecture 12 Page 3

IP Security IK2218/EP2120

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

IPsec and Secure VPNs

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

4 Network Access Control 4.1 IPsec Network Security Encapsulated security payload (ESP) 4.2 Internet Key Exchange (IKE)

CSC 6575: Internet Security Fall 2017

Network Security IN2101

Internet Engineering Task Force (IETF) Category: Informational March 2016 ISSN:

Chapter 6/8. IP Security

Network Security (NetSec) IN2101 WS 16/17

Chapter 11 The IPSec Security Architecture for the Internet Protocol

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Sample excerpt. Virtual Private Networks. Contents

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Lithe: Lightweight Secure CoAP for the Internet of Things

The IPSec Security Architecture for the Internet Protocol

Time Synchronization Security using IPsec and MACsec

IPv6 Protocol. Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer Cisco Systems, Inc.

Protocol Support for High Availability of IKEv2/IPsec

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Configuring IKEv2 Fragmentation

Category: Informational. F. Baboescu Broadcom Corporation B. Weis. Cisco. September 2015

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Lithe: Lightweight Secure CoAP for the Internet of Things

Introduction to IPsec. Charlie Kaufman

8. Network Layer Contents

SFO17-406: IPsec Full Offload Support in OpenDataPlane. Bill Fischofer

Network Working Group. Siemens Networks GmbH & Co KG February Online Certificate Status Protocol (OCSP) Extensions to IKEv2

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Crypto Templates. Crypto Template Parameters

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

IBM i Version 7.2. Security Virtual Private Networking IBM

IPSec Network Applications

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

HIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson

Category: Standards Track Microsoft V. Volpe Cisco Systems L. DiBurro Nortel Networks M. Stenberg January 2005

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

CSE509: (Intro to) Systems Security

Advanced IKEv2 Protocol Jay Young, CCIE - Technical Leader, Services. Session: BRKSEC-3001

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

Enabling Multicast IPsec for Internet of Things

THE LIBRESWAN PROJECT

Chapter 5: Network Layer Security

COSC4377. Chapter 8 roadmap

Network Working Group Request for Comments: 4718 Category: Informational VPN Consortium October 2006

Network Working Group Request for Comments: Nokia Research Center F. Dupont GET/ENST Bretagne June 2004

IPSec Transform Set Configuration Mode Commands

Design Universal Security Scheme for Broadband Router

Use of IPSec in Mobile IP

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

Virtual Tunnel Interface

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Network Encryption 3 4/20/17

TheGreenBow IPsec VPN Client. Configuration Guide STORMSHIELD. Website: Contact:

Securing Network Traffic Tunneled Over Kernel managed TCP/UDP sockets

Virtual Private Networks (VPN)

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

Lecture 9: Network Level Security IPSec

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

IPSec Transform Set Configuration Mode Commands

draft-ietf-ipsec-nat-t-ike-00.txt W. Dixon, B. Swander Microsoft V. Volpe Cisco Systems L. DiBurro Nortel Networks 10 June 2001

IP Security Protocol Working Group (IPSEC) draft-ietf-ipsec-nat-t-ike-03.txt. B. Swander Microsoft V. Volpe Cisco Systems 24 June 2002

show crypto group summary, page 1 show crypto ikev2-ikesa security-associations summary spi, page 2

Parallelizing IPsec: switching SMP to On is not even half the way

Software-Defined Networking (SDN)-based IPsec Flow Protection (draft-ietf-i2nsf-sdn-ipsec-flow-protection-00)

Internet Engineering Task Force (IETF) Request for Comments: Independent September An Extension for EAP-Only Authentication in IKEv2

draft-ietf-ipsec-nat-t-ike-01.txt W. Dixon, B. Swander Microsoft V. Volpe Cisco Systems L. DiBurro Nortel Networks 23 October 2001

Flexible Dynamic Mesh VPN draft-detienne-dmvpn-00

IPsec NAT Transparency

Transcription:

unrestricted Diet-ESP: A flexible and compressed format for IPsec/ESP draft-mglt-ipsecme-diet-esp-01.txt D. Migault, T. Guggemos 25/02/2014- IETF89- London

Table of Contents Securing IoT communications IPsec / ESP Diet-ESP Use Cases Diet-ESP vs. ESP Conclusion mglt.ietf@gmail.com, tobias.guggemos@gmail.com 1 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Securing IoT communications IPsec is not widely used to secure Applications: No API to setup IPsec (Kernel specific) Applications don t want to trust the OS Security overhead as computed on each IP packet (D)TLS is widely used to secure Applications: Common used APIs Application just embed the library Security overhead is computed on application payload mglt.ietf@gmail.com, tobias.guggemos@gmail.com 2 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Securing IoT communications The IoT context: Sending data is very expensive (10-100 times higher than computation) Highly specialized device (OS + application) Developer specifies (or knows) the system Small Data usually fits in on IP frame IPsec can be used like a tiny Firewall, providing a secure environment for all applications Overhead for X byte data with UDP (Security-Header + 8 bytes UDP header) Packet Overhead IPsec/ESP DTLS Diet-ESP 6LoWPAN DTLS 10 + 8 bytes 13 + 8 bytes 6LoWPAN DTLS+UDP 0 + 0 bytes 8 + 8 bytes 8 + 3 bytes mglt.ietf@gmail.com, tobias.guggemos@gmail.com 3 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

IPsec / ESP 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Security Parameters Index (SPI) ^Int. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cov- Sequence Number ered +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload Data* (variable) ^ ~ ~ Conf. + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cov- Padding (0-255 bytes) ered* +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Pad Length Next Header v v +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Integrity Check Value-ICV (variable) ~ ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ mglt.ietf@gmail.com, tobias.guggemos@gmail.com 4 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

IPsec / ESP 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Security Parameters Index (SPI) ^Int. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cov- Sequence Number ered +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload Data* (variable) ^ ~ ~ Conf. + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cov- Padding (0-255 bytes) ered* +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Pad Length Next Header v v +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Integrity Check Value-ICV (variable) ~ ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Diet-ESP context for compression definition: 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + + + + + + + + + + + + + + + + + SPI SIZE SN SIZE NH P ALIGN TH IH ICV X + + + + + + + + + + + + + + + + + mglt.ietf@gmail.com, tobias.guggemos@gmail.com 5 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Diet-ESP context The Diet-ESP context for compression definition: 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + + + + + + + + + + + + + + + + + SPI SIZE SN SIZE NH P ALIGN TH IH ICV X + + + + + + + + + + + + + + + + + SPI SIZE: Size of the SPI in the Diet-ESP-Header. SN SIZE: Size of the SN in the Diet-ESP-Header. NH: Next Header in the Diet-ESP-Trailer. P: Padding Length and Padding in the Diet-ESP-Trailer. ALIGN: necessary packet alignment (1, 2, 4 byte). TH: Transport Header in the Diet-ESP-payload. IH: IP Header in the Diet-ESP-payload (for TUNNEL). ICV: Size of the Diet-ESP-ICV. mglt.ietf@gmail.com, tobias.guggemos@gmail.com 6 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Sending X byte of data every Y time. 1 application (fixed ports, specified in Traffic Selector) no Next Header / no UDP-Header 8 bit alignment or aligned application data no Padding / no Pad Length 1 IP connection no SPI 1 packet per minute, no replay risk no SN mglt.ietf@gmail.com, tobias.guggemos@gmail.com 7 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Receiving X byte of data 1 application (fixed ports, specified in Traffic Selector) no Next Header / no UDP-Header 8 bit alignment or aligned application data no Padding / no Pad Length multiple Senders with different IPs no SPI some packets per day, replay risk 1-2 byte SN mglt.ietf@gmail.com, tobias.guggemos@gmail.com 8 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Diet-ESP vs. ESP Impact on ESP ESP-header (compressed / removed fields) Encrypted ESP-payload (removed fields) ESP-ICV (compressed field) Impact on IPsec (eventually): SAD Lookup (variable SPI, no SPI) How can we make this an ESP extension? Diet-ESP Context is negotiated during IKE_AUTH exchange Modifications applies to the negotiated SA. mglt.ietf@gmail.com, tobias.guggemos@gmail.com 9 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Negotiation with IKEv2 Initiator Responder 1) HDR, SAi1, KEi, Ni > < HDR, SAr1, KEr, Nr 2) HDR, SK { IDi, [CERT,] AUTH, SAi2, TSi, TSr, N(DIET_ESP_SUPPORTED [CTX_1, CTX_2, CTX_3, ANY])} > < HDR, SK { IDr, [CERT,] AUTH, SAr2, TSi, TSr, N(DIET_ESP_SUPPORTED [CTX_2])} mglt.ietf@gmail.com, tobias.guggemos@gmail.com 10 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Security Considerations Reducing/Removing the SPI Regular SAD-Lookup Limiting number of possible connection on the gateway. Modified the SAD-Lookup higher effort to identify SA DoS-vulnerability Reducing/Removing the SN Prevents/Downgrade anti-replay-protection Can we use ESN mechanism without sending the all lower 32 bit on the wire? Reducing the ICV Reducing level of Security, provided by the MAC algorithm. mglt.ietf@gmail.com, tobias.guggemos@gmail.com 11 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Accomplished Work / Next Steps Accomplished Work: Development Demonstration in Python (ca. 400 lines of code) Rudimentarily Contiki implementation based on the ESP implementation of Vilhelm Jutvik less than 100 lines of code patches Start performance measurements Next Step: Deployment on Excelyo Alternate Algorithm (Encryption / Authentication) IV reduction mglt.ietf@gmail.com, tobias.guggemos@gmail.com 12 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Thank you for your attention Looking for a PhD tobias.guggemos@gmail.com mglt.ietf@gmail.com, tobias.guggemos@gmail.com 13 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

SAD Lookup The SPI size is unknown for incoming packets. >The lookup for incoming ESP packets, has to be changed: Naive implementation: one lookup for each supported SPI_SIZE (in general 5) perform 5 lookups based on IP_D, IP_S, SPI if more than one SA fits: authenticate with all found keys use the SA with the fitting key > DoS vulnerability mglt.ietf@gmail.com, tobias.guggemos@gmail.com 14 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

SAD Lookup Solution: Forbid overlapping SPIs for one IP_D IP_S combiniation Impossible for Mobile IP 2 possibilities: code the SPI size in the SPI field (1-4 byte) has to be included to the SA negotiation impossible for 0 SPI reduces SPI range IP address based lookup mglt.ietf@gmail.com, tobias.guggemos@gmail.com 15 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

IP address based lookup + + START + + V + + find 1st SA to IP address + + + V V yes / \ + + + / SPI_SIZE \ / > \ = 0? / / SAD \ / / + + no / V / + + / find 1st SA to / SPI +IP address + + V + + Diet-ESP packet + > procession + + mglt.ietf@gmail.com, tobias.guggemos@gmail.com 16 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Compression Possible compression: ESP-header: 8 byte > 0 byte ESP-trailer: 2 (+ PADDING) byte > 0 byte ESP-payload: Transport Mode UDP: 8 byte > 0 byte Tunnel Mode IPv4: 20 byte > 0 byte Tunnel Mode IPv6: 40 byte > 0 byte Tunnel Mode 6LoWPAN: 2-42 byte > 1 byte mglt.ietf@gmail.com, tobias.guggemos@gmail.com 17 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

Compression How is that possible? Most informations are already stored in the Traffic Selectors: IPsec mode IP addresses Transport protocol Transport protocol ports (cannot be a range) only the mapping is difficult: reduced interoperability > but in general, sensors have exactly ONE function Application Developer knows the intended use > he can specify the possible compression mglt.ietf@gmail.com, tobias.guggemos@gmail.com 18 draft-mglt-ipsecme-diet-esp-01.txt- IETF89, 25/02/2014

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback