A cryptographic tour of the IPsec standards

In this article, we provide an overview of cryptography and cryptographic key management as they are specified in IPsec, a popular suite of standards for providing communications security and network access control for Internet communications. We focus on the latest generation of the IPsec standards, recently published as Request for Comments 4301-4309 by the Internet Engineering Task Force, and how they have evolved from earlier versions of the standards.

[1]  Stephen T. Kent,et al.  Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP) , 2005, RFC.

[2]  Paul E. Hoffman,et al.  The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE) , 2004, RFC.

[3]  Paul E. Hoffman,et al.  Cryptographic Suites for IPsec , 2005, RFC.

[4]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[5]  Jonathan Katz,et al.  Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation , 2000, FSE.

[6]  Stephen T. Kent,et al.  The NULL Encryption Algorithm and Its Use With IPsec , 1998, RFC.

[7]  Vishwas Manral,et al.  Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) , 2005, RFC.

[8]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[9]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[10]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[11]  Jeffrey I. Schiller,et al.  Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) , 2005, RFC.

[12]  Angela Orebaugh,et al.  Guide to IPsec VPNs , 2005 .

[13]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[14]  Donald E. Eastlake rd Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) , 2005 .

[15]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[16]  Dan Harkins,et al.  Design Rationale for IKEv2 , 2002 .

[17]  Kenneth G. Paterson,et al.  Cryptography in Theory and Practice: The Case of Encryption in IPsec , 2006, EUROCRYPT.

[18]  Sheila Frankel,et al.  The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec , 2003, RFC.

[19]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[20]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[21]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[22]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[23]  Cheryl Madson,et al.  The Use of HMAC-SHA-1-96 within ESP and AH , 1998, RFC.

[24]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[25]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[26]  Serge Vaudenay,et al.  Password Interception in a SSL/TLS Channel , 2003, CRYPTO.

[27]  Steven M. Bellovin,et al.  Problem Areas for the IP Security Protocols , 1996, USENIX Security Symposium.

[28]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[29]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[30]  Tero Kivinen,et al.  More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) , 2003, RFC.

[31]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[32]  Bruce Schneier,et al.  A Cryptographic Evaluation of IPsec , 1999 .

[33]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[34]  Derrell Piper,et al.  The Internet IP Security Domain of Interpretation for ISAKMP , 1998, RFC.

[35]  Rob Adams,et al.  The ESP CBC-Mode Cipher Algorithms , 1998, RFC.

[36]  Hugo Krawczyk,et al.  Security Analysis of IKE's Signature-Based Key-Exchange Protocol , 2002, CRYPTO.

[37]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[38]  Sheila Frankel,et al.  The AES-CBC Cipher Algorithm and Its Use with IPsec , 2003, RFC.

[39]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[40]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[41]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) , 2004, RFC.

[42]  Cheryl Madson,et al.  The ESP DES-CBC Cipher Algorithm With Explicit IV , 1998, RFC.

[43]  Shiho Moriai,et al.  The Camellia Cipher Algorithm and Its Use With IPsec , 2005, RFC.

[44]  Cheryl Madson,et al.  The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[45]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[46]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[47]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[48]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[49]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[50]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[51]  Mihir Bellare,et al.  Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography , 2000, ASIACRYPT.

[52]  Angelos D. Keromytis,et al.  The Use of HMAC-RIPEMD-160-96 within ESP and AH , 2000, RFC.

[53]  Deepinder P. Sidhu,et al.  Initialization vector attacks on the IPsec protocol suite , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[54]  Naganand Doraswamy,et al.  Ipsec: the new security standard for the internet , 1999 .