June 17, 2004, Cipher, July 17, 2004 Russ Housley and Karen Seo wrote
IETF Updates IP Security Protocol (IPsec)

by Russ Housley, Vigil Security, LLC
and Karen Seo, BBN Technologies

The IP Security Protocol (IPsec) provides cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, detection and rejection of replays (a form of partial sequence integrity), confidentiality (via encryption), and limited traffic flow confidentiality. These services are provided at the IP layer, offering protection for all protocols that may be carried over IP in a standard fashion (including IP itself). The protection offered by IPsec is achieved by using one or both of the data protection protocols (AH and ESP). Data protection requirements are defined in the Security Policy Database (SPD). IPsec assumes use of version 2 of the Internet Key Exchange protocol, IKEv2, but a key and security association (SA) management system with comparable features can be used instead.

The principal current IPsec RFCs (RFC 2401 (IPsec Architecture), RFC 2402 (AH), RFC 2406 (ESP), and RFC 2409 (IKE)) were completed in November 1998. During the following 3 years, the community gained implementation and operational experience. In 2001, this real world experience, increased network speeds, and technology advances such as multicast, motivated the IPsec Working Group to begin updating the IPsec specifications. Numerous issues that required resolution were debated, including the best ways to provide support for multicast in AH and ESP, counter mode, NAT, and firewall traversal. The revised specifications include:

The IPsec Architecture specification - The revised version, commonly called "2401bis", is an Internet Draft. A small number of issues are still being debated, but the IPsec working group has reached consensus on most items. The revised specification should reach the final stages of IETF approvals this summer. The processing model has been changed to include a separation between forwarding (routing) and SPD selection, and the addition of an outbound SPD cache and an inbound SPD cache for bypassed or discarded traffic. SPD entries were redefined to provide more flexibility and to more closely align with the policies that can be negotiated by IKEv2. Handling of ICMP messages, fragments, and multicast traffic was updated. The IPv6 mobility header has been added as a possible Next Layer Protocol and the IPv6 mobility header message type has been added as a selector. Support for AH in both IPv4 and IPv6 and for nested SAs and 'SA bundles' is no longer required. The revised specification is expected to address new IPsec scenarios, provide improved performance and be simpler to implement.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-rfc2401bis-02.txt

The IP Encapsulating Security Payload (ESP) specification - The revised version is an Internet Draft that is currently in the last stages of the IETF approval process. While the updated ESP specification is further in the review and approval process than 2401bis, due to dependencies between the two documents, both documents will become RFCs at the same time. Support for cryptographic modes that provide both confidentiality and integrity has been added. There is a new option for a 64-bit sequence number for very high-speed communications. Multicast support has been updated. Dummy packets and a new padding option have been added for improved traffic flow confidentiality. References to mandatory algorithms have been moved to a separate document.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-v3-08.txt

The IP Authentication Header (AH) specification - The revised version is an Internet Draft that is currently in the last stages of the IETF approval process. While the updated AH specification is further in the review and approval process than 2401bis, due to dependencies between the two documents, both documents will become RFCs at the same time. There is a new option for a 64-bit sequence number for very high-speed communications. Multicast support has been updated. References to mandatory algorithms have been moved to a separate document.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-rfc2402bis-07.txt

The Internet Key Exchange (IKEv2) Protocol specification - The revised version is an Internet Draft that is currently in the last stages of the IETF approval process. The entire IKE protocol will be in a single document, replacing RFCs 2407, 2408, and 2409. IKEv2 is much simpler than IKEv1, yet IKEv2 improves security and includes support for NAT Traversal, Extended Authentication, and Remote Address acquisition. A small number of issues are still being debated, but the IPsec working group has reached consensus on most items. Despite the protocol name, much of IKE is devoted to non-cryptographic aspects of security association management. IKE provides peer entity authentication. It performs an ephemeral Diffie-Hellman key exchange, and then derives keys from the resulting shared secret that are used to protect subsequent IKE traffic as well as user traffic between a pair of IPsec peers. It negotiates parameters that define each security association between these peers, including the type of traffic to be carried and the SA lifetime. IKEv2 maintains the IKEv1 syntax and magic numbers to the extent possible, allowing IKEv1 implementations to be enhanced to support IKEv2 with minimum effort. References to mandatory algorithms have been moved to a separate document, and human readable labels have been assigned to frequently used suites of cryptographic algorithms to reduce the configuration burden on administrators.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-13.txt

For more information, contact Karen Seo (kseo@bbn.com) or Russ Housley (housley@vigilsec.com).

"Simple passwords no longer suffice"
June 1, 2004, Associated Press
"In perilous online world, complex passwords needed"
Hilarie Orman wrote: This AP article describes a Swedish bank's use of one-time passwords, ala Phil Karn's SKEY software of many years ago. Several experts weigh in this weighty subject, noting that it is difficult to remember passwords.

http://www.msnbc.msn.com/id/5112838/