[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: "Chen, David" <dchen@ellacoya.com>
Subject: Re: IPSEC Security Gateways & NAT
From: Derek Atkins <warlord@mit.edu>
Date: 13 Jun 2001 18:14:07 -0400
Cc: "'jshukla'" <jshukla@earthlink.net>, ipsec@lists.tislabs.com
In-Reply-To: "Chen, David"'s message of "Wed, 13 Jun 2001 14:59:45 -0400"
References: <85D31AAF3DFCD4119C44000102C009707DD767@mail.ellacoya.com>
Sender: owner-ipsec@lists.tislabs.com

"Chen, David" <dchen@ellacoya.com> writes:

> Agree, it seems a good idea to abolish pre-shared key in IKE.
> (then, no NAPT issue)
>  
> However, the pre-shared key's advantage is more effective to
> against DOS attack comparing to "generating prime numbers" or 
> "check certificate revocation".

One does not have to get rid of pre-shared keys or DoS protection in
order to "fix" this particular problem with IKE.  Radia Perlman, in a
recent paper she sent to me (if you want a copy, send her mail at
radia.perlman@sun.com), points out this flaw (and a number of others)
and proposes the following change to fix it: Instead of encrypting
messages 5 and 6 in a key derived from both DH and the Shared Secret,
use a key derived solely from the DH agreement.  Within messages 5 and
6 you already prove knowledge of the shared secret.  Note that the
responder would also have to send it's identity in message 4.

This small change provides:

	a) better identity usage (you're not limited to the source IP
	   address)

	b) better identity protection (because you're not limited to
	   the source IP, you can actually HIDE the identities from
	   passive eavesdroppers)

	c) The shared secret isn't used until both endpoints know
	   their peer's identity.

	d) Will let us go through NAT :)

> As for ESPoUDP, it seams able to traverse NAPT device as long as it is not
> AH tunnel mode that protects the tunnel header (but it does not have ESP
> anyway).

This is why it's ESPoUDP, not AHoUDP ;)

> Although, it still does not fix the QoS issue.
> If ESPoUDP(500) can expand to ESPoTCP(500)(less secure) and copy the
> inner TOS value to the outer IP, it will be more popular?

Um, you're still confused.  The whole point of using UDP is to give
the NAT box paramters to map initiator<->responder.  ESPoTCP makes no
sense.  ESP is a packet-oriented protocol, whereas TCP is a
stream-oriented protocol.  Where is the ESP 'SYN' in order to setup
the connection?

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

RE: IPSEC Security Gateways & NAT

From: "Chen, David" <dchen@ellacoya.com>

Prev by Date: RE: MTU and IPSec VPN's
Next by Date: Re: IPSEC Security Gateways & NAT
Prev by thread: RE: IPSEC Security Gateways & NAT
Next by thread: RE: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread