IP Security Working Group

Thirtieth IETF
July 27, 1994

Co-chair: Paul Lambert
Motorola
602-441-3646
Paul_Lambert@email.mot.com

Co-chair: Jim Zmuda
Spyrus
zmuda@spyrus.com

Mailing List: ipsec@ans.net

To Subscribe: ipsec-request@ans.net

Archive: ftp.ans.net:~/pub/archive/ipsec

IP Security (IPSEC) Agenda

Wednesday, July 27, 1994 - Afternoon Session

13:30 Introductions - Review and Approve Agenda
13:40 Review of Charter, Schedule and Baseline Design Agreements
13:50 Brief Review/Discussion of Existing Implementations and Proposals
14:30 Presentation and Discussion on Consolidated IPSP Proposal
15:00 Discussion of Remaining Issues
15:20 Summary - Next Meeting, Review Action Items, Update Schedule
15:30 Adjourn

Description of Working Group

The IPSEC Working Group will develop a security protocol in the network layer to provide cryptographic security services that:

protect client protocols of IP
support combinations of authentication, integrity, access control, and confidentiality services
are independent of the cryptographic algorithm
provide host-to-host security, and subnet-to-subnet and host-to-subnet topologies
provide guidelines to protect the IP suite of protocols (including IPv4 and IPng)
provide an application layer key management protocol (tomorrow's agenda)

Goal and Milestones for IP Security Protocol

Mar 94 Post as an Internet-Draft a preliminary version of the IP Security Protocol. (I-NLSP and swIPe posted as Internet-Drafts)
Mar 94 Review pilot experiments with cryptographic network security. Discuss, debate and refine the framework for IPSP based on pilot experiments. Demonstrate interoperable implementations.
Jul 94 Update the IPSP Internet-Draft. Include preliminary text on labels, "peek-through," and protection of IP suite.
Nov 94 Report on Pilot Implementations of the IP Security Protocol. Update Protocol as needed.
Mar 95 Submit the IP Security Protocol to the IESG for consideration as a Proposed Standard.

IP Security Protocol Environment

Figure 1 (GIF - 16200 bytes)

Examples of IPSP Layering

Figure 2 (GIF - 12200 bytes)

An IPv6 Inspired IPSP Example

Figure 3 (GIF - 13104 bytes)

Baseline IPSP

IPSP security based on "pre-established" Security Association (SA)
Security Association is identified by a SAID that is used to determine:
- cryptographic algorithm
- key to use with algorithm
- formatting of fields related to "security transformation"
- authenticated identity of "peer(s)"
Algorithm independent
Supports IPv4 and IPv6

Existing Network Layer Specifications and Proposals

SP3 (SP3-A, SP3-D, SP3-E)
NLSP (ISO 11577)
I-NLSP (Internet-Draft)
I-NLSP -- (Rob Glenn Draft and code)
swIPe (Internet-Draft and code)
PIP (Internet-Draft)
SIPP Security (Internet-Draft)

swIPe Format

The format of a swIPe packet is:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
    .- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 s H   |  Packet type  | Header length |       Policy Identifier       |
 w e   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 I a   |                     Packet sequence number                    |
 P d   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 e e   /                                                               /
   r   \            Authenticator (optional, variable length)          \
   `-  /                                                               /
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       /                                                               /
       \                                                               \
       /                     Original (inner) packet                   /
       \                                                               \
       /                                                               /
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       /                                                               /
       \                         Padding (optional)                    \
       /                                                               /
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

swIPe Fields

The fields in the swIPe header are:

  Packet  type (8 bits)
    0        Plain encapsulation; Header length should be 1 and
             the Policy identifier should be 1.
    1        Packet is authenticated but not encrypted.
    2        Packet is encrypted; the encryption algorithm may
             provide some authentication (e.g., DES CBC residue).
    3        Packet is both authenticated and encrypted.
    4-15     Unused.

SP3 Protocol Data Unit Format

Figure 4 (GIF - 13964 bytes)

Rob Glenn Proposal

The Packet format was developed with the following in mind.

64-bit word header alignment
fixed-length fields
minimal overhead
IP-like proto field functionality
no sequence numbers

Glenn Proposal - Host to Host Mode Format

                  1            2           3 
      0123 4567 8901 2345 6789 0123 4567 8901
     +----+----+---------+-------------------+  ------------
     |Ver |IHL |  TOS    |  Total Length     |
     +-------------------+--+----------------+
     |    Identifier     |F1| Frag. Offset   |
     +---------+---------+-------------------+
     |   TTL   | Protocol| Header Checksum   |  IPv4
     |         |  (52)   |                   |  Header
     +---------+---------+-------------------+
     |           Source Address              |
     +---------------------------------------+
     |         Destination Address           |
     +---------------------------------------+
     |         Options + Padding             |
     +---------+----+----+-------------------+  ------------
     | Prot    |Ver | F1 |    Length         |
     +---------+----+----+-------------------+  SDT PDU 
     |       SAID        |   Reserved        |  Header
     +-------------------+-------------------+  ------------
     |       Alg_Param  +   D_Length         |
     +-------------------+-------------------+  Protected
     |                                       |  Octet 
     |                 Data                  |  String
     +---------------------------------------+   
     |                Pad + ICV              |
     +---------------------------------------+  ------------

IPSP (L&Z March 94)

  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |      SAID     |    Security Transformation                    /
  |               |    Prepended Information (STAI)               /
  +---------------+                                               +
  /                                                               /
  /                                                               /
  +               +-------------------------------+---------------+
  /               |            Length             |     Next      |
  /               |                               |   Protocol    |
  +-----------------------------------------------+---------------+
  /                                                               /
  /                  Protected Client Data                        /
  +                                                               +
  /                            ...                                /
  /                                                               /
  +               +-----------------------------------------------+
  /               |    Security Transformation                    /
  /               |    Appended Information (STAP)                /
  +---------------+                                               +
  /                                                               /
  /                                                               /
  +---------------------------------------------------------------+

IPSP - July 94!

Approach

Simple Cryptographic Encapsulation Protocol
Support Algorithm Independence by "Bundling" Cryptographic Processing and Field Formats into a "Security Transformation"!
Defer:
- Fragmentation
- Sequence Integrity without Recovery
Include Worked Examples of "Security Transformations" for:
- Confidentiality, Integrity, and Authentication
  (initial recommendation DES-CBC-MD5)
- Confidentiality Only
  (initial recommendation DES-CBC)
- Integrity and Authentication
  (initial recommendation MD5-keyed)
Meet IPng guidelines for word alignment

IPSP Protocol Processing

Transmit Processing

Determine the appropriate Security Association
Prepend the Protocol and Length fields
Perform cryptographic transformation
Prepend SAID

Receive Processing

Determine if SA required
Use Source and Destination Address and SAID to select SA
Perform Transformation indicated in SA info
Pass data to next protocol indicated by IPSP "Next Protocol" field

IPSP Generic Format

  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |           Security Association Identifier (SAID)              | 
  |                                                               |
  +---------------------------------------------------------------+
  /                    Security Transformation                    /
  /                    Prepended Information (STPI)               /
  +---------------+-----------------------------------------------+
  |     Next      |     Length    |        Reserved               |
  |   Protocol    |    of Pad     |                               |
  +---------------------------------------------------------------+
  /                                                               /
  /                  Protected Client Data                        /
  +                  (TCP, UDP, IPv4, IPv6, etc.)                 +
  /                            ...                                /
  /                                                               /
  +               +-----------------------------------------------+
  /               |    Security Transformation                    /
  /               |    Appended Information (STAP)                /
  +---------------+                                               +
  /                                                               /
  /                                                               /
  +---------------------------------------------------------------+

IPSP Format with DES-CBC-MD5

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Security Association Identifier (SAID)              | 
    |                                                               |
    +---------------------------------------------------------------+
    |                    Data Encryption Standard                   |
    |                    Initialization Vector (DES-IV)             |
--- +---------------+---------------+-------------------------------+ ---
 ^  |     Next      |     Length    |        Reserved               |  ^ 
 |  |   Protocol    |    of Pad     |                               |  |
 |  +---------------+---------------+-------------------------------+  E
 |  /                                                               /  n
 M  /                  Protected Client Data                        /  c
 D  +                                                               +  r
 5  /                            ...                                /  y
 |  /                                                               /  p
 |  +                                               +---------------+  t
 |  /                                               /    DES        |  e 
 v  /                                               /    Padding    |  d
--- +-----------------------------------------------+---------------+  |
    |                 MD5 Integrity Check Value                     |  |
    |                (MD5-ICV)                                      |  v
    +---------------------------------------------------------------+ ---

IPSP Issues

Need get protocol number assignment!
Need to determine relationship to SIPP protocol number assignments for security
Clarification of SAID usage for multicast
More documentation
IPng "Auth" functionality
Key Management Attributes

IPSP Action Items

Publish an "IPSP Internet-Draft" (within two months)
Coordinate Interoperable Pilot
- Manual Key Management
- Single "Security Transformation" (DES-CBC-MD5?)
Solicit IPSP Review and Writing
- MD5 based Integrity Only
- Fragmentation
- Security Transformation with Sequence Integrity
- other optional Security Transformations (Public Key Based?)
- Subnet related scenarios
- Implications to ICMP
- other... SAID and multicast