Security Solutions

IPSEC, or secure IP, is the emerging standard for safeguarding Internet-based virtual private networks (VPNs). IPSEC is a family of protocols described in some 17 Internet Engineering Task Force (IETF) draft documents, the most important of which are RFCs 1825 through 1829. A mandatory requirement for a compliant implementation of IPv6, IPSEC defines protocols for authentication, privacy, and data integrity at the IP or kernel level, using two optional IP headers: Authentication Header (AH), which supports authentication and data integrity, and Encapsulating Security Payload (ESP), which insures privacy.

These fundamental protocols were agreed upon in 1995 and tested during 1996. However, agreement lagged on how to establish security associations, agree on encryption algorithms, and exchange public keys. These f unctions are critical for interoperable authentication, authorization, data integrity, and nonrepudiation.

Key management will be an important feature of IPSEC. The X.509 standard defines a format for digital certificates, but it does not say how two nodes can establish a security association and agree on an encryption key for a particular session. Throughout most of last year, debate continued within the IPSEC working group over whether such key management functions should be based on Simple Key Management for Inte rnet Protocols (SKIP), developed by Sun Microsystems, or Internet Security Association and Key Management Protocol (ISAKMP)/Oakley, which has been favored by Cisco Systems.

SKIP is easier to implement and imposes less overhead when a security association is established. In fact, if each host already has the other host's public key certificate, SKIP doesn't have to exchange any packets to establish a shared key for a particular association. The data packet itself will contain enough information for the receiving host to compute the shared key. This can be important where associations are created and destroyed relatively frequently. It's also important when a host reboots, for instance, and has to re-establish all its security associations.

Unfortunately, typical implementations of SKIP do not allow for much negotiation of encryption algorithms, such as Data Encryption Standard (DES) and triple DES, or of other options for insuring data integrity, such as using Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1) hashing techniques. That means that if a node using SKIP cannot decrypt a packet, there is no means within SKIP to recover. Messages typically must be sent outside the protocol to indicate the failure. However, there is no assurance that such messages couldn't be forged, allowing an attacker to disrupt communications.

ISAKMP/Oakley supports more negotiation and is therefore more robust and secure. In the fall of 1996, ISAKMP/Oakley was selected as the basis for the Internet Key Management Protocol (IKMP), the mandatory IPSEC key management protocol. SKIP is now an optional IPSEC protocol. ISAKMP/Oakley and SKIP implementations were tested at an IPSEC "bake-off" in late March. IKMP should go to the IETF in July.