170 likes | 292 Views
RFC 4835 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH). Speaker:ChungYi Wang Advister:Quincy Wu 2007/4/23. Outline. Motivation ESP & AH ESP & AH table Changes from RFC 2402 and RFC 2406 to RFC 4305
E N D
RFC 4835 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) Speaker:ChungYi Wang Advister:Quincy Wu 2007/4/23
Outline • Motivation • ESP & AH • ESP & AH table • Changes from RFC 2402 and RFC 2406 to RFC 4305 • Changes from RFC 4305 • Reference
Motivation • The IPsec series of protocols makes use of various cryptographic algorithms in order to provide security services. • To ensure interoperability between disparate implementations, it is necessary to specify a set of mandatory-to- implement algorithms to ensure that there is at least one algorithm that all implementations will have available.
ESP & AH(1/3) • Encapsulating Security Payload (ESP) • 內容保密 • Authentication Header (AH) • 身分認證,重送確認
ESP & AH(2/3) • AH http://en.wikipedia.org/wiki/IPsec#Encapsulated_Security_Payload_.28ESP.29 IP address, key … Integrity Check Value
ESP & AH(3/3) • ESP http://en.wikipedia.org/wiki/IPsec#Encapsulated_Security_Payload_.28ESP.29
ESP & AH table(2/7) • SHOULD+ • 未來可能變成MUST • SHOULD- • 未來可能變成MAY • MUST- • 未來可能不再是MUST
ESP & AH table - DES(3/7) • DES (Data Encryption Standard) • small key size(56bits), publicly demonstrated, open-design special-purpose cracking hardware Questionable security for general use • TripleDES • Key size:168 bits • Rounds:48 DES-equivalent rounds http://en.wikipedia.org/wiki/TripleDES
ESP & AH table - AES(4/7) • AES (Advanced Encryption Standard) • NIST 宣佈,於1998 第一次提出,也就是Rijndael • Key Size:128bits, 192bits, 256bits • Block size:128bits • 於軟體和硬體上的運算都很快, 容易實作, 並且不需要太多的記憶體操作。
ESP & AH table - HMAC(5/7) • HMAC (keyed-hash message authentication code) • 利用雜湊函式進行 身分驗證,資料完整性的演算法。 • MD5 • Digest size:128bits • Rounds:4 • SHA-1 • Digest size:128bits • Rounds:80
ESP & AH table - Collision(6/7) • H(x) = H(y) • X 不等於 y • 不同來源卻有相同的認證hash • 如果很不容易找到ㄧ對 x, y, 符合 H(x) = H(y),就是一個強壯的(strong)雜湊函式演算法。
Reference • RFC 4835 • http://www.faqs.org/rfc/rfc4835.txt • IPsec (ESP & AH) • http://en.wikipedia.org/wiki/IPsec#Encapsulated_Security_Payload_.28ESP.29 • DES • http://en.wikipedia.org/wiki/Data_Encryption_Standard • AES • http://en.wikipedia.org/wiki/Advanced_Encryption_Standard • NIST:http://www.commerce.gov/opa/photo/NIST/events.html
Reference • HMAC • http://en.wikipedia.org/wiki/HMAC • Hash collision : http://en.wikipedia.org/wiki/Hash_collision • MD5 • http://en.wikipedia.org/wiki/MD5 • SHA1 • http://en.wikipedia.org/wiki/SHA