IETF Logo Mail Archive

Re: [IPsec] Diet-ESP

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Tue, 17 February 2015 05:28 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E48D41A1A0C; Mon, 16 Feb 2015 21:28:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odRMkdDurNjR; Mon, 16 Feb 2015 21:28:06 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16DE81A079D; Mon, 16 Feb 2015 21:28:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14788; q=dns/txt; s=iport; t=1424150887; x=1425360487; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=r3mVOXB5bN/2oXpxe64LNTjAaGmpWUulqrZqzLTGrcQ=; b=MLacwVDm0PcuMnM832JZC/tIL+gwI0YuYZPM7zBx8eO69WMFIwXTmPLe joywZfyvoCxLNPcpq3ikDInxPuXYCJ9ax36W18nosjtsRDWpIG2OOHdAJ EjqXJP88qbbprIl2g8VipM0uIQk2rLiB45/X8jdUeWiDgsuKtM6qbGf0C o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D0BwAA0eJU/5NdJa1bgkNDUloEgn+wDo1DgXCFbwIceUMBAQEBAQF8hAwBAQEEIwpMEAIBCA4DBAEBCx0DAgICMBQJCAIEAQ0FCIglDbcclxoBAQEBAQEBAQEBAQEBAQEBAQEBAQEXiwyEPBYbBgGCaC6BFAWNTIFsg1eGeDiCVY5oIoNub4FEfwEBAQ
X-IronPort-AV: E=Sophos;i="5.09,592,1418083200"; d="scan'208,217";a="397064621"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-2.cisco.com with ESMTP; 17 Feb 2015 05:28:06 +0000
Received: from xhc-rcd-x02.cisco.com (xhc-rcd-x02.cisco.com [173.37.183.76]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id t1H5S5vf004426 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 17 Feb 2015 05:28:05 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.248]) by xhc-rcd-x02.cisco.com ([173.37.183.76]) with mapi id 14.03.0195.001; Mon, 16 Feb 2015 23:28:04 -0600
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Daniel Migault <mglt.ietf@gmail.com>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: [IPsec] Diet-ESP
Thread-Index: AQHQSl8D8Q49UimlJk+ag/Gqzu2LiJz0RjGw
Date: Tue, 17 Feb 2015 05:28:04 +0000
Message-ID: <A113ACFD9DF8B04F96395BDEACB340420D03A28E@xmb-rcd-x04.cisco.com>
References: <CADZyTkkqjSQe1HvMhLqg1g1-bxGc3iXB8kjL81qJgieCwV6h8Q@mail.gmail.com>
In-Reply-To: <CADZyTkkqjSQe1HvMhLqg1g1-bxGc3iXB8kjL81qJgieCwV6h8Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.255.216]
Content-Type: multipart/alternative; boundary="_000_A113ACFD9DF8B04F96395BDEACB340420D03A28Exmbrcdx04ciscoc_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/FrJq-E-6hKeXZnad2l4B-Re3m0g>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Diet-ESP
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 05:28:09 -0000

Here’s an issue with this draft; it doesn’t meet the requirements that it claims.  In particular, it claims that it is based on standard IPsec, and that its security is equivalent to IPsec (R1-R3).  However, it allows (and, as far as I am concerned, encourages) the use of tiny ICVs; these tiny ICVs introduce security vulnerabilities that do not occur within sane configurations of IPsec (where sane includes using an integrity transform).  In particular, using tiny ICVs with GCM is a known security issue.

Now, it would be possible to have an encryption protocol that would not have issues with small ICVs (say, by using a wide block cipher); however this would be rather different than standard IPsec (in part because IPsec was never designed with these minimal bandwidth constraints); either we need to stay with an IPsec-based protocol (which implies a largish ICV), or go with something else (which would have less overhead, but doesn’t look that much like IPsec internally).


Oh, and a minor note on the IV generation: it’s actually secure to use the same key you use to encrypt to encrypt the counter for the IV; you don’t need a separate key.

From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Daniel Migault
Sent: Monday, February 16, 2015 10:08 PM
To: 6lo@ietf.org
Cc: ipsec@ietf.org
Subject: [IPsec] Diet-ESP

Please find the new version of Diet-ESP a compress IPsec/ESP for IoT. We have implemented and tested Diet-ESP. Compared to the standard IPsec/ESP, Diet-ESP can reduce the networking overhead added to unprotected data from 100% to a few percent. I will be happy to present these draft next IETF.

Feel free to make comments!

The drafts includes:
    1) draft-mglt-6lo-diet-esp-requirements<http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp-requirements/>: lists the requirements for Diet-ESP
    2) draft-mglt-6lo-aes-implicit-iv<http://datatracker.ietf.org/doc/draft-mglt-6lo-aes-implicit-iv/>: indicates how to avoid carrying the IV in each ESP packet. It is instead generated by each peers. The protocols described in the draft can be used with the regular IPsec/ESP.
    3) draft-mglt-6lo-diet-esp<http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp/> describes the core Diet-ESP protocol, that is how to compress/decompress each fields of the standard IPsec/ESP. Compression is discribed through a Diet-ESP Context.
    4) draft-mglt-6lo-diet-esp-payload-compression<http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp-payload-compression/>: describes how the clear text can be compressed before encryption. In fact unless IPsec/ESP is used with NULL encryption, the data in the ESP packet is encrypted. Encryption makes compression hard to perform. Instead compressing before encrypting can be very efficient. This makes possible to remove UDP/TPC/IP tunnel headers.
    5) draft-mglt-6lo-diet-esp-context-ikev2-extension<http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp-context-ikev2-extension/>: describes how to negociate Diet-ESP with IKEv2. In fact this mostly result in an agreement for the DIet-ESP Context. This exchange may then be extended to Diet-HIP Exchange.
BR,
Daniel
--
Daniel Migault
Orange Labs -- Security
+33 6 70 72 69 58

v2.23.0 | Report a Bug | By Email