Re: Use OTP in IPSEC?
Ari Huttunen <Ari.Huttunen@datafellows.com> Thu, 07 October 1999 13:16 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id GAA10683; Thu, 7 Oct 1999 06:16:09 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id GAA00306 Thu, 7 Oct 1999 06:50:31 -0400 (EDT)
Message-ID: <37FC7B72.55FE5AD6@DataFellows.com>
Date: Thu, 07 Oct 1999 13:52:34 +0300
From: Ari Huttunen <Ari.Huttunen@datafellows.com>
Organization: Data Fellows Oyj
X-Mailer: Mozilla 4.51 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Markku Savela <msa@hemuli.tte.vtt.fi>
CC: ipsec@lists.tislabs.com
Subject: Re: Use OTP in IPSEC?
References: <199910061052.NAA29733@anise.tte.vtt.fi>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Would it be possible to use this idea together with the Host Identity Payload? Use something based on One Time Passwords instead of DSA? E.g. something like - First message is DSA-authenticated by the sender and contains, in addition to existing HIP-stuff, an OTP-seed-value that is RSA-encrypted with the recipients public key. (The encrypted seed value would also be authenticated.) - Both parties calculate hashes from the seed value N times, and start using them in reverse order. - Next message sent by the same sender will no longer use DSA, but something based on OTP. The receiver would have some sort of replay protection window to allow for packet re-orderings while in transit. This method could also be used for encryption, the initiator would one-sidedly choose the encryption key it wishes, and send that encrypted with the recipient's public key. Just an idea... Ari Markku Savela wrote: > This is just one my random ideas that float in the background, and > just decided to sound it off on this list... > > I think there might be some special cases where even use of OTP (One > time pad) might be usable with IPSEC. > > Possible technical definition: Within ESP, each packet would, instead > of IV, use an 64 bit offset to OTP that is somehow known to both ends > (with the usual problems of keeping the OTP secret etc.) > > A server that provides some highly sensitive, but short, > information as a responce to queries could use this > method. [This almost implicitly requires the ability to > negotiate assymmetric associations (currently only possible > with manual configuring) > > Server ----> IPSEC(OTP) ------> clients > <---- other protection > > [cant have multiple senders use the same OTP, as it would be > hard to prevent the same pad segment being used twice]. > > OTP might be useful also in the key echange of the key management, if > one is suspicious about the public key algorithms. -- Ari Huttunen phone: +358 9 859 900 Senior Software Engineer fax : +358 9 8599 0452 Data Fellows Corporation http://www.DataFellows.com F-Secure products: Integrated Solutions for Enterprise Security
- Use OTP in IPSEC? Markku Savela
- Re: Use OTP in IPSEC? Ari Huttunen