Abstract
This paper recounts some lessons that we learned from the deployment of host-to-host IPsec in a large corporate network. Several security issues arise from mismatches between the different identifier spaces used by applications, by the IPsec security policy database, and by the security infrastructure (X.509 certificates or Kerberos). Mobile hosts encounter additional problems because private IP addresses are not globally unique, and because they rely on an untrusted DNS server at the visited network. We also discuss a feature interaction in an enhanced IPsec firewall mechanism. The potential solutions are to relax the transparency of IPsec protection, to put applications directly in charge of their security and, in the long term, to redesign the security protocols not to use IP addresses as host identifiers.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aura, T.: Cryptographically generated addresses. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)
Aura, T., Roe, M., Arkko, J.: Security of Internet location management. In: Proc. 18th Annual Computer Security Applications Conference, Las Vegas, IEEE Computer Society, Los Alamitos (2002)
Bellovin, S.M.: Problem areas for the IP security protocols. In: Proc. 6th Usenix Unix Security Symposium, pp. 205–214. USENIX Association, San Jose, CA, USA (1996)
Carpenter, B., Crowcroft, J., Rekhter, Y.: IPv4 address behaviour today. RFC 2101, IETF Network Working Group (February 1997)
Dolev, D., Yao, A.: On the security of public-key protocols. Communications of the ACM 29(8), 198–208 (1983)
Eastlake, D.: Domain name system security extensions. RFC 2535, IETF Network Working Group (March 1999)
Kaufman, C. (ed.): Internet key exchange (IKEv2) protocol. Internet-Draft draft-ietf-ipsec-ikev2-17.txt, IETF IPsec Working Group, Work in progress (September 2004)
Ferguson, N., Schneier, B.: A cryptographic evaluation of IPsec. Technical report, Counterpane Labs (1999)
Guttman, J.D., Herzog, A.L., Thayer, F.J.: Authentication and confidentiality via IPsec. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 255–272. Springer, Heidelberg (2000)
Harkins, D., Carrel, D.: The Internet key exchange (IKE). RFC 2409, IETF Network Working Group (November 1998)
Kent, S., Atkinson, R.: Security architecture for the Internet Protocol. RFC 2401, IETF Network Working Group (November 1998)
Kent, S., Seo, K.: Security architecture for the Internet protocol. Internet-Draft draft-ietf-ipsec-rfc2401bis-03, IETF IPsec Working Group, Work in progress (September 2004)
Krawczyk, H.: SIGMA: The ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE-protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003)
Lang, U., Gollmann, D., Schreiner, R.: Verifiable identifiers in middleware security. In: Proc. 17th Annual Computer Security Applications Conference, New Orleans, LA USA, pp. 450–459. IEEE Computer Society, Los Alamitos (2001)
Linn, J.: Generic security service application program interface version 2, update 1. RFC 2743, IETF (January 2000)
Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1999)
Nikander, P.: Denial-of-service, address ownership, and early authentication in the IPv6 world. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols. LNCS, vol. 2467, pp. 12–21. Springer, Heidelberg (2002)
Nikander, P., Ylitalo, J., Wall, J.: Integrating security, mobility, and multi-homing in a HIP way. In: NDSS 2003. Proc. Network and Distributed Systems Security Symposium, San Diego, CA USA, pp. 87–99 (February 2003)
Perlman, R., Kaufman, C.: Key exchange in IPSec: Analysis of IKE. IEEE Internet Computing 4(6), 50–56 (2000)
Piper, D., Swander, B.: A GSS-API authentication method for IKE. Internet-Draft draft-ietf-ipsec-isakmp-gss-auth-07, IETF, Expired (July 2001)
Rekhter, Y., Moskowitz, B., Karrenberg, D., De Groot, G J., Lear, E.: Address allocation for private internets. RFC 1918, IETF (February 1996)
Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spaffold, E.H., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on TCP. In: Proc. 1997 IEEE Symposium on Security and Privacy, Oakland, CA USA, pp. 208–223. IEEE Computer Society Press, Los Alamitos (1997)
Trostle, J., Gossman, B.: Techniques for improving the security and manageability of IPsec policy. International Journal of Information Security 4(3), 209–226 (2005)
International Telecommunication Union. ITU-T recommendation X.509 (11/93) - The Directory: Authentication Framework (November 1993)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aura, T., Roe, M., Mohammed, A. (2007). Experiences with Host-to-Host IPsec. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-77156-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77155-5
Online ISBN: 978-3-540-77156-2
eBook Packages: Computer ScienceComputer Science (R0)