AY2.ORG

IPsec Resources

Warning and disclaimer: some of the linked items below may illustrate the use of ESP without authentication or other insecure IPsec configurations. They may contain inaccurate information. Some may contain others people’s expressed opinions. The act of hyperlinking an article does not represent my endorsement of its content, nor agreement of any viewpoints expressed or implied therein.

Overview

Kenny Paterson’s A Cryptographic Tour of IPsec Standards is a user friendly entry point to the world (or labyrinth) of IPsec with a focus on the evolution of the IPsec standards. Includes information on latest third generation of the IPsec protocols.
Steve Friedl’s An Illustrated Guide to IPsec. An accessible but incomplete introduction. It seems that the author hasn’t yet got round to writing the promised follow-up article on key mangement.
NIST’s Guide to IPsec VPNs [3.89MB pdf].

IETF Standards

Archived IPsec Working Group Charter (Working Group disbanded in Apr 2005)
Security Architecture for Internet Protocol RFC 4301 obsoletes RFC 2401
Encapsulating Security Payload (ESP) RFC 2406 obsoletes RFC 4301
Authentication Header (AH) RFC 4302 obsoletes RFC 2402
Internet Key Exchange (IKE) RFC 4306 (being updated by Internet Draft IKEv2.1) obsoletes RFC 2407, RFC 2408, RFC 2409 (phew!)
UDP Encapsulation of IPsec ESP Packets, for use with NAT-Traversal RFC 3948. Any potential attacks?
More links to RFCs at VPN Consortium
IPsec mailing list archive

Royal Holloway Attack

Serious security flaws in IPsec were discovered by Kenny Paterson and myself. We have developed several highly efficient and devastating attacks and they have been implemented and verified in a network testing lab. NISCC (UK-CERT) was called in to assess these attacks, and handled communications with vendors before publishing the vulnerability advisory.

K.G. Paterson and A.K.L. Yau, Cryptography in theory and practice: The case of encryption in IPsec. In S. Vaudenay (ed.), Eurocrypt 2006, Lecture Notes in Computer Science Vol. 4004, pp. 12-29, Springer-Verlag. Full version available at the Cryptology ePrint Archive.
K.G. Paterson and A.K.L. Yau, Lost in Translation: Theory and Practice in Cryptography, IEEE Security & Privacy, vol. 4, no. 3, May/June 2006, pp. 69-72. Available online.
NISCC Vulnerability Advisory IPSEC — 004033 on 9 May 2005. Updated version [pdf] with some vendor responses on 16 May 2005.
US-CERT Vulnerability Note VU#302220.
Candidate for inclusion in the CVE list.
Openswan’s response to NISCC’s vulnerability announcement.
Slashdot: Flaw Found in VPN Crypto Security with reader comments.
The Register: UK.gov warns over VPN crypto flaw.
C|Net: Flaw found in VPN crypto security
Discussions on sci.crypt newsgroup.
Commentaries by Steve Dispensa (Microsoft MVP) / Dan McDonald (Sun) / David M. Piscitello (Core Competence) and follow-up (same page, a few entries up).
Related article on responsible disclosure and interview with Kenny Paterson.
Flaw mentioned in a news article on Infosecurity News.
A blog entry on our Eurocrypt presentation by Entrust’s Chief Cryptographer.

Other Papers/Attacks

Steve M. Bellovin’s Cryptography Papers. Of particular interest are Problem Areas for the IP Security Protocol [pdf] and Probable Plaintext Cryptanalysis of the IP Security Protocols [pdf], which outline attacks on an early and now obsoleted version of IPsec when ESP is used without authentication.
N. Ferguson and B. Schneier, A Cryptographic Evalutation of IPsec. An analysis of the currently-in-use version of IPsec.
C. McCubbin, A.A. Selcuk, D. Sidhu, Initialization Vector Attacks on the IPsec Protocol Suite . More attack sketches on ESP without authentication.

IKECrack is an open source IKE cracking tool. It uses bruteforce or dictionary attack on the key/password used with Pre-Shared-Key [PSK] IKE authentication.

Implementations

Using IPSec in Windows 2000 and XP, a three-part series on SecurityFocus. Parts one, two, three.
IPsec is implemented in the Linux kernel from version 2.6 onwards. IPsec-Tools is a Linux port of IPsec configuration utilities and IKE daemon from the now concluded KAME project. IPsec-Tools supports NetBSD and FreeBSD as well. Manpages for setkey(8) and racoon(8), two important programs in IPsec-tools.
IPsec HowTo for Linux. Covers IPsec-Tools. Openswan instructions to come (apparently).
Alternative IPsec implementations for Linux include Openswan and strongSwan which take over from the now defunct FreeS/WAN project. This article [pdf], dates back from 2004, compares different IPsec implementations in Linux and looks at what future holds for IPsec on Linux.
Roadwarrior setup guides for IPsec VPNs with a Linux server and clients running various OSes.
As a result of the KAME project, all major BSD variants have built-in IPsec (and IPv6) support. This includes Mac OS X, which has support for L2TP over IPsec. Official IPsec documentation for FreeBSD and NetBSD. OpenBSD’s vpn(8) manpage. A guide for IPsec on Mac OS X with a focus on its use with Linux servers. Apple’s BSD manpage on ipsec(4).
Zero to IPSec in 4 minutes. “This short article looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat.” (Is it contradictory to say “about four minutes flat”?)
Official HP-UX IPsec product information and configuration guide.
Configuring IPsec/IKE on Solaris, another three-part series on SecurityFocus. Parts one, two, three.
Cisco’s Introduction to IP Security (IPSec) Encryption with some configuration instructions.

Books

N. Doraswamy and D. Harkins, IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition. More accessible than the RFCs and a handy reference.

Miscellaneous

Penetration Testing IPsec VPNs.
IPsec: RFCs and How-To. Somewhat oudated, but links to hardware and software configuration guides may still be useful.
A somewhat brief Wikipedia entry (as of March 2006
White Paper - IPsec in VoIP Networks. Touches on problems with using IPsec with NAT/NAPT.

Control. Alternate. Delete.