Secure Network Layer
While the TCP/IP suite of protocols has become very popular among embedded systems with the proliferation of connected devices, security is not part of IP’s original design. Hence any embedded application with security requirements needs to implement security at the application, transport, network, or link layer. Placing security at the network layer has several advantages when security requirements affect all data going through the stack. In this case, security of the data in transit is transparent to the applications which use the network stack. Further, the security architecture is independent of the network type or topology to which the embedded device is connected and encrypted packets can be routed and switched on any network that supports IP traffic.
V-IPSecure implements a secure network layer (IPsec) that provides data integrity, origin authentication, data confidentiality, access control, partial sequence integrity, and traffic flow confidentiality services for communications between any two networks or hosts. Replay-detection as defined by the IPsec standard is also performed by using sequence numbers combined with authentication.
Support for Standards
V-IPSecure includes a complete set of standards-based protocol implementations for IPsec-enabling a standard TCP/IP (V4 or V6) network stack.
Authentication Header (AH) Protocol attaches a strong crypto-checksum to packets for a guarantee of authenticity, and ties data in each packet to a verifiable signature. This allows communicating parties to verify that data was not modified in transit (connectionless integrity) and that it genuinely came from its apparent source. Optionally, it can contain protections against replay attacks.
Encapsulating Security Payload (ESP) Protocol encrypts data using symmetric keys, to secure it against eavesdropping during transit. It provides a guarantee of confidentiality and optionally provides for integrity and message authentication as well.
Internet Key Exchange (IKE) is a powerful and flexible negotiation protocol that allows communicating parties to negotiate the methods and parameters of the secure communication channel, such as the sharing of secret keys between peers.
V-IPSecure seamlessly integrates with any IPv4 or IPv6 based TCP/IP stack, leveraging features such as PMTU support if the native stack provides it.
Secure Channel Framework
The flexibility and power of V-IPSecure is enhanced by a highly configurable framework for policy and secure channel management. It allows for a flexible set of rules to decide when to apply security policies and when to skip (bypass) them, and provides different levels of security setup. For example, a secure communication channel to one network node may consist of a simple authentication scheme for traffic in both directions, while a highly secure authentication and encryption scheme may be setup for other hosts or entire networks. The management control for such flexibility is provided through a set of user friendly APIs to access and modify the Security Policy Database (SPD) and APIs for configuration commands. These APIs may be called programatically from within a management application, or manually from a host or target-resident shell during development. This interface may also be used to pre-share secret keys for encryption between network nodes.
A Security Association (SA) is a one-way association between a sender and a receiver of security services. Each SA represents one direction of traffic. The security association separates the key management and the security mechanisms from each other. Each V-IPSecure SA defines a set of parameters including the sequence number for anti-replay service, the protocol mode, the lifetime of the SA, the path MTU, and other implementation details. For authentication services in AH or ESP, and for encryption services in ESP, each SA also defines parameters such as the choice of cryptographic algorithm, keys in use, key lifetimes, initial values, etc. In this way, V-IPSecure makes it possible to bundle SAs to achieve the desired level of security in a fine-grained manner.
Tunnel and Transport Modes
Depending on the mechanism of secure IP packet transmission, V-IPSecure supports two types of SAs, which define the IPsec protocol mode in use:
Transport mode SA: A security association between two hosts used to secure the traffic of higher layer protocols.
Tunnel mode SA: A security association modeled similar to an IP-in-IP tunnel, by encapsulating IP packets into new packets, which is suitable for secure connections between security gateways.
Based on application requirements, V-IPSecure may be configured in either mode or a mix of the two modes for different connections. ESP in transport mode allows for lower processing overhead but provides neither authentication nor encryption for the IP header, making it vulnerable to spoofing. In ESP in tunnel mode, the original datagram becomes the payload data for the new ESP packet, hence protection is total if both encryption and authentication are selected, but has a higher overhead. Further, tunneling allows for the passing of illegal IP addresses through a public network, which may be required in certain applications. Tunneling with the ESP also has the advantage of hiding the original source and destination addresses from users on the public network — defeating or at least reducing the power of traffic analysis attacks.
Security Policies are a flexible set of rules specified by network administrators to decide whether to secure an IP packet, bypass security for it, or discard it, affording different levels of security setup. For example, an SA to one network node may consist of a simple authentication scheme, while a highly secure authentication and encryption scheme may be setup for other hosts.
SA and SP Database APIs
The management control for such flexibility is provided through a set of user friendly APIs to access and modify the SP Database (SPD) and APIs for configuration commands. APIs are also included for manually setting up Security Associations. These APIs may be called programmatically, or manually from a target-resident shell during development. This interface may also be used to pre-share secret keys for encryption between network nodes.
Automatic Key Negotiation
To use any encryption in a network environment, communicating peers must first exchange keys. While manually sharing keys is a possibility and is fully supported in V-IPSecure, it can become intractable as the number of IPsec hosts increases. For this reason, V-IPSecure includes an implementation of a mechanism for automatic key negotiation, called Internet Key Exchange (IKE). IKE is based on the Diffie-Hellman key exchange and provides mechanisms for automatic generation and frequent renewal of the crypto keys for high security without increasing key-lengths which may slow down the encryption process.
IKE integrates the Internet Security Association and Key Management Protocol (ISAKMP) framework with an Oakley key exchange scheme. ISAKMP defines a standardized framework to support negotiation of security associations (SA), initial generation of all cryptographic keys, and subsequent refresh of these keys. Oakley is the key management protocol that is used within the ISAKMP framework. IKE supports automated negotiation of security associations, and automated generation and refresh of cryptographic keys. Authentication in IKE can be achieved using a variety of mechanisms such as pre-shared keys, Kerberos, etc. before key exchange begins. When using TeamF1’s AuthAgent Kerberos for authentication, V-IPSecure’s IKE is completely interoperable with Microsoft Windows® implementations of IPsec and IKE using Active Directory as the authentication database.
IPsec configuration via commands or configuration file.
Configurable anti-replay window state.
Support for explicit specification of IKE exchange.
Configurable handling of packets not compliant with a security policy.
Designed for hardware acceleration.
Available in full-source format.
Customization hooks and callouts.
Unwanted components can be scaled out.