PDF datasheet

V-IPSecure - IPsec and IKE

Tech Specification

Embedded IPsec and IKE

V-IPSecure is a high-performance, embedded implementation of the IPsec protocol suite providing a high-quality cryptography-based secure communication channel on embedded systems. With full support for flexible policy specifications and complex security associations, it enables virtual private networks (VPN) to be easily carved out of public and/or insecure networks. V-IPSecure also includes a highly interoperable implementation of the IKE (Internet Key Exchange) protocol including advanced features such as support for IKEv2, NAT-T (NAT Traversal), Kerberos and X.509 digital certificate based authentication, in addition to standard pre-shared keys (PSK) IKE authentication. With its comprehensive, yet highly modular encryption cipher and cryptographic checksum library (including AES and SHA modules) V-IPsecure's designed-for-embedded implementation make it the IPsec implementation of choice for leading edge networked embedded devices.

V-IPSecure implements a secure network layer (IPsec) that provides data integrity, origin authentication, data confidentiality, access control, partial sequence integrity, replay protection and traffic flow confidentiality services for communications between any two networks or hosts. V-IPSecure also includes a full-featured implementation of automatic key negotiation - Internet Key Exchange (IKE) - based on the Diffie-Hellman key exchange. V-IPSecure's IKE provides a mechanism for automatic generation and frequent renewal of the crypto keys for high security without increasing key-lengths which may slow down the encryption process.

V-IPSecure includes support for the Authentication Header (AH) and Encapsulated Security Payload (ESP) protocols in both Tunnel and Transport modes. V-IPSecure's IKE includes support for manual key exchange, pre-shared keys and custom authentication schemes that can precede the DH exchanges. Support for Perfect Forward Secrecy (PFS) is also included.

Besides the tight integration with the VxWorks operating system and its native network stack, which was developed as a part of the technology alliance, V-IPSecure includes leading edge features such as AES (Advanced Encryption Standard) support, a plug-in X.509 digital certificate authentication module, and integration with NetF1 - one of the fastest IPv6 stacks available for embedded devices.

Also included in V-IPSecure are advanced features such as support for Kerberos authentication in IKE (including interoperability with Microsoft® Windows® Active Directory and Windows Server domain controller authentication), support for a wide variety of encryption ciphers and hashing algorithms, any of which can be scaled out if not in use, and Path Maximum Transmission Unit (PMTU) support to avoid fragmentation. The crypto libraries built into V-IPSecure are designed for hardware acceleration in an asychronous or synchronous manner, and several reference implementations and drivers to hardware acceleration chips are also provided, along with a pure software implementation.

V-IPSecure supports memory partitions and lean, yet fast abstractions. Because it is an integrated implementation, it does not suffer from the inefficiencies of the Bump-In-The-Stack or Bump-In-The-Wire model of other IPsec implementations. Designed exclusively for embedded use, V-IPSecure’s robust and configurable implementation makes it an ideal fit for embedded devices such as Internet appliances, VPNs, gateways, secure terminals, and routers.

Features & Benefits

  • AH, ESP (with authentication option)
  • Tunnel and Transport Mode.
  • Support for Manual Key Exchange.
  • IKE with pre-shared keys.
  • IKE phase 1 Main Mode, Phase 2 Quick Mode.
  • Diffie-Hellman groups: 1, 2.
  • Support for IPv6.
  • IKE Hooks for Kerberos Authentication.
  • Configuration via commands or configuration file.
  • Database access APIs for SP and SA
  • Support for IKE INITIAL CONTACT
  • Support for Perfect Forward Secrecy (PFS)
  • Support for per-interface IPsec enable/disable
  • Support for CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/XScale
  • Royalty-free full source distribution

Advanced Features

  • Includes implementations of the latest protocol versions - ESPv3, AHv3 and IKEv2
  • Support for NAT-Traversal
  • Supports IPsec protocol acceleration in hardware and references drivers for various Hifn and Cavium Nitrox families are provided.
  • Supports advanced features such as caching, nested and bundled Security Associations, Dead Peer Detection and native IPv6 support
  • Enhanced memory management support
  • Requires no special network stack source code
  • Works with existing IPv4 and IPv6 stacks

Secure Network Layer
While the TCP/IP suite of protocols has become very popular among embedded systems with the proliferation of connected devices, security is not part of IP’s original design. Hence any embedded application with security requirements needs to implement security at the application, transport, network, or link layer. Placing security at the network layer has several advantages when security requirements affect all data going through the stack. In this case, security of the data in transit is transparent to the applications which use the network stack. Further, the security architecture is independent of the network type or topology to which the embedded device is connected and encrypted packets can be routed and switched on any network that supports IP traffic.

V-IPSecure implements a secure network layer (IPsec) that provides data integrity, origin authentication, data confidentiality, access control, partial sequence integrity, and traffic flow confidentiality services for communications between any two networks or hosts. Replay-detection as defined by the IPsec standard is also performed by using sequence numbers combined with authentication.

Support for Standards
V-IPSecure includes a complete set of standards-based protocol implementations for IPsec-enabling a standard TCP/IP (V4 or V6) network stack.

  • Authentication Header (AH) Protocol attaches a strong crypto-checksum to packets for a guarantee of authenticity, and ties data in each packet to a verifiable signature. This allows communicating parties to verify that data was not modified in transit (connectionless integrity) and that it genuinely came from its apparent source. Optionally, it can contain protections against replay attacks.
  • Encapsulating Security Payload (ESP) Protocol encrypts data using symmetric keys, to secure it against eavesdropping during transit. It provides a guarantee of confidentiality and optionally provides for integrity and message authentication as well.
  • Internet Key Exchange (IKE) is a powerful and flexible negotiation protocol that allows communicating parties to negotiate the methods and parameters of the secure communication channel, such as the sharing of secret keys between peers.

V-IPSecure seamlessly integrates with any IPv4 or IPv6 based TCP/IP stack, leveraging features such as PMTU support if the native stack provides it.

Secure Channel Framework
The flexibility and power of V-IPSecure is enhanced by a highly configurable framework for policy and secure channel management. It allows for a flexible set of rules to decide when to apply security policies and when to skip (bypass) them, and provides different levels of security setup. For example, a secure communication channel to one network node may consist of a simple authentication scheme for traffic in both directions, while a highly secure authentication and encryption scheme may be setup for other hosts or entire networks. The management control for such flexibility is provided through a set of user friendly APIs to access and modify the Security Policy Database (SPD) and APIs for configuration commands. These APIs may be called programatically from within a management application, or manually from a host or target-resident shell during development. This interface may also be used to pre-share secret keys for encryption between network nodes.

Security Associations
A Security Association (SA) is a one-way association between a sender and a receiver of security services. Each SA represents one direction of traffic. The security association separates the key management and the security mechanisms from each other. Each V-IPSecure SA defines a set of parameters including the sequence number for anti-replay service, the protocol mode, the lifetime of the SA, the path MTU, and other implementation details. For authentication services in AH or ESP, and for encryption services in ESP, each SA also defines parameters such as the choice of cryptographic algorithm, keys in use, key lifetimes, initial values, etc. In this way, V-IPSecure makes it possible to bundle SAs to achieve the desired level of security in a fine-grained manner.

Tunnel and Transport Modes
Depending on the mechanism of secure IP packet transmission, V-IPSecure supports two types of SAs, which define the IPsec protocol mode in use:

  • Transport mode SA: A security association between two hosts used to secure the traffic of higher layer protocols.
  • Tunnel mode SA: A security association modeled similar to an IP-in-IP tunnel, by encapsulating IP packets into new packets, which is suitable for secure connections between security gateways.

Based on application requirements, V-IPSecure may be configured in either mode or a mix of the two modes for different connections. ESP in transport mode allows for lower processing overhead but provides neither authentication nor encryption for the IP header, making it vulnerable to spoofing. In ESP in tunnel mode, the original datagram becomes the payload data for the new ESP packet, hence protection is total if both encryption and authentication are selected, but has a higher overhead. Further, tunneling allows for the passing of illegal IP addresses through a public network, which may be required in certain applications. Tunneling with the ESP also has the advantage of hiding the original source and destination addresses from users on the public network — defeating or at least reducing the power of traffic analysis attacks.

Security Policies
Security Policies are a flexible set of rules specified by network administrators to decide whether to secure an IP packet, bypass security for it, or discard it, affording different levels of security setup. For example, an SA to one network node may consist of a simple authentication scheme, while a highly secure authentication and encryption scheme may be setup for other hosts.

SA and SP Database APIs
The management control for such flexibility is provided through a set of user friendly APIs to access and modify the SP Database (SPD) and APIs for configuration commands. APIs are also included for manually setting up Security Associations. These APIs may be called programmatically, or manually from a target-resident shell during development. This interface may also be used to pre-share secret keys for encryption between network nodes.

Automatic Key Negotiation
To use any encryption in a network environment, communicating peers must first exchange keys. While manually sharing keys is a possibility and is fully supported in V-IPSecure, it can become intractable as the number of IPsec hosts increases. For this reason, V-IPSecure includes an implementation of a mechanism for automatic key negotiation, called Internet Key Exchange (IKE). IKE is based on the Diffie-Hellman key exchange and provides mechanisms for automatic generation and frequent renewal of the crypto keys for high security without increasing key-lengths which may slow down the encryption process.

IKE integrates the Internet Security Association and Key Management Protocol (ISAKMP) framework with an Oakley key exchange scheme. ISAKMP defines a standardized framework to support negotiation of security associations (SA), initial generation of all cryptographic keys, and subsequent refresh of these keys. Oakley is the key management protocol that is used within the ISAKMP framework. IKE supports automated negotiation of security associations, and automated generation and refresh of cryptographic keys. Authentication in IKE can be achieved using a variety of mechanisms such as pre-shared keys, Kerberos, etc. before key exchange begins. When using TeamF1’s AuthAgent Kerberos for authentication, V-IPSecure’s IKE is completely interoperable with Microsoft Windows® implementations of IPsec and IKE using Active Directory as the authentication database.

Customization Flexibility

  • IPsec configuration via commands or configuration file.
  • Configurable anti-replay window state.
  • Support for explicit specification of IKE exchange.
  • Configurable handling of packets not compliant with a security policy.
  • Designed for hardware acceleration.
  • Available in full-source format.
  • Customization hooks and callouts.
  • Unwanted components can be scaled out.