IP Security Features

The IP Security feature of AIX provides the following functions:

• Authentication Header (AH) and Encapsulating Security Payload (ESP) support using RFC 1826 and RFC 1829 as well as the draft standards for AH and ESP that were initially proposed in 1997.
• Tunnel mode and transport mode of encapsulation.
• Authentication algorithms of Keyed MD5, HMAC MD5, and HMAC SHA1.
• Encryption algorithms include DES CBC 8 (64 bit IV), DES CBC 4 (32 bit IV), CDMF (40 bit DES that is exportable), and for AIX versions 4.3.1 and later, Triple DES.
• Dual IP stack support (IP version 4 and IP version 6). IP Version 6 is configurable with manual tunnels.
• Both IP version 4 and IP version 6 traffic can be encapsulated and filtered. Because the IP stacks are separate, the IP Sec function for each stack can be configured independently.
• Automatic key refreshment is provided by using Internet Key Management (IKE) tunnels (AIX versions 4.3.2 and later) and IBM tunnels.
• Manual tunnels can be configured to provide interoperability with other systems that do not support the automatic key refreshment methods, and for use of IP V6 tunnels.
• Filtering of secure and non-secure traffic by a variety of IP characteristics such as source and destination IP addresses, interface, protocol, port numbers, etc.
• Basic configuration that simplifies the configuration of individual tunnels by automatically generating the filter rules that apply to that tunnel. In addition, when defining tunnels, only a minimum number of parameters are required and the remaining can be autogenerated or imported into the system.
• Use of hostnames for the destination address when defining tunnels and filter rules. The hostnames will be converted to IP addresses automatically (as long as DNS is available).
• Logging of IP Sec events to syslog.
• Extensive use of system traces and statistics for problem determination.
• User-defined default action allows the user to specify whether traffic that does not match defined tunnels should be allowed or denied.

IKE Features

The following features are available with Internet Key Exchange, AIX versions 4.3.2 and later:

• Authentication with preshared keys
• Use of main mode (identify protect mode) and aggressive mode
• Support for Diffie Hellman groups 1 and 2
• ESP support for DES, triple DES, Null, and authentication with HMAC MD5 and HMAC SHA1
• AH support for HMAC MD5 and HMAC SHA1
• Separation of security policies with tunnel definition to allow security policy definitions to be reused

Evolving Standards

In the first RFC versions of the IP Security headers, authentication data was sent using an Authentication Header (RFC 1826). Encrypted data, or ciphertext was sent in a separate ESP header (RFC 1829). In 1997, the ESP header format was extended to include a field for the authentication digest to enable both encryption and authentication information to be processed in one header. In addition, both AH and ESP formats were extended for replay protection by including a sequence number that prevents old replay packets being accepted. (See figure.) A new HMAC (Hashed Message Authentication Code) standard for strengthening the security of authentication algorithms was adopted in RFC 2104. In this book, these proposed formats are referred to as the 1997 drafts.

In the IP Sec support for AIX 4.3, the RFC versions of the headers and the 1997 draft standards are implemented. Supported authentication algorithms in AIX 4.3 are HMAC MD5 (Message Digest 5, RFC 1321), HMAC SHA1 (Secure Hash Algorithm) and Keyed MD5 (for backward compatibility). The selection of the header format is determined by the authentication algorithm.

Encryption algorithms include DES CBC 8 (Data Encryption Standard Cipher Block Chaining with 64-bit Initial Vector), DES CBC 4 (Data Encryption Standard Cipher Block Chaining with 32-bit Initial Vector), 3 DES CBC (Triple DES, AIX versions 4.3.1 and later), and an exportable version of DES known as CDMF (Common Data Masking Facility). The most commonly used encryption algorithm is DES CBC 8. The ability to send authentication data in the ESP header is also supported. Either HMAC SHA1 or HMAC MD5 may be used with any of the encryption algorithms.

Once the 1997 drafts are promoted to RFC standards and are widely used, configuration will be much simpler and IP Security will be implemented in a consistent manner.

Supported IETF Standards

The security standards used by AIX are the standards being produced by the IP Security group of the Internet Engineering Task Force (IETF). Some of these standards are currently in draft mode and may become accepted RFCs before the next AIX version release. A current and complete list of RFC standards is maintained on the Internet at the following URL:

http://ds.internic.net/ds/rfc-index.html

The following sections list the standards on which the IP Sec code is based for AIX version 4.3.2.

IKE Standards

• draft-ietf-ipsec-arch-sec-05: Security Architecture for the Internet Protocol
• draft-ietf-ipsec-isakmp-09: Internet Security Association & Key Management Protocol (ISAKMP)
• draft-ietf-ipsec-ipsec-doi-09: The Internet IP Security Domain of Interpretation for ISAKMP
• draft-ietf-ipsec-isakmp-oakley-08: The resolution of ISAKMP with Oakley

IP Sec Standards

• RFC 1825: Security Architecture for the Internet Protocol
• RFC 1826: IP Authentication Header
• draft-ietf-ipsec-auth-header-06: IP Authentication Header
• RFC 1827: IP Encapsulating Security Payload (ESP)
• draft-ietf-ipsec-esp-v2-05: IP Encapsulating Security Payload (ESP)

Cipher-Related Standards

• RFC 2104: HMAC: Keyed-Hashing for Message Authentication
• draft-ietf-ipsec-auth-hmac-sha196-03: The Use of HMAC-SHA-1-96 within ESP and AH
• draft-ietf-ipsec-auth-hmac-md5-96-03: The Use of HMAC-MD5-96 within ESP and AH
• draft-ietf-ipsec-cbc-01: ESP with Cipher Block Chaining (CBC)
• draft-ietf-ipsec-ciph-cbc-02: The ESP CBC-Mode Cipher Algorithms
• draft-ietf-ipsec-ciph-des-expiv-02: The ESP DES-CBC Cipher Algorithm with Explicit IV
• draft-ietf-ipsec-ciph-des3-00: The ESP Triple DES Transform
• draft-ietf-ipsec-ciph-3des-expiv-01: The ESP 3DES-CBC Algorithm Using an Explicit IV

Security Associations

The building block on which secure communications is built is a concept known as a security association. Security associations (SAs) relate a specific set of security parameters to a type of traffic. With IP Security-protected data, a separate SA exists for each direction and for each header type, AH or ESP. The information contained in the SA includes the IP addresses of the communicating parties, a unique identifier known as the Security Parameters Index (SPI), the algorithms selected for authentication and/or encryption, the authentication and encryption keys, and the key lifetimes (see figure). The goal of key management is to negotiate and compute the SAs that will be used when protecting IP traffic.

Tunnels and Key Management

To set up a secure communication between two hosts, SAs must be negotiated and managed during the use of the tunnel. Key management is a complex issue for IP Security and new standards are being developed to ensure interoperability. Two types of tunnels are supported by AIX version 4.3 and an additional type is supported by AIX versions 4.3.2 and later. Each uses different key management techniques. They are:

• Manual tunnels (static, IETF standard)
• IBM tunnels (dynamic, proprietary)
• IKE tunnels (dynamic, IETF Standard) (AIX versions 4.3.2 and later)

Manual Tunnels

Manual tunnels provide backward compatibility to all header types and will interoperate with machines that do not have IBM or, for AIX versions 4.3.2 and later, IKE key management protocol. The disadvantage of manual tunnels is that the key values are static. In other words, the encryption and authentication keys are the same for the life of the tunnel and must be manually updated. The manual tunnel support has the widest choice of header and encryption options, as shown in the following table:

Note: In the previous table, items shown with an asterisk (*) are available in AIX versions 4.3.1 and later.

IBM Tunnels

IBM tunnels negotiate and refresh security parameters. This protocol predates the IKE protocol available with AIX versions 4.3.2 and later, and many aspects of IBM tunnel protocol are the basis of the IKE design. They support the original RFC formats on IP Version 4.

IKE tunnels are recommended over IBM tunnels, except when communicating with IBM equipment that does not yet support IKE tunnels. IBM tunnels offer a more dynamic and secure method for providing IP Security tunnels than manual tunnels, and should be considered in situations where IKE tunnel support is not available. IBM tunnel support is shown in the following table:

IKE Tunnels

IKE tunnels are available in AIX versions 4.3.2 and later. Based on the ISAKMP/Oakley standards developed by the IETF, IKE tunnels negotiate and refresh security parameters and exchange keys securely. Three types of authentication are described in the standards, preshared key, digital signature and public key. AIX version 4.3.2 implements Preshared Key.

The negotiation uses a two phase approach. The first phase authenticates the communicating parties and specifies the method for security communications. In phase 2, IP security associations (SAs) are negotiated and keys are exchanged.

IKE tunnels are the most desired key management method. Since it is a very new technology, it supports the new draft formats with only industry standard encryption. (CDMF is being considered but is not yet adopted by the IETF.) In AIX, IKE tunnels support IP Version 4 only, as shown in the following table:

Native Filtering Capability

Filtering is a basic function in which incoming and outgoing packets can be accepted or denied based on a variety of characteristics. This allows a user or system administrator to configure the host to control the traffic between this host and other hosts. Filtering is done on a variety of packet properties, such as source and destination addresses, IP version (4 or 6), subnet masks, protocol, port, routing characteristics, fragmentation, interface, and tunnel definition.

Rules, known as filter rules, are used to associate certain kinds of traffic with a particular tunnel. In a basic AIX configuration, when a user defines a tunnel, filter rules are autogenerated to direct all traffic from that host through the secure tunnel. If more specific types of traffic are desired, the filter rules can be edited or replaced to allow precise control of the traffic using a particular tunnel.

Similarly, when the tunnel is modified or deleted, the filter rules for that tunnel are automatically deleted. This greatly simplifies IP security configuration and helps reduce human error. Tunnel definitions can be propagated and shared among AIX machines and AIX firewalls using import and export utilities, which greatly simplifies the administration of a large number of machines.

Filter rules are necessary to associate particular types of traffic with a tunnel, but data being filtered does not necessarily need to travel in a tunnel. Rules allow AIX to provide basic firewall functionality for users who want to restrict the flow of certain types of traffic to or from their machine. This is especially useful for the administration of machines in an intranet or do not have the protection of a firewall.

Once the filter rules are generated, they are stored in a table and loaded into the kernel. When packets are ready to be sent or received from the network, the filter rules are checked in the list from top to bottom to determine whether the packet should be permitted, denied, or sent through a tunnel. The criteria of the rule is compared to the packet characteristics until a match is found or the default rule is reached.

The IP Sec function also implements filtering of non-secure packets based on very granular user-defined criteria, which can be useful when controlling IP traffic between networks and machines that do not require the use of IP Sec.