FY99 Continued Internet Security Research and Development Project Plan

In FY97 & FY98 ANTD and CSD staff members took a leadership role in the IETF and vendor community in design and standardization of internetwork layer security protocols, known as IPsec, and a key exchange and key management protocol known as IKE (Internet Key Exchange). IPsec & IKE protocols are designed to provide dynamic authentication, integrity and confidentiality services to both the current IP protocol (IPv4) and IPv6. We have concentrated our current efforts on IPv4 because of the high level of interest in fielding Internet security technology as quickly as possible.

At the request of IETF area directors, NIST staff collaborated with key industry partners to develop several specifications for emerging IPsec protocols. NIST staff co-authored IPsec protocol specifications with: Cisco Systems Inc, Bay Networks, IBM T. J. Watson Research Center, Sable Systems and GTE Internetworking.

In addition to contributing to IETF standards development, we designed and developed Cerberus, a leading edge prototype and reference implementation of the latest IPsec specifications. We also developed PlutoPlus, a prototype implementation of the latest IKE specifications. Cerberus and PlutoPlus serve as publicly available reference implementations and platforms for on-going research on advanced issues in IPsec and IKE technology.

To answer an industry call for more frequent and accessible interoperability testing for emerging commercial implementations of IPsec technology, we developed the NIST IPsec WWW-based Interoperability Tester (IPsec-WIT). IPsec-WIT is built around the Cerberus and PlutoPlus prototypes and ubiquitous WWW technology and allows implementers to remotely execute series of interoperability tests against the NIST reference implementation. IPsec-WIT also serves as an experiment in test system architectures and technologies. The novel use of WWW technology allows IPsec-WIT to provide interoperability testing services anytime and anywhere without requiring any distribution of test system software, or relocation of the systems under test.

Cerberus, PlutoPlus, and IPsec-WIT are only initial building blocks toward a complete solution to the security problems of today's Internet. In order for security to be an ubiquitous part of the future NGI infrastructure, much research and development must occur to address unresolved issues such as scalable certificate infrastructures, mechanisms to manage and enforce security policies, and 2nd order issues relating to IPsec technology (e.g. mobile IP security, IPv6 security, IP multicast security, IPsec resiliency, IPsec VPN applicability).

This proposal defines a series of NIST tasks aimed at further advancing the state of security technology in the IETF standards, the commercial vendor, and Internet user communities. This project is a continuation of ongoing NIST efforts in these areas. It is predicted that some of these tasks will become the initial impetus for larger tasks that will continue into FY00. It is possible that the resources to accomplish all of these tasks will not be available for FY99. It is also possible for new developments in the IETF community to arise that will cause some of these tasks to become less significant. These potential problems will be addressed as they develop.

Task 1. IKE Reference Implementation Development and Integration

In the next few weeks, NIST will release PlutoPlus, an early prototype reference implementation which provides the core set of services defined in the IKE standards. PlutoPlus provides the community a valuable tool to further research and standardize the areas of IPsec and dynamic key management and will help expedite the availability of interoperable commercial implementations.

PlutoPlus requires additional functionality to provide the community with a fully functional IKE reference implementation. A list is provided below which highlights the additional required functionality. In addition, other protocols and mechanisms are required for IKE to provide its defined security services. There is an IETF proposal to use newly defined DNS record types to identify the location of IPsec tunnel end-points. To dynamically authenticate its exchanges, IKE must request and use a public key certificate from a public key Certificate Authority (CA). These mechanisms are required to have a complete, stand-alone, scalable, key management solution.

In this task we will continue the development of the NIST IKE Reference Implementation. Additional protocol extensions and mechanisms will be integrated to provide a complete IPsec key management reference implementation. The following is the task outline that will be used to meet the objectives defined above.

The following is a prioritized list of functionality that is missing from the current PlutoPlus prototype. An additional list is provided that includes optional functionality that will be included given the time and resources.

Required Functionality:

Optional Functionality:

Task 2. IPv6 IPsec/IKE Research and Development

One of the primary differences between IPv6 and IPv4 is that security is a mandatory component of IPv6. For IPv6 to become a viable, next generation replacement of IPv4, security services must become an integral part of IPv6. IPv6 offers many other core services that are considered optional for IPv4. While it is the intent of the IETF IPsec WG to use the existing IPsec specifications to define security services for IPv6, the IPsec specifications do not address the security issues regarding these additional services. In general, very little research and development has been done in the area of IPv6 security.

In this task we will develop IPv6 versions of our IPsec and IKE reference implementation prototypes. We will also participate in the development of a set of protocols to provide integrated security services for IPv6. The following is the task outline that will be used to meet the objectives defined above.

Task 3. Integrated Internet Security Interoperability Testing

The NIST IPsec WWW-based Interoperability Tester (IPsec-WIT) is an experimental interoperability testing tool for emerging IETF security protocols. The goals of the IPsec-WIT effort are to (1) investigate lightweight testing architectures/technologies that will actually get used by the Internet community, and (2) to produce an operational interoperability test system for IPsec protocols.

IPsec-WIT was initially designed around 2 stateless IPsec protocols (AH and ESP). Incorporating IKE, a stateful protocol, into the test system was not trivial and has pushed the utility of the tester, in its current design, to its limits. All of the tasks listed in this project proposal involve adding more complexity and integrating individual Internet security protocols to provide a more complete Internet security solution. To continue providing this service to the Internet community, a more robust interoperability testing language and testing tool is required.

In this task we will develop a new version of IPsec-WIT to provide interoperability testing anytime and anywhere for an integrated IPsec environment. This new test system will incorporate all of the additional features added to Cerberus and PlutoPlus as part of this proposal. The following is the task outline that will be used to meet the objectives defined above.

Task 4. IPsec/IKE System Policy Research and Development

IPsec and IKE standards were developed to operate in virtually any environment in which someone would want to secure IP traffic. As a result, these protocols have many optional components (i.e. algorithms, functions, and IKE message types). The IPsec specifications refer to a Security Policy Database (SPD) and local policy as the mechanisms to determine which components to use in any particular communication. The SPD contains controls for a subset of the optional components defined the IPsec specifications and excludes policy controls for IKE. The term local policy is vague and provides little direction to the people, institutions, and organizations that may wish to use and deploy IPsec technology. An additional complexity involves the ability to distribute policy across multiple IPsec/IKE systems in a network. Without a better understanding on how to setup and use IPsec technology to implement network security policy, wide-scale deployment will fail.

In this task, we will develop documentation, protocol extensions, and prototypes to assist IPsec users in better understanding and implementing IPsec policy. The following is the task outline that will be used to meet the objectives defined above.

Task 5. Mobile IP Security Research and Development

In the past few years we have witnessed an explosive growth in the use of notebook computers, hand-held computers, and wireless technology. Over the next several years, we will see the majority of these mobile computers, connected to the Internet via Mobile IP protocols. As organizations adopt more of this technology, requirements for mobility will include large numbers of highly mobile nodes, frequently/continuously changing points of network attachment, potential for rapidly evolving / moving network infrastructures, and the need for stringent security services in all aspects of mobile networking. The only scalable standardized security solution available for use with Mobile IP is through the application of IPsec and IKE technology.

Little effort has been made to study the feasibility of using IPsec and IKE protocols in a mobile networking environment. The current IPsec and IKE specifications assume, for the most part, the use of wired technology and large bandwidth networks. Mobile IP networks are typically bandwidth constrained and require high levels of compression to transmit effectively. Strong encryption removes the ability to compress data. In response to this, the IETF has defined an IPsec-like compression protocol, the IP Payload Compression Protocol (IPPCP), and extensions to IKE to allow mobile computers to negotiate and apply compression prior to applying IPsec encryption.

Under this task, NIST will research the security requirements for mobile IP environments and evaluate the applicability of emerging IETF IPsec/IKE technology to support such environments. Initially, this will be something of a seed task, with NIST devoting minor resources to research and experimentation with mobile IP and IPsec. As other efforts mature, we will increase our efforts by defining more significant research topics involving Mobile IP and IPsec.