Date: Tue, 07 Sep 1999 02:08:28 -0700 From: dmp@aracnet.com To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: Gary Palmer <gpalmer@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: Layer 2 ethernet encryption? Message-ID: <37D4D60C.8AF45A7B@aracnet.com> References: <199909070656.XAA04873@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Rodney W. Grimes" wrote: > > "Rodney W. Grimes" wrote: > > > > dmp@aracnet.com wrote in message ID > > > > <37D496A5.A0576E0F@aracnet.com>: > > > > > Is it possible to encrypt ethernet packets so that all layers above > > > > > layer 2 would be encrypted? The idea I had was to make a device that > > > > > could defeat a TCP sniffer by encrypting the IP headers. Is this > > > > > doable? Viable? A reinvention of the wheel? > > > > > > > > How would you route the traffic? No routers would be able to pass the > > > > traffic. > > > > > > No, only routers knowing the key would be able to route traffic. > > > > In my idea, only the machine to which the packet is being sent would > > have the decryption key. If the router had the decryption key, it > > would mean that it would have to be programmable for it to load the > > right decryption key. > > Usually one key per interface, not a big deal, and required for what > I was discussing since this even encrypts the MAC address. However, that means that every device on the network must have a key. For devices like routers and switches, which don't provide absolute control over security, allowing them to de/encrypt traffic is a security hole. With only the workstations and servers having keys and running open-source software, there are fewer security holes, plus a far greater level of control can be exercised. > > That opens a security hole in which a DoS > > could be executed by corrupting the router's keys. The router's key > > cache would also have to be retrivable, making it possible to steal > > the keys from the router. > > You can't corrupt the router key unless you know the key, it won't > hear you unless your data is properly encrypted. Remeber this is > layer 1 encryption, so you have to know the key to encrypt the MAC > to get the router to even listen to you. With that method, the packet has to be decrypted, analysed, then reencrypted at each hop, making each hop a security risk. By having the source encrypt the packet to the destination's key, leaving layer 2 intact, the packet can remain encrypted for the entire trip, with only the source and destination knowing the real nature of the data being sent. > You can steal ``physcially'' steal the keys from the router itself, > but then we would have to post armed gards as others mentioned to > stop physical access attacks. Well, they aren't armed, at least not with guns. Not the ones inside the building, any way. A lot of computer equipment doesn't react well to bullets. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37D4D60C.8AF45A7B>