Independent Verification of IPSec Functionality in FreeBSD

+ + Independent Verification of IPSec Functionality in FreeBSD + + + David + Honig + + +

honig@sprynet.com

+ + + + 3 May 1999 + + + You installed IPsec and it seems to be working. How do you + know? I describe a method for experimentally verifying that IPsec is + working. + + + + + The Problem + + First, let's assume you have + installed IPsec. How do you know + it's working? Sure, your + connection won't work if its misconfigured, and it will work + when you finally get it right. &man.netstat.1; will list it. + But can you independently confirm it? + + + + The Solution + + First, some crypto-relevant info theory: + + + + encrypted data is uniformly distributed, i.e., has maximal + entropy per symbol; + + + + raw, uncompressed data is typically redundant, i.e., has + sub-maximal entropy. + + + + Suppose you could measure the entropy of the data to- and + from- your network interface. Then you could see the difference + between unencrypted data and encrypted data. This would be true + even if some of the data in encrypted mode was + not encrypted---as the outermost IP header must be, if the + packet is to be routable. + + + MUST + + Ueli Maurer's Universal Statistical Test for Random + Bit Generators( + MUST) quickly measures the entropy + of a sample. It uses a compression-like algorithm. The code is given below for a variant + which measures successive (~quarter megabyte) chunks of a + file. + + + + Tcpdump + + We also need a way to capture the raw network data. A + program called &man.tcpdump.1; lets you do this, if you have + enabled the Berkeley Packet Filter + interface in your kernel's config + file. + + The command + + + tcpdump -c 4000 -s 10000 -w dumpfile.bin + + + will capture 4000 raw packets to + dumpfile.bin. Up to 10,000 bytes per + packet will be captured in this example. + + + + The Experiment + + Here's the experiment. + + + + Open a window to an IPsec host and another window to an + insecure host. + + + + Now start capturing + packets. + + + + In the secure window, run the UNIX + command &man.yes.1;, which will stream the y + character. After a while, stop this. Switch to the + insecure window, and repeat. After a while, stop. + + + + Now run MUST on the + captured packets. You should see something like the + following. The important thing to note is that the secure + connection has 93% (6.7) of the expected value (7.18), and + the normal connection has 29% (2.1) of the + expected value. + + +&prompt.user; tcpdump -c 4000 -s 10000 -w ipsecdemo.bin +&prompt.user; uliscan ipsecdemo.bin Uliscan 21 Dec 98 L=8 256 258560 @@ -98,58 +144,75 @@ 6.4100 --------------------------------------------------- 2.1101 ----------------- 2.0838 ----------------- -2.0983 ----------------- - -

Caveat

- -

This experiment shows that IPsec does seem to be distributing the - payload data uniformly, as encryption should. However, the - experiment described here cannotdetect many possible flaws in a - system (none of which do I have any evidence for). These include poor - key generation or exchange, data or keys being visible to others, use of - weak algorithms, kernel subversion, etc. Study the source; know the - code.

- -

IPsec---Definition

- -

Internet Protocol security extensions to IPv4; required for IPv6. A - protocol for negotiating encryption and authentication at the IP - (host-to-host) level. SSL secures only one application socket; SSH - secures only a login; PGP secures only a specified file or - message. IPsec encrypts everything between two hosts.

- -

Installing IPsec

- -

Most of the modern versions of FreeBSD have IPsec support - in their base source. So you'll probably will need to - include IPSEC option in your kernel config - and, after kernel rebuild and reinstall, configure IPsec - connections using setkey command.

- - -

A comprehensive guide on running IPsec on FreeBSD is - provided in FreeBSD - Handbook. - -

usr/src/sys/i386/conf/KERNELNAME

- -

This needs to be present in the kernel config file in order to be able - to capture network data with tcpdump. - Be sure to run config after adding this, and rebuild and - reinstall.

- -

device	bpf
 -

- -

Maurer's Universal Statistical Test (for block - size=8 bits)

- -

You can find the same code at - this link.

+2.0983 ----------------- + + + + + + + Caveat + + This experiment shows that IPsec does + seem to be distributing the payload data + uniformly, as encryption should. However, + the experiment described here cannot + detect many possible flaws in a system (none of which do I have + any evidence for). These include poor key generation or + exchange, data or keys being visible to others, use of weak + algorithms, kernel subversion, etc. Study the source; know the + code. + + + + IPsec---Definition + + Internet Protocol security extensions to IPv4; required for + IPv6. A protocol for negotiating encryption and authentication + at the IP (host-to-host) level. SSL secures only one application + socket; SSH secures only a login; + PGP secures only a specified file or + message. IPsec encrypts everything between two hosts. + + + + Installing IPsec + + Most of the modern versions of FreeBSD have IPsec support + in their base source. So you'll probably will need to include + option in your kernel config and, after + kernel rebuild and reinstall, configure IPsec connections using + &man.setkey.8; command. + + A comprehensive guide on running IPsec on FreeBSD is + provided in FreeBSD + Handbook. + + + + usr/src/sys/i386/conf/KERNELNAME + + This needs to be present in the kernel config file in order + to be able to capture network data with &man.tcpdump.1;. Be sure + to run &man.config.8; after adding this, and rebuild and + reinstall. + + +device bpf + + + + + Maurer's Universal Statistical Test (for block size=8 + bits) + + You can find the same code at + this link. -


 +/*
    ULISCAN.c   ---blocksize of 8
  
    1 Oct 98
 @@ -178,13 +241,13 @@
  */
  
  #define L 8
 -#define V (1<
 -#include 
 +#include <stdio.h>
 +#include <math.h>
  
  int main(argc, argv)
  int argc;
 @@ -202,7 +265,7 @@
  
    printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);
  
 -  if (argc < 2) {
 +  if (argc < 2) {
      printf("Usage: Uliscan filename\n");
      exit(-1);
    } else {
 @@ -216,11 +279,11 @@
      exit(-1);
    }
  
 -  for (i = 0; i < V; i++) {
 +  for (i = 0; i < V; i++) {
      table[i] = 0;
    }
  
 -  for (i = 0; i < Q; i++) {
 +  for (i = 0; i < Q; i++) {
      b = fgetc(fptr);
      table[b] = i;
    }
 @@ -236,15 +299,15 @@
      iproduct = 1;
  
      if (run)
 -      for (i = Q; run && i < Q + K; i++) {
 +      for (i = Q; run && i < Q + K; i++) {
          j = i;
          b = fgetc(fptr);
  
 -        if (b < 0)
 +        if (b < 0)
            run = 0;
  
          if (run) {
 -          if (table[b] > j)
 +          if (table[b] > j)
              j += K;
  
            sum += log((double)(j-table[b]));
 @@ -259,16 +322,16 @@
      sum = (sum/((double)(i - Q))) /  log(2.0);
      printf("%4.4f ", sum);
  
 -    for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
 +    for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
        printf("-");
  
      printf("\n");
  
      /* refill initial table */
      if (0) {
 -      for (i = 0; i < Q; i++) {
 +      for (i = 0; i < Q; i++) {
          b = fgetc(fptr);
 -        if (b < 0) {
 +        if (b < 0) {
            run = 0;
          } else {
            table[b] = i;
 @@ -276,8 +339,7 @@
        }
      }
    }
 -}]]>

- - - - +} + + +