From 3a76b7c25195daeb0088294be357bba7988d1bb6 Mon Sep 17 00:00:00 2001 From: Nik Clayton Date: Mon, 26 Jun 2000 09:10:24 +0000 Subject: [PATCH] An article explaining how to independently verify that your IPSec configuration is working. --- en_US.ISO8859-1/articles/ipsec-must/Makefile | 16 + .../articles/ipsec-must/article.sgml | 297 ++++++++++++++++++ en_US.ISO_8859-1/articles/ipsec-must/Makefile | 16 + .../articles/ipsec-must/article.sgml | 297 ++++++++++++++++++ 4 files changed, 626 insertions(+) create mode 100644 en_US.ISO8859-1/articles/ipsec-must/Makefile create mode 100644 en_US.ISO8859-1/articles/ipsec-must/article.sgml create mode 100644 en_US.ISO_8859-1/articles/ipsec-must/Makefile create mode 100644 en_US.ISO_8859-1/articles/ipsec-must/article.sgml diff --git a/en_US.ISO8859-1/articles/ipsec-must/Makefile b/en_US.ISO8859-1/articles/ipsec-must/Makefile new file mode 100644 index 0000000000..0647dfada3 --- /dev/null +++ b/en_US.ISO8859-1/articles/ipsec-must/Makefile @@ -0,0 +1,16 @@ +# $FreeBSD$ + +DOC?= article + +DOCFORMAT= html + +FORMATS?= html + +INSTALL_COMPRESSED?=gz +INSTALL_ONLY_COMPRESSED?= + +SRCS= article.sgml + +DOC_PREFIX?= ${.CURDIR}/../../.. + +.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/en_US.ISO8859-1/articles/ipsec-must/article.sgml b/en_US.ISO8859-1/articles/ipsec-must/article.sgml new file mode 100644 index 0000000000..716ce5df5b --- /dev/null +++ b/en_US.ISO8859-1/articles/ipsec-must/article.sgml @@ -0,0 +1,297 @@ + + + + + Independent Verification of IPSec Functionality in FreeBSD + + + + +

Independent Verification of IPsec Functionality Under FreeBSD 3.0

+ +

You installed IPsec and it seems to be working.  + How do you know? I describe a method for experimentally verifying + that IPsec is working

+ +

The Problem

+ +

First, let's assume you have installed + IPsec. How do you know its working? + Sure, your connection won't work if its misconfigured, and it will work + when you finally get it right. Netstat will list it. But can you + independently confirm it?

+ +

The Solution

+ +

First, some crypto-relevent info theory:

+ +
    +
  1. +

    Encrypted data is uniformly distributed, ie, has maximal entropy + per symbol.

    +
    2. + +
  2. +

    Raw, uncompressed data is typically redundant, i.e., has + sub-maximal entropy.

    +
    3. +
+ +

Suppose you could measure the entropy of the data to- and from- your + network interface. Then you could see the difference between unencrypted + data and encrypted data. This would be true even if some of the data + in "encrypted mode" was not encrypted ---as the outermost IP header must + be, if the packet is to be routable.

+ +

MUST

+ +

Ueli Maurer's "Universal Statistical Test for Random Bit Generators" + ("MUST") quickly measures the entropy of a sample. It uses a + compression-like algorithm. The code is given below for a variant which measures successive + (~quarter megabyte) chunks of a file.

+ +

Tcpdump

+ +

We also need a way to capture the raw network data. A program called + "tcpdump" lets you do this, if you have enabled the Berkeley + Packet Filter interface in your kernel's config file.

+ +

The command

+ +
tcpdump -c 4000 -s 10000 -w + dumpfile.bin
+ +

will capture 4000 raw packets to dumpfile.bin. Up to 10,000 + bytes per packet will be captured in this example.

+ +

The Experiment

+ +

Here's the experiment. Open a window to an IPsec host and another + window to an insecure host.

+ +

Now start capturing packets.

+ +

In the "secure" window, run the unix command "yes", which will stream + the "y" character. After a while, stop this. Switch to the insecure + window, and repeat. After a while, stop.

+ +

Now run MUST on the + captured packets. You should see something like the the following. + The important thing to note is that the secure connection has 93% (6.7) + of the expected value (7.18), and the "normal" connection has 29% (2.1) + of the expected value.

+ + + 
% tcpdump -c 4000 -s 10000 -w ipsecdemo.bin
+% uliscan ipsecdemo.bin
+
+Uliscan 21 Dec 98
+L=8 256 258560
+Measuring file ipsecdemo.bin
+Init done
+Expected value for L=8 is 7.1836656
+6.9396 --------------------------------------------------------
+6.6177 -----------------------------------------------------
+6.4100 ---------------------------------------------------
+2.1101 -----------------
+2.0838 -----------------
+2.0983 -----------------
+ +

Caveat

+ +

This experiment shows that IPsec does seem to be distributing the + payload data uniformly, as encryption should. However, the + experiment described here can not detect many possible flaws in a + system (none of which do I have any evidence for). These include poor + key generation or exchange, data or keys being visible to others, use of + weak algorithms, kernel subversion, etc. Study the source; know the + code.

+ +

IPsec -Definition

+ +

Internet Protocol security extensions to IP v 4; required for IP v6. A + protocol for negotiating encryption and authentication at the IP + (host-to-host) level. SSL secures only one application socket; SSH + secures only a login; PGP secures only a specified file or + message. IPsec encrypts everything between two hosts.

+ +

Installing IPsec

+ +

Starting from the BSD 3.0 stable release,

+ +
    +
  1. +

    install IPsec v0.04, rebuild, reinstall

    +
    2. + +
  2. +

    run the administration tools (e.g, ipsecadm) and distribute + keys (or use Photuris for key exchange)

    +
    3. + +
  3. +

    set the routes (rt) up appropriately

    +
    4. +
+ +

You may want to make an "ipsec_setup" script containing the + ipsecadm and rt commands which establish your IPsec + tunnel. You can run this script automatically at boottime from your + /etc/rc.local The ipsec_setup script will have to contain at + least two ipsecadm commands and one rt command to be + useful.

+ +

usr/src/sys/i386/conf/KERNELNAME

+ +

This needs to be present in the kernel config file in order to run + IPsec. After adding it, run config, etc. and rebuild and + reinstall.

+ + 
# The `bpfilter' pseudo-device enables the Berkeley Packet Filter. Be
+# aware of the legal and administrative consequences of enabling this
+# option. Heh heh. The number of devices determines the maximum number of
+# simultaneous BPF clients programs runnable.
+pseudo-device bpfilter 2 #Berkeley packet filter
+
+# IPSEC
+options IPSEC
+options "MD5"
+pseudo-device enc 1
+ +

Maurer's Universal Statistical Test (for block + size=8 bits)

+ + 

+#include 
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+  FILE *fptr;
+  int i,j;
+  int b, c;
+  int table[V];
+  double sum = 0.0;
+  int iproduct = 1;
+  int run;
+
+  extern double   log(/* double x */);
+
+  printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);
+
+  if (argc < 2) {
+    printf("Usage: Uliscan filename\n");
+    exit(-1);
+  } else {
+    printf("Measuring file %s\n", argv[1]);
+  }
+
+  fptr = fopen(argv[1],"rb");
+
+  if (fptr == NULL) {
+    printf("Can't find %s\n", argv[1]);
+    exit(-1);
+  }
+
+  for (i = 0; i < V; i++) {
+    table[i] = 0;
+  }
+
+  for (i = 0; i < Q; i++) {
+    b = fgetc(fptr);
+    table[b] = i;
+  }
+
+  printf("Init done\n");
+
+  printf("Expected value for L=8 is 7.1836656\n");
+
+  run = 1;
+
+  while (run) {
+    sum = 0.0;
+    iproduct = 1;
+
+    if (run)
+      for (i = Q; run && i < Q + K; i++) {
+        j = i;
+        b = fgetc(fptr);
+
+        if (b < 0)
+          run = 0;
+
+        if (run) {
+          if (table[b] > j)
+            j += K;
+
+          sum += log((double)(j-table[b]));
+
+          table[b] = i;
+        }
+      }
+
+    if (!run)
+      printf("Premature end of file; read %d blocks.\n", i - Q);
+
+    sum = (sum/((double)(i - Q))) /  log(2.0);
+    printf("%4.4f ", sum);
+
+    for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
+      printf("-");
+
+    printf("\n");
+
+    /* refill initial table */
+    if (0) {
+      for (i = 0; i < Q; i++) {
+        b = fgetc(fptr);
+        if (b < 0) {
+          run = 0;
+        } else {
+          table[b] = i;
+        }
+      }
+    }
+  }
+}]]>
+ + + + diff --git a/en_US.ISO_8859-1/articles/ipsec-must/Makefile b/en_US.ISO_8859-1/articles/ipsec-must/Makefile new file mode 100644 index 0000000000..0647dfada3 --- /dev/null +++ b/en_US.ISO_8859-1/articles/ipsec-must/Makefile @@ -0,0 +1,16 @@ +# $FreeBSD$ + +DOC?= article + +DOCFORMAT= html + +FORMATS?= html + +INSTALL_COMPRESSED?=gz +INSTALL_ONLY_COMPRESSED?= + +SRCS= article.sgml + +DOC_PREFIX?= ${.CURDIR}/../../.. + +.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/en_US.ISO_8859-1/articles/ipsec-must/article.sgml b/en_US.ISO_8859-1/articles/ipsec-must/article.sgml new file mode 100644 index 0000000000..716ce5df5b --- /dev/null +++ b/en_US.ISO_8859-1/articles/ipsec-must/article.sgml @@ -0,0 +1,297 @@ + + + + + Independent Verification of IPSec Functionality in FreeBSD + + + + +

Independent Verification of IPsec Functionality Under FreeBSD 3.0

+ +

You installed IPsec and it seems to be working.  + How do you know? I describe a method for experimentally verifying + that IPsec is working

+ +

The Problem

+ +

First, let's assume you have installed + IPsec. How do you know its working? + Sure, your connection won't work if its misconfigured, and it will work + when you finally get it right. Netstat will list it. But can you + independently confirm it?

+ +

The Solution

+ +

First, some crypto-relevent info theory:

+ +
    +
  1. +

    Encrypted data is uniformly distributed, ie, has maximal entropy + per symbol.

    +
    2. + +
  2. +

    Raw, uncompressed data is typically redundant, i.e., has + sub-maximal entropy.

    +
    3. +
+ +

Suppose you could measure the entropy of the data to- and from- your + network interface. Then you could see the difference between unencrypted + data and encrypted data. This would be true even if some of the data + in "encrypted mode" was not encrypted ---as the outermost IP header must + be, if the packet is to be routable.

+ +

MUST

+ +

Ueli Maurer's "Universal Statistical Test for Random Bit Generators" + ("MUST") quickly measures the entropy of a sample. It uses a + compression-like algorithm. The code is given below for a variant which measures successive + (~quarter megabyte) chunks of a file.

+ +

Tcpdump

+ +

We also need a way to capture the raw network data. A program called + "tcpdump" lets you do this, if you have enabled the Berkeley + Packet Filter interface in your kernel's config file.

+ +

The command

+ +
tcpdump -c 4000 -s 10000 -w + dumpfile.bin
+ +

will capture 4000 raw packets to dumpfile.bin. Up to 10,000 + bytes per packet will be captured in this example.

+ +

The Experiment

+ +

Here's the experiment. Open a window to an IPsec host and another + window to an insecure host.

+ +

Now start capturing packets.

+ +

In the "secure" window, run the unix command "yes", which will stream + the "y" character. After a while, stop this. Switch to the insecure + window, and repeat. After a while, stop.

+ +

Now run MUST on the + captured packets. You should see something like the the following. + The important thing to note is that the secure connection has 93% (6.7) + of the expected value (7.18), and the "normal" connection has 29% (2.1) + of the expected value.

+ + + 
% tcpdump -c 4000 -s 10000 -w ipsecdemo.bin
+% uliscan ipsecdemo.bin
+
+Uliscan 21 Dec 98
+L=8 256 258560
+Measuring file ipsecdemo.bin
+Init done
+Expected value for L=8 is 7.1836656
+6.9396 --------------------------------------------------------
+6.6177 -----------------------------------------------------
+6.4100 ---------------------------------------------------
+2.1101 -----------------
+2.0838 -----------------
+2.0983 -----------------
+ +

Caveat

+ +

This experiment shows that IPsec does seem to be distributing the + payload data uniformly, as encryption should. However, the + experiment described here can not detect many possible flaws in a + system (none of which do I have any evidence for). These include poor + key generation or exchange, data or keys being visible to others, use of + weak algorithms, kernel subversion, etc. Study the source; know the + code.

+ +

IPsec -Definition

+ +

Internet Protocol security extensions to IP v 4; required for IP v6. A + protocol for negotiating encryption and authentication at the IP + (host-to-host) level. SSL secures only one application socket; SSH + secures only a login; PGP secures only a specified file or + message. IPsec encrypts everything between two hosts.

+ +

Installing IPsec

+ +

Starting from the BSD 3.0 stable release,

+ +
    +
  1. +

    install IPsec v0.04, rebuild, reinstall

    +
    2. + +
  2. +

    run the administration tools (e.g, ipsecadm) and distribute + keys (or use Photuris for key exchange)

    +
    3. + +
  3. +

    set the routes (rt) up appropriately

    +
    4. +
+ +

You may want to make an "ipsec_setup" script containing the + ipsecadm and rt commands which establish your IPsec + tunnel. You can run this script automatically at boottime from your + /etc/rc.local The ipsec_setup script will have to contain at + least two ipsecadm commands and one rt command to be + useful.

+ +

usr/src/sys/i386/conf/KERNELNAME

+ +

This needs to be present in the kernel config file in order to run + IPsec. After adding it, run config, etc. and rebuild and + reinstall.

+ + 
# The `bpfilter' pseudo-device enables the Berkeley Packet Filter. Be
+# aware of the legal and administrative consequences of enabling this
+# option. Heh heh. The number of devices determines the maximum number of
+# simultaneous BPF clients programs runnable.
+pseudo-device bpfilter 2 #Berkeley packet filter
+
+# IPSEC
+options IPSEC
+options "MD5"
+pseudo-device enc 1
+ +

Maurer's Universal Statistical Test (for block + size=8 bits)

+ + 

+#include 
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+  FILE *fptr;
+  int i,j;
+  int b, c;
+  int table[V];
+  double sum = 0.0;
+  int iproduct = 1;
+  int run;
+
+  extern double   log(/* double x */);
+
+  printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);
+
+  if (argc < 2) {
+    printf("Usage: Uliscan filename\n");
+    exit(-1);
+  } else {
+    printf("Measuring file %s\n", argv[1]);
+  }
+
+  fptr = fopen(argv[1],"rb");
+
+  if (fptr == NULL) {
+    printf("Can't find %s\n", argv[1]);
+    exit(-1);
+  }
+
+  for (i = 0; i < V; i++) {
+    table[i] = 0;
+  }
+
+  for (i = 0; i < Q; i++) {
+    b = fgetc(fptr);
+    table[b] = i;
+  }
+
+  printf("Init done\n");
+
+  printf("Expected value for L=8 is 7.1836656\n");
+
+  run = 1;
+
+  while (run) {
+    sum = 0.0;
+    iproduct = 1;
+
+    if (run)
+      for (i = Q; run && i < Q + K; i++) {
+        j = i;
+        b = fgetc(fptr);
+
+        if (b < 0)
+          run = 0;
+
+        if (run) {
+          if (table[b] > j)
+            j += K;
+
+          sum += log((double)(j-table[b]));
+
+          table[b] = i;
+        }
+      }
+
+    if (!run)
+      printf("Premature end of file; read %d blocks.\n", i - Q);
+
+    sum = (sum/((double)(i - Q))) /  log(2.0);
+    printf("%4.4f ", sum);
+
+    for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
+      printf("-");
+
+    printf("\n");
+
+    /* refill initial table */
+    if (0) {
+      for (i = 0; i < Q; i++) {
+        b = fgetc(fptr);
+        if (b < 0) {
+          run = 0;
+        } else {
+          table[b] = i;
+        }
+      }
+    }
+  }
+}]]>
+ + + +