\subsection{VPNs}
\todo{write this subsection}
-\subsubsection{IPSec}
+\subsubsection{IPSec in general}
+
+
\todo{cm: check if there are downgrade attacks for checkpoint \& co} \\
-\todo{cm: reference the paper describing how complex IPSec is and that it can't be checked properly} \\
\todo{cm: change this to a table format: Variant ((A,B), (recommendations, recommendations))} \\
+\begin{description}
+
+\item[Settings:] \mbox{}
+
\paragraph*{Assumptions}\mbox{}\\
We assume the usage of IKE (v1 or v2) for this document, and ESP.
If you need to use Pre-Shared Key authentication:
\begin{enumerate}
-\item Choose a \textbf{random} PSK of 20 characters or more (\todo{length, references!})
+\item Choose a \textbf{random}, \textbf{long enough} PSK (see below)
\item Use a \textbf{separate} PSK for any IPSEC connection
\item Change the PSKs regularily
\end{enumerate}
+The size of the PSK should not be shorter than the output size of
+the hash algorithm used in IKE \footnote{It is used in a HMAC, see
+ \url{http://www.ietf.org/rfc/rfc2104.txt}.}.
+
+For a key composed of upper- and lowercase letters, numbers, and two
+additional symbols \footnote{64 possible values = 6 bits}, that gives
+the following minimum lengths in characters:
+
+\begin{table}[h]
+ \centering
+ \small
+ \begin{tabular}{lc}
+ \toprule
+ IKE Hash & PSK length \\
+ \midrule
+ SHA256 & 43 \\
+ SHA384 & 64 \\
+ SHA512 & 86 \\
+ \bottomrule
+ \end{tabular}
+\end{table}
+
\paragraph*{Cryptographic Suites}\mbox{}\\
IPSEC Cryptographic Suites are pre-defined settings for all the
level and make setting up VPNs easier.
When using any of those suites, make sure to enable ``Perfect Forward
-Secrecy`` for Phase 2, as this is not specified in the suites.
-
-\verb|Suite-B-GCM-256| \footnote{\url{http://tools.ietf.org/html/rfc6379}}
-would be roughly equivalent to ``Configuration A``, but keep in mind
-that it uses NIST elliptic curves for the Diffie-Hellman key exchange.
+Secrecy`` for Phase 2, as this is not specified in the suites. The
+equivalents to the recommended ciphers suites in section
+\ref{section:recommendedciphers} are:
-\verb|Suite-B-GCM-128| or
-\verb|VPN-B| \footnote{\url{http://tools.ietf.org/html/rfc4308}} would
-be roughly equivalent to ``Configuration B``; again,
-\verb|Suite-B-GCM-128| uses NIST elliptic curves, \verb|VPN-B| does
-not.
-
-\todo{Aaron: make an example for how to include images}
-\todo{cm: screenshots of Checkpoint settings}
+\begin{table}[h]
+ \centering
+ \small
+ \begin{tabular}{lll}
+ \toprule
+ Configuration A & Configuration B & Notes\\
+ \midrule
+ \verb|Suite-B-GCM-256|\footnote{\url{http://tools.ietf.org/html/rfc6379}} &
+\verb|Suite-B-GCM-128| & Uses NIST elliptic curves
+\\ & \verb|VPN-B|\footnote{\url{http://tools.ietf.org/html/rfc4308}} &
+\\
+ \bottomrule
+ \end{tabular}
+\end{table}
\paragraph*{IKE or Phase 1}\mbox{}\\
+Alternatively to the pre-defined cipher suites, you can define your
+own, as described in this and the next section.
+
IKE or Phase 1 is the mutual authentication and key exchange phase.
Use only ``main mode``, as ``aggressive mode`` has known security
vulnerabilities \footnote{\url{http://ikecrack.sourceforge.net/}}.
-Encryption Algorithm: AES or CAMELLIA
+\todo{how to make footnotes in a table appear in the output document?}
-Hash Algorithm: SHA2-256, SHA2-384 or SHA2-512
+\begin{table}
+ \centering
+ \small
+ \begin{tabular}{lll}
+ \toprule
+ & Configuration A & Configuration B \\
+ \midrule
+ Mode & Main Mode & Main Mode \\
+ Encryption & AES-256 & AES-256, CAMELLIA-256 \\
+ Hash & SHA2-* & SHA2-*, SHA1 \\
+ DH Group & Group 14--18 \footnote{2048--8192 bit DH},
+ 19--21\footnote{(256--521 bit ECDH)} & Group 14--21 \\
+ Lifetime & \todo{need recommendations; 1 day seems to be common
+ practice} & \\
+ \bottomrule
+ \end{tabular}
+\end{table}
-DH Group: Group 14--18 (2048--8192 bit DH), or 19-21 (256--521 bit
-ECDH)
+\paragraph*{ESP or Phase 2}\mbox{}\\
-Lifetime: \todo{need recommendations; 1 day seems to be common practice}
+ESP or Phase 2 is where the actual data are protected.
-\todo{what about CAST?}
+\todo{make the tables appear right here!}
-\paragraph*{ESP or Phase 2}\mbox{}\\
+\begin{table}
+ \centering
+ \small
+ \begin{tabular}{lll}
+ \toprule
+ & Configuration A & Configuration B \\
+ \midrule
+ Perfect Forward Secrecy & yes & yes \\
+ Encryption & AES-GCM-16, AES-CTR, AES-CCM-16, AES-256 & AES-GCM-16, AES-CTR, AES-CCM-16, AES-256, CAMELLIA-256 \\
+ Hash & SHA2-* (or none for AES-GCM) & SHA2-*, SHA1 (or none for AES-GCM) \\
+ DH Group & Same as Phase 1 & Same as Phase 1 \\
+ Lifetime & \todo{need recommendations; 1-8 hours is common} & \\
+ \bottomrule
+ \end{tabular}
+\end{table}
-Enable ``Perfect Forward Secrecy`` with a DH Group equivalent to the
-one chosen for IKE.
+\item[References:] \mbox{}
-Encryption Algorithm: AES-GCM-16, AES-CTR, AES-CCM-16, AES-CBC, SEED
-or CAMELLIA \todo{order of this list?}
+``A Cryptographic Evaluation of IPsec'', Niels Ferguson and Bruce
+ Schneier: \url{https://www.schneier.com/paper-ipsec.pdf}
-Hash Algorithm: none (if using AES-GCM), HMAC-SHA-SHA256 or longer
-\todo{what about AES-XCBC-MAC?}
+\end{description}
-Lifetime: \todo{need recommendations; 1--8 hours seems to be common practice}
+\subsubsection{Check Point FireWall-1}
+
+\todo{Aaron: make an example for how to include images}
+\todo{cm: screenshots of Checkpoint settings}
\subsubsection{OpenVPN}