Public Eye



How to Ring a FreeSWAN

Referent: Rüdiger Weiss (rweis@pi4.informatik.uni-mannheim.de)

FreeS/WAN implements the Internet Key Exchange (IKE) protocol for the negotiation of the session keys. However the current implementation is limited to performing key negotiation based on preshared secrets that are stored in configuration files. If an attacker can read these files the security of the related IPSec tunnels would be compromised. A better alternative is to lock long term keys like these in a tamper resistant environment which they never leave. The iButton from Dallas Semiconductor is a JavaCard compliant device in an unusual form factor: a wearable finger ring. It provides a portable progammable environment with improved tamper resistance compared to conventional smart cards.

We will compare and implement different protocols in which the secret keys are stored in an iButton. Besides authentication only methods (like a simple challenge/response) also schemes using Remotely Keyed Encryption (RKE) will be invstigated. These allow the encryption and decryption of entire sessions to be controlled by the iButton rather than just the session keys.

URL:
http://www.informatik.uni-mannheim.de/~rweis/ccc1999/