Learning tool for IPSEC with emphasis on the use of MGRE in corporate networks
Published 2013-05-11
Keywords
- IP security,
- DMVPN,
- mGRE,
- ESP,
- AH
- 3DES,
- SHA-1 ...More
How to Cite
Abstract
This paper presents a tool named “UV IPsec Tools”, developed to understand and interact in a didactic way with the transformations performed by IPsec when using the MD5, SHA-1 and 3DES algorithms for the encryption and integrity check of an IPv4 datagram. As an example, we present the implementation of a corporate network using Dynamic Multipoint Virtual Private Networks, which are based on the establishment of dynamic tunnels protected by IPSec. The tool was developed in Java and with the help of another program we developed, it was possible to validate the code for the MD5 and SHA-1 algorithms with 14 test vectors as specifed in RFC 2202. Also, to show an application on IPsec, the design, confguration, emulation and validation of three private networks connected via the public Internet using GNS3 was made.
Downloads
References
C. McDonald, P. Hawkes, and J. Pieprzyk, “Differential Path for SHA-1 with complexity 252”. (2009). Available: http://eprint.iacr.org/2009/259[visited June 2011].
J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer, “OpenPGP Message Format”, In IETF (The Internet Engineering Task Force) Request for Comments RFC 4880. Available: https://tools.ietf.org/html/rfc4880 [visited August 2011].
L. Chappell, “Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide”, Laura Chappell University, San Jose, CA 95129 USA, 2010, pp. 341-342.
Advanced Network Technologies Division, “NIST IKE (v1/v2) / IPsec Simulation Tool” Available: http://www.antd.nist.gov/niist/ [visited April 2011].
S. Kent, K. Seo, “Security Architecture for the Internet Protocol”, In IETF (The Internet Engineering Task Force) Request for Comments RFC 4301. Available: http://tools.ietf.org/html/rfc4301 [visited December 2010].
D.Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, and R. Glenn, “Generic Routing Encapsulation”, In IETF (The Internet Engineering Task Force) Request for Comments RFC 2784. Available: http://tools.ietf.org/html/rfc2784.html [visited January 2011].
G. Dommety, “Key and Sequence Number Extensions to GRE”, In IETF (The Internet Engineering Task Force) Request for Comments RFC 2890. Available: http://tools.ietf.org/html/rfc2890 [visited February 2011].
J. Luciani, D. Katz, D. Piscitello, B. Cole, and N. Doraswamy, “NBMA Next Hop Resolution Protocol (NHRP)”, In IETF (The Internet Engineering Task Force) Request for Comments RFC 2332. Available: http://tools.ietf.org/html/rfc2332 [visited June 2011].
J. Grossmann, X. Alt, “Graphical Network Simulator (GNS3 0.8.2)”. Available: http://www.gns3.net/download/ [visited August 2011]
Cisco Systems, Inc. “Configuring Dynamic Multipoint VPN (DMVPN) using GRE over IPsec between Multiple Routers”. Available: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml[visited January 2012].
P. Cheng and R. Glenn, “Test Cases for HMAC-MD5 and HMAC-SHA-1”, In IETF (The Internet Engineering Task Force) Request for Comments RFC 2202. Available: http://xml2rfc.tools.ietf.org/html/rfc2202 [visited February 2011].
B. Hirschler, A. Treytl, and W. Neustadt, “Internet Protocol Security and Power Line Communication”, 16th IEEE International Symposium on Power Line Communications and Its Applications (ISPLC), date: 27-30 March 2012. Piscataway, N.J.: IEEE, 2012.
S. Kent and K. Seo, “Security Architecture for the Internet Protocol”, In IETF (The Internet Engineering Task Force) Request for Comments 4103. Avalilable: http://tools.ietf.org/html/rfc4301 [visited june 2012]