From owner-freebsd-security Tue Sep 7 2: 9: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from guppy.pond.net (guppy.pond.net [205.240.25.2]) by hub.freebsd.org (Postfix) with ESMTP id F009A15A92; Tue, 7 Sep 1999 02:08:42 -0700 (PDT) (envelope-from dmp@aracnet.com) Received: from aracnet.com (snapuser2-89.pacificcrest.net [216.36.34.89]) by guppy.pond.net (8.9.3/8.9.3) with ESMTP id CAA05236; Tue, 7 Sep 1999 02:06:06 -0700 (PDT) From: dmp@aracnet.com Message-ID: <37D4D60C.8AF45A7B@aracnet.com> Date: Tue, 07 Sep 1999 02:08:28 -0700 X-Mailer: Mozilla 4.6 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Rodney W. Grimes" Cc: Gary Palmer , freebsd-security@FreeBSD.ORG Subject: Re: Layer 2 ethernet encryption? References: <199909070656.XAA04873@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Rodney W. Grimes" wrote: > > "Rodney W. Grimes" wrote: > > > > dmp@aracnet.com wrote in message ID > > > > <37D496A5.A0576E0F@aracnet.com>: > > > > > Is it possible to encrypt ethernet packets so that all layers above > > > > > layer 2 would be encrypted? The idea I had was to make a device that > > > > > could defeat a TCP sniffer by encrypting the IP headers. Is this > > > > > doable? Viable? A reinvention of the wheel? > > > > > > > > How would you route the traffic? No routers would be able to pass the > > > > traffic. > > > > > > No, only routers knowing the key would be able to route traffic. > > > > In my idea, only the machine to which the packet is being sent would > > have the decryption key. If the router had the decryption key, it > > would mean that it would have to be programmable for it to load the > > right decryption key. > > Usually one key per interface, not a big deal, and required for what > I was discussing since this even encrypts the MAC address. However, that means that every device on the network must have a key. For devices like routers and switches, which don't provide absolute control over security, allowing them to de/encrypt traffic is a security hole. With only the workstations and servers having keys and running open-source software, there are fewer security holes, plus a far greater level of control can be exercised. > > That opens a security hole in which a DoS > > could be executed by corrupting the router's keys. The router's key > > cache would also have to be retrivable, making it possible to steal > > the keys from the router. > > You can't corrupt the router key unless you know the key, it won't > hear you unless your data is properly encrypted. Remeber this is > layer 1 encryption, so you have to know the key to encrypt the MAC > to get the router to even listen to you. With that method, the packet has to be decrypted, analysed, then reencrypted at each hop, making each hop a security risk. By having the source encrypt the packet to the destination's key, leaving layer 2 intact, the packet can remain encrypted for the entire trip, with only the source and destination knowing the real nature of the data being sent. > You can steal ``physcially'' steal the keys from the router itself, > but then we would have to post armed gards as others mentioned to > stop physical access attacks. Well, they aren't armed, at least not with guns. Not the ones inside the building, any way. A lot of computer equipment doesn't react well to bullets. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message