International Journal of Network Security, Vol.11, No.1, PP.46{54, July 2010 46 Simpli¯ed IPSec Protocol Stack for Micro Server Nguyen Thanh Hoa1, Kensuke Naoe1, and Yoshiyasu Takefuji2 (Corresponding author: Nguyen Thanh Hoa) Graduate School of Media and Governance, Keio University, Endo 5322, Fujisawa, Kanagawa, Japan1 Faculty of Environment and Information Studies, Keio University, Endo 5322, Fujisawa, Kanagawa, Japan2 (Email: fhoant, naoe, [email protected]) (Received Oct. 26, 2008; revised and accepted June 27, 2009) Abstract cause of very small processors and very limited memory [13]. In this paper, we propose a simple IPSec protocol stack for Cryptography is the art of secret writing. Cryptogra- Micro Server. We proposed an implementation of IPSec phy guarantee security properties such as authentication protocol stack which is constructed by Encapsulating Se- or secrecy in the information exchange between users and curity Payload (ESP) protocol with Advanced Encryption server. This paper analyzes normal security methods us- Security (AES) encryption scheme, whereas authentica- ing cryptography and then proposes a simple IPSec proto- tion using MD5 algorithm is optional. Researchers have col that can protect very small sensors and Micro Server. focused on creating a small system composed of sensors In the implementation, we have established ESP protocol and a Micro Server where it has a small sized memory, with code size less than 7Kbytes. This simple IPSec pro- multi-function, low cost, but without security consider- tocol is very useful for security connection between small ation. The security problem in the Micro Server is a devices and Internet. IPv6 is the \next generation" proto- challenging task because of the very limited flash mem- col to replace the current version Internet Protocol IPv4 ory.Here, we have implemented the AES function as 2.704 [12]. In IPv6, IP security protocol (IPSec) is a mandatory Kbytes and the ESP protocol with this encryption func- feature. RFC 2460 [9] states that a \full implementation tion as 3.822Kbytes of code. Therefore, the proposed of IPv6" includes implementation of the authorization method has less than 4Kbytes in code size. Even includ- header (AH) and encapsulating security payload (ESP) ing the authentication using MD5, the ¯le size is less than [14]. The simple IPSec protocol helps very small devices 7Kbytes although this is still optional. In our proposed to connect safely to Internet IPv4 and is good referred method, we have focused on implementing the encapsula- materials to improve and apply for IPv6. tion of the payload and ignored the key exchange proce- dure to simplify the secure communication compared to conventional IPSec protocol stack. Keywords: 8-bit micro-controller, IPSec, micro server, 2 Background security, sensor 2.1 The Micro Server 1 Introduction We made a Micro Server gadget that followed the de- sign of Takefuji [19] that is shown in Figure 1. This Mi- In the world, many people gather their strength and intel- cro Server uses 8bit micro-controller Atmega168 with 16 ligence to have fast and accurate information. Therefore, Kbytes flash memory. Adam Dunkel, the author of the information becomes the target that everyone wants to simple TCP/IP stack embedded inside this Micro Server pursue. On the other hand, everyone wants to keep their with size of flash memory is about 8466 bytes [20]. own information secret. Nowadays, with the development The limitation of the Micro Server is that it has very of technology and science, we can make small sensors and small memory (only left 7 Kbytes for security function) Micro Servers very easily. These small and cheap sen- and limited processing: 512 Bytes EEPROM Data Mem- sors and Micro Server are deployed in many useful, low ory, 1024 Bytes SRAM Data Memory, 32 MCU General cost applications. Security is an important issue when Purpose Registers (Accumulators), 0 - 20 MHz Speci¯c these devices are used in health care applications, home Clock Frequency Supply, 2.7 - 5.5 v Voltage. We will use appliances and many others. However, researchers design this Micro Server to test the implementation of a sim- sensors and Micro Server with purpose of small size, low ple IPSec protocol that we will describe in the following cost rather than security. Security is challenging tasks be- sections. International Journal of Network Security, Vol.11, No.1, PP.46{54, July 2010 47 2.2.2 Security for Network Layer IPSec is a suitable protocol for securing network connec- tions but it is complex protocol. This provides the ability to encrypt any higher layer protocol and authenticating each IP packet. IPSec o®ers the greatest flexibility of all the existing TCP/IP cryptosystems. We can see the com- plexity of IPSec protocol in the Figure 2 [3]: processing key exchange; processing Security Policy, Security Asso- ciation (by SPD, SAD) and two protocols AH - Authen- tication Header, ESP - Encapsulating Security Payload. IPSec de¯nes SA - Security Association. SA is a rela- tionship between two or more entities that present how the entities use IPSec to communicate securely. When IPSec is required, the end points have to determine se- curity parameters such as which algorithms to use (for Figure 1: Micro server example, DES or AES for encryption, MD5 or SHA for integrity). SA is de¯ned by the packet's destination IP address and a SPI - Security Parameter Index. There are two modes of IPSec: transport mode and tunnel mode. 2.2 The Security Methods In transport mode, IPSec data ¯eld begins with higher level packet headers (ICMP, TCP or UDP). Tunnel mode To transfer the information from sensor and Micro Server is similar with traditional VPN; IPSec data ¯eld begins to PC, we can establish a simple TCP/IP stack on these with an entirely new IP packet header. devices. We have to use the security methods to pre- In IPSec, there are two main protocols to provide vent hackers who want to get the information or attack packet-level security: AH - Authentication Header and Micro Server. Cryptographic protocols are good security ESP - Encapsulating Security Payload. AH protocol pro- methods with high con¯dence. There are two main types vides integrity, authentication and non repudiation. The of security methods for TCP/IP stack: security for ap- AH can protect replay attacks by using sliding window plication layer and security for network layer. However, technique and discarding old packets. In AH transport Micro Server using 8-bit micro-controller has limited flash mode, IP packet include the new AH header and full IP memory, small processor so we analyze theses properties header that is shown in Figure 3. to choose a suitable method for security. ESP protocol provides con¯dential protection, authen- tication and integrity. This protocol has encryption and authentication functions. Authentication is optional but if we use encryption without authentication then ESP pro- 2.2.1 Security for Application Layer tocol is insecure and crackers can attack this connection. IPSec transport mode is shown in Figure 4. To secure an application layer, we can establish SSH - Although a normal IPSec protocol is more complex Secure Shell protocol by using 3DES for encryption and than SSH, but is more feasible because we propose a sim- RSA for authentication. However, implementing public ple IPSec protocol in the following Section 3. key cryptography for Micro Server is di±cult if we have only 7 Kbytes flash memory. 3 The Proposed Simple IPSec Public key cryptography has high security and conve- nience. It provides digital signatures for encryption and Micro-controller is used for creating sensors or Micro authentication. We can apply these public key crypto- Server and has a limited memory and small processors, graphic algorithms to secure application layer. Public for example 8bit-micro-controller has only 16 Kbytes flash key cryptographic algorithms have public keys and pri- memory. Therefore, we have very limited memory for es- vate keys. Other sensors or Micro Servers encrypt data tablishing IPSec protocol. If we have only 7 Kbytes flash by using public keys and send to receiver. Only the device memory, then we need a very simple IPSec protocol to with the proper private key can decrypt data correctly. secure connections between client and Micro Server or RSA is well-known algorithm and is used in many of connections from sensors to PCs. the public key systems. However, the signi¯cant param- We have a simple TCP/IP stack extending ¯gure that eters such as the speed of execution, the di±culty of key includes IPSec protocol as Figure 5 [20]. generation, establishment of system parameters and the Although IPSec protocol is very complex: processing size of data to be stored in the memory is too large and key exchange; processing Security Policy, Security Associ- makes RSA not suitable for securing these small sensors ation and two protocols AH, ESP as we mentioned above, and Micro Server [2]. we can simplify this protocol by reducing functions and International Journal of Network Security, Vol.11, No.1, PP.46{54, July 2010 48 IPSec Peer A (Initiator role) IPSec Peer B (Initiator role) Domain-wide Policy Agent Policy Policy Agent TCP/IP TCP/IP Manager Applications Applications ISAKMP SA IKE IKE TCP/UDP TCP/UDP SPD SAD SAD SPD SA AH AH SA IP IPSec IPSec IP SA ESP ESP IP@a IP@b SA Network Network Interface Interface Figure 2: The IPSec architecture optimize coding to have smallest code size. There has functions. been signi¯cant debate about the necessity for AH, which provides only integrity protection, since ESP can provide RFC 4303 standard [18] describes ESP in detail. ESP integrity protection or encryption or both. has both encryption and authentication, therefore ESP is complex protocol.