分享
 
 
 

RFC2410 - The NULL Encryption Algorithm and Its Use With IPsec

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

Network Working Group R. Glenn

Request for Comments: 2410 NIST

Category: Standards Track S. Kent

BBN Corp

November 1998

The NULL Encryption Algorithm and Its Use With IPsec

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This memo defines the NULL encryption algorithm and its use with the

IPsec Encapsulating Security Payload (ESP). NULL does nothing to

alter plaintext data. In fact, NULL, by itself, does nothing. NULL

provides the means for ESP to provide authentication and integrity

without confidentiality.

Further information on the other components necessary for ESP

implementations is provided by [ESP] and [ROAD].

1. IntrodUCtion

This memo defines the NULL encryption algorithm and its use with the

IPsec Encapsulating Security Payload [ESP] to provide authentication

and integrity without confidentiality.

NULL is a block cipher the origins of which appear to be lost in

antiquity. Despite rumors that the National Security Agency

suppressed publication of this algorithm, there is no evidence of

such action on their part. Rather, recent archaeological evidence

suggests that the NULL algorithm was developed in Roman times, as an

eXPortable alternative to Ceaser ciphers. However, because Roman

numerals lack a symbol for zero, written records of the algorithm's

development were lost to historians for over two millennia.

[ESP] specifies the use of an optional encryption algorithm to

provide confidentiality and the use of an optional authentication

algorithm to provide authentication and integrity. The NULL

encryption algorithm is a convenient way to represent the option of

not applying encryption. This is referred to as ESP_NULL in [DOI].

The IPsec Authentication Header [AH] specification provides a similar

service, by computing authentication data which covers the data

portion of a packet as well as the immutable in transit portions of

the IP header. ESP_NULL does not include the IP header in

calculating the authentication data. This can be useful in providing

IPsec services through non-IP network devices. The discussion on how

ESP_NULL might be used with non-IP network devices is outside the

scope of this document.

In this memo, NULL is used within the context of ESP. For further

information on how the various pieces of ESP fit together to provide

security services, refer to [ESP] and [ROAD].

The key Words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in [RFC2119].

2. Algorithm Definition

NULL is defined mathematically by the use of the Identity function I

applied to a block of data b such that:

NULL(b) = I(b) = b

2.1 Keying Material

Like other modern ciphers, e.g., RC5 [RFC-2040], the NULL encryption

algorithm can make use of keys of varying lengths. However, no

measurable increase in security is afforded by the use of longer key

lengths.

2.2 Cryptographic Synchronization

Because of the stateless nature of the NULL encryption algorithm, it

is not necessary to transmit an IV or similar cryptographic

synchronization data on a per packet (or even a per SA) basis. The

NULL encryption algorithm combines many of the best features of both

block and stream ciphers, while still not requiring the transmission

of an IV or analogous cryptographic synchronization data.

2.3 Padding

NULL has a block size of 1 byte, thus padding is not necessary.

2.4. Performance

The NULL encryption algorithm is significantly faster than other

commonly used symmetric encryption algorithms and implementations of

the base algorithm are available for all commonly used hardware and

OS platforms.

2.5 Test Vectors

The following is a set of test vectors to facilitate in the

development of interoperable NULL implementations.

test_case = 1

data = 0x123456789abcdef

data_len = 8

NULL_data = 0x123456789abcdef

test_case = 2

data = "Network Security People Have A Strange Sense Of Humor"

data_len = 53

NULL_data = "Network Security People Have A Strange Sense Of Humor"

3. ESP_NULL Operational Requirements

ESP_NULL is defined by using NULL within the context of ESP. This

section further defines ESP_NULL by pointing out particular

operational parameter requirements.

For purposes of IKE [IKE] key extraction, the key size for this

algorithm MUST be zero (0) bits, to facilitate interoperability and

to avoid any potential export control problems.

To facilitate interoperability, the IV size for this algorithm MUST

be zero (0) bits.

Padding MAY be included on outgoing packets as specified in [ESP].

4. Security Considerations

The NULL encryption algorithm offers no confidentiality nor does it

offer any other security service. It is simply a convenient way to

represent the optional use of applying encryption within ESP. ESP

can then be used to provide authentication and integrity without

confidentiality. Unlike AH these services are not applied to any

part of the IP header. At the time of this writing there is no

evidence to support that ESP_NULL is any less secure than AH when

using the same authentication algorithm (i.e. a packet secured using

ESP_NULL with some authentication algorithm is as cryptographically

secure as a packet secured using AH with the same authentication

algorithm).

As stated in [ESP], while the use of encryption algorithms and

authentication algorithms are optional in ESP, it is imperative that

an ESP SA specifies the use of at least one cryptographically strong

encryption algorithm or one cryptographically strong authentication

algorithm or one of each.

At the time of this writing there are no known laws preventing the

exportation of NULL with a zero (0) bit key length.

5. Intellectual Property Rights

Pursuant to the provisions of [RFC-2026], the authors represent that

they have disclosed the existence of any proprietary or intellectual

property rights in the contribution that are reasonably and

personally known to the authors. The authors do not represent that

they personally know of all potentially pertinent proprietary and

intellectual property rights owned or claimed by the organizations

they represent or third parties.

6. Acknowledgments

Steve Bellovin suggested and provided the text for the Intellectual

Property Rights section.

Credit also needs to be given to the participants of the Cisco/ICSA

IPsec & IKE March 1998 Interoperability Workshop since it was there

that the need for this document became apparent.

7. References

[ESP] Kent, S., and R. Atkinson, "IP Encapsulating Security

Payload", RFC2406, November 1998.

[AH] Kent, S., and R. Atkinson, "IP Authentication Header",

RFC2402, November 1998.

[ROAD] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security

Document Roadmap", RFC2411, November 1998.

[DOI] Piper, D., "The Internet IP Security Domain of

Interpretation for ISAKMP", RFC2408, November 1998.

[IKE] Harkins, D., and D. Carrel, "The Internet Key Exchange

(IKE)", RFC2409, November 1998.

[RFC-2026] Bradner, S., "The Internet Standards Process -- Revision

3", BCP 9, RFC2026, October 1996.

[RFC-2040] Baldwin, R., and R. Rivest, "The RC5, RC5-CBC, RC5-CBC-

Pad, and RC5-CTS Algorithms", RFC2040, October 1996

[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate

Requirement Levels", BCP 14, RFC2119, March 1997.

6. Editors' Addresses

Rob Glenn

NIST

EMail: rob.glenn@nist.gov

Stephen Kent

BBN Corporation

EMail: kent@bbn.com

The IPsec working group can be contacted through the chairs:

Robert Moskowitz

ICSA

EMail: rgm@icsa.net

Ted T'so

Massachusetts Institute of Technology

EMail: tytso@mit.edu

7. Full Copyright Statement

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to

others, and derivative works that comment on or otherwise explain it

or assist in its implementation may be prepared, copied, published

and distributed, in whole or in part, without restriction of any

kind, provided that the above copyright notice and this paragraph are

included on all such copies and derivative works. However, this

document itself may not be modified in any way, such as by removing

the copyright notice or references to the Internet Society or other

Internet organizations, except as needed for the purpose of

developing Internet standards in which case the procedures for

copyrights defined in the Internet Standards process must be

followed, or as required to translate it into languages other than

English.

The limited permissions granted above are perpetual and will not be

revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an

"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING

TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING

BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION

HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有