VPN Problem:
What is the most secure VPN cryptographic algorithm? What is the best-practice for choosing IPsec security strength?Solution:
Use Key Management methodology to determine IPsec security strength.Key Management
The National Institute of Standards and Technology (NIST) publishes up-to-date guidance for choosing appropriate VPN ciphers. It uses Key Management methodology to rate the effectiveness of different cryptographic algorithms.Security Strength
Security strength is a Key Management assessment that estimates the effectiveness of cryptographic algorithms against known attacks over time. New or improved attacks may affect these equivalencies in the future.Security strength uses bits-of-security to represent cipher strength. Security-bits are not the same thing as key-length bits. For example, a 1024-bit RSA certificate provides 80-bits of security.
In addition, different security algorithms may share common security strength levels (Table 1). It's best practice to match similar security strength when working with different sets of cryptography algorithms (e.g., transfer-sets and cipher-sets). Consider, one depreciated algorithm can compromise the entire security target.
IPsec Cipher Assessment
Use Key Management security strength assessments to implement secure IKEv2 and L2TP/IPsec VPN. Consider how security-bits represents cipher strength:- 89 security-bits are vulnerable to known attacks.
- 103 security-bits are not vulnerable to known attacks -for now. Status forecast to depreciate in the near-future (may be months or years).
- 128 security-bits are not vulnerable to known attacks. Status forecast remains secure for near-future.
- 192 security-bits are not vulnerable to known attacks. Status forecast remains secure for long-term future (years).
Cisco dubs 192-bit security as Next Generation (NG). NG security strength includes DH-19 that uses 256-bit key with elliptic-curve algorithms. It provides a 1024-bit key exchange and does not require intensive hardware resources -wow!
Table 1
VPN Security Strength
|
|||||||
| Security Strength | DH | RSA | IKE Encryption | IKE Hash | ESP Encryption | ESP HMAC Hash | Assessment*** |
| 80-bit | 5 | 1024 | AES-128 | SHA1 | AES-128 | SHA1 | Bad |
| 89-bit | 5 | 2048 | AES-128 | SHA1 SHA256 |
AES-128 | SHA1 SHA256 |
Bad |
| 103-bit | 14 | 2048 | AES-128 | SHA1 SHA256 |
AES-128 | SHA1 SHA256 |
Good |
| 128-bit | 15 | 3072 | AES-128 | SHA256 SHA384 |
AES-128 | SHA1 SHA256 |
Better |
| 192-bit* | 16 | 4096** | AES-256 | SHA256** SHA384 |
AES-256 | SHA1 SHA256** |
Best |
Note: DH-EC not included in this table -for simplicity. DH-EC provides for a 1024 or 7068 security bit key exchange. *192-bit security level requires 7680-bit RSA. Some systems do not support 7680-bit RSA. **Security level mismatch. 4096-RSA security-strength is 140-bit (i.e., not 192-bit). This mismatch impacts all security levels. ***The assessment column is not official NIST Key Management. It is this author's independent qualitative interpretation derived from NIST Key Management. |
|||||||
Table 2 Diffie-Hellmand (DH) Security Strength Levels. |
||
| DH Group | DH Key | Security Strength (i.e., Bits of Security) |
| DH5 | 1536 bits | 89 bits |
| DH14 | 2048 bits | 103 bits |
| DH15 | 3072-bit | 128 bits |
| DH16 | 4096 bit | 192 bits |
| DH19 (ECP) | 256-bit (ECP) | 1024 |
| DH20 (ECP) | 384-bit ECP | 7680 |
Table 3 Encryption Security Strength Levels |
||
| AES | AES Key | Security Strength (i.e., Bits of Security) |
| AES-128 | 128 | 128 |
| AES-256 | 256 | 256 |
Table 4 RSA Security Strength |
||
| Certificate | RSA Key | Symmetric Key |
| RSA | 1024-bit | 80-bit |
| RSA | 2048-bit | 112-bit |
| RSA | 3072-bit | 128-bit |
| RSA | 4096-bit | 140-bits* |
| RSA | 15360 -bit* | 256-bit** |
*No formal recommendation for Symmetric key. RSA 4096 offers marginal 28bit increase for symmetric key. **15360 is not usable. Therefore, use RSA 3072-bit key. | ||
Table 5 Hash Security Strength |
|||
| Hash | Hash-only | HMAC | Security Strength (i.e., Bits of Security) |
| SHA | SHA-1 SHA-256 SHA-512 |
SHA-1 SHA-256 SHA-512 |
80 |
| SHA | SHA256 SHA384 SHA256 |
SHA-1 SHA-256 SHA-512 |
112 |
| SHA | SHA256 SHA384 SHA256 |
SHA-1 SHA256 SHA-512 |
128 |
| SHA | SHA-384 SHA-512 |
SHA-256 SHA-384 SHA-512 |
192 |
| SHA | SHA512 | SHA-256 SHA-384 SHA-512 |
SHA256 |
Note: Hash security level determined by algorithm, scheme or application and by the minimum security-strength provided. |
|||
That's it!
References:
https://www.nist.gov/
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
http://infosecurity.ch/20100926/not-every-elliptic-curve-is-the-same-trough-on-ecc-security/
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
Thanks For sharing this Superb article.I use this Article to show my assignment in college.it is useful For me Great Work. best vpn
ReplyDeleteThe rapid increase in the crime rates has made it more important for everyone to have advanced security systems. Locksmith near me
ReplyDelete