Recently, the topic of encryption has been growing in importance—from the engineers performing unique cryptographic attacks to politicians mandating encryption backdoors. Tempered Networks builds secure networks using encryption, so we clearly have our share of opinions. But for today, I’ll just stick to the facts. I’ll share how Tempered approaches encryption technology and some of the algorithms in use.
We use IPSec and the HIP protocol to build secure overlay networks. These secure overlay networks use your existing switch infrastructure and wiring for the underlay. A listener on the underlay is not able to decrypt any of the overlay traffic.
This allows anyone to build a complex overlay network with a simple policy editor that is built into our central controller. The best part about our solution is the policy constructed by the Conductor, our orchestration engine, that whitelists a device’s communications to other devices. Tempered’s security appliances, HIPswitches, implement the policy and perform the encryption to protect the devices on the overlay network.
HIP and IPsec
Before we go into the HIP protocol that enables overlay networks, let’s discuss IPSec. IPSec is used to establish secure connections between hosts. In particular, IPSec’s Encapsulated Security Payload (ESP RFC4303) mode provides confidentiality and integrity while completely cloaking all information from prying eyes. The overlay source and destination IP address are encrypted and can’t be decrypted from the underlay. An outside observer listening on the underlay network cannot even know which legacy hosts are communicating.
IPSec ESP must authenticate hosts as well agree on a symmetric key for bulk encryption of data. The most common key agreement protocol is IKEv2, the Internet Key Exchange.
The Host Identity Protocol (RFC5201) is intended to solve some of the problems associated with IKE and IPSec key negotiation.
Using HIP, each device has its own cryptographic identity in the form of an asymmetric key pair. This identity is used for authentication of HIPSwitches and for establishing a symmetric IPSec ESP session key. The ESP session key is used to encrypt the overlay traffic as it crosses the underlay.
We currently use an asymmetric RSA 2048 bit identity on each host. The HIP protocol verifies the identity of a peer device. Each peer device must be authorized to communicate per the policy from the Conductor. Once authorized, a Diffie-Hellman key exchange is conducted between the peers. This currently uses 3072 bit group 15 Diffie-Hellman keys. The result of the Diffie Hellman negotiation is a shared AES-256 key for the bulk encryption. The HIP protocol was originally written to use the SHA-1 protocol for authentication of messages. Tempered has extended the HIP protocol to use SHA-256.
Secure by Design
Tempered Networks builds secure networks on a strong crypto foundation. We use modern algorithms to make the overlay network as secure as possible while allowing users to quickly and easily set policy. In the future, we will be investigating different crypto algorithms and will be using the strongest crypto available.