The increasing use of the Internet is making security a primary concern of Internet users. To provide security, Virtual Private Networks (VPNs) have been developed. A VPN is an IP connection between two sites over the public IP network that has its payload traffic encrypted so that only the source and destination can decrypt the traffic packets. VPNs encrypt not only payload but also the protocol stack informational items, which may be used to compromise a customer site in a technical session attack profile.
A large number of VPN protocols have been developed. The Point-to-Point Tunneling Protocol (PPTP) provides encryption and authentication for remote dial-up and LAN-to-LAN connections, uses a control session to establish and maintain a secure tunnel from sender to receiver, and uses a data session to provide data transmission. The Layer 2 Forward protocol (L2F) provides tunneling between an Internet Service Provider's (ISP) dial-up server and the network. The user establishes a dial-up Point-to-Point Protocol (PPP) connection to the ISP's server, which then wraps the PPP frames inside an L2F frame for routing over the network. The Layer 2 Tunneling Protocol defines a method for tunneling PPP sessions across a network. It combines both PPTP and L2F. IP Security or IPSec is a suite of protocols that includes an Authentication Header (AH), an Encapsulating Security Payload (ESP), and the Internet Key Exchange (IKE). Operating at Layer 3, IPSec provides address authentication via AH, data encryption via ESP, and automated key exchanges between sender and receiver nodes using IKE. Other VPN protocols include Secure Real Time Protocol (SRTP), Transport LAN Service (TLS), and Secure Socket Layer or SSL protocol.
An exemplary IPSec session will be discussed with reference to FIGS. 1 and 2. First and second communication devices 100 and 104, such as IP hardphones, softphones, Personal Computers (PCs), laptops, and Personal Digital Assistants (PDAs), are connected via the untrusted or insecure network 108 (such as the Internet). The communication devices seek to establish a secured session and must perform a key exchange. As will be appreciated, keys 200 are produced by a random number generator 204. The keys 200 are used by each of the first and second communication devices to encrypt and decrypt and authenticate plain and cipher text 208 and 212, respectively. In symmetrical encryption, encryption and decryption are performed by inputting identical keys 200 into the same encryption algorithm 216 at each of the session nodes.
To exchange keys, the IKE protocol uses the Diffie-Hellman encryption algorithm for key generation and provides three different methods of key exchange, namely main mode, aggressive mode, and quick mode. In main mode, six messages (three back-and-forth exchanges) are sent between the nodes. The first two message establish a specific security policy, the next two messages contain key information, and the last two messages provide authentication information. Aggressive mode is similar to main mode and achieves the same result. The difference is that there are only two exchanges (four messages sent between sender and receiver) instead of three. Quick mode is used to generate new keys after all necessary information has been exchanged between the communicating nodes via main or aggressive modes.
Many countries, such as the U.S., place strict export controls on cryptography technology and products for reasons of national security. In the U.S., export controls on commercial encryption products are administered by the Bureau of Industry and Security in the U.S. Department of Commerce, as authorized by the Export Administration Regulations or EAR, and by the Office of Defense Trade Controls (DTC) in the State Department, as authorized by the Information Technology Administration Regulations or ITAR. Historically, strict controls have been placed on granting export licenses for encryption products stronger than a certain level. Other countries have similar regulations.
An ongoing challenge for companies selling cryptographically enabled products internationally is controlling the strength of the encryption product effectively. For such products sold in the U.S., encryption strength is much more loosely controlled than for such products sold in other countries, particularly certain strictly export controlled countries, such as Iran, Cuba, and North Korea.
One approach to controlling encryption strength is to vary the encryption algorithm based upon product destination. This is done using a license file. By way of illustration, a license file utility controls whether or not the device supports first or second encryption algorithms of differing strengths. Examples of weaker encryption algorithms include the Data Encryption Standard-56 (DES) and of stronger encryption algorithms include Triple or Three DES and Advanced Encryption Standard or AES. As will be appreciated, DES is much weaker than Triple DES. A flag is set or unset in the license file when the device is not to support the stronger encryption algorithm. During a license check and/or session negotiation, the license utility will deactivate the stronger encryption algorithm and activate the weaker encryption algorithm when the flag indicates that the device is not to support the stronger encryption algorithm and activate the stronger encryption algorithm and deactivate the weaker encryption algorithm when the flag indicates that the device is to support the stronger encryption algorithm.
In another approach that has been implemented by web browser and server vendors (e.g., Netscape™, Microsoft™, etc.), an application is not allowed to negotiate strong keys of long key lengths and associated cipher suites (encryption algorithms), unless the web server, web browser, and web browser certificate are of a version, type, and strength to allow for strong cipher suites and key sizes to be used. Otherwise, weak keys of short key lengths and associated cipher suites are used.
Problems with these approaches include the transparency, to a sophisticated user, of the activation of the weaker encryption algorithm. Based on this knowledge, sophisticated users may attempt to alter the license file to activate the stronger encryption algorithm. This transparency is particularly a problem where the user can view freely the certificate and determine if the software version is such that encryption is restricted.
Another problem is that the software vendor needs to manage two software packages depending upon whether the product is to be exported or remain in the country of manufacture. The vendor thus must ensure that the package having a higher encryption strength does not leave the country of manufacture.