WireGuard: Next Generation Secure Kernel Network Tunnel Cutting edge crypto, shrewd kernel design, … HD

WireGuard: Next Generation Secure Kernel Network Tunnel Cutting edge crypto, shrewd kernel design, and networking meet in a surprisingly simple combination by Jason A. Donenfeld At: FOSDEM 2017 WireGuard is a next generation VPN protocol, which lives in the Linux kernel,and uses state of the art cryptography. One of the most exciting recentcrypto-networking developments, WireGuard aims to drastically simplify securetunneling. The current state of VPN protocols is not pretty, with popularoptions, such as IPsec and OpenVPN, being overwhelmingly complex, with largeattack surfaces, using mostly cryptographic designs from the 90s. WireGuardpresents a new abuse-resistant and high-performance alternative based onmodern cryptography, with a focus on implementation and usability simplicity.It uses a 1-RTT handshake, based on NoiseIK, to provide perfect forwardsecrecy, identity hiding, and resistance to key-compromise impersonationattacks, among other important security properties, as well as highperformance transport using ChaCha20Poly1305. A novel IP-binding cookie MACmechanism is used to prevent against several forms of common denial-of-serviceattacks, both against the client and server, improving greatly on those ofDTLS and IKEv2. Key distribution is handled out-of-band with extremely shortCurve25519 points, which can be passed around in the likes of OpenSSH.Discarding the academic layering perfection of IPsec, WireGuard introduces theidea of a "cryptokey routing table", alongside an extremely simple and fullydefined timer-state mechanism, to allow for easy and minimal configuration;WireGuard is actually securely deployable in practical settings. In order torival the performance of IPsec, WireGuard is implemented inside the Linuxkernel, but unlike IPsec, it is implemented in less than 4,000 lines of code,making the implementation manageably auditable. These features converge tocreate an open source VPN utility that is exceedingly simple, yet thoroughlymodern and secure. The presentation will be divided up into several parts. First, there will bean overview of the problems with IPsec, OpenVPN, and other popular VPNs,outlining attacks and weaknesses. Next, the WireGuard idea of the "cryptokeyrouting table" will be introduced, and we’ll walk through several propertiesderived from it. This will transition into a discussion of the timer statemechanism, and how secure protocols are necessarily stateful, but it’spossible to make them appear stateless to the user by exhaustively definingall possible state transitions. Then we’ll get into the hardcore meat of thepresentation: the cryptography and various crypto innovations behindWireGuard. We will discuss the triple Diffie-Hellman, the role of combiningstatic and ephemeral keys, the performance and DoS-potential of Curve25519point multiplication, using a PRF chaining for rotating keys, identity hidingand remaining silent on a network, and clever usage of authenticatedencryption with additional data. We will