Browse Prior Art Database

HMAC-MD5 IP Authentication with Replay Prevention (RFC2085)

IP.com Disclosure Number: IPCOM000002637D
Original Publication Date: 1997-Feb-01
Included in the Prior Art Database: 2019-Feb-16
Document File: 6 page(s) / 8K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Oehler: AUTHOR [+1]

Related Documents

10.17487/RFC2085: DOI

Abstract

This document describes a keyed-MD5 transform to be used in conjunction with the IP Authentication Header [RFC-1826]. The particular transform is based on [HMAC-MD5]. An option is also specified to guard against replay attacks. [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 27% of the total text.

Network Working Group M. Oehler Request for Comments: 2085 NSA Category: Standards Track R. Glenn NIST February 1997

HMAC-MD5 IP Authentication with Replay Prevention

Status of This Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Abstract

This document describes a keyed-MD5 transform to be used in conjunction with the IP Authentication Header [RFC-1826]. The particular transform is based on [HMAC-MD5]. An option is also specified to guard against replay attacks.

Table of Contents

1. Introduction...................................................1 1.1 Terminology.................................................2 1.2 Keys........................................................2 1.3 Data Size...................................................3 2. Packet Format..................................................3 2.1 Replay Prevention...........................................4 2.2 Authentication Data Calculation.............................4 3. Security Considerations........................................5 Acknowledgments....................................................5 References.........................................................6 Authors’ Addresses.................................................6

1. Introduction

The Authentication Header (AH) [RFC-1826] provides integrity and authentication for IP datagrams. The transform specified in this document uses a keyed-MD5 mechanism [HMAC-MD5]. The mechanism uses the (key-less) MD5 hash function [RFC-1321] which produces a message digest. When combined with an AH Key, authentication data is produced. This value is placed in the Authentication Data field of the AH [RFC-1826]. This value is also the basis for the data integrity service offered by the AH protocol.

Oehler & Glenn Standards Track [Page 1]

RFC 2085 HMAC-MD5 February 1997

To provide protection against replay attacks, a Replay Prevention field is included as a transform option. This field is used to help prevent attacks in which a message is stored and re-used later, replacing or repeating the original. The Security Parameters Index (SPI) [RFC-1825] is used to determine whether this option is included in the AH.

Familiarity with the following documents is assumed: "Security Architecture for the Internet Protocol" [RFC-1825], "IP Authentication Header" [RFC-1826], and "HMAC-MD5: Keyed-MD5 for Message Authentication" [HMAC-MD5].

All implementations that claim conformance or compliance with the IP Authentication Header specification [RFC-1826] MUST implement this HMAC-MD5 transform.

1.1 Terminology

In this document, the words that are used to define the significance of each particular requirement are usually capitalized. These words are:

- MUST

Th...

Processing...
Loading...