Yavipin's homepage
Yavipind is a secure tunnel aka 2 peers securely forwarding packets
toward each other.
It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual
point-to-point device (e.g. tun0).
It fully runs in linux userspace.
A comprehensive introduction
(originally written for
LinuxSecurity.com)
is available. It is overview of yavipin's capabilities and motivations.
you can download
it or look at the ChangeLog.
Other secure tunnels analysis:
yavipin has been written because i wasn't satisfied by the existing
alternatives. i published some security holes i know in alternatives
to bring awareness to users and help them to do a knowledgeable
choise:
- Security analysis of VTun:
This text is a security analysis of VTun.
It includes a description of the security based on the source and
lists the possible attacks.
An attacker can modify packets, replay them, learn pattern
of the plain text or easily guess low-entropy password.
[ps]
[pdf]
[html]
- Security flaws in tinc:
This text describes security flaws in Tinc.
It includes a description of the security and
lists the possible attacks.
An attacker can modify packets, replay them and learn pattern
of the plain text.
[ps]
[pdf]
[html]
Yavipin factsheet:
When designing the protocol and writting the software, the author
used the following criteria:
the security MUST as strong as reasonably possible, yavipin SHOULD be
network efficient, easy to use and install.
Network efficiency:
- small packet overhead: 26bytes (e.g. ESP with DES+MD5 is 32byte)
- Packet compression:
Forwarded packets may be compressed using deflate (gzip).
(WORK: add stat about efficiency)
- NAT compatible:
yavipin's tunnel may be establish over NAT as
all packets of a tunnel are sent over a single UDP/IPv4 connection.
Moreover the peer unreachability detection periodically send packets
which prevent the NAT engine from timing out the connection state.
- Peer unreachabilty detection:
If the other peer becomes unreachable, it will be detected.
It is done ala IPv6 neighbours discovery (rfc2461.7).
- Gracefull shutdown:
If a peer purposely stops, it will notify the other which is
immediatly aware of it.
Usage's simplicity:
- Fully in userspace: No need to recompile the kernel
- reuse existing tools:
As yavipin use a virtual device, it is possible to apply to the
tunnel any tool designed for network device.
For example, it is possible to set up a firewall using
ipchains/netfilter or to do traffic shapping using the
kernel's traffic control (see tc).
Security's strength:
- packet security:
each packet exchanged during the connection is encrypted using
blowfish CFB and authenticated with HMAC-MD5 96bits.
- protection against packet replay:
It uses strict anti-replay and no packet can be accepted twice.
A eavedropper can't take a packet, keep it for a while and make
it accept a second time by the destination.
- Efficient session key renewal:
It uses hash chains for efficiency. It allows smooth key transition
not to cause any packet loss during the renewal.
It provides forward secrecy inside the connection.
- Protect DoS ala TCP syn :
It uses cookie exchange (rfc2522.3) during the connection
establishement.
- Forward secrecy :
Even if the attacker cracks the box, he won't be able to decrypt
network traffic older than a given delay (default 10min).
The diffie-hellman private key and the session key are periodically
renewed and securely erased from memory.
Yavipin portability:
Currently, yavipind has been tested only on linux-2.4 and will be ported
soon to linux-2.2.
To port it on another UNIX should be not too hard. The new OS must
support openssl, glib and virtual tunnels. openssl and glib are
very portable and Universal TUN/TAP device
driver is supported by linux, solaris and freebsd. Any volunteer ?
Credits:
yavipin protocol and software have been written by jerome etienne (jme
at off.net)
yavipin project is hosted by
