WireGuard: Next Generation Secure Network Tunnel

Presented at Black Hat USA 2018, Aug. 8, 2018, 2:40 p.m. (50 minutes).

The state of VPN protocols is not pretty, with popular options, such as IPsec and OpenVPN, being overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90s. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography with a focus on implementation and usability simplicity. It uses a 1-RTT handshake, based on NoiseIK, to provide perfect forward secrecy, identify hiding, and resistance to key-compromise impersonation attacks, among other important security properties, as well as high performance transport using ChaCha20Poly1305. A novel IP-binding cookie MAC mechanism is used to prevent against several forms of common denial-of-service attacks, both against the client and server, improving greatly on those of DTLS and IKEv2. Key distribution is handled out-of-band with extremely short Curve25519 points, which can be passed around in the likes of OpenSSH. Discarding the academic layering perfection of IPsec, WireGuard introduces the idea of a "cryptokey routing table", alongside an extremely simple and fully defined timer-state mechanism, to allow for easy and minimal configuration; WireGuard is actually securely deployable in practical settings. In order to rival the performance of IPsec, WireGuard is implemented inside the Linux kernel, but unlike IPsec, it is implemented in less than 4,000 lines of code, making the implementation manageably auditable.


Presenters:

  • Jason Donenfeld -  ,  
    Jason Donenfeld is an independent security researcher and software developer, with a broad background of experience, well-known in both the security community and the open source world, and has pioneered several exploitation techniques. He has worked with many severe vulnerabilities in widespread software projects, including working on 0-day vulnerabilities in the Linux kernel, as well as extensive hardware reverse engineering. When he's not putting microchips under the scope, Jason can be found making and breaking cryptography, usually in ways that combine his low-level systems knowledge with cryptographic concerns. His security work spans advanced mathematical and geometric algorithms, cryptography, and remote exploitation. Jason founded Edge Security (www.edgesecurity.com), a highly capable security consulting firm, with expertise in vulnerability discovery, security assessments, cryptography, reverse engineering, hardened development, and physical security.

Links:

Similar Presentations: