A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol

International audienceWireGuard is a free and open source Virtual Private Network (VPN) that aims to replace IPsec and OpenVPN. It is based on a new cryptographic protocol derived from the Noise Protocol Framework. This paper presents the first mechanised cryptographic proof of the protocol underlying WireGuard, using the CryptoVerif proof assistant. We analyse the entire WireGuard protocol as it is, including transport data messages, in an ACCE-style model. We contribute proofs for correctness, message secrecy, forward secrecy, mutual authentication, session uniqueness, and resistance against key compromise impersonation, identity mis-binding, and replay attacks. We also discuss the strength of the identity hiding provided by WireGuard. Our work also provides novel theoretical contributions that are reusable beyond WireGuard. First, we extend CryptoVerif to account for the absence of public key validation in popular Diffie-Hellman groups like Curve25519, which is used in many modern protocols including WireGuard. To our knowledge, this is the first mechanised cryptographic proof for any protocol employing such a precise model. Second, we prove several indifferentiability lemmas that are useful to simplify the proofs for sequences of key derivations

A WireGuard Exploration

Internet users require secure means of communication. Virtual Private Networks (VPNs) often serve this purpose, for consumers and businesses. The research aims of this paper were an analysis and implementation of the new VPN protocol WireGuard. The authors explain the cryptographic primitives used, build server and client code implementations of WireGuard peers, and present the benefits and drawbacks of this new technology. The outcome was a functional WireGuard client and server implementation, capable of tunneling all Internet traffic through a cloud-based virtual private server (VPS), with minimal manual configuration necessary from the end user. The code is publicly available

An Analysis of Hybrid Public Key Encryption

This analysis is superseded by the more detailed analysis available in “Analysing the HPKE Standard” by J. Alwen, B. Blanchet, E. Hauck, E. Kiltz, B. Lipp, D. Riepel available at https://eprint.iacr.org/2020/1499. This document stays available because 2020/1499 only treats HPKE's Auth mode.Hybrid Public Key Encryption (HPKE) is a cryptographicprimitive being standardized by the Crypto Forum Research Group (CFRG)within the Internet Research Task Force (IRTF). HPKE schemes combineasymmetric and symmetric cryptographic primitives for efficient authenti-cated encryption of arbitrary-sized plaintexts under a given recipient publickey. This document presents a mechanized cryptographic analysis done withCryptoVerif, of all four HPKE modes, instantiated with a prime-order-groupDiffie-Hellman Key Encapsulation Mechanism (KEM)

Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols

International audienceThe Noise Protocol Framework, introduced recently, allows for the design and construction of secure channel protocols by describing them through a simple, restricted language from which complex key derivation and local state transitions are automatically inferred. Noise "Handshake Patterns" can support mutual authentication, forward secrecy, zero round-trip encryption, identity hiding and other advanced features. Since the framework's release, Noise-based protocols have been adopted by WhatsApp, WireGuard and other high-profile applications.We present Noise Explorer, an online engine for designing, reasoning about, formally verifying and implementing arbitrary Noise Handshake Patterns. Based on our formal treatment of the Noise Protocol Framework, Noise Explorer can validate any Noise Handshake Pattern and then translate it into a model ready for automated verification and also into a production-ready software implementation written in Go or in Rust. We use Noise Explorer to analyze more than 57 handshake patterns. We confirm the stated security goals for 12 fundamental patterns and provide precise properties for the rest. We also analyze unsafe handshake patterns and document weaknesses that occur when validity rules are not followed. All of this work is consolidated into a usable online tool that presents a compendium of results and can parse formal verification results to generate detailed-but-pedagogical reports regarding the exact security goals of each message of a Noise Handshake Pattern with respect to each party, under an active attacker and including malicious principals. Noise Explorer evolves alongside the standard Noise Protocol Framework, having already contributed new security goal verification results and stronger definitions for pattern validation and security parameters

A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol

International audienceWireGuard is a free and open source Virtual Private Network (VPN) that aims to replace IPsec and OpenVPN. It is based on a new cryptographic protocol derived from the Noise Protocol Framework. This paper presents the first mechanised cryptographic proof of the protocol underlying WireGuard, using the CryptoVerif proof assistant. We analyse the entire WireGuard protocol as it is, including transport data messages, in an ACCE-style model. We contribute proofs for correctness, message secrecy, forward secrecy, mutual authentication, session uniqueness, and resistance against key compromise impersonation, identity mis-binding, and replay attacks. We also discuss the strength of the identity hiding provided by WireGuard. Our work also provides novel theoretical contributions that are reusable beyond WireGuard. First, we extend CryptoVerif to account for the absence of public key validation in popular Diffie-Hellman groups like Curve25519, which is used in many modern protocols including WireGuard. To our knowledge, this is the first mechanised cryptographic proof for any protocol employing such a precise model. Second, we prove several indifferentiability lemmas that are useful to simplify the proofs for sequences of key derivations

Metodología para evaluar el rendimiento de software de redes privadas virtuales

La presente investigación se desarrolló con el propósito de determinar cuáles seránlos procesos de una metodología que permitirán realizar la evaluación de los softwares de redes privadas virtuales. El tipo de investigación que se utilizará es aplicado con un diseño de investigación no experimental transversaldescriptivo. Asimismo, el enfoque fue cuantitativo, por lo que se ha hecho la utilidad de recursosestadísticos para el análisis de los resultados clave en busca de las aprobaciones de las hipótesis. Por consiguiente, para el desarrollo de la presente investigación se eligió como muestra tres (03) softwares de redes privadas virtuales, tales como: (i) software licenciado (NordVPN), (ii) software libre (ProtonVPN), (iii) software gratuito (TunnelBear) las mismas que fueron comparadas mediante los criterios: (a) rendimiento del software (throughput, jitter), (b) administración de recursos (uso delCPU, uso de Memoria RAM, uso del Disco Duro) y (c) desempeño en la red (latencia, velocidad de descargas de archivos, velocidad de subida de archivos, ancho de banda, filtro y marcado de trafico de red, velocidad de encriptamiento dedatos, velocidad de desencriptamiento de datos, fugas de servidores DNS, fugas de dirección IP, fugas de dirección IP por WebRTC, tiempo de conexión al servidor).En consecuencia, se cumplió con todas las metas planteadas y se aceptó todas las hipótesis. En síntesis, se afirma que la aplicación de los procesos de la metodología MEPVPNS permitió determinar la evaluación de rendimiento de los softwares de redes privadas virtuales en cuanto a: (i) rendimiento del software, (ii) administración de recursos y (iii) desempeño en la red. Finalmente, se recomendóvalidar la metodología MEPVPNS ampliando sus procesos o desarrollando una nueva para entidades proveedores de medios informáticos, etc