1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
|
Network Working Group R. Glenn
Request for Comments: 2410 NIST
Category: Standards Track S. Kent
BBN Corp
November 1998
The NULL Encryption Algorithm and Its Use With IPsec
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Abstract
This memo defines the NULL encryption algorithm and its use with the
IPsec Encapsulating Security Payload (ESP). NULL does nothing to
alter plaintext data. In fact, NULL, by itself, does nothing. NULL
provides the means for ESP to provide authentication and integrity
without confidentiality.
Further information on the other components necessary for ESP
implementations is provided by [ESP] and [ROAD].
1. Introduction
This memo defines the NULL encryption algorithm and its use with the
IPsec Encapsulating Security Payload [ESP] to provide authentication
and integrity without confidentiality.
NULL is a block cipher the origins of which appear to be lost in
antiquity. Despite rumors that the National Security Agency
suppressed publication of this algorithm, there is no evidence of
such action on their part. Rather, recent archaeological evidence
suggests that the NULL algorithm was developed in Roman times, as an
exportable alternative to Ceaser ciphers. However, because Roman
numerals lack a symbol for zero, written records of the algorithm's
development were lost to historians for over two millennia.
Glenn & Kent Standards Track [Page 1]
^L
RFC 2410 NULL and IPsec November 1998
[ESP] specifies the use of an optional encryption algorithm to
provide confidentiality and the use of an optional authentication
algorithm to provide authentication and integrity. The NULL
encryption algorithm is a convenient way to represent the option of
not applying encryption. This is referred to as ESP_NULL in [DOI].
The IPsec Authentication Header [AH] specification provides a similar
service, by computing authentication data which covers the data
portion of a packet as well as the immutable in transit portions of
the IP header. ESP_NULL does not include the IP header in
calculating the authentication data. This can be useful in providing
IPsec services through non-IP network devices. The discussion on how
ESP_NULL might be used with non-IP network devices is outside the
scope of this document.
In this memo, NULL is used within the context of ESP. For further
information on how the various pieces of ESP fit together to provide
security services, refer to [ESP] and [ROAD].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
2. Algorithm Definition
NULL is defined mathematically by the use of the Identity function I
applied to a block of data b such that:
NULL(b) = I(b) = b
2.1 Keying Material
Like other modern ciphers, e.g., RC5 [RFC-2040], the NULL encryption
algorithm can make use of keys of varying lengths. However, no
measurable increase in security is afforded by the use of longer key
lengths.
2.2 Cryptographic Synchronization
Because of the stateless nature of the NULL encryption algorithm, it
is not necessary to transmit an IV or similar cryptographic
synchronization data on a per packet (or even a per SA) basis. The
NULL encryption algorithm combines many of the best features of both
block and stream ciphers, while still not requiring the transmission
of an IV or analogous cryptographic synchronization data.
Glenn & Kent Standards Track [Page 2]
^L
RFC 2410 NULL and IPsec November 1998
2.3 Padding
NULL has a block size of 1 byte, thus padding is not necessary.
2.4. Performance
The NULL encryption algorithm is significantly faster than other
commonly used symmetric encryption algorithms and implementations of
the base algorithm are available for all commonly used hardware and
OS platforms.
2.5 Test Vectors
The following is a set of test vectors to facilitate in the
development of interoperable NULL implementations.
test_case = 1
data = 0x123456789abcdef
data_len = 8
NULL_data = 0x123456789abcdef
test_case = 2
data = "Network Security People Have A Strange Sense Of Humor"
data_len = 53
NULL_data = "Network Security People Have A Strange Sense Of Humor"
3. ESP_NULL Operational Requirements
ESP_NULL is defined by using NULL within the context of ESP. This
section further defines ESP_NULL by pointing out particular
operational parameter requirements.
For purposes of IKE [IKE] key extraction, the key size for this
algorithm MUST be zero (0) bits, to facilitate interoperability and
to avoid any potential export control problems.
To facilitate interoperability, the IV size for this algorithm MUST
be zero (0) bits.
Padding MAY be included on outgoing packets as specified in [ESP].
4. Security Considerations
The NULL encryption algorithm offers no confidentiality nor does it
offer any other security service. It is simply a convenient way to
represent the optional use of applying encryption within ESP. ESP
can then be used to provide authentication and integrity without
confidentiality. Unlike AH these services are not applied to any
Glenn & Kent Standards Track [Page 3]
^L
RFC 2410 NULL and IPsec November 1998
part of the IP header. At the time of this writing there is no
evidence to support that ESP_NULL is any less secure than AH when
using the same authentication algorithm (i.e. a packet secured using
ESP_NULL with some authentication algorithm is as cryptographically
secure as a packet secured using AH with the same authentication
algorithm).
As stated in [ESP], while the use of encryption algorithms and
authentication algorithms are optional in ESP, it is imperative that
an ESP SA specifies the use of at least one cryptographically strong
encryption algorithm or one cryptographically strong authentication
algorithm or one of each.
At the time of this writing there are no known laws preventing the
exportation of NULL with a zero (0) bit key length.
5. Intellectual Property Rights
Pursuant to the provisions of [RFC-2026], the authors represent that
they have disclosed the existence of any proprietary or intellectual
property rights in the contribution that are reasonably and
personally known to the authors. The authors do not represent that
they personally know of all potentially pertinent proprietary and
intellectual property rights owned or claimed by the organizations
they represent or third parties.
6. Acknowledgments
Steve Bellovin suggested and provided the text for the Intellectual
Property Rights section.
Credit also needs to be given to the participants of the Cisco/ICSA
IPsec & IKE March 1998 Interoperability Workshop since it was there
that the need for this document became apparent.
7. References
[ESP] Kent, S., and R. Atkinson, "IP Encapsulating Security
Payload", RFC 2406, November 1998.
[AH] Kent, S., and R. Atkinson, "IP Authentication Header",
RFC 2402, November 1998.
[ROAD] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security
Document Roadmap", RFC 2411, November 1998.
[DOI] Piper, D., "The Internet IP Security Domain of
Interpretation for ISAKMP", RFC 2408, November 1998.
Glenn & Kent Standards Track [Page 4]
^L
RFC 2410 NULL and IPsec November 1998
[IKE] Harkins, D., and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.
[RFC-2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996.
[RFC-2040] Baldwin, R., and R. Rivest, "The RC5, RC5-CBC, RC5-CBC-
Pad, and RC5-CTS Algorithms", RFC 2040, October 1996
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
6. Editors' Addresses
Rob Glenn
NIST
EMail: rob.glenn@nist.gov
Stephen Kent
BBN Corporation
EMail: kent@bbn.com
The IPsec working group can be contacted through the chairs:
Robert Moskowitz
ICSA
EMail: rgm@icsa.net
Ted T'so
Massachusetts Institute of Technology
EMail: tytso@mit.edu
Glenn & Kent Standards Track [Page 5]
^L
RFC 2410 NULL and IPsec November 1998
7. Full Copyright Statement
Copyright (C) The Internet Society (1998). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Glenn & Kent Standards Track [Page 6]
^L
|