The state of VPN protocols is not pretty, with popular options, such as IPsec and OpenVPN, being overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90s. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography, with a focus on implementation and usability simplicity. It uses a 1-RTT handshake, based on NoiseIK, to provide perfect forward secrecy, identity hiding, and resistance to key-compromise impersonation attacks, among other important security properties, as well as high performance transport using ChaCha20Poly1305. A novel IP-binding cookie MAC mechanism is used to prevent against several forms of common denial-of-service attacks, both against the client and server, improving greatly on those of DTLS and IKEv2. Key distribution is handled out-of-band with extremely short Curve25519 points, which can be passed around in the likes of OpenSSH. Discarding the academic layering perfection of IPsec, WireGuard introduces the idea of a "cryptokey routing table", alongside an extremely simple and fully defined timer-state mechanism, to allow for easy and minimal configuration; WireGuard is actually securely deployable in practical settings. In order to rival the performance of IPsec, WireGuard is implemented inside the Linux kernel, but unlike IPsec, it is implemented in less than 4,000 lines of code, making the implementation manageably auditable. The talk will examine both the cryptography and kernel implementation particulars of WireGuard and explore an offensive attack perspective on network tunnels. --- Jason Donenfeld Jason Donenfeld is an independent security researcher and software developer, with a broad background of experience, well-known in both the security community and the open source world, and has pioneered several exploitation techniques. He has worked with many severe vulnerabilities in widespread software projects, including working on 0-day vulnerabilities in the Linux kernel, as well as extensive hardware reverse engineering. His security work spans advanced mathematical and geometric algorithms, cryptography, and remote exploitation. Jason founded Edge Security (www.edgesecurity.com), a highly capable security consulting firm, with expertise in vulnerability discovery, security assessments, reverse engineering, hardened development, and physical security.

2. ▪
▪
▪

3. ▪
▪
▪
▪
▪
▪
▪
▪

6. ▪
▪

7. ▪
▪
▪
▪
▪

8. ▪
▪
▪
▪
▪
▪
▪
▪
▪

11. ▪
▪
▪
▪
▪
▪

12. ▪
▪
▪

13. ▪
▪
▪
▪
▪

14. ▪
▪
▪
▪
▪
▪
▪

15. ▪
▪
▪
▪
▪
▪

16. ▪
▪
▪
▪
▪
▪
▪
▪
▪
▪

17. 

18. 
▪
▪
▪
▪
▪
▪
▪

20. ▪
▪
▪
▪
▪
▪

21. 
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪

22. 
▪
▪
▪
▪
▪

23. ▪  
▪
▪
▪
▪
▪
▪

24. ▪
▪
▪
▪
▪

25. ▪
▪
▪
▪

27. ▪
▪
▪
▪
▪
▪

28. ▪
▪
▪
▪
▪
▪
▪
▪
▪

29. ▪
▪
▪
▪
▪
▪
▪
▪
▪
▪

30. ▪
▪
▪
▪
▪
▪
▪
▪

31. ▪
▪
▪
▪
▪
▪
▪

32. ▪
▪
▪

33. ▪
▪
▪
▪
▪

34. ▪
▪
▪
▪
▪
▪
▪
▪ 

35. 0 128 256 384 512 640 768 8961024
WireGuard
IPSec (AES)
IPSec (ChaPoly)
OpenVPN (AES)
0 0.25 0.5 0.75 1 1.25 1.5
WireGuard
IPSec (AES)
IPSec (ChaPoly)
OpenVPN (AES)

36. ▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪

38. ▪
▪
▪
▪
▪
▪