Transcript ACC

Virtual Private Networks (VPNs)
and IP Security (IPSec)
G53ACC
Chris Greenhalgh
1
Contents






What is a VPN?
Types of VPN
Standards
How does it Work
Issues
Books: Comer ch. 15.5, 40.13, 40.14; Stallings 6th Ed. Ch.
18.5 (“IPv4/IPV6 security”)
2
What is a VPN? (1)

Public network:
– Shared network using common networking
infrastructure, e.g. the Internet
Trusted machines
Public
Network
(insecure, open)
Malicious
machines
3
What is a VPN? (2)

Private network:
– Dedicated network, specific to a single
company/organisation
 More secure, guaranteed quality of service, but more
expensive
Trusted machines
Private
Network
No physical access
to private network
for untrusted machines
4
What is a VPN? (3)

Virtual Private Network:
– Benefits of a private network, but making use of a
public network to carry packets
 Secure, cheaper than a private network
Trusted machines
VPN
Can access packets
on public network
but cannot read/write
VPN data
Public
Network
(insecure, open)
5
VPN Overview
Regular
IP packet
Virtual Private Network!
VPN Access (encrypt/decrypt)
hardware or software
Encrypted
IP packet
Public
Network
Regular
IP packet
VPN Access
Encrypted
IP packet
Cannot understand encrypted packets;
cannot forge encrypted packets.
6
Types of VPN (CISCO-speak!)



Intranet VPN
– Straight replacement for an internal private network
Access VPN
– Allows remote dialup users (e.g. from laptop) to
securely ‘join’ the company internet
 Authentication is a critical concern!
i.e. securely identifying the remote user/device
Extranet VPNs
– Includes partner organisations, but retains additional
security and QoS support over public network(s).
7
Standards?



E.g. the Internet IP Security (IPsec) standards:
– RFCs 2401-2411 & 2451
Includes standards:
– Internet Key Exchange (RFC 2409)
 Allows peers to authenticate and establish secure
session information
– Authentication Header (AH) (RFC 2402)
 Packet (& header) integrity & authentication
– Encapsulated Security Payload (ESP) (RFC 2406)
 Additionally, packet contents are encrypted
(Or Microsoft protocols, MPPE, MMTP?)
8
How does it work?


Transport mode
– End systems negotiate IKE Security Association (SA)
directly and use AH and/or ESP on packets sent to each
other.
Tunnel mode (more common)
– Intermediate systems (e.g. access routers, firewalls)
negotiate IKE SAs and tunnel packets to each other
(with AH and/or ESP).
Transport mode: secured packets
Tunnel mode:
normal packets
Router
Tunnel mode:
secured packets
Router
9
Security Agreement (SA)




Unidirectional logical channel between two hosts
– Logical secure ‘connection’ for ‘connectionless’ IP
packets!
Typically defines:
– Protocol; chosen ciphers, e.g. HMAC Hash function
– shared secret key
Identified by:
– Security protocol (AH or ESP) identifier
– Destination IP address (not source as per some texts)
– 32 bit connection identifier or Security Parameter Index
(SPI), selected by destination host
Established before secure communication can take place
– e.g. using SKE, or pre-configured
10
Authentication Header protocol
IP Header AH Header TCP/UDP Segment
Protocol 51


AH fields:
– Next Header: points to TCP/UDP segment
– Security Parameter Index: identifies SA
– Sequence Number (32 bit): prevent playback/MITM
– Authentication Data: signed message digest for whole
IP datagram (e.g. DES, MD5, or SHA)
Uses HMAC authentication scheme (see RFC 2104) using
shared secret key:
– Hash(Key XOR outpad, Hash(Key XOR inpad, text))
11
AH Notes



Only the parties sharing the SA’s secret key can compute
the Hashed Message Authentication Code (HMAC)
The HMAC covers the source IP address, SPI, sequence
number and payload
Therefore:
– Another host cannot construct a packet appearing to
come from the source host with a correct (for that
source) HMAC
– Another host cannot re-generate a correct HMAC for
that source if it changes any of the packet in transit
– Replay is easily detected and packets with repeated
sequence number dropped early in processing
12
Encapsulated Security Payload protocol
IP Header
ESP
Header
Protocol 50




TCP/UDP
Segment
ESP
Trailer
ESP
Auth.
Encrypted
Authenticated
Header includes:
– Security Parameter Index: as per AH
– Sequence Number (32 bit): as per AH
Encryption: e.g. DES-CBC
Trailer include:
– Next Header: encrypted, so segment protocol is hidden
Authentication trailer: as per AH authentication data
(optional, per SA)
13
ESP Notes


Can be used as above in transport mode
– NB does not authenticate or encrypt IP Header info
(AH does authenticate IP Header info)
Can also be used in tunnel mode:
– Encrypts and authenticates all of original packet
– Especially between security gateways, but also between
hosts
New IP
Header
ESP
Original TCP/UDP ESP
Header IP Header Segment Trailer
Protocol 50
ESP
Auth.
Encrypted
Authenticated
14
Issues


Configuration
– Public Key infrastructure (or shared initial secrets) for
IKE SA establishment
– Security policies – defining what is allowed
Resources/deployment
– Client IPsec software for transport mode
– VPN-capable routers for tunnel mode
– Encryption CPU costs (e.g. extra router hardware
support)
15