Transcript ACC
Virtual Private Networks (VPNs)
and IP Security (IPSec)
G53ACC
Chris Greenhalgh
1
Contents
What is a VPN?
Types of VPN
Standards
How does it Work
Issues
Books: Comer ch. 15.5, 40.13, 40.14; Stallings 6th Ed. Ch.
18.5 (“IPv4/IPV6 security”)
2
What is a VPN? (1)
Public network:
– Shared network using common networking
infrastructure, e.g. the Internet
Trusted machines
Public
Network
(insecure, open)
Malicious
machines
3
What is a VPN? (2)
Private network:
– Dedicated network, specific to a single
company/organisation
More secure, guaranteed quality of service, but more
expensive
Trusted machines
Private
Network
No physical access
to private network
for untrusted machines
4
What is a VPN? (3)
Virtual Private Network:
– Benefits of a private network, but making use of a
public network to carry packets
Secure, cheaper than a private network
Trusted machines
VPN
Can access packets
on public network
but cannot read/write
VPN data
Public
Network
(insecure, open)
5
VPN Overview
Regular
IP packet
Virtual Private Network!
VPN Access (encrypt/decrypt)
hardware or software
Encrypted
IP packet
Public
Network
Regular
IP packet
VPN Access
Encrypted
IP packet
Cannot understand encrypted packets;
cannot forge encrypted packets.
6
Types of VPN (CISCO-speak!)
Intranet VPN
– Straight replacement for an internal private network
Access VPN
– Allows remote dialup users (e.g. from laptop) to
securely ‘join’ the company internet
Authentication is a critical concern!
i.e. securely identifying the remote user/device
Extranet VPNs
– Includes partner organisations, but retains additional
security and QoS support over public network(s).
7
Standards?
E.g. the Internet IP Security (IPsec) standards:
– RFCs 2401-2411 & 2451
Includes standards:
– Internet Key Exchange (RFC 2409)
Allows peers to authenticate and establish secure
session information
– Authentication Header (AH) (RFC 2402)
Packet (& header) integrity & authentication
– Encapsulated Security Payload (ESP) (RFC 2406)
Additionally, packet contents are encrypted
(Or Microsoft protocols, MPPE, MMTP?)
8
How does it work?
Transport mode
– End systems negotiate IKE Security Association (SA)
directly and use AH and/or ESP on packets sent to each
other.
Tunnel mode (more common)
– Intermediate systems (e.g. access routers, firewalls)
negotiate IKE SAs and tunnel packets to each other
(with AH and/or ESP).
Transport mode: secured packets
Tunnel mode:
normal packets
Router
Tunnel mode:
secured packets
Router
9
Security Agreement (SA)
Unidirectional logical channel between two hosts
– Logical secure ‘connection’ for ‘connectionless’ IP
packets!
Typically defines:
– Protocol; chosen ciphers, e.g. HMAC Hash function
– shared secret key
Identified by:
– Security protocol (AH or ESP) identifier
– Destination IP address (not source as per some texts)
– 32 bit connection identifier or Security Parameter Index
(SPI), selected by destination host
Established before secure communication can take place
– e.g. using SKE, or pre-configured
10
Authentication Header protocol
IP Header AH Header TCP/UDP Segment
Protocol 51
AH fields:
– Next Header: points to TCP/UDP segment
– Security Parameter Index: identifies SA
– Sequence Number (32 bit): prevent playback/MITM
– Authentication Data: signed message digest for whole
IP datagram (e.g. DES, MD5, or SHA)
Uses HMAC authentication scheme (see RFC 2104) using
shared secret key:
– Hash(Key XOR outpad, Hash(Key XOR inpad, text))
11
AH Notes
Only the parties sharing the SA’s secret key can compute
the Hashed Message Authentication Code (HMAC)
The HMAC covers the source IP address, SPI, sequence
number and payload
Therefore:
– Another host cannot construct a packet appearing to
come from the source host with a correct (for that
source) HMAC
– Another host cannot re-generate a correct HMAC for
that source if it changes any of the packet in transit
– Replay is easily detected and packets with repeated
sequence number dropped early in processing
12
Encapsulated Security Payload protocol
IP Header
ESP
Header
Protocol 50
TCP/UDP
Segment
ESP
Trailer
ESP
Auth.
Encrypted
Authenticated
Header includes:
– Security Parameter Index: as per AH
– Sequence Number (32 bit): as per AH
Encryption: e.g. DES-CBC
Trailer include:
– Next Header: encrypted, so segment protocol is hidden
Authentication trailer: as per AH authentication data
(optional, per SA)
13
ESP Notes
Can be used as above in transport mode
– NB does not authenticate or encrypt IP Header info
(AH does authenticate IP Header info)
Can also be used in tunnel mode:
– Encrypts and authenticates all of original packet
– Especially between security gateways, but also between
hosts
New IP
Header
ESP
Original TCP/UDP ESP
Header IP Header Segment Trailer
Protocol 50
ESP
Auth.
Encrypted
Authenticated
14
Issues
Configuration
– Public Key infrastructure (or shared initial secrets) for
IKE SA establishment
– Security policies – defining what is allowed
Resources/deployment
– Client IPsec software for transport mode
– VPN-capable routers for tunnel mode
– Encryption CPU costs (e.g. extra router hardware
support)
15