Transcript ACC
Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh 1 Contents What is a VPN? Types of VPN Standards How does it Work Issues Books: Comer ch. 15.5, 40.13, 40.14; Stallings 6th Ed. Ch. 18.5 (“IPv4/IPV6 security”) 2 What is a VPN? (1) Public network: – Shared network using common networking infrastructure, e.g. the Internet Trusted machines Public Network (insecure, open) Malicious machines 3 What is a VPN? (2) Private network: – Dedicated network, specific to a single company/organisation More secure, guaranteed quality of service, but more expensive Trusted machines Private Network No physical access to private network for untrusted machines 4 What is a VPN? (3) Virtual Private Network: – Benefits of a private network, but making use of a public network to carry packets Secure, cheaper than a private network Trusted machines VPN Can access packets on public network but cannot read/write VPN data Public Network (insecure, open) 5 VPN Overview Regular IP packet Virtual Private Network! VPN Access (encrypt/decrypt) hardware or software Encrypted IP packet Public Network Regular IP packet VPN Access Encrypted IP packet Cannot understand encrypted packets; cannot forge encrypted packets. 6 Types of VPN (CISCO-speak!) Intranet VPN – Straight replacement for an internal private network Access VPN – Allows remote dialup users (e.g. from laptop) to securely ‘join’ the company internet Authentication is a critical concern! i.e. securely identifying the remote user/device Extranet VPNs – Includes partner organisations, but retains additional security and QoS support over public network(s). 7 Standards? E.g. the Internet IP Security (IPsec) standards: – RFCs 2401-2411 & 2451 Includes standards: – Internet Key Exchange (RFC 2409) Allows peers to authenticate and establish secure session information – Authentication Header (AH) (RFC 2402) Packet (& header) integrity & authentication – Encapsulated Security Payload (ESP) (RFC 2406) Additionally, packet contents are encrypted (Or Microsoft protocols, MPPE, MMTP?) 8 How does it work? Transport mode – End systems negotiate IKE Security Association (SA) directly and use AH and/or ESP on packets sent to each other. Tunnel mode (more common) – Intermediate systems (e.g. access routers, firewalls) negotiate IKE SAs and tunnel packets to each other (with AH and/or ESP). Transport mode: secured packets Tunnel mode: normal packets Router Tunnel mode: secured packets Router 9 Security Agreement (SA) Unidirectional logical channel between two hosts – Logical secure ‘connection’ for ‘connectionless’ IP packets! Typically defines: – Protocol; chosen ciphers, e.g. HMAC Hash function – shared secret key Identified by: – Security protocol (AH or ESP) identifier – Destination IP address (not source as per some texts) – 32 bit connection identifier or Security Parameter Index (SPI), selected by destination host Established before secure communication can take place – e.g. using SKE, or pre-configured 10 Authentication Header protocol IP Header AH Header TCP/UDP Segment Protocol 51 AH fields: – Next Header: points to TCP/UDP segment – Security Parameter Index: identifies SA – Sequence Number (32 bit): prevent playback/MITM – Authentication Data: signed message digest for whole IP datagram (e.g. DES, MD5, or SHA) Uses HMAC authentication scheme (see RFC 2104) using shared secret key: – Hash(Key XOR outpad, Hash(Key XOR inpad, text)) 11 AH Notes Only the parties sharing the SA’s secret key can compute the Hashed Message Authentication Code (HMAC) The HMAC covers the source IP address, SPI, sequence number and payload Therefore: – Another host cannot construct a packet appearing to come from the source host with a correct (for that source) HMAC – Another host cannot re-generate a correct HMAC for that source if it changes any of the packet in transit – Replay is easily detected and packets with repeated sequence number dropped early in processing 12 Encapsulated Security Payload protocol IP Header ESP Header Protocol 50 TCP/UDP Segment ESP Trailer ESP Auth. Encrypted Authenticated Header includes: – Security Parameter Index: as per AH – Sequence Number (32 bit): as per AH Encryption: e.g. DES-CBC Trailer include: – Next Header: encrypted, so segment protocol is hidden Authentication trailer: as per AH authentication data (optional, per SA) 13 ESP Notes Can be used as above in transport mode – NB does not authenticate or encrypt IP Header info (AH does authenticate IP Header info) Can also be used in tunnel mode: – Encrypts and authenticates all of original packet – Especially between security gateways, but also between hosts New IP Header ESP Original TCP/UDP ESP Header IP Header Segment Trailer Protocol 50 ESP Auth. Encrypted Authenticated 14 Issues Configuration – Public Key infrastructure (or shared initial secrets) for IKE SA establishment – Security policies – defining what is allowed Resources/deployment – Client IPsec software for transport mode – VPN-capable routers for tunnel mode – Encryption CPU costs (e.g. extra router hardware support) 15