150 likes | 344 Views
Virtual Private Networks (VPNs) and IP Security (IPSec). G53ACC Chris Greenhalgh. Contents. What is a VPN? Types of VPN Standards How does it Work Issues Books: Comer ch. 15.5, 40.13, 40.14; Stallings 6 th Ed. Ch. 18.5 (“IPv4/IPV6 security”). What is a VPN? (1). Public network:
E N D
Virtual Private Networks (VPNs)and IP Security (IPSec) G53ACC Chris Greenhalgh
Contents • What is a VPN? • Types of VPN • Standards • How does it Work • Issues • Books: Comer ch. 15.5, 40.13, 40.14; Stallings 6th Ed. Ch. 18.5 (“IPv4/IPV6 security”)
What is a VPN? (1) • Public network: • Shared network using common networking infrastructure, e.g. the Internet Trusted machines Public Network (insecure, open) Malicious machines
What is a VPN? (2) • Private network: • Dedicated network, specific to a single company/organisation • More secure, guaranteed quality of service, but more expensive Trusted machines Private Network No physical access to private network for untrusted machines
What is a VPN? (3) • Virtual Private Network: • Benefits of a private network, but making use of a public network to carry packets • Secure, cheaper than a private network Trusted machines Public Network (insecure, open) VPN Can access packets on public network but cannot read/write VPN data
VPN Overview Virtual Private Network! Regular IP packet Regular IP packet VPN Access (encrypt/decrypt) hardware or software VPN Access Encrypted IP packet Encrypted IP packet Public Network Cannot understand encrypted packets; cannot forge encrypted packets.
Types of VPN (CISCO-speak!) • Intranet VPN • Straight replacement for an internal private network • Access VPN • Allows remote dialup users (e.g. from laptop) to securely ‘join’ the company internet • Authentication is a critical concern!i.e. securely identifying the remote user/device • Extranet VPNs • Includes partner organisations, but retains additional security and QoS support over public network(s).
Standards? • E.g. the Internet IP Security (IPsec) standards: • RFCs 2401-2411 & 2451 • Includes standards: • Internet Key Exchange (RFC 2409) • Allows peers to authenticate and establish secure session information • Authentication Header (AH) (RFC 2402) • Packet (& header) integrity & authentication • Encapsulated Security Payload (ESP) (RFC 2406) • Additionally, packet contents are encrypted • (Or Microsoft protocols, MPPE, MMTP?)
How does it work? • Transport mode • End systems negotiate IKE Security Association (SA) directly and use AH and/or ESP on packets sent to each other. • Tunnel mode (more common) • Intermediate systems (e.g. access routers, firewalls) negotiate IKE SAs and tunnel packets to each other (with AH and/or ESP). Transport mode: secured packets Router Router Tunnel mode: secured packets Tunnel mode: normal packets
Security Agreement (SA) • Unidirectional logical channel between two hosts • Logical secure ‘connection’ for ‘connectionless’ IP packets! • Typically defines: • Protocol; chosen ciphers, e.g. HMAC Hash function • shared secret key • Identified by: • Security protocol (AH or ESP) identifier • Destination IP address (not source as per some texts) • 32 bit connection identifier or Security Parameter Index (SPI), selected by destination host • Established before secure communication can take place • e.g. using SKE, or pre-configured
Authentication Header protocol • AH fields: • Next Header: points to TCP/UDP segment • Security Parameter Index: identifies SA • Sequence Number (32 bit): prevent playback/MITM • Authentication Data: signed message digest for whole IP datagram (e.g. DES, MD5, or SHA) • Uses HMAC authentication scheme (see RFC 2104) using shared secret key: • Hash(Key XOR outpad, Hash(Key XOR inpad, text)) IP Header AH Header TCP/UDP Segment Protocol 51
AH Notes • Only the parties sharing the SA’s secret key can compute the Hashed Message Authentication Code (HMAC) • The HMAC covers the source IP address, SPI, sequence number and payload • Therefore: • Another host cannot construct a packet appearing to come from the source host with a correct (for that source) HMAC • Another host cannot re-generate a correct HMAC for that source if it changes any of the packet in transit • Replay is easily detected and packets with repeated sequence number dropped early in processing
Encapsulated Security Payload protocol IP Header ESP Header TCP/UDPSegment ESP Trailer ESP Auth. • Header includes: • Security Parameter Index: as per AH • Sequence Number (32 bit): as per AH • Encryption: e.g. DES-CBC • Trailer include: • Next Header: encrypted, so segment protocol is hidden • Authentication trailer: as per AH authentication data (optional, per SA) Encrypted Protocol 50 Authenticated
ESP Notes • Can be used as above in transport mode • NB does not authenticate or encrypt IP Header info(AH does authenticate IP Header info) • Can also be used in tunnel mode: • Encrypts and authenticates all of original packet • Especially between security gateways, but also between hosts New IP Header ESP Header Original IP Header TCP/UDPSegment ESP Trailer ESP Auth. Encrypted Protocol 50 Authenticated
Issues • Configuration • Public Key infrastructure (or shared initial secrets) for IKE SA establishment • Security policies – defining what is allowed • Resources/deployment • Client IPsec software for transport mode • VPN-capable routers for tunnel mode • Encryption CPU costs (e.g. extra router hardware support)