Potential vulnerabilities of IPsec-based VPN

GDFPamuláné Dr. Borbély Éva

What is a VPN?• VPN = Virtual Private Network • Virtual =refers to a logical connection between two devices • Private = confidentiality provided by the encryption• Network = basic connectivity between two devices

https://technet.microsoft.com

Types of VPN

• IPsec: • Can be used for site-to-site VPNs and remote-access VPNs• Implements security of IP packets at L3 of the OSI model

• SSL (Secure Sockets Layer):• Implements security of TCP sessions over encrypted SSL tunnels

• MPLS (Multiprotocol Label Switching) • Layer 3 VPNs are provided by Internet service providers• There is no encryption by default

Two Main Types of VPNs

Remote-access VPNs:• can use IPsec or Secure Shell

(SSL) technologies

Site-to-Site VPNs: • are based on a collection of VPN technologies called IPsec

IPsec

• A collection of protocols and algorithms used for protect IP packets• It is used for both remote-

access VPN and site-to-site VPN

IPsec Goals and the Methods

GOAL METHODES

Confidentiality Encryption

Data integrity Hashing

Peer authentication Pre-shared keys, RSA digital signatures

Antireplay Applying serial numbers to packets

ConfidentialitySymmetrical algorithms: fast and low CPU costAVOID DES

Acceptable: AES- 256

Alternatives: • RSA - asymmetric algorithm

moore secure, but there is a very high CPU cost when using key pairs to lock and unlock data

IntegrityWild-spread algorithms: MD5, SHA AVOID MD5

Acceptable: SHA-256

Alternatives: • HMAC: Hashed Message

Authentication Code: hash function + secret key• HMAC-SHA-256

Authentication

Pre-Shared Key

PSK = a password!

Out of data!

Not Secure!

RSA signatures

• RSA algorithms for encryption and

digital signatures are efficient at

higher security levels with a 3072-

bit modulus

• Smaller RSA key sizes, such as 768

or 1024, should be avoided!

PSK RSA

Deffie – Hellman algorithm

• allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.• This key can then be used to encrypt

subsequent communications using a symmetric key cipher.(ex.: AES)• DH exchange is asymmetrical, but the

resulting keys are symmetrical• Acceptable key size: 2048, 3072

Minimum Cryptography Recommendations

Encryption AES-128-CBC mode

Authentication RSA-3072, DSA-3072

Integrity SHA-256

Key exchange DH Group 15 (3072-bit)

One possible solution

• In practice RSA and DH are becoming less efficient every year.

• There are subexponential attacks that can be used against these

algorithms.

• DH, DSA, and RSA can be used with a 3072-bit modulus to protect

sensitive information. (High memory and CPU cost!)

• A newer alternative to public key cryptography is Elliptic Curve

Cryptography (ECC), which operates on elliptic curves over finite fields.

The main advantage of elliptic curves is their efficiency.

RSA vs ECC Comparison