13
Potential vulnerabilities of IPsec-based VPN GDF Pamuláné Dr. Borbély Éva

Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Embed Size (px)

Citation preview

Page 1: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Potential vulnerabilities of IPsec-based VPN

GDFPamuláné Dr. Borbély Éva

Page 2: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

What is a VPN?• VPN = Virtual Private Network • Virtual =refers to a logical connection between two devices • Private = confidentiality provided by the encryption• Network = basic connectivity between two devices

https://technet.microsoft.com

Page 3: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Types of VPN

• IPsec: • Can be used for site-to-site VPNs and remote-access VPNs• Implements security of IP packets at L3 of the OSI model

• SSL (Secure Sockets Layer):• Implements security of TCP sessions over encrypted SSL tunnels

• MPLS (Multiprotocol Label Switching) • Layer 3 VPNs are provided by Internet service providers• There is no encryption by default

Page 4: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Two Main Types of VPNs

Remote-access VPNs:• can use IPsec or Secure Shell

(SSL) technologies

Site-to-Site VPNs: • are based on a collection of VPN technologies called IPsec

Page 5: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

IPsec

• A collection of protocols and algorithms used for protect IP packets• It is used for both remote-

access VPN and site-to-site VPN

Page 6: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

IPsec Goals and the Methods

GOAL METHODES

Confidentiality Encryption

Data integrity Hashing

Peer authentication Pre-shared keys, RSA digital signatures

Antireplay Applying serial numbers to packets

Page 7: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

ConfidentialitySymmetrical algorithms: fast and low CPU costAVOID DES

Acceptable: AES- 256

Alternatives: • RSA - asymmetric algorithm

moore secure, but there is a very high CPU cost when using key pairs to lock and unlock data

Page 8: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

IntegrityWild-spread algorithms: MD5, SHA AVOID MD5

Acceptable: SHA-256

Alternatives: • HMAC: Hashed Message

Authentication Code: hash function + secret key• HMAC-SHA-256

Page 9: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Authentication

Pre-Shared Key

PSK = a password!

Out of data!

Not Secure!

RSA signatures

• RSA algorithms for encryption and

digital signatures are efficient at

higher security levels with a 3072-

bit modulus

• Smaller RSA key sizes, such as 768

or 1024, should be avoided!

PSK RSA

Page 10: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Deffie – Hellman algorithm

• allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.• This key can then be used to encrypt

subsequent communications using a symmetric key cipher.(ex.: AES)• DH exchange is asymmetrical, but the

resulting keys are symmetrical• Acceptable key size: 2048, 3072

Page 11: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

Minimum Cryptography Recommendations

Encryption AES-128-CBC mode

Authentication RSA-3072, DSA-3072

Integrity SHA-256

Key exchange DH Group 15 (3072-bit)

Page 12: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

One possible solution

• In practice RSA and DH are becoming less efficient every year.

• There are subexponential attacks that can be used against these

algorithms.

• DH, DSA, and RSA can be used with a 3072-bit modulus to protect

sensitive information. (High memory and CPU cost!)

• A newer alternative to public key cryptography is Elliptic Curve

Cryptography (ECC), which operates on elliptic curves over finite fields.

The main advantage of elliptic curves is their efficiency.

Page 13: Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva

RSA vs ECC Comparison