Upload
sankaranarayanan-subramanian
View
1.291
Download
2
Embed Size (px)
DESCRIPTION
An in depth view of what is IPSEC VPN and how it works
Citation preview
IPSec - VPN
Introduction
• IPSec is an suite of protocols used for securing IP Communications
• Provides Confidentiality, Data Integrity, and replay protection.
• Provides Mutual Authentication between two entities
• Can be used for communication between– Pair of Hosts (Computer Users or Servers or
both)– Pair of Network Devices (Routers or Firewall)– Network Devices and Hosts
Features
• Part of an Open Standard
• Operates at Layer 3 (Internet Layer) of OSI stack– Other encryption protocols e.g. SSL, SSH
etc., operate at layers above Layer 3
• It does not require applications to be modified for compatibility purpose– Implementation of SSL, SSH requires
additional changes to be carried out on the applications
IPSec Services
• Data origin authentication
• Data integrity
• Data confidentiality
• Replay protection
• Automated management of cryptographic keys and security associations
Concepts
• Security Association (SA)
• Security Parameter Index (SPI)
• IP Destination Address
• Security Protocol
Database maintained by IPSec
• Security Policy Database (SPD)
• Security Association Database (SAD)
IPSec Modes
• Tunnel Mode• Transport Mode
Key Components of IPSec
• There are three key components of IPSec– Internet Key Exchange (IKE) to setup a Security
Association (SA)• Handling negotiation of protocol and algorithms• Generating the encryption and authentication keys
– Authentication Header (AH)• Provides integrity and data origin authentication• Provides protection against replay attacks
– Encapsulating Security Payload (ESP)• Provides confidentiality, data origin authentication
and integrity
Authentication Header [AH]
• Provides Data Origin Authentication
• Provides Data Integrity
• AH gets appended to the Packet Header
• Does not provide confidentiality.
AH – Packet Structure…
New IP Header
AH Header Original IP Header
Payload
Authenticated (Integrity Protection)
Original IP Header
AH Header Payload
Authenticated (Integrity Protection
TUNNEL MODE
TRANSPORT MODE
Provides Integrity Protection to entire packet irrespective of the mode
AH …
• Host – to – Host (without gateway)
IPSec Channel
PACKET
New IP Header PACKET
PACKET PACKET
• Host – to – Host (with gateway)
IPSec Channel
PACKETPACKET
TRANSPORT MODE
TUNNEL MODE
Authentication Header - Packet
Next Header Payload Length Reserved
Security Parameters Index (SPI)
Sequence Number
Authentication DataIdentifies the protocol of the payload
data.
Size of AH Packet
For Future Use
Contains the MAC output used for
verifying whether the packet has
been altered or not
Ensures that only packets within a sliding window of
sequence numbers are accepted.
Prevents replay attack
Unique identifier set by each
endpoint of IPSec connection. Used
to determine which SA is in use
AH – Data Integrity Process
• Keyed hash algorithm creates a hash and pre-shared key.
• Hash is added to the AH packet header.
• IPSec uses Hash Message Authentication Code (HMAC-MD5) and HMAC-SHA-1)
• IP Header fields that may change are excluded from Integrity Protection process
Internet Key Exchange
• Importance of IKE • What is a SA ?• IKE uses 5 different types of exchanges to
create SA, transfer status and error info and define new Diffie Hellman groups
Internet Key Exchange…
• Five types of IKE exchanges– Main Mode– Aggressive Mode– Quick Mode– Informational– Group
IKE – Phase One Exchange
• To successfully negotiate a secure channel• Provides bi-directional encryption and
authentication for subsequent IKE exchanges • IKE SA can be established through either of the
following two modes:– Main Mode– Aggressive Mode
How IPSec Works
• Interesting traffic initiates the IPSec process
• IKE phase one
• IKE phase two
• Data transfer
• IPSec tunnel termination
IKE–Phase 1 Exchange – Main Mode
• Establishes IKESA through three pair of messages:• First pair of message contains
– Encryption Algorithm: DES, 3DES, RC5, AES etc– Integrity Protection Algorithm: HMAC-MD5, HMAC-
SHA1 etc– Authentication Method
• Pre-shared Keys• Digital Signatures• Public Key Encryption
– Diffie Hellman Group number
• Second Pair of Messages performs– Key Exchange through Diffie Hellman using
the parameters negotiated during first step
• Third Pair of Messages performs– Each end point authenticate to the other– By this time all messages are encrypted
IKE–Phase 1 Exchange – Main Mode
IKE-Phase1-Main Mode Summary
• First Pair of Messages– Negotiates the IKE SA parameters
• Second Pair of Messages– Performs key exchange
• Third Pair of Messages– Authenticates the endpoints to each other
IKE–Phase 1 Exchange–Aggressive Mode
• Faster than Main Mode. Uses three messages instead of three pairs of messages
• First Message– Endpoint A sends all SA parameters, Diffie-
Hellman key exchange and its ID• Second Message
– Endpoint B sends all SA parameters, Diffie-Hellman key exchange and its authentication payload
• Third Message– Endpoint A sends its authentication payload
Security Issues – Aggressive Mode
• Key exchange happens before Diffie-Hellman parameters are exchanged
• Identity information is not always hidden hence adversary can realize the parties involved in the authentication process– If PKI is used then the identity information
gets concealed
• Susceptible to Man in the middle attacks (Pre-Shared Key Cracking)
IKE-Phase2 Exchange
• Used to establish an SA for the actual IPSec connection
• This SA is referred to as IPSec SA
• Unlike IKESA (bidirectional), IPSec SA is unidirectional– i.e. IPSec connection requires two security
associations
Encapsulating Security Payload
• ESP is the second core IPSec security protocol
• Provides Data Origin Authentication
• Provides Data Integrity (Not for the outermost IP Header)
• Provides Encryption features
• ESP has two modes:
- Transport & Tunnel Mode
ESP – Packet Structure
New IP Header
ESP Header
Original IP Header
Payload ESP Trailer
ESP Auth (Optional)
Encrypted
Authentication (Integrity Protection)
Original IP Header
ESP Header
Payload ESP Trailer
ESP Auth (Optional)
Encrypted
Authenticated (Integrity Protection)
TUNNEL MODE
TRANSPORT MODE
ESP - Packet
Security Parameters Index (SPI)
Sequence Number
Payload Data
Padding Pad Length Next Header
Authentication Data (Variable)
Contains the data used to
authenticate the packet
Unique identifier set by each
endpoint of IPSec connection. Used
to determine which SA is in use
Ensures that only packets within a sliding window of
sequence numbers are accepted.
Prevents replay attack
Used with some block ciphers to
pad the data to the full length of a
block.
Size of Padding in
Bytes
Identifies the protocol of the payload data.
Authentication Header
• Provides Integrity protection for all packet headers and data.
• Often incompatible with NATing since Srce and dest IP header integrity maintained
• Does not provide encryption options
• Use of AH has significantly declined. Some IPSec implementations do not support AH
Encapsulation Security Payload• ESP does not provide integrity
protection for the outermost IP header
• Provides encryption option• In ESP tunnel mode, the true
srce and dest IP is encrypted. Hence ESP tunnel mode is the most commonly used for IPSec VPN
• Padding feature makes it complicated for an adversary to carry out traffic analysis
Summarize AH & ESP
Why two protocols ?
ESP or AH ?
If ESP provides encryption and authentication, then why then AH ?
VPN - Protocols
• IPSec is the prevalent network layer VPN protocol.
• There are scenarios where-in other VPN protocols are required to be implemented– Data Link Layer VPN protocols
• PPTP , L2TP, L2F
– Transport Layer VPN protocols• SSL
– Application Layer VPN protocols• SSH
Types of VPN
• Site to Site VPN
Site to Site VPN
• VPN connectivity would be transparent to the users
• Labor costs for configuring clients/ gateways reduces
• Deployment would be easy as only the gateways needs to be configured
• Existent Routers could be used as VPN gateway
• Hardware cost of gateway might be high
Types of VPN
• Client to Site VPN
VPN protocols – Pros & Cons
Protocol Strengths Weaknesses
PPTP Can protect Non-IP protocols since the layer is operating below the network layer
Requires client software (if there is no built-in client)
Has known security weaknesses
Does not offer strong authentication
Supports one session per tunnel
L2TP Can protect Non-IP protocols
Can support multiple sessions per tunnel
Can support RADIUS
Can use IPSec to provide encryption and key mgmt service
Requires client software (if there is no built-in client)
VPN protocols – Pros & Cons
Protocol Strengths Weaknesses
SSL Already supported by all major web browser
Can provide strong encryption
Can only protect TCP based communications
Requires application servers & clients to support SSL/TLS
Typically implemented to authenticate the server to the client and not vice-versa
Application Layer VPNs
Can provide granular protection for application communications
Can only protect some or all of the communications for a single application
Often cannot be incorporated in off-the shelf software
Uses proprietary encryption or authentication mechanisms that may have unknown flaws