1 Overview of Remote Access Remote Access Management: CHAP Remote Access:authentication, ACS & RAAS, Concept of AAA VPN: IPSec, IPSec with IKE, PPTP Security.

1

Overview of Remote Access

• Remote Access Management: CHAP• Remote Access:authentication, ACS &

RAAS, Concept of AAA• VPN: IPSec, IPSec with IKE, PPTP• Security protocol:

– TLS and SSL, SSH, S/HTTP, SET, PGP and others(e.g. S/MIME, PEM)

2

Remote Access Technology (1)

• Dial-up, remote Internet connectivity• Legacy systems

– Modem dial-up– ISDN

• Contemporary systems– ATM: broadband technology for both backbone,

desktop. It loses its popularity to Fast Ethernet, Gigabit Ethernet and is losing ground to fibre ring

based on WDMA.

3

Remote Access Technology (2)

• DSL: broadband technology that relies on the exist telephone line. The services can be asymmetric => Speed between upstream & downstream are different

• Cable modems: Provide high speed access using existing cableTV infrastructure. It is usually connected all the time.

• Wireless computing (mobile phone ,PDAs) => general more and more popular => 802.11 => 802.11b => 802.11g => 802.11a

4

Remote Access Security Management

• Securing enterprise remote connectivity (different ways to authenticate)– Securing external connections (VPNs, SSL, SSH

etc..)– Remote access authentication systems (RADIUS

and TACACS)– Remote Node authentication (PAP and CHAP)

• Remote user management issues– Justification for and the validation of the use of

remote computing systems– Hardware and software distribution– User support and remote assistance issues

5

Remote ID and Authentication Technologies (1)

• Password Authentication Protocol (PAP)– A remote security protocol that provides

id and authentication of the node attempting to initiate the remote session.

– PAP uses a static re-playable password for this.

– Use clear text user id or password during communication.

6

Remote ID and Authentication Technologies (2)

• Challenge Handshake Authentication Protocol (CHAP)– Next evolution of PAP: Non-replayable

“challenge / response” dialog that verifies the id of the node attempting to initiate the remote session.

– CHAP is often used to enable network to network communications and is commonly used by remote access servers and xDSL, ISDN, and cable modems.

7

Remote ID and Authentication Technologies (3)

• Extensible Authentication Protocol (EAP)– Provides a framework to enable many

types of authentication techniques to be used during PPP connections.

– It allows such things as:• One-time passwords• Token cards• Digital signatures• Biometrics

8

Remote Access techniques (1)

• SLIP - Serial Line Internet Protocol– An older protocol developed in 1984 that allows a

computer to use IP over a serial link. – SLIP only provides support for the TCP/IP protocol– does not support error correction or compression.

• PPP - Point-to Point protocol– PPP is the newest and most commonly used dial-

up protocol. – It includes error correction, data compression, and

multi-protocol support (such as IP, IPX and ARAP).

9

Remote Access techniques (2)

• Dial-up and RAS– RAS (Remote Access Service) Server -

Performs authentication by comparing the provided credentials with the database of credentials it maintains.

– War-dialing - a process used by many attackers to identify remote access modems.

– War-driving - a process used by attackers to drive through busy street to identify wireless access points

10

CHAP: Challenge/Response Authentication

(1) client requests a connect(2) server send a random secret key (as the challenge) to

the client (3) client encrypts the random key using its own hashed

password and transmits the result (as the response) to the server

(4) server decrypts the secret using the stored hashed client password and compares it to the original secret key to decide whether to accept the logon

Note: Both have the secret key as the common secret (i.e. login

password of client). Server does not have a copy of client password, it only has

a hashed version of the password.

11

CHAP: Challenge/Response Authentication

12

Multiple factors authentication (1)

• Something you have (e.g keys, token card)• Something you know (e.g. PIN or password)• Something you are (e.g. biometrics)• 1-factor authentication

– involves the party to be authenticated concerned with only one factor (e.g. know something).

• 2-factor authentication– involves the party to be authenticated concerned

with two factors (e.g. know something, have something, being someone)

13

Multiple factors authentication - 2

Many e-banking web-site is now considering to use multiple factors authentication to combat attack

• The smart card (or token card) actually stored holder’s unique identification. It requires holder to put the card in a reader to get its credentials. Alternatively, holder must use the card to generate a response to a challenge on screen.

• Only knowing the user name and password without the card (i.e. lack the 2nd factor authentication) lead to an unsuccessful authentication.

• Thus, reduce the risk of accidental release of user name / password to a faked website.

14

ACS & Remote Access Authentication System (RAAS)

• Access control is the way you control who is allowed access to the network server and what services they are allowed to use once they have access. – PPP/SLP/CHAP provide simple but not enough

protection, a RASS is required• These systems provide a centralized database,

which maintains user lists, passwords, and user profiles.

– Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your router or access server

15

Common RAAS - 1

• Remote Access Dial-In User Service (RADIUS)– provides a central authentication database for

multiple remote access servers and collects accounting information about remote connections

– When a user attempts to connect to RAS (e.g. firewall, access servers), s/he will be challenged for a logon name and password

– RAS then forward the information to RADIUS server. Note that RAS works as a RADIUS client.

– If the credentials are valid, Radius server returns affirmative reply and RAS allows the user in

– If these are matched, RADIUS server returns with a rejection. Thus RAS (i.e. RADIUS client) will drop the connection

16

Common RAAS - 2

Terminal Access Controller Access Control System (TACACS)– provides a way to centrally validate users

attempting to gain access to a router or access server

– services are maintained in a database on a TACACS server running, typically, on a UNIX workstation

– TACACS+• Additional features including two factors

authentication

17

What is AAA? (1)

• AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner.

• AAA provides a modular way of performing the following services:– Authentication - Provides the method of

identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you select, encryption.

18

What is AAA? (2)

– Authorization - Provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, IPX, ARA, and Telnet.

– Accounting - Provides the method for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.

19

Benefits of using AAA

• AAA provides the following benefits:– Increased flexibility and control of access

configuration – Scalability – Standardized authentication methods,

such as RADIUS, TACACS+, and Kerberos

– Multiple backup systems available

20

Method Lists

• A method list is a sequential list that defines the authentication methods used to authenticate a user.

• Method lists enable you to designate one or more security protocols to be used for authentication, thus ensuring a backup system for authentication in case the initial method fails.

21

Typical AAA configuration

A typical AAA network configuration that includes four security servers:

R1 and R2 are RADIUS servers

T1 and T2 are TACACS+ servers

22

AAA process (1)

• Suppose the system administrator has defined a method list where R1 will be contacted first for authentication information, then R2, T1, T2, and finally the local username database on the access server itself.

• When a remote user attempts to dial in to the network, the network access server (NAS) first queries R1 for authentication information. – If R1 authenticates the user, it issues a PASS

response to the network access server (NAS) and the user is allowed to access the network.

23

AAA process (2)

– If R1 returns a FAIL response, the user is denied access and the session is terminated.

– If R1 does not respond, then the network access server processes that as an ERROR and queries R2 for authentication information.

• This pattern continues through the remaining designated methods until the user is either authenticated or rejected, or until the session is terminated. – If all of the authentication methods return errors,

the network access server will process the session as a failure, and the session will be terminated.

24

Summary : AAA model

• Authentication– who are you?– concerns with user identification with password

• Authorization– what can you do? what can you access?– access right: student user, root user– concerns with permission

• Accounting– what did you do? How long did you use it? How

often did you do it.– I access the host xxx with telnet 15 times.– concerns with tracking and logging

25

Quiz

Which is NOT an AAA benefit?a) Scalabilityb) Automatic installation and configurationc) Flexibilityd) Multiple implementation methods provide

redundancy

26

VPN – Virtual Private Networks

Two simultaneous techniques to guarantee privacy:

1. Encryption and authentication

2. Tunneling

27

Private Network

• reliable, total control (secure in nature)• proven technology• very expensive, does not meet the need of today’s

Internet traffic

28

What is VPN? - 1

• A Virtual Private Network (VPN) is defined as network connectivity deployed on a shared infrastructure with the same policies and security as a private network

• A VPN is an alternative WAN infrastructure that replaces or augments existing private networks.

29

What is VPN? - 2

• VPN = tunneling + encryption• Tunneling is a method of using an internetwork

infrastructure to transfer data for one network over another network.

• The tunneling protocol encapsulates the frame in an additional header.

30

Characteristics of VPN

• traffic is encrypted so as to prevent eavesdropping– encryption (use pre-shared key or public keys)

• remote site is authenticated, two ways:

– user needed to be authenticated– site needed to be authenticated

• multiple protocols are supported by VPNs– transparent to users

• connection is point-to-point– a unique channel is set up between two end points– multiple channels can exist

31

Benefits of VPN - 1

• User can have same access to network services while work outside from organization without the requirement for expensive long-distance dial-in (Remote VPN)

• Different sites of the organization can be connected together via public networks as if they are connected as a intranet (site-to-site VPN)– without the use of expensive lease line– cost / performance is very good

32

Benefits of VPN - 2

Summary– Cost Savings– Flexibility– Scalability– Reduced Technology Support– Reduced Equipment Requirement

33

VPN Classification

OSI Layer: Layer 2, Layer 3, Layer 7

34

VPN Appliance

• Three types of VPN appliances– hardware based

• speed and security– software based

• general-purpose computer (in the form of a software module running as a firewall)

– web-based• user use browser (VPN client) and connect to

the VPN via SSL (on encryption and user authentication)

• require to use software module such as Java virtual machines

• limited to certain application supported by Internet browser

35

VPN Solution Requirements (1)

• User Authentication– The solution must verify the VPN client’s

identity and restrict VPN access to authorized users only. It must also provide audit and accounting records to show who connected and for how long.

• Address Management– The solution must assign a VPN client an

address on the intranet and ensure that addresses used on the intranet are kept private.

36

VPN Solution Requirements (2)

• Data Encryption– Data carried on the public network must

be rendered unreadable.• Key Management

– The solution must generate and refresh encryption keys for the encrypted data.

37

IPSec (1)

• IPSec secures packets at the network layer in a manner that is transparent to the users and also to the protocols that lie above the transport layer.

• End-to-end security model that only endpoints of a communication need to the IPSec aware not the transit network devices such as switches and routers.

• End-to-end capability can be – Client to client or – Gateway to gateway

• It encapsulates IP packets with an additional IP header before sending them across a LAN or the Internet.

38

IPSec (2)

• IPSec is a collection of protocols designed by IETF to provide security for a packet carried by the Internet to ensure:– Confidentiality - IPSec traffic is encrypted.

– Authentication - IPSec traffic is digitally signed with the shared encrypted key, so the receiver can verify that the IPSec peer sent it.

– Integrity - IPSec traffic contains a cryptographic checksum (message digest) that incorporates the encryption key. The receiver can verify that the packet was not modified in transit.

39

IPSec (3)

• Before IPSec-format packets can be exchanged, both peers must agree on some parameters known as security association (SA)

• SA contains information about agreeing on– cryptographic algorithm (DES or 3DES)– Hash algorithm (MD5 or SHA)– Protocol used (AH or ESP)– Authentication method (Kerberos, public key

encryption or pre-shared secret)– key expiration time (refresh and regeneration)– Diffie-Hellman group that allows the Oakley

protocol to manage the key exchange process.

40

Format of SAs

• A single Security Association (SA) is required between two parties to determine which encryption & authentication algorithm to use.

• If a file server has several simultaneous sessions with multiple clients a number of different SAs will be defined, one for each connection via IPSec.

• SA is a combination of a destination address, a security protocol, and a unique identification value called a Security Parameter Index (SPI)– SPI is a 32 bit identifier derived from destination host’s

IP address and a randomly assigned number.– connectionless IP protocol changed to connection-

oriented before security can be applied– Bi-directional (incoming and outgoing) communication

requires two Security Associations.

41

IPSec Framework

42

IPSec : AH and ESP (1)

• IPSec support two main protocols1. Authentication Header (AH) : support

integrity, authentication• provide anti-replay service• a header in an IP packet contains

– cryptographic checksum (similar to message digest) for the contents of the packet

• does not provide encryption for the contents of the tunnel, it only provides integrity and authenticity

43

IPSec : AH and ESP - 2

2. Encapsulating Security Payload (ESP): supports authentication, data integrity, and confidentiality, • define a new header to be inserted

into the IP packet• provide privacy for the tunneled

packets• two encrypted algorithm are being

used: DES, 3DES• AES as the new standard that not yet

popular

44

AH vs. ESP

The Encapsulating Security Payload provides Encryption, Authentication and Integrity

All data in clear textRouter A Router B

Data payload is encryptedRouter A Router B

The Authentication Header provides Authentication and Integrity

Authentication Header

Encapsulating Security Payload

45

Why still AH?

• Do we still need AH?– No! But AH had been

commercially available for a long time, these kinds of products (protocol) still remain in use

– it is common for system require less security level and require less system resources (CPU processing power)

46

Authentication Header (AH) (1)

• AH Protocol is designed to authenticate the source host and to ensure integrity of the payload carried by the IP packet– calculate a message digest, using hash

function and symmetric key, and insert the digest in the AH

– The AH is put in the appropriate location based on the mode (transport or tunnel)

47

Transport vs. Tunnel Mode (1)

AH and ESP can be used in either transport or tunnel modes

1. Transport mode: IPSec header is added between the IP header and the rest of the packet

• Transport mode protects the payload of the packet but leaves the original IP address in the clear. The original IP address is used to route the packet through the Internet.

• Transport mode is used between hosts.

48

Transport vs. Tunnel Mode (2)

2. Tunnel mode: IPSec header is added in front of the original IP header. – Tunnel mode provides security for the whole original IP

packet. The original IP packet is encrypted.

– The encrypted packet is encapsulated in another IP packet. The outside IP address denotes the destination tunnel endpoint (original IP address is the host address)

– Tunnel mode is commonly used between tunnel gateways

49

Authentication Header (AH) (2)

50

Transport vs. Tunnel Mode (AH)

• AH is incompatible with NAT because NAT changes the source IP address which breaks the AH header and causes the packets to be rejected by the IPSec peer.

51

Encapsulating Security Payload (ESP) (1)

52

Encapsulating Security Payload ESP (2)

• In ESP, the source will carry out encryption first, then authentication– authentication check block is after the ESP data

block

• On receipt of an IP packet, the receiver processes the authentication first, then decrypt ESP– if the contents of the packet are all right (i.e. not

been tampered with while in transit), it will extract the key and algorithm associated with the ESP, and decrypts the contents

53

Transport vs. Tunnel Mode (ESP)

54

Sniffing an ESP

55

Logical Architecture of a Site-to-Site VPN Solution

56

IPSec with IKE (1)

• IKE is another IPSec supporting protocol for automated key management procedures

• IKE (Internet Key Exchange) is a combination of the Internet Security Association Key Management Protocol (ISAKMP) and the Oakley Protocol

• Security Association (SA) – an agreement between the communicating

parties about factors such as the IPSec protocol version in use, mode of operation, cryptographic algorithm, cryptographic keys, lifetime of key, etc

– can be established manually or automatically

57

IPSec with IKE (2)

• Internet Key Exchange (IKE) protocol can automate the process of SA agreement– when both peers support IKE, they

negotiate the SA on the fly just before secure channel setup.

– authentication: pre-shared key or PKI with digital certificates

– the agreement of session keys is based on the famous Diffie-Hellman (DH) algorithm

58

IPSec with IKE (3)

• IKE takes place in 2 phases• Phase 1 – Establishing the ISAKMP SA

– The computers establish a common encryption algorithm (DES or 3DES)

– A common hash algorithm is agreed (MD5 or SHA)– An authentication method is established (Kerberos,

Public Key encryption or pre-shared secret)– A Diffie-Hellman group is agreed upon in order to

allow the Oakley protocol to manage the key exchange process

• Diffie-Hellman provides a mechanism for two parties to agree on a shared master key which is used immediately or can provide material for subsequent session key generation. Oakley will determine key refresh and regeneration parameters.

59

IPSec with IKE (4)

• Phase 2 – Establishing the IPSec SA– After a secure channel has been established by the

creation of the ISAKMP SA, the IPSec SAs will be established.

– The process is similar, except that a separate IPSec SA is created for each protocol (AH or ESP) and for each direction (inbound or outbound)

– Each IPSec SA must establish its own encryption algorithm, hash algorithm and authentication method.

– Each IPSec SA uses a different shared key than that negotiated during the ISAKMP SA

– The IPSec SA can repeats the DH exchange or reuses key materials derived from the original ISAKMP SA.

60

IPSec with IKE (5)

• At the end, both peers have established SAs, which provide the secure tunnel used for transmission of application data

• the subsequent encryption of data is usually symmetric in nature– for example: DES, 3DES, IDEA etc

61

IKE phase 1 & 2Shall we connect with DH and MD5

OK

Here is my DH public key

Here is my DH public keyDH

algorithm

DH algorithm

DH shared Secret (1024 bit)(Phase 1 SA)Expired 86400sec

DH shared secret(Phase 1 SA)

MD5 MD5MAC, please checkMAC, please check

DH algorithm

DH algorithm

IPSec Shared Secret MD5 MD5MAC, please checkMAC, please check

IPSec Shared Secret

OK128 bit Session key(expired 3600sec)

OK

Session key

Host VPNInitiator

VPN host 2responder

62

IPSec summary (1)

• IPSec is a standard method to protect private data in a public environment by providing a strong, cryptography-based defense against network attacks– by mutually authenticate hosts before

data exchange– establish a set SA between the two hosts

(based on IKE)– encrypt exchanged data (for ESP only)

63

IPSec Summary (2)

• AH, ESP, transport and tunnel– AH for integrity and authentication

• put AH in between IP header and payload

– ESP for confidentiality• put ESP in between header and encrypted

payload

– transport mode• put header between IP header and payload

– tunnel mode• put new IP header and header in front of the IP

header and payload

64

PPTP

• PPTP developed by Microsoft Corp– based on PPP– uses a TCP connection for tunnel management (only

support TCP/IP)– Use a modified version of Generic Routing Encapsulation

(GRE) to encapsulate PPP frames for tunneled data, provide a tunneled inter-exchange for remote users

– authentication: such as PAP, CHAP– confidentiality: proprietary encryption protocol

• based on MPPE (Microsoft Point-to-point encryption)

65

L2TP

• IPSec is based on Network Layer • An emerging Internet Engineering Task Force (IETF)

standard that work on Layer 2– The Layer 2 Tunnel Protocol (L2TP)

• based on Cisco's Layer 2 Forwarding (L2F)Microsoft's Point-to-Point Tunneling Protocol

(PPTP)• a tunneling protocol• support other protocol (IPX, AppleTalk or NetBEUI)• L2TP packet can also be encrypted using algorithm

similar to IPSec• L2TP provides three functions

authentication, encryption, and tunneling• Both Win2003 Advanced Server and Cisco IOS

support L2TP

66

PPTP vs. L2TP

PPTP L2TP

Connectivity Support IP only Support a wide range of protocols

Header Compression

No

6 bytes

Yes

4 bytes

Authentication computer level authentication

tunnel authentication

Encryption use MPPE encryption

use other IETF technologies, such as IPSec ESP

67

Transport layer security

68

Transport Layer Security (1)

• TLS was derived from a security protocol called Secure Socket Layer (SSL)– SSL was designed by Netscape to provide

security on the WWW• TLS is an non-proprietary version of SSL (by

IETF)• functions:

– ensure the server belongs to the actual vendors– ensure the contents are not modified during

transition– ensure no other sensitive information leak out

69

Transport Layer Security (2)

How to do it?• An encryption technology that is used to provide

secure transactions such as the exchange of credit card numbers.

• Uses symmetric encryption for private connections (confidentiality)

• Uses asymmetric key cryptography for peer authentication.

• Uses message authentication code for message integrity checking.

70

Two protocols in TLS (1)

1. Handshake protocol• responsible for

negotiation security, authenticate the server to the browser and defining other communications parameter

• responsible for defining the exchange of a series of messages between the browser and server

71

Two protocols in TLS (2)

2. Data exchange protocol• use the secret key to encrypt the data for

secrecy and to encrypt the message digest for integrity

72

SSL - Secure Socket Layer (1)

• SSL is a public key encryption protocol– developed by Netscape Comm. Corp to secure

HTTP– Nearly all the popular Internet browsers support

this feature.

• An authentication and encryption technique providing security services to TCP clients– is based on IETF RFC-2246, under TLS – weak in user authentication, only authenticate a

client (browser) when connects to SSL port of a server

– server transmit its public key to client, so that client can encrypt with server’s public key

73

SSL - Secure Socket Layer (2)

74

SSL - Secure Socket Layer (3)

• Primary use with for web applications, but also available to others services

• SSL-enhance Telnet, FTP (e.g. SSLtelnet, SSLftp)

• SSL-VPN– SSL VPN is a remote access security solution that

uses Web browsers for clientless remote access to private applications.

– It allows access to specific applications, rather than entire subnets.

75

SSL-VPN

• Also known as web-based VPN (noted that it is on transport layer)– Once established, Secured Socket Layer (SSL) is

an encrypted connection for transmitting data between client and server via the Internet.

• Most network security systems allow the data from HTTP and HTTPS (SSL that operates on HTTPS) to pass through its firewall– CLIENTLESS - The client does not need to install

any special programs to establish the SSL-VPN connection.

76

IPSec VPN

77

SSL-VPN

78

IPSec VPN vs. SSL VPN (1)

79

IPSec VPN vs. SSL VPN (2)

80

Application Layer Security

81

SSH (1)

• a Unix secure shell to improve the classical application such as Telnet

• a strong method of performing client authentication.

• supports authentication, compression, confidentiality, and integrity.

82

SSH (2)

• it is an alternative to transitional remote access tools such as telnet and rlogin– Authentication of remote host => minimise threat

of client impersonation via IP address spoofing or DNS manipulation

– support several encryption algorithm (DES, 3DES, IDEA and blowfish) for session encryption to ensure confidentiality and integrity.

– use secret key encryption so both parties must know the keys in advance

• accept redirection to and from other application by constructing “pipes”

83

SSH Operations (1)

• SSH client and SSH server have a set of public/private keys,– SSH client makes requests– SSH server accepts or rejects incoming

connections• client binds a high local port and connect to

the server via port 22• client requires the server’s public key and

host key• client and server agree on the encryption

algorithm

84

SSH Operations (2)

• client generates a session key and encrypts it using server’s public key

• server decrypts the session key using its own private key, and re-encrypts using client’s public key.

• server sends it back to client for verification• user authenticates to the server

85

SSH vs. IPSec

• SSH is quicker and easier to deploy – it is based on application layer and

available per application (process-to-process)

– IPSec works on network layer and is available per host once setup (host-to-host)

• SSH provides user authentication on specific application, IPSec deals with individual hosts (host authentication)

86

Other standards: S/HTTP & SET

• S/HTTP– an early standard for encrypting ONLY

HTTP documents– being overtaken by SSL

• SET– an open encryption and security

specification designed to protect credit card transactions on the Internet.

• supported by MasterCard, Visa and banks

87

Privacy Enhanced Mail (PEM) (1)

• supports email application– Compliant with Public Key Cryptography Standards

(PKCS)– Developed by consortium of Microsoft, Sun, and

Novell– based on Triple DES-EDE – Symmetric Encryption

• The DES algorithm in Encrypt-Decrypt-Encrypt (EDE) multiple encryption mode

• as defined by ANSI X9.17 for encryption and decryption with pairs of 64-bit keys

• may be used for DEK and MIC encryption when symmetric key management is employed. The character string "DES-EDE" within an encapsulated a PEM header field indicates use of this algorithm/mode combination.

88

Privacy Enhanced Mail (PEM) (2)

– MD2 and MD5 Message Digest– RSA Public Key – signatures and key

distribution– X.509 Certificates and formal CA

89

Secure Multipurpose Internet Mail Extensions (S/MIME)

• Another email application– Adds secure services to messages in

MIME format– Provides authentication through digital

signatures– Follows Public Key Cryptography

Standards (PKCS)– Uses X.509 Signatures

90

Quiz 1 Quiz 2

IPSec requires a logical connection between 2 hosts using a signaling protocol is called

a. AHb. SAc. PGPd. TLS

Ans: a

Tunneling is a technique in which the IP datagram is first ______ and then _____

a. Encapsulated in another datagram; encryptedb. Encrypted; encapsulated

in another datagramc. Authenticated; encryptedd. Encrypted; authenticated

Ans: b