CN8814: Network Security1 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) TLS (SSL-VPN)

CN8814: Network Security 1

Virtual Private Networks (VPN)

Generic Routing Encapsulation (GRE)TLS (SSL-VPN)

Virtual Private Networks (VPN)

CN8816: Network Security 2

1. Generic Routing Encapsulation (GRE)

Tunneling Encapsulation with delivery header The addresses in the delivery header are the addresses

of the head-end and the tail-end of the tunnel

10.1.1.1/10.2.1.1

10.1.1.1/10.2.1.1GRE20.1.1.1/30.1.1.1

tunnel

Delivery header

10.1.1.1 10.2.1.1

10.1.0.0/16 10.2.0.0/16

20.1.1.1 30.1.1.1

Public Network

Private network site

Private network site

Virtual Private Networks (VPN)

CN8816: Network Security 3

1. Generic Routing Encapsulation (GRE)

Structure of a GRE encapsulated packet

1. Generic Routing Encapsulation (GRE)

IP access of the tunnel through the tunnel interface

Virtual Private Networks (VPN)

CN8816: Network Security 4

serial 0/0

tunnel 0

serial 0/0

tunnel 0

20.1.1.1 30.1.1.1Internet

10.1.0.0/16 10.2.0.0/16

Gateway Gateway

Customer Sites

10.1.1.1/10.2.1.1

10.1.1.1/10.2.1.1

10.1.1.1/10.2.1.1

20.1.1.1/30.1.1.1 GRE 10.1.1.1/10.2.1.1

e0 e0

Virtual Private Networks (VPN)

CN8816: Network Security 5

1. Generic Routing Encapsulation (GRE)

Tunneling mechanism at IP Outbound traffic

IP

…s0 e0 Tunnel0

Routing table of R1

10.1.0.0/16 e020.1.1.1/30 s010.2.0.0/16 tunnel00.0.0.0/0 s0

10.1.1.1/10.2.1.1

(1)

(2)

(3)

(4)

GRE

(5)

(6)

20.1.1.1/30.1.1.1

(7)

(8)

20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1]

(9)

Virtual Private Networks (VPN)

CN8816: Network Security 6

1. Generic Routing Encapsulation (GRE)

Inbound traffic

IP

…s0 e0 Tunnel0

Routing table of R2

10.2.0.0/16 e030.1.1.1/30 s010.2.0.0/16 tunnel00.0.0.0/0 s0

GRE

20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1]

(1)

(2)

(3)

10.1.1.1/10.2.1.1(4)(5)

(6)

(7)

10.1.1.1/10.2.1.1

(8)

Virtual Private Networks (VPN)

CN8816: Network Security 7

1. Generic Routing Encapsulation (GRE)

Example

interface tunnel0 ip unnumbered s0 tunnel source s0 tunnel destination 30.1.1.1!ip route 10.2.0.0 255.255.0.0 tunnel0

interface tunnel0 ip unnumbered s0 tunnel source s0 tunnel destination 20.1.1.1!ip route 10.1.0.0 255.255.0.0 tunnel0

Routing table of R1

10.1.0.0/16 e020.1.1.1/30 s010.2.0.0/16 tunnel00.0.0.0/0 s0

GRE tunneling with routing

Virtual Private Networks (VPN)

CN8816: Network Security 8

1. Generic Routing Encapsulation (GRE)

Routing updates(subnets of 10.0.0.0/8)

3. IP Security (IPsec)

IPsec and Dynamic Routing IPsec-protected traffic must be pre-defined

IPsec only supports static routing

Virtual Private Networks (VPN)

CN8816: Network Security 9

10.1.0.0/16 10.2.0.0/16

The IPsec tunnel is setup for the traffic between 10.1.0.0/16 and

10.2.0.0/16

10.3.0.0/16The tunnel will not support the traffic to

the new siteNew site

IPsec tunnel

3. IP Security (IPsec)

IPsec/GRE GRE defines a tunnel interface IPsec transport mode provides the security

Virtual Private Networks (VPN)

CN8816: Network Security 10

IP

insideoutside Tunnel0

Routing table10.1.0.0/16 inside30.0.0.0/8 outside10.2.0.0/16 tunnel0

GRE

10.1.1.1/10.2.1.1

(4)

(5)

(6)

IPsec(transport)

Ipsec_protected20.1.1.1/30.1.1.1

(1)(2)

(3)

10.3.0.0./16 tunnel0

10.1.1.1/10.3.1.1

3. IP Security (IPsec)

Virtual Tunnel Interface Provide secure tunnel by associating the virtual

interface with IPsec

Virtual Private Networks (VPN)

CN8816: Network Security 11

IP

inside outside Tunnel0

Routing table10.1.0.0/16 inside30.0.0.0/8 outside10.2.0.0/16 tunnel0

IPsec

10.1.1.1/10.2.1.1

(4)

(5)

(6)

Protected packet20.1.1.1/30.1.1.1

(2) (3)10.3.0.0./16 tunnel0

10.1.1.1/10.3.1.1

Virtual Private Networks (VPN)

CN8816: Network Security 12

2. Transport-Layer Security (TLS)

TLS architecture Provide security connection between two

application entities

-Authentication-Cipher suit negotiation-Keys generation

Encryption,MIC &Compression

Error and alert reporting

Virtual Private Networks (VPN)

CN8816: Network Security 13

2. Transport-Layer Security

TLS Record protocol Four connection states: current read and write

states, and the pending read and write states Security parameters:

Connection end (client/server) Bulk encryption algorithm: type, key_size, … MAC algorithm: hash_size Compression algorithm Master Secret Client random, Nc Server random, Ns

Keys Client_MAC_Write, Server_MAC_Write,

Client_Write_Key, Server_Write_Key, IVs

2. Transport-Layer Security

Virtual Private Networks (VPN)

CN 8816: Network Security 14

Messages are processed using the current read or write states

Fragment

Type Version Length

ICV

Padding (for CBC block cipher)Pad length

Write/readMAC secret

Write/readKey

(Compressed)

2. Transport-Layer Security

Key Generation Master_secret = PRF(gxy mod N, “master secret”, Nc+Ns)

x and y are the DE parameters Nc and Ns are the nonces generated by the client and the server,

respectively Master_secret is always 48 bytes

PRF(secret, label, seed) = P_hash(secret, label+seed) P_hash(secret, seed) = HMAC(secret, A(1)+seed)

+ HMAC(secret, A(2)+seed) + … + HMAC(secret, A(n)+seed)

A(0) = seed A(i) = HMAC(secret, A(i-1)

Virtual Private Networks (VPN)

CN 8816: Network Security 15

2. Transport-Layer Security

By default, the hash used in HMAC is SHA-256 Need two HMAC iterations to generate the Master secret

Key generation Key_block = PRF(Master_secret, “key expansion”, Ns+Nc)

Virtual Private Networks (VPN)

CN 8816: Network Security 16

Master secret (48 bytes) Truncated(16 bytes)

MAC clientWrite (Kmc)

MAC serverWrite (Kms)

Client Write Key (Kwc)

Server Write Key (Kws) IVs (options) …

2. Transport-Layer Security

Handshake protocol Client hello and server response phase

Virtual Private Networks (VPN)

CN 8816: Network Security 17

Client Server

Client Hello: session ID, Nc, cipher suit list, compression alg. list

Server Hello: Ns, cipher suit, compression alg.

Server Certificate O+

Key Exchange: Signature O+

Certificate request O-

Server Hello Done

O+ => Often; O- => Less often

2. Transport-Layer Security

Client reponse and change-cipher specification phase

Virtual Private Networks (VPN)

CN 8816: Network Security 18

Client Server

Client Certificate

Key exchange

Certificate verify: signature

Change cipher specification

Finished: session authentication

Change cipher specification

O-

O-

Finished: session authentication

Application Data

The handshake protocol allows quick setup of new TLS connection using the old session master secret

The master secret is allowed to be kept for 24 hours

Virtual Private Networks (VPN)

CN 8816: Network Security 19

2. Transport-Layer Security

Client Server

Client Hello: session ID, Nc

Server Hello: Ns

Change cipher spec

Finished

Change cipher spec

Finished

Data

Generate keys

Generate keys

Virtual Private Networks (VPN)

CN8816: Network Security 20

2. Transport-Layer Security

Change Cipher Spec Protocol invoke the transition from the pending states to current

states

Client Server

Currentstates

Currentstates

Pendingstates

Pendingstates

ChangeCipherSpecs Protocol

Kmc, Kwc Kmc, Kwc

Kms, Kws Kms, Kws

(1)(1) ChangeCipherSpecs

(2)

Handshake(3) (3) finished

Handshake(3)

ChangeCipherSpecs Protocol

(4)(4) ChangeCipherSpecs

(5)

(6)(6) finished(6)

Virtual Private Networks (VPN)

CN8816: Network Security 21

2. Transport-Layer Security

Alert Protocol Alert messages convey the severity of the

message and a description of the alert Alert levels: warning or fatal

Alert messages with a level of fatal result in the immediate termination of the connection

Alert types: Close notification Error alerts

SSL (TLS) VPN Tunnel interface is used to support secure tunnel

connection

Virtual Private Networks (VPN)

CN8816: Network Security 22

2. Transport-Layer Security

Web browserSSL-VPN web server

TLS

TCP/UDP

TLS

TCP/UDP

IP IP

eth0tun0 InsideOutside tun0

SSL-VPNclientAppl.

(1)

(2) TLS handshake protocol(3)

(4) Upload of SSL-VPN client

(5)

(6)

(7)

(8)

(9)

(10)

(11)

(12)

(13)TLS protected datagram

(14)

(15)

(16)

(17)

(18)

(19)

(20)