CN8814: Network Security 1 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) TLS (SSL-VPN)
Dec 25, 2015
CN8814: Network Security 1
Virtual Private Networks (VPN)
Generic Routing Encapsulation (GRE)TLS (SSL-VPN)
Virtual Private Networks (VPN)
CN8816: Network Security 2
1. Generic Routing Encapsulation (GRE)
Tunneling Encapsulation with delivery header The addresses in the delivery header are the addresses
of the head-end and the tail-end of the tunnel
10.1.1.1/10.2.1.1
10.1.1.1/10.2.1.1GRE20.1.1.1/30.1.1.1
tunnel
Delivery header
10.1.1.1 10.2.1.1
10.1.0.0/16 10.2.0.0/16
20.1.1.1 30.1.1.1
Public Network
Private network site
Private network site
Virtual Private Networks (VPN)
CN8816: Network Security 3
1. Generic Routing Encapsulation (GRE)
Structure of a GRE encapsulated packet
1. Generic Routing Encapsulation (GRE)
IP access of the tunnel through the tunnel interface
Virtual Private Networks (VPN)
CN8816: Network Security 4
serial 0/0
tunnel 0
serial 0/0
tunnel 0
20.1.1.1 30.1.1.1Internet
10.1.0.0/16 10.2.0.0/16
Gateway Gateway
Customer Sites
10.1.1.1/10.2.1.1
10.1.1.1/10.2.1.1
10.1.1.1/10.2.1.1
20.1.1.1/30.1.1.1 GRE 10.1.1.1/10.2.1.1
e0 e0
Virtual Private Networks (VPN)
CN8816: Network Security 5
1. Generic Routing Encapsulation (GRE)
Tunneling mechanism at IP Outbound traffic
IP
…s0 e0 Tunnel0
Routing table of R1
10.1.0.0/16 e020.1.1.1/30 s010.2.0.0/16 tunnel00.0.0.0/0 s0
10.1.1.1/10.2.1.1
(1)
(2)
(3)
(4)
GRE
(5)
(6)
20.1.1.1/30.1.1.1
(7)
(8)
20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1]
(9)
Virtual Private Networks (VPN)
CN8816: Network Security 6
1. Generic Routing Encapsulation (GRE)
Inbound traffic
IP
…s0 e0 Tunnel0
Routing table of R2
10.2.0.0/16 e030.1.1.1/30 s010.2.0.0/16 tunnel00.0.0.0/0 s0
GRE
20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1]
(1)
(2)
(3)
10.1.1.1/10.2.1.1(4)(5)
(6)
(7)
10.1.1.1/10.2.1.1
(8)
Virtual Private Networks (VPN)
CN8816: Network Security 7
1. Generic Routing Encapsulation (GRE)
Example
interface tunnel0 ip unnumbered s0 tunnel source s0 tunnel destination 30.1.1.1!ip route 10.2.0.0 255.255.0.0 tunnel0
interface tunnel0 ip unnumbered s0 tunnel source s0 tunnel destination 20.1.1.1!ip route 10.1.0.0 255.255.0.0 tunnel0
Routing table of R1
10.1.0.0/16 e020.1.1.1/30 s010.2.0.0/16 tunnel00.0.0.0/0 s0
GRE tunneling with routing
Virtual Private Networks (VPN)
CN8816: Network Security 8
1. Generic Routing Encapsulation (GRE)
Routing updates(subnets of 10.0.0.0/8)
3. IP Security (IPsec)
IPsec and Dynamic Routing IPsec-protected traffic must be pre-defined
IPsec only supports static routing
Virtual Private Networks (VPN)
CN8816: Network Security 9
10.1.0.0/16 10.2.0.0/16
The IPsec tunnel is setup for the traffic between 10.1.0.0/16 and
10.2.0.0/16
10.3.0.0/16The tunnel will not support the traffic to
the new siteNew site
IPsec tunnel
3. IP Security (IPsec)
IPsec/GRE GRE defines a tunnel interface IPsec transport mode provides the security
Virtual Private Networks (VPN)
CN8816: Network Security 10
IP
insideoutside Tunnel0
Routing table10.1.0.0/16 inside30.0.0.0/8 outside10.2.0.0/16 tunnel0
GRE
10.1.1.1/10.2.1.1
(4)
(5)
(6)
IPsec(transport)
Ipsec_protected20.1.1.1/30.1.1.1
(1)(2)
(3)
10.3.0.0./16 tunnel0
10.1.1.1/10.3.1.1
3. IP Security (IPsec)
Virtual Tunnel Interface Provide secure tunnel by associating the virtual
interface with IPsec
Virtual Private Networks (VPN)
CN8816: Network Security 11
IP
inside outside Tunnel0
Routing table10.1.0.0/16 inside30.0.0.0/8 outside10.2.0.0/16 tunnel0
IPsec
10.1.1.1/10.2.1.1
(4)
(5)
(6)
Protected packet20.1.1.1/30.1.1.1
(2) (3)10.3.0.0./16 tunnel0
10.1.1.1/10.3.1.1
Virtual Private Networks (VPN)
CN8816: Network Security 12
2. Transport-Layer Security (TLS)
TLS architecture Provide security connection between two
application entities
-Authentication-Cipher suit negotiation-Keys generation
Encryption,MIC &Compression
Error and alert reporting
Virtual Private Networks (VPN)
CN8816: Network Security 13
2. Transport-Layer Security
TLS Record protocol Four connection states: current read and write
states, and the pending read and write states Security parameters:
Connection end (client/server) Bulk encryption algorithm: type, key_size, … MAC algorithm: hash_size Compression algorithm Master Secret Client random, Nc Server random, Ns
Keys Client_MAC_Write, Server_MAC_Write,
Client_Write_Key, Server_Write_Key, IVs
2. Transport-Layer Security
Virtual Private Networks (VPN)
CN 8816: Network Security 14
Messages are processed using the current read or write states
Fragment
Type Version Length
ICV
Padding (for CBC block cipher)Pad length
Write/readMAC secret
Write/readKey
(Compressed)
2. Transport-Layer Security
Key Generation Master_secret = PRF(gxy mod N, “master secret”, Nc+Ns)
x and y are the DE parameters Nc and Ns are the nonces generated by the client and the server,
respectively Master_secret is always 48 bytes
PRF(secret, label, seed) = P_hash(secret, label+seed) P_hash(secret, seed) = HMAC(secret, A(1)+seed)
+ HMAC(secret, A(2)+seed) + … + HMAC(secret, A(n)+seed)
A(0) = seed A(i) = HMAC(secret, A(i-1)
Virtual Private Networks (VPN)
CN 8816: Network Security 15
2. Transport-Layer Security
By default, the hash used in HMAC is SHA-256 Need two HMAC iterations to generate the Master secret
Key generation Key_block = PRF(Master_secret, “key expansion”, Ns+Nc)
Virtual Private Networks (VPN)
CN 8816: Network Security 16
Master secret (48 bytes) Truncated(16 bytes)
MAC clientWrite (Kmc)
MAC serverWrite (Kms)
Client Write Key (Kwc)
Server Write Key (Kws) IVs (options) …
2. Transport-Layer Security
Handshake protocol Client hello and server response phase
Virtual Private Networks (VPN)
CN 8816: Network Security 17
Client Server
Client Hello: session ID, Nc, cipher suit list, compression alg. list
Server Hello: Ns, cipher suit, compression alg.
Server Certificate O+
Key Exchange: Signature O+
Certificate request O-
Server Hello Done
O+ => Often; O- => Less often
2. Transport-Layer Security
Client reponse and change-cipher specification phase
Virtual Private Networks (VPN)
CN 8816: Network Security 18
Client Server
Client Certificate
Key exchange
Certificate verify: signature
Change cipher specification
Finished: session authentication
Change cipher specification
O-
O-
Finished: session authentication
Application Data
The handshake protocol allows quick setup of new TLS connection using the old session master secret
The master secret is allowed to be kept for 24 hours
Virtual Private Networks (VPN)
CN 8816: Network Security 19
2. Transport-Layer Security
Client Server
Client Hello: session ID, Nc
Server Hello: Ns
Change cipher spec
Finished
Change cipher spec
Finished
Data
Generate keys
Generate keys
Virtual Private Networks (VPN)
CN8816: Network Security 20
2. Transport-Layer Security
Change Cipher Spec Protocol invoke the transition from the pending states to current
states
Client Server
Currentstates
Currentstates
Pendingstates
Pendingstates
ChangeCipherSpecs Protocol
Kmc, Kwc Kmc, Kwc
Kms, Kws Kms, Kws
(1)(1) ChangeCipherSpecs
(2)
Handshake(3) (3) finished
Handshake(3)
ChangeCipherSpecs Protocol
(4)(4) ChangeCipherSpecs
(5)
(6)(6) finished(6)
Virtual Private Networks (VPN)
CN8816: Network Security 21
2. Transport-Layer Security
Alert Protocol Alert messages convey the severity of the
message and a description of the alert Alert levels: warning or fatal
Alert messages with a level of fatal result in the immediate termination of the connection
Alert types: Close notification Error alerts
SSL (TLS) VPN Tunnel interface is used to support secure tunnel
connection
Virtual Private Networks (VPN)
CN8816: Network Security 22
2. Transport-Layer Security
Web browserSSL-VPN web server
TLS
TCP/UDP
TLS
TCP/UDP
IP IP
eth0tun0 InsideOutside tun0
SSL-VPNclientAppl.
(1)
(2) TLS handshake protocol(3)
(4) Upload of SSL-VPN client
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)TLS protected datagram
(14)
(15)
(16)
(17)
(18)
(19)
(20)