Top Banner
IPSec - VPN
34

Ipsec vpn v0.1

Nov 28, 2014

Download

Technology

An in depth view of what is IPSEC VPN and how it works
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Ipsec vpn v0.1

IPSec - VPN

Page 2: Ipsec vpn v0.1

Introduction

• IPSec is an suite of protocols used for securing IP Communications

• Provides Confidentiality, Data Integrity, and replay protection.

• Provides Mutual Authentication between two entities

• Can be used for communication between– Pair of Hosts (Computer Users or Servers or

both)– Pair of Network Devices (Routers or Firewall)– Network Devices and Hosts

Page 3: Ipsec vpn v0.1

Features

• Part of an Open Standard

• Operates at Layer 3 (Internet Layer) of OSI stack– Other encryption protocols e.g. SSL, SSH

etc., operate at layers above Layer 3

• It does not require applications to be modified for compatibility purpose– Implementation of SSL, SSH requires

additional changes to be carried out on the applications

Page 4: Ipsec vpn v0.1

IPSec Services

• Data origin authentication

• Data integrity

• Data confidentiality

• Replay protection

• Automated management of cryptographic keys and security associations

Page 5: Ipsec vpn v0.1

Concepts

• Security Association (SA)

• Security Parameter Index (SPI)

• IP Destination Address

• Security Protocol

Page 6: Ipsec vpn v0.1

Database maintained by IPSec

• Security Policy Database (SPD)

• Security Association Database (SAD)

Page 7: Ipsec vpn v0.1

IPSec Modes

• Tunnel Mode• Transport Mode

Page 8: Ipsec vpn v0.1

Key Components of IPSec

• There are three key components of IPSec– Internet Key Exchange (IKE) to setup a Security

Association (SA)• Handling negotiation of protocol and algorithms• Generating the encryption and authentication keys

– Authentication Header (AH)• Provides integrity and data origin authentication• Provides protection against replay attacks

– Encapsulating Security Payload (ESP)• Provides confidentiality, data origin authentication

and integrity

Page 9: Ipsec vpn v0.1

Authentication Header [AH]

• Provides Data Origin Authentication

• Provides Data Integrity

• AH gets appended to the Packet Header

• Does not provide confidentiality.

Page 10: Ipsec vpn v0.1

AH – Packet Structure…

New IP Header

AH Header Original IP Header

Payload

Authenticated (Integrity Protection)

Original IP Header

AH Header Payload

Authenticated (Integrity Protection

TUNNEL MODE

TRANSPORT MODE

Provides Integrity Protection to entire packet irrespective of the mode

Page 11: Ipsec vpn v0.1

AH …

• Host – to – Host (without gateway)

IPSec Channel

PACKET

New IP Header PACKET

PACKET PACKET

• Host – to – Host (with gateway)

IPSec Channel

PACKETPACKET

TRANSPORT MODE

TUNNEL MODE

Page 12: Ipsec vpn v0.1

Authentication Header - Packet

Next Header Payload Length Reserved

Security Parameters Index (SPI)

Sequence Number

Authentication DataIdentifies the protocol of the payload

data.

Size of AH Packet

For Future Use

Contains the MAC output used for

verifying whether the packet has

been altered or not

Ensures that only packets within a sliding window of

sequence numbers are accepted.

Prevents replay attack

Unique identifier set by each

endpoint of IPSec connection. Used

to determine which SA is in use

Page 13: Ipsec vpn v0.1

AH – Data Integrity Process

• Keyed hash algorithm creates a hash and pre-shared key.

• Hash is added to the AH packet header.

• IPSec uses Hash Message Authentication Code (HMAC-MD5) and HMAC-SHA-1)

• IP Header fields that may change are excluded from Integrity Protection process

Page 14: Ipsec vpn v0.1

Internet Key Exchange

• Importance of IKE • What is a SA ?• IKE uses 5 different types of exchanges to

create SA, transfer status and error info and define new Diffie Hellman groups

Page 15: Ipsec vpn v0.1

Internet Key Exchange…

• Five types of IKE exchanges– Main Mode– Aggressive Mode– Quick Mode– Informational– Group

Page 16: Ipsec vpn v0.1

IKE – Phase One Exchange

• To successfully negotiate a secure channel• Provides bi-directional encryption and

authentication for subsequent IKE exchanges • IKE SA can be established through either of the

following two modes:– Main Mode– Aggressive Mode

Page 17: Ipsec vpn v0.1

How IPSec Works

• Interesting traffic initiates the IPSec process

• IKE phase one

• IKE phase two

• Data transfer

• IPSec tunnel termination

Page 18: Ipsec vpn v0.1

IKE–Phase 1 Exchange – Main Mode

• Establishes IKESA through three pair of messages:• First pair of message contains

– Encryption Algorithm: DES, 3DES, RC5, AES etc– Integrity Protection Algorithm: HMAC-MD5, HMAC-

SHA1 etc– Authentication Method

• Pre-shared Keys• Digital Signatures• Public Key Encryption

– Diffie Hellman Group number

Page 19: Ipsec vpn v0.1

• Second Pair of Messages performs– Key Exchange through Diffie Hellman using

the parameters negotiated during first step

• Third Pair of Messages performs– Each end point authenticate to the other– By this time all messages are encrypted

IKE–Phase 1 Exchange – Main Mode

Page 20: Ipsec vpn v0.1

IKE-Phase1-Main Mode Summary

• First Pair of Messages– Negotiates the IKE SA parameters

• Second Pair of Messages– Performs key exchange

• Third Pair of Messages– Authenticates the endpoints to each other

Page 21: Ipsec vpn v0.1

IKE–Phase 1 Exchange–Aggressive Mode

• Faster than Main Mode. Uses three messages instead of three pairs of messages

• First Message– Endpoint A sends all SA parameters, Diffie-

Hellman key exchange and its ID• Second Message

– Endpoint B sends all SA parameters, Diffie-Hellman key exchange and its authentication payload

• Third Message– Endpoint A sends its authentication payload

Page 22: Ipsec vpn v0.1

Security Issues – Aggressive Mode

• Key exchange happens before Diffie-Hellman parameters are exchanged

• Identity information is not always hidden hence adversary can realize the parties involved in the authentication process– If PKI is used then the identity information

gets concealed

• Susceptible to Man in the middle attacks (Pre-Shared Key Cracking)

Page 23: Ipsec vpn v0.1

IKE-Phase2 Exchange

• Used to establish an SA for the actual IPSec connection

• This SA is referred to as IPSec SA

• Unlike IKESA (bidirectional), IPSec SA is unidirectional– i.e. IPSec connection requires two security

associations

Page 24: Ipsec vpn v0.1

Encapsulating Security Payload

• ESP is the second core IPSec security protocol

• Provides Data Origin Authentication

• Provides Data Integrity (Not for the outermost IP Header)

• Provides Encryption features

• ESP has two modes:

- Transport & Tunnel Mode

Page 25: Ipsec vpn v0.1

ESP – Packet Structure

New IP Header

ESP Header

Original IP Header

Payload ESP Trailer

ESP Auth (Optional)

Encrypted

Authentication (Integrity Protection)

Original IP Header

ESP Header

Payload ESP Trailer

ESP Auth (Optional)

Encrypted

Authenticated (Integrity Protection)

TUNNEL MODE

TRANSPORT MODE

Page 26: Ipsec vpn v0.1

ESP - Packet

Security Parameters Index (SPI)

Sequence Number

Payload Data

Padding Pad Length Next Header

Authentication Data (Variable)

Contains the data used to

authenticate the packet

Unique identifier set by each

endpoint of IPSec connection. Used

to determine which SA is in use

Ensures that only packets within a sliding window of

sequence numbers are accepted.

Prevents replay attack

Used with some block ciphers to

pad the data to the full length of a

block.

Size of Padding in

Bytes

Identifies the protocol of the payload data.

Page 27: Ipsec vpn v0.1

Authentication Header

• Provides Integrity protection for all packet headers and data.

• Often incompatible with NATing since Srce and dest IP header integrity maintained

• Does not provide encryption options

• Use of AH has significantly declined. Some IPSec implementations do not support AH

Encapsulation Security Payload• ESP does not provide integrity

protection for the outermost IP header

• Provides encryption option• In ESP tunnel mode, the true

srce and dest IP is encrypted. Hence ESP tunnel mode is the most commonly used for IPSec VPN

• Padding feature makes it complicated for an adversary to carry out traffic analysis

Summarize AH & ESP

Page 28: Ipsec vpn v0.1

Why two protocols ?

ESP or AH ?

If ESP provides encryption and authentication, then why then AH ?

Page 29: Ipsec vpn v0.1

VPN - Protocols

• IPSec is the prevalent network layer VPN protocol.

• There are scenarios where-in other VPN protocols are required to be implemented– Data Link Layer VPN protocols

• PPTP , L2TP, L2F

– Transport Layer VPN protocols• SSL

– Application Layer VPN protocols• SSH

Page 30: Ipsec vpn v0.1

Types of VPN

• Site to Site VPN

Page 31: Ipsec vpn v0.1

Site to Site VPN

• VPN connectivity would be transparent to the users

• Labor costs for configuring clients/ gateways reduces

• Deployment would be easy as only the gateways needs to be configured

• Existent Routers could be used as VPN gateway

• Hardware cost of gateway might be high

Page 32: Ipsec vpn v0.1

Types of VPN

• Client to Site VPN

Page 33: Ipsec vpn v0.1

VPN protocols – Pros & Cons

Protocol Strengths Weaknesses

PPTP Can protect Non-IP protocols since the layer is operating below the network layer

Requires client software (if there is no built-in client)

Has known security weaknesses

Does not offer strong authentication

Supports one session per tunnel

L2TP Can protect Non-IP protocols

Can support multiple sessions per tunnel

Can support RADIUS

Can use IPSec to provide encryption and key mgmt service

Requires client software (if there is no built-in client)

Page 34: Ipsec vpn v0.1

VPN protocols – Pros & Cons

Protocol Strengths Weaknesses

SSL Already supported by all major web browser

Can provide strong encryption

Can only protect TCP based communications

Requires application servers & clients to support SSL/TLS

Typically implemented to authenticate the server to the client and not vice-versa

Application Layer VPNs

Can provide granular protection for application communications

Can only protect some or all of the communications for a single application

Often cannot be incorporated in off-the shelf software

Uses proprietary encryption or authentication mechanisms that may have unknown flaws