VIRTUAL PRIVATE NETWORKS (VPN)

Traditional Connectivity

[From Gartner Consulting]

What is VPN?
Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.

Became popular as more employees worked in remote locations.

Terminologies to understand how VPNs work.

Private Networks vs. Virtual Private Networks

Employees can access the network (Intranet) from remote locations.
Secured networks. The Internet is used as the backbone for VPNs Saves cost tremendously from reduction of equipment and maintenance costs. Scalability

VPN TOPOLOGY
How does a VPN work?

VPN Classification: Types of VPNs ( Based on Topology)

Remote access VPN Intranet VPN Extranet VPN

VPN Topology: Remote Access VPN

Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organizations modem pool is one method of access for remote workers, but it is expensive because the organization must pay the associated long distance telephone and service costs. Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec-based VPN communications to their organization.

VPN Topology: Intranet VPN

 Intranets: Intranets connect an organizations locations. These locations range from the headquarters offices, to branch offices, to a remote employees home. Often this connectivity is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting home users is also very expensive compared to Internet-access technologies, such as DSL or cable. Because of this, organizations are moving their networks to the Internet, which is inexpensive, and using IPSec to create these networks.

VPN Topology: Extranet VPN

 Extranets: Extranets are secure connections between two or more organizations. Common uses for extranets include supply-chain management, development partnerships, and subscription services. These undertakings can be difficult using legacy network technologies due to connection costs, time delays, and access availability. IPSecbased VPNs are ideal for extranet connections. IPSec-capable devices can be quickly and inexpensively installed on existing Internet connections.

VPN Characteristics
Cheaper than WANs
dedicated leased lines are very expensive

Easier to establish than WANs

ISPs will usually help make the initial IP connection hours for VPNs vs. weeks for WANs

slower than LANs

encryption/dectyption takes time typical LANS are 10-100 Mbps
endpoints connected by VPM may go through many router hops
minimize by using same ISP for everything

dial in users are going to be typically 56Kbps

less reliable than WANs

with WANs routers are under your control and performance is negotiated with provider, not so with VPN you only control initial IP connection

less secure than isolated LANs or WANs

because Internet is used hackers can find you VPN protocol is one more thing to be attacked

Types of VPNs(based on Deployment)

Server based

Firewall based

Router based (including VPN appliances

Server based
Windows Routing and Remote Access Service NT supports only PPTP, W/2000 supports PPTP, L2TP and IPSec comes with everything needed to establish a VPN Linux Blowfish, Free S/WAN, PPP over SSL, PPTP, L2TP with IP masquerading/IP Chains and additional open source software can be used to create a very robust VPN UNIX many incorporating IPSec into their TCP/IP stacks Be aware that VPN traffic leaving your LAN traverses the LAN twice once to the RRAS service as regular LAN traffic, once encapsulated to the firewall

Firewall based VPNs

Since firewalls already do all kinds of packet analysis, adding IP tunneling is relatively easy Rapid acceptance of IPSec and IKE are making VPNing at the firewall more common not all vendors versions of IPSec+IKE work together make sure that remote clients software works with your firewall VPN

Router based VPNs

Typically used on big networks specialized devices for to isolate internal LAN traffic and quickly convey inter-LAN traffic IBM 2210 CISCO Routers running IOS Ascends MAX switches

VPN : Advantages and Disadvantages

Advantages:
Greater scalability Easy to add/remove users Reduced long-distance telecommunications costs Mobility Security

VPN: Advantages and Disadvantages

Disadvantages
Lack of standards Understanding of security issues Unpredictable Internet traffic Difficult to accommodate products from different vendors

Benefits to Enterprise

VPN Topology: What is needed?

Existing hardware (Servers, workstations,) Internet connection VPN - Router/Switch Software to create and manage tunnels Security Device such as firewall

Protocols
Operates at layer 2 or 3 of OSI model
Layer 2 frame Ethernet Layer 3 packet IP

Tunneling
allows senders to encapsulate their data in IP packets that hide the routing and switching infrastructure of the Internet to ensure data security against unwanted viewers, or hackers.

 IP Security (IPSec)
Transport mode Tunnel mode

Point-to-Point Tunneling Protocol (PPTP)

Voluntary tunneling method Uses PPP (Point-to-Point Protocol)

 Layer 2 Tunneling Protocol (L2TP)

Exists at the data link layer of OSI Composed from PPTP and L2F (Layer 2 Forwarding) Compulsory tunneling method

 Most VPNs are really tunnels, whereby Point-to-Point Protocol (PPP) frames or IP packets are tunneled inside some other protocol. Microsoft Point-to-Point Tunneling Protocol (PPTP) (see the Layer 2 module) is a Layer 2 technique, where IP is used to encapsulate and transport PPP and IP packets to a corporate gateway or server. Cisco Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP) are also Layer 2 techniques. They simulate PPP connectivity directly from a client PC to a corporate gateway router or server.

 Multiprotocol Label Switching (MPLS), generic routing encapsulation (GRE), and IPSec are, however, Layer 3 tunnels, where Layer 3 information is transported directly inside another Layer 3 header across the intervening SP network. The terms Layer 2 and Layer 3 may be imprecise when applied to VPNs. Some people consider Frame Relay and ATM to be Layer 2 VPNs. Others consider that to be an out-of-date usage of the term VPN.

Example of packet encapsulation

Tunnelling

Contd..

Contd..

Layer 2 VPNs - PPP

Point-to-Point Protocol (PPP) [RFC 1661, RFC 2153] Standard method for transporting multiprotocol datagrams over point-topoint links Originally developed as encapsulation protocol for IP traffic Protocol Structure:

Layer 2 VPNs PPTP (1/4)

Point-to-Point Tunneling Protocol (PPTP) [RFC 2637] Mainly implemented and used by Microsoft Extension of PPP Allows tunneling of PPP datagrams over IP networks Easy to use and to implement Use of 2 connections Control connection Tunnel connection

Layer 2 VPNs PPTP (2/4)

Protocol only implemented by PPTP-AccessConcentrator (PAC) and PPTP-Network-Server (PNS) Uses Generic Routing Encapsulation (GRE) to carry PPP packets Many sessions multiplexed on a single tunnel

Layer 2 VPNs PPTP (3/4)

Creating a tunnel: 1. Establishing control connection between PAC (PPTP-Access-Concentrator ) and PNS (PPTP-Network-Server ) on port 1723 2. Exchanging information between PAC and PNS (e.g.encryption) 3. Establishing tunnel connection

Layer 2 VPNs PPTP (4/4)

Layer 2 VPNs L2F (1/2)

Layer 2 Forwarding (L2F) Developed by CISCO Allows multiple tunnels and multiple connections on every tunnel Tunneling PPP and SLIP frames Supports UDP, Frame Relay, X.25

Layer 2 VPNs L2F (2/2)

Establishing connection: 1. Remote user initiates PPP connection to ISP 2. ISP undertakes authentication via CHAP or PAP 3. No tunnel exists: Tunnel will be created Tunnel exists: New multiplex ID will be allocated -> notification to home gateway Home gateway accepts or declines new connection

Layer 2 VPNs L2TP (1/2)

Layer 2 Tunneling Protocol (L2TP) [RFC 2661] Combines best features of L2F and PPTP Uses UDP Can be transported over Frame Relay, ATM, X.25, ... Allows multiple tunnels with mutliple sessions inside every tunnel Commonly used with IPSec -> L2TP/IPSec

Layer 2 VPNs L2TP (2/2)

Layer 2 VPNs L2TP/IPSec

Uses IPSec Encapsulating Security Payload (ESP)
Structure of encrypted packet:

Layer 2 VPNs L2TP/IPSec vs. PPTP

IPSec

Outline
Why IPSec? IPSec Architecture Internet Key Exchange (IKE) IPSec Policy discussion

43

IP is not Secure!
IP protocol was designed in the late 70s to early 80s
Part of DARPA Internet Project Very small network
All hosts are known! So are the users! Therefore, security was not an issue

44

Security Issues in IP
source spoofing replay packets no data integrity or confidentiality

DOS attacks

Replay attacks Spying and more

Fundamental Issue:

Networks are not (and will never be) fully secure

45

Goals of IPSec
to verify sources of IP packets
authentication

to prevent replaying of old packets to protect integrity and/or confidentiality of packets

data Integrity/Data Encryption

46

 IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit.

IPSec Architecture
The IPSec Security Model
Secure

Insecure

48

IPSec Architecture

ESP Encapsulating Security Payload

AH

Authentication Header
IPSec Security Policy

IKE The Internet Key Exchange

49

IPSec Architecture
IPSec provides security in three situations:
Host-to-host, host-to-gateway and gatewayto-gateway

IPSec operates in two modes:

Transport mode (for end-to-end) Tunnel mode (for VPN)

50

IPsec Architecture

Transport Mode

Router

Router

Tunnel Mode

51

Various Packets
Original
IP header TCP header data

Transport mode

IP header

IPSec header

TCP header

data

Tunnel mode

IP header

IPSec header

IP header

TCP header

data

52

IPSec
A collection of protocols (RFC 2401)
Authentication Header (AH)
RFC 2402

Encapsulating Security Payload (ESP)

RFC 2406

Internet Key Exchange (IKE)

RFC 2409

IP Payload Compression (IPcomp)

RFC 3137

53

Authentication Header (AH)

Provides source authentication
Protects against source spoofing

Provides data integrity Protects against replay attacks

Use monotonically increasing sequence numbers Protects against denial of service attacks

NO protection for confidentiality!

54

AH Details
Use 32-bit monotonically increasing sequence number to avoid replay attacks Use cryptographically strong hash algorithms to protect data integrity (96-bit)
Use symmetric key cryptography HMAC-SHA-96, HMAC-MD5-96

55

AH Packet Details
New IP header
Next header Payload length Reserved

Security Parameters Index (SPI)

Authenticated Sequence Number Encapsulated TCP or IP packet

Old IP header (only in Tunnel mode)

TCP header Hash of everything else Data Authentication Data
56

Encapsulating Security Payload (ESP)

Provides all that AH offers, and in addition provides data confidentiality
Uses symmetric key encryption

57

ESP Details
Same as AH:
Use 32-bit sequence number to counter replaying attacks Use integrity check algorithms

Only in ESP:
Data confidentiality:
Uses symmetric key encryption algorithms to encrypt packets

58

ESP Packet Details

IP header
Next header Payload length Reserved

Security Parameters Index (SPI)

Authenticated Sequence Number Initialization vector TCP header

Data
Pad Pad length Next

Encrypted TCP packet

Authentication Data
59

Question?
1. Why have both AH and ESP? 2. Both AH and ESP use symmetric key based algorithms
Why not public-key cryptography? How are the keys being exchanged? What algorithms should we use? Similar to deciding on the ciphersuite in SSL

60

Internet Key Exchange (IKE)

Exchange and negotiate security policies Establish security sessions
Identified as Security Associations

Key exchange Key management Can be used outside IPsec as well

61

IPsec/IKE Acronyms
Security Association (SA)
Collection of attribute associated with a connection Is asymmetric!
One SA for inbound traffic, another SA for outbound traffic Similar to ciphersuites in SSL

Security Association Database (SADB)

A database of SAs

62

IPsec/IKE Acronyms
Security Parameter Index (SPI)
A unique index for each entry in the SADB Identifies the SA associated with a packet

Security Policy Database (SPD)

Store policies used to establish SAs

63

How They Fit Together

SPD
SA-1

SADB

SA-2

SPI

SPI

64

SPD and SADB Example

Transport Mode

As SPD B
From A From A To B To B Protocol Any Protocol AH Port Any SPI 12 Policy AH[HMAC-MD5] SA Record HMAC-MD5 key

D
Tunnel Mode

As SADB

From

To

Protocol Any Protocol ESP

Port Any

Policy ESP[3DES] SPI 14

Tunnel Dest D

Asub
From

Bsub
To

Cs SPD
Cs SADB
65

SA Record 3DES key

Asub

Bsub

How It Works
IKE operates in two phases
Phase 1: negotiate and establish an auxiliary end-to-end secure channel
Used by subsequent phase 2 negotiations Only established once between two end points!

Phase 2: negotiate and establish custom secure channels

Occurs multiple times

Both phases use Diffie-Hellman key exchange to establish a shared key

66

IKE Phase 1
Goal: to establish a secure channel between two end points
This channel provides basic security features:
Source authentication Data integrity and data confidentiality Protection against replay attacks

67

IKE Phase 1
Rationale: each application has different security requirements But they all need to negotiate policies and exchange keys! So, provide the basic security features and allow application to establish custom sessions

68

IPSec (Phase 1)
Four different way to authenticate (either mode)
Digital signature Two forms of authentication with public key encryption Pre-shared key

NOTE: IKE does use public-key based cryptography for encryption

69

IPSec (Phase 2)
Goal: to establish custom secure channels between two end points
End points are identified by <IP, port>:
e.g. <www.mybank.com, 8000>

Or by packet:
e.g. All packets going to 128.124.100.0/24

Use the secure channel established in Phase 1 for communication

70

IPSec (Phase 2)
Only one mode: Quick Mode Multiple quick mode exchanges can be multiplexed Generate SAs for two end points Can use secure channel established in phase 1

71

IP Payload Compression
Used for compression Can be specified as part of the IPSec policy Will not cover!

72

IPSec Policy

IPsec Policy
Phase 1 policies are defined in terms of protection suites Each protection suite
Must contain the following:
Encryption algorithm Hash algorithm Authentication method Diffie-Hellman Group

May optionally contain the following:

Lifetime

74

IPSec Policy
Phase 2 policies are defined in terms of proposals Each proposal:
May contain one or more of the following
AH sub-proposals ESP sub-proposals IPComp sub-proposals Along with necessary attributes such as
Key length, life time, etc

75

Discussion
IPSec is not the only solution!
Security features can be added on top of IP!
e.g. Kerberos, SSL

Confused?
IP, IPSec protocols are very complex!
Two modes, three sub protocols

Complexity is the biggest enemy of security

76

Discussion
Has it been used?
Yesprimarily used by some VPN vendors
But not all routers support it

Noit is not really an end-to-end solution

Authentication is too coarse (host based) Default encryption algorithm too weak (DES) Too complex for applications to use

77