Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ipsec vpn v0.1


Published on

An in depth view of what is IPSEC VPN and how it works

Published in: Technology
  • Be the first to comment

Ipsec vpn v0.1

  1. 1. IPSec - VPN
  2. 2. Introduction <ul><li>IPSec is an suite of protocols used for securing IP Communications </li></ul><ul><li>Provides Confidentiality, Data Integrity, and replay protection. </li></ul><ul><li>Provides Mutual Authentication between two entities </li></ul><ul><li>Can be used for communication between </li></ul><ul><ul><li>Pair of Hosts (Computer Users or Servers or both) </li></ul></ul><ul><ul><li>Pair of Network Devices (Routers or Firewall) </li></ul></ul><ul><ul><li>Network Devices and Hosts </li></ul></ul>
  3. 3. Features <ul><li>Part of an Open Standard </li></ul><ul><li>Operates at Layer 3 (Internet Layer) of OSI stack </li></ul><ul><ul><li>Other encryption protocols e.g. SSL, SSH etc., operate at layers above Layer 3 </li></ul></ul><ul><li>It does not require applications to be modified for compatibility purpose </li></ul><ul><ul><li>Implementation of SSL, SSH requires additional changes to be carried out on the applications </li></ul></ul>
  4. 4. IPSec Services <ul><li>Data origin authentication </li></ul><ul><li>Data integrity </li></ul><ul><li>Data confidentiality </li></ul><ul><li>Replay protection </li></ul><ul><li>Automated management of cryptographic keys and security associations </li></ul>
  5. 5. Concepts <ul><li>Security Association (SA) </li></ul><ul><li>Security Parameter Index (SPI) </li></ul><ul><li>IP Destination Address </li></ul><ul><li>Security Protocol </li></ul>
  6. 6. Database maintained by IPSec <ul><li>Security Policy Database (SPD) </li></ul><ul><li>Security Association Database (SAD) </li></ul>
  7. 7. IPSec Modes <ul><li>Tunnel Mode </li></ul><ul><li>Transport Mode </li></ul>
  8. 8. Key Components of IPSec <ul><li>There are three key components of IPSec </li></ul><ul><ul><li>I nternet K ey E xchange (IKE) to setup a S ecurity A ssociation (SA) </li></ul></ul><ul><ul><ul><li>Handling negotiation of protocol and algorithms </li></ul></ul></ul><ul><ul><ul><li>Generating the encryption and authentication keys </li></ul></ul></ul><ul><ul><li>A uthentication H eader (AH) </li></ul></ul><ul><ul><ul><li>Provides integrity and data origin authentication </li></ul></ul></ul><ul><ul><ul><li>Provides protection against replay attacks </li></ul></ul></ul><ul><ul><li>E ncapsulating S ecurity P ayload (ESP) </li></ul></ul><ul><ul><ul><li>Provides confidentiality, data origin authentication and integrity </li></ul></ul></ul>
  9. 9. Authentication Header [AH] <ul><li>Provides Data Origin Authentication </li></ul><ul><li>Provides Data Integrity </li></ul><ul><li>AH gets appended to the Packet Header </li></ul><ul><li>Does not provide confidentiality. </li></ul>
  10. 10. AH – Packet Structure… TUNNEL MODE TRANSPORT MODE Provides Integrity Protection to entire packet irrespective of the mode New IP Header AH Header Original IP Header Payload Authenticated (Integrity Protection) Original IP Header AH Header Payload Authenticated (Integrity Protection
  11. 11. AH … <ul><li>Host – to – Host (without gateway) </li></ul><ul><li>Host – to – Host (with gateway) </li></ul>TRANSPORT MODE TUNNEL MODE PACKET New IP Header PACKET PACKET PACKET PACKET PACKET
  12. 12. Authentication Header - Packet Identifies the protocol of the payload data. Size of AH Packet For Future Use Contains the MAC output used for verifying whether the packet has been altered or not Ensures that only packets within a sliding window of sequence numbers are accepted. Prevents replay attack Unique identifier set by each endpoint of IPSec connection. Used to determine which SA is in use Next Header Payload Length Reserved Security Parameters Index (SPI) Sequence Number Authentication Data
  13. 13. AH – Data Integrity Process <ul><li>Keyed hash algorithm creates a hash and pre-shared key. </li></ul><ul><li>Hash is added to the AH packet header. </li></ul><ul><li>IPSec uses Hash Message Authentication Code (HMAC-MD5) and HMAC-SHA-1) </li></ul><ul><li>IP Header fields that may change are excluded from Integrity Protection process </li></ul>
  14. 14. Internet Key Exchange <ul><li>Importance of IKE </li></ul><ul><li>What is a SA ? </li></ul><ul><li>IKE uses 5 different types of exchanges to create SA, transfer status and error info and define new Diffie Hellman groups </li></ul>
  15. 15. Internet Key Exchange… <ul><li>Five types of IKE exchanges </li></ul><ul><ul><li>Main Mode </li></ul></ul><ul><ul><li>Aggressive Mode </li></ul></ul><ul><ul><li>Quick Mode </li></ul></ul><ul><ul><li>Informational </li></ul></ul><ul><ul><li>Group </li></ul></ul>
  16. 16. IKE – Phase One Exchange <ul><li>To successfully negotiate a secure channel </li></ul><ul><li>Provides bi-directional encryption and authentication for subsequent IKE exchanges </li></ul><ul><li>IKE SA can be established through either of the following two modes: </li></ul><ul><ul><li>Main Mode </li></ul></ul><ul><ul><li>Aggressive Mode </li></ul></ul>
  17. 17. How IPSec Works <ul><li>Interesting traffic initiates the IPSec process </li></ul><ul><li>IKE phase one </li></ul><ul><li>IKE phase two </li></ul><ul><li>Data transfer </li></ul><ul><li>IPSec tunnel termination </li></ul>
  18. 18. IKE–Phase 1 Exchange – Main Mode <ul><li>Establishes IKESA through three pair of messages: </li></ul><ul><li>First pair of message contains </li></ul><ul><ul><li>Encryption Algorithm: DES, 3DES, RC5, AES etc </li></ul></ul><ul><ul><li>Integrity Protection Algorithm: HMAC-MD5, HMAC-SHA1 etc </li></ul></ul><ul><ul><li>Authentication Method </li></ul></ul><ul><ul><ul><li>Pre-shared Keys </li></ul></ul></ul><ul><ul><ul><li>Digital Signatures </li></ul></ul></ul><ul><ul><ul><li>Public Key Encryption </li></ul></ul></ul><ul><ul><li>Diffie Hellman Group number </li></ul></ul>
  19. 19. <ul><li>Second Pair of Messages performs </li></ul><ul><ul><li>Key Exchange through Diffie Hellman using the parameters negotiated during first step </li></ul></ul><ul><li>Third Pair of Messages performs </li></ul><ul><ul><li>Each end point authenticate to the other </li></ul></ul><ul><ul><li>By this time all messages are encrypted </li></ul></ul>IKE–Phase 1 Exchange – Main Mode
  20. 20. IKE-Phase1-Main Mode Summary <ul><li>First Pair of Messages </li></ul><ul><ul><li>Negotiates the IKE SA parameters </li></ul></ul><ul><li>Second Pair of Messages </li></ul><ul><ul><li>Performs key exchange </li></ul></ul><ul><li>Third Pair of Messages </li></ul><ul><ul><li>Authenticates the endpoints to each other </li></ul></ul>
  21. 21. IKE–Phase 1 Exchange– Aggressive Mode <ul><li>Faster than Main Mode. Uses three messages instead of three pairs of messages </li></ul><ul><li>First Message </li></ul><ul><ul><li>Endpoint A sends all SA parameters, Diffie-Hellman key exchange and its ID </li></ul></ul><ul><li>Second Message </li></ul><ul><ul><li>Endpoint B sends all SA parameters, Diffie-Hellman key exchange and its authentication payload </li></ul></ul><ul><li>Third Message </li></ul><ul><ul><li>Endpoint A sends its authentication payload </li></ul></ul>
  22. 22. Security Issues – Aggressive Mode <ul><li>Key exchange happens before Diffie-Hellman parameters are exchanged </li></ul><ul><li>Identity information is not always hidden hence adversary can realize the parties involved in the authentication process </li></ul><ul><ul><li>If PKI is used then the identity information gets concealed </li></ul></ul><ul><li>Susceptible to Man in the middle attacks (Pre-Shared Key Cracking) </li></ul>
  23. 23. IKE-Phase2 Exchange <ul><li>Used to establish an SA for the actual IPSec connection </li></ul><ul><li>This SA is referred to as IPSec SA </li></ul><ul><li>Unlike IKESA (bidirectional), IPSec SA is unidirectional </li></ul><ul><ul><li>i.e. IPSec connection requires two security associations </li></ul></ul>
  24. 24. Encapsulating Security Payload <ul><li>ESP is the second core IPSec security protocol </li></ul><ul><li>Provides Data Origin Authentication </li></ul><ul><li>Provides Data Integrity (Not for the outermost IP Header) </li></ul><ul><li>Provides Encryption features </li></ul><ul><li>ESP has two modes: </li></ul><ul><li>- Transport & Tunnel Mode </li></ul>
  25. 25. ESP – Packet Structure TUNNEL MODE TRANSPORT MODE New IP Header ESP Header Original IP Header Payload ESP Trailer ESP Auth (Optional) Encrypted Authentication (Integrity Protection) Original IP Header ESP Header Payload ESP Trailer ESP Auth (Optional) Encrypted Authenticated (Integrity Protection)
  26. 26. ESP - Packet Contains the data used to authenticate the packet Unique identifier set by each endpoint of IPSec connection. Used to determine which SA is in use Ensures that only packets within a sliding window of sequence numbers are accepted. Prevents replay attack Used with some block ciphers to pad the data to the full length of a block. Size of Padding in Bytes Identifies the protocol of the payload data. Security Parameters Index (SPI) Sequence Number Payload Data Padding Pad Length Next Header Authentication Data (Variable)
  27. 27. <ul><li>Authentication Header </li></ul><ul><li>Provides Integrity protection for all packet headers and data. </li></ul><ul><li>Often incompatible with NATing since Srce and dest IP header integrity maintained </li></ul><ul><li>Does not provide encryption options </li></ul><ul><li>Use of AH has significantly declined. Some IPSec implementations do not support AH </li></ul><ul><li>Encapsulation Security Payload </li></ul><ul><li>ESP does not provide integrity protection for the outermost IP header </li></ul><ul><li>Provides encryption option </li></ul><ul><li>In ESP tunnel mode, the true srce and dest IP is encrypted. Hence ESP tunnel mode is the most commonly used for IPSec VPN </li></ul><ul><li>Padding feature makes it complicated for an adversary to carry out traffic analysis </li></ul>Summarize AH & ESP
  28. 28. Why two protocols ? <ul><li>ESP or AH ? </li></ul><ul><li>If ESP provides encryption and authentication, then why then AH ? </li></ul>
  29. 29. VPN - Protocols <ul><li>IPSec is the prevalent network layer VPN protocol. </li></ul><ul><li>There are scenarios where-in other VPN protocols are required to be implemented </li></ul><ul><ul><li>Data Link Layer VPN protocols </li></ul></ul><ul><ul><ul><li>PPTP , L2TP, L2F </li></ul></ul></ul><ul><ul><li>Transport Layer VPN protocols </li></ul></ul><ul><ul><ul><li>SSL </li></ul></ul></ul><ul><ul><li>Application Layer VPN protocols </li></ul></ul><ul><ul><ul><li>SSH </li></ul></ul></ul>
  30. 30. Types of VPN <ul><li>Site to Site VPN </li></ul>
  31. 31. Site to Site VPN <ul><li>VPN connectivity would be transparent to the users </li></ul><ul><li>Labor costs for configuring clients/ gateways reduces </li></ul><ul><li>Deployment would be easy as only the gateways needs to be configured </li></ul><ul><li>Existent Routers could be used as VPN gateway </li></ul><ul><ul><li>Hardware cost of gateway might be high </li></ul></ul>
  32. 32. Types of VPN <ul><li>Client to Site VPN </li></ul>
  33. 33. VPN protocols – Pros & Cons Protocol Strengths Weaknesses PPTP Can protect Non-IP protocols since the layer is operating below the network layer Requires client software (if there is no built-in client) Has known security weaknesses Does not offer strong authentication Supports one session per tunnel L2TP Can protect Non-IP protocols Can support multiple sessions per tunnel Can support RADIUS Can use IPSec to provide encryption and key mgmt service Requires client software (if there is no built-in client)
  34. 34. VPN protocols – Pros & Cons Protocol Strengths Weaknesses SSL Already supported by all major web browser Can provide strong encryption Can only protect TCP based communications Requires application servers & clients to support SSL/TLS Typically implemented to authenticate the server to the client and not vice-versa Application Layer VPNs Can provide granular protection for application communications Can only protect some or all of the communications for a single application Often cannot be incorporated in off-the shelf software Uses proprietary encryption or authentication mechanisms that may have unknown flaws