Click here to load reader

IPsec and Secure · PDF file Cryptography and Security in Communication Networks IPsec and Secure VPNs (self study for project) ETTI - Master - Advanced Wireless Telecommunications

  • View
    4

  • Download
    0

Embed Size (px)

Text of IPsec and Secure · PDF file Cryptography and Security in Communication Networks IPsec and...

  • Cryptography and Security in Communication Networks

    IPsec and Secure VPNs (self study for project)

    ETTI - Master - Advanced Wireless Telecommunications

  • © Octavian Catrina 2

    Virtual Private Networks (VPN)

     Private, public, virtual private networks

     Private network: Owned and managed by a company, used for

    its own communications.

     Public network: Owned and managed by a network service

    provider, used to offer communication services to customers.

     Virtual private network: Extension of a private network using a

    public telecommunication infrastructure.

     VPN requirements  Security: Confidentiality, integrity, access control.

     Quality of Service: Availability. Performance: bandwidth, delay.

     Low cost: Installation, operation.

    1 Public network 2

    Private network Private network Virtual Private Network

  • Main VPN scenarios

    © Octavian Catrina 3

    1

    Internet

    Remote access VPN:

    Access to corporate intranet

    BobSoft Inc. headquarters:

    Corporate intranet

    BobSoft branch office networks:

    Connected to the corporate intranet

    Bob at home, hotel, airport, ...

    2 Site-to-site VPN:

    Interconnects different sites

    of the corporate intranet

    3 Alice Consulting

    Extranet VPN:

    Remote access for

    business partners

    Private network Private network

    Private network

    BobSoft's VPN

     Site-to-site VPN  Interconnects geographically dispersed private networks.

     Intranet: all sites have the same owner (corporate branches).

     Extranet: sites have different owners (business partners).

     Remote-access VPN  Provides access to the company's intranet to a mobile user,

    home user, etc. Different requirements and technologies.

  • VPN categories: Secure VPN

    © Octavian Catrina 5

    1

    Internet

    Remote access secure VPN:

    Secure access to corporate intranet

    BobSoft Inc. headquarters:

    Corporate intranet

    BobSoft branch office networks:

    Connected to the corporate intranet

    Bob at home, hotel, airport, ...

    2 Site-to-site secure VPN:

    Secure interconnection

    of private networks

    3 Alice Consulting

    Extranet VPN:

    Secure remote access

    for business partners

    Private network Private network

    Private network

    BobSoft's secure VPN

     Strong security using cryptographic protocols

     Trusted VPN solutions cannot offer strong security (data

    privacy and integrity, authentication and authorization).

     Secure VPNs use cryptographic protocols that set up secure

    channels (authenticated and encrypted) across the Internet.

     Issues: Scalability (cryptographic overhead), QoS, higher costs.

    Secure channels using

    cryptographic protocols:

    data integrity,

    authentication,

    confidentiality

  • © Octavian Catrina 6

    Secure VPNs using IPsec

     IPsec: IP security

     Suitable for both site-to-site and remote-access VPNs.

     Creates secure channels available for all IP applications,

    between: hosts, entire networks, a host and a network.

     Available for both IPv4 and IPv6.

     Layer 2 Tunneling Protocol (L2TP)

     Creates a tunnel and offers PPP features needed for remote

    access: IP protocol configuration (address, DNS, etc.), user

    authentication, data and header compression, etc.

     Security provided by IPsec. Solution preferred by Microsoft.

     Some IPsec disadvantages

     Conflicts with anything that tries to inspect and/or modify

    protected IP payload or header (encrypted, authenticated):

    NAT, firewall, IP QoS (workarounds available).

     A VPN client must be installed on the users' computers.

  • © Octavian Catrina 7

    IPsec VPNs

     Tunnel mode: IPsec payload is the entire IP packet. It is delivered

    encapsulated in another IP packet (IP tunnel). Used for gateway-

    to-gateway or host-to-gateway secure channels.

     Transport mode: IPsec payload is the IP packet payload. Can be

    used for end-to-end (host-to-host) security.

     Also used to secure communications within a private network.

    1

    Internet

    IP header

    IPSec header

    Protected payload

    IP header

    IP payload

    IP header

    IP payload

    IP header

    IPSec header

    Protected payload

    Remote access VPN

    BobSoft Inc. headquarters

    Corporate intranet

    BobSoft branch office network

    (connected to corporate intranet)

    Bob at home, airport, ...

    IP header

    IP payload

    2

    3

    Trudy

    Extranet VPN

    Site-to-site VPN

    Alice Consulting

    Business partner

  • IPsec IP Security protocols

  • © Octavian Catrina 10

    IPsec protocols and services

     Encapsulating Security Payload (ESP) protocol

     Encryption and/or authentication: full IP packet or IP payload.

     Authentication Header (AH) protocol

     Authentication: full IP packet or IP payload; fixed header fields.

     Internet Key Exchange (IKE) protocol

     Security association and key management.

     AH or/and ESP?

     Do we really need AH, besides ESP? Many believe we don't ...

    We can use ESP for data authentication only, without encryption. However, AH

    also protects the header. We could also use them together, but it is inefficient.

     Summary of security services

     Data origin authentication. Data confidentiality. Access control.

     Partial packet flow integrity: Connectionless packet integrity.

    Anti-replay protection. Limited traffic flow confidentiality.

  • © Octavian Catrina 11

    Authenticated encryption

     Authenticated encryption  Combination of encryption and message authentication.

     Never use encryption without (data) authentication. If

    confidentiality is not necessary, use MAC alone.

     Composition of MAC and encryption schemes

    Variant Protected message Example Provable security

    Encrypt then MAC

    (ETM)

    EK1(m) || MACK2(EK1(m)) IPsec Secure composition independent of

    schemes. Recommended method.

    MAC then Encrypt

    (MTE)

    EK1(m || MACK2(m)) TLS Secure composition for certain (usual)

    combinations of schemes.

    MAC and Encrypt

    (MAE)

    EK1(m) || MACK2(m) SSH Not provable as general composition

    method (secure in particular cases).

     Dedicated authenticated-encryption schemes  More efficient than composition techniques. Examples:

    CCM (Counter with CBC-MAC Mode), NIST SP800-38C. E.g., IEEE 802.11i.

    GCM (Galois/Counter Mode), NIST SP800-38D. E.g., IEEE 802.1ae.

  • © Octavian Catrina 12

    Brief chronicle of IPsec

     The beginning  IPsec development and standardization started in 1992.

     First specifications were published in 1995.

    IPsec Architecture, Authentication Header (AH), and Encapsulated

    Security Payload (RFC 1825-1827). No Internet Key Exchange (IKE).

     Second iteration  Revised IPsec specifications were published in 1998.

    Architecture, AH, ESP (RFC 2401, 2402, 2406); and others.

     A first specification for IKE: IKEv1 (RFC 2407, 2408, 2409).

     This version was widely deployed, although IKEv1 was a flop.

    Work on IKEv2 started soon afterwards.

     Current specs  Revised IPsec specifications finally issued at the end of 2005.

    Architecture, AH, ESP (RFC 4301-4303); and others.

     Substantial redesign of IKE: IKEv2, RFC 4306.

  • © Octavian Catrina 13

    Encapsulating Security Payload (ESP)

     Encrypted and authenticated payload.

     Transport mode: IPsec Payload Data is the

    IP packet payload. IP header not protected.

     Tunnel mode: IPsec Payload Data is the

    entire IP packet.

     Encryption. E.g., AES in CBC or CTR mode.

     ICV = MAC. E.g., HMAC-SHA1, AES-XCBC.

    32 bits

    A u

    th e

    n ti

    c a

    te d

    E n

    c ry

    p te

    d

    Encapsulating

    Security

    Payload

    SPI (Security Parameters Index)

    Sequence Number

    Integrity Check Value (ICV)

    (variable length, default 96 bits)

    Payload Data (variable length)

    Pad Length

    Padding (0-255 bytes)

    Next Header

    IP Header

    with Protocol ID field = ESP

    IV (Initialization Vector, if necessary; variable length)

     Security Parameters Index (SPI): Identifies

    the IPsec Security Association (SA) for

    this packet at the receiver.

     Next Header: Protocol ID of Payload Data.

Search related