Virtual Networks

Read this detailed description of VPNs and how they can be used to improve network security.

Today’s business climate requires companies to establish and maintain:

Extranets: creating links with suppliers and business partners. This requires the use of dedicated and expensive leased lines to assure security.
Intranets: most large companies maintain costly wide-area networks linking facilities that might be located throughout the world
Remote users: many companies need employees to telecommute or to access their network while traveling.

The Internet represents a convenient means to accomplish all this while providing an unprecedented potential for increased productivity.

What is a VPN?

VPNs utilize the public Internet to carry private communications safely and inexpensively
VPNs supply network connectivity over possibly long physical distance

A form of WAN?

Yes, but over public networks as opposed to private leased lines

VPNs support:

Remote access client connections
LAN-to-LAN internetworks
Controlled access within an intranet

Based on a “tunneling” strategy

Packets in one of several VPN protocol formats are encapsulated within IP packets

VPN Architecture

Advantages and Disadvantages of VPNs

Advantages:

Low Cost
Scalability

Disadvantages:

Complexity
Availability and performance out of an organization’s control
Interoperability issues

Dangers of lack of security

Loss of privacy: confidential data can be observed while it transverses the Internet
Loss of data integrity: modification of confidential or non-confidential data
Identity spoofing: intruders may be able to impersonate a second party and have access to confidential information

IP Vulnerabilities

IP routing method makes large IP networks vulnerable to:

Spoofing: one machine in the network “pretends” to be another
Sniffing: one machine “eavesdrop” the transmissions between two other machines
Session Hijacking: an attacker employs both of these techniques to take over an established communication, masquerading as one of the communicating parties…

IPsec

IPsec is a framework of open standards for ensuring secure private communications over IP networks.
IPsec ensures the confidentiality, integrity, and authenticity of data communications across a public IP network
IPsec’s main areas of interest are:

Encryption
Authentication
Key management
Security Associations

IPsec Technologies' basic requirements

Algorithms for encrypting the data
Algorithms to provide packet authentication
Key exchange method, such as Diffie-Hellman for deriving key material between peers on a public network
Public key cryptography for signing the Diffie- Hellman exchanges to guarantee the identity of the two parties and avoid man-in-the-middle attacks
Digital certificates signed by a certificate authority to act as digital ID cards

Services needed for Message Security

Privacy: sender and receiver expect confidentiality

Use symmetric or public key cryptography

Authentication: the receiver must be sure of the sender’s identity

Can use a digital signature

Integrity: data must arrive at the receiver exactly as it was sent

Symmetric-Key Cryptography

Take an unencrypted ASCII message (plaintext) and apply an encryption algorithm using a secret “key”.
The resulting text will be encrypted and is called “ciphertext”
Transmit encrypted message
The recipient takes the ciphertext and applies the same algorithm using the same key
There are several encryption algorithms available for IPsec based on mathematical transforms:

Data Encryption Standard (DES, 56-bit key)
Triple Data Encryption Standard (3DES, 168-bit key)
Advanced Encryption Standard (AES, 128, 192 and 256-bit keys)

How to distribute the secret key becomes the biggest challenge…

Encryption Example

Most of the encryption and hashing algorithms are complex, but their bottom line is the use of a simple XOR function
XOR encoding works like this:

XOR bit pattern M with bit pattern K to get bit pattern C. M is your message, K is your secret key, and C is your encrypted ciphertext; C is transmitted
On the receiver, XOR C with K. This will bring M back to you!

XOR Process Example

On the sending side:

M = Original Message = 00111010 11110110 00001111
K = Encryption Key = 11100011 01010101 11110000
C = Ciphertext = 11011001 10100011 11111111

Send through the Internet
On the receiving side:

C = Ciphertext = 11011001 10100011 11111111
K = Encryption Key = 11100011 01010101 11110000
M = Recoverd Message = 00111010 11110110 00001111

Recovered message = Original Message

Symmetrical Encryption

Both sides use the same key to encrypt and decrypt (shared secret)
Runs faster than asymmetrical
Keys should be replaced often
Challenge: how to get the keys safely to both parties (often)??

Asymmetrical Encryption

The public key encrypts data, private key decrypts data

If A wants to send data to B, A will use B’s public key to encrypt. B will decrypt using its own secret key.

Uses complex math

Modular arithmetic
Factoring and relatively prime numbers

Much slower than symmetric algorithms (up to 1000x slower)
Key distribution is easier

Broadcast public key or
Store it in a public shared database (the Certificate Authority)
The private key always stays with the owner

Asymmetric Key Cryptography

m = original message
K_+b = B’s public encryption key
K_-b = B’s private decryption key
K_+b (m) = encrypted ciphertext using B’s public key
K_-b (m) = decrypted message using B’s private key
Then, for public key cryptography, you encrypt with a public key and decrypt with a private key in such a way that:

K_-b (K_+b (m)) = m

Notice that an intruder, C, can’t decrypt the message since C does not have K-b, and

K_-c (K_+b (m)) ≠ m

Authentication

Encrypting a message will be of no good if we can’t verify that the received message is really from who it claims to be.
Must be careful not to use authentication protocols that will not work, for example:

A identifies itself to the recipient (I am A)

Can easily be eavesdropped

A identifies itself to the recipient and sends a password (plain text or encrypted)

Vulnerable to “playback attack”

Authentication: Digital Signature

This can be accomplished by a process similar to public-key encryption

Roles of public and private key are reversed
The sender uses its private key to encrypt (sign) the message. The receiver uses the public key of the sender to decrypt the message.

Authentication with Digital Signature

Let:

m = message (e.g., I am B)
K_-b = B’s encryption private key
K_+b = B’s decryption public key
K_+b (m) = decrypted message using B’s public key
K_-b (m) = encrypted message using B’s private key
For digital signature authentication, you can encrypt using the private key and decrypt using the public key in such a way that:

K_+b (K-b (m)) = m = I am B

Notice that an intruder, C, can’t sign and pretend to be Bob since:

K_+b (K_-c (m)) ≠ m

Signing a Digest

Signing long messages could lead to inefficiencies as it involves authentication and secrecy. Instead:

Create a miniature version of the message using a hash function. The miniature version of the message is called a digest.
The sender sends plain text and encrypted digest
The receiver decrypts the digest using the public key. Then, it creates its own digest from the received plaintext. If both digests are the same, the message integrity and authentication are verified.

Diffie-Hellman Algorithm

Allows hosts to dynamically create and share secret keys using the public network!

No need to store secret keys for long periods of time, thus reducing risk…

Operates this way:

The nodes agree ahead of time on two values, P (a prime number larger than 2) and G (an integer smaller than P). These values can be made public.
Each node selects its own private value X, which is less than P-1
Each node then calculates Y = G^XMod P
Y is a public key and can be exchanged through the Internet

The pubic key is useless without its other “half,” which in this case is the private (secret) Key X!!!

Diffie-Hellman Algorithm (cont.)

When receiving the public key Y, each node calculates a new common, secret key Z = Y^XMod P
Z is then derived from the host's original secret key, X, and the other host's public key Y
The important thing now is that both sides will arrive at exactly the same value of Z, i.e.,

Node 1: Z1 = (Y2)^X1Mod P
Node 2: Z2 = (Y1)^X2Mod P
Z1 = Z2

Z can now be used as the key for the encryption method being used.
Note that the identity of the remote node is not verified

Diffie-Hellman (cont.)

Diffie-Hellman

Diffie-Hellman Example

IPsec Modes of Operation

Transport Mode: only the IP payload is encrypted with the original IP header left intact

Only adds a few bytes to each packet
Allows devices on the public network to see the final source and destination of the packet
Suited to Telecommuting and remote access

Tunnel Mode: the entire original IP datagram is encrypted, and it becomes the payload in a new IP packet

Allows a network device to act as an IPsec proxy (the router performs encryption on behalf of the hosts)
Company’s IP addresses are hidden from the public network; only the original and ultimate IP addresses are sent as clear text
Suited to site-to-site connectivity

IPsec Tunnel and Transport Modes

IPsec Packets

Authentication Header (AH): ensures integrity and authentication of the data.
Encapsulating Security Header (ESP): protects confidentiality and integrity through data encryption.
AH and ESP can be used independently or together.

IPsec: Authentication Header

Data authentication service
Authenticates on a per-PDU basis

Provides “Connectionless Integrity”
Uses HMAC (a hash function-based message authentication code) signing to authenticate data

HMAC with MD5
HMAC with SHA-1

Signed before fragmentation, not necessarily per-packet

Authenticates Data and most of the IP Header

“Mutable” fields (e.g., TTL) cannot be authenticated

Frames with AH are identified by IPv4 as Protocol 51. The next header field of IPv6 would be set to 51.

AH Header Fields

Header Position

IPv4 protocol field = 51 for AH
IPv6 next (extension) header field = 51 for AH

Format

AH Headers Field Format

AH Header Fields

Encapsulation and Security Payload Header

Data confidentiality service

Encrypts data
In practice, it uses symmetric algorithms but supports asymmetric as well.

Also has some authentication (AH) functions

Provides “Connectionless Integrity”
Optional protection against replay attacks
Authenticates IP Data only. If IP header authentication is desired, AH must be used

Frames with ESP are identified by IPv4 Protocol 50 or IPv6 next header 50.

ESP Header Fields

Security Associations

Identifies parameters of security
Allow different levels of security to be applied to different streams of packets, all running through the same physical interface
Define a set of communication parameters:

AH Parameters

Authentication algorithm and keys
Sequence number management

ESP Parameters

Encryption algorithm, keys, initial vectors
Authentication algorithm and keys
Sequence number management

SA Lifetime

The SPI (Security Parameter Index) defines which SA to use
SA is unidirectional. For secure two-way traffic, 2 are required

Internet Key Exchange (IKE)

The purpose is to establish and maintain SAs
As described on RFC 2409
2 Phases

Phase 1: Establish a secure channel so subsequent traffic is encrypted

Authenticates each party to the other
Uses the Diffie-Hellman algorithm to establish symmetric keys
Establishes a single, bi-directional SA for Phase 2

Phase 2: Negotiate other general-purpose SAs

Also supports re-keying of the secure channel

IKE Services

Provides a way to:

Agree on which protocols, algorithms, and keys to use (negotiation services)
Ensure from the beginning of the exchange that you are talking to whom you think you are talking to (primary authentication services).
Manage those keys after they have been agreed upon (key management)
Exchange material for generating those keys safely.

Source: Eladio R. Cortes Ramos
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License.

Last modified: Thursday, November 9, 2023, 6:42 PM