Académique Documents
Professionnel Documents
Culture Documents
Duncan S. Wong
City University of Hong Kong
v1.1 1
Outline
• Virtual Private Networks
• Tunneling
• IPSec
• IKE
• Critiques of IPSec (under construction)
• IKEv2 (under construction)
Readings
• Microsoft TechNote Windows 2000 Server Internetwork
Guide, Chap. 9 – Virtual Private Networking
(
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000
)
v1.1 2
Virtual Private Networks (VPNs)
v1.1 3
Components of a VPN Connection
• Tunnel: The portion of the connection in which your data is encapsulated (or
wrapped) according to a tunneling protocol.
• VPN connection: The portion of the connection in which your data is
encrypted.
• Remark: It is possible to create a tunnel and send the data through the
tunnel without encryption. This is not a VPN connection because the private
data is sent across the Internet in an unencrypted and easily readable form.
v1.1 4
Tunneling
• Tunneling protocols: emulate point-to-point link by encapsulating
data.
v1.1 5
VPN Connections
v1.1 6
IPSec Overview
• IPSec (Internet Protocol Security) is a suite of standards for
providing a rich set of security services at the network layer.
• Transparent to applications (below transport layer – TCP, UDP)
IPSec Features:
• Data source authentication (MAC / Signature)
• Message authentication and integrity check (MAC)
• Confidentiality (encryption)
• Detection of replayed messages
• Limited protection against denial-of-service attack
• Optional identity anonymity
v1.1 7
IPSec Architecture
IPSec Suite
Manual
IPSec
Keying
Policy
Manager &
Database X.509
Applications IKE Certificate
Manager
IPSec
TCP/IP Packet Engine Cryptographic
Interceptor Services
stack
Network
adapter
v1.1 8
Major IPSec Components
• Security Association (SA) Database
• Each entry of a SA database refers to all the security
parameters of one communication direction
• For two-way communications, at least two SAs are needed.
• Two Protocols
• AH – Authentication Header
• ESP – Encapsulating Security Payload
1. Encryption only
2. Encryption with authentication
• Two Encapsulation modes
1. Transport mode
2. Tunnel mode
• Policy Database (SPD)
v1.1 9
Security Associations (SAs)
• Simplex: a one way relationship between a sender and a receiver.
• Set up manually or through the IKE (Internet Key Exchange)
protocol.
• Each SA is uniquely identified by three parameters:
1. Security Parameter Index (SPI)
2. IP Destination address
3. Security Protocol Identifier (e.g. AH, ESP)
• It contains all the security parameters needed for one way
communication
• Sequence number counter
• Anti-replay window
• Protocol (e.g. AH / ESP)
• Transform mode (e.g. transport / tunnel mode / wildcard)
• Protocol parameters (e.g. AES, 128-bit, CBC mode, SHA-1)
• Lifetime of the SA
• etc.
v1.1 10
Two IPSec Base Protocols
• Authentication Header (AH)
• Provides message authentication and
integrity check of IP data payload.
• Also Provides authentication for as
much of the IP header as possible.
• Next header: TCP, UDP, etc.
• Sequence Number: Starts at 1, never
recycle (optional)
Original IP TCP
data
IP packet header header
v1.1 12
Transport mode
• Intercept Network layer packets
Encrypt / Authenticate these packets preserving most of
the original IP header
Network
A B
Transport mode
IP header IPsec header TCP header data
protected packet
v1.1 13
Tunnel mode
• Intercept Network layer packets
Encrypt / Authenticate these packets, while encapsulating
the original IP packet entirely
Original IP TCP
data
IP packet header header
v1.1 14
Tunnel mode
(Router-to-router / Gateway-to-gateway)
Secure Tunnel
Host Host
A B
Network
RA RB
1.1.1.1 1.1.1.2 2.2.2.1 2.3.2.2 3.3.3.1 3.3.3.2
Packet flow
Nested packet format IP header IPsec header IP header TCP header data
Src = 2.2.2.1 Src = 1.1.1.1
Dst = 2.3.2.2 Dst = 3.3.3.2
v1.1 15
Tunnel mode
(Host-to-Router / Remote Access)
Secure Tunnel
Host Host
A B
Internet / Intranet
SGW
v1.1 16
Tunnel mode
(Host-to-host)
v1.1 17
Tunnel mode (Invalid configuration)
Wrong: Tunnel 2
Tunnel 1
v1.1 18
Encapsulation Modes
v1.1 19
Authentication Header (AH) Protocol
• Original IP packets
• Transport Mode AH
• Host-to-host
authentication
• Tunnel Mode AH
• Host-to-host
• Host-to-router (i.e.
remote access)
• Router-to-router
v1.1 20
Encapsulating Security Payload (ESP) Protocol
• Transport Mode ESP
v1.1 21
IPv4 header
TCP / UDP / ICMP / IPPCP / IPsec (AH/ ESP)
32 bits
v1.1 22
Selection of Protocol Modes
(Host-to-Host)
• Transport Mode
• Tunnel Mode
v1.1 23
Selection of Protocol Modes
(Router-to-Router)
• Tunnel Mode
v1.1 24
Selection of Protocol Modes
(Pass-through IPSec)
v1.1 25
Encryption and Authentication Algorithms
• Encryption:
– DES, Triple DES
– RC5
– IDEA, Triple IDEA
– CAST
– Blowfish, Twofish
– AES (Rijndael)
• Authentication:
– HMAC-MD5-96
– HMAC-SHA-1-96
v1.1 26
Key Management
• Two types:
– Manual
– Automated
• Internet Key Exchange (IKE)
v1.1 27
IKE – layout
Port 500
UDP
TCP/UDP TCP/UDP
IP + IPSec IPSec + IP
AH / ESP
v1.1 28
IKE Phases
Phase 1: Two peers authenticate each other and set up a secure
channel for subsequent communications.
• Main Mode
• Aggressive Mode
The differences between them are the number of message
flows needed and the services they provide.
Phase 2: The two peers negotiate various parameters for IPSec. They
include the base protocol, encapsulation mode, keying
materials, etc. The end result is going to be one or more
SAs.
• Quick Mode
v1.1 29
IKE Phase 1: Main Mode
Purposes
• Authenticated key exchange for establishing the IKE SA.
• Protect the identities of the two parties.
v1.1 31
IKE Phase 1: Authentication Using Signatures
(Main Mode)
v1.1 34
Standards
• RFC2401 IPSec
• RFC2402 AH
• RFC2403 HMAC MD5
• RFC2404 HMAC SHA-1
• RFC2405 DES CBC with IV
• RFC2406 IP ESP
• RFC2407 DOI for ISAKMP
• RFC2408 ISAKMP
• RFC2409 IKE
• RFC2410 Null
• RFC2451 ESP CBC Mode
v1.1 35