CS402: Computer Communications and Networks

Virtual Private Networks

• Today’s business climate requires companies to establish andmaintain:
• Extranets: creating links with suppliers and business partners. This requires the use of dedicated and expensive leased lines to assure security.
• Intranets: most large companies maintain costly wide area networks linking facilities that might be located throughout the world
• Remote users: many companies need employees to telecommute, or to access their network while traveling.
• The Internet represents a convenient means to accomplish all this while providing for an unprecedented potential for increased productivity.

What is a VPN?

• VPNs utilize the public Internet to carry private communications safely and inexpensively
• VPNs supply network connectivity over possibly long physical distance
• A form of WAN?
• Yes, but over public networks as opposed to private leased lines
• VPNs support:
• Remote access client connections
• LAN-to-LAN internetworks
• Controlled access within an intranet
• Based on a “tunneling” strategy
• Packets in one of several VPN protocols formats are encapsulated within IP packets

VPN Architecture

Advantages and Disadvantages of VPNs

• Advantages:
• Low Cost
• Scalability
• Disadvantages:
• Complexity
• Availability and performance out of an organization’s control
• Interoperability issues

Dangers or lack of security

• Loss of privacy: confidential data can be observed while it transverses the Internet
• Loss of data integrity: modification of confidential or non-confidentialdata
• Identity spoofing: intruders may be able to impersonate a second party and have access to confidential information

IP Vulnerabilities

• IP routing method makes large IP networks vulnerable to:
• Spoofing: one machine in the network “pretends” to be another
• Sniffing: one machine “eavesdrop” the transmissions between two other machines
• Session Hijacking: an attacker employs both of these techniques to take over an established communication, masquerading as one of the communicating parties…

IPsec

• IPsec is a framework of open standards for ensuring secure private communications over IP networks.
• IPsec ensures confidentiality, integrity and authenticity of data communications across a public IP network
• IPsec’s main areas of interest are:
• Encryption
• Authentication
• Key management
• Security Associations

IPsec Technologies basic requirements

• Algorithms for encrypting the data
• Algorithms to provide packet authentication
• Key exchange method, such as Diffie-Hellman for deriving key material between peers on a public network
• Public key cryptography for signing the Diffie- Hellman exchanges to guarantee the identity of the two parties and avoid the man-in-the-middle attacks
• Digital certificates signed by a certificate authority to act as digital ID cards

Services needed for Message security

• Privacy: sender and receiver expect confidentiality
• Use symmetric or public key cryptography
• Authentication: receiver must be sure of the sender’s identity
• Can use a digital signature
• Integrity: data must arrive at the receiver exactly as it was sent

Symmetric-Key Cryptography

• Take an unencrypted ASCII message (plaintext) and apply an encryption algorithm using a secret “key”.
• The result text will be encrypted and is called “ciphertext”
• Transmit encrypted message
• Recipient takes the ciphertex and applies the same algorithm using the same key
• There are several encryption algorithms available for IPsec based on mathematical transforms:
• Data Encryption Standard (DES, 56-bit key)
• Triple Data Encryption Standard (3DES, 168-bit key)
• Advanced Encryption Standard (AES, 128, 192 and 256-bit keys)
• How to distribute the secret key becomes the biggestchallenge…

Encryption Example

• Most of the encryption and hashing algorithms are complex, but their bottom line is the use of a simple XOR function
• XOR encoding works like this:
• XOR bit pattern M with bit pattern K to get bit pattern C. M is your message, K is your secret key and C is your encrypted ciphertext, C is transmitted
• On the receiver, XOR C with K. This will bring M back to you!

XOR Process Example

• On the sending side:
• M = Original Message = 00111010 11110110 00001111
• K = Encryption Key = 11100011 01010101 11110000
• C = Ciphertext = 11011001 10100011 11111111
• Send through the Internet
• On the receiving side:
• C = Ciphertext = 11011001 10100011 11111111
• K = Encryption Key = 11100011 01010101 11110000
• M = Recoverd Message = 00111010 11110110 00001111
• Recovered message = Original Message

Symmetrical Encryption

• Both sides use same key to encrypt and decrypt (shared secret)
• Runs faster that asymmetrical
• Keys should be replaced often
• Challenge: how to get the keys safely to both parties (often)??

Asymmetrical Encryption

• Public key encrypts data, private key decrypts data
• If A wants to send data to B, A will use B’s public key to encrypt. B will decrypt using its own secret key.
• Uses complex math
• Modular arithmetic
• Factoring and relatively-prime numbers
• Much slower than symmetric algorithms (up to 1000x slower)
• Key distribution is easier
• Broadcast public key or
• Store it in a public shared database (the Certificate Authority)
• Private key always stays with owner

Asymmetric Key Cryptography

• Let
• m = original message
• K_+b = B’s public encryption key
• K_-b = B’s private decryption key
• K_+b (m) = encrypted ciphertext using B’s public key
• K_-b (m) = decrypted message using B’s private key
• Then, for public key cryptography you encrypt with public key and decrypt with private key in such a way that:
• K_-b (K_+b (m)) = m
• Notice that an intruder, C, can’t decrypt the message since C does not have K-b, and 
• K_-c (K_+b (m)) ≠ m

Authentication

• Encrypting message will be of no good if we can’t verify that the received message is really from who it claims to be.
• Must be careful not to use authentication protocols that will not work, for example:
• A identifies itself to the recipient (I am A)
• Can easily be eavesdropped
• A identifies itself to the recipient and sends a password (plain text or encrypted)
• Vulnerable to “playback attack”

Authentication: Digital Signature

• Can be accomplished by a process similar to public-key encryption
• Roles of public and private key are reversed
• Sender uses its private key to encrypt (sign) the message. The receiver uses the public key of the sender to decrypt the message.

Authentication with Digital Signature

• Let:
• m = message (e.g., I am B)
• K_-b = B’s encryption private key
• K_+b = B’s decryption public key
• K_+b (m) = decrypted messageusing B’s public key
• K_-b (m) = encrypted message using B’s private key
• For digital signature authentication, you can encrypt using the private key and decrypt using the public key in such a way that:
• K_+b (K-b (m)) = m = I am B
• Notice that and intruder, C, can’t sign and pretend to be Bob, since:
• K_+b (K_-c (m)) ≠ m

Signing a Digest

• Signing long message could lead to inefficiencies as it involves authentication and secrecy. Instead:
• Create a miniature version of the message using a hash function. The miniature version of the message is called a digest.
• Sender sends plain text and encrypted digest
• Receiver decrypts the digest using the public key. Then creates its own digest from the received plaintext. If both digests are the same, the message integrity and authentication is verified.

Diffie-Hellman Algorithm

• Allows hosts to dynamically create and share secret keys using the public network!
• No need to store secret keys for long periods of time, thus reducing risk…
• Operates this way:
• The nodes agree ahead-of-time on two values, P (a prime number larger than 2) and G (an integer smaller than P). These values can be made public.
• Each node selects its own private value X which is less than P-1
• Each node then calculates Y = G^XMod P
• Y is a public key and can be exchanged through the Internet
• Pubic key is useless without its other “half” which in this case is the private (secret) Key X!!!

Diffie-Hellman Algorithm (cont.)

• When receiving the public key Y, each node calculate a new common, secret key Z = Y^XMod P
• Z is then derived from the host original secret key X and the other host public key Y
• The important thing now is that both sides will arrive to exactly the same value of Z, i.e., :
• Node 1: Z1 = (Y2)^X1Mod P
• Node 2: Z2 = (Y1)^X2Mod P
• Z1 = Z2
• Z can now be used as the key for the encryption method being used.
• Note that the identity of the remote node is not verified

Diffie-Hellman (cont.)

Diffie-Hellman Example

IPsec Modes of Operation

• Transport Mode: only the IP payload is encrypted with the original IP header left intact
• Only adds a few bytes to each packet
• Allows devices on the public network to see the final source and destination of the packet
• Suited to Telecommuting and remote access
• Tunnel Mode: the entire original IP datagram is encrypted, and it becomes the payload in a new IP packet
• Allows a network device to act as an IPsec proxy (the router performs encryption on behalf of the hosts)
• Company’s IP addresses are hidden from the public network, only the original and ultimate IP addresses are sent as clear text
• Suited to site-to-site connectivity

IPsec Tunnel and Transport Modes

IPsec Packets

• Authentication Header (AH): ensures integrity and authentication of the data.
• Encapsulating Security Header (ESP): protects confidentiality and integrity through data encryption.
• AH and ESP can be used independently or together.

IPsec: Authentication Header

• Data authentication service
• Authenticates on a per-PDU basis
• Provides “Connectionless Integrity”
• Uses HMAC (a hash function based message authentication code) signing to authenticate data
• HMAC with MD5
• HMAC with SHA-1
• Signed before fragmentation, not necessarily per-packet
• Authenticates Data and most of IP Header
• “Mutable” fields (e.g., TTL) cannot be authenticated
• Frames with AH are identified by IPv4 as Protocol 51. Next header field of IPv6 would be set to 51.

AH Header Fields

• Header Position

• IPv4 protocol field = 51 for AH
• IPv6 next (extension) header field = 51 for AH
• Format

AH Header Fields

Encapsulation and Security Payload Header

• Data confidentiality service
• Encrypts data
• In practice uses symmetric algorithms but supports asymmetric as well.
• Also has some authentication (AH) functions
• Provides “Connectionless Integrity”
• Optional protection against replay attacks
• Authenticates IP Data only. If IP header authentication is desired, AH must be used
• Frames with ESP are identified by IPv4 Protocol 50, or IPv6 next header 50.

ESP Header Fields

Security Associations

• Identifies parameters of security
• Allow different levels of security to be applied to different streams of packets, all running through the same physical interface
• Define a set of communication parameters:
• AH Parameters
• Authentication algorithm and keys
• Sequence number management
• ESP Parameters
• Encryption algorithm, keys, initial vectors
• Authentication algorithm and keys
• Sequence number management
• SA Lifetime
• The SPI (Security Parameter Index) defines which SA to use
• SA is unidirectional. For secure two way traffic, 2 are required

Internet Key Exchange (IKE)

• Purpose is to establish and maintain SAs
• Described on RFC 2409
• 2 Phases
• Phase 1: Establish secure channel so subsequent traffic is encrypted
• Authenticates each party to the other
• Uses Diffie-Hellman algorithm to establish symmetric keys
• Establishes a single, bi-directional SA for Phase 2
• Phase 2: Negotiate other general-purpose SAs
• Also supports re-keying of the secure channel

IKE Services

• Provides a way to:
• Agree on which protocols, algorithms, and keys to use (negotiation services)
• Ensure from the beginning of the exchange that you are talking to whom you think you are talking to (primary authentication services).
• Manage those keys after they have been agreed upon (key management)
• Exchange material for generating those keys safely.

---

Source: Eladio R. Cortes Ramos
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License.