IP Layer Encryption Protocol by pptfiles

VIEWS: 131 PAGES: 12

									IP Layer Encryption Protocol and its Application to VPN
(with discussion of IPSec Key Management Protocol: ISAKM/Oakley)

David T. Paliotta Network Security & Cryptography Dr. Parviz Kermani March 1st, 2004

With the advent of virtual private networks (VPN) and the use of the Internet to exchange corporate information within the same organization oftentimes with disparate geography, and frequently outside the organization with remote users, partners etceteras, there emerges a new set of problems centered around security. Several areas that had to be regarded early on were user authentication, e-mail security, web security and even the security of the protocol itself. Today it may involve the security of real time exchange of mission critical information such as procurement, supply chain management, sales and customer relationship management. Online business transactions, and online access to financial institutions etc., pose an even greater challenge. The thrust of this paper is to examine the security of the Internet Protocol (IP) itself, which is commonly referred to as IP Security or IPSec., with a view to the key exchange methodology used to complete the security association (SA) between sender and receiver of information in conjunction with VPN‘s and also within the corporate enterprise itself, defined as an ―intranet‖ or, in the case of disparate geographical locations within the same organization, and ―extranet.‖

Virtual Private Networks
Before we can look at IPSec, we first have to look at the VPN itself. A virtual private network (VPN) is a private data network that makes use of the public Internet infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Arguably VPNs are synonymous with IPSec, however VPN‘s were in use prior to IPSec‘s advent, and there are other protocols that utilize VPN‘s. Basically, there are three important VPN 2

technologies: trusted VPNs, secure VPNs, and hybrid VPNs. It is important to note that secure VPNs and trusted VPNs are not technically related, and can co-exist in a single service package. The privacy afforded by these legacy VPNs was only that the communications provider assured the customer that no one else would use the same circuit. This allowed VPN Technologies customers to have their own IP addressing and their own security policies. A leased circuit ran through one or more communications switches, any of which could be compromised by someone wanting to observe the network traffic. The VPN customer trusted the VPN provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. Thus, these are called trusted VPNs. We can plainly see that trusted does not necessarily mean secure. As the Internet became more popular as a corporate communications medium, security became much more of a pressing issue for both customers and providers. Seeing that trusted VPNs offered no real security, vendors started to create protocols that would allow traffic to be encrypted at the edge of one network or at the originating computer, moved over the Internet like any other data, and then decrypted when it reached the corporate network or a receiving computer. This encrypted traffic acts like it is in a tunnel between the two networks: even if an attacker can see the traffic, they cannot read it, and they cannot change the traffic without the changes being seen by the receiving party and therefore rejected. Networks that are constructed using encryption are called secure VPNs. A secure VPN can be run as part of a trusted VPN, creating a third type of VPN or a hybrid VPN (sometimes referred to an ―outsourced VPN‖). The secure parts of a hybrid VPN might be controlled by the customer (such as by using secure VPN equipment on their sites) or by the same provider that provides the trusted part of the hybrid VPN. More than likely, only a part of


a hybrid VPN is secure. We will concentrate on Secure VPN‘s or making the VPN secure using IPSec. The main reason that companies use secure VPNs is so that they can transmit sensitive information over the Internet without needing to worry about whom might see it. Everything that traverses a secure VPN is encrypted to such a level that even if someone captured a copy of the traffic, they could not read the traffic even if they used hundreds of millions of dollars worth of computers. Furthermore, using a secure VPN allows the company to know that an attacker cannot alter the contents of their transmissions, such as changing the value of financial transactions. Companies who use trusted VPN‘s do so because they want to know that their data is moving over a set of paths that has specified properties and is controlled by one ISP or a trusted confederation of ISPs. This allows the customer to use their own private IP addressing schemes, and possibly to handle their own routing. The customer trusts that the paths will be maintained according to an agreement like an SLA with the provider, and that people whom the customer does not trust (such as an attacker) cannot either change the paths of any part of the VPN or insert traffic on the VPN. Note that it is usually impossible for a customer to know the paths used by trusted VPNs, or even to validate that a trusted VPN is in place; they must trust their provider completely. A typical situation for hybrid VPN deployment is when a company already has a trusted VPN in place and some parts of the company also need security over part of the VPN. Fortunately, none of the common trusted VPN technologies prevent the creation of hybrid VPN‘s, and some manufacturers are creating systems that explicitly support the creation of hybrid VPN services.


All traffic on the secure VPN then must be encrypted and authenticated. No one outside the VPN can affect the security properties of the VPN. It must be impossible for an attacker to change the security properties of any part of a VPN, such as to weaken the encryption or to affect which encryption keys are used. Enter IPSec. IPSec was predominantly responsible for the creation of secure VPN‘s and companies across the globe, driven by the enormous cost saving to be had from this new technology, jumped on the VPN bandwagon.

IPSec Protocol
In 1998, the IETF (Internet Engineering Task Force issued a bold and public statement. ‗A security protocol in the network layer will be developed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality.‘ It did just that, and IPSec (IP Security) became the Internet standard protocol for tunneling, encryption, and authentication. It was designed to protect network traffic by addressing basic usage issues including: • access control • connection integrity • authentication of data origin • protection against replays • traffic flow confidentiality

IPSec is really a set of extensions to the IP protocol family and provides cryptographic security services. These services handle all of the aforementioned usage requirements. IPSec provides similar services as SSL, but at the network layer, or layer 3 of the OSI model, in a way that is completely transparent to your applications, and arguably much more powerful.


Figure 1. We say this because applications do not have to have any knowledge of IPSec to be able to use it. Any IP protocol may be used over IPSec and can be employed using secure encrypted tunnels (VPNs), or simply encrypting between computers perhaps on a corporate backbone infrastructure. The IPSec protocol allows two operational modes; transport mode and tunnel mode. In transport mode, everything in the packet behind and not including the IP header is protected. In Tunnel mode, everything behind and including the header is protected, requiring a new pseudo IP header. While the IPSec protocol was under development, two other protocols — L2TP and PPTP — arose as temporary solutions. L2TP (Layer 2 Tunneling Protocol) encloses non-Internet protocols such as IPX, SNA, and AppleTalk inside an IP envelope. However, L2TP has to rely on other protocols for encryption functions. PPTP (Point-to-Point Tunneling Protocol) is a proprietary Microsoft encryption and authentication protocol. Although originally developed as a temporary


solution, Microsoft continues to deploy L2TP as its tunneling protocol instead of IPSec tunneling. When comparing the three, IPSec is, by far, the most widely used protocol, and the only one that addresses future VPN environments (such as new IP protocols IPv6). IPSec has the capability to:     Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity with partners Enhancing electronic commerce security

IPSec, as stated earlier is a superset of IP that adds security functionality to the IP protocol. There are four (4) primary protocols that collectively form the basis for IPSec:

IPSec = AH + ESP + IPComp + IKE
The AH (Authentication Header) provides authenticity guarantee for packets by ensuring the packet was not generated by a masquerader and was not modified in transit. The ESP (Encapsulating Security Payload) provides a confidential guarantee for data by encrypting packets with algorithms. The IPComp (IP Payload Compression) provides a way to compress packets before encryption. Finally, the ISAKMP/Oakley (Internet Security Association and Key management Protocol), now referred to as IKE (Internet Key Exchange), and provides a way to negotiate private keys in secrecy. It is important to note that Oakley is the mandated key exchange algorithm mandated for use with IKE, and IKE is the framework providing the protocol support for Internet Key Management discussed on page 9, Figure 2. Security of IPSec depends on secret keys, generated by IKE. If the secret keys are compromised, IPSec is no longer secure. Data encryption is a function of IPSec, made possible by ESP. An encryption algorithm, generated by ESP, is a way of changing data so that only the desired


recipient knows how to reconstruct it. Triple DES (Data Encryption Standard) is an encryption algorithm that is unbreakable and is the most popular algorithm because of its strong encryption and number of keys. Encryption allows only the receiver to read what has been sent over the network. IPSEC provides the capability to secure ―tunnels‖ between two network devices such as two routers

Although it is possible to manually enter all the parameters needed for IPsec operation on the various devices, this approach is limited both in security and scalability. As a consequence, the IPsec working group has developed a protocol to dynamically manage the IPsec parameters. The resulting protocol, formerly known as ISAKMP/Oakley, has been renamed IKE (Internet Key Exchange) and focuses on two things: authenticated key exchange and management of the security associations in general. This protocol is rather complex and has many options and modes of operation which provide different features. In the following diagram we can see that a security association is set up by a call from the IPSec protocol to IKE at the application layer. A Security Association is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. If a two way secure exchange is needed then two SAs are required. In a security setup association, you can use AH or ESP but not both. In its simplest form, the security policy database points to an SA for certain traffic designated to use IPSec services.


Figure 2. As stated, ISAKMP provides the frame work for message exchange. There are 5 such exchanges that should be supported in an IPSec implementation:

1. Base exchange (4 exchanges required) allows key information and authentication material to be transmitted together. 2. Identity Protection Exchange (6 exchanges required )is an expansion on Base Exchange and adds the element of protecting the user‘s identities. 3. Authentication only exchange (3 exchanges required) facilitates mutual authentication without a key exchange. 4. Aggressive exchange(3 exchanges required) minimizes number of changes at expanse of not providing identity protection. 5. Informational exchange (1 exchange required) is used for management of SA‘a through one-way communications. 9

An example of one of the 5 types of key exchange mechanisms - the identity protection exchange – is shown in Figure 3. The steps show how the mechanism works.

1. I  R Begins ISAKMP SA negotiation 2. RI Agrees on Basic SA 3. I R Key Generated with a NONCE 4. R I Key Generated with another NONCE 5. I –>R Initiator Identity is verified by responder (sent encrypted) 6. RI Responder Identity verified by initiator and SA is established (sent encrypted)

Figure 3.


While there are many methods by which to authenticate and encrypt data over a network, IPSec made it possible for corporate America to use the Internet as an infrastructure by providing authenticity, and encryption using key exchange methodology through the IP de facto standards in use today, and extending that to the new version 6 of IP. Private networking solutions are expensive and cannot be updated quickly to adapt to changes in business requirements, whereas the Internet is inexpensive but does not by itself ensure privacy. In addition IPSec provided and continues to provide for: • • • Flexibility in Network Design New Application Enablement Any-to-Any Connectivity

Alas, IPsec is not without its issues. IPSec was developed in a committee and has many features and options, therefore it is very complicated. The downside is, more features means a greater possibility a weakness or hole can be found to compromise security. When encrypting small pieces of information, the overhead caused by the encryption process becomes larger than the actual payload, causing performance degradation. IPSec is not immune to this problem. In addition: • IPSec allows encryption without authentication, which could allow an unauthorized person to use IPSec for malicious purposes. • Lots of messages in establishing SAs

While IPSec solves a number of significant security problems, it introduces problems of a different kind. For example, when IP packets are encrypted using ESP, any TCP/UDP port information they contain cannot be used for packet classification in intermediate routers. This


has a deleterious effect on certain QoS services provided in routers and managed by protocols such as RSVP. Other network services, such as those gathering RMON2 data, also rely on the ability of intermediate network devices to observe transport protocol port information. Thus, encrypting packets using IPSec can interfere with network management. Finally, network intrusion systems utilize information gleaned from network traffic to recognize potential network attacks. When this information is encrypted, intrusion detection is complicated.


To top