Lecture 19: IPSec and VPN Flashcards
What is IPsec a framework for?
ensuring secure communications over IP (internet protocol) networks
What does IPsec stand for?
IP security
What does IPsec provide?
Security services similar as TLS, but at a lower layer in the communications protocol stack
What is the security in the application layer in the TCP/IP stack?
SSH, S-MIME, PGP
What is the security in the transport layer in the TCP/IP stack?
SSL, TLS
What is the security in the network layer in the TCP/IP stack?
IPsec
What is the security in the data-link layer in the TCP/IP stack?
WEP, WPA, WPA2, etc
Give the diagram for cryptography in the TCP/IP stack
See slide 5 in set 19
What does IP layer security provide?
protection for any higher layer protocol, including arbitrary TCP and UDP sessions
commonly used to provide virtual private networks (VPNs)
What does the IP layer security use?
encryption
authentication
key management algorithms
What are the 5 security services that the IP layer security has?
1) message confidentiality
2) message integrity
3) limited traffic analysis protection
4) message replay protection
5) peer authentication
What is the security service of message confidentiality i.t.o IP layer security?
Protecting against unauthorized data disclosure
–> By using encryption mechanisms
What is the security service of message integrity i.t.o IP layer security?
Determining if data has been changed(either intentionally or unintentionally)
–> By using message authentication codes (MACs)
What is the security service of limited traffic analysis protection i.t.o IP layer security?
Possibly difficult to know which parties are communicating, how often, or how much data is being sent when monitoring network traffic
–> By concealing IP datagram details such as source and destination addresses
What is the security service of message replay protection i.t.o IP layer security?
Data not delivered multiple times, and not delivered badly out of order
What is the security service of peer authentication i.t.o IP layer security?
Ensuring network traffic to be sent from the expected host
–> Each IPsec endpoint confirms its identity of the other IPsec endpoint with which it wishes to communicate
What does gateway-to-gateway security provide?
secure communications between 2 networks
Where is network traffic routed through in gateway-to-gateway architecture?
through IPsec connection, protecting it appropriately
Where does gataway-to-gateway architecture protect data?
IMPORTANT
only between 2 gateways
When is gateway-to-gateway architecture used?
Often used when connecting 2 secured networks
e.g. Linking a branch office to headquarters over the Internet
Is gateway-to-gateway architecture more or less costly than private wide area network (WAN) circuits?
less costly
What is host-to-gateway architecture commonly used to provide?
secure remote access
–> e.g. organization deploys a VPN gateway onto its network
What does each remote access user establish and between what in a host-to-gateway architecture
Each remote access user establishes a VPN connection between the local computer (host) and the gateway
In a host-to-gateway architecture, what are the two options for a VPN gateway to be?
1) dedicated device
2) part of another network device
When is a host-to-gateway architecture often used?
when connecting hosts on unsecured networks to resources on secured networks
What is host-to-host architecture typically used for?
special purpose needs
e.g. System administrators performing remote management of a single server
In a host-to-host architecture, where does it provide data protection?
IMPORTANT
throughout its transit(end-to-end)
Is a host-to-host architecture resource-intensive to implement and maintain in terms of user and host management?
yes!
What do all user systems and servers participating in VPNS in a host-to-host architecture need to have?
VPN software installed and/or configured
Comment on host-to-host architectures key management process
through a manual process
What are the 3 types of IP layer security protocols?
1) ESP
2) AH
3) IKE
What does ESP stand for i.t.o IP layer security protocols?
Encapsulating security payload
What does AH stand for i.t.o IP layer security protocols?
Authentication header
What does IKE stand for i.t.o IP layer security protocols?
Internet key exchange
What does the EPS protocol provide?
Providing confidentiality, authentication, integrity and replay protection
What does the AH protocol provide?
Providing authentication, integrity and replay protection, but NOT confidentiality
–> IAH is now deprecated.
What does the IKE protocol provide?
Negotiating, creating and managing session keys insecurity associations (SAs)
What protocol is used in the IPsec connection setup?
IKEv2 protocol
What protocol does the IKEv2 protocol in the IPsec connection setup and how is it authenticated?
a Diffie-Hellman protocol authenticated using signatures with public keys in X.509 certificates
Why does IPsec connection setup include cookies?
to mitigate denial-of-service (DoS) attacks
–> Providing Proof of Reachability before any expensive cryptographic processing is completed
What is a mechanism to mitigate the DoS attack called?
stateless cookie
Explain how the mechanism of a stateless cookie is used
the initial request is responded with a calculated stateless cookie
–> a value that can be re-calculated based on values in the initial request without storing responder-side state
The initial request is then expected to repeat, this time including the stateless cookie
Which standard is the mechanism of stateless cookie in?
RFC 7296 Section 2.6
RFC 7296 Section 2.6 contained the mechanism of stateless cookie.
What did RFC 7296 Section 3 add?
Proof of Work
–> by calculating a pre-image for a partial hash value
Setting an upper bound determined by the attacker’s CPU to the number of negotiations it can initiate in a unit of time
What does proof of work involved?
calculating a pre-image for a partial hash value
What do security associations contain?
1) info needed by an IPsec endpoint to support an IPsec connection
2) possibly cryptographic keys and algorithms, key lifetimes, security parameter index (SPI), security protocol identifier (ESP and/or AH)
3) SPI included in IPsec header to associate a packet with the appropriate SA
What do security associations tell the endpoint?
how to process inbound IPsec packets and/or how to generate outbound packets
Are security associations unidirectional?
yes
What does it mean for security associations to be unidirectional?
one SA for each direction of connection
What must IKEv2 established?
keys used in SAs
What does SA stand for?
security association
What are cryptographic suites similar to? Explain
TLS cipher suites
–> Several standardised cryptographic suites, incorporating both public key and symmetric key algorithms
What are special groups of cryptographic suites available for?
Diffie-Hellman (in finite fields and on elliptic curves)
In cryptographic suits, what are used for encryption? In which modes?
3DES and AES
either in CBC or GCM mode
In cryptographic suits, what are used for integrity?
HMAC or CMAC (variant) used for integrity if GCM mode is not used
What are the two modes that each protocol (either ESH or AH) operate in?
transport or tunnel mode
Outline the transport mode of operation
Maintaining IP header of the original packet and protecting the payload
–> Generally used in host-to-host architectures
Outline the tunnel mode of operation
Encapsulating the original packet into a new one, and letting the payload be the original packet
–> Generally used in gateway-to-gateway and host-to-gateway architectures
Give and explain the diagram for transport mode
See slide 18 in set 19
Give and explain the diagrams for tunnel mode
See slide 18 in set 19
Explain the server to client example (gateway to host)
See slide 19 in set 19
What does the ESP header contain?
SPI identifying the SA and sequence numbers
What does the EPS trailer contain?
padding and its length, and possibly including extra padding to enhance traffic flow confidentiality
What does the ESP auth contain?
MAC of the encrypted data and ESP header
–> Possibly not required if an authenticated encryption mode is used
Give the diagram of the original IP packet i.t.o the transport mode with ESP
See slide 21 in set 19
Give the diagram of the original IP packet protected by transport mode ESP i.t.o the transport mode with ESP
See slide 21 in set 19
In terms of outbounding packet processing for transport mode ESP, what is the data after the original IP header padded by?
adding an ESP trailer
In terms of outbounding packet processing for transport mode ESP, what is the data after the original IP encrypted using?
symmetric cipher and key agreed in the SA
In terms of outbounding packet processing for transport mode ESP, where is the ESP header?
prepended to data after the original IP header
In terms of outbounding packet processing for transport mode ESP, if SA uses the authentication service, what is calculated and appended?
ESP MAC calculated over the data prepared so far and appended
In terms of outbounding packet processing for transport mode ESP, the original IP header prepended BUT some fields must be changed.
What are these?
1) Protocol field changed from TCP to ESP
2) Total length field changed to reflect the addition of ESP header
3) Checksums recalculated
Give the diagram of the original IP packet protected by tunnel mode ESP i.t.o the tunnel mode with ESP
See slide 23 in set 19
In terms of outbounding packet processing for tunnel mode ESP, what is done to the entire original packet?
1) padded by adding EPS trailer
2) encrypted using symmetric cipher and key agreed in the SA
In terms of outbounding packet processing for tunnel mode ESP, where is the header?
EPS header prepended to entire original packet
In terms of outbounding packet processing for tunnel mode ESP, if SA uses the authentication service, what is calculated and appended?
ESP MAC calculated over the data prepared so far and appended
In terms of outbounding packet processing for tunnel mode ESP, what is the new outer IP header that is prepended?
1) Inner IP header of original IP packet carrying the ultimate source and destination addresses
2) Outer IP header may contain distinct IP addresses (e.g. addresses of security gateways)
3) Outer IP header protocol field set to ESP
Comment on the active attacks that exist for encryption-only mode of EPS protocol i.t.o IP layer security
Providing encryption without integrity is known to be insecure
Unlike earlier IPsec versions, the 2005 version does not require implementations to support encryption-only modes, but still allows it
Comment on attacks due to MAC-then-encrypt configurations i.t.o modes used in IP layer security
AH applies encryption after MAC (MAC-then-encrypt)
ESP applies encryption before MAC (encrypt-then-MAC)
What doe VPNs provide?
a secure distributed network
What doe VPNs create?
secure channels over the insecure Internet
What are the three types of VPNs?
1) Branch office interconnect (Intranet VPN)
2) Supplier/business partner access (Extranet VPN)
3) Remote access
Explain the VPN diagram on slide 27 in set 19
See slide 27 in set 19
In terms of the branch office interconnect type of VPN, how is a VPN established and between what?
Establishing a VPN tunnel between router/firewall 1 and router/firewall 2
–> Using AH to authenticate data from tunnel endpoints(routers/firewalls)
–> Using ESP to encrypt data over the Internet
In terms of the branch office interconnect type of VPN, what are the only things that need to support IPsec?
routers/firewalls
–> no change to Intranet resoures
Give the diagram for the branch office interconnect type of VNP
See slide 28 in set 19
In terms of the supplier network type of VPN, comment on the supplier
supplier may not be part of the entreprise
–> VPN extended to operate between router/firewall 1 and individual parts of supplier network
Give the diagram for the supplier network type of VNP
See slide 29 in set 19
In terms of remote access type of VPN, what can ISPs provide?
ISPs can provide VPN services across the untrusted Internet
Give the diagram for the remove access type of VNP
See slide 30 in set 19
