Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Security CSCE 813 IPsec
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
NetComm Wireless VPN Functionality Feature Spotlight.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IPsec  IPsec (IP security)  Security for transmission over IP networks The InternetThe Internet Internal corporate IP networksInternal corporate IP.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
IPSec VPN: How does it really work? Yasushi Kono (ComputerLinks Frankfurt)
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Cryptography CSS 329 Lecture 13:SSL.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
UNIT.4 IP Security.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Presentation transcript:

Attacking IPsec VPNs Charles D George Jr

Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets transferred using Internet Protocol (IP). Operates between hosts, gateways, or between a host and a gateway. Designed and implemented at the Internet layer. Applications written above this layer are unaffected by the implementation. This is unlike Transport Layer Security (TLS)/Secure Socks Layer (SSL) which operates on the same level as the application. Officially specified by the Internet Engineering Task Force (IETF). Mandatory in IPv6, however extended to work with IPv4.

Security Architecture Essentially two main members of IPSec. o Authentication Header (AH) o Encapsulating Security Payload (ESP) Internet Key Exchange (IKE) o Handles negotiating protocols and generating encryption and authentication keys.

AH/ESP Authentication Header o Connectionless Integrity. o Data origin authenticity. o Protection from replay attacks. Encapsulating Security Payload o Data origin authenticity. o Integrity. o Confidentiality (protection of packets) o Supports encryption only and authentication only.

Security Association Basis for building security into IP. Bundle of algorithms and parameters used to encrypt and authenticate data traveling in one direction. Therefore two in a bi-directional connection. Choice of algorithms and authentication techniques is left to IPSec administrator when defining valid techniques in the security association.

Modes of Operation Transport o Only the payload of the packet is encrypted. o Routing is still in tact. o Cannot be used with NAT when using the Authentication Header because the packet is hashed and the translation of the network address will cause this hash to change. o Used for host-to-host communication. Tunnel o Entire packet is encrypted including the header. o Used for network-to-network, network-to-host, or host-to- host communication. o Often used to create Virtual Private Networks.

Implementation Cryptographic Algorithms: o Integrity  HMAC-SHA1(MD5) o Confidentiality  TripleDES-CBC  AES-CBC CBC is cipher block chaining. Essentially this is the XOR'ing of the previous cipher text with the previous. This initially depends on the plain text and adds another level of obscurity when performing cryptanalysis. IPSec is generally implemented in the kernel with the key exchange protocols working in userspace.

Virtual Private Network A Virtual Private Network is a private network that uses a public network (usually the internet) to connect with remote sites or users together. VPN exhibits some of the attributes or characteristics of a real private network, but does not provide the accessibility or security of a real private network. o Virtual Private Networks are not really private, but rather "almost private". The distinguishing characteristic of VPNs are not security or performance, but that they overlay other network(s) to provide a certain functionality that is meaningful to a user community.

How It Works VPNs rely on tunneling to create a private network within the Internet infrastructure. The Basic Steps: 1.Grab the data that the user wants to send and encrypt it if needed. 2.Place the data in a packet. 3.Tunnel the data to the specified location. 4.Upon receiving the data, open the packet and decrypt if need be.

Determining VPN Type ike-scan o Scanning, fingerprinting and testing tool. o Constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

Obtaining Valid Username Based on information you discovered about the vendor of the VPN solution, you can begin attacking the way it handles user authentication. Techniques for determining if a username is valid: o VPN server only responds to valid username. o VPN server responds with a distinct message known to be caused by an invalid username. o VPN server returns hash using a null password for invalid user. Thus, you can determine if a user is invalid based on multiple wrong users returning the same hash.

IKE Phase-1 Modes Main Mode o Must be supported by IPsec as defined by the RFC. o Provides identity protection by not passing the identities until the channel is encrypted Aggressive Mode o Optionally supported. o Exposes identities of the peers to eavesdropping, making it less secure than main mode.

Data Obtained from Aggresive Mode If a valid username is found, the VPN server will respond with a packet containing a hash payload. HASH_R = prf(skeyid,gx^r | gx^I | cky_r | cky_i | SAi_b | IDir_b) o skeyid = prf(psk, Ni_b | Nr_b) o prf = pseudo-random HMAC (SHA-1, MD5) function o gx_r = the responder (VPN Server) public Diffie-Hellman value (in the key exchange payload) o gx_i = the initiator (VPN client) public Diffie-Hellman value (in the key exchange payload) o cky_r = the responder (VPN Server) ISAKMP cookie (in the ISAKMP header) o cky_i = the initiator (VPN client) ISAKMP cookie (in the ISAKMP header) o SAi_b = the body of the initiator (VPN client) SA payload o IDir_b = the body of the responder (VPN Server) ID payload o Ni_b = the body of the initiator (VPN client) nonce payload o Nr_b = the body of the responder (VPN Server) nonce payload o psk The Pre-Shared Key (password) Since aggressive mode passes this information in plaintext, it is possible to reconstruct the hash and tests passwords with it to see if we get the hash the server responded with. (Offline Dictionary Attack). This is automated with IKE Crack.

Why Even Use Aggressive Mode? Required for any remote access VPN using a Pre-shared Key. (Needed for how keying material is generated) Most VPNs offer a username/password with the alternative being a certificate authentication which is more difficult to setup.

Conclusion Very rarely is the security of an crypto-system dependant on the algorithms used to encrypt data. So much focus is placed on the security of these algorithms that other well defined security practices are often overlooked. Try to avoid using Pre-shared keys and always rely on the more secure certificates for authentication. IPsec VPN is a complex system that requires a good understanding to achieve security in all areas. Poor user configurations and default passwords are often the culprit of a successful attack.

Questions References htm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.