Potential vulnerabilities of IPsec-based VPN GDF In my short presentation I would like to discuss some protocols and algorithms as fundamentals of the Virtual Private Networks Pamuláné Dr. Borbély Éva
What is a VPN? VPN = Virtual Private Network Virtual =refers to a logical connection between two devices Private = confidentiality provided by the encryption Network = basic connectivity between two devices Virtual refers to a logical connection between two devices. By Private we mean the confidentiality provided by the encryption, and the network is the basic connection between two devices, actually the Internet. And a practical question: why we would ever want to use a VPN between two endpoints, or sites? We do have other options for connectivity. We could use instead of VPN dedicated WAN connections, but one of the obvious problems whit this is cost, and the another is the scalability. So nowadays instead of dedicated lines there are using VPN connections. BUT VPN’s are as secure as dedicated lines? We would see that it depends on applied technologies and protocols. https://technet.microsoft.com
Types of VPN IPsec: SSL (Secure Sockets Layer): Can be used for site-to-site VPNs and remote-access VPNs Implements security of IP packets at L3 of the OSI model SSL (Secure Sockets Layer): Implements security of TCP sessions over encrypted SSL tunnels MPLS (Multiprotocol Label Switching) Layer 3 VPNs are provided by Internet service providers There is no encryption by default We can mention here three different tipes of VPNs.
Two Main Types of VPNs Remote-access VPNs: Site-to-Site VPNs: can use IPsec or Secure Shell (SSL) technologies Site-to-Site VPNs: are based on a collection of VPN technologies called IPsec A remote-access VPN allows individual users to establish secure connections with a remote computer network. A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.
IPsec A collection of protocols and algorithms used for protect IP packets It is used for both remote- access VPN and site-to-site VPN For an IPsec VPN tunnel first of all we need to choose an IPsec protocol: AH or ESP. If we are familiar with mentioned protocols we must to avoid AH. For sensitive data the ESP protocol is acceptable because the data encryption is not involved in AH protocol.
IPsec Goals and the Methods METHODES Confidentiality Encryption Data integrity Hashing Peer authentication Pre-shared keys, RSA digital signatures Antireplay Applying serial numbers to packets Confidentiality means that only the intended parties can understand the data that is sent. Any party that eavesdrops may see the packets, but the contents of the packet are scrambled and meaningless to anyone who cannot unlock or decrypt the data. The major goal of a VPN is confidentiality, and it is accomplished by the sender encrypting the data. Data integrity: it means that the data that is being sent over VPN is accurate from and to and. A hash function is any function that can be used to map data of arbitrary size to data of fixed size. Hash functions are also called one-way functions because it is easy to determine the hash from the message but mathematically infeasible to determine the message from the hash. When a single bit is changed the hash sum becomes completely different. Authentication is important, because we don’t want to establish a VPN connection directly to the attacker’s computer. We can accomplish this by using pre-shared keys or RSA digital signatures. Antireplay protection means that once a VPN packet has been sent, that exact same VPN packet is not valid the second time in the VPN session.
Confidentiality Alternatives: Symmetrical algorithms: fast and low CPU cost AVOID DES Acceptable: AES- 256 Alternatives: RSA - asymmetric algorithm moore secure, but there is a very high CPU cost when using key pairs to lock and unlock data We can us symmetric and asymmetric encryption algorithms. In practice configuring a VPN capable device we can choose from the encryption algorithms mentioned here: DES, 3DES and AES. From security perspectives the only acceptable algorithm is AES with a key-length of two hundred fifty-six bits. There are more secure alternatives, like RSA asymmetric algorithm but it requires a very high CPU cost to encrypt and decrypt data using key pairs.
Integrity Alternatives: Acceptable: SHA-256 Wild-spread algorithms: MD5, SHA AVOID MD5 Alternatives: HMAC: Hashed Message Authentication Code: hash function + secret key HMAC-SHA-256 For integrity we can use different hashing algorithms MD5 or SHA with different key lenghts.
PSK = a password! Out of data! Not Secure! Authentication Pre-Shared Key RSA signatures RSA PSK PSK = a password! Out of data! Not Secure! RSA algorithms for encryption and digital signatures are efficient at higher security levels with a 3072- bit modulus Smaller RSA key sizes, such as 768 or 1024, should be avoided! RSA signature are secure with a key length of three thousands and seventy-two bit modulus.
Deffie – Hellman algorithm allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.(ex.: AES) DH exchange is asymmetrical, but the resulting keys are symmetrical Acceptable key size: 2048, 3072 If we are using the same key for encryption and decryption as well, a big question is how can we share our keys with partners securely? Actually we don’t share our secret keys over the Internet, we just share some segment of information some parts of the secret key. This picture is a simple scheme which allows us to understand this procedure. We have a common color end each parties chose a secret color and mix them. After that they will exchange their mixture. In the next step they mix again the received color with their secret one, and the result will be a common secret key.
Minimum Cryptography Recommendations Encryption AES-128-CBC mode Authentication RSA-3072, DSA-3072 Integrity SHA-256 Key exchange DH Group 15 (3072-bit) It is very good, that we have minimum cryptography recommendations, but who is going to pay the bill? In practice the small and medium sized companies have no enough computational capacity to ensure the recommended key lengths. Than what is the solution for the future?
One possible solution In practice RSA and DH are becoming less efficient every year. There are subexponential attacks that can be used against these algorithms. DH, DSA, and RSA can be used with a 3072-bit modulus to protect sensitive information. (High memory and CPU cost!) A newer alternative to public key cryptography is Elliptic Curve Cryptography (ECC), which operates on elliptic curves over finite fields. The main advantage of elliptic curves is their efficiency.
RSA vs ECC Comparison www.nsa.gov/business/programs/elliptic_curve.shtml.2009 We can see, that key lengths generally increase over time as the computation available to attackers continues to increase. For example if you use elliptic curves for the key management (i.e. the encryption/decryption session key) of an AES-256 session, then a 512-bit elliptic curve session key would be required. To achieve the same level of security with RSA encryption, 15,360 bit keys are required. This stark contrast between ECC and RSA indicates that ECC is the algorithm of the future.