Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

Published byWilliam Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets."— Presentation transcript:

1 Attacking IPsec VPNs Charles D George Jr

2 Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets transferred using Internet Protocol (IP). Operates between hosts, gateways, or between a host and a gateway. Designed and implemented at the Internet layer. Applications written above this layer are unaffected by the implementation. This is unlike Transport Layer Security (TLS)/Secure Socks Layer (SSL) which operates on the same level as the application. Officially specified by the Internet Engineering Task Force (IETF). Mandatory in IPv6, however extended to work with IPv4.

3 Security Architecture Essentially two main members of IPSec. o Authentication Header (AH) o Encapsulating Security Payload (ESP) Internet Key Exchange (IKE) o Handles negotiating protocols and generating encryption and authentication keys.

4 AH/ESP Authentication Header o Connectionless Integrity. o Data origin authenticity. o Protection from replay attacks. Encapsulating Security Payload o Data origin authenticity. o Integrity. o Confidentiality (protection of packets) o Supports encryption only and authentication only.

5 Security Association Basis for building security into IP. Bundle of algorithms and parameters used to encrypt and authenticate data traveling in one direction. Therefore two in a bi-directional connection. Choice of algorithms and authentication techniques is left to IPSec administrator when defining valid techniques in the security association.

6 Modes of Operation Transport o Only the payload of the packet is encrypted. o Routing is still in tact. o Cannot be used with NAT when using the Authentication Header because the packet is hashed and the translation of the network address will cause this hash to change. o Used for host-to-host communication. Tunnel o Entire packet is encrypted including the header. o Used for network-to-network, network-to-host, or host-to- host communication. o Often used to create Virtual Private Networks.

7 Implementation Cryptographic Algorithms: o Integrity  HMAC-SHA1(MD5) o Confidentiality  TripleDES-CBC  AES-CBC CBC is cipher block chaining. Essentially this is the XOR'ing of the previous cipher text with the previous. This initially depends on the plain text and adds another level of obscurity when performing cryptanalysis. IPSec is generally implemented in the kernel with the key exchange protocols working in userspace.

8 Virtual Private Network A Virtual Private Network is a private network that uses a public network (usually the internet) to connect with remote sites or users together. VPN exhibits some of the attributes or characteristics of a real private network, but does not provide the accessibility or security of a real private network. o Virtual Private Networks are not really private, but rather "almost private". The distinguishing characteristic of VPNs are not security or performance, but that they overlay other network(s) to provide a certain functionality that is meaningful to a user community.

9 How It Works VPNs rely on tunneling to create a private network within the Internet infrastructure. The Basic Steps: 1.Grab the data that the user wants to send and encrypt it if needed. 2.Place the data in a packet. 3.Tunnel the data to the specified location. 4.Upon receiving the data, open the packet and decrypt if need be.

10 Determining VPN Type ike-scan o Scanning, fingerprinting and testing tool. o Constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

11 Obtaining Valid Username Based on information you discovered about the vendor of the VPN solution, you can begin attacking the way it handles user authentication. Techniques for determining if a username is valid: o VPN server only responds to valid username. o VPN server responds with a distinct message known to be caused by an invalid username. o VPN server returns hash using a null password for invalid user. Thus, you can determine if a user is invalid based on multiple wrong users returning the same hash.

12 IKE Phase-1 Modes Main Mode o Must be supported by IPsec as defined by the RFC. o Provides identity protection by not passing the identities until the channel is encrypted Aggressive Mode o Optionally supported. o Exposes identities of the peers to eavesdropping, making it less secure than main mode.

13 Data Obtained from Aggresive Mode If a valid username is found, the VPN server will respond with a packet containing a hash payload. HASH_R = prf(skeyid,gx^r | gx^I | cky_r | cky_i | SAi_b | IDir_b) o skeyid = prf(psk, Ni_b | Nr_b) o prf = pseudo-random HMAC (SHA-1, MD5) function o gx_r = the responder (VPN Server) public Diffie-Hellman value (in the key exchange payload) o gx_i = the initiator (VPN client) public Diffie-Hellman value (in the key exchange payload) o cky_r = the responder (VPN Server) ISAKMP cookie (in the ISAKMP header) o cky_i = the initiator (VPN client) ISAKMP cookie (in the ISAKMP header) o SAi_b = the body of the initiator (VPN client) SA payload o IDir_b = the body of the responder (VPN Server) ID payload o Ni_b = the body of the initiator (VPN client) nonce payload o Nr_b = the body of the responder (VPN Server) nonce payload o psk The Pre-Shared Key (password) Since aggressive mode passes this information in plaintext, it is possible to reconstruct the hash and tests passwords with it to see if we get the hash the server responded with. (Offline Dictionary Attack). This is automated with IKE Crack.

14 Why Even Use Aggressive Mode? Required for any remote access VPN using a Pre-shared Key. (Needed for how keying material is generated) Most VPNs offer a username/password with the alternative being a certificate authentication which is more difficult to setup.

15 Conclusion Very rarely is the security of an crypto-system dependant on the algorithms used to encrypt data. So much focus is placed on the security of these algorithms that other well defined security practices are often overlooked. Try to avoid using Pre-shared keys and always rely on the more secure certificates for authentication. IPsec VPN is a complex system that requires a good understanding to achieve security in all areas. Poor user configurations and default passwords are often the culprit of a successful attack.

16 Questions References http://www.cpni.gov.uk/docs/re-20070104-00008.pdf http://en.wikipedia.org/wiki/IPsec http://www.securityfocus.com/infocus/1821 http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols. htm

Download ppt "Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
1 IPsec Youngjip Kim 2004. 05. 24. 2 Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.

Similar presentations

Ads by Google