Documente Academic
Documente Profesional
Documente Cultură
Twan
talitwan@os3.nl
Jonel
jspellen@os3.nl
Fangbin,
fliu@os3.nl
2005-12-13
Abstract
IPsec VPN supplies a secure transport medium for the private net-
work in a public environment. In this case research, different aspects
of IPsec VPN has been investigated, such as the implementation of
IPsec VPN, scalability and security. Although, IPsec supplies a secure
transfer method over the internet, it is still vulnerable for some certain
sort of attack such as sniffing and so forth. Also, the scalability of
IPsec VPN is a big problem for its success, although it achieves a low
cost through applying the pubic network medium.
1
Contents
1 Introduction 3
1.1 What is VPN ? . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 What is IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Why IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
6 Conclusion 13
2
1 Introduction
1.1 What is VPN ?
VPN is an abbreviation for Virtual Private Network. VPN is built up on
the basis of the existing network. Through transferring the private data
over public domain, the cost for it is reduced significantly. Since data is
transferred over a public medium, the confidentiality must be protected.
Various kinds of encryption can be used by VPN. There are two main
ways of encryptions, Symmetric Cryptography and Asymmetric Cryptogra-
phy . With symmetric cryptography, the same key is used for both of en-
crypting and decrypting the messages. On the other hand, with asymmetric
cryptography, two keys are used for encryption and decryption. In most of
cases, the asymmetric encryption is used to authenticating each other, while
the symmetric encryption is applied to supply the confidentiality of the data.
Some popular symmetric encryption algorithms include DES, AES, 3DES
and so forth. Some famous asymmetric algorithm consists of such as RSA,
DSA, and so forth.
3
advantages supplied by it.
Firstly, many VPN product vendors support these protocol, since these
protocol is compatible with many other protocols. In this way, the vendor’s
products will be quite compatible with other vendor’s product.
4
For the authentication, a key exchange algorithm must be implemented
so that the confidentiality and integrity can be kept. The method for key
exchange will be discussed in the coming chapters.
The key exchange in the first, main phase can be done in main-mode
or aggressive-mode. The aggressive-mode skips the encryption mechanism
negotiation, thus it is recommended to use main-mode. Main-mode also
makes eaves-dropping more difficult (see chapter 5.1.1). This alone makes
its use preferred.
5
There are several ways to define keys. Keys can be pre-shared and used
as a shared secret or another way is the use of the public/private key mech-
anism. The last mechanism is also known as certificates and is the most
recommended method while it reveals the least about the cipher. That way
it’s more difficult to crack the connection.
6
that people circumvented this problem instead of moving to IPv6.
To solve issues with NAT routers, ESP has to travel through like other
TCP or UDP packets. So instead of being used as a protocol equally like IP,
ESP is encapsulated in an UDP packet. This way it is possible to connect
VPN’s over a NAT setup.
7
can come in handy when creating certificates (discussed later).
8
IPsec tunnel, it is not recommended. Instead, CHAP or MS-CHAP is the
preferred standard. Microsoft tends to use own products or standards and
therefor MS-CHAP has somewhat better support.[16]
The IPsec tunnel across Internet must be setup with routable Internet
addresses, but the PPTP or L2TP tunnel can be established with private
or non-routable addresses. When the latter is the case, it has the advantage
that the connection is assured. It’s certain that the non-routable traffic will
not get to the other side without the L2TP tunnel. When routable addresses
are used, traffic can still reach another host without the use of the tunnel.
So it is recommended that PPTP or L2TP tunnels are made with private,
non-routable Internet addresses.
Another drawback is that IPsec VPN does not support broadcast. IPsec
VPN is designated for the point-to-point communication which is secured
with tunnel mode. With this mode, the message sent over the internet are
all the unicast. This characteristic also make the relay operation for the
message impossible since the whole body of the original data is encrypted
and packaged with the IPsec package as explained in the section 3.1. Also
the bandwidth will be affected by the multiple unicast package.
9
5 Security of IPsec VPN
5.1 ISAKMP Vulnerability Id:20051114-01013
A group at the University of Oulu (Finland)[7] developed a test suite called
“OUSPG PROTOS ISAKMP” to generate abnormal ISAKMP traffic. As
they used this test suite against various IPSEC implementations, they found
them to be vulnerable[8].
The OUSPG PROTOS ISAKMP Test Suite does not test Internet Key
Exchange version 2 (IKEv2), it is based on IKEv1. ISAKMP consists of
two phases. In phase 1, the two parties negotiate a SA to agree on how to
protect the traffic in the next phase. In phase 2 keying material is derived
and the policy to share it is negotiated. In this way, security associations
for other security protocols are established.
5.1.1 Recommendations
These are the suggestions recommended by the NISCC[9] when mitigate to
IPSec against the issues discussed in this advisory:
10
• Avoid using “aggressive mode*” in phase 1
[*In “aggressive mode”, fewer exchanges are made and with fewer pack-
ets during the negotiation stage. The weakness of using this mode is that
both sides have exchanged information before there is a secure channel.]
5.2.1 Solution
Any of the following methods[11] can be used to rectify this issue:
11
5.3 Weak Encryption
In some cases an IPSec connection is made with the use of client software.
The user and group password are mostly store in the local user profile file.
If a weak encryption is used it can be revealed with the knowledge of a good
cryptographer. In this article some describe that he has found a way how
to reveal the password of a Cisco VPN Client. He describes[12]:
The main problem of the method used to encrypt the passwords is, that the
whole procedure is deterministically and no user input is used. This effec-
tively means that the encryption keys the Cisco Client calculates can also
be calculated by any other program whensoever this program knows the algo-
rithm. This algorithm was now reversed.
• The key “enc UserPassword” in our profile file now looks like this:
h1|h4|encrypted password
12
5.4.1 How IKECrack works
IKE Aggressive Mode BruteForce Summary Aggressive Mode IKE authen-
tication is composed of the following steps[13]:
1. Initiating client sends encryption options proposal, DH public key,
random number [nonce i], and an ID in an un-encrypted packet to the
gateway/responder.
2. Responder creates a DH public value, another random number [nonce r],
and calculates a HASH that is sent back to the initiator in an un-
encrypted packet. This hash is used to authenticate the parties to
each other, and is based on the exchange nonces, DH public values,
the initiator ID, other values from the initiator packet, and the Pre-
Shared-Key [PSK].
3. The Initiating client sends a reply packet also containing a HASH, but
this response is normally sent in an encrypted packet.
6 Conclusion
IPsec is very useful, if used the right way. Use main-mode, not aggressive-
mode. When connecting Windows to Windows or Windows to Linux, use
13
L2TP instead of PPTP. Last but not least, use CHAP or MS-CHAP instead
of PAP.
IPsec provide a nice way to secure the data when it is transferred through
the public network through building up a secure link between sender and
receiver. But, on the other hand, it is still possible to be attacked by some
kind of sniffing attack, or man-in-the-middle attack for example on the local
network of the each end point before data is sent by the gateway over the
network.
Using the well known encryption algorithms is better than making your
own encryption algorithm. Because those well known algorithms have been
and are tried to be cracked by thousand of people everyday. This is why
it’s better using known encryption algorithms. Second in many cases peo-
ple make mistakes in the implementation of those encryptions algorithms in
their product.
Now a day MD5 hash algorithm is considered cracked. For the imple-
mentation for IPSec (HMAC) it would be better to use SHA-1 or other
strong hash algorithms. The same for DES encryption, it is also consider
cracked. AES and RSA are stronger encryption.
Despite of the complexity, IPsec has been able to work together with
many other services supplied by multiple network infrastructures, such as.
Therefore, IPsec has became almost a standard secure communication ser-
vices.
14
References
[1] Wipul Jayawickrama: Demystifying IPSec, Information Security Man-
agement System, 2003
[3] The Illusion of Security: Using IPsec VPNs to Secure the Air, Trapeze
Networks,
[14] George Ou: PPTP VPN authentication protocol proven very susceptible
to attack, ZDnet.com, December 2004
15
[15] Joshua Wright: Asleap behind the wheel, http://asleap.sourceforge.net/,
sourceforge.net, 2004,
16