Use of Cryptosystems and Authentication in a VPN

32 the MAC code she locally created to the one sent in transit. If they differ, tampering has occurred. Suns SKIP protocol is a fairly popular implementation of encryption and authentication, comparable to the IPSec standard discussed later in this chapter. SKIP is available from various vendors on a number of Unix operating systems as well as Windows. Each host using SKIP maintains an access control list specifying which hosts its willing to receive traffic from and what type of encryption to use for each one. When an IP packet is sent from one SKIP host to another, the sender encrypts the packet with the SKIP protocol and then wraps another IP packet around it so it can go over the general Internet. The keys to erecting a private data exchange or a secured data store rely on being able to fence out unwanted people and place locking boxes around what you wish to protect. Without firewalls, a VPN could exist, albeit without the same security philosophy. But, without encryption, a VPN most certainly could not exist. Cipher routines solve the fundamental problem of secure communication over an insecure channel in a hostile environment. Using the components of encryption, authentication, and integrity, we will next explore the different protocols that are used to build VPNs. After that, we will briefly delve into the different compromise methodologies that can be leveled against these security schemes.

2.3 VPN Protocols

Coming from different directions and supporting different products and services, several security protocols have been in development over the last few years. We will start with one that has firmed up only recently, but will probably become nearly universal—the IPSec standard.

2.3.1 IPSec

Over the years as vendor after vendor labored over reinventing wheels, trying to hide IP packets in a secure protocol, people began to wonder why the TCPIP protocol itself wasnt updated to support authentication and encryption. That way, the network itself is secure and everything built upon it must also be secure. IPSec is the answer to this question. The Internet Security Protocol IPSec is a generic structure initiated and maintained by a working group of the Internet Engineering Task Force IETF to provide various security services for the Internet Protocol IP, for both IPv4 the current standard and IPv6 the upcoming one. IPSec presents design goals for a top-level component-oriented structure, rather than detailing specific encryption algorithms or key-exchange methodologies. Conceptually, IPSec was created to secure the network itself, presenting no real changes to the applications that run above it. Since the TCPIP protocol is so ubiquitous, it is a natural evolution to produce a secure network system developed almost in parallel to the existing system. Upgrading to IPSec products and services will only enhance security, as current network-oriented applications can still be used to transport data. The IPSec documents produced by the IETF are predominantly concerned with three basic areas of securing the IP protocol: encryption algorithms, authentication algorithms, and key management. These components help define the entire architecture of a security scheme, 33 generically making the IPSec structure insensitive to the fast-paced, changing world of authentication and encryption algorithms. It is expected that new algorithms will be presented for use as times change and computing services emerge. IPSec is designed so that new methods can be added to the suite with very little work and little effect upon previous implementations. The two key benefits derived from IPSec compliance are that products or services sporting IPSec gain additional security features as well as interoperability with other IPSec products. Enhanced security means that only the most comprehensive and most robust authentication, key-exchange, and encryption algorithms, hardened for use in the real world, will be used. Interoperability is also a must in todays world, where many different products will be expected to communicate securely with one another. Although IPSec is still undergoing change, much of the basic framework has been frozen enough for vendors to finalize, test, and distribute their VPN products. It is a common consensus that the finalized IPSec standard wont be solidified until the end of 1998 or the beginning of 1999. IPSec was designed to support two encryption modes. The transport mode protects only the payload portion of each packet, while the tunnel mode encrypts both the header and the payload. Logically enough, the tunnel mode is more secure, as it protects the identity of the sender and receiver, along with hiding certain other IP fields that may give a middleman useful information. For IPSec to work as expected, all devices must share a common key. Even though the protocols used to cipher the data are very important to the overall success of the system, a great deal of work has gone into the authentication and exchange of keys by the sender and the receiver. Of course, this effort wasnt done in a vacuum, as it builds upon the body of work done to create and swap keys using public digital certificates. This is largely accomplished through the ISAKMPOakley protocol now updated to the IKE protocol and the X.509 digital certificate system.

2.3.1.1 IPSec security issues

In order to erect a tunnel between two networks using IPSec or any protocol, for that matter, each having a firewall on the Internet, you have to make sure both gateways have similar security policies. Different architectures could lead to one network being less secure than the other, and would draw attention to compromising the system there. Such a fault could lead to an attacker having access to the more secure network by sophisticated masquerading. IPSec, if used with a bastion host, could also adversely affect the performance of the network. Bastion hosts have long been considered a substandard method for securing a network, as they restrict the traffic to a few points of failure. When you add the computationally expensive process of random number generation, key exchange, and strong payload encryption, a bastion host is burdened to the edge of its feasible limits. Further, it is likely that bastion hosts will handle these algorithms in software using a general-purpose microprocessor, whereas dedicated solutions positioned at an organizations gateway would use specialized hardware to accomplish the same task.