IPsec Problems and Solutions This presentation is about the problems and their solutions related to IPsec protocol Yasir Jan Future Internet 29th May, 2008

Contents Definition Architecture Types Modes of Operation Key Exchange Multiple Options IPsec problems and solutions Summary References These are the contents of the presentation

IPsec Definition IP security refers to security mechanisms implemented at the IP (Internet Protocol) Layer to ensure integrity, authentication and confidentiality of data during transmission in the open Internet environment. IP security is basically a secure method of transmission through internet Fig: Security

IPsec Architecture Types Authentication Header Integrity + Authentication Encapsulating Security Payload Integrity + Authentication + Confidentiality The are two types of architectures related to IPsec. One is Authentication header and other is Encapsulating security payload. AH provides us the functionality of Integrity and authentication of data. While ESP provides us Confidentiality of the data along with Integrity and Authentication. Authentication Header Encapsulating Security Payload Integrity Authentication Integrity Authentication Confidentiality Fig: AH and ESP comparison

IPsec Modes of Operation Transport Mode Only payload of the IP packet is encrypted and/or authenticated. Tunnel Mode Entire IP packet (data plus the message headers) is encrypted and/or authenticated There are two modes of operation in IPsec. One is Transport mode, and other is Tunnel mode. Transport mode does not include the header, while tunnel mode covers the header part as well for authentication and encryption. AH Transport mode IP Header AH Header Upper Protocol Headers and Packet Data AH Tunnel mode New IP Header Old IP AH Upper Protocol Headers and Packet Data ESP Transport mode IP Header ESP Header Upper Protocol Headers and Packet Data ESP Tunnel mode New IP Header ESP Header Old IP Header Upper Protocol Headers and Packet Data Fig: Modes of operation

IPsec Key Exchange IPsec Key Exchange Protocol is a combination of many protocols ISAKMP is a generic protocol OAKLEY is a specific mechanism using various modes. Most of IKE is done using OAKLEY SKEME provides features of public key encryption and fast re-keying feature IKEv2 also concerns protection against denial-of-service attacks using spoofed packets The devices are able to use facilities of IPsecurity, because of their shared keys. The key exchange protocol is a combination of many protocols, which include ISAKMP, OAKLEY and SKEME. The new version IKEv2 provides extra protection. Fig: Key exchange

IPsec Multiple options Use any Authentication method Cryptographic hash algorithms such as MD5 or SHA-1, or Hashed Message Authentication Code (HMAC) Use any Encryption Schemes Data Encryption Standard (DES), triple-DES, Advanced Encryption Standard (AES), and Blowfish in common use Use any protocols in IKE IPsec provides too much flexibility related to selection of authentication methods and encryption schemes. Different levels of authentication may be used for different types of networks. Fig: Many options

IPsec problems and solutions 1) Key Management in Large Networks When IPsec is largely developed, key management becomes very difficult 2) Difficult Traffic analysis Cannot check and process flags at intermediate devices because of encryptions IP security becomes a big problem when networks become big. The key management becomes difficult as well as setting the policies is also difficult. Traffic analysis becomes difficult, because cannot check and process flags during the transmission. The packets are encrypted and secured. Fig: Big Networks

IPsec problems and solutions 3) Resource Consumption Encryption decryption processes are computational intensive Cisco designed VPN accelerator card to handle computation separately 4) Too much flexibility Unnecessary multiple options available for choosing algorithms and modes Solution: Reduced flexibility is sometimes better (Remove AH) 3) IPsec is computational intensive and so consume the processing resources a lot. Cisco has designed a separate card to do the computation separately. 4) IPsec has too much options available. It should combine the activities of two or more modes into one single mode. Like Authentication is also provided by ESP, so AH should be removed completely. And so a common set of algorithms should be used. IT is also helpful for multiple vendors compativbility. Fig: Consume many resources

IPsec problems and solutions 5) Client software IPsec is not implemented in TCP/IP stack, needs a client installed Danger of installing malicious unreliable software by a user Solution: Install clients from reliable sources 6) Relayed ICMP messages ICMP inner data is revealed to attacker, so it can be intercepted Using ICMP header information IPsec packets could be redirected, in some cases, or error messages can be generated [1] Solution: Use ESP along with AH 5) Users may install malicious client software which may monitor all IP secured data. 6) An attacker can modify sections of the IPsec packet, causing either the clear text inner packet to be redirected or a network host to generate an error message We can also avoid it by removing the error reporting by restricting the generation of ICMP messages or by filtering these messages at a firewall or security gateway Also a combination of both AH and ESP should be used. Fig: Malicious Software

IPsec problems and solutions 7) Scrambled Group passwords recovery IPsec passwords were first sniffed from memories, when used, so Cisco VPN clients were designed to scramble the passwords in memory, but they were hacked again Once getting group password, an attacker can hijack a connection from a user and get other usernames and passwords 8) No End-End Protection Applications use their own SSL or other techniques IETF working on API integrated with IPsec to achieve maximum use 7) IPsec passwords when used for decryption purposes was present in memory, from where an attacker could read it. So design was changed to scramble the password in the memory, while keeping the original in hard drive. But now the scrambled passwords have also become vulnerable, and are descrambled. 8) Application layer securities are useful in some cases, when end to end security is required. IPsec does not provide security at all levels. A combination of both SSL and IPsec should be used for more better performance Fig: Scrambled passwords

IPsec problems and solutions 9) Firewalls firewalls monitor the ports and protocols that the traffic originates from and is designated for, to determine the traffic’s “acceptability” before allowing the traffic through Firewall is easy to setup with the standard exceptions and any customizations you need With IPsec you have to create rules with filter lists and actions and then add these to a policy, and then distribute them and …. But IPsec has many good things as compared to firewalls like encryption, no bottle necks etc 9) Firewalls also provide certain level of security which IPsec doesn’t do. Both should be used in parallel for better performance. Fig: IPsec vs firewalls

IPsec problems and solutions 10) VoIP Quality loss Scheduling causes packet loss in real time applications Latency in VoIPs 11) Denial of Service Send too many acknowledge messages to the victim during wait period of TCP connection timeout Solution: IKEv2 has the solution 10) Scheduling causes delay in performance. IPsec pockets are numbered and scheduled at the receiver end, which may cause latency, so sometimes the packets are dropped to achieve real time application quality. 11) Attacker may send too many messages to a victim causing its buffer to overflow and hence making it to deny all further activities. IKEv2 provides the facility of preventing denial of service. Fig: Voice quality and Denial of service

IPsec problems and solutions 12) Multicast Traffic Packets have single destination addresses, so difficult to mange SPI Some applications using streaming multimedia assign port numbers dynamically, so IPsec policy becomes difficult to assign IPsec has multicast option but is not enough for all occasions 13) Security within algorithms IPsec works with other protocols for security. They should be secure enough to stop attacker otherwise only secure IPsec is useless 12) It is difficult to assign multicast addresses. We can do group assignments, i.e. message from certain sender is send to a group of receivers. So a group policy is assigned to specific sender address. Also a specific destination address may be assigned to multiple receivers. But in both cases the manual grouping is difficult. 13) The encryption and authentication algorithms should have enough security otherwise IPsec becomes useless Fig: Multicast traffic

IPsec problems and solutions 14) Brute Force Attack ESP initiation scheme is fixed 3 steps of Aggressive mode, so intruder may try to delay the initiation during which it will find the key by brute force attack Crack Tool was used with Pre-Shared-Key IKE authentication [2] for guessing with brute force 14) A brute force attack will try to delay the devices temporarily and make a brute force attack to know the password. There are Crack tools available which can do so. Fig: Trying out ALL options by brute force

IPsec problems and solutions 15) Incompatibility with NAT (RFC 3715) Network Address Translation (NAT) was developed to answer the impending problems of the limit of IPv4 addresses When NAT changes the IP addresses or ports in the IP header, IPSec cannot re-calculate the hash because it is not knowledgeable about the key and so IPsec drops the packets. In ESP the NAT device cannot access and change the port information inside the encrypted TCP headers of the packets Solution: NAT-T (encapsulation of the IPsec part of the IP packet in yet another UDP header between the ESP portion of the packet and the original IP header. ) 15) NAT and IPsec cannot go together because Nat tries to modify the address while IP tries to secure the address. NAT-T is used which can provide compatibility by putting extra UDP header between ESP portion and original IP header Fig: IPsec and NAT are incompatible

Summary IPsec has multiple components Security and authentication is provided by additional components so they should be also secure IPsec have some incompatibility issues IPsec is overall complex, needs simplification This slide shows the summary of whole presentation Fig: Summary

References http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1086803,00.html http://ikecrack.sourceforge.net/ http://www.securitydocs.com/pdf/2926.PDF http://www.cisco.com http://www.springerlink.com/content/t84w482122jt81x3/fulltext.pdf http://blogs.msdn.com/james_morey/default.aspx Images taken from various sources on internet These are the references Fig: References

Thankyou Thankyou for listening Any questions, do ask. Fig: Questions