Privacy Issues in Virtual Private Networks Tim Strayer BBN Technologies

2 What is a VPN? Private network running over shared network infrastructure (Internet) Allows interconnection of different corporate network sites Allows remote users to access the corporate network Allows controlled access between different corporate networks

3 Private Intranet Network Headquarters Why VPNs? Public Internet Intranet Headquarters Intranet Remote Site Intranet Remote Site Frame Relay Or ATM Or Dial-Up Service

4 VPN Rationale Private Networks Costly Inflexible Multiple Infrastructures Virtual Private Networks Inexpensive Configurable Single Infrastructure

5 The First VPN 1975, BBN delivered the first Private Line Interface (PLI) to the Navy Created secure network communication over the ARPANET Used a proprietary encryption and manual keying system

6 VPN Technologies Tunneling Overlay facilitates sharing common infrastructure IPsec, PPTP, L2TP, MPLS Security Authentication: PKI, RADIUS, Smartcard Access Control: Directory Servers, ACLs Data Security: Confidentiality, Integrity Provisioning QoS Traffic Engineering

7 Island Metaphor Hello! ??? Oh! Hi! Hello! SS Encapsulator Hello! SS Encapsulator Tunnel

8 Tunneling Usually layers are inverted Inner PacketOuter HeaderTrailer For target network For transport network EthernetIP PPP 2323 EthernetFTPIPTCP 2743

9 Tunnels at Layer 2 Point-to-Point Tunneling Protocol (PPTP) Integrated into Microsoft DUN and RAS Authentication/encryption provided by PPP Layer 2 Tunneling Protocol (L2TP) Combines PPTP with Cisco L2F Layer 2 tunneling, UDP encapsulation IPIP/IPXGREv2PPP IP IP/IPX/IPsecUDPPPP

10 IPsec Protocol Suite Data encryption and authentication Two protocols Encapsulating Security Payload (ESP) assures data privacy and party authentication Authentication Header (AH) assures only party authentication Cryptographic key management Works well with Public Key Infrastructure and X.509 Certificates Transport and tunnel modes of operation IPsec VPNs use tunnel mode and ESP

11 IPsec Tunneling Original IP Header Original IP Payload New IP Header Security Parameter Index Sequence Number ESP Trailer ESP Authentication Encrypted Authenticated Original IP Packet

12 MPLS Tunneling Multi-Protocol Label Switching High speed switching technology Tunnel any layer Built into edge/core routers and switches No authentication/encryption LabelIP PayloadIP Header Original Packet

13 IPsec vs. MPLS Two dominant VPN technologies Lets compare them viz. their approaches to privacy

14 What is meant by Private? No one can see your stuff Emphasis is on security Confidentiality, integrity, authentication, authorization, access control Carve out a piece of a shared network for your own use Emphasis is on availability Traffic engineering

15 Evolution of IPsec First defined as a security mode for IPv6 Ported to IPv4 Combines tunneling with security Orthogonal services Complex key management

16 Evolution of MPLS ATMs VCI/VPI used for cut-through switching Separates routing from forwarding Supports resource allocation MPLS IP cut-through switching using label Routers switch on preestablished label Routers dont care whats behind the label Originally proposed to accelerate routing

17 A Protocol Looking for a Use Fast routing argument lost with new routing technology Switching technology applied to IP header MPLS for traffic engineering Connection oriented Stateful – keeps tracks resource allocation and usage RSVP adapted for signaling Hot router selling feature

18 MPLS-VPN Security Label Switch Routers will drop packets that do not belong to the VPN based on label BGP guards against injected routes using MD-5 authentication Note: No data confidentiality Weak authentication BGP is not sufficient to prevent fake routes

19 Why MPLS-VPN? Embed label switching in routers Sell more routers Replace Frame Relay and ATM with something that looks like these services No profit in Frame Relay or ATM anymore Control provisioning at the edge of ISP Sell value added service ISP dependent Keeps customers within providers network

20 Why IPsec-VPN? No changes to core routers Security gateway/tunnel endpoint placed anywhere that is appropriate Separation through obfuscation Real data confidentiality Real authentication Routing protocol agnostic No (more than current) reliance on well-behaved protocols ISP agnostic

21 Guarding Privates What separates a VPNs traffic from all other traffic? IPsec: data encryption MPLS: different labels, forwarding tables Who is responsible for separation? IPsec: ISPs, but not necessarily Corporate IT group and even individuals MPLS: ISPs

22 Dichotomy of Assumptions IPsec assumes goal is: IP delivery No trust of intermediate systems MPLS assumes goal is: Engineered delivery Trust entities in the middle Begged question: Is leaving security to someone else a good thing?

23 Which is the Right Way? Depends on what control you are willing to cede to service providers What SLAs you demand What you want to black box Depends on what you mean by private No one is supposed to use your resources No one is able to see your stuff

24 Trends in VPNs IPsec is being built into routers, gateways, and firewalls, and can run at very high speeds Layer 2 tunneled through MPLS Martini Draft Combining MPLS and IPsec IP tunneled through IPsec tunneled through MPLS Best of both worlds

25 Theres more to it Establishing a VPN is much more than just building a set of tunnels between sites Authentication Access Control Data Confidentiality Data Integrity Remote Access

26 Where does Private go? Virtual Private Network Makes sense What the designers had in mind Virtual Private Network What happens if youre not careful

27 More about me This talk and other information at