Internet Security CSCE 813 Network Access Layer Security Protocols

CSCE Farkas2 Reading Frequently Asked Questions -- Microsoft's PPTP Implementation, faq.htmlhttp:// faq.html CISCO, How Virtual Private Networks Work, hnologies_tech_note09186a shtml hnologies_tech_note09186a shtml

CSCE Farkas3 TCP/IP Protocol Stack Application Layer Transport Layer Internetwork Layer Network Access Layer Each layer interacts with neighboring layers above and below Each layer can be defined independently Complexity of the networking is hidden from the application

Network Access Layer Roughly corresponds to OSI Physical and Data Link layers Least uniform of TCP/IP layers Services and functionalities to prepare data for he physical network – Interfacing with computer network adapter, coordinating data transmission, formatting data, checking for errors acknowledging receipts, etc. LAN technologies: ethernet and token ring Diverse, complex, invisible CSCE Farkas4

5 Security -- At What Level? Secure traffic at various levels in the network Where to implement security? -- Depends on the security requirements of the application and the user

CSCE Farkas6 Security at Network Access Layer Dedicated link between hosts/routers  hardware devices for encryption Advantages: – Speed Disadvantages: – Not scaleable – Works well only on dedicates links – Two hardware devices need to be physically connected

CSCE Farkas7 SILS 1980s: IEEE security for LAN and MAN Standard for Interoperable LAN/MAN Security (compatible with IEEE 802 and OSI specifications) Has not been commercially successful Recent work on secure dial-up connections using PPP

CSCE Farkas8 Virtual Private Network (VPN) Private network, constructed within the pubic Internet Goals: – Connect private networks, using public infrastructure – Simplify distributed network creation Requirements: – Security (confidentiality, authentication, integrity) – Quality of Service

Without VPN CSCE Farkas9 ClientMain office Internet PSTN/ISDN to set up PPP connection RAS Security?

CSCE Farkas10 With VPN ClientMain office Internet L2TP Tunnel PSTN LAC LNS

Virtual Private Network L2TP: combines Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP) Terms: – CHAP: Challenge Handshake Authentication protocol – L2TP Access Concentrator (LAC) – L2TP Network Server (LNS) – Virtual Private Dial Network (VPDN) CSCE Farkas11

CSCE Farkas12 Security Support Message confidentiality – Encryption supported by IPSec, PPTP/MPPE, or L2TP/IPSec protocols Message integrity – Integrity verification in IPSec, origin authentication Data origin authentication

Security Support Anti Replay Traffic flow Confidentiality – Data tunneling to hide traffic Non-repudiation AAA: Authentication, Authorization and accountability Key management CSCE Farkas13

CSCE Farkas14 Secure Dial-Up Connection Copyright: Oppliger, eSecurity

CSCE Farkas15 Network Services Tunneling and Encapsulation – Tunneling uses encapsulation where data transfer units of one protocol are enclosed inside a different kind of protocol – Advantage: Allows transmission of incompatible frames over existing network Allows cryptographic protection – Disadvantage: Need extra software to allow encapsulation  slower performance

CSCE Farkas16 L2TP - Terminology Remote system (dial-up client): computer system that is either the initiator or recipient of the a layer 2 tunnel L2TP Access Concentrator (LAC): node that acts as one side of the layer 2 tunnel an peer to the L2TP server L2TP Network server (LNS): node that acts as one side of the layer 2 tunnel an peer to the LAC

CSCE Farkas17 Tunneling Establishment Voluntary tunneling: – Tunnel is created by the client (user) – User sends packets encapsulated in the tunneling protocol (L2TP, PPTP) Compulsory tunneling: – Tunnel is created without any action from the client – Client sends PPP packets to LAC (e.g., ISP), which encapsulates them in the tunneling protocol (L2TP, PPTP) Level of protection of the packets differ!

CSCE Farkas18 Layer 2 Tunneling Protocol (L2TP) Goal: Tunnel PPP frames between remote system (LAC client) and LNS located at LAN. Encapsulate a given network layer protocol (e.g., IP, IPX) inside PPP to cryptographically protect the PPP frames (L2TP) and to encapsulate the data inside a tunneling protocol (e.g., IP) Most popular Applicable over the internet IPXPPP L2TP IP

CSCE Farkas19 L2TP Protocol Tunnel components – Control channel (reliable): control sessions and tunnel – Data channel (unreliable): created for each call Multiple tunnels may exist been LAC-LNS pair to support different QoS needs Control Session 1 (Call ID 1) Session 2 (Call ID 2) LACLNS Copyright: G. Chaffee, UCA/Berkley

CSCE Farkas20 L2TP Protocol Structure PPP Frames L2TP Data Messages L2TP Data channel (unreliable) L2TP Control channel (reliable) L2TP Contr. msgs Packet Transport (IP,UDP, ATM, etc.)

CSCE Farkas21 Control Messages Establishment, maintenance and clearing of tunnels and calls Utilize a reliable Control Channel within L2TP to guarantee delivery Control message types: – Control Connection Management – Call Management – Error Reporting – PPP Session Control

CSCE Farkas22 Data Messages Encapsulate PPP frames being carried over the tunnel Not retransmitted when packet loss occurs Sequence numbers (optional): – Optional data message sequencing – May be used to detect lost packets No fragmentation avoidance

CSCE Farkas23 Security Considerations Tunnel Endpoint Security Endpoints may optionally perform an authentication procedure of one another during tunnel establishment (CHAP) Reasonable protection against replay and snooping Designed to provide authentication for tunnel establishment only LAC and LNS MUST share a single secret key Each side uses this same secret when acting as authenticate as well as authenticator

CSCE Farkas24 Security Considerations Packet Level Security L2TP requires that the underlying transport make available encryption, integrity and authentication services for all L2TP traffic Secure transport operates on the entire L2TP packet and is functionally independent of PPP and the protocol being carried by PPP L2TP is only concerned with confidentiality, authenticity, and integrity of the L2TP packets between tunnel endpoints

CSCE Farkas25 Security Considerations End to End Security Secure transport in tunnel protects the data within the tunneled PPP packets while transported from the LAC to the LNS Need: security between communicating hosts or applications (IPSec)

CSCE Farkas26 L2TP and IPSec Attacks to consider: Packet snooping: discover user identity Packet modification (both control and data messages) Denial of Service by terminating PPP connections or L2TP tunnels Disrupt L2TP tunnel establishment

CSCE Farkas27 PPTP Designed to create and maintain VNP tunnels over public TCP/IP networks using PPP Joint effort of Microsoft and product vendors Server in Windows NT 4.0 Clients for Win 95, NT 4.0 Copyright: G. Chaffee, UCA/Berkley

CSCE Farkas28 Copyright: Oppliger, eSecurity

CSCE Farkas29 PPTP Data channel: – Encapsulates PPP over IP using Generic Routing Encapsulation (GRE) – Encapsulates link layer (PPP), communicates at network layer (IP) IPPPP GRE IP Media spec. header

CSCE Farkas30 PPTP Signaling (control) channel: – Uses TCP connection for signaling – Query status and convey signaling information between LAC and LNS – Always initiated by the PPTP client to the PPTP server via port 1723 – Bidirectional

CSCE Farkas31 Copyright: Oppliger, eSecurity

CSCE Farkas32 Authentication – MS-PPTP Three methods: – Clear password: client authenticates to the server – Hashed password: client authenticates to the server – Challenge-response: client and server authenticate each other

CSCE Farkas33 Hashed authentication LAN manager: DES encryption – Password is turned into a 14 character string – All converted to upper case – String is splint into two 7-character strings and used as the key to encrypt a fixed constant  two 8-byte strings – Concatenate strings  16-byte string = hash value Windows NT hash function: MD4 hash – Password converted to unicode – Hashed using MD4  16 byte hash value

CSCE Farkas34 Security Problems with Hashed Authentication Dictionary attack – LAN Manager is easier to break – Windows NT: better (mixed case) Neither supports password salt Both hash values are sent together

CSCE Farkas35 Encryption Assume existence of secret key shared between client and server RC4 stream cipher: encrypt data traffic Need key agreement: – Diffie-Hellman key exchange – Generate deterministically from LAN Manager’s hash value (NOT SECURE!)

Summary of L2TP Not secure without the support of IPSec CSCE Farkas36

Next Class Transport layer security CSCE Farkas37