|
IP Security, Creating Secure Intranets over the Internet.James P. HughesNetwork Systems Corporation AbstractThe technology to create interoperable secure encrypted tunnels over the internet is now possible. Secure intranets over the internet is an intriguing cost savings solution to replace high cost leased lines or frame relay services while at the same time increasing the security of that traffic.The concept of an Intranet is a private network "Intra" a corporation or inside a corporation using the Internet as the underlying media. This concept is not new, but is just now becoming possible. The enablers for this technology has been the commercialization of the Internet backbone, the proliferation of WWW and IP security. Now that every company needs a WWW connection to the Internet, it is logical to overlap that use with other office to office traffic, especially when that network is significantly cheaper than buying leased or even frame relay services. IP security is another enabler for the Intranet. The Internet is a scary "free for all" that allows any to any connectivity. If you are building a network specialized to carry private company information the last thing you want is any to any connectivity where the any can be your competitors. In addition to keeping the competitors out, you also need to make sure that there the companies proprietary data is indeed unreadable to your competition when it is being transferred over the Internet. The IP security standards suite uses encryption technology. Encryption is more than just the scrambling of bits so that the data can not be seen. Encryption technology, as envisioned by the IPsec working group, includes capability not only to create private transmissions, to provide authentication of parties to a conversation and to provide data integrity so that you know that the traffic was from the original sender and was not modified in transit by an attacker. These mathematical transformations can be implemented at several places in an IP network and can be used to protect data from host to host, site to site or any combination. Creating secure tunnels is one issue, but another issue is how do people agree on secrets (session keys) even if there are eavesdroppers listening in. The IPsec Oakley key management protocol provides the ability to privately negotiate a key while also ensuring that the key you negotiated was indeed to the intended source. The authentication of the initial source and the creation of (two party) shared secret keys is the prime motivation. When to negotiate a key is also another issue. The ISA/KMP protocol allows keys and traffic parameters to be negotiated before they are needed. Finally, a way to reliably undeniably know that an endpoint that you may have never heard of is who they say they are even in the event that keys are stolen, compromised or simply revoked is part of yet another protocol defined by the DNSsec working group. DNSsec can send the authenticated credentials to validate that an end point is who they say they are. These mathematical transformations can be implemented at several places in an IP networks that have or do not have firewalls. Packet formats for IPsec compatible encapsulations will be shown as well as future challenges such as public key certificates. Capabilities of EncryptionEncryption is a set of mathematical transformations. It is a tool. This tool can be used to create several important capabilities when applied to the protection of private data on public networks.Technically an integrity, key exchange and authentication are not encryption per-se, they do, however, use the same properties of irreversibility that make encryption possible. PrivacyPrivacy is the ability to keep data private on networks where others may be listening. This is where the common "symmetric ciphers" such as DES, 3DES (pronounced triple-DES), CDMF (40 bit DES), IDEA, RC4 and others. There are many ciphers that can be used. The IPsec standard is mandating a conservative standard of DES. DES is a well understood and royalty free algorithm, and has successfully withstood 20 years of public scrutiny[1].IntegrityIntegrity is the method of ensuring that the data has not been modified in transit from the source to the destination. Typically, in networks and on computer disks, the protection used ensure that data is not modified uses Cyclic Redundancy Checks (CRCs). These are very good at catching random events, but to the attackers, CRCs are very predictable and easily reversed. In addition the sizes of CRCs 16, 32 or 64 bits are all too small to stop a birthday attack[2].The integrity function is usually performed by a hashing function. The two currently in use today are MD5 and SHA. Hashing algorithms can also be used to create authenticated hashes. These hashes are used to both ensure that the data has not been changed and it is from the correct source. IPsec uses both MD5 and a keyed variant of MD5, HMAC. Replay PreventionThis capability ensures that data is received at most, once, and never again. In an IP network, traffic is not guaranteed to arrive in order and it is also not guaranteed to arrive at all. Replay prevention provides a means of ensuring that data, once received can not be recorded and played back later. Replay attacks can be useful even if the data is never decrypted.Key ExchangeHow does one create and communicate a secret when there are others listening? There are two basic algorithms that do this, one is Diffie-Hellman and the other is Elliptical curves. The mathematics of Diffie Hellman are simple and easy to follow.First a x is chosen from random bits. The sender then calculates g^x and send that to the other side. In the mean time the receiver chooses its own y and calculates g^y and sends it to the other side. The sender then calculates (g^y)^x and the receiver calculates (g^x)^y. In both cases, they have calculated G^(xy). (All of these calculations are performed using modular arithmetic) What makes this elegant is that. Even if the eavesdroppers listen to the conversations, and knows g, g^x and g^y, unless they can perform discrete logarithm over a finite field, then G^(xy) will remain a mystery. If the numbers are large enough, then the reversal is not possible. Another aspect Diffie Hellman is that, if the bits are calculated new and not reused in any way, the keys generated will be completely unrelated and if one key is cracked, the attacker knows nothing about any other keys that has been used or will be used in the future. AuthenticationThe method of ensuring that the data received is from the expected source. While it is possible to create a key with someone and use it, there is a possibility that the caller is not who they say they are. In that case, the data will be protected while on the network and sent to the wrong destination. To solve this authentication protocols and algorithms are used. Most privacy systems use RSA to authenticate a party to a conversation. RSA has the ability to publish your public key and if you keep your private key private, then it is theoretically impossible to impersonate you.These public keys, when combined with a certification authority, provides means of not only storing and sending out public keys to callers, it also provides for the integrity of the keys as well as to allow the certifying authority the ability to revoke a key so that if a key is lost, then it can be made useless. IPsecIPsec is a family of RFCs that can be used to create secure communications. They are the data encapsulation, key exchange algorithm and key exchange framework. These RFCs represent the minimum implementation that can be called "IPsec".draft-ietf-ipsec-arch-02.txtThis is the overall architecture. This can be used to define the various encapsulations.draft-ietf-ipsec-hmac-md5-00.txtThis contains the creation of a secure keyed MD5 operation. This allows the MD5 packet integrity check to be keyed so that the source can authenticate its packet.
Is the actual implementation of the tunnel. This transform contains privacy
(DES) integrity and authentication (HMAC) and replay protection.
| ||||||||||||||||||||||
