Layer Two Tunneling Protocol (L2TPv3)

A Layer Two Tunneling Protocol (L2TP) is an extension of PPTP protocol. It combines the features of PPTP and Cisco's L2F protocols. L2TP provides a transparent communication between the two end-users and applications across the intervening network. L2TP extends the PPP model by allowing Layer 2 protocol and PPP protocol to communicate with each other, interconnected by a packet-switched network. When a user sends the connection request, it first connects to an access device (L2TP Access Concentrator) such as a modem, ADSL, or DSLAM, and then the access device tunnels the PPP frames to the NAS (Network Access Server). 5

Generic Routing Encapsulation (GRE)

Generic Routing Encapsulation (GRE) tunneling protocol encapsulates one IP datagram within another IP datagram and transports the encapsulated IP datagram. In other words, GRE encapsulates one network layer protocol with any another network layer protocol. The general specification is described in RFC 2890.6

A typical GRE datagram is shown in Figure 12-8. A network layer packet, called the “payload” packet is encapsulated in a GRE packet, which may include all the routing information of the network payload packet information. The resulting GRE packet is further encapsulated in some other network layer protocol, called “delivery protocol,” and then forwarded to the transmission inside the VPN tunnel.6

Figure 12-8. Format of a GRE6 encapsulated packet

Internet Protocol Security (IPSec)

The goal of the IPSec is to provide security services for the IP layer, in both IPv4 and IPv6 protocols. IPsec provides cryptographically designed security services for IPv4 and IPv6 protocol. 7 IPSec security services cover data confidentiality, data integrity, authenticity, and anti-replay protection for the network traffic.

IPSec is a complex framework consisting of many protocols that provide a flexible set of security features. Toward this end, IPSec uses two main security protocols, the Authentication Header (AH) and the Encapsulating Security Protocol (ESP). The IPSec framework has two modes: the tunnel mode and the transport mode. In tunnel mode, an entire IP packet is encapsulated inside another IP packet. In transport mode, only the IP packet header is modified.

The Authentication Header (AH) supports data integrity, authentication, and optional anti-replay services. The Encapsulation Security Payload (ESP) provides data confidentiality (encryption). Together, AH and ESP provide the full set of security features for IP protocol and these are configured in a data structure called Security Association (SA). To summarize, the main functions of IPsec are Authentication, Encryption, and Key Management.

IPSec RFC 4301, Security Architecture for IP, consists of the following:8

• Security Protocols – Authentication Header (AH) and Encapsulating Security Payload (ESP)

• Security Associations – what they are and how they work, how they are managed, and associated processing

• Key Management – manual and automated (The Internet Key Exchange (IKE))

• Cryptographic algorithms for authentication and encryption

IPSec Tunnel and Transport Modes

IPSec is configured in two modes:

• Tunnel mode: is used between two gateways, or between a host and a gateway, with the gateway acting as a proxy for the host behind it.

Transport mode: is used between two end stations or two hosts.

The Authentication Header (AH)

The Authentication Header (AH) protocol provides authentication of the origin and integrity of the datagram transported between two systems. Data integrity in IPv4 is achieved through the CRC check. If a CRC error is detected at the destination, it means that the IP datagram has been changed during the transmission. The same concept is used in AH protocol, except, instead of using a simple algorithm, it uses a special hashing algorithm and a unique key known only to the sender and the receiver. This key is exchanged during the initial phase of connection establishment and Security Association (SA) is established between the two devices to know how to perform the computation of the algorithm using the unique key that has been exchanged during the initial phase, which none of the other systems can perform. On the source device, AH performs the computation and updates the results in the Integrity Check Value (ICV) field of the AH header and the datagram is transmitted. The destination device decrypts the message with the key, if there are no errors in the transmitted datagram.

Some fields of the IP header change during transmission (for example the fragmentation flag), and this change is not predictable during transmission. Hence, such fields are not covered as part of the AH authentication process.

AH provides authentication for most of the fields of IP as well as the next level protocol data thus rendering protection provided by AH as partial.

It is important to note that the original data is not changed either by the checksum value or ICV value. Thus, AH performs only integrity check and not privacy (privacy is handled by ESP). The protocol header (IPv4 or IPv6) preceding the AH header SHALL contain the value 51 in its protocol (IPv4) or next header (IPv6) fields. Figure 12-9 illustrates the AH header format.9

Figure 12-9. AH Format

With transport mode, the source IP address fields are not modified as shown in Figure 12-9. The authentication header is added after the original IP header. In tunnel mode, a new IPv4 header is encapsulated in the original IPv4 packet, as shown in the Figure 12-10.

IPv4

Header

TCP

Header

TCP Segment

IP Packet

Original IP datagram Format

Protocol 51

Next Header 6

TCP

Header

TCP Segment

IPv4 Header

AH

IP Data

Authenticated

Transport Mode

Protocol 51

Next Header 4

Protocol 6

TCP

Header

TCP Segment

New IP v4 Header

AH

IP v4

Header

IP Data

Authenticated

Tunnel Mode

Figure 12-10. AH Header

AH uses Hashed Message Authentication Code (HMAC). VPN uses either HMAC-MD5 or HMAC-SHA. But SHA is regarded as more secure because of its large hash length. HMAC-MD5 is defined in RFC 2085, HMAC-SHA is defined in RFC 2404. The details of all the RFCs are given at tools.ietf.org/rfc.

The Encapsulation Security Protocol (ESP)

IPSec provides data confidentiality services through Encapsulating Security Payload (ESP). ESP may be applied alone or in combination with IP Authentication Header (AH) as described above. Confidentiality is provided by encryption algorithms and confidentiality of the data is between two hosts, two security gateways, or a gateway and a host.10 The ESP header is illustrated in Figure 12-11.

Figure 12-11. ESP Header

The encryption algorithms used by ESP are specified by the SA during the negotiation phase. ESP is designed for use with symmetric encryption algorithms. Since IP packets arrive out of order, each packet must have enough information to allow the receiver to establish cryptographic synchronization.10 ESP uses a shared key for encrypting and decrypting the data, which is exchanged between the two parties.

Figure 12-12 shows the difference between the transport mode and the tunnel mode. In the transport mode, the IP payload is encrypted and the original headers are left intact. In the tunnel mode, the entire original IP datagram is encrypted. However, the new IP header is not included in the authentication mechanism.

Transport Mode

Tunnel Mode

New IPv4 Header

ESP

Header

IPv4

Header

Data

ESP

Trailer

Encrypted

Authenticated

Figure 12-12. ESP Header – Transport and Tunnel Mode

ESP uses a symmetric key to encrypt and decrypt the messages. The standard symmetric key algorithm used in IPSec VPN are DES, triple-DES, RC5, RC4, or Advanced Encryption Standard (AES). Whatever the cipher being used, it should be interoperable among IPSec products. RFC 1829 defines DES, RFC 1851 describes 3DES. These RFCs can be downloaded at tools.ietf.org/rfc. Other algorithms are MD5 and DES-CBC (Cipher Block Chaining).

Internet Key Management (IKE)

Before a secure transmission can begin, both the sender and the receiver need to negotiate on the keys, which are defined in the Security Association (SA) document. The AH protocol is used for authentication and integrity, the ESP is used for privacy. In both the AH and ESP protocols, both the parties exchange “secret” keys. This exchange of keys happens through a protocol called IPSec Key Exchange (IKE) protocol as defined by RFC2409.

IKE is meant for establishing, negotiating, modifying, and deleting SAs. IKE performs authentication between the two parties and establishes Security Association (SA) by exchanging the secret key that can be used to establish SAs for both AH and ESP protocols and a set of cryptographic algorithm that is used by the SAs to encrypt and decrypt the messages (payload).11

 
< Prev   CONTENTS   Next >