Introduction to VPNs, PKI, and PGP
Hello, in this module we continue our discussion of encryption and we look at some practical
applications of it. We start off by looking at VPN’s or virtual private networks and see how you can
use them to create secure communications using public networks such as the Internet. We than
briefly look at the problem of key management and finish our discussion with a look at PGP or Pretty
Good Privacy, which is an application that allows you to encrypt files and send encrypted email.
Introduction to VPNs,
PKI, and PGP
Security Essentials
The SANS Institute
Encryption and Exploits - SANS ©2001 1
Hello, in this module we continue our discussion of encryption and we look at some practical
applications of it. We start off by looking at VPN’s or virtual private networks and see how you can
use them to create secure communications using public networks such as the Internet. We than
briefly look at the problem of key management and finish our discussion with a look at PGP or Pretty
Good Privacy, which is an application that allows you to encrypt files and send encrypted email.
3-1
Foundations of a VPN
• VPNs use cryptography to communicate
securely in the presence of adversaries
– Encryption: Scramble data into something
difficult to read without a key.
– Decryption: the opposite process of
encrypting.
– Authentication: How are you sure you’re
talking to the right person?
VPNs, PKI, and PGP - SANS ©2001 2
To architect and deploy a VPN, we need to understand how to apply these three tools. These
concepts are easy to grasp at the conceptual level, but the devil is in the details as they say. Crypto
has evolved from an abstract playground for mathematicians to something with widespread public
awareness (those little solid, gold keys in the browser have people asking the darndest questions).
Likewise, authentication is a discipline in its own right. We’ll be discussing authentication systems
and client-side web certificates.
3-2
What is a VPN?
• Dedicated leased lines are expensive
• Most locations have low-cost
connectivity to the Internet
• Why not use the Internet as the
communication media and use
encryption for security
• So, a VPN is a secure communication
path that utilizes public networks
VPNs, PKI, and PGP - SANS ©2001 3
In its most basic sense, VPN’s, or virtual private networks, are a secure communication path that
utilizes public networks. Having dedicated leased lines between locations provides for secure
communications but can get very expensive. With most leased lines, you pay by the distance. So the
greater the distance between two locations, the more expensive the line. But most sites have fairly
inexpensive connections to the Internet, so why not use those connections in order to communicate?
The main problem is security. Public networks, such as the Internet, have no security built-in.
However, if we encrypt the data that is sent over the lines, we now have the security we need with
the costs that we like, thus a VPN.
3-3
Why Use a VPN?
• Flexibility
– A VPN “tunnel” over the Internet can be set up
rapidly. A frame circuit can take weeks.
– A good VPN will also support Quality of Service
(QOS).
• Cost
– There are documented cases of a VPN paying for
itself in weeks or months.
– There are also cases where the hidden costs sunk
the project!
VPNs, PKI, and PGP - SANS ©2001 4
One of the biggest benefits of VPN technology is their flexibility. Need a secure channel between
two hosts for only a day? Maybe just for an hour every business day? A VPN may fit the bill. Once
you have the components, setting up a VPN is a software change. This makes the technology far
more flexible than legacy frame and dedicated circuits which must be wired and possibly require
additional hardware. This flexibility lends itself to creating new business solutions. For example its
not cost-effective to wire a T1 for every employee who works from home. Its very practical however
to load up software on their laptop and let them connect to the home office via a VPN over the
Internet.
In looking for VPNs, ask about quality of service (QOS). Leased and dial-up lines offer both
bandwidth and latency guarantees, while dedicated connection technologies, like ATM and Frame
Relay, have extensive mechanisms for similar guarantees. As IP-based VPNs become more widely
deployed, there will be market demand for similar guarantees, in order to ensure end-to-end
application transparency.
Cost is another potential benefit. With a frame or dedicated circuit, you typically pay a flat monthly
fee so even if the circuit goes unused, its costing you money. Also, crossing state and government
boundaries with a dedicated circuit only increases their cost. With a VPN, you pay for a local
connection to the Internet with no “distance” charges.
Given these benefits, its not surprising that Taylor and Hecht report that VPN technology is expected
to expand 300-1000% by 2003 (Taylor and Hecht).
3-4
What VPN systems are
Made of
• Routers, Firewalls • LDAP Server
• Servers, clients • Key Management
Schemes
• Public Key
Infrastructure • Load balance, QOS,
failover, redundancy
• X.509 Digital
• Encryption
Certificates
VPNs, PKI, and PGP - SANS ©2001 5
The fundamental components of VPN’s can usually be built on existing equipment. Most routers and
firewalls have capabilities for providing VPN capabilities, or dedicated boxes can also be purchased.
The thing to remember is in order to properly create a VPN, it requires several other components
such as a PKI or public key infrastructure, X.509 certificates, key management schemes, etc. One of
the biggest problems that companies face is they try to setup a VPN without proper planning. VPN’s
can be straightforward to configure and setup but only if you do your homework and plan properly.
3-5
Security Issue
• If you are encrypting tunneled data
coming into your network, you lose
a number of checks and balances.
– What ELSE is connected to the VPN
client that is connected to YOU?
192.68.0.0
IP address = 192.67.1.1
IP address = 10.0.1.1
10.0.0.0
?
Security Security
Gateway B Public IP Gateway A
192.68.0.10 10.0.0.10
Network
VPNs, PKI, and PGP - SANS ©2001 6
VPN’s are good but remember that they are encrypting the data so that no one else can read it.
Depending on where your VPN device is, one of the devices that might not be able to read the
encrypted data is your firewall. A firewall cannot really do its job if it allows encrypted data
through. Or to put it another way,allows un-trusted data into your network. Since the firewall cannot
read the data, it cannot provide proper filtering.
3-6
IPSec Review
• IETF standard enables encrypted
communication between users and devices
– Implemented transparently into the network
infrastructure
– Scales from small to very large networks
• Open standard enables multivendor
interoperability
• Most VPN devices and clients are IPSec
compliant
VPNs, PKI, and PGP - SANS ©2001 7
Now I’m going to spend some time discussing some of the aspects you should understand about
IPSec technology as part of your security solution. IPSec is a Layer 3 method for providing tunnels.
It is an IETF standard, enabling encrypted communication between users and devices as illustrated
here. The goal is enabling a lot of different types of devices to understand one another. One of the
first applications of IPSec is Remote Access VPNs.
IPSec is transparent to the network infrastructure, and is scalable from very small applications to
very large networks.
As an open standard, IPSec is available to everyone, so vendors can ensure interoperability. As of
now, there are different levels of implementation available among the different vendors, but ideally
the same technology needs to be available to everyone to assure future interoperability in
multivendor networks, including the Internet.
At Cisco, IPSec functionality is available in Cisco IOS software releases 11.3T and later. Initially,
Cisco targeted gateway devices for IPSec, including routers and access servers.
3-7
IPSec Components
• IPSec (RFC 2401)—framework for security
protocols to provide:
–Data integrity
–Data authentication
–Data confidentiality
–Encryption protocols
• Internet Key Exchange (RFC 2406)—provides:
–Security association management
–Key management
VPNs, PKI, and PGP - SANS ©2001 8
At the IETF, IPSec includes security protocols that provide:
•Data integrity monitoring
•Data, user, and device authentication capabilities
•Data confidentiality, including encryption protocols
There are also Internet Key Exchange (IKE) capabilities that provide security association
management and key management. (The RFC numbers are listed here for you to look up on the
IETF web site if you like.)
3-8
IPSec Overview
• Headers • Key Exchange Policy
– Authentication Header Management
• Integrity, Authentication
– IKE
– Encapsulating Security • Negotiates security
Payload parameters
• Confidentiality, Integrity
and Authentication – Diffie-Hellman
• Negotiates digital
• Modes certificates
– Transport
– ISAKMP/Oakley
• IP Payload Only
• Generates shares secret
– Tunnel
keys
• Entire datagram
• Encryption
– DES, 3DES
VPNs, PKI, and PGP - SANS ©2001 9
The following is a breakdown of the different areas of IPSec:
Headers
Authentication Header
Integrity and Authentication
Encapsulating Security Payload
Confidentiality, Integrity, and Authentication
Modes
Transport
IP payload only
Tunnel
Entire datagram
Encryption
DES, 3DES
Key Exchange Policy Management
IKE
Negotiates security parameters
Diffie-Hellman
Negotiates digital certificates
ISAKMP/Oakley
Generates/shares secret keys
3-9
IPSec Overview: Headers
Encapsulated Security Payload
All Data-encrypted
Router IP HDR AH Data Router
Authentication Header
• Two types: Encapsulated Security Payload
(ESP) and Authentication Header (AH)
– Data integrity-no modification of data in transit
– Origin authentication-identifies where data
originated
– AH does not provide confidentiality; industry
moving toward ESP, which does
VPNs, PKI, and PGP - SANS ©2001 10
IPSec takes an IP packet and adds two headers to it.
First, it provides an authentication header, which provides knowledge that a packet originated from a
trusted source. It also guarantees that if a packet is changed, you know it. This is not encryption. It
just ensures that information is not intercepted, nor has its content changed.
The second header is the encapsulated security payload. This does the same thing as the
authentication header and also allows you to encrypt the payload.
3 - 10
IPSec Modes—Security
Associations
• Two types of SA Tunnel Mode
IP HDR DATA
• Tunnel mode: applied
to an IP tunnel
New IP HDR IPSec HDR IP HDR DATA
–Outer IP header specifies
IPSec processing destination Encrypted
–Inner IP header specifies
ultimate packet destination
Transport Mode
• Transport mode:
between two hosts
IP HDR DATA
–Header after IP header,
before TCP/UDP header IP HDR IPSec HDR DATA
Encrypted
VPNs, PKI, and PGP - SANS ©2001 11
When you are encrypting information, there are two basic modes you can use. The first and most
commonly used is the Tunnel Mode. This is applied to an IP tunnel between gateway devices. It
can also be used on remote clients talking to gateways. In Tunnel Mode, the original packet is
encrypted. Then the IPSec header is added (as we just talked about), along with a second IP header
that corresponds to the gateway you want to talk to. The flow here goes like this: information goes
to the first gateway, which encodes the payload, puts a new header on, and sends it to the second
gateway. The second gateway strips the new header, decrypts the payload, checks the packet for
integrity, and forwards it to the destination.
Transport Mode happens between two hosts. As diagrammed here, the packet header is removed,
the payload is encrypted, an IPSec header is added, the first header is reattached, and the packet is
forwarded.
3 - 11
Encryption: DES and 3DES
• Widely adopted standard
• Encrypts plain text, which becomes
“cyphertext”
• Triple DES
– The 56 bit DES algorithm run 3 times
– 112-bit triple DES includes 2 keys
– 168- bit triple DES includes 3 keys
• Accomplished on VPN client, server,
router, or firewall
VPNs, PKI, and PGP - SANS ©2001 12
IPSec provides a framework for plugging in and using many different encryption algorithms. The
most common are Data Encryption Standard, or DES, and Triple DES. DES is lighter than Triple
DES. Triple DES does multiple passes over the packets. This can be applied at IPSec termination
points on the VPN client, a server, router, or firewall.
DES is a symmetric encryption algorithm. I use a key on the front-end to encrypt the data, and the
same key on the back-end to decipher it to get the original data. IPSec lets you re-key the DES key.
The end points renegotiate the DES key they wish to use. So if you want to, you can make a
different key periodically and stump any hackers.
As a quick disclaimer, there are export limitations on encryption technology depending upon which
technology it is and where you want to send it.
3 - 12
Internet Key Exchange (IKE)
• Authenticates peers
–Pre-shared keys
–Public key
cryptography
–Digital signatures IKE IPSec
1st Next
• Negotiates policy to
protect
communication
• Key exchange
–Diffie-Hellman
VPNs, PKI, and PGP - SANS ©2001 13
Ifyou have two end points, the first thing they need to do is agree upon who they are. The second
thing they do is figure out a series of algorithms for authentication and encryption so they can talk
to each other. After that, they start bulk encryption and start passing data back and forth. This
process is called the IKE, or Internet Key Exchange negotiation.
Once the initial handshake is agreed upon, the endpoints set up a security association that defines
the parameters they will use for bulk data transfer. That’s the next step, the IPSec step.
Part of the initial IKE negotiation commonly uses a Diffie-Hellman algorithm. This is the way the
end points agree on the encryption key they will use for the bulk data transfer.
3 - 13
Digital Certificate
The Authenticity of the
Subject Name: Certificate Is
Credential Ties “Internet, Organization, Guaranteed by the
a Name Jane Doe” Digital Signature
or Identity to a Generated Using the
Public Key Public key: CA’s Private Key
Usage- Serial #: 29483756
Specific Other Data:
Attributes 10236283025273
Private
Credential Expires: 11/30/99
Expiration Signed: CA’s Signature
• Binds the subject’s identity with a public key
–Signed by a “trusted” certifying authority
• Identity proved by ability to sign using associated
private key
VPNs, PKI, and PGP - SANS ©2001 14
Digital certificates are analogous to passports or driver’s licenses. It is a unique certificate for a
given user or device. It contains the kinds of information listed here, including a public key, usage-
specific attributes such as a serial number or unique qualifier, an expiration date, and the subject
name. A “public key” is stored with the certificate.
3 - 14
Other Non-IPSec VPNs
• Layer 2 Forwarding (L2F)
• Layer 2 Tunneling Protocol (L2TP),
combines PPTP and L2F
• PPP Extensible Authentication
Protocol (authentication only, RFC
2284)
• SOCKS protocol
VPNs, PKI, and PGP - SANS ©2001 15
The following are some other non-IPSec VPN solutions:
Layer 2 Forwarding (L2F)
Layer 2 Tunneling Protocol (L2TP), combines PPTP and L2F
PPP Extensible Authentication Protocol (authentication only, see RFC 2284)
SOCKS protocol
3 - 15
VPN Web Resources
–The URLs in your notes pages
provide a number of valuable
resources for researching VPNs
VPNs, PKI, and PGP - SANS ©2001 16
The following are various VPN resources that can provide additional information on VPN’s:
http://kubarb.phsx.ukans.edu/~tbird/vpn.html
http://www.usenix.org/publications/login/1999-12/features/harmful.html (requires USENIX
membership)
http://www.optonline.com/plweb-cgi/fastweb?getdoc+view1+all002+1093+0++cryptography
http://www.ietf.org/html.charters/ipsec-charter.html
http://www.openssh.com/
http://www.uni-erlangen.de/docs/RRZE/dezentral/unix/linux/HOWTOS/mini/VPN-4.html
http://www.xs4all.nl/~freeswan/
http://www.antd.nist.gov/itg/cerberus/
http://www.antd.nist.gov/itg/plutoplus/
http://www.timestep.com/downloads/ipsec.pdf
http://www.timestep.com/HTML/Crypto.htm
http://www.phoneboy.com/fw1:
http://www.enteract.com/~lspitz/pubs.html
3 - 16
PKI (In a Nutshell)
• PKI, the glue that binds ecommerce
– SSL is a simple, particle example
• Boils down to resolving trust
– Who is really on *both* ends of the pipe?
• Enables remote access
– VPN connectivity, email, extranets, etc.
VPNs, PKI, and PGP - SANS ©2001 17
With VPN’s, there is a big problem with key management. PKI or public key infrastructure is the
glue that binds all of the pieces of e-commerce together. It all comes down to trust and PKI provides
the inter-trust relationship needed for people to communicate.
3 - 17
What is PKI?
• A management structure for public keys
– Ok, we both have private/public keys. Now
what?
– There is more than meets the eye
• public and private encryption keys
• digital certificates
• certificate authorities
• digital signatures
• key-management protocols
VPNs, PKI, and PGP - SANS ©2001 18
PKI is a management structure for public keys. We have all of these public and private keys but how
do we manage and track them? When it comes to PKI, the following are some of the key concerns:
•public and private encryption keys
•digital certificates
•certificate authorities
•digital signatures
•key-management protocols
3 - 18
PKI Issues
• There are a few problems
– Competing standards, or standards
still in flux
– Certification of certificate authorities
• Important issue but easy to overlook
– Cross certification between “CA’s”
– Do-it-yourself or outsource?
– User education and/or perception
VPNs, PKI, and PGP - SANS ©2001 19
PKI can get very complex very quickly because the following are some of the key problems that need
to be solved:
Competing standards, or standards still in flux
Certification of certificate authorities
Important issue but easy to overlook
Cross certification between “CA’s”
Do-it-yourself or outsource?
User education and/or perception
3 - 19
Things to Know
• Most PKI is based upon X.509
– X.509v3 standard targeted CA interoperability
– Movement is still slow
• Planning and deployment are critical to
success or failure
• Large scale management isn’t
necessarily a walk in the park
VPNs, PKI, and PGP - SANS ©2001 20
To sum up our brief discussion of PKI, most PKI is based upon X.509. X.509v3 standard targeted
CA interoperability, but movement towards a universal standard is slow.
When is comes to PKI, it can be very complicated and may not move too fast. Planning and
deployment are critical to success or failure. Large scale management isn’t necessarily a walk in the
park.
Now, lets take a look at PGP.
3 - 20