privacy issues in virtual private networks tim strayer bbn technologies
TRANSCRIPT
Privacy Issues inVirtual Private Networks
Tim Strayer
BBN Technologies
2
What is a VPN?
• Private network running over shared network infrastructure (Internet) Allows interconnection of different
corporate network sites Allows remote users to access the
corporate network Allows controlled access between different
corporate networks
3
Private“Intranet”Network
Headquarters
Why VPNs?
PublicInternet
Intranet
Headquarters
Intranet
Remote Site
Intranet
Remote Site
Frame RelayOr
ATMOr
Dial-Up Service
4
VPN Rationale
• Private Networks Costly Inflexible Multiple Infrastructures
• Virtual Private Networks Inexpensive Configurable Single Infrastructure
5
The First VPN
• 1975, BBN delivered the first Private Line Interface (PLI) to the Navy
• Created secure network communication over the ARPANET
• Used a proprietary encryption and manual keying system
6
VPN Technologies
• Tunneling Overlay facilitates sharing common infrastructure IPsec, PPTP, L2TP, MPLS
• Security Authentication: PKI, RADIUS, Smartcard Access Control: Directory Servers, ACLs Data Security: Confidentiality, Integrity
• Provisioning QoS Traffic Engineering
7
Island Metaphor
“Hello!”
“???”“Oh! Hi!
“Hello!”
“Hello!”SS Encapsulator
SS Encapsulator
“Hello!”
“Hello!”SS Encapsulator
Tunnel
8
Tunneling
• Usually layers are inverted
Inner PacketOuter Header Trailer
For target network
For transport network
Ethernet IPIP PPP
2 323
Ethernet FTPIP TCP
2 743
9
Tunnels at Layer 2
• Point-to-Point Tunneling Protocol (PPTP) Integrated into Microsoft DUN and RAS Authentication/encryption provided by PPP
• Layer 2 Tunneling Protocol (L2TP) Combines PPTP with Cisco L2F Layer 2 tunneling, UDP encapsulation
IP IP/IPXGREv2 PPP
IP IP/IPX/IPsecUDP PPP
3 324
3 324
10
IPsec Protocol Suite
• Data encryption and authentication Two protocols
• Encapsulating Security Payload (ESP) assures data privacy and party authentication
• Authentication Header (AH) assures only party authentication
Cryptographic key management• Works well with Public Key Infrastructure and X.509
Certificates
• Transport and tunnel modes of operation• IPsec VPNs use tunnel mode and ESP
11
IPsec Tunneling
Original IP Header
Original IP Payload
New IP Header
Security Parameter Index
Sequence Number
ESP Trailer
ESP Authentication
Encr
ypte
d
Auth
enti
cate
d
OriginalIP Packet
12
MPLS “Tunneling”
• Multi-Protocol Label Switching High speed switching technology Tunnel any layer Built into edge/core routers and switches No authentication/encryption
Label IP PayloadIP Header
Original Packet
13
IPsec vs. MPLS
• Two dominant VPN technologies
• Let’s compare them viz. their approaches to privacy
14
What is meant by Private?
• No one can see your stuff Emphasis is on security Confidentiality, integrity, authentication,
authorization, access control
• Carve out a piece of a shared network for your own use Emphasis is on availability Traffic engineering
15
Evolution of IPsec
• First defined as a security mode for IPv6
• “Ported” to IPv4
• Combines tunneling with security Orthogonal services
• Complex key management
16
Evolution of MPLS
• ATM’s VCI/VPI used for cut-through switching Separates routing from forwarding Supports resource allocation
• MPLS IP cut-through switching using label Routers switch on preestablished label Routers don’t care what’s behind the label Originally proposed to accelerate routing
17
A Protocol Looking for a Use
• Fast routing argument lost with new routing technology Switching technology applied to IP header
• MPLS for traffic engineering “Connection” oriented Stateful – keeps tracks resource allocation
and usage RSVP adapted for signaling
• Hot router selling feature
18
MPLS-VPN Security
• Label Switch Routers will drop packets that do not belong to the VPN based on label
• BGP guards against injected routes using MD-5 authentication
• Note: No data confidentiality Weak authentication BGP is not sufficient to prevent fake routes
19
Why MPLS-VPN?
• Embed label switching in routers Sell more routers
• Replace Frame Relay and ATM with something that looks like these services No profit in Frame Relay or ATM anymore
• Control provisioning at the edge of ISP Sell value added service
• ISP dependent Keeps customers within provider’s network
20
Why IPsec-VPN?
• No changes to core routers Security gateway/tunnel endpoint placed
anywhere that is appropriate
• Separation through obfuscation Real data confidentiality Real authentication
• Routing protocol agnostic No (more than current) reliance on well-behaved
protocols
• ISP agnostic
21
Guarding “Privates”
• What separates a VPN’s traffic from all other traffic? IPsec: data encryption MPLS: different labels, forwarding tables
• Who is responsible for separation? IPsec:
• ISPs, but not necessarily• Corporate IT group and even individuals
MPLS: ISPs
22
Dichotomy of Assumptions
• IPsec assumes goal is: IP delivery No trust of intermediate systems
• MPLS assumes goal is: Engineered delivery Trust entities in the middle
• Begged question: Is leaving security to someone else a good thing?
23
Which is the Right Way?
• Depends on what control you are willing to cede to service providers What SLAs you demand What you want to “black box”
• Depends on what you mean by “private” No one is supposed to use your resources No one is able to see your stuff
24
Trends in VPNs
• IPsec is being built into routers, gateways, and firewalls, and can run at very high speeds
• Layer 2 tunneled through MPLS Martini Draft
• Combining MPLS and IPsec IP tunneled through IPsec tunneled
through MPLS Best of both worlds
25
There’s more to it
• Establishing a VPN is much more than just building a set of tunnels between sites Authentication Access Control Data Confidentiality Data Integrity Remote Access
26
Where does “Private” go?
• Virtual Private Network Makes sense What the designers had in mind
• Virtual Private Network What happens if you’re not careful
27
More about me
• This talk and other information athttp://www.ir.bbn.com/~strayer