Virtual Private Networks (VPN)

Generic Routing Encapsulation (GRE)

TLS (SSL-VPN)

CN8814: Network Security 1

 1. Generic Routing Encapsulation (GRE)
 Tunneling
 Encapsulation with delivery header
 The addresses in the delivery header are the addresses of the
head-end and the tail-end of the tunnel

Delivery header
20.1.1.1/30.1.1.1 GRE 10.1.1.1/10.2.1.1

20.1.1.1 30.1.1.1
10.1.1.1/10.2.1.1

Private tunnel Private

network site network site
10.1.0.0/16 10.2.0.0/16
Public Network

10.1.1.1 10.2.1.1

Virtual Private CN8816: Network Security 2

Networks (VPN)
 1. Generic Routing Encapsulation (GRE)
 Structure of a GRE encapsulated packet

Virtual Private CN8816: Network Security 3

Networks (VPN)
 1. Generic Routing Encapsulation (GRE)
 IP access of the tunnel through the tunnel interface

20.1.1.1/30.1.1.1 GRE 10.1.1.1/10.2.1.1

Gateway Gateway
20.1.1.1
Internet 30.1.1.1
serial 0/0 serial 0/0
tunnel 0 tunnel 0
10.1.1.1/10.2.1.1
e0 e0

10.1.1.1/10.2.1.1 10.1.1.1/10.2.1.1

10.1.0.0/16 10.2.0.0/16
Customer Sites

Virtual Private CN8816: Network Security 4

Networks (VPN)
 1. Generic Routing Encapsulation (GRE)
 Tunneling mechanism at IP
 Outbound traffic

Routing table of R1 20.1.1.1/30.1.1.1

10.1.0.0/16 e0 (6)
20.1.1.1/30 s0 (3)
IP GRE
10.2.0.0/16 tunnel0 (7)
0.0.0.0/0 s0 (4)
(2) (5)
(8)

s0 e0 … Tunnel0
(9)
(1)
20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1] 10.1.1.1/10.2.1.1

Virtual Private CN8816: Network Security 5

Networks (VPN)
 1. Generic Routing Encapsulation (GRE)
 Inbound traffic

Routing table of R2
10.2.0.0/16 e0
30.1.1.1/30 s0 (6) (3)
IP GRE
10.2.0.0/16 tunnel0
0.0.0.0/0 s0
(2) (5) (4)
(7)
10.1.1.1/10.2.1.1

s0 e0 … Tunnel
0

(1) (8)

20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1] 10.1.1.1/10.2.1.1

Virtual Private CN8816: Network Security 6

Networks (VPN)
 1. Generic Routing Encapsulation (GRE)
 Example

interface tunnel0 interface tunnel0

ip unnumbered s0 ip unnumbered s0
tunnel source s0 tunnel source s0
tunnel destination 30.1.1.1 tunnel destination 20.1.1.1
! !
ip route 10.2.0.0 255.255.0.0 tunnel0 ip route 10.1.0.0 255.255.0.0 tunnel0

Routing table of R1
10.1.0.0/16 e0
20.1.1.1/30 s0
10.2.0.0/16 tunnel0
0.0.0.0/0 s0

Virtual Private CN8816: Network Security 7

Networks (VPN)
 1. Generic Routing Encapsulation (GRE)
 GRE tunneling with routing

Routing updates
(subnets of 10.0.0.0/8)

Virtual Private CN8816: Network Security 8

Networks (VPN)
 3. IP Security (IPsec)
 IPsec and Dynamic Routing
 IPsec-protected traffic must be pre-defined
 IPsec only supports static routing

The IPsec tunnel is setup for the

traffic between 10.1.0.0/16 and
10.2.0.0/16
IPsec tunnel

10.1.0.0/16 10.2.0.0/16

The tunnel will not 10.3.0.0/16

support the traffic to
New site
the new site

Virtual Private CN8816: Network Security 9

Networks (VPN)
 3. IP Security (IPsec)
 IPsec/GRE
 GRE defines a tunnel interface
 IPsec transport mode provides the security
Routing table
10.1.0.0/16 inside (4)
30.0.0.0/8 outside IP GRE
10.2.0.0/16 tunnel0 (5)
10.3.0.0./16 tunnel0
IPsec (2)
(transport) (1) (3)
(6)

outside inside Tunnel0

10.1.1.1/10.2.1.1
20.1.1.1/30.1.1.1 Ipsec_protected 10.1.1.1/10.3.1.1

Virtual Private CN8816: Network Security 10

Networks (VPN)
 3. IP Security (IPsec)
 Virtual Tunnel Interface
 Provide secure tunnel by associating the virtual interface with
IPsec
Routing table 20.1.1.1/30.1.1.1 Protected packet
10.1.0.0/16 inside (5)
30.0.0.0/8 outside IP IPsec
10.2.0.0/16 tunnel0
10.3.0.0./16 tunnel0
(2) (3)
(6)
(4)

inside outside Tunnel0

10.1.1.1/10.2.1.1

10.1.1.1/10.3.1.1

Virtual Private CN8816: Network Security 11

Networks (VPN)
 2. Transport-Layer Security (TLS)
 TLS architecture
 Provide security connection between two application
entities
Error and alert reporting

-Authentication
-Cipher suit Encryption,
negotiation MIC &
-Keys Compression
generation

Virtual Private CN8816: Network Security 12

Networks (VPN)
 2. Transport-Layer Security
 TLS Record protocol
 Four connection states: current read and write states, and
the pending read and write states
 Security parameters:
 Connection end (client/server)
 Bulk encryption algorithm: type, key_size, …
 MAC algorithm: hash_size
 Compression algorithm
 Master Secret
 Client random, Nc
 Server random, Ns
 Keys
 Client_MAC_Write, Server_MAC_Write, Client_Write_Key,
Server_Write_Key, IVs

Virtual Private CN8816: Network Security 13

Networks (VPN)
 2. Transport-Layer Security
 Messages are processed using the current read or write states

Type Version Length

Write/read
Fragment (Compressed)
MAC secret
Write/read
Key
ICV

Padding (for CBC block cipher)

Pad length

Virtual Private CN 8816: Network Security 14

Networks (VPN)
 2. Transport-Layer Security
 Key Generation
 Master_secret = PRF(gxy mod N, “master secret”, Nc+Ns)
 x and y are the DE parameters
 Nc and Ns are the nonces generated by the client and the server,
respectively
 Master_secret is always 48 bytes
 PRF(secret, label, seed) = P_hash(secret, label+seed)
 P_hash(secret, seed) = HMAC(secret, A(1)+seed)
+ HMAC(secret, A(2)+seed)
+…
+ HMAC(secret, A(n)+seed)
 A(0) = seed
A(i) = HMAC(secret, A(i-1)

Virtual Private CN 8816: Network Security 15

Networks (VPN)
 2. Transport-Layer Security
 By default, the hash used in HMAC is SHA-256
 Need two HMAC iterations to generate the Master secret

Master secret (48 bytes) Truncated

(16 bytes)

 Key generation
 Key_block = PRF(Master_secret, “key expansion”, Ns+Nc)

MAC client MAC server Client Write Server Write

IVs (options) …
Write (Kmc) Write (Kms) Key (Kwc) Key (Kws)

Virtual Private CN 8816: Network Security 16

Networks (VPN)
 2. Transport-Layer Security
 Handshake protocol
 Client hello and server response phase

Client Server

Client Hello: session ID, Nc, cipher suit list, compression alg. list

Server Hello: Ns, cipher suit, compression alg.

Server Certificate O+
Key Exchange: Signature O+

Certificate request O-

Server Hello Done

O+ => Often; O- => Less often

Virtual Private CN 8816: Network Security 17

Networks (VPN)
 2. Transport-Layer Security
 Client reponse and change-cipher specification phase

Client Server

O- Client Certificate
Key exchange

O- Certificate verify: signature

Change cipher specification

Finished: session authentication

Change cipher specification

Finished: session authentication

Application Data

Virtual Private CN 8816: Network Security 18

Networks (VPN)
 2. Transport-Layer Security
 The handshake protocol allows quick setup of new TLS
connection using the old session master secret
 The master secret is allowed to be kept for 24 hours

Client Server
Client Hello: session ID, Nc
Server Hello: Ns Generate keys
Generate keys
Change cipher spec

Finished
Change cipher spec
Finished
Data

Virtual Private CN 8816: Network Security 19

Networks (VPN)
 2. Transport-Layer Security
 Change Cipher Spec Protocol
 invoke the transition from the pending states to current states

Client Server

Pending Kmc, Kwc Kmc, Kwc Pending

states Kms, Kws Kms, Kws states
(1) ChangeCipherSpecs (4) ChangeCipher
ChangeCipher (1) (5)
Specs Protocol (4) ChangeCipherSpecs (2) Specs Protocol
(3) (3) finished (3)
Handshake Handshake
(6) (6) finished (6)

Current Current
states states

Virtual Private CN8816: Network Security 20

Networks (VPN)
 2. Transport-Layer Security
 Alert Protocol
 Alert messages convey the severity of the message
and a description of the alert
 Alert levels: warning or fatal
 Alert messages with a level of fatal result in the
immediate termination of the connection
 Alert types:
 Close notification
 Error alerts

Virtual Private CN8816: Network Security 21

Networks (VPN)
 2. Transport-Layer Security
 SSL (TLS) VPN
 Tunnel interface is used to support secure tunnel connection

SSL-VPN (4) Upload of SSL- SSL-VPN

Appl. Web browser client VPN client web server
(1) (9) (3)
(17)
(5) (2) TLS handshake protocol
TLS TLS
(18)
(10) (16)
TCP/UDP
TCP/UDP
(15)
(6) (11)
(8)
IP IP
(19)
(7) (12) (14)
(20)
(13)TLS protected datagram
tun0 eth0 Outside Inside tun0

Virtual Private CN8816: Network Security 22

Networks (VPN)