文档库

最新最全的文档下载
当前位置:文档库 > IPsecVPNs Juniper SRX 技术文档

IPsecVPNs Juniper SRX 技术文档

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

I N

T E

R

N

A L

U

S E O

N L Y

IPsec VPNs

2

? 2008 Juniper Networks, Inc. All rights reserved.

The Meaning Behind VPNs

VPNs are used to transport private network traffic over a public network infrastructure. The term VPN has been used broadly in the networking industry for decades. For instance, the networking industry has referred to X.25, Frame Relay, and ATM

infrastructures as VPN networks. As the Internet spread and as carriers and service providers migrated all their service offerings to IP, new forms of VPNs emerged.

Types of VPNs Today

We can subdivide these new forms of VPNs into three categories:

?

Clear-text VPNs : These VPNs include Layer 3 VPNs, Layer 2 VPNs

(Kompella and Martini implementations), and virtual private LAN service (VPLS). These VPNs rely on MPLS services and the use of signaling protocols over IP.

?Secure VPNs : These VPNs are IPsec VPNs, carrying payload over IP securely.

?

Combination of clear-text and secure VPNs: These VPNs are based on Layer 3 VPNs, built on MPLS technology, and compounded with IPsec security.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

3

Secure VPNs

A network device that builds secure VPNs must be able to perform the following actions:

?Encrypt the original packet so that it cannot be easily decoded should it be intercepted on the public network;

?Verify the original payload ensuring data integrity; and

?

Authenticate the originating device as a member of the VPN, rather than a random device operating on the public network.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

4

? 2008 Juniper Networks, Inc. All rights reserved.

Security Concerns

There are three driving concerns for network security: confidentiality, integrity, and authentication.

?

Confidentiality : Online banking, credit card information, or a company’s competitive information—how do we keep this information secure from the man in the middle ? We want the information to be stored in such a way that if someone were to capture this datagram, the information would appear meaningless.

?

Integrity : Even though the information might be secure and hidden,

meaning that someone might not be able to determine or understand its contents, it could still be possible for someone to change it. Someone could tweak bits to change the data from what was originally sent through the network. So how do we make sure that if the data is compromised, the remote station recognizes this fact and refuses to process the information?

?

Authentication : How does the remote station verify that the information came from the device from which it expected it to come? You do not want to be communicating and sending critical information to the wrong recipient!

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

5

Confidentiality—Data Encryption

The first of the three VPN security concerns is confidentiality .

Encryption provides data confidentiality. Encryption is the method of taking user

data—referred to as plaintext —and converting it into unreadable or secret data called ciphertext . An encryption algorithm and keys (strings of bits that seed the encryption process) are applied to the data, resulting in ciphertext.

To reverse the process and decrypt the ciphertext, you must know both the encryption algorithm and encryption key. You can decrypt encrypted data in one of two ways:

?Symmetric key encryption : This method uses the same key for both encryption and decryption; and

?

Asymmetric key encryption : This method uses a private key for encryption and a mathematically related public key for decryption.

The cipher strength depends on the key size; the larger the key, the more secure the cipher output. The trade-off is in processing time—larger keys use more computational cycles to encrypt and decrypt.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

6

? 2008 Juniper Networks, Inc. All rights reserved.

Confidentiality—Symmetric Key Encryption

Symmetric key encryption is the most straightforward form of encryption with the least amount of overhead. It is called symmetric because the key used to encrypt the data is the same key used to decrypt the data. Thus, the same key must be known on both sides of a connection.

Symmetric key sizes range from 40 bits–1024 bits. These keys are considered to be very fast as they are not very long, and they are widely used for bulk data encryption. However, because the key must be known to both the sender and the receiver, key management is a problem when using symmetric keys.

Examples of symmetric key encryption include Rivest Cipher 4 (RC4), Data Encryption Standard (DES), Advanced Encryption Standard (AES), and Blowfish.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

7

Public Key Encryption

The public, asymmetric key encryption method requires a pair of mathematically related keys. One of the keys is kept secret and known only to the owner; this key is the private key. The other key is widely distributed and can be accessed by anyone; this key is the public key. You can only decrypt data encrypted by the private key by using the corresponding public key, and vice versa. The keys are mathematically related such that it is almost impossible to derive one key out of another.

Public key sizes range from 512 to 2048 bits. Because of the large size, these keys are extremely slow and generally not feasible for bulk data encryption. However, public keys are widely used for user and device authentication (for example, digital certificates). An example of public, asymmetric key encryption is RSA.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

8

? 2008 Juniper Networks, Inc. All rights reserved.

Integrity

Now that we have the data encrypted as it traverses the Internet, we must ensure that the data is not modified along the way. Even though a novice hacker might not be able to crack the encryption algorithm and key, the hacker can still wreak havoc by modifying bits that are being carried in the encrypted payload. If this modification happens, the decrypted output does not match the original data. Who knows what the consequences might be!

Hashing solves this problem by creating a fingerprint of the data, similar to a cyclic redundancy check (CRC) checksum. Before data is sent out, it traverses a hashing engine that produces a fixed-length hash output. The hash is placed in a field in the packet along with the data before being sent over the network. The destination device takes the same data and runs it through the same hashing algorithm, calculating its own hash. The destination device then compares the hash that it calculated against the hash carried in the packet. The same hash in both locations proves that the data was not modified in transit. If the hashes do not match, the packet is dropped.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

9

One-Way Hash Algorithms

A hash function must have two basics properties:

?

The original data must not be able to be calculated from the hashed output. This property ensures that you cannot derive the plaintext from the ciphertext.

?

It must be mostly collision resistant. A collision occurs when two different inputs give the same output. It must not be possible to predict a different input value that gives the same output. This property is necessary because the purpose of hashing is to verify that the data has not been changed.

To see how it is possible to create a one-way function, think of the example on the slide, which shows a modulus operation. Given the value of 3, it is not possible to determine the original value because an infinite range of possible answers exists.However, this example is not suitable as a real-world hash function because it does not satisfy the collision-resistant requirement—a malicious person can change the plaintext by any multiple of the modulus number and know that the hashed value remains the same.

The most secure hash function that is widely used at present is the Secure Hash Algorithm 1 (SHA-1). SHA-1 is a preferred over Message Digest 5 (MD5), although MD5 is still widely supported. These functions produce a fixed-length output that is useful when working with IP packets because the overhead of transmitting the hash value is predictable.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

10

? 2008 Juniper Networks, Inc. All rights reserved.

Integrity—The Hash Process

The following list outlines the hash process:

1.The sender runs the data through the hash process.

2.The sender appends the hash value to the data and sends both the data and the hash value to the receiver.

3.The receiver separates the data and the hash value.

4.

The receiver hashes the data.

5.

The receiver then compares the calculated hash value to the received hash value. If the hash values match, the data has not been altered.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

11

Source Authentication

Encryption protects the packet contents from being viewed on the public network. Hashing verifies that the data is not altered. But how do you validate the source of the data?

The software performs source authentication using the Hashed Message

Authentication Code (HMAC). The sender appends a secret preshared key to the data, then performs the hash function. For hashes to successfully match, the receiver must append the same key value to the data before performing the hash function. The key itself is never transmitted along with the data.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

12

? 2008 Juniper Networks, Inc. All rights reserved.

HMAC Authentication

The following list outlines hashing with HMAC:

1.The sender appends the preshared key to the data, then performs the hash function.

2.The data and hash value are sent to the receiver.

3.The receiver separates the data and the hash value.

4.The receiver appends the preshared key to the data, then performs the hash function.

5.

The receiver then compares the calculated hash value to the received hash value. If the hash values match, the data has not been altered. If the hash values do not match, either the data itself was corrupted, or the keys did not match, meaning the source is invalid. Either way, the packet is discarded.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

13

Key Exchange

As we already discussed, both encryption and authentication are dependent on security keys, which leads to the problem of key exchange. If keys must be the same on both sides of a connection, how can you securely exchange key information?One option is to manually configure the keys on both sides of the connection. Manual key configuration is straightforward, but misconfigurations, especially when each device has a different administrator, are common. Furthermore, manual configuration usually means that keys are rarely changed, which is itself a potential security issue; given a large enough sample, any code can be broken.

Automating the key exchange process is a good idea, but we must overcome the

problem of sending keys across a public network. Anyone intercepting the key has the ability to decode the data.

The Solution

Whitfield Diffie and Martin Hellman developed a solution to this problem in 1970. The Diffie-Hellman algorithm is a method whereby two parties can agree upon a secret key that is known only to them. The strength of the technique is that it allows the

participants to create the secret value over an unsecured medium without exchanging the secret value itself. This method also makes it impossible to perform reverse generation of the secret if it is somehow intercepted.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

14

? 2008 Juniper Networks, Inc. All rights reserved.

Diffie-Hellman Groups

Diffie and Hellman proposed five groups of prime numbers and generator values to be used in their key exchange algorithm. Each group generates unique keys using a combination of exponential and modulus calculations.

JUNOS software supports Diffie-Hellman (DH) Groups 1, 2, and 5. The larger the prime number—the stronger the key—and the more computationally intensive the

calculation. Diffie-Hellman Group 1 uses a 768-bit prime number. Diffie-Hellman

Group 2 uses a 1024-bit prime number. Diffie-Hellman Group 5 uses a 1536-bit prime number.

You must configure both tunnel peers to use the same DH group; otherwise, the key generation process fails.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

15

The DH Key Exchange Process

Using the same DH group, each SRX-series services gateway creates unique public and private keys. These keys are mathematically related by means of the DH algorithm.

The public key values are exchanged across the network. Each peer then runs its local private key and the received public key value through the DH algorithm to compute a common session key. The session key itself is never passed across the network.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

16

? 2008 Juniper Networks, Inc. All rights reserved.

IPsec Overview

IPsec is a set of standards that defines how the encryption, validation, and

authentication methods we just discussed are actually implemented in networks. IPsec works at Layer 3; it supports both unicast and multicast traffic.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

17

IPsec: A Two-Step Process

IPsec VPNs consists of two major steps:

1.

IPsec tunnel establishment : An IPsec tunnel can be established manually or with the help of the Internet Key Exchange (IKE) protocol.

2.

IP traffic processing : During this step payload protection takes place using security parameters defined in the tunnel establishment phase.

We cover the first step—IPsec tunnel establishment using IKE—on the next several pages.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

18

? 2008 Juniper Networks, Inc. All rights reserved.

Step 1: Tunnel Establishment Using Internet Key Exchange

IKE is a secure key management protocol used by IPsec to have information

exchanged in a secure and dynamic manner with little or no intervention. The IKE proposal exchange is phase 1 of the IPsec tunnel establishment process. The

following attributes are exchanged between IPsec peers as a part of the IKE process:

?Encryption

algorithm;?Hash algorithm;

?Authentication method; and ?

Diffie-Hellman group.

Once these attributes are negotiated between the IPsec peers, they are used to secure future attribute exchanges that are used to protect data. IKE exchanges are authenticated using one of the following methods:

?Preshared keys;?Digital signatures; or ?

Public key encryption.

IKE is preferred over manual keys in IPsec implementations because of the ease of management and scalability.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档

IPsec VPNs

? 2008 Juniper Networks, Inc. All rights reserved.

19

Security Associations

A security association (SA) is a set of policies and keys used to protect information. SAs are established upon the successful completion of IKE negotiations. An SA is uniquely identified by the security parameter index (SPI) value, the tunnel destination address, and the security protocol—Encapsulating Security Payload (ESP) or

authentication header (AH)—being used. The lifetime of an SA can be based on either a time value or a value determined by the volume of traffic that is protected by the proposal.

I N

T E

R

N

A L

U

S E O

N L Y

IPsecVPNs Juniper SRX 技术文档