End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
PA197 Secure Network Design 4. Security Architectures II
Eva Hladká, Luděk Matýska Faculty of Informatics
March 8, 2023
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles	
Secure channels	
Virtual private networks	
Transport layer security	
Authentication mechanisms	
Trusted network access	
^Jontent	
Q End2end principles Q Secure channels
• IPv4
• IPv6 o IPsec
Q Virtual private networks
Q Transport layer security
Q Authentication mechanisms a 802.lx and derivates
Q Trusted network access
• Basic authorization principles
• Trusted Network Connect (TNC)
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• Network transparency
• legacy from the telco network basic two-point communication
• Application architecture —> end2end principle
• the properties of the communication defined at its end points
• network properties not accounted for
o Security implications
9 communication through channels 9 adding security to these channels
• encryption at different layers
privacy threat: trail between source and destination within network
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles
Secure channels ... . IPv4
Virtual private networks \Pv6
Transport layer security IPsec
Authentication mechanisms
Trusted network access
• Encryption of the communication between concrete layers of the network protocol
Explicit encryption by the application before pushing data to the transport stack
• Secure transport layer: SSL/TLS
• Secure internet layer: IPsec
• The last two transparent to the application
• Concept of Virtual Private Network (VPN)
• applications sits on top of secure communication channels
• mobility of one end-point
• potential for multi-point communication
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
	
• IPv4 was not build with the security in mind
• conceived in times of pure academic (i.e. restricted) use
• small number of nodes and small number of users
• All information exposed to any eavesdropper
• destination and source address
• type of the message (meta-info)
• content of the message
• unless explicitly encrypted before transmission
• Security through organizational and legal barriers
• physical access to the network and attached computers
o legal restrictions on eavesdropping old telecommunication lines
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles
Secure channels ... . IPv4
Virtual private networks \Pv6
Transport layer security IPsec
Authentication mechanisms
Trusted network access
• The security drawbacks of IPv4 recognized
• Full security incorporated as a mandatory requirement
9 Integrity
• not possible to modify the control data
• source and destination addresses
• type of the messages
• Content hidden from eavesdropper
• content encryption
possibility to also encrypt most of the metadata
• e.g. type of message
However, source and destination address always visible
• The principles transformed into separate protocol description: IPsec
• The mandatory security for IPv6 was dropped in RFC 6434
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
|Psec^|	
• IP security protocol suite
• first developed for IPv6
• backpropagated to IPv4 as IPsec
• Addresses security problems of the IP layer
• Eavesdropping, hijacking, spoofing, .. .
• Implemented at the IP layer
• Provides specific protocols/mechanisms
• confidentiality (no eavesdropping)
• data origin authentication (no spoofing)
• message integrity (no data modification)
• access control
• replay detection
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
• Authentication header (AH)
• data integrity
• source authentication
o Encapsulating security protocol (ESP)
• confidentiality (authentication just optional)
• Security association (SA)
• one directional relationship between sender and
• establishment of security parameters
• security association database (SADB)
• security parameter index (SPI)
a unique index for each entry in the SADB • associates SA with a packet
• security policy database (SPD)—"IP sec firewall
• Transport mode
• protection of higher-level protocols
• Tunnel mode
_, ____4-^4-:__->4- 4-i__in i->______
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
IPv4 IPv6 IPsec
IP header	auth header	TCP	DATA
authenticated
encrypted
IP	ESP	TCP	DATA	ESP	ESP
header	header			trailer	auth
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End-to-end transmission
• internal active elements not necessarily involved Original packet not encapsulated
• IPsec specific header inserted between original IP TCP/UDP headers
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles
Secure channels ... . IPv4
Virtual private networks \Pv6
Transport layer security IPsec
Authentication mechanisms
Trusted network access
• Tunneling between active elements
• needs support inside the network
• at least edge routers must be involved
• Encapsulates original packet
• prepends new IP header
• identifies the source and destination addresses of the tunnel
• IPsec header immediately follows the new (tunnel) IP header
• the original packet is thus fully encapsulated
• can be fully encrypted, including the original source/destination addresses
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
A collection of protocols
• basic: RFC 2401 Authentication Header (AH)
• RFC 2402
Encapsulating Security Payload (ESP)
• RFC 2406
Internet Key Exchange (IKE)
• RFC 2409
IP Payload Compression (IPcomp)
• RFC 3137
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
AH Details	
• Protection against replay attacks
32-bit monotonically increasing sequence numbers
• Protecting data integrity
• cryptographically strong hash algorithms (96 bits)
• symmetric key cryptography
• HMAC-SHA-96, HMAC-MD5-96
next header	payload length	reserved
security parameter index		
sequence number		
	authentication data	
	(variable length)	
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
1	
• On top of AH provides data confidentiality
• symmetric key encryption to encrypt full packets
security parameter index		
sequence number		
encrypted payload		
(variable length)		
padding		
(variable length)	padding len.	next header
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
Internet Key Exchange	
• Essential part of IPsec
• however usable also outside IPsec
• Exchange and negotiate security policies
• Establish Security Associations
• Key exchange
• Key management
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
IKE Phases	
• Phase 1: negotiate and establish an auxiliary e2e secure channel
• medium for subsequent phase 2 only once between any two endpoints
• Phase 2: negotiate and establish custom secure channels
• for each separate flow
• occurs many times
o Both phases use Diffie-Hellman key exchange to establish a shared key
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
IKE Phase 1	
• Secure channel between two end-points o Security features
• source authentication
• data integrity and confidentiality
• protection against replay attacks
• Purpose
• to provide basic security environment
• to support secure negotiations for the applications
• different policies
• different keys
• Two modes:
• main mode
9 six messages in three round trips, more options
• protects the identity of the peers
• aggressive mode
• three messages in two round trips, less options
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
IPv4 IPv6 IPsec
initiator
responder
SA proposals
chosen proposal
KE, Nonce
KE, Nonce
ID and auth
ID and auth
initiator responder SA, key, Nonce, ID
SA, key, Nonce, ID, auth
auth
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
Different ways
• digital signature
• two forms of authentication with public key 9 pre-shared key
Uses public-key based cryptography for encryption
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	IPv4 IPv6 IPsec
IKE Phase 2	
• Custom secure channels
• using the secure channel established in Phase 1 for setup
• support heterogeneity
• End-point identification:
• < IP, Port > (as in transport layer)
• packet end address (network/range)
o e.g. all packets for 147.251.11.0/24
Only quick mode
• multiplexes multiple quick mode exchanges
• generates SAs for both end-points
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• A network that uses public infrastructure (e.g. Internet) to connect remote offices or users with secure access to their organization's internal network
• it extends the internal organization's network to remote users in a secure way
• Through the VPN, users are able to use internal applications as if they are within the organization boundaries
• "Classical" VPNs work at Layer 3
• point to point connection
• no (limited) support to broadcast domains
• VPNs at Layer 2
• layer 2 tunneling protocols
• VPLS
• extend organizational network also at broadcast domains
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• VPNs are (usually) not anonymous
some kind of authentication is mandatory
• VPNs are (usually) encrypted
• protection against eavesdropper over public network
• confidentiality is provided
• Message integrity is also provided
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• IPsec tunnels
• standards-based security protocol
• TLS/SSL tunnels
• used in OpenVPN project
• can tunnel entire network or just a single user connection
• alternative to IPsec in NATed and firewalled environment
• Secure Socket Tunneling Protocol (SSTP)
• Microsoft
• using SSL3 3.0 to tunnel Point-to-Point Protocol (PPP) or L2 Tunneling Protocol
• Poodle attack sensitive
• Secure Shell (ssh) VPN
• OpenSSH
• VPN tunneling
• do not confuse with port forwarding
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• Virtual LAN
• IEEE 802.1Q trunking protocol
• packet tagging
• single trunk/single LAN
• Virtual private LAN service (VPLS)
• multiple tagged LANs share a common trunk
• it is a provider provisioned VPN, not a private line available for connecting two or more LANs over a public network at L2
• all connected LANs behave as a single LAN from users' point of view
works with frames, not packets
• Ethernet over IP
• EtherIP (RFC 3378)
• only packet encapsulation
• no confidentiality nor message integrity
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• Provider-provisioned services discussed here
• multiple customers
• private IP address space disambiguation at the edge device
• BGP/MPLS
• defined in RFC 2547
• BGP extensions advertise IPv4 VPN address' routes
• Route Distinguisher (8 bytes)
• IPv4 address
• providers edge routers "know" VPNs' topology
• MPLS used to tunnel between these edge routers
• Virtual router
9 customer is responsible for the VPN's address space
• no extensions to the routing
• MPLS tunnels, different VPNs disambiguated by their label
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• VPN for mobile devices (mVPN)
o power (battery) sensitive
• allows gaps in connections
9 Roaming support
• no single IP address assigned by the network to the mobile end-point
• Uses permanent IP address of the device
• tunneling VPN
• software layers take care of tunnels re-connection
• the end-point IP visible to organization's network does not change
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• An attempt to guarantee a transport protocol to prevent eavesdropping and tampering
• A statefull connection
• a handshake to establish connection security
that leads to a secure (encrypted) communication channel
• Needs a reliable end-to-end communication channel (TCP)
• Predecessor is the Secure Socket Layer (SSL)
• the last version 3 (1996, see RFC 6101)
9 insecure, vulnerable to the POODLE attack o Evolution through Transport Layer Security (TLS) protocol
• similar but not compatible with SSL
• version 1.2 (RFC 5246 in 2008)
• refined in 2011 (RFC 6167)
• removed backward compatibility with SSL
• version 1.3 in draft (October 2014)
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• TLS session
• association between peers (client/server)
• established by the TLS handshake
• specifies cryptographic parameters
o to work over expensive public-key cryptography
• shared across several connections
• TLS connection
• mechanisms to transport data
• type of service
o how data are sent/received
• every connection is associated with one TLS session
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• Always one-way
• server and client must authenticate independently • Negotiation phase (server is authenticated)
• client sends ClientHello message
highest TLS protocol it supports; random number; suggested cipher suites; suggested compression methods (not vl.3)
• server responds with ServerHello handshake
• chosen protocol version; random number; selected cipher suite and
• includes also session ID compression method
• client sends its Certificate
• server sends its ServerKeyExchange and ServerHelloDone
• client responds with ClientKeyExchange
• could include PreMasterSecret key, encrypted with server public key
• client and server now compute master secret (from PreMasterKey and random numbers)
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• Cipher confirmation
• client sends ChangeCipherSpec record
• client sends Finished messages containing hash and MAC over previous conversation
• server checks Finished message and tears down the connection if check fails
• server does the same towards client (with its own ChangeCipherSpec)
• Application phase
• handshake is complete
• all messages are authenticated and encrypted as the Finished message
• Optionally no encryption can be negotiated during the handshake
• in such case no PreMasterSecret is exchanged and messages are not encrypted
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
Adding client authentication to the negotiation phase Modifications
• after ServerKeyExchange, server sends CertificateRequest to ask for client authentication
• after ServerHelloDone, client responds with Certificate message with its own certificate
• after ClientKeyExchange, clients sends CertificateVerify
• signature over previous handshake messages
• signed by client private key
• server verifies the signature
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
• Uses session ID sent by server during the original full handshake
• client keeps a triple <session ID; server IP address; TCP port>
• server keeps the session ID together with the cryptographic parameters negotiated (the master secret)
• Negotiation phase
• client sends the ClientHello
• it includes also the session ID from the previous handshake
• server responds with ServerHello
send the same session ID if it recognizes it
• a different session ID means new full handshake is requested
• Cipher confirmation
• same as for the full handshake, using the previously stored master secret
9 Much shorter, does not need public key cryptography (if the negotiated cipher suite does not need it)
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
802.lx and derivates
• IEEE standard for Port based Network Access Control
part of IEEE 802.1 group of standards authentication framework the actual algorithm how to do it
9 9
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
802.lx and derivates
• Based on Extensible Authentication Protocol (EAP)
• original RFC 2284 made obsolete by RFC 3748 updated in
RFC 5247
9 EAP encapsulation over LAN (EAPOL) protocol
• Ethernet, including 802.11 wireless
• token rings, including FDDI
• A supplicant request access to an access point (authenticator)
• AP allows only EAP message to be sent by supplicant
• Authenticator sends "EAP-Request/ldentity"
• Client returns "EAP-Response/ldentity" that is forwarded to the authentication server
• it either accepts or rejects the authentication request
• the decision is sent back to access point
it could (but is not required to) use the Remote Authentication Dial-In User Service (RADIUS)
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	802.lx and derivates
LEAP and PEAP	
• LEAP: Lightweight Extensible Authentication Protocol
o CISCO-developed 802.lx derivative
• targets CISCO Aironet equipment
• Uses TKIP and dynamic WEP keys
• frequent WEP key alteration reduces risks in using this protocol o PEAP: Protected EAP
o developed by RSA, Microsoft, and CISCO © more advanced than LEAP
• Uses server-side PKI to create an encrypted EAP-TLS tunnels
• This tunnel is used to transmit user's credentials
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles
Secure channels
Virtual private networks on~ , ,   . .
802.lx and derivates
Transport layer security Authentication mechanisms Trusted network access
8
• Protocol for Carrying Authentication for Network Access
• lETF-backed o RFC 5191
• IP-based protocol
• device authentication (to get access) 9 uses EAP
• PANA carries EAP payload
• no need for EAPOL or the likes
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
802.lx and derivates
• PANA Client (PaC)
• PANA Authentication Agent (PAA)
• message exchange with PaC for authentication and authorization
• Authentication Server (AS)
• stores the info needed to check PaC credentials
• affirmative reply could contain also some data what is allowed
bandwidth parameters • IP configuration etc. o always time constrained (session time)
• Enforcement Point (EP)
• filters data from PaC according to the policy
• a key is established between PaC and EP
• valid during the session time only
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	Basic authorization principles Trusted Network Connect (TNC)
1	
• Least privilege
• default is no access
• all privileges must be explicitly defined/assigned
• Separation of duties/privileges
• no combination of responsibilities in one person/entity
• Need to know
• access only to the information (infrastructure) needed to perform the work
• Complete mediation
o All accesses must be checked
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
Access Control
Basic authorization principles Trusted Network Connect (TNC)
• The criteria used to decide on access usually include one or more from the following:
• roles
• groups 9 location
• time
• type of access
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	Basic authorization principles Trusted Network Connect (TNC)
	
• An activity to define an open solution architecture for access control to the network endpoints
• TNC-Working Group: companies, government, academia
• first introduced in 2005
• TNC reference architecture
o federated TNC protocol (IF-FTNC) which enables communication of
• IF-M attributes
• IF TNCCS Access recommendations
• IF-MAP metadata from one security domain to another
• To support network administrators in protecting networks
• impose enterprise security policies
• audit endpoint configurations
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access	Basic authorization principles Trusted Network Connect (TNC)
1	
• Network Access Requester (NAR)
• a client software on endpoint that initiates the network access attempt
• VPN client, 802.lx supplicants, web browser with initiating TLS handshake etc.
• Policy Enforcement Point (PEP)
9 network infrastructure device
• 802.lx compliant
• forwards information about NAR to PDP a Policy Decision Point (PDP)
• a device that hosts NEA
• Network Access Authority (NEA)
o determines the fate of the NAR request
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II
End2end principles Secure channels Virtual private networks Transport layer security Authentication mechanisms Trusted network access
ummary
Basic authorization principles Trusted Network Connect (TNC)
• Two major concepts
• secure end-to-end communication
• access control to the network
o Different ways for secure channels IPsec in details (including IKE)
• animation of IPsec functionality:
http://frakira.fi.muni.cz/~jeronimo/vyuka/IPSe
• VPNs
9 for end users and between sites
• L2 and L3 protocols
o 802.lx protocol for authentication
• Access control
• Basic authorization principles
• Trusted Network Connection
• Next session: Advanced architectures
Eva Hladká, Luděk Matýska PA197 Secure Network Design 4. Security Architectures II