What two different types of encryption can be used by IPsec during data transfer?

2.1.1 Transport mode

In transport mode, only the payload of the IP packet is usually encrypted and/or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this always will invalidate the hash value. The transport and application layers are always secured by hash, so they cannot be modified in any way (e.g., by translating the port numbers).

2.1.2 Tunnel mode

In tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create VPNs for network-to-network communications (e.g., between routers to link sites), device-to-network communications (e.g., remote user access) and device-to-device communications (e.g., private chat).

IPsec support is usually implemented in the operating system kernel. It was originally developed in conjunction with IPv6 and was originally required to be supported by all standards-compliant implementations of IPv6 but later it was made only a recommendation. IPsec is also optional for IPv4 implementations. The OpenBSD IPsec stack was the first implementation that was available under a permissive open-source license, and was therefore copied widely.

In 2013, as part of Snowden leaks, it was revealed that the US NSA had been actively working to “Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets” as part of the Bullrun program. There are allegations that IPsec was a targeted encryption system but no proof has been uncovered.

2.1.3 VPN

A VPN extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption.

A VPN spanning the Internet is similar to a wide area network (WAN). From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. Traditional VPNs are characterized by a point-to-point topology, and they do not tend to support or connect broadcast domains. Therefore, communication, software, and networking, which are based on OSI layer 2 and broadcast packets, such as NetBIOS used in Windows networking, may not be fully supported or work exactly as they would on a local area network (LAN).

VPNs securely connect geographically separated offices of an organization, creating one cohesive network. VPN technology is also used by individual Internet users to secure their wireless transactions, to circumvent geo-restrictions and censorship, and to connect to proxy servers for the purpose of protecting personal identity and location. VPN is a security technology most appropriate for individual user connections as opposed to secure connections of an array of embedded devices. For secure tunneling to and from embedded devices, the IPsec tunneling mode described in the previous section is more appropriate.

2.1.4 TLS/SSL

TLS and its predecessor, SSL, are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major web sites (including Google, YouTube, Facebook, and many others) use TLS to secure all communications between their servers and web browsers.

The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) will have one or more of the following properties:

The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated at the start of the session using RSA encryption of the shared symmetric keys as they are transported over the network. The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted. The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places himself in the middle of the connection) and reliable (no attacker can modify the communications during the negotiation without being detected).

The identity of the communicating parties can be authenticated using public key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server).

The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity. As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above.

Attempts have been made to subvert aspects of the communications security that TLS seeks to provide and the protocol has been revised several times to address these security threats. Web browsers have also been revised by their developers to defend against potential security weaknesses after these were discovered.

TLS may be appropriate to use for embedded devices (VoIP, where it is used extensively, is an embedded device) but only if IPsec is considered first and eliminated for legitimate engineering reasons.

Understanding Transport and Tunnel Modes

The basic building blocks of IPSec, AH, and ESP use symmetric cryptographic techniques for ensuring data confidentiality, and data signatures for authenticating the source of the data. IPSec operates in two modes: Transport mode and Tunnel mode.

You use transport mode for host-to-host communications. In transport mode, the data portion of the IP packet is encrypted, but the IP header is not. The security header is placed between the IP header and the IP payload. This mode offers some light bandwidth savings, at the expense of exposing the original IP header to third-party elements in the packet path. It is generally used by hosts—communication endpoints. This mode can also be used by routers if they are acting as communication endpoints.

With IPSec transport mode:

If AH is used, selected portions of the original IP header and the data payload are authenticated. Figure 5.6 shows a diagram of AH in transport mode.

If ESP is used, no protection is offered to the IP header, but data payload is authenticated and can be encrypted. Figure 5.7 shows a diagram of ESP in transport mode.

Use tunnel mode for network-to-network communications or host-to-network and host-to-host communications over the Internet. In tunnel mode, the entire IP packet (data, plus the message headers) is encrypted and/or authenticated. It must then be encapsulated into a new IP packet for routing to work. In tunnel mode, the original IP datagram is placed inside a new datagram, and AH or ESP are inserted between the IP header of the new packet and the original IP datagram. The new header points to the tunnel endpoint, and the original header points to the final destination of the datagram. Tunnel mode offers the advantage of complete protection of the encapsulated datagram and the possibility to use private or public address space. Tunnel mode is meant to be used by routers—gateways. Hosts can operate in tunnel mode, too.

With IPSec tunnel mode:

If AH is used, the outer header is authenticated as well as the tunneled packet. Figure 5.8 shows a diagram of AH in Tunnel mode.

If ESP is used, the protection is offered only to the tunneled packet, not to the new outer IP header. By default, ESP, providing the highest level of confidentiality, is used in this release. Figure 5.9 shows a diagram of ESP in Tunnel mode.

Notes from the Underground…

Encapsulating Security Payload

The Encapsulating Security Payload header, used in transport mode or in tunnel mode, also provides security services in both IPv4 and IPv6 networks. The security services provided through the Encapsulating Security Payload include confidentiality, authentication (data origin authentication and connectionless integrity), an antireplay service, and limited traffic flow confidentiality. Implementation and options chosen at the time of Security Association establishment determine the security services provided.

As in the case of the anti-replay service provided by the Authentication header, the source increments the Sequence Number; however, the destination node must check this field to enable the anti-replay service. To provide traffic flow confidentiality service, true source and destination information should be hidden. Thus, this service requires that the Encapsulating Security Payload header be used in a tunnel mode.

Figure 10.15 shows the format of the Encapsulating Security Payload header. The Next Header value of 50 in the immediately preceding header indicates that the Encapsulating Security Payload header processing is necessary.

The mandatory Payload Data field contains encrypted data described by the Next Header field. The encryption algorithm used specifies the length and the location of the structure of the data within the Payload Data field. To fulfill the encryption algorithm requirement of the length of the plain text or the 4-octet boundary alignment of the Payload Data field, the use of padding may be necessary.

Figures 10.16 and 10.17 illustrate the sequence of an IPv6 packet with its encrypted portion when Encapsulating Security Payload headers are used in transport mode and tunnel mode, respectively.

IPSec Communication Modes: Tunnel and Transport

Both AH and ESP can operate in either transport or tunnel mode. In transport mode, only the data portion of an IP packet is affected; the original IP header is not changed. Transport mode is used when both the receiver and the sender are end-points of the communication—for example, two hosts communicating directly to each other. Tunnel mode encapsulates the entire original packet as the data portion of a new packet and creates a new external IP header. (AH and/or ESP headers are created in both modes.) Tunnel mode is more convenient for site-to-site VPNs because it allows tunneling of traffic through the channel established between two gateways.

In transport mode, the IP packet contains an AH or ESP header right after the original IP header, and before upper layer data such as a TCP header and application data. If ESP is applied to the packet, only this upper layer data is encrypted. If optional ESP authentication is used, only upper layer data, not the IP header, is authenticated. If AH is applied to the packet, both the original IP header and upper layer data are authenticated. Figure 5.11 shows what happens to the packet when IPSec is applied in transport mode.

Tunnel mode is typically used to establish an encrypted and authenticated IP tunnel between two sites. The original packet is encrypted and/or authenticated and encapsulated by a sending gateway into the data part of a new IP packet, and then the new IP header is added to it with the destination address of the receiving gateway. The ESP and/or AH header is inserted between this new header and the data portion. The receiving gateway performs decryption and authentication of the packet, extracts the original IP packet (including the original source/destination IPs), and forwards it to the destination network. Figure 5.12 demonstrates the encapsulation performed in tunnel mode.

If AH is used, both the original IP header and the new IP header are protected (authenticated), but if ESP is used, even with the authentication option, only the original IP address, not the sending gateway’s IP address, is protected. ESP is more than adequate since it is very difficult to spoof an IPSec packet without knowing many technical details. The exclusion of the new IP header from authenticated data also allows tunnels to pass through devices that perform NAT. When the new header is created, most of the options from the original IP header are mapped onto the new one—for example, the Type of Service (ToS) field.

What are the 2 type of transfer modes used in IPsec?

What type of encryption does IPsec use?

Which encryption protocols are used by IPsec during actual data transfer?

What are the 2 phases of IPsec VPN?