Introduction to VPNs, PKI, and PGP Security Essentials The SANS Institute Encryption and Exploits - SANS ©2001 Hello, in this module we continue our discussion of encryption and we look at some practical applications of it We start off by looking at VPN’s or virtual private networks and see how you can use them to create secure communications using public networks such as the Internet We than briefly look at the problem of key management and finish our discussion with a look at PGP or Pretty Good Privacy, which is an application that allows you to encrypt files and send encrypted email 3-1 Foundations of a VPN • VPNs use cryptography to communicate securely in the presence of adversaries – Encryption: Scramble data into something difficult to read without a key – Decryption: the opposite process of encrypting – Authentication: How are you sure you’re talking to the right person? VPNs, PKI, and PGP - SANS ©2001 To architect and deploy a VPN, we need to understand how to apply these three tools These concepts are easy to grasp at the conceptual level, but the devil is in the details as they say Crypto has evolved from an abstract playground for mathematicians to something with widespread public awareness (those little solid, gold keys in the browser have people asking the darndest questions) Likewise, authentication is a discipline in its own right We’ll be discussing authentication systems and client-side web certificates 3-2 What is a VPN? • Dedicated leased lines are expensive • Most locations have low-cost connectivity to the Internet • Why not use the Internet as the communication media and use encryption for security • So, a VPN is a secure communication path that utilizes public networks VPNs, PKI, and PGP - SANS ©2001 In its most basic sense, VPN’s, or virtual private networks, are a secure communication path that utilizes public networks Having dedicated leased lines between locations provides for secure communications but can get very expensive With most leased lines, you pay by the distance So the greater the distance between two locations, the more expensive the line But most sites have fairly inexpensive connections to the Internet, so why not use those connections in order to communicate? The main problem is security Public networks, such as the Internet, have no security built-in However, if we encrypt the data that is sent over the lines, we now have the security we need with the costs that we like, thus a VPN 3-3 Why Use a VPN? • Flexibility – A VPN “tunnel” over the Internet can be set up rapidly A frame circuit can take weeks – A good VPN will also support Quality of Service (QOS) • Cost – There are documented cases of a VPN paying for itself in weeks or months – There are also cases where the hidden costs sunk the project! VPNs, PKI, and PGP - SANS ©2001 One of the biggest benefits of VPN technology is their flexibility Need a secure channel between two hosts for only a day? Maybe just for an hour every business day? A VPN may fit the bill Once you have the components, setting up a VPN is a software change This makes the technology far more flexible than legacy frame and dedicated circuits which must be wired and possibly require additional hardware This flexibility lends itself to creating new business solutions For example its not cost-effective to wire a T1 for every employee who works from home Its very practical however to load up software on their laptop and let them connect to the home office via a VPN over the Internet In looking for VPNs, ask about quality of service (QOS) Leased and dial-up lines offer both bandwidth and latency guarantees, while dedicated connection technologies, like ATM and Frame Relay, have extensive mechanisms for similar guarantees As IP-based VPNs become more widely deployed, there will be market demand for similar guarantees, in order to ensure end-to-end application transparency Cost is another potential benefit With a frame or dedicated circuit, you typically pay a flat monthly fee so even if the circuit goes unused, its costing you money Also, crossing state and government boundaries with a dedicated circuit only increases their cost With a VPN, you pay for a local connection to the Internet with no “distance” charges Given these benefits, its not surprising that Taylor and Hecht report that VPN technology is expected to expand 300-1000% by 2003 (Taylor and Hecht) 3-4 What VPN systems are Made of • Routers, Firewalls • Servers, clients • Public Key Infrastructure • X.509 Digital Certificates • LDAP Server • Key Management Schemes • Load balance, QOS, failover, redundancy • Encryption VPNs, PKI, and PGP - SANS ©2001 The fundamental components of VPN’s can usually be built on existing equipment Most routers and firewalls have capabilities for providing VPN capabilities, or dedicated boxes can also be purchased The thing to remember is in order to properly create a VPN, it requires several other components such as a PKI or public key infrastructure, X.509 certificates, key management schemes, etc One of the biggest problems that companies face is they try to setup a VPN without proper planning VPN’s can be straightforward to configure and setup but only if you your homework and plan properly 3-5 Security Issue • If you are encrypting tunneled data coming into your network, you lose a number of checks and balances – What ELSE is connected to the VPN client that is connected to YOU? 192.68.0.0 IP address = 10.0.1.1 IP address = 192.67.1.1 192.68.0.10 Security Gateway B Security Gateway A Public IP Network 10.0.0.0 ? 10.0.0.10 VPNs, PKI, and PGP - SANS ©2001 VPN’s are good but remember that they are encrypting the data so that no one else can read it Depending on where your VPN device is, one of the devices that might not be able to read the encrypted data is your firewall A firewall cannot really its job if it allows encrypted data through Or to put it another way,allows un-trusted data into your network Since the firewall cannot read the data, it cannot provide proper filtering 3-6 IPSec Review • IETF standard enables encrypted communication between users and devices – Implemented transparently into the network infrastructure – Scales from small to very large networks • Open standard enables multivendor interoperability • Most VPN devices and clients are IPSec compliant VPNs, PKI, and PGP - SANS ©2001 Now I’m going to spend some time discussing some of the aspects you should understand about IPSec technology as part of your security solution IPSec is a Layer method for providing tunnels It is an IETF standard, enabling encrypted communication between users and devices as illustrated here The goal is enabling a lot of different types of devices to understand one another One of the first applications of IPSec is Remote Access VPNs IPSec is transparent to the network infrastructure, and is scalable from very small applications to very large networks As an open standard, IPSec is available to everyone, so vendors can ensure interoperability As of now, there are different levels of implementation available among the different vendors, but ideally the same technology needs to be available to everyone to assure future interoperability in multivendor networks, including the Internet At Cisco, IPSec functionality is available in Cisco IOS software releases 11.3T and later Initially, Cisco targeted gateway devices for IPSec, including routers and access servers 3-7 IPSec Components • IPSec (RFC 2401)—framework for security protocols to provide: –Data integrity –Data authentication –Data confidentiality –Encryption protocols • Internet Key Exchange (RFC 2406)—provides: –Security association management –Key management VPNs, PKI, and PGP - SANS ©2001 At the IETF, IPSec includes security protocols that provide: •Data integrity monitoring •Data, user, and device authentication capabilities •Data confidentiality, including encryption protocols There are also Internet Key Exchange (IKE) capabilities that provide security association management and key management (The RFC numbers are listed here for you to look up on the IETF web site if you like.) 3-8 IPSec Overview • Headers – Authentication Header • Integrity, Authentication • Key Exchange Policy Management – IKE – Encapsulating Security Payload • Negotiates security parameters • Confidentiality, Integrity and Authentication – Diffie-Hellman • Negotiates digital certificates • Modes – Transport – ISAKMP/Oakley • IP Payload Only • Generates shares secret keys – Tunnel • Entire datagram • Encryption – DES, 3DES VPNs, PKI, and PGP - SANS ©2001 The following is a breakdown of the different areas of IPSec: Headers Authentication Header Integrity and Authentication Encapsulating Security Payload Confidentiality, Integrity, and Authentication Modes Transport IP payload only Tunnel Entire datagram Encryption DES, 3DES Key Exchange Policy Management IKE Negotiates security parameters Diffie-Hellman Negotiates digital certificates ISAKMP/Oakley Generates/shares secret keys 3-9 IPSec Overview: Headers Encapsulated Security Payload All Data-encrypted Router IP HDR AH Data Router Authentication Header • Two types: Encapsulated Security Payload (ESP) and Authentication Header (AH) – Data integrity-no modification of data in transit – Origin authentication-identifies where data originated – AH does not provide confidentiality; industry moving toward ESP, which does VPNs, PKI, and PGP - SANS ©2001 IPSec takes an IP packet and adds two headers to it First, it provides an authentication header, which provides knowledge that a packet originated from a trusted source It also guarantees that if a packet is changed, you know it This is not encryption It just ensures that information is not intercepted, nor has its content changed The second header is the encapsulated security payload This does the same thing as the authentication header and also allows you to encrypt the payload - 10 10 Encryption of Email Content (2) • To encrypt or sign email, it is as easy as clicking one or both of the icons before you send the email: VPNs, PKI, and PGP - SANS ©2001 29 You can see here that you have icons for encrypting the email and signing the email with your private key Also note, that if you upgrade your Outlook and/or MS Office to Office 2000, your PGP system will still work fine; you will not have to re-install it - 29 Encryption of Email Content (3) • Here is what the message looked like before it was encrypted: VPNs, PKI, and PGP - SANS ©2001 Here is a plaintext message before it was encrypted - 30 30 Encryption of Email Content (4) • Here is an example of what an encrypted email looks like Notice the lock icon: VPNs, PKI, and PGP - SANS ©2001 31 Notice the large block of encryption and version numbers This will help you see what version of PGP was used to send you the message A recipient with an older version of PGP may have difficulty decrypting a message from a sender who used a newer version of PGP to encrypt it You want to keep the newest version of PGP on your system for this reason, or at least try to stay pretty current - 31 Encryption of Email Content (5) • After you have received an encrypted message, you are asked for a passphrase to apply your private key against the message: VPNs, PKI, and PGP - SANS ©2001 32 What you are doing is receiving a message sent to you, encrypted by your public key, and now you are using your private key against your public key to authenticate that this message indeed was encrypted by your public key Notice that it describes your key by name, email address, and type and length of the key that we selected earlier - 32 The Fundamentals of Encrypting Content • You have to get the public key to the person that you are sending the content to • The person to whom you are sending the public key has to trust the public key is from you! – This is one of the drawbacks to this particular public/private key cryptography - the web of trust Someone can intercept the key and be a middle man in between you and the private key, thus seeing the data VPNs, PKI, and PGP - SANS ©2001 33 The web of trust is what keeps this encryption method honest You have to trust the person is who they say they are when you get a public key Many organizations that exchange email between members handle this web of trust by having PGP signing parties, where members would sign or vouch for PGP keys of other members they meet, as long as there are methods of ID that can be relied on (i.e., you bring your driver’s license to these affairs, and you exchange glances at your driver’s licenses to ensure that the person whose key you are signing is really that person) - 33 Signing Your Email • You need to use your passphrase as you are activating your private key: VPNs, PKI, and PGP - SANS ©2001 34 When you click on the “PGP sign” icon, your private key is used to place the message in a signed “envelope” Because of the unique relationship between your private and public keys, the recipient can then use your public key to verify that the message really came from you (that is, it was signed using your private key.) In addition, if the envelope’s contents have been modified in any way while en route, the verification will fail - 34 Signing Your Email (2) • Signing your email is a method of protecting your data without hiding it: VPNs, PKI, and PGP - SANS ©2001 35 This is what a signed message looks like with PGP 6.5.X The ASCII at the bottom is like a fingerprint that contains data from your message, a snapshot of the data, if you will The fingerprint is used with your public key to compare the snapshot of your data with the data that is between the marks (from “begin signature” to “end signature”) and verifies that the data has not changed This means that if even one space was added to this message anywhere, the signature check will fail and the data will be classified as not authentic or fraudulent - 35 Checking the Signature • You can click on the icon to decrypt or verify the signature or both: VPNs, PKI, and PGP - SANS ©2001 36 This is an example of what the email would look like if it checked out against the public key of the person that sent it Notice all of the data that gives you additional information about when it was signed, signer, and verified date You can use this data to call the person on the phone that sent the signed document and verify further, that this was indeed the person who sent the email and signed it - 36 Managing Your Keys • Key servers are used to store the public keys to make it easier for key exchange – Key servers actually make the trust issue more of an issue, as you send your key to a server to be stored • There are organizations that are trust merchants that validate the keys and add to the trust of a key VPNs, PKI, and PGP - SANS ©2001 37 Key servers are an interesting problem for the cumulative trust model Can you trust a key server? If the key is signed by people you know and respect and believe would protect their private key, the answer is probably Otherwise, you are guessing This is a weak point in the PGP approach, no doubt about it The key servers are an attempt to mimic the advantages of the PKI world It doesn’t quite work exactly For myself, I decided a long time ago that I didn’t want to attempt to use PGP on an international basis This is getting harder and harder because more people consider me someone that they know digitally I knew that I needed to exchange data securely with about a dozen people We exchanged keys, verified them, and that was that PGP works very well for this In terms of signing data, remember the April Fool’s story; PGP also works quite well You see, that message, if it had been signed, would either have been real or not real If it had been a hoax, you could safely delete that key and go on with life If it was real, and the SANS Newsbites were real, then you could decide to trust that key at some level The risk with PGP comes when you use it to protect very sensitive information At that point, a determined adversary could potentially trick you if you not exercise good key discipline and have to a blind email key exchange - 37 Managing Your Keys (2) • Adding keys to your key ring – As you can see, PGP comes with many keys already They are there so you can use these public keys to contact PGP and Network Associates personnel • To add a key to your key ring, there are two methods: – Send the key directly to the person you wish to strike up an encrypted conversation with – Send your key to a certificate server or LDAP server VPNs, PKI, and PGP - SANS ©2001 38 Now, the good news is that the PGP infrastructure can support other trust models Since the commercial version can be signed by Certificate Authorities (CAs), you could potentially get your key signed in this way as well if you trust Verisign or Entrust more than your friends’ friends Even better, with PGP you can choose which CAs you wish to trust And it isn’t binary - you can assign levels of trust when adding a key to your key ring I add the key and then right mouse click, choose Properties, and adjust the trust bar You need to add a public key to your key ring if you want to encrypt a message you want to send to a friend You cannot use a public key if it is not on your key ring This basically puts your key into a list (similar to certificate storage) and you choose from that list when you are going to encrypt a message to send to that person Of course, you need to make sure that you are sending the email to the right person! If they don’t have the private key that goes with the public key you encrypted the message with, that person will not be able to read that message This is one of the reasons that there are email addresses associated with the keys This adds a lot of security - 38 Directly Send A Key • To directly send the key, you first need to export the key, then sign it and send it to the intended user: VPNs, PKI, and PGP - SANS ©2001 39 Conversely, the person you are sending the data to has to have your public key in order to send you an encrypted message I can’t tell you how many times I’ve gotten a call about a message that was encrypted data, and the reply was not encrypted! It turns out that the user forgot to send their public key to the other party, and the other party was unable (or forgot) to send the reply encrypted, which defeats the purpose of encryption - 39 Directly Send A Key (2) • Then you attach the file to the email and send it off: VPNs, PKI, and PGP - SANS ©2001 40 This method has its faults Suppose someone intercepts your key en route They can then pose as you in the middle of the conversation A man-in-the-middle attack looks like this: Bob wants to send a message to Alice Evil Mallory wants Bob to think that she is Alice, so that she can spy on their communications When Alice sends Bob her public key, Mallory intercepts her message, generates her own key, and sends it to Bob as Alice's key Bob encrypts his message to Alice, with what he thinks is Alice's key (but which is really Mallory's key) and sends it on Mallory intercepts the message, decrypts it (since it is encrypted with Mallory's key), reads it and/or alters it, then encrypts it with Alice's public key, and sends it on to Alice Alice reads the message, thinking that it came directly from Bob The Digital Signature was added to include Station-to-Station (STS) information into the DiffieHellman standard to prevent just this kind of attack Some of the older public key technologies not use the Digital Signature Standard, nor they have any Station-to-Station protocol to protect from man-in-the-middle attacks Be aware of this when initiating a secure email connection with someone The obvious solution is to keep your version of PGP updated - 40 Send a Key to a Certificate Server • This is a little easier as you can point and click to send the data instead of first exporting it: VPNs, PKI, and PGP - SANS ©2001 41 To find a key on a key server, you would open up your PGPKeys application, select Server, and then select Search You would then enter a string you wish to search on, based on the association of the key After you find the key on the server (if you can find it), you can then import it into your key ring, and be able to send a message to that person For this to work, you would need to have LDAP, TCP port 389 open on your firewall - 41 To Summarize • What have you learned in this section? • How does PGP fit in the overall PKI solution? • How am I going to use this information? • What is next? VPNs, PKI, and PGP - SANS ©2001 42 This section has dealt heavily with installing PGP on your system and using it to protect your email privacy The goal in this lesson was to get you comfortable enough to install PGP, establish a key, and share it Also, please remember to get your key signed and sign the keys of people that you trust Also, we wanted to acquaint you with the basic concepts of PKI, certificates, and trust, and how it can be useful in your business or personal life You can, of course, use this product to continue to protect your data and communicate with other security professionals, as it is a ‘standard’ for signing emails You should now be able to install (or have installed) PGP on your system and integrated it into your email client You should be comfortably able to send an encrypted email to yourself or a friend, as well as exchange keys with someone or find a key on a public key server You should be able to import a key into your key ring and manage keys and key trust There is a difference between knowing the path and walking the path Please put what you have learned into practice! Thank you! - 42 Course Revision History VPNs, PKI, and PGP - SANS ©2001 By Mark Kern, Rainbow Technologies v2.3 – S Northcutt - updated 4/22/2000 v2.4 – J Kolde – edited 5/24/2000 v2.5 – J Kolde – added page numbers 7/8/2000 v2.6 – edited by J Kolde, adjusted grayscale for b/w printing – 22 Nov 2000 v2.7 – edited by S Ettinger and S Northcutt, new audio – Jan 2001 v3.0 – created new module around VPN, PKI and PGP, E Cole – June 2001 v3.1 – edited/formatted by J Kolde – June 2001 v3.2 – edits by Eric Cole – 10 Aug 2001 v3.3 – updated by E Cole – Nov 2001 v3.4 – edited and audio recorded by C Wendt – January 2002 - 43 43 ... you’re talking to the right person? VPNs, PKI, and PGP - SANS ©2001 To architect and deploy a VPN, we need to understand how to apply these three tools These concepts are easy to grasp at the... system to exchange email – To get PGP and get more information on PGP 6.5.x: • http://web.mit.edu/network /pgp. html – To get the latest International version of PGP 6.5.xi • http://www.pgpi.org/ VPNs,. .. park VPNs, PKI, and PGP - SANS ©2001 20 To sum up our brief discussion of PKI, most PKI is based upon X.509 X.509v3 standard targeted CA interoperability, but movement towards a universal standard