jeudi 22 avril 2010

basics 9 - tutorial IPSEC transport mode

IPSEC is a protocol for securing data exchanges at layer 3 level (IP). This tutorial deals with IPSEC transport mode with Linux.
French version available on the site.

ESP and AH protocols, transport and tunnel modes.


IPSec proposes two protocols: ESP and AH. ESP provides confidentiality and authentication of exchanges (encryption), AH provides only authentication (signature).
IPSec proposes also two modes: transport and tunnel. Transport mode modifies the IP header. Tunnel mode encapsulates the whole IP packet in a new IP packet.
The choice between these modes and protocols impacts security proprieties:

AH:


(picture from ciscopress [26])

AH + transport

With transport mode, the source IP address is kept and authenticated. It can't be modified by a router: NAT translation is not possible.

AH + tunnel

With tunnel mode, IP addresses of the gateway and source are authenticated. The tunnel mode does not allow to hide IP address of the local network. NAT addresses translation is possible.

ESP:


(picture from ciscopress [26])

ESP + transport

With transport mode, the source IP address is not signed. Only datas are authenticated. The routing of packets is possible. That allows NAT addresses translation.

ESP + tunnel

With tunnel mode, the source IP address is encrypted with datas. Only destination can know it.As with transport mode, the new IP header is not authenticated, which allows NAT addresses translation.

SA and SPD

A security association (SA) is a secured commuication, protected with IPSEC, between two machines.
The database which defines the security policy (SPD) holds rules for sending and receiving IP packets.
Have a look to ipframe.com [28] for more informations about SA and SPD.

Ipsec-tools

Ipsec-tools in Linux include [29]:
libipsec: encryption library,
setkey: set of tools to manipulate and list SPD and SA,

Remark: racoon, the Internet Key Exchange (IKE) daemon, used to negotiate automatically IPSEC connexion keys, is not installed by default.

secure connexion with manual key management

First, install ipsec-tools on serveur and client Linux
serveur$ sudo apt-get install ipsec-tools
client_linux$ sudo apt-get install ipsec-tools
Modify rights of  /etc/ipsec-tools.conf
serveur$ sudo chmod 750 /etc/ipsec-tools.conf
client-linux$ sudo chmod 750 /etc/ipsec-tools.conf
edit /etc/ipsec-tools.conf of each machine:
serveur$ sudo cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f

## Flush the SAD and SPD
flush;
spdflush;

## AH security association (SA)
add 192.168.0.2 192.168.0.11 ah 10000 -A hmac-md5 "1234567890123456";
add 192.168.0.2 192.168.0.11 esp 10001 -E 3des-cbc "123456789012345678901234";
add 192.168.0.11 192.168.0.2 ah 20000 -A hmac-md5 "1234567890123456";
add 192.168.0.11 192.168.0.2 esp 20001 -E 3des-cbc "123456789012345678901234";

## security policy
spdadd 192.168.0.2 192.168.0.11 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.11 192.168.0.2 any -P in ipsec esp/transport//require ah/transport//require;
client_linux$ sudo cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f

## Flush the SAD and SPD
flush;
spdflush;

## AH security association (SA)
add 192.168.0.2 192.168.0.11 ah 10000 -A hmac-md5 "1234567890123456";
add 192.168.0.2 192.168.0.11 esp 10001 -E 3des-cbc "123456789012345678901234";
add 192.168.0.11 192.168.0.2 ah 20000 -A hmac-md5 "1234567890123456";
add 192.168.0.11 192.168.0.2 esp 20001 -E 3des-cbc "123456789012345678901234";

spdadd 192.168.0.11 192.168.0.2 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.2 192.168.0.11 any -P in ipsec esp/transport//require ah/transport//require;
Start the daemon (it will be started at each boot).
serveur$ sudo /etc/init.d/setkey start
client-linux$ sudo /etc/init.d/setkey start
Now, start Wireshark in intrus, and ping:
client-linux$ ping 192.168.0.2
intrus$ sudo wireshark


this method has disadvantages: keys are static and hardcoded in the configuration file.

secure connexion with automatic key management

IPSec can implements Internet Key Exchange (IKE) [31]  protocol to avoid hard coded keys. This protocol has two steps:

phase1: first key generation. Either with :
  • shared secret mode: from a shared secret, with a Diffie-Hellman exchange,
  • asymmetric encryption mode:with a public keys cryptosystem,
  • signature mode: the asymmetric encryption is used to sign and authenticate hosts, the shared secret is defined with Diffie Hellman.

Phase 2: creation of IPSec tunnel.

shared secret mode

racoon

Install racoon (chose "modification directe")
serveur$ sudo apt-get install racoon
client-linux$ sudo apt-get install racoon
Without already defined SA, the Setkey daemon will use Racoon. Modify /etc/ipsec-tools.conf on both machines as follow:
serveur$ sudo cat /etc/ipsec-tools.conf

#!/usr/sbin/setkey -f

## Flush the SAD and SPD
flush;
spdflush;

## security policy
spdadd 192.168.0.2 192.168.0.11 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.11 192.168.0.2 any -P in ipsec esp/transport//require ah/transport//require;

client_linux$ sudo cat /etc/ipsec-tools.conf

#!/usr/sbin/setkey -f

## Flush the SAD and SPD
flush;
spdflush;

## security policy
spdadd 192.168.0.11 192.168.0.2 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.2 192.168.0.11 any -P in ipsec esp/transport//require ah/transport//require;

racoon.conf

Modify /etc/racoon/racoon.conf on both machines:

client_linux$ sudo cat /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";

remote anonymous
{
     exchange_mode main;
    lifetime time 24 hour;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group modp1024 ;
    }
}

sainfo anonymous
{
    pfs_group modp1024;
    lifetime time 12 hour;
    encryption_algorithm 3des, blowfish 448, rijndael ;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate ;
}
serveur$ sudo cat /etc/racoon/racoon.conf
(..idem...)
Remark: if configuration files are different on the two machines, the IP exchange could fail or could not be started from one of them. For example if  "blowfish 448" or "rijndael" are missing on client_linux.

Use racoon.conf documentation [30] to clarify:

The configuration file is divided in three parts:

  • First on gives a path to the file which holds the shared secret.
path pre_shared_key "/etc/racoon/psk.txt";
  • Second one (remote) defines IKE protocol phase One parameters.

These rules apply to all machines:
remote anonymous
the exchange mode of this phase will deny "aggressive" mode (cf vulnerability [32])
exchange_mode main;
Exchange will last one day
lifetime time 24 hour;
the only modes allowed will be 3des, sha1, shared secret mode, with a Diffie-Hellman modulus of 1024.
proposal {
    encryption_algorithm 3des;
    hash_algorithm sha1;
    authentication_method pre_shared_key;
    dh_group modp1024 ;
}

  • Third one (sainfo) defines the parameters of IKE second phase. These parameters will jointly use the security policy defind in the SPD of the kernel.

These rules are for any machine:
sainfo anonymous
Diffie-Hellman modulus is 1024
pfs_group modp1024;
the exchange will last maximum 12 hours
lifetime time 12 hour;
the encryption algorithm allowed are 3des, blowfish 448 or rijnael
encryption_algorithm 3des, blowfish 448, rijndael ;
signature algorithms are hmac_sha1 or hmac_md5
authentication_algorithm hmac_sha1, hmac_md5;
compression algorithm is deflate
compression_algorithm deflate ;

preshared key psk.txt

Verify rights of /etc/racoon/psk.txt on both machines
serveur$ sudo chmod 750 /etc/racoon/psk.txt
client_linux$ sudo chmod 750 /etc/racoon/psk.txt
Modify psk.txt on both machines as follow (tabulation between IP and secret):
serveur$ sudo cat /etc/racoon/psk.txt
# IPv4/v6 addresses
192.168.0.11 secretpartage

client_linux$ sudo cat /etc/racoon/psk.txt
# IPv4/v6 addresses
192.168.0.2 secretpartage

restart daemons

restart racoon and setkey daemons
serveur$ sudo /etc/init.d/racoon restart
serveur$ sudo /etc/init.d/setkey restart
client_linux$ sudo /etc/init.d/racoon restart
client_linux$ sudo /etc/init.d/setkey restart

test

client_linux$ sudo wireshark
serveur$ ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.823 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 1 received, 66% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.823/0.823/0.823/0.000 ms



This automatic key management method with shared secret allows the generation of session keys. The secret does not travel through the network. Nevertheless, the secret is hardcoded and not encrypted on both machines.

asymmetric encryption mode

With this mode, we use X509 certificates during phase 1 of IKE protocol.

Remark: if you don't want to rub you right away with openssl, the foolowing keys can be download there . Then, jump to next paragraph "install keys in Racoon".

generate keys with openSSL

install openSSL on serveur
serveur$ sudo apt-get install openssl
create directory for public keys, and another for private keys
serveur$ sudo mkdir /etc/ca
serveur$ sudo mkdir /etc/ca/private
Control rights of private directory
serveur$ sudo chmod 750 /etc/ca/private
go to  /etc/ca and generate a pair of keys. Chose "utilisateur" as password for encryption of private key.
serveur$ cd /etc/ca
serveur:/etc/ca$ sudo openssl req -new -x509 -days 365 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem



copy private key in /etc/ca/private, and modify access rights
serveur:/etc/ca$ sudo mv /etc/ca/cakey.pem /etc/ca/private
serveur:/etc/ca$ sudo chmod 600 /etc/ca/private/cakey.pem
create index.txt to log each signed certificate
serveur:/etc/ca$ sudo touch index.txt
create a file serial to hold next serial number X509 series available
serveur:/etc/ca$ sudo touch serial
serveur:/etc/ca$ sudo vi serial
01
:wq
create a directory /etc/ca/newcerts where you'll put a copy of each certficate signed by CA
serveur:/etc/ca$ sudo mkdir newcerts
modify configuration file of openssl
serveur$ sudo vim /usr/lib/ssl/openssl.cnf
(...)
[ CA default ]
dir = .
(...)
commonName = optional
(...)
create a certificate signing request for each machine
serveur:/etc/ca$ sudo openssl req -new -days 365 -newkey rsa:1024 -keyout clientlinuxkey.pem -out clientlinuxreq.pem
serveur:/etc/ca$ sudo openssl req -new -days 365 -newkey rsa:1024 -keyout serveurkey.pem -out serveurreq.pem
sign each CSR
serveur:/etc/ca$ sudo openssl ca -in clientlinuxreq.pem -out clientlinuxcert.pem
serveur:/etc/ca$ sudo openssl ca -in serveurreq.pem -out serveurcert.pem


delete private keys password
serveur:/etc/ca$ sudo openssl rsa -in clientlinuxkey.pem -out clientlinuxkey.pem
serveur:/etc/ca$ sudo openssl rsa -in serveurkey.pem -out serveurkey.pem

install keys in racoon

copy public key, private key, CA in directory /etc/racoon/certs of each machine
serveur:/etc/ca$ sudo mkdir /etc/racoon/certs
serveur:/etc/ca$ sudo cp serveurkey.pem /etc/racoon/certs/
serveur:/etc/ca$ sudo cp serveurcert.pem /etc/racoon/certs/
serveur:/etc/ca$ sudo cp cacert.pem /etc/racoon/certs/
Use gftp to send keys to client_linux
client_linux$ sudo apt-get install gftp
client_linux$ sudo mkdir /etc/racoon/certs
client_linux$ sudo gftp


private key must stay safe:
serveur$ sudo chmod 600 /etc/racoon/certs/serveurkey.pem
client_linux$sudo chmod 600 /etc/racoon/certs/clientlinuxkey.pem
Modify file /etc/racoon/racoon.conf of both machine
serveur$ sudo cat /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

#remote anonymous
#{
# exchange_mode main;
# proposal {
# encryption_algorithm 3des;
# hash_algorithm sha1;
# authentication_method pre_shared_key;
# dh_group modp1024 ;
# }
# generate_policy off;
#}

remote 192.168.0.11
{
    exchange_mode main;
    my_identifier asn1dn;
    peers_identifier asn1dn;
    verify_identifier on;
    certificate_type x509 "serveurcert.pem" "serveurkey.pem";
    ca_type x509 "cacert.pem";
    lifetime time 24 hour;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method rsasig;
        dh_group modp1024;
    }
}

sainfo anonymous
{
    pfs_group modp1024;
    lifetime time 12 hour;
    encryption_algorithm 3des, blowfish 448, rijndael ;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate ;
}

client_linux$ sudo cat /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

#remote anonymous
#{
# exchange_mode main;
# proposal {
# encryption_algorithm 3des;
# hash_algorithm sha1;
# authentication_method pre_shared_key;
# dh_group modp1024 ;
# }
# generate_policy off;
#}

remote 192.168.0.2
{
    exchange_mode main;
    my_identifier asn1dn;
    peers_identifier asn1dn;
    verify_identifier on;
    certificate_type x509 "clientlinuxcert.pem" "clientlinuxkey.pem";
    ca_type x509 "cacert.pem";
    lifetime time 24 hour;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method rsasig;
        dh_group modp1024;
     }
}

sainfo anonymous
{
    pfs_group modp1024;
    lifetime time 12 hour;
    encryption_algorithm 3des, blowfish 448, rijndael ;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate ;
}
Every inputs of these files are well explained in man of racoon.conf [30].

restart daemons

restart daemons racoon and setkey
serveur$ sudo /etc/init.d/racoon restart
serveur$ sudo /etc/init.d/setkey restart
client_linux$ sudo /etc/init.d/racoon restart
client_linux$ sudo /etc/init.d/setkey restart

test

intrus$ sudo wireshark

client_linux$ ping 192.168.0.2
$ ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.820 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 1 received, 66% packet loss, time 2019ms
rtt min/avg/max/mdev = 0.820/0.820/0.820/0.000 ms



References

26) IPSEC - http://www.ciscopress.com/articles/article.asp?p=25477
27) IPSEC How-To - https://help.ubuntu.com/community/IPSecHowTo
28) IPSEC - http://www.frameip.com/ipsec/
29) ipsec-tools - http://ipsec-tools.sourceforge.net/
30) doc racoon.conf - http://netbsd.gw.com/cgi-bin/man-cgi?racoon.conf
31) protocole IKE - http://sylvestre.ledru.info/howto/securite/tunnels_et_vpn/node29.html
32) IKE agressive mode vulnerability - http://www.kb.cert.org/vuls/id/886601

Aucun commentaire:

Publier un commentaire