IPSec VPN介紹
IPSec是為實現VPN功能而最普遍使用的協議。IPSec不是一個單獨的協議,它給出了應用於IP層上網絡數據安全的一整套體系結構。該體系結構包括認證頭協議(Authentication Header,簡稱為AH)、封裝安全負載協議(Encapsulating Security Payload,簡稱為ESP)、密鑰管理協議(Internet Key Exchange,簡稱為IKE)和用於網絡認證及加密的一些算法等。IPSec規定了如何在對等體之間選擇安全協議、確定安全算法和密鑰交換,向上提供了訪問控制、數據源認證、數據加密等網絡安全服務。
- 認證頭協議(AH):IPsec體系結構中的一種主要協議,它為IP數據包提供無連接完整性的保護與數據源認證,並提供保護以避免重播情況。AH盡可能為IP頭和上層協議數據提供足夠多的認證。
- IPsec封裝安全負載(ESP):IPsec體系結構中的一種主要協議。ESP加密需要保護的數據並且在IPsec ESP的數據部分進行數據的完整性校驗,以此來保證機密性和完整性。ESP提供了與AH相同的安全服務並提供了一種保密性(加密)服務,ESP與AH各自提供的認證根本區別在於它們的覆蓋范圍。
- 密鑰管理協議(IKE):用於協商AH和ESP所使用的密碼算法,並將算法所需的必備密鑰放到恰當位置。
安全聯盟(Security Association)
IPSec在兩個端點之間提供安全通信,兩個端點被稱為IPSec ISAKMP網關。安全聯盟(簡稱為SA)是IPSec的基礎,也是IPSec的本質。SA是通信對等體間對某些要素的約定,例如使用哪種協議、協議的操作模式、加密算法(DES、3DES、AES-128、AES-192和AES-256)、特定流中保護數據的共享密鑰以及SA的生存周期等。
安全聯盟是單向的,在兩個對等體之間的雙向通信,最少需要兩個安全聯盟來分別對兩個方向的數據流進行安全保護。
SA建立方式
建立安全聯盟的方式有兩種,一種是手工方式(Manual),一種是IKE自動協商(ISAKMP)方式。
手工方式配置比較復雜,創建安全聯盟所需的全部信息都必須手工配置,而且IPSec的一些高級特性(例如定時更新密鑰)不能被支持,但優點是可以不依賴IKE而單獨實現IPSec功能。該方式適用於當與之進行通信的對等體設備數量較少的情況,或是IP地址相對固定的環境中。
IKE自動協商方式相對比較簡單,只需要配置好IKE協商安全策略的信息,由IKE自動協商來創建和維護安全聯盟。該方式適用於中、大型的動態網絡環境中。該方式建立SA的過程分兩個階段。第一階段,協商創建一個通信信道(ISAKMP SA),並對該信道進行認證,為雙方進一步的IKE通信提供機密性、數據完整性以及數據源認證服務;第二階段,使用已建立的ISAKMP SA建立IPsec SA。分兩個階段來完成這些服務有助於提高密鑰交換的速度。
The AH protocol provides a mechanism for authentication only. AH provides data integrity, data origin authentication, and an optional replay protection service. Data integrity is ensured by using a message digest that is generated by an algorithm such as HMAC-MD5 or HMAC-SHA. Data origin authentication is ensured by using a shared secret key to create the message digest. Replay protection is provided by using a sequence number field with the AH header. AH authenticates IP headers and their payloads, with the exception of certain header fields that can be legitimately changed in transit, such as the Time To Live (TTL) field.
The ESP protocol provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication. When ESP provides authentication functions, it uses the same algorithms as AH, but the coverage is different. AH-style authentication authenticates the entire IP packet, including the outer IP header, while the ESP authentication mechanism authenticates only the IP datagram portion of the IP packet.
Authentication Header Protocol
AH offers authentication and integrity but it doesn’t offer any encryption. It protects the IP packet by calculating a hash value over almost all fields in the IP header. The fields it excludes are the ones that can be changed in transit (TTL and header checksum).
Transport Mode
Transport mode is simple, it just adds an AH header after the IP header. Here’s an example of an IP packet that carries some TCP traffic:
And here’s what that looks like in Wireshark:
Above you can see the AH header in between the IP header and ICMP header. This is a capture I took of a ping between two routers. You can see that AH uses 5 fields:
- Next Header: this identifies the next protocol, ICMP in our example.
- Length: this is the length of the AH header.
- SPI (Security Parameters Index): this is an 32-bit identifier so the receiver knows to which flow this packet belongs.
- Sequence: this is the sequence number that helps against replay attacks.
- ICV (Integrity Check Value): this is the calculated hash for the entire packet. The receiver also calculates a hash, when it’s not the same you know something is wrong.
Tunnel Mode
With tunnel mode we add a new IP header on top of the original IP packet. This could be useful when you are using private IP addresses and you need to tunnel your traffic over the Internet. It’s possible with AH but it doesn’t offer encryption:
The entire IP packet will be authenticated. Here’s what it looks like in wireshark:
Above you can see the new IP header, then the AH header and finally the original IP packet that carries some ICMP traffic.
