9.3. Road Map for Part 3

Because IPsec is the most important VPN technology available for TCP/IP networks, we devote Part 3 to its study. As usual, we are not interested in the configuration or administration of any particular vendor's implementation but rather concern ourselves with how IPsec operates, what algorithms it uses, and what its packets look like on the wire. We want to be able to look at a network trace, such as the output from tcpdump, and determine whether a VPN is working correctly and if not, where it is failing. An understanding and appreciation of IPsec's behavior on the wire will also allow us to know which types of VPN configurations are possible and which are not.

We spend the rest of the text in a careful examination of IPsec. Chapter 10 examines the overall architecture of IPsec. We will see that although IPsec consists of just three protocols, they can be configured and combined in a flexible manner that allows finegrained control over a VPN. Unfortunately, this flexibility comes at the cost of increased complexity. As a general rule, complexity is the enemy of security, so the increase in complexity can lead to a decrease in security; see, for example, the introduction to [Ferguson and Schneier 1999].

The increase in complexity also means that IPsec is more difficult to configure and manage. This contributes to security weaknesses, of course, but it also means that IPsec VPNs require an expert to configure and maintain them. This last problem provided the impetus for the development of the lightweight VPNs that we studied in Chapter 8.

In Chapter 10, we see how the various components of IPsec work together to provide security at the network layer. We also introduce the notion of a security association (SA) and see how the SA is the locus of the shared state that constitutes an IPsec VPN. This state consists of such parameters as the keys used for encryption and authentication, the current sequence number, information about when new keys will have to be negotiated, and pointers to a description of the policy that is applied to packets traversing the VPN.

In Chapter 11, we study the Authentication Header (AH) protocol and see how we can use it to guarantee both that an IP datagram is from the peer that it purports to be from and that the datagram has not been tampered with during transport. During our investigation of AH, we examine some of the mechanisms, such as sequence numbering, that IPsec uses to provide security. We'll see that as the name suggests, AH provides an authentication, or integrity, function only; it cannot provide privacy services.

In Chapter 12, we study the Encapsulating Security Payload (ESP) protocol and see that it provides the privacy services that AH lacks. Indeed, ESP can provide both privacy and authentication services and that except for special cases, AH is not required at all. In some circumstances, ESP can provide limited protection from traffic analysis.

Traffic analysis uses the source, destination, length, and frequency of messages between peers to infer information about the messages' content. For example, a sudden increase in VPN traffic between a construction firm and one its suppliers may indicate that the firm is planning to use the supplier's product in a project that it is bidding on. This information might provide a vital advantage to a competitor that is also bidding on the project. See section 5 of [Voydock and Kent 1983] for a discussion of traffic analysis and its interplay with security mechanisms.

In Chapter 13, we see how IPsec handles the vital key-exchange problem. As we've seen repeatedly, key management is one of the most difficult problems to solve when setting up a secure communications channel. The Internet Key Exchange (IKE) protocol uses the Diffie-Hellman algorithm to exchange keying material with a peer and can also keep the keys fresh and provide perfect forward secrecy.

Finally, in Chapter 14 we examine changes to IPsec that are planned for deployment now or in the near future. We look at changes to IKE and see how NAT traversal can solve the problems between IPsec and NAT.