A VPN Primer

One of today's hottest acronyms is VPN. By providing secured communications through an insecure space, virtual private networks promise to greatly influence the data communications industry, presenting new opportunities and challenges for carriers of all types.

Interest in VPNs has swelled because they provide the means of implementing private networks over public networks, especially over the Internet. VPNs provide unparalleled flexibility for data communications and allow companies to save money by reducing their dependence on private lines and dial-up facilities.

To link branch offices today, the typical corporation installs and maintains private lines leased from carriers (Figure 1). Remote access servers provide service to telecommuters and mobile users, and users who call in from remote locations can incur long-distance charges.

Occasionally, a corporation runs leased lines to its customers, suppliers and other business partners. Although such a link could provide better communications, the cost of the leased lines is often a barrier. However, many companies are able to justify the cost of an Internet connection through the need for e-mail, World Wide Web access and other Internet services.

Installing these private wide area network lines is expensive and time consuming. Carriers can profit from usage fees, but the fees are expensive for the subscriber. Each line has associated equipment, which is expensive to own and maintain. In addition, WAN connectivity centers around corporate headquarters, which isn't always the best fit.

VPNs provide an alternative infrastructure that enables organizations to use the public Internet in a private, dedicated environment. With this approach, various corporate locations are connected via the Internet rather than over leased lines (Figure 2). The companies' traffic is aggregated with other Internet traffic, so the whole system benefits from scale. And instead of calling into a private line connected to an access server, remote users now dial into an Internet service provider to communicate with others in the corporate local area network.

Another benefit of VPNs is support for extranets - virtual leased lines connecting one company with another through the Internet.

Extranets are useful when a corporation shares large amounts of data with another company such as a supplier, customer or development partner. In many such cases, the relationship between the two companies is an important one - time is money, and maintaining the security of the data is crucial.

In the past, two companies might interconnect via a leased data line if they expected to be connected for a long time, and they might have waited as long as a month or more to obtain the service. Data could then flow between the companies as if they were one. However, leased lines - and their associated equipment - are expensive to own and maintain, and partners may use the lines relatively infrequently, despite the business benefits.

Using VPNs, two or more companies can set up an extranet almost immediately by simply reconfiguring their local equipment, and the intermediate connectivity provider need not be involved. VPN-based extranets easily can be set up and torn down. In addition, virtual leased lines are cheaper than traditional lines because they can be aggregated with other data traffic to take advantage of bulk rates. Users pay only for their actual traffic.

Extranets and VPNs actually may be more secure than private lines. Security technologies have become the enablers in this new VPN world.

Security The Internet Engineering Task Force has defined a security architecture for the Internet protocol, known as Internet protocol security (IPSec). IPSec was designed to solve two problems: privacy and authentication.

Privacy is maintained by encrypting traffic to ensure that when two parties converse, no one can eavesdrop. Digital signatures and replay-prevention techniques make certain that both parties are speaking to the desired person and not an impostor.

IPSec encrypts and encapsulates data into IP packets before sending them over the public network. Because it operates at the network layer, it secures all IP data, not just data from specific applications. IPSec is completely compatible with the current infrastructure based on IPv4, and carriers can implement it now.

Through software, carriers and ISPs that provide IP services can offer VPN services immediately using their existing IP routing or switching infrastructure. IPSec is also defined as a mandatory feature of IPv6, the next generation IP.

One primary advantage of IPSec-based VPN solutions is that they can secure the entire communication channel through the Internet without changing any hardware or software at intervening Internet points of presence or at existing routers on the corporate WAN backbone. The easy integration of IPSec-based solutions will speed the deployment and acceptance of VPNs as a cost-effective remote access alternative, a secure means of extending corporate intranets over the WAN, and a practical method for establishing extranet links with important business customers and partners.

Key elements of IPSec include the encapsulating security payload, the authentication header and key management.

IPSec defines the architecture for encrypting data as well as specific types of encapsulating security payloads. Currently there are two versions, both derived from the data encryption standard (DES), a 56-bit block cipher that has been used for more than 20 years.

One encapsulating security payload uses the DES-cipher block chaining (CBC) algorithm, and the other uses the triple DES-CBC algorithm. With triple DES, data is passed through DES three times, effectively increasing the key size to 112 bits.

The authentication header is the architecture defined for digitally "signing" each packet. Currently, two authentication header algorithms, known as message digest 5 and secure hash algorithm, are in the request-for-comment stage. Both rely on converting the packet into a fixed-length signature, or hash, and then encrypting the hash with a secret key.

At the receiving end, the packet is again converted into a signature and results are compared with what was sent in the original packet. If the signatures are different, it means that the data was altered during transmission or that the sender is an impostor.

One of the toughest security problems is distributing and managing security keys, the data strings that are combined with the original message according to an algorithm to produce encrypted output. Currently, the IETF has not finalized a definition of how to do key management in IPSec. It has drafted two methods, and implementations of each are now available.

The simple key management for IP relies on a principle of in-line keying, in which each packet contains encrypted keying information. The simplicity of this key management system has allowed interoperable VPN implementations to come to market quickly.

The Internet security association and key management protocol is more comprehensive. As the bigger scale proposal, it has taken much more time to mature. However, this key management protocol is expected to be the protocol of choice when completed.

Difficult decisions What level of VPN security is acceptable? The biggest issue is the size of the key used to encrypt data. The bigger the key, the stronger the encryption. Every extra bit in a key doubles the key's strength. A 42-bit key is twice as strong as a 41-bit key, which is twice as strong as a 40-bit key. The problem is that encryption is extremely expensive computationally.

Encrypting a packet can take 10 to 100 times the central processor unit (CPU) bandwidth required to route the same packet, which means the decision regarding key size is a balance between security and performance.

A recent study by several respected cryptographic experts strongly recommends a minimum of 90 bits. Although the 56-bit key used with DES is strong enough for some security applications, data traffic should be encrypted using triple DES, which effectively uses 112 bits.

While triple DES costs about two to three times more in terms of CPU power than 56-bit DES, it is more than 72 million times more difficult to crack. Because high-power encryption requires considerable horsepower, delivering triple DES at high data rates - T-1 (1.54 Mb/s) and above - requires hardware encryption. At lower data rates, software encryption can often suffice.

The hardware requirement at high data rates is one of several challenges involved in using VPNs.

Another fundamental goal of adding security is that no one could view packet contents. Unfortunately, it is sometimes necessary to be able to look inside network packets.

For example, management software can track different types of data on a network. If the software can't look inside the packets, it can't track them. In addition, some new generation routing techniques, such as IP switching, operate by viewing a packet and making routing decisions based on its contents. Currently, this problem is insurmountable - a packet is either viewable or non-viewable. It can't be both.

The overhead introduced by security is also an issue. Security headers add extra bits to packets. Encryption also pads packets with trailers, adding still more information. If a line is saturated before security is implemented, it will certainly overflow after security is implemented.

To make matters worse, when the security overhead forces a packet to exceed the maximum transfer unit size established in intervening routers, the packet must be fragmented, which adds even more overhead. The solution to this problem is compression. If packets are compressed before they are encrypted, the packet size usually can be kept to a reasonable size, so that security overhead does not affect WAN throughput.

Perhaps the greatest challenge today is quality of service (QOS) because nothing in the current IPSec specifications can ensure throughput rates or availability. Solving this challenge, however, can provide ISPs and other service providers with a means of differentiating their service offerings.

This can be accomplished in several ways. One way to avoid potential Internet congestion is to use dedicated backbone facilities reserved exclusively for VPN service. Such facilities typically cost more than Internet facilities, but service providers with such bypass IP networks can use them to offer guaranteed levels of IP throughput to customers with a need for speed.

Service providers that do not have bypass IP networks can still offer service guarantees by leasing capacity from other carriers and carefully balancing the loads on their facilities. To provide wide geographic coverage, a number of ISPs are even starting to provide service guarantees in conjunction with other carriers.

Several emerging technologies also deal specifically with QOS over the Internet. One such technology, called resource reservation protocol (RSVP), enables Internet routers to reserve bandwidth for designated packet streams. VPN service devices equipped with RSVP capabilities can mark individual packets with a high RSVP priority level to ensure the most rapid delivery across the Internet. Although still in the test phase, RSVP holds promise as an important technology, enabling carriers and ISPs to offer a range of service options over a single Internet connection.

VPNs are the logical response to today's communications needs, allowing carriers to establish secure virtual connections across the Internet. They allow the Internet to be used as a true public communication infrastructure, but with complete privacy and security.

The existing IP infrastructure supports VPNs today, and over time, new technologies will support additional features such as guaranteed service quality. Some VPN usage will represent a shift away from traditional leased lines, while another, much larger portion of VPN traffic will represent entirely new applications spawned by intranets, extranets and remote access.

Bill Hunt is Director of Software Engineering for VPNet Technologies Inc., San Jose.

The laws of the Internet are contained in a series of documents called requests for comment, which include descriptions and definitions for the protocols that run over the Internet. Internet protocol security is defined in the following RFCs: 1825 Security architecture for the Internet protocol: describes the overall IPSec security architecture.

1826 IP authentication header: describes architecture for implementing packet signatures. Defines packet layouts but does not define authentication protocols.

1827 IP encapsulating security payload: describes architecture for encrypting packets. Defines packet layouts but does not define encryption protocols.

1828 IP authentication using keyed message digest 5: describes how to use MD5 to generate packet signatures per RFC 1826.

1829 The encapsulating security payload data encryption standard-cipher block chaining (DES-CBC) transform: describes how to use DES-CBC to encrypt packets per RFC 1827.

1851 The encapsulating security payload triple DES-CBC transform: describes how to use triple DES-CBC to encrypt packets per RFC 1827.

1852 IP authentication using keyed secure hash algorithm: describes how to use this algorithm to generate packet signatures per RFC 1826.