{"id":6394,"date":"2018-09-05T03:40:29","date_gmt":"2018-09-05T03:40:29","guid":{"rendered":"https:\/\/lavellenetworks.com\/?p=6394"},"modified":"2021-04-07T07:36:30","modified_gmt":"2021-04-07T07:36:30","slug":"why-using-legacy-vpn-solutions-is-a-risk","status":"publish","type":"post","link":"https:\/\/lavellenetworks.com\/blog\/why-using-legacy-vpn-solutions-is-a-risk\/","title":{"rendered":"Is this 20-year-old vulnerability present in your legacy VPN solutions?"},"content":{"rendered":"

 <\/p>\n

Traditional IPSec VPN Security<\/strong><\/h3>\n

 <\/p>\n

Last Month, academic researchers have published a paper on \u201cThe Danger of Key Reuse: Practical Attacks on IPSec IKE\u201d<\/a>.\u00a0<\/strong>IPsec has emerged as the most commonly used IP level VPN to provide confidentiality, integrity, peer authentication, replay protection, and access control. IPSec keys can be configured statically or dynamically generated using IKE protocol.<\/p>\n

 <\/p>\n

Internet Key Exchange (IKE) is used to negotiate, create, and manage keys for IPSec. IKE exists in two versions (IKEv1 and IKEv2) each with different modes and supports following authentication methods.<\/p>\n

 <\/p>\n

    \n
  1. Signature-based Authentication (IKEv1 and IKEv2)<\/li>\n
  2. Public Key Encryption (PKE) based Authentication (IKEv1)<\/li>\n
  3. Revised Public Key Encryption (RPKE) based Authentication (IKEv1)<\/li>\n
  4. Pre-shared key (PSK) based Authentication (IKEv1 and IKEv2)<\/li>\n<\/ol>\n

     <\/p>\n

    IKE consists of two phases.<\/p>\n

     <\/p>\n

    Phase-1: To authenticate the peer and derive keys for IKE<\/p>\n

    Phase-2: To acquire keys for IPSec<\/p>\n

     <\/p>\n

    \"\"<\/a><\/p>\n

     <\/p>\n

    In this research, authors have shown possible strikes on IKE Phase-1 based on Blechenbacher Oracle that exploits RSA encryption with PKCS#1 v1.5 padding. The RSA algorithm needs padding and PKCS #1 v1.5 is a widely used padding mode. There are more secure padding modes for RSA (PSS\/OAEP), but they never gained widespread adoption.<\/p>\n

     <\/p>\n

    Bleichenbacher\u2019s oracle discovered fragilities in the implementation of the two RSA encryption based authentication in IKEv1 and signature-based authentication in IKEv1 and IKEv2. PSK based authentication also failed to stop dictionary based invasion if low entropy PSK is used.<\/p>\n

     <\/p>\n

    Though Bleichenbacher dates back to 1998 and 20-year-old, vulnerabilities are being discovered even now. \u201cCisco, Huawei, Clavister, ZyXel have published fixes or workaround\u2026\u201d and \u201cBy repeating these attacks, all IKE implementations can be broken\u201d, the paper has concluded.<\/p>\n

     <\/p>\n

    To counter these aggressions, following suggestions has been proposed.<\/p>\n

      \n
    1. Key Separation \u2013 Not only the sender but every receiver must also be informed about this key separation.<\/li>\n
    2. PKE, RPKE authentication modes must be deactivated in ALL devices<\/li>\n
    3. Use High-entropy PSK<\/li>\n<\/ol>\n

      However, numerous practical constraints prevail as above workarounds have to be applied on all the devices.<\/p>\n

       <\/p>\n

      Lavelle SD-WAN <\/strong><\/h3>\n

       <\/p>\n

      Lavelle SD-WAN<\/strong><\/a> does not rely on IKE to generate keys but built-on a cutting-edge platform that offers invincible end-to-end security architecture. Lavelle SD-WAN solution is built ground-up considering several aspects of security with the following key factors that nurture sure-enough security.<\/p>\n

       <\/p>\n