Everything you wanted to know about VPN encryption but were too overwhelmed by the techie jargon to ask

Photo Credit: pop art tumblr

They say that a VPN is only as good as its encryption capabilities, but encryption in itself is not the simplest of topics. The terminology used to determine how secure a VPN connection is, can get very confusing, very quickly. Slapdash to the point of being misleading, many VPN providers describe the encryption they use in a telegraphic manner or worst, they don’t describe it at all.

Eavesdroppers are kept away, when using a VPN app. that encrypts your data and cloaks your IP address and it’s important to know how secure your VPN really is by simply becoming acquainted with jargon.

OPEN VPN CYPHERS

Before getting familiar with security standards and encryption protocols, let’s just focus on this pretty impressive feature for a VPN to have, the Open VPN Cipher: AES (Advanced Encryption Standard) with 256-bit keys — also known as the AES-256. This security standard is basically the same encryption standard adopted by the U.S. government and used by security experts worldwide to protect classified information.

Right below we have AES- 128, the Open VPN Cipher used by My IP.io, which remains secure as far as the AES in general is regarded. The mathematics of the 128 bit AES goes to show that a billion billion years are required and a supercomputer for a brute force attack to crack it.

Pretty impressive, huh?

For the sake of the argument, it is worth mentioning that given sufficient time, a brute force attack is capable of cracking any known algorithm.

With this in mind, here’s the actual math of the number of years it would take to crack 128- bit AES (notice the exponential increase depending on the key size!)

No. of Years to crack AES with 128-bit Key = (3.4 x 1038) / [(10.51 x 1012) x 31536000]
= (0.323 x 1026)/31536000
= 1.02 x 1018
= 1 billion billion years

Of course AES is not perfect, but hey! math doesn’t lie and the fact that governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken, despite some of its inherent flaws and that it has been a standard coined by the U.S. National Institute of Technology (NIST) since 2001, it’s no insignificant detail.

A VPN is only as good as its encryption capabilities.

Wikipedia defines encryption as being the process of encoding data in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted.

For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Simply put the above statement can be summarized in the idea that encrypted data can be decoded only with the right decoder.

An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt the data.

There are two main encryption models:

· symmetric-key encryption, based on the same key used to both encrypt and decrypt a message shared among all users.

  • public-key encryption, each computer (or user) has a public-private key pair. The private key from one computer (or user) encrypts the message, while the other computer uses the corresponding public key to decrypt that message.

The Tunnel, a Matrioshka of files:

Photo Credit: www.red5.co.uk

Essentially, when using a VPN app., data is encrypted at each end of the tunnel and decrypted at the other end.

The tunnel itself is simply the path connecting two locations (flashback to a tunnel going under a mountain, where the mountain is the internet and the tunnel is the safe path through the other side).

When it reaches the internet, each data file is broken into a series of packets to be sent and received by devices connected to the internet, as the de factomanner in which data travels online. In this context, tunneling is the process of placing an entire packet within another packet (yeah! Just like a Russian nesting doll, a Matryoshka of files) before being sent on the internet. That outer packet protects the inner packets and ensures that the “cargo” moves within the virtual tunnel.

ENCRYPTION PROTOCOLS

While the tunnel itself is not encrypted, but encoding can be added, a VPNneeds more than just a pair of keys in order to apply encryption. This is where protocols come in.

IPSec or Internet Protocol Security is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server.

In a nutshell, IPsec provides mechanism, not policy: rather than define such-and-such encryption algorithm or a certain authentication function, it provides a framework that allows an implementation to provide nearly anything that both ends agree upon (source: Friedl).

IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:

  • Encapsulated Security Payload (ESP) encrypts the packet’s payload (the data it’s transporting) with a symmetric key.
  • Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender’s identity) until it reaches destination.

VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.

In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP)

However, when trying to determine the VPN app. of choice for you, you might meet one of these three protocols based on PPP:

  • L2F (Layer 2 Forwarding) — Developed by Cisco; uses any authentication scheme supported by PPP;
  • PPTP (Point-to-point Tunneling Protocol) — Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP;
  • L2TP (Layer 2 Tunneling Protocol) — Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs

Secure Shell — SSH

SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of three utilities that implement the protocol: — slogin, ssh, and scp — that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp.

Secure Shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log in to another computer over a network, execute commands and move files from one computer to another.

At its core, Secure Shell (SSH) is a UNIX-based command interface and protocol for securely getting access to remote computers. SSH allows you to connect to your server securely and perform Linux command-line operations.

SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.

My IP.io comes bundled with a variety of VPN encryption protocols, supporting all the latest security protocols including SSTP, PPTP, IPSec, L2TP, SSTP and 128bit –AES, OpenVPN cipher.

When you use the MY IP.io app, you can easily switch between protocols,although it’s recommended that you stick with defaults.

Sources:

Howstuffworks.com

Unixwiz.net

Post navigation


Comments

  • Alisha Ross

    I prefer VPN over proxy because the traffic is encrypted. I would be extremely cautious about using any public proxy. Setting up your own VPN or GoAgent is not that tricky for someone who knows a little about Linux, but if you want a few IPs (eg. US, UK), then you need to setup (and maybe pay for) 2 servers.
    I still think using a VPN is the best way to get the job done. ExpressVPN seems to be good but I have not used it. I use SenVPN (senvpn.com), it’s cheaper and works like a charm.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>