VPN Authentication over WiFi -- Is it secure?

Question

Count this question as part of my ignorance on how authentication scheme is done on your typical VPN session. But here goes:

We often advise the security-conscious user that if one must use an unsecured public wifi connection (say, at an airport, internet cafe, restaurant, etc), then always connect to a private VPN. This will allow the user to connect and surf from a trusted network with all traffic being encrypted.

My question is this: The connection/authentication process. Sure, VPN offers more security. But if someone with a packet sniffer (such as wireshark) somehow intercepts my attempt to log in, does typical VPN usage include authentication security over the air?

UPDATE: In otherwords, is it standard that part of the VPN authentication process includes encrypting the username/password combination from the client prior to sending over the air? If the intent is to protect the user from MIM-attack, this could be a weak point.

If my question seems odd in any way, again, this is my attempt to be more educated on how this step in communications security over wifi can work. I feel the question assumes some kind of modular encryption scheme being built-in to the authentication routine to secure traffic before a VPN session even begins. It basically boils down to: is encryption applied at this stage, and if so, what kind?

And thanks, guys. You're the best.

Answer 1

A VPN which is worth that name will ensure a proper bootstrap for the encryption, i.e. protect the credentials as well. Most VPN will rely on either SSL or IPsec. An SSL-powered VPN is, cryptographically speaking, similar to browsing to a HTTPS Web site: first SSL, then the data under the protection of SSL; once the SSL layer has been established, the client has some guarantee that it talks to the right server, and can safely send the credentials, which will be encrypted like all other data, and won't go to the wrong guy. With IPsec, ISAKMP/IKE or something similar will be used, and the model is the same as with SSL.

SSL and IPsec differ in the encryption details and how they split data into transport packets (with SSL, the inner packets will be serialized into a sequential tunnel which runs over a TCP connection; with IPsec the translation is per-packet and more direct) but for the security model, they don't differ much: the client authenticates the server through the server certificate, and builds up the cryptographic tunnel from it; once the tunnel is up and running, the client sends credentials to the server, under the protection of that tunnel, so that the server knows who is talking to it.

A very poor, badly written VPN may leak your credentials, but hey, that's what you get for using crappy technology.

Answer 2

As long as your VPN is encrypted and the VPN provides authentication of the end point you connect to, then you are fine. Wifi is no different from any other untrusted network (ie, the Internet) so if the VPN would be secure for connecting over the Internet, it would also be secure for connecting over Wifi.

Answer 3

The answer to your question (quoted below) would be yes, but perhaps in an other way you expect.

is it standard that part of the VPN authentication process includes encrypting the username/password combination from the client prior to sending over the air?

The VPN sets up an encrypted communication channel. No password is sent at this moment. You may have to enter a password, but that's only to unlock a local client certificate key. After the channel is setup any data that is sent or received is encrypted. Including any password.

A good read on this is OpenVPN and the SSL VPN Revolution by Charlie Hosner. Page 10 "So how do these things work?" seems most relevant, but also page 8 "VPN in a Nutshell". Then again, the whole document gives general insight in VPN, Cryptography, PKI, IPsec and OpenVPN.

Answer 4

Depends upon which VPN are you using. Public key VPNs like OpenVPN are invulnerable to man-in-the-middle attacks if you know and check the server's key fingerprint. If you use key authentication, you even don't need this. PPTP... well, simply don't use it. It sucks.

You haven't needed to check the fingerprint while using passwords if there were a VPN with SRP authentication. Well, for some reasons SRP is not popular...

Answer 5

I'll assume you're talking about an IPsec VPN.

Typical "road warrior" IPsec VPNs authenticate in a few ways:

1. Shared secret (also known as PSK or pre-shared key) is required for mutual authentication
2. Certificate, where a trusted CA is known by the client, which the server's identity is validated against, and the client also has its own key that the server trusts.
3. (1) and (2) can be used in combination with XAUTH, also known as "extended user authentication". (usually this is a username+password, but could be a RSA token, etc)
4. "Hybrid RSA" authentication, which combines the identity validation benefits of PKI with XAUTH for authentication. (this is pretty much equivalent to the way you'd authenticate with, say, a webmail provider using SSL)

In all cases, either a PSK or a certificate is required to authenticate the remote endpoint first. Then, a Diffie-Hellman key exchange happens, which will protect any credentials from observation, IF the server's key (PSK or private key associated with its certificate) has not been compromised, AND a man-in-the-middle attack is not taking place.

So, to answer your question - for your typical standards-based IPsec VPN, yes, it's secure, assuming it's properly configured with a strong key that has not been compromised.