TLS
TLS always uses asymmetric crypto to establish a secure connection. There is an option to use manually configured pre-shared keys or passwords, but that is very rarely used and not supported by Link.
In the TLS handshake mechanism, both the client and the server provide randomness, which is combined using a cryptographic pseudorandom function into a shared symmetric session key.
A critical security feature that can be achieved in TLS when using client certificates is mutual authentication. Unfortunately, most applications of TLS only use the server-side, i.e., the client authenticates the server, whereas the server doesn’t authenticate the client. This one-sided authentication method of TLS opens up for vulnerabilities such as man-in-the-middle attacks.
As part of the handshake mechanism, a symmetric encryption algorithm is negotiated, and there are multiple options available. The latest version (1.3) of TLS supports AES with key lengths of 128 or 256 bits (and modes of operation of GCM and CCM) as well as the stream cipher ChaCha20-Poly1305 with a key length of 256 bits.
One advantage with TLS compared to IPSec is that TLS traffic can flow more easily through routers and firewalls since TLS operates at the transport layer. TLS is an integral part of the standard https protocol used on the web. When using a TLS-based VPN, to prohibit unauthorized access to the devices, port 80 (unencrypted web traffic) must be disabled on the IoT-devices. If the device needs to communicate to some external system on the same VPN using port 80, then that traffic can tunnel through port 443 (dedicated to TLS).
OpenVPN
OpenVPN is an open-source commercial software that implements VPN using a custom security protocol that utilizes TLS for key exchange. OpenVPN can run over both TCP and UDP (as opposed to standard TLS).
Just as with TLS, when OpenVPN is used with client certificates, it provides mutual authentication, which protects against man-in-the-middle attacks.
OpenVPN uses the OpenSSL library to provide encryption of the data and the control channels, which means that all the ciphers available in OpenSSL can be used in OpenVPN. For example, it’s possible to use AES with key lengths of 128 or 256 bits.
Key lengths of 128 bits (or 256 bits) are beyond what is feasible for brute force attacks with current technology. In cryptanalysis, one says that with a key length of 128 bits, the set of possible keys is 2^128, which is an astronomical number! A brute force attack (i.e., randomly testing all possible keys) has a 50% chance of succeeding after half that number of keys – 2^127 – have been tested.
As a comparison, in 2017, Google announced that it had managed to find collisions in the SHA-1 hash algorithm, an effort that has been estimated to a complexity of 263.1. This gives a hint that a symmetric key of length about 63 bits can be successfully attacked using brute force. It should further be noted that for any additional bit in the key length, the key space doubles, why the effort required in a successful brute force attack grows exponentially with the key length.
For theoretical cryptographers, anything less than a brute force attack is considered a “break.” There are some published theoretical attacks against all three of the algorithms that can reduce the attack complexity (from 2^127) slightly. However, they are still not possible to use in any practical attack. Often, the attacks are not targeting the full cipher but slightly modified ciphers (e.g., with a reduced number of rounds).
At present, the best published attack against the full AES has reduced the complexity for the 128-bit version to 2126.0 (and for AES-256 to 2^254.3). This is a minimal gain, as a 126-bit key would still take billions of years to recover using brute force. It’s essential to bear in mind that the above conclusion presupposes that the keys have been randomly generated with good entropy. In all cryptosystems, randomness is crucial – if the attacker correctly can guess which key was used, then there’s no security whatsoever. For a highly skilled attacker, such as a foreign intelligence service, the lowest hanging fruit is very likely to be to put all efforts into somehow lower the quality of the pseudo-random key generator. After the Snowden leak, it was found that the NSA had managed to insert a back door into a widely standardized and deployed pseudo-random generator.
By using OpenVPN, it’s possible to achieve endto- end encryption between the IoT device and the server system communicating with it, no matter what underlying telecommunication standard (e.g., 2G, 3G, 4G, etc.) is used.