Basic Network Security_Primer
-
Upload
nu-the-open-security-community -
Category
Education
-
view
943 -
download
0
description
Transcript of Basic Network Security_Primer
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Network Security Primer
Authentication and Encryption Techniques
Akshat Sharma,
Cisco Systems
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Core
Distribution
Catalyst
3750 Catalyst
3750 Catalyst
3750
Video-Conferencing
Units
Server farms
C2960s C2960s
C2960s
C2960s
C4500
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Web
Auth VLANs
802.1X ACLs
SGTs MAB
Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
• Defined by IEEE and designed to provide port-based network access.
• 802.1x authenticates network clients using information unique to the client and with credentials known only to the client.
•Service known as port-level authentication
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Username / Password Directory
alice c1sC0L1v
Certificate Authority
Token Server
Deployment Best Practices Re-use Existing Credentials
Understand the Limitations of Existing Systems
Common Types
Passwords
Certificates
Tokens
Deciding Factors
Security Policy
Validation
Distribution & Maintenance
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
• The framework is defined by three authentication processes:
1. The supplicant Possibly a standalone device or an end user, such as a
remote user.
2. The authenticator A device to which the supplicant directly connects and
through which the supplicant obtains network access permission
3. The authentication server The authenticator acts as a gateway to the authentication
server, which is responsible for actually authenticating the supplicant.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Authenticator (e.g. Switch, Access
Point, PAE)
Supplicant (Client)
Enterprise Network Semi-Public Network / Enterprise Edge
AuthenticationServer (Radius Server/LDAP or
Kerberos)
RADIUS
NAS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
• EAP
Extensible Authentication Protocol
A flexible protocol used to carry arbitrary authentication information
Typically rides on top of another protocol such as 802.1x (EAPoL) or RADIUS/TACACS+, etc.
• EAP Messages
Request
Sent to supplicant to indicate a challenge
Response
Supplicant reply message
Success
Notification to supplicant of success
Failure
Notification to supplicant of failure
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Ethernet Laptop computer
802.1X Authenticator/Bridge
Radius Server
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request
Radius-Access-Request
Radius-Access-Challenge
EAP-Response (cred) Radius-Access-Request
EAP-Success
Access blocked
Port connect
Radius-Access-Accept
Access allowed
RADIUS EAPOL
Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 15
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
• MAB stands for MAC Authentication Bypass.
• It enables port-based access control using the MAC address of the endpoint.
• A MAB-enabled port can be dynamically enabled or disabled based on the MAC address of the device that connects to it.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
• WebAuth is a Layer 3 authentication method.
• After IEEE 802.1X (or MAB) has timed out or failed, the port is opened long enough to allow the packets required for WebAuth.
• After the port has been opened, the switch enforces a preconfigured ACL in some VLAN
• At a minimum, the preconfigured ACL should allow the traffic required to complete the WebAuth process. In most cases, the ACL should at least allow DHCP (so the client can acquire an address) and DNS (so the client can trigger WebAuth when using fully qualified domain names in URLs).
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
802.1Q Trunk
EAP Authentication
AAA
Corporate
Resources
Internet
Employee
Guest User
802.1X fails
MAB : “Printer” Employee Vlan
Web-Auth
802.1X fails
MAB fails
Guest Vlan
Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 21
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
• Brute Force considerations : 128 to 256 bit keys
• Landauer’s Limit kT ln 2 (10^18 Joules for 128 bits)
• Available Wireless Encryption Techniques: WEP (outdated) WPA + TKIP (most compatible, less secure) WPA2+AES (Most secure) • DO NOT use WEP!
• PKI infrastructure for strong Authentication and encryption WPA2-AES
+ PKI based 802.1x
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
• Basically a pseudo random number generator that encrypts data packets.
• Start with generic 802.11 packet
• Use a secret key plus IV to seed RC4 stream cipher to create pseudo random number
• Create a CRC-32 of data portion of packet which is then called ICV.
• Data || ICV XOR Pseudo Random Number = Encrypted portion of WEP Packet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Frame Header Frame Body FCS
Secret Key
(40Bits)
RC4 Algorithm
IV
(24bits)
Generic 802.11 Packet Frame
Shared before communication
begins
Created by
Sending Device
Integrity Check
Algorithm
Frame Body ICV
Frame Header IV
Frame Body ICV FCS WEP Packet Frame
Encrypted
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
• Key Generation
• ICV Generation
• Weak Key’s and Weak IV’s
• WEP Attacks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
• The main problem of WEP is Key Generation.
• Secret Key is too small, only 40 Bits.
Very susceptible to brute force attacks.
• IV is too small.
Only 16 Million different possibilities for every packet.
• Secret Keys are accessible to user, therefore not secret.
• Key distribution is done manually.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
• The ICV is generated from a cyclic redundancy check (CRC-32)
Only a simple arithmetic computation. Can be done easily by anyone.
Not cryptographically secure.
• Easy for attacker to change packet and then change ICV to get response from AP.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
• Certain keys are more susceptible to showing the relationship between plaintext and ciphertext.
There are approx 9000 weak keys out of the 40 bit WEP secret key.
• Weak IV will correspond to weak Keys.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
• Replay
Statistical gathering of certain ciphertext that once sent to server will cause
wanted reaction.
• 802.11 LLC Encapsulation
Predictable headers to find ciphertext, plaintext combinations
• Denial of Service Attacks
Flooding the 2.4Ghz frequency with noise.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
• 802.1x
• WPA
• 802.11i
• All much more secure.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 32
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Encryption
“The quick
brown fox
jumps over
the lazy
dog”
“AxCv;5bmEseTfid3)
fGsmWe#4^,sdgfMwi
r3:dkJeTsY8R\s@!q3
%”
“The quick
brown fox
jumps over
the lazy
dog”
Decryption
Plain-text input Plain-text output Cipher-text
Same key
(shared secret)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
• Strength:
Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms)
Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael)
• Weakness:
Must agree the key beforehand
Securely pass the key to the other party
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
• Knowledge of the encryption key doesn’t give you knowledge of the decryption key
• Receiver of information generates a pair of keys
Publish the public key in a directory
• Then anyone can send him messages that only she can read
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Encryption
“The quick
brown fox
jumps over
the lazy dog”
“Py75c%bn&*)9|fDe^bD
Faq#xzjFr@g5=&nmdFg
$5knvMd’rkvegMs”
“The quick
brown fox
jumps over
the lazy dog”
Decryption
Clear-text Input Clear-text Output Cipher-text
Different keys Recipient’s
public key Recipient’s
private key
private public
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
• Weakness:
Extremely slow
Susceptible to “known ciphertext” attack
Problem of trusting public key (see later on PKI)
• Strength
Solves problem of passing the key
Allows establishment of trust context between parties
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
As above, repeated
for other recipients
or recovery agents
Digital
Envelope
Other recipient’s or
agent’s public key
(in certificate)
in recovery policy
Launch key for nuclear missile “RedHeat” is...
Symmetric key
encrypted asymmetrically
(e.g., RSA)
Digital
Envelope
User’s
public key
(in certificate)
RNG
Randomly-
Generated symmetric
“session” key
Symmetric
encryption
(e.g. DES)
*#$fjda^j
u539!3t
t389E *&\@
5e%32\^kd
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
*#$fjda^j
u539!3t
t389E *&\@
5e%32\^kd
Launch key for nuclear missile “RedHeat” is...
Symmetric
decryption
(e.g. DES)
Digital
Envelope
Asymmetric
decryption of
“session” key (e.g. RSA)
Symmetric
“session” key
Session key must be
decrypted using the
recipient’s private key
Digital envelope
contains “session” key
encrypted using
recipient’s public key
Recipient’s
private key
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
• We just solved the problem of symmetric key distribution by using public/private keys
• But…
• Scott creates a keypair (private/public) and quickly tells the world that the public key he published belongs to Bill
• People send confidential stuff to Bill
• Bill does not have the private key to read them…
• Scott reads Bill’s messages
• Solution ? – Remember Digital Signatures ?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Hash
Function
(SHA, MD5)
Jrf843kjfgf*
£$&Hdif*7o
Usd*&@:<C
HDFHSD(**
Py75c%bn&*)9|fDe^b
DFaq#xzjFr@g5=&n
mdFg$5knvMd’rkveg
Ms”
This is a
really long
message
about
Bill’s…
Asymmetric
Encryption
Message or File Digital Signature 128 bits Message
Digest
Calculate a short
message digest from
even a long input using a
one-way message digest
function (hash)
Signatory’s
private key
private
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Jrf843kjf
gf*£$&Hd
if*7oUsd
*&@:<CHD
FHSD(**
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
Asymmetric
decryption
(e.g. RSA)
Everyone has access
to trusted public key of
the signatory
Signatory’s
public key
Digital Signature
This is a
really long
message
about Bill’s…
Same hash function
(e.g. MD5, SHA…)
Original Message
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
? == ? Are They Same?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
• Message is captured.
• Hash value of the message is calculated.
• Sender's private key is retrieved from the sender's digital certificate.
• Hash value is encrypted with the sender's private key.
• Encrypted hash value is appended to the message as a digital signature.
• Message is sent.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
• Sender's public key is retrieved from the sender's digital certificate
• Encrypted hash value is decrypted with the sender's public key.
• Decrypted hash value is compared against the hash value produced on receipt.
• If the values match, the message is valid.
• Message is received.
• Digital signature containing
encrypted hash value is retrieved
from the message.
• Message is retrieved.
• Hash value of the message is
calculated.