Designing Network Encryption for the...
Transcript of Designing Network Encryption for the...
Designing Network Encryption for the Future
Emily McAdams
Security Engagement Manager, Security & Trust OrganizationBRKSEC-2015
What Could It Cost You?
Average of $0.58 a record
According to the Verizon Data Breach Investigations Report 2015
What Could It Cost You?
Estimates 10 million records could average $3.5 million
According to the Verizon Data Breach Investigations Report 2015
Crypto is Under Attack
CRIME
BREACHLucky
Thirteen
• What is Next Generation Encryption?
• Where is NGE Available
• Deploying NGE with Enrollment over Secure Transport
• Crypto Best Practices
• Q&A
Agenda
Bruce SchneierInformation Management & Computer Security, 1998
“A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on
Cryptographic Mechanisms
Encryption
Data Authentication
Key Establishment
Signatures
Hashing
Cryptographic Mechanisms - Definitions
EncryptionProcess of encoding a message so that only authorized parties can read it.
Hashing
One-way function that condenses a large amount of data and results in a message digest.
Digital Signatures
Allow a receiver to verify that a message was created by a known sender, that the sender cannot deny that they sent the message and that the message was not altered
Key Establishment
Method of deriving exchanging a cryptographic key between two users
Data Authentication
Integrity and authenticity of the data using a Message Authentication Code
Cryptographic Mechanisms - Definitions
Next Generation Encryption
Weakness in Crypto Mechanisms
DH, RSA 1024-bit at risk
RSA, DSA 1024-bit at risk
MD5, SHA-1 Collision attacks
3DES 1GB limit
HMAC-MD5 Theoretical attacks
Entropy Inconsistent quality
TLS1.0, IKEv1No AE, security
issues
Smaller Key Sizes are Vulnerable
Hacker ($300)Med. Size Organization ($300K)
Govt. Intelligence Agency
Prevalent Crypto Today
AES-128-
CBC
DH-1024SHA-1
RSA-1024
Next Generation Encryption
Suite BKey Establishment ECDH
Digital Signatures ECDSA
Hashing SHA-2
Authenticated
EncryptionAES-GCM
Authentication HMAC-SHA-2
Entropy SP800-90
ProtocolsTLSv1.2, IKEv2,
IPsec, MACSec
NGE Security Levels
AES-256-
GCM
ECDH-P384 SHA-384ECDSA-
P384
ECDH-P521 SHA-512ECDSA-
P521
AES-192-
GCM
AES-128-
GCMECDH-P256 SHA-256
ECDSA-
P256128-bit
192-bit
256-bit
Elliptic Curve Cryptography Efficiency
1
10
100
1000
10000
80 112 144 192 208 240
RSA
ECC
Signatures per second
Symmetric Key Size DH or RSA ECC
56 512 112
80 1024 160
112 2048 224
128 3072 256
192 7680 384
256 15360 521
Security Level
NGE Supports Authenticated Encryption
Single algorithm provides both confidentiality and authentication in a single pass over data
• More efficient
• More secure
Next Generation Encryption
Upgrades all crypto mechanisms
Designed to meet security and scalability requirements of next two decades
Standards based
Available today
Availability of Next Generation Encryption
• Availability of Next Generation Encryption
• Deployment of Next Generation Encryption Certificates
Main Challenges for Next Generation Encryption
• Crypto Toolkits: OpenSSL, Bouncy Castle, Java 7 (Partial)
• ECC server certificates are available from Certificate Authorities
• Concern around IP issues with Elliptic Curve – Recommended to use the standardized curves (RFC6090)
NGE is available Industry Wide
• IOS/IOS-XE Products: ISR G2, G3, ASR, ISR 44xx, ISR 43xx, CSR1000v, Catalyst 3750-X, 3560-X, 45xx-E,6500
• ASA 5585-X, 5500-X, 5580
• AnyConnect
Next Generation Encryption in Cisco Products
Next Generation Encryption Enabled Architectures
Remote Access VPNs
ASA Firewall
CSM / ASDM
Sp
ok
e-3
. .
.
Site to Site,
DMVPN, and
FlexVPN
G
M1
G
M2
G
M3 G
M4
G
M5
G
M6
G
M7G
M8
G
M9KS
GETVPN*
&^*RTW#(*J^*&*sd#J$%UJ&(
802.1X
Supplicant
with
MACSec
Guest User
MACSec
Capable
Devices
&^*RTW#(*J^*&*sd#J$%UJWD
&(
Data sent in clear
MACSec Link
Encrypt DecryptAuthenticated
User
MACSec
Going forward with NGE
• Turn on NGE in your devices!
• Upgrade infrastructure to support NGE
• Deploy NGE certificates
Deploying Next Generation Encryption
A Little Background - Public Key EncryptionWhere Certificates Fit in Crypto
Bob Carl
Requires two different keys (a public key and a private key) that are mathematically linked. The public key is used to encrypt data and the private key decrypts data
Carl uses his private key to decrypt the message
Bob encrypts the message using Carl’s public key
• Certificates contain additional data:• Information about the key owner
• Validity period
• Allowed uses for the key
• Certificates are signed by a Certificate Authority (more on PKI later)
Digital CertificatesOr Public Key Certificates, proves ownership of a public key
• Easy analogy –
• Digital certificate = Driver’s license
• Certificate Authority = Department of Motor Vehicles
Using Cryptographic Mechanisms in TLS
HANDSHAKE
SECURE DATA
TRANSFER
Cipher Suites with ECC are supported in TLS 1.2. Need server and client ECC certificates to do FULL NGE
Other protocols that leverage NGE: IPSec, MACSec, SSH
Current Options for Certificate Enrollment
• Manual Enrollment requiring administrator to generate certificates and transport to devices
• Use of SCEP (Simple Certificate Enrollment Protocol):
Requires out-of-band distribution of “pre-shared secret” or manual authorization
Only supports RSA-signed certificates (no support for NGE)
• Certificates link a
public key to an
identity
• Possessing a
trusted certificate
is necessary to
establish secure
connections
How do you enroll NGE Certificates?
What is Different With EST (RFC7030) ?
EST provides simple, scalable, and secure certificate enrollment.
Advantages of EST
Enables automatic certificate enrollment for
devices in a network
Supports enrollment of ECC-signed certificates
(Next Generation Encryption)
Issues certificates over secure transport (TLS)
Ease of Deployment
Supports Todays & Next
Generation Encryption
Enhances Security At
Transport Layer
EST: Simple Enrollment
Client Application
EST Client
TLS
EST Server
HTTP Server
TLS
Certificate Authority
Client generates
public/private
keypair
Client
generates
and signs
CSRClient sends CSR
to the server over
TLS
Server
authenticates
the client
Verfies
signature
on the CSR
TLS Session for Transport
Server
sends CSR
to CA
Server sends X509 certificate back
to the client
Where EST Fits Into PKI Solution
Client Device 1
RA (Registration Authority)
CA (Certificate Authority)
Authentication
DBClient Device 2
EST Client
EST Client
EST Server
1. Client sends EST request to Registration Authority (EST Server)
2. RA authenticates Client
3. If OK, RA sends client’s CSR to CA
4. CA signs CSR and returns to RA
5. RA returns X.509 certificate to client device
Enrollment over Secure Transport Demo
DMVPN Provisioning Use Case
Problem summary
• Headend router is provisioned with a RSA certificate.
• DMVPN is configured at Head end and it would authenticate branch routers using Digital certifcates.
• CA server is behind a firewall and it can’t be reached directly.
• How does Branch router obtain its certificate?
Existing Deployment of DMVPN between branch and Headend
1. Establish a separate VPN session to the Headend to reach CA server behind firewall.
2. Authenticate the credentials against the RADIUS server.
3. Branch router generates CSR and sends it to the CA server.
4. CA server issues to the Branch router
Provisioning Branch routers
1. After branch router has obtained the certificate, DMVPN session can be established.
2. Two VPN sessions need to be configured in this model
3. If pre-shared secrets are used in first phase, then it weakens the security design.
Provisioning Branch routers with EST
1. Branch router connects with RA (supports EST server)
2. RA authenticates branch router with RADIUS server
3. RA reaches to CA server to get certificate for client
4. RA sends certificate to client
RA(with
EST)
Crypto Best Practices and NGE Info
• Use common implementations
• Use standard algorithms
• NEVER roll your own implementation
• Store keys securely
Crypto Best Practices
• http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html
• http://www.cisco.com/web/learning/le21/onlineevts/offers/twtv/nge/fundamentals.html
• http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html
Additional NGE Resources
S&TO’s Trustworthy IT Business Partners
• Pick up a copy of S&TO’s new pamphlet @ our booth on the demo floor
Q&A and Wrap-Up
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle @emacstweets
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Thank you