Some New Technologies for the Smart Nation Platform

Transcription

1 Some New Technologies for the Smart Nation Platform L AW R E N C E E. HUGHES CO- F O U N D E R A N D C TO S I X S CAPE C OMMUNICATIONS, P TE. LTD. CO- C H A IR, S I N G A PORE I P V 6 F O R U M L HUGHES@SIXSC APE.COM

2 Sixscape Management Team

3 Mondato Mobile Financial Services Startup of the Year for Asia 2014 The other finalists were strong, but Sixscape is a MOON SHOT. If they execute it is going to change the Internet.

4 Problem Statement

5 The IPv4 Internet is Broken By the mid-1990 s we realized that public IPv4 addresses would run out by 2000 or so, at the then current allocation rate There was no successor protocol that could be rolled out in time. As a temporary measure, the IETF splintered the monolithic IPv4 Internet into millions of private internets hiding behind the few precious public addresses, using NAT. That gave us another years, but those years were over in 2010! The successor protocol (IPv6) is now mature and being deployed globally.

6 DNS Security is Broken DNS Is Inadequate for the Mobile Internet DNS without DNSSEC is very easy for hackers to break it is possible to modify the addresses stored in a local caching DNS server, so when you use it to resolve the name of your banking website, you could get an address in some hacker s basement ( Kaminsky attack ) DNSSEC deployment is not going well there were too many deployed DNS servers when it was introduced (20 million worldwide) and it requires a high level of PKI and crypto expertise to deploy it Most DNS clients don t know how to handle DNSSEC information, so are not able to detect an attack There is no per-user authentication for DNS dynamic registrations DNS registrations can take hours to propagate not adequate for mobile IPv6 nodes than might change address frequently

7 Username/Password Authentication is Hopelessly Broken There is an epidemic of compromised username/password credentials on websites today. One Russian group has harvested 1.2 billion unique credentials. 360 million credentials are for sale. Compromise happens when a hacker gets access to a web server and grabs a copy of the username/password database. The damage can be minimized by use of RFC 2898, PBKDF2. The better solution is to move to Strong Client Authentication with X.509 client digital certificates. Each user is issued a client certificate that binds their public key to their name, address and organization When you connect with SSL/TLS, instead of entering your username and password, you upload your client certificate. A cryptographic challenge verifies you have the corresponding private key (without revealing it). The website can obtain your identity from the uploaded cert. With SCA, you can completely lock down the username/password database on the web server.

8 Our Solutions

9 What are the main differences between the legacy IPv4 and new IPv6 Internets? Real address scopes (interface, link, site, global) Working, scalable multicast More robust ICMP, now including IP address resolution Autonomous address generation by nodes But the two biggies are: Ample global addresses NO NAT!!!

10 So what cool new things can we do on our shiny new NAT-less IPv6 Internet? For the first time since the mid-1990 s any node can, in theory, connect directly to any other node in the world. We can leap past Client/Server architecture (made necessary by NAT) to Direct End2End connections! BUT we need better address resolution to make this possible. DNS is not really up to the challenge. DNS has no per-user authentication, so anyone can change registered addresses DNS takes a long time for new registrations to propagate (not good for mobile devices that may change addresses multiple times in a single day) DNS is woefully insecure, and it is very difficult to roll out DNSSEC on such a large, existing critical infrastructure (20M servers worldwide). DNS registers the address of nodes, not of people (or more precisely, the last place some person registered their address)

11 Benefits of Direct End2End Connections No need for intermediary servers - No bottlenecks, reliability or security issues at intermediary nodes Traffic is decentralized only goes over shortest path between the two communicating nodes More reliable so long as there is network connectivity between the two nodes, communication can happen Higher performance if the two nodes are in same site, bandwidth is not limited by ISP connection (could be Gigabit) Security is better harder to monitor or block traffic than in the current Client/Server model Overall system capacity much higher

12 How Connections Work over IPv4

13 End2End Direct Connections over IPv6

14 IRP the Next Generation Address Registry IRP allows any app to securely register the current IPv6 address of the logged-in user at any time It includes a user directory to provide per-user authentication, and links the registered address to a person, not a node Connections to the IRP server can be IPv4 or IPv6, and are over explicit TLS v1.2 (only one port required, 4604) Authentication to IRP server uses X.509 Strong Client Authentication (with optional fallback to Username/Password) IRP includes full PKI certificate management request, download, revoke, renew certs, plus obtain other users certs, check cert validity and revocation status, get CA certs, etc. This allows hiding PKI complexity in the apps making it mostly invisible to the users. It also allows the PKI to be distributed one server per Internet domain, like DNS.

15 IRP PKI Functionality via Secure Protocol

16 IRP Security Issues Connections over IRP are secured with TLS 1.2, usually with X.509 certificate based Strong Client Authentication. These certs can be obtained from the Domain Identity Registry (DIR) servers. Once obtained, these client certs can also be used for website Strong Client Authentication, S/MIME, network access, etc. IRP provides the necessary PKI for validity and revocation checking. Unlike DNS, the security aspects or IRP were designed in from the start no complex transition for a massive infrastructure in place. All IRP clients know how to process the security mechanisms.

17 IRP Distributed Deployment There is one Domain Identity Registry server for each Internet domain (just like DNS). The collection of all DIR servers constitutes a Global Identity Registry. The nodename and port of the preferred DIR server(s) for a given domain are published in DNS via SRV records no need to configure the IP address of DIR servers. Any node can easily find the DIR server that issued a certificate in order to check validity and revocation status. Like DNS, this allows the service to scale to the global level potentially billions of addresses and client certificates. Traditional PKI can handle the current volume of server certs, but the volume of client certs is orders of magnitude greater. Client cert PKI must be distributed. No one server could possibly handle the load.

18 DIR Domain Identity Registry

19 IRP Deployment A DIR server is built from several components: PKI Database (currently implemented with PostgreSQL) PKI_Tool GUI app for viewing and managing objects in the PKI Database, including creating certificate hierarchies (root and intermediate certs), signing Certificate Signing Requests submitted from clients. IRP_Server Windows Service that implements the IRP protocol against the local PKI Database OCSP_Server Alternate access to revocation information in PKI Database for Legacy applications (e.g. IIS, Apache web servers) CRL Generator Alternate way of providing revocation information to even older legacy applications that can only work with Certificate Revocation Lists Hardware Security Module (HSM) for holding and secure use of CA private keys (we support Thales and AEP Keyper HSMs).

20 IRP Submitted to IANA, Issued Port 4604 We submitted the basic specification of IRP to IANA. It was reviewed by Lars Eggert (chair of IRTF). It was determined to be viable and novel (did not duplicate any existing IETF protocols), so it was issued port 4604 (much like SMTP was issued port 25 years ago). We have created a working Domain Identity Registry server and client. Plus a first End2End client: SixChat kind of a decentralized Whatsapp with true End2End automated security using IPv6 global addresses. Sixscape Communications is now productizing these and will be creating additional products that leverage IRP: Microsoft Outlook add-in to simplify S/MIME Microsoft Office add-in for signing, encrypting and securely exchanging documents

21 SixChat Protocol Submitted to IANA, Issued Port 4605 Our SixChat protocol allows true End2End Direct secure communications over IPv6 no intermediary nodes required for normal use. It includes a new Peer to Peer handshake equivalent to the one in SSL/TLS. We couldn t use TLS because it is hopelessly tied to Client/Server architecture SixChat is real Peer2Peer. SixChat currently supports chat and S/MIME , soon will support file transfer, and later voice and video. SixChat User Agents can originate multiple outgoing connections and accept multiple incoming connections. SixChat User Agents depend on IRP for address resolution and PKI.

22 Applications

23 Applications of IRP to Authentication We can no longer rely on Username/Password authentication. The alternative, for both web apps and native mobile device apps, is cryptographic authentication (AKA Strong Client Authentication) using X.509 client digital certificates. Our DIR servers solve the problem of issuing and managing even very large numbers of client certs, very securely. Our IRP protocol allows relying applications to easily check client certificate validity and revocation status. It is virtually impossible for a hacker to do bulk harvesting of credentials on a server that uses our authentication scheme. Almost all SSL/TLS implementations support the basic mechanism. We just finally made it practical. We use it ourselves in IRP! We will be selling SDKs that allow anyone to modify their applications to use it.

24 Applications of IRP to IPsec based VPNs IPsec does not work well on IPv4 (it is incompatible with NAT) IPsec works great on IPv6 (there is no NAT to break it) SSL-VPN is a bad design and there is no IETF standard for it As IPv6 is deployed, VPNs will change from SSL-VPN to IPsec IPsec connections use Diffie-Hellman for key exchange, but require IPsec certificates for mutual authentication ( shared secret is not scalable and difficult to secure). See PKIX and IKE v2 RFCs for details. Today, Cisco s SCEP (Simple Certificate Enrollment Protocol) can be used for nodes to obtain an IPsec certificate, but IRP has user authentication, better reliability and supports revocation checking. The same IRP server used for client certs can also provide IPsec certs.

25 Applications of IRP to SEcure Neighbor Discovery Current IPv6 networks use unsecured Neighbor Discovery protocol for address resolution, router discovery, SLAAC, and Duplicate Address Detection. Unsecured ND is subject to many of the same attacks that IPv4 ARP is subject to. The IETF created a secure version of ND (SEcure Neighbor Discovery) in RFC 3971 and It secures all of the above network functions. It is not widely deployed yet because it requires an RPKI to create SEND compatible digital certificates. These RPKI certs include IP address and trust anchor extensions (RFCs 6494 & 6495). IRP can also be used to issue and manage RPKI certs to allow deploying SEND on all nodes in an IPv6 network. This will result in major security improvements and resistance to entire classes of hacking attacks that IPv4 and current IPv6 (with unsecured ND) are subject to.

26 Applications of IRP to Singapore s Smart Nation Platform Our technologies make it possible to issue and manage an unlimited number of X.509 digital certificates. Devices can request and download them via secure protocol. This will allow securing many devices easily. With SEND, the underlying network can be made far more secure and resistant to many hacking attacks, such as Man-Inthe-Middle and rogue Router Advertisements. Our DIR server solves the problem of issuing RPKI certs to all nodes. With IoT, Client/Server is no longer optimal devices need to be able to communicate directly with each other. Our secure address registry and distributed PKI makes this possible.

27 Applications of IRP to 5G Telephony We are creating apps that support our IRP and SixChat protocols on Android Phones (later ios as well). These require a high level of security in the device, to protect private keys. Fortunately some key new standards are being created now to provide this. You can find out more about these standards at The relevant standards here are TEE (Trusted Execution Environment) and SE (Secure Element)

28 Trusted Execution Environment (TEE) and Secure Element (SE) TEE is a software based scheme that already exists on 350M mobile devices. It provides a reasonably secure environment. SE adds hardware protection to TEE, and is starting to appear on recent devices (Galaxy S6 and iphone6). SE takes security to a whole new level for mobile devices. These technologies make it safe to use your mobile device for mobile payments and other sensitive transactions. TEE and SE are great containers for identity credentials (e.g. X.509 client certs and private keys). Our Global Identity Registry is the ideal way to securely load identity credentials into these containers, and provide the necessary infrastructure for validity and revocation checking of those credentials.

29 TEE and SE The key to securing mobile devices As of Feb 2015 there were already 350M devices with TEE. 100% of new Android devices will be supporting TEE by TEE is supported by Samsung, HTC, ZTE, Meizu and Alcatel/TCL. Galaxy S6 and iphone6 are first mobile devices to include SE.

30 SixChat A Decentralized Secure Messaging App for the IPv6 Internet Imagine a messaging app with no intermediary servers. Alice s phone connects directly to Bob s, and they chat, speak, send , and do file transfers completely privately. Traffic goes via the shortest network path between Alice and Bob. If they are in the same network, the traffic never goes out to the ISP or Internet. Even if the ISP connection goes down, if there is a working network path between them, Alice and Bob can still communicate. Assuming Alice and Bob both have client certs (from DIR), upon connectimg they mutually authenticate and exchange a session key. All traffic is encrypted and digitally signed. This kind of traffic is almost impossible to monitor or block. Is it worth getting IPv6 service to have this?

31 Your cellphone can become your Security Token Once you have your private key securely protected inside your phone, you can use it for securing payments and secure messaging from your phone. But, using WiFi or Bluetooth, you can use your phone as a wireless security token on your notebook or desktop! Your computer can use the private key in your phone to authenticate you to online services (like your bank), without that private key ever leaving your phone. This is similar to a FIPS USB security token, but does not require a physical connection (and you always have your phone with you!)

32 IRP-Enabled Add-in For Outlook Allows user to easily request and install a client cert to enable S/MIME When you send an encrypted message to other users, add-in will automatically obtain client certs for each recipients (for any that it doesn t already have) Automates validity and revocation status checking for all client certs involved. Allows sending messages to other users of Outlook with our add-in using Direct End2End secure messaging no intermediary servers! Makes S/MIME as simple to use as non-secure

33 IRP-Enabled Add-in For MS Office Allows user to easily request and install a client cert to enable digital signatures and digital envelopes for documents. Simplifies digitally signing Office documents, so that anyone (with our add-in) can easily verify the signature Simplifies encrypting Office documents for any number of recipients, including yourself (for secure storage). Only people specified when document is encrypted will be able to open those documents. Allows sending messages directly to other users of Office with our add-in using Direct End2End secure messaging no intermediary servers! (note: both users need IPv6 for this)

34 Summary Sixscape Communications is taking PKI and address registration to entirely new levels of usability and scaling, to solve numerous difficult problems in existing networks, and especially in IPv6 networks as they are deployed. Unlike existing PKI architectures, ours is distributed, which allows it to scale to the volumes required for things such as Strong Client Authentication on websites, IPsec VPNs and SEcure Neighbor Discovery. Unlike existing IP address registries, ours has strong authentication and the identity is linked to a person (or a device), not a fixed server. Direct End2End connectivity is an powerful new style of network communications, made possible by the characteristics of the IPv6 Internet.

35 In case you are wondering what inspired our name and logo Netscape Communications made enormous contributions to the IPv4 Internet with the first viable web browser, first viable web server, SSL and many other innovations. Sixscape Communications is making the same kind of contributions to the IPv6 Internet, with our Global Identity Registry, IRP and SixChat protocols, and End2End Direct connectivity.

36 THANK YOU