Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

Transcription

1 Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

2 What Could It Cost You? Average of $0.58 a record According to the Verizon Data Breach Investigations Report 2015

3 What Could It Cost You? Estimates 10 million records could average $3.5 million According to the Verizon Data Breach Investigations Report 2015

4 Crypto is Under Attack CRIME Lucky Thirteen BREACH

5 Agenda What is Next Generation Encryption? Where is NGE Available Deploying NGE with Enrollment over Secure Transport Crypto Best Practices Q&A

6 A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on Bruce Schneier Information Management & Computer Security, 1998

7 Cryptographic Mechanisms Encryption Data Authentication Key Establishment Signatures Hashing

8 Cryptographic Mechanisms - Definitions Encryption Process of encoding a message so that only authorized parties can read it. Hashing One-way function that condenses a large amount of data and results in a message digest. Digital Signatures Allow a receiver to verify that a message was created by a known sender, that the sender cannot deny that they sent the message and that the message was not altered

9 Cryptographic Mechanisms - Definitions Key Establishment Method of deriving exchanging a cryptographic key between two users Data Authentication Integrity and authenticity of the data using a Message Authentication Code

10 Next Generation Encryption

11 Weakness in Crypto Mechanisms 3DES HMAC-MD5 DH, RSA RSA, DSA MD5, SHA-1 Entropy TLS1.0, IKEv1 1GB limit Theoretical attacks 1024-bit at risk 1024-bit at risk Collision attacks Inconsistent quality No AE, security issues

12 Smaller Key Sizes are Vulnerable Hacker ($300) Med. Size Organization ($300K) Govt. Intelligence Agency

13 Prevalent Crypto Today AES-128- CBC DH-1024 RSA-1024 SHA-1

14 Next Generation Encryption Authenticated Encryption Authentication AES-GCM HMAC-SHA-2 Key Establishment Digital Signatures Hashing Entropy Protocols ECDH ECDSA SHA-2 SP TLSv1.2, IKEv2, IPsec, MACSec Suite B

15 NGE Security Levels 256-bit AES-256- GCM ECDH-P521 ECDSA- P521 SHA bit AES-192- GCM ECDH-P384 ECDSA- P384 SHA bit AES-128- GCM ECDH-P256 ECDSA- P256 SHA-256

16 Elliptic Curve Cryptography Efficiency Signatures per second Symmetric Key Size DH or RSA ECC Security Level RSA ECC

17 NGE Supports Authenticated Encryption Single algorithm provides both confidentiality and authentication in a single pass over data More efficient More secure

18 Next Generation Encryption Upgrades all crypto mechanisms Designed to meet security and scalability requirements of next two decades Standards based Available today

19 Availability of Next Generation Encryption

20 Main Challenges for Next Generation Encryption Availability of Next Generation Encryption Deployment of Next Generation Encryption Certificates

21 NGE is available Industry Wide Crypto Toolkits: OpenSSL, Bouncy Castle, Java 7 (Partial) ECC server certificates are available from Certificate Authorities Concern around IP issues with Elliptic Curve Recommended to use the standardized curves (RFC6090)

22 Next Generation Encryption in Cisco Products IOS/IOS-XE Products: ISR G2, G3, ASR, ISR 44xx, ISR 43xx, CSR1000v, Catalyst 3750-X, 3560-X, 45xx- E,6500 ASA 5585-X, 5500-X, 5580 AnyConnect

23 Next Generation Encryption Enabled Architectures... CSM / ASDM ASA Firewall Remote Access VPNs Guest User Data sent in clear G M1 G M2 G M9 G M3 G M8 GETVPN* G M4 G M7 G M5 G M6 KS Site to Site, DMVPN, and FlexVPN Sp ok e-3 Authenticated User Supplicant with MACSec 802.1X &^*RTW#(*J^*&*sd#J$%UJ&( MACSec Link Encrypt &^*RTW#(*J^*&*sd#J$%UJWD &( MACSec MACSec Capable Devices Decrypt

24 Going forward with NGE Turn on NGE in your devices! Upgrade infrastructure to support NGE Deploy NGE certificates

25 Deploying Next Generation Encryption

26 A Little Background - Public Key Encryption Where Certificates Fit in Crypto Requires two different keys (a public key and a private key) that are mathematically linked. The public key is used to encrypt data and the private key decrypts data Bob encrypts the message using Carl s public key Bob Carl Carl uses his private key to decrypt the message

27 Digital Certificates Or Public Key Certificates, proves ownership of a public key Certificates contain additional data: Information about the key owner Validity period Allowed uses for the key Easy analogy Digital certificate = Driver s license Certificate Authority = Department of Motor Vehicles Certificates are signed by a Certificate Authority (more on PKI later)

28 Using Cryptographic Mechanisms in TLS HANDSHAKE SECURE DATA TRANSFER Cipher Suites with ECC are supported in TLS 1.2. Need server and client ECC certificates to do FULL NGE Other protocols that leverage NGE: IPSec, MACSec, SSH

29 Current Options for Certificate Enrollment Manual Enrollment requiring administrator to generate certificates and transport to devices Use of SCEP (Simple Certificate Enrollment Protocol): Requires out-of-band distribution of preshared secret or manual authorization Only supports RSA-signed certificates (no support for NGE) Certificates link a public key to an identity Possessing a trusted certificate is necessary to establish secure connections How do you enroll NGE Certificates?

30 What is Different With EST (RFC7030)? Advantages of EST Ease of Deployment Enables automatic certificate enrollment for devices in a network Supports enrollment of ECC-signed certificates (Next Generation Encryption) Issues certificates over secure transport (TLS) Supports Todays & Next Generation Encryption Enhances Security At Transport Layer EST provides simple, scalable, and secure certificate enrollment.

31 EST: Simple Enrollment Client Application EST Client Client generates public/private keypair Client generates and signs Client sends CSR CSR to the server over TLS Server sends CSR to CA Verfies signature on the CSR Server authenticates the client Certificate Authority EST Server HTTP Server TLS TLS Session Server sends for Transport X509 certificate back to the client TLS

32 Where EST Fits Into PKI Solution 4. CA signs CSR and returns to RA Client Device 1 EST Client 1. Client sends EST request to Registration Authority (EST Server) 3. If OK, RA sends client s CSR to CA RA (Registration Authority) EST Server CA (Certificate Authority) EST Client Client Device 2 5. RA returns X.509 certificate to client device 2. RA authenticates Client Authentication DB

33 Enrollment over Secure Transport Demo

34 DMVPN Provisioning Use Case

35 Problem summary Headend router is provisioned with a RSA certificate. DMVPN is configured at Head end and it would authenticate branch routers using Digital certifcates. CA server is behind a firewall and it can t be reached directly. How does Branch router obtain its certificate?

36 Existing Deployment of DMVPN between branch and Headend 1. Establish a separate VPN session to the Headend to reach CA server behind firewall. 2. Authenticate the credentials against the RADIUS server. 3. Branch router generates CSR and sends it to the CA server. 4. CA server issues to the Branch router

37 Provisioning Branch routers 1. After branch router has obtained the certificate, DMVPN session can be established. 2. Two VPN sessions need to be configured in this model 3. If pre-shared secrets are used in first phase, then it weakens the security design.

38 Provisioning Branch routers with EST RA (with EST) 1. Branch router connects with RA (supports EST server) 2. RA authenticates branch router with RADIUS server 3. RA reaches to CA server to get certificate for client 4. RA sends certificate to client

39 Crypto Best Practices and NGE Info

40 Crypto Best Practices Use common implementations Use standard algorithms NEVER roll your own implementation Store keys securely

41 Additional NGE Resources en_crypto.html wtv/nge/fundamentals.html

42 S&TO s Trustworthy IT Business Partners Pick up a copy of S&TO s new our booth on the demo floor

43 Q&A and Wrap-Up

44 Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could Be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Your favorite speaker s Twitter Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to View the official rules at

45 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

46 Thank you

47