Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
What Could It Cost You? Average of $0.58 a record According to the Verizon Data Breach Investigations Report 2015
What Could It Cost You? Estimates 10 million records could average $3.5 million According to the Verizon Data Breach Investigations Report 2015
Crypto is Under Attack CRIME Lucky Thirteen BREACH
Agenda What is Next Generation Encryption? Where is NGE Available Deploying NGE with Enrollment over Secure Transport Crypto Best Practices Q&A
A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on Bruce Schneier Information Management & Computer Security, 1998
Cryptographic Mechanisms Encryption Data Authentication Key Establishment Signatures Hashing
Cryptographic Mechanisms - Definitions Encryption Process of encoding a message so that only authorized parties can read it. Hashing One-way function that condenses a large amount of data and results in a message digest. Digital Signatures Allow a receiver to verify that a message was created by a known sender, that the sender cannot deny that they sent the message and that the message was not altered
Cryptographic Mechanisms - Definitions Key Establishment Method of deriving exchanging a cryptographic key between two users Data Authentication Integrity and authenticity of the data using a Message Authentication Code
Next Generation Encryption
Weakness in Crypto Mechanisms 3DES HMAC-MD5 DH, RSA RSA, DSA MD5, SHA-1 Entropy TLS1.0, IKEv1 1GB limit Theoretical attacks 1024-bit at risk 1024-bit at risk Collision attacks Inconsistent quality No AE, security issues
Smaller Key Sizes are Vulnerable Hacker ($300) Med. Size Organization ($300K) Govt. Intelligence Agency
Prevalent Crypto Today AES-128- CBC DH-1024 RSA-1024 SHA-1
Next Generation Encryption Authenticated Encryption Authentication AES-GCM HMAC-SHA-2 Key Establishment Digital Signatures Hashing Entropy Protocols ECDH ECDSA SHA-2 SP800-90 TLSv1.2, IKEv2, IPsec, MACSec Suite B
NGE Security Levels 256-bit AES-256- GCM ECDH-P521 ECDSA- P521 SHA-512 192-bit AES-192- GCM ECDH-P384 ECDSA- P384 SHA-384 128-bit AES-128- GCM ECDH-P256 ECDSA- P256 SHA-256
Elliptic Curve Cryptography Efficiency Signatures per second 10000 Symmetric Key Size DH or RSA ECC 1000 100 10 1 80 112 144 192 208 240 Security Level 56 512 112 80 1024 160 RSA 112 2048 224 ECC 128 3072 256 192 7680 384 256 15360 521
NGE Supports Authenticated Encryption Single algorithm provides both confidentiality and authentication in a single pass over data More efficient More secure
Next Generation Encryption Upgrades all crypto mechanisms Designed to meet security and scalability requirements of next two decades Standards based Available today
Availability of Next Generation Encryption
Main Challenges for Next Generation Encryption Availability of Next Generation Encryption Deployment of Next Generation Encryption Certificates
NGE is available Industry Wide Crypto Toolkits: OpenSSL, Bouncy Castle, Java 7 (Partial) ECC server certificates are available from Certificate Authorities Concern around IP issues with Elliptic Curve Recommended to use the standardized curves (RFC6090)
Next Generation Encryption in Cisco Products IOS/IOS-XE Products: ISR G2, G3, ASR, ISR 44xx, ISR 43xx, CSR1000v, Catalyst 3750-X, 3560-X, 45xx- E,6500 ASA 5585-X, 5500-X, 5580 AnyConnect
Next Generation Encryption Enabled Architectures... CSM / ASDM ASA Firewall Remote Access VPNs Guest User Data sent in clear G M1 G M2 G M9 G M3 G M8 GETVPN* G M4 G M7 G M5 G M6 KS Site to Site, DMVPN, and FlexVPN Sp ok e-3 Authenticated User Supplicant with MACSec 802.1X &^*RTW#(*J^*&*sd#J$%UJ&( MACSec Link Encrypt &^*RTW#(*J^*&*sd#J$%UJWD &( MACSec MACSec Capable Devices Decrypt
Going forward with NGE Turn on NGE in your devices! Upgrade infrastructure to support NGE Deploy NGE certificates
Deploying Next Generation Encryption
A Little Background - Public Key Encryption Where Certificates Fit in Crypto Requires two different keys (a public key and a private key) that are mathematically linked. The public key is used to encrypt data and the private key decrypts data Bob encrypts the message using Carl s public key Bob Carl Carl uses his private key to decrypt the message
Digital Certificates Or Public Key Certificates, proves ownership of a public key Certificates contain additional data: Information about the key owner Validity period Allowed uses for the key Easy analogy Digital certificate = Driver s license Certificate Authority = Department of Motor Vehicles Certificates are signed by a Certificate Authority (more on PKI later)
Using Cryptographic Mechanisms in TLS HANDSHAKE SECURE DATA TRANSFER Cipher Suites with ECC are supported in TLS 1.2. Need server and client ECC certificates to do FULL NGE Other protocols that leverage NGE: IPSec, MACSec, SSH
Current Options for Certificate Enrollment Manual Enrollment requiring administrator to generate certificates and transport to devices Use of SCEP (Simple Certificate Enrollment Protocol): Requires out-of-band distribution of preshared secret or manual authorization Only supports RSA-signed certificates (no support for NGE) Certificates link a public key to an identity Possessing a trusted certificate is necessary to establish secure connections How do you enroll NGE Certificates?
What is Different With EST (RFC7030)? Advantages of EST Ease of Deployment Enables automatic certificate enrollment for devices in a network Supports enrollment of ECC-signed certificates (Next Generation Encryption) Issues certificates over secure transport (TLS) Supports Todays & Next Generation Encryption Enhances Security At Transport Layer EST provides simple, scalable, and secure certificate enrollment.
EST: Simple Enrollment Client Application EST Client Client generates public/private keypair Client generates and signs Client sends CSR CSR to the server over TLS Server sends CSR to CA Verfies signature on the CSR Server authenticates the client Certificate Authority EST Server HTTP Server TLS TLS Session Server sends for Transport X509 certificate back to the client TLS
Where EST Fits Into PKI Solution 4. CA signs CSR and returns to RA Client Device 1 EST Client 1. Client sends EST request to Registration Authority (EST Server) 3. If OK, RA sends client s CSR to CA RA (Registration Authority) EST Server CA (Certificate Authority) EST Client Client Device 2 5. RA returns X.509 certificate to client device 2. RA authenticates Client Authentication DB
Enrollment over Secure Transport Demo
DMVPN Provisioning Use Case
Problem summary Headend router is provisioned with a RSA certificate. DMVPN is configured at Head end and it would authenticate branch routers using Digital certifcates. CA server is behind a firewall and it can t be reached directly. How does Branch router obtain its certificate?
Existing Deployment of DMVPN between branch and Headend 1. Establish a separate VPN session to the Headend to reach CA server behind firewall. 2. Authenticate the credentials against the RADIUS server. 3. Branch router generates CSR and sends it to the CA server. 4. CA server issues to the Branch router
Provisioning Branch routers 1. After branch router has obtained the certificate, DMVPN session can be established. 2. Two VPN sessions need to be configured in this model 3. If pre-shared secrets are used in first phase, then it weakens the security design.
Provisioning Branch routers with EST RA (with EST) 1. Branch router connects with RA (supports EST server) 2. RA authenticates branch router with RADIUS server 3. RA reaches to CA server to get certificate for client 4. RA sends certificate to client
Crypto Best Practices and NGE Info
Crypto Best Practices Use common implementations Use standard algorithms NEVER roll your own implementation Store keys securely
Additional NGE Resources http://www.cisco.com/web/about/security/intelligence/nextg en_crypto.html http://www.cisco.com/web/learning/le21/onlineevts/offers/t wtv/nge/fundamentals.html http://www.cisco.com/c/en/us/support/docs/securityvpn/ipsec-negotiation-ike-protocols/116055-technote-ioscrypto.html
S&TO s Trustworthy IT Business Partners Pick up a copy of S&TO s new pamphlet @ our booth on the demo floor
Q&A and Wrap-Up
Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could Be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Your favorite speaker s Twitter handle @emacstweets Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to follow @CiscoLive and @CiscoPress View the official rules at http://bit.ly/cluswin
Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
Thank you