Designing Network Encryption for the Future

Emily McAdams

Security Engagement Manager, Security & Trust OrganizationBRKSEC-2015

What Could It Cost You?

Average of $0.58 a record

According to the Verizon Data Breach Investigations Report 2015

What Could It Cost You?

Estimates 10 million records could average $3.5 million

According to the Verizon Data Breach Investigations Report 2015

Crypto is Under Attack

CRIME

BREACHLucky

Thirteen

• What is Next Generation Encryption?

• Where is NGE Available

• Deploying NGE with Enrollment over Secure Transport

• Crypto Best Practices

• Q&A

Agenda

Bruce SchneierInformation Management & Computer Security, 1998

“A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on

Cryptographic Mechanisms

Encryption

Data Authentication

Key Establishment

Signatures

Hashing

Cryptographic Mechanisms - Definitions

EncryptionProcess of encoding a message so that only authorized parties can read it.

Hashing

One-way function that condenses a large amount of data and results in a message digest.

Digital Signatures

Allow a receiver to verify that a message was created by a known sender, that the sender cannot deny that they sent the message and that the message was not altered

Key Establishment

Method of deriving exchanging a cryptographic key between two users

Data Authentication

Integrity and authenticity of the data using a Message Authentication Code

Cryptographic Mechanisms - Definitions

Next Generation Encryption

Weakness in Crypto Mechanisms

DH, RSA 1024-bit at risk

RSA, DSA 1024-bit at risk

MD5, SHA-1 Collision attacks

3DES 1GB limit

HMAC-MD5 Theoretical attacks

Entropy Inconsistent quality

TLS1.0, IKEv1No AE, security

issues

Smaller Key Sizes are Vulnerable

Hacker ($300)Med. Size Organization ($300K)

Govt. Intelligence Agency

Prevalent Crypto Today

AES-128-

CBC

DH-1024SHA-1

RSA-1024

Next Generation Encryption

Suite BKey Establishment ECDH

Digital Signatures ECDSA

Hashing SHA-2

Authenticated

EncryptionAES-GCM

Authentication HMAC-SHA-2

Entropy SP800-90

ProtocolsTLSv1.2, IKEv2,

IPsec, MACSec

NGE Security Levels

AES-256-

GCM

ECDH-P384 SHA-384ECDSA-

P384

ECDH-P521 SHA-512ECDSA-

P521

AES-192-

GCM

AES-128-

GCMECDH-P256 SHA-256

ECDSA-

P256128-bit

192-bit

256-bit

Elliptic Curve Cryptography Efficiency

1

10

100

1000

10000

80 112 144 192 208 240

RSA

ECC

Signatures per second

Symmetric Key Size DH or RSA ECC

56 512 112

80 1024 160

112 2048 224

128 3072 256

192 7680 384

256 15360 521

Security Level

NGE Supports Authenticated Encryption

Single algorithm provides both confidentiality and authentication in a single pass over data

• More efficient

• More secure

Next Generation Encryption

Upgrades all crypto mechanisms

Designed to meet security and scalability requirements of next two decades

Standards based

Available today

Availability of Next Generation Encryption

• Availability of Next Generation Encryption

• Deployment of Next Generation Encryption Certificates

Main Challenges for Next Generation Encryption

• Crypto Toolkits: OpenSSL, Bouncy Castle, Java 7 (Partial)

• ECC server certificates are available from Certificate Authorities

• Concern around IP issues with Elliptic Curve – Recommended to use the standardized curves (RFC6090)

NGE is available Industry Wide

• IOS/IOS-XE Products: ISR G2, G3, ASR, ISR 44xx, ISR 43xx, CSR1000v, Catalyst 3750-X, 3560-X, 45xx-E,6500

• ASA 5585-X, 5500-X, 5580

• AnyConnect

Next Generation Encryption in Cisco Products

Next Generation Encryption Enabled Architectures

Remote Access VPNs

ASA Firewall

CSM / ASDM

Sp

ok

e-3

. .

.

Site to Site,

DMVPN, and

FlexVPN

G

M1

G

M2

G

M3 G

M4

G

M5

G

M6

G

M7G

M8

G

M9KS

GETVPN*

&^*RTW#(*J^*&*sd#J$%UJ&(

802.1X

Supplicant

with

MACSec

Guest User

MACSec

Capable

Devices

&^*RTW#(*J^*&*sd#J$%UJWD

&(

Data sent in clear

MACSec Link

Encrypt DecryptAuthenticated

User

MACSec

Going forward with NGE

• Turn on NGE in your devices!

• Upgrade infrastructure to support NGE

• Deploy NGE certificates

Deploying Next Generation Encryption

A Little Background - Public Key EncryptionWhere Certificates Fit in Crypto

Bob Carl

Requires two different keys (a public key and a private key) that are mathematically linked. The public key is used to encrypt data and the private key decrypts data

Carl uses his private key to decrypt the message

Bob encrypts the message using Carl’s public key

• Certificates contain additional data:• Information about the key owner

• Validity period

• Allowed uses for the key

• Certificates are signed by a Certificate Authority (more on PKI later)

Digital CertificatesOr Public Key Certificates, proves ownership of a public key

• Easy analogy –

• Digital certificate = Driver’s license

• Certificate Authority = Department of Motor Vehicles

Using Cryptographic Mechanisms in TLS

HANDSHAKE

SECURE DATA

TRANSFER

Cipher Suites with ECC are supported in TLS 1.2. Need server and client ECC certificates to do FULL NGE

Other protocols that leverage NGE: IPSec, MACSec, SSH

Current Options for Certificate Enrollment

• Manual Enrollment requiring administrator to generate certificates and transport to devices

• Use of SCEP (Simple Certificate Enrollment Protocol):

Requires out-of-band distribution of “pre-shared secret” or manual authorization

Only supports RSA-signed certificates (no support for NGE)

• Certificates link a

public key to an

identity

• Possessing a

trusted certificate

is necessary to

establish secure

connections

How do you enroll NGE Certificates?

What is Different With EST (RFC7030) ?

EST provides simple, scalable, and secure certificate enrollment.

Advantages of EST

Enables automatic certificate enrollment for

devices in a network

Supports enrollment of ECC-signed certificates

(Next Generation Encryption)

Issues certificates over secure transport (TLS)

Ease of Deployment

Supports Todays & Next

Generation Encryption

Enhances Security At

Transport Layer

EST: Simple Enrollment

Client Application

EST Client

TLS

EST Server

HTTP Server

TLS

Certificate Authority

Client generates

public/private

keypair

Client

generates

and signs

CSRClient sends CSR

to the server over

TLS

Server

authenticates

the client

Verfies

signature

on the CSR

TLS Session for Transport

Server

sends CSR

to CA

Server sends X509 certificate back

to the client

Where EST Fits Into PKI Solution

Client Device 1

RA (Registration Authority)

CA (Certificate Authority)

Authentication

DBClient Device 2

EST Client

EST Client

EST Server

1. Client sends EST request to Registration Authority (EST Server)

2. RA authenticates Client

3. If OK, RA sends client’s CSR to CA

4. CA signs CSR and returns to RA

5. RA returns X.509 certificate to client device

Enrollment over Secure Transport Demo

DMVPN Provisioning Use Case

Problem summary

• Headend router is provisioned with a RSA certificate.

• DMVPN is configured at Head end and it would authenticate branch routers using Digital certifcates.

• CA server is behind a firewall and it can’t be reached directly.

• How does Branch router obtain its certificate?

Existing Deployment of DMVPN between branch and Headend

1. Establish a separate VPN session to the Headend to reach CA server behind firewall.

2. Authenticate the credentials against the RADIUS server.

3. Branch router generates CSR and sends it to the CA server.

4. CA server issues to the Branch router

Provisioning Branch routers

1. After branch router has obtained the certificate, DMVPN session can be established.

2. Two VPN sessions need to be configured in this model

3. If pre-shared secrets are used in first phase, then it weakens the security design.

Provisioning Branch routers with EST

1. Branch router connects with RA (supports EST server)

2. RA authenticates branch router with RADIUS server

3. RA reaches to CA server to get certificate for client

4. RA sends certificate to client

RA(with

EST)

Crypto Best Practices and NGE Info

• Use common implementations

• Use standard algorithms

• NEVER roll your own implementation

• Store keys securely

Crypto Best Practices

• http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html

• http://www.cisco.com/web/learning/le21/onlineevts/offers/twtv/nge/fundamentals.html

• http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html

Additional NGE Resources

S&TO’s Trustworthy IT Business Partners

• Pick up a copy of S&TO’s new pamphlet @ our booth on the demo floor

Q&A and Wrap-Up

Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

• Your favorite speaker’s Twitter handle @emacstweets

• Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could Be a Winner

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Thank you