Professional Documents
Culture Documents
Presentation_ID.scr
1
1 1999, Cisco Systems, Inc.
318
0944_05F9_c1 1 1999, Cisco Systems, Inc.
318
0944_05F9_c1
2 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Advanced Security Advanced Security
Technology Concepts Technology Concepts
Session 318 Session 318
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
2
3 1999, Cisco Systems, Inc.
318
0944_05F9_c1
What Is Cryptography What Is Cryptography
A way of keeping information private
Provides authentication and integrity
Nonrepudiation
Requires key management
A communications enabler
Communication with confidence
4 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Agenda Agenda
Encryption Concepts and Terminology
The PKI and CEP
A Day In the Life of an IPSec Packet
IPSec Implementation Issues
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
3
5 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Encryption Concepts Encryption Concepts
and Terminology and Terminology
5 1999, Cisco Systems, Inc.
318
0944_05F9_c1
6 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Confidentiality Confidentiality
Confidentialitycommunicating such
that the intended recipients know
what was being sent but unintended
parties cannot determine what
was sent
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
4
7 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Pub Pub
Keys Keys
Each device has three keys:
1. A private key that is kept secret and never shared.
Used to sign messages
2. A public key that is shared. Used by others to verify
a signature
3. A shared secret key that is used to encrypt data
using a symmetric encryption algorithm (e.g., DES)
DES DES
DES DES
Pri Pri
Pub Pub
WAN
Pri Pri
8 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Cost 40 56 64 80 112 128
100 K 2 secs 35 hours 1 year 70,000 yrs 10
14
yrs 10
19
yrs
1 M .2 secs 3.5 hours 37 days 7000 years 10
13
yrs 10
18
yrs
10 M .02 secs 21 mins 4 days 700 years 10
12
yrs 10
17
yrs
100 M 2 millisecs 2 mins 9 hours 70 years 10
11
yrs 10
16
yrs
1 B .2 millisec 13 secs 1 hour 7 years 10
10
yrs 10
15
yrs
Estimated Time for Brute-Force Attack
(1995) on Symmetric Keys
Key Sizes Key Sizes
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
5
9 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Public Key
Decryption Decryption
Private Key
Networkers Networkers &^$!@#l:{Q &^$!@#l:{Q Networkers Networkers
Encryption Encryption
Asymmetric or Asymmetric or
Public-Key Encryption Public-Key Encryption
Encryptor and decryptor use different
mathematical functions
Encryptor and decryptor use different keys
Example: Public key algorithms
(RSA, Diffie-Hellman)
Generate a secret key
10 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Y
B
= g
mod p
Secret Value,
X
B
Public Value,
Alice Alice Bob Bob
Secret Value, X
A
Public Value, Y
A
Y
A
Y
A
=g mod p
X
A
Y
B
X
B
(Shared Secret)
g is a large prime
p size is based on D-H group
Y
B
mod p = g mod p = Y
A
mod p
X
B
X
A
X
B
X
A
The Diffie-Hellman The Diffie-Hellman
Public Key Exchange Public Key Exchange
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
6
11 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Host A
prime p = 5, primitive g = 3
Choose Xa such that
0 <= Xa < p, Xa = 2
Ya = g ^Xa mod p
= 3^2 mod 5
= 4
Exchange Values
p, g, Ya
Ke = Yb^ Xa mod p
= 1^2 mod 5
= 1
Host B
prime p =5, primitive g = 3
Choose Xb such that
0 <= Xb < p, Xb =4
Yb = g^Xb mod p
= 3^4 mod 5
=1
Exchange Values
p, g, Yb
Ke = Ya^Xb mod p
= 4^4 mod 5
= 1
Diffie-Hellman Example Diffie-Hellman Example
12 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Secret Key Secret Key
Decryption Decryption
Networkers Networkers &^$!@#l:{Q &^$!@#l:{Q Networkers Networkers
Encryption Encryption
Symmetric Encryption Symmetric Encryption
Encryption and decryption use same
mathematical function
Encryption and decryption use same key
Example: Data Encryption Standard (DES, IDEA
RC2, RC4)
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
7
13 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Decryption Decryption Encryption Encryption
Clear-Text
Original
Clear-Text
Cipher-Text
Networkers Networkers
&^$!@#l:{Q &^$!@#l:{Q
Networkers Networkers
DES Encryption DES Encryption
Peer routers now have identical keys
DES encryption turns cleartext
into ciphertext
Decryption restores cleartext
from ciphertext
14 1999, Cisco Systems, Inc.
318
0944_05F9_c1
IV
E
K
E
K
C
i-1
P
i+1
C
i+1
P
i
C
i
DES TransformsCFB DES TransformsCFB
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
8
15 1999, Cisco Systems, Inc.
318
0944_05F9_c1
IV
E
K
C
i-1
P
i
E
K
C
i
P
i+1
E
K
C
i+1
DES TransformsCBC DES TransformsCBC
16 1999, Cisco Systems, Inc.
318
0944_05F9_c1
64 bit block plain text
Initial Permutation
32 bits 32 bits
Expansion Permutation
S-Box Substitution
Compression
Permutation
Choose 48 bits
L
i-1
56 bit Key
R
i-1
P-Box Permutation
L
i
R
i
Shift 28 bits Shift 28 bits
56 bit Key
XOR XOR
XOR XOR
DES Explained DES Explained
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
9
17 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Integrity Integrity
Integrityensuring that data
is transmitted from source to
destination without
undetected alteration
18 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Message
Secret
Key
Secret
Key
Hash
Function
Hash
Function
Hash
Message-Digest Algorithms Message-Digest Algorithms
Secret key and message
are hashed together
Recomputation of digest
verifies that message
originated with peer and
that message was not
altered in transit
Also used in
digital signatures
Examples HMAC-MD5,
HMAC-SHA
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
10
19 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Hash Algorithms Hash Algorithms
Produces a 128 bit hash
value
Input 512 bit block split as
16 x 32 bit blocks
Output is 4 x 32 bit blocks
concatenated
4 Chaining variables
4 rounds of 16 operations
with 4 functions per round
Produces a 128 bit hash
value
Input 512 bit block split as
16 x 32 bit blocks
Output is 4 x 32 bit blocks
concatenated
4 Chaining variables
4 rounds of 16 operations
with 4 functions per round
Produces a 160 bit hash
value
Input 512 bit block split as
16 x 32 bit blocks,
expanded to 80 x 32 bit
blocks
Output is 5 x 32 bit blocks
concatenated
5 Chaining variables
4 rounds of 20 ops
Produces a 160 bit hash
value
Input 512 bit block split as
16 x 32 bit blocks,
expanded to 80 x 32 bit
blocks
Output is 5 x 32 bit blocks
concatenated
5 Chaining variables
4 rounds of 20 ops
MD5 MD5 SHA SHA
20 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Authentication Authentication
AuthenticationKnowing that the
data received is the same as the data
that was sent and that the claimed
sender is in fact the actual sender.
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
11
21 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Sign Hash with Private Key
Hash of Message
Signature = Encrypted
Hash of Message
Alice Alice
Hash
Function
Hash
Function
Message
s74hr7sh7040236fw
7sr7ewq7ytoj56o457 7sr7ewq7ytoj56o457
One-way function. Easy to
produce hash from message,
impossible to produce
message from hash
0872_05F7_c1
Digital Signatures Digital Signatures
22 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Message
A
lice
A
lice
Hash
Function
Hash
Function
Decrypt the
Received
Signature
Decrypt Using
Alices Public Key
Hash of
Message Hash Message
Message with
Appended
Signature
If Hashes are
Equal, Signature
is Authentic
Re-Hash the
Received
Message
Message
Signature Signature
Signature Signature
Signature Verification Signature Verification
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
12
23 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Message
S
ecret
S
ecret
S
ecret
S
ecret
B
o
b
B
o
b
+
Alice Encrypts
Message
with a Random
Secret Key
Encrypt the
Secret Key
with Bobs
Public Key
S
ecret
S
ecret
B
o
b
B
o
b
Bob Decrypts the
Secret Key with His
Private Key, then
Decrypts the
Message
Used During CA Transactions Used During CA Transactions
Digital Envelope Digital Envelope
24 1999, Cisco Systems, Inc.
318
0944_05F9_c1
PKI and CEP PKI and CEP
24 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
13
25 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Certificate
Authority
Key Recovery
Certificate
Revocation
Registration and
Certification Issuance
Certificate
Distribution
Key
Generation
Support for Non-
Repudiation
Trusted Time
Service
Key Storage
PKI Components PKI Components
26 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Certificate Life Cycle and Certificate Life Cycle and
ManagementPKIX ManagementPKIX
Expiration Expiration Revocation Revocation
Useful Life Useful Life
Certification Certification
Initialization Initialization
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
14
27 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Certificates and Certificates and CAs CAs
Certificate Authority (CA) verifies identity
CA signs digital certificate containing
devices public key
Verisign On-Site, Entrust PKI, Netscape
CA, Microsoft CA
Internet Internet
B A N K
28 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Certificate :: = Certificate :: =
{{
Version (v3) Version (v3)
Serial Number Serial Number
Sign Algorithm ID Sign Algorithm ID
Issuer Name Issuer Name
Validity Period Validity Period
Subject Name Subject Name
Subject Public Key Subject Public Key
Issuer Unique ID Issuer Unique ID
Subject Unique ID Subject Unique ID
Extensions Extensions
Signature Signature
}}
X.509v3 Certificate X.509v3 Certificate
Binds user identity
(Subject Name) to a
public key via signature
Issuer (CA) signs cert
Note cert has defined lifetime
Identifies which signature
algorithm was used to
sign cert
Extension fields allow other
information to be bound to
cert (e.g., subjects
clearances)=
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
15
29 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Home-gw
10.1.2.3
Home-gw
10.1.2.3
Enrolling a Device with a CA Enrolling a Device with a CA
Generate public/private keys
Send certificate request to CA
CA signs certificate
Retrieve certificate from CA
30 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Cert 12345
Cert 12241
Cert 22333
Certificate Revocation List Certificate Revocation List
List of revoked
certificates signed
by CA
Stored on CA or
directory service
No requirement on
devices to ensure
CRL is current
Revoked Revoked
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
16
31 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Certificate Authority
Certificate User
Certificate (points issuer to subject)
Cross Certificate
Alice
Bob
Carol
CA RelationshipsHierarchy CA RelationshipsHierarchy
and Cross-Certification and Cross-Certification
CA CA
CA CA
CA CA
CA CA
CA CA
CA CA
CA CA
32 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Certificate Enrollment Protocol Certificate Enrollment Protocol
PKCS #7 for signing and enveloping
PKCS #10 for certificate request
HTTP and LDAP for transport
Requires manual authentication
during enrollment
CRL distribution is manual
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
17
33 1999, Cisco Systems, Inc.
318
0944_05F9_c1
A Day In the Life of an A Day In the Life of an
IPSec Packet IPSec Packet
33 1999, Cisco Systems, Inc.
318
0944_05F9_c1
34 1999, Cisco Systems, Inc.
318
0944_05F9_c1
I
P
H
e
a
d
e
r
I
P
H
e
a
d
e
r
IPSec Header(s)
AH/ESP
IP
D
a
t
a (
E
n
c
r
y
p
t
e
d
)
IP
D
a
t
a (
E
n
c
r
y
p
t
e
d
)
IPSec Overview IPSec Overview
Interoperable authentication,
integrity and encryption
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
18
35 1999, Cisco Systems, Inc.
318
0944_05F9_c1
All Data in Clear Text
Router
Firewall
Authentication Header Authentication Header
Data integrityno twiddling of bits
Origin authenticationdefinitely
came from Router
Uses keyed-hash mechanism
Does NOT provide confidentiality
Replay protection
36 1999, Cisco Systems, Inc.
318
0944_05F9_c1
AH AH
Authentication
Data (00ABCDEF)
Authentication
Data (00ABCDEF)
IP Header + Data IP Header + Data
Router
Firewall
IP HDR IP HDR Data Data
AH Authentication and Integrity AH Authentication and Integrity
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
19
37 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Next
Header
Next
Header
Payload
Length
Payload
Length
RESERVED RESERVED
Security Parameter Index (SPI) Security Parameter Index (SPI)
Sequence Number Field Sequence Number Field
Authentication Data Authentication Data
IPSec Authentication IPSec Authentication
Header (AH) Header (AH)
AH header is
prepended to IP
datagram or to
upper-layer protocol
IP datagram, part of
AH header, and
message itself are
authenticated with a
keyed hash function
38 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Encapsulating Security Payload Encapsulating Security Payload
Data confidentiality
Limited traffic flow confidentiality
Data integrity
Data origin authentication
Anti-replay protection
Does not protect IP Header
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
20
39 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Encryption with a Keyed-MAC
Authenticated
Firewall
Encrypted
ESP ESP IP HDR IP HDR Data Data
ESP Confidentiality and Integrity ESP Confidentiality and Integrity
Router
40 1999, Cisco Systems, Inc.
318
0944_05F9_c1
IPSec Encapsulating Security IPSec Encapsulating Security
Payload Header (ESP) Payload Header (ESP)
ESP header is
prepended to
IP datagram
Confidentiality
through encryption
of IP datagram
Integrity through
keyed hash function
Security Parameter Index (SPI) Security Parameter Index (SPI)
Sequence Number Field Sequence Number Field
Padding (If Any) Padding (If Any)
Pad
Length
Pad
Length
Next
Header
Next
Header
Initialization Vector Initialization Vector
Authentication Data Authentication Data
Payload Data Payload Data
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
21
41 1999, Cisco Systems, Inc.
318
0944_05F9_c1
IP HDR IP HDR
Encrypted
IP HDR IP HDR DATA DATA
IPSec HDR IPSec HDR DATA DATA
IP HDR IP HDR DATA DATA
IPSec HDR IPSec HDR IP HDR IP HDR New IP HDR New IP HDR
Encrypted
DATA DATA
Tunnel Mode
Transport Mode
IPSec Modes IPSec Modes
42 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Router
Firewall
Insecure Channel
Security Association (SA) Security Association (SA)
Agreement between two entities
on method to communicate securely
Unidirectionaltwo-way communication
consists of two SAs
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
22
43 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Tunnel-Mode
AH-HMAC-SHA
PFS 50
Tunnel-Mode
AH-HMAC-SHA
PFS 50
Transport-Mode
ESP-DES-HMAC-MD5
PFS 15
Transport-Mode
ESP-DES-HMAC-MD5
PFS 15
Security Associations Enable Security Associations Enable
Your Chosen Policy Your Chosen Policy
44 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Destination Address
Security Parameter Index (SPI)
IPSec Transform
Key
Additional SA Attributes
(e.g., lifetime)
205.49.54.237 205.49.54.237
7A390BC1 7A390BC1
AH, HMAC-MD5 AH, HMAC-MD5
7572CA49F7632946 7572CA49F7632946
One Day or 100MB One Day or 100MB
IPSec Security Association (SA) IPSec Security Association (SA)
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
23
45 1999, Cisco Systems, Inc.
318
0944_05F9_c1
IKE IKE
Negotiates policy to
protect communication
Authenticated Diffie-Hellman
key exchange
Negotiates (possibly multiple)
security associations for IPSec
A flavor of ISAKMP/Oakley for IPSec
Provides PFS
46 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Perfect Forward Secrecy (PFS) Perfect Forward Secrecy (PFS)
Compromise of a single key will
permit access to only data
protected by that particular key
IKE provides PFS if required by using
Diffie-Hellman for each rekey
If PFS not required, can refresh key
material without using Diffie-Hellman
Copyright 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
24
47 1999, Cisco Systems, Inc.
318
0944_05F9_c1
IKE Authentication IKE Authentication
Signatures (RSA or DSS)
Diffie-Hellman secret, identity, hashed together and signed
Nonrepudiable proof of communication
Encrypted nonces (RSA only)
Pseudo-random nonce encrypted in other partys public key
Nonces, Diffie-Hellman secret, identities hashed
Repudiable, deniable exchange
Preshared key
Key is agreed-upon out-of-band
Key, Diffie-Hellman secret, identities hashed
Limited applicability
48 1999, Cisco Systems, Inc.
318
0944_05F9_c1
Cisco IOS Cisco IOS