Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BRKSEC-3009
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Overview
Background
Next Generation Encryption
Suite B, FIPS-140-2011
Issues
Crypto Globalization
Quantum Computers
Quantum Cryptography
Post-Quantum Cryptography
Recommendations
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Background
How to detect attacks?
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
How to detect attacks?
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cryptography Protects Data on
Untrusted Networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cryptography Protects Data on
Untrusted Networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cryptography Protects Data on
Untrusted Networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Cryptography Protects Data on
Untrusted Networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Snooping
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Cryptography Protects Data on
Untrusted Networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Spoofing and Tampering
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cryptography Protects Data on
Untrusted Networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Key Establishment
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Digital Signatures
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Cryptographic Mechanisms
Encryption
Data Authentication
Key Establishment
Signatures
Hashing
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Secret Key Encryption
Key Key
Data Data
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Public Key Encryption
Data Data
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Public Key Encryption
Data Data
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Protecting a Packet
VIHL TOS Length
ID F Offset
Authentication Tag
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Encryption
VIHL TOS Length
ID F Offset
Authentication Tag
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Authentication
VIHL TOS Length
ID F Offset
Authentication Tag
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Authenticated Encryption
Header Data
Header Ciphertext
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Authenticated Encryption with
Associated Data (AEAD)
Tight binding prevents subtle attacks
BEAST, Padding Oracle,
RFC 5116, An Interface and Algorithms for
Authenticated Encryption
Standards
TLS 1.2 (RFCs 5288, 5289), IKE (RFC 5282), SSH (RFC
5647), SRTP, JSON
Compatible with ESP (RFC 4106) and 802.1AE
draft-mcgrew-aead-aes-cbc-hmac-sha2-00
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Digital Signatures
Private Key
Message Signature
Public Key
Message
0/1
Signature
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Digital Signatures
Private Key
Message Signature
Public Key
Message
0/1
Signature
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Hashing
Message Hash
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Collision
Message1
Hash
Message 2
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Collision Resistance
Message1
Hash
Message 2
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Second Preimage Resistance
Message1
Hash
Message 2
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Hash Function Attacks
Collision resistance
Failures: MD4, MD5, SHA-0, SHA-1
Second preimage resistance (digital signatures)
Failure: MD4
HMAC Message Authentication Code
Failures: MD4, SHA-0
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Diffie Hellman
Alice Bob
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Diffie Hellman
g is number < p
Alice Bob
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Diffie Hellman
g is number < p
Alice Bob
x = random
gx mod p
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Diffie Hellman
g is number < p
Alice Bob
x = random
gx mod p
y = random
gy mod p
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Diffie Hellman
g is number < p
Alice Bob
x = random
gx mod p
y = random
gy mod p
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Security at Different Layers
Security at Different Layers
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
802.11i WPA2 Wireless Security
Application 802.11i
Presentation
Session
Transport
Network
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Ethernet MACsec
Application
Presentation
Session
MACsec
Transport
Network
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
IPsec
Application IPsec
Presentation
Session
Transport
Network
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Transport Layer Security (TLS)
Application
Presentation
Session
Transport TLS
Network
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Secure Shell (SSH)
Application
Presentation
Session
Transport
Network
SSH
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Secure RTP
Application
Presentation
Session
Transport SRTP
Network
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Defense in Depth
Application 802.11i
IPsec
Presentation
Session
MACsec
Transport TLS SRTP
Network
SSH
Link
Physical
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Certificates and Passwords
Entity Authentication
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Certificate
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Self-Signed Certificate
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Password Based Keys
Password Data
abnegator
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Dictionary Attack
abluent Data
ablush Format
ablution Match
ablutionary ?
abluvion
ably
abhmo
Abnaki
abnegate
abnegator
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Dictionary Attack
ablush Data
ablution Format
ablutionary Match
abluvion ?
ably
abhmo
Abnaki
abnegate
abnegator
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Dictionary Attack
ablution Data
ablutionary Format
abluvion Match
ably ?
abhmo
Abnaki
abnegate
abnegator
Encrypted Data
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Time-Memory Tradeoff
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Time-Memory Tradeoff
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Time-Memory Tradeoff
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Cryptographic Strength
Work Factor
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Key Strength
AES-256
AES-128
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Medium Organization ($300K)
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Intelligence Agency
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Key Strength
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Key Strength
AES-128
3DES
RC5-64
DES
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Algorithms Never Get Stronger
SHA-1
AES-128-CBC
DH-1024 RSA-1024
SHA-1
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
FIPS-140 2011
AES-128 SHA-256
DH-2048 RSA-2048
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
FIPS-140
Advanced Encryption Standard
Standards Process
Three Years, Four Workshops
15 Candidates from around the world (Belgium Won)
Most analyzed cryptoalgorithm ever
Theoretical Attacks
Related-key model
AES-256, AES-192
Biclique cryptanalysis
Chosen ciphertext attack that shaves two bits off of 128-bit key
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Hash Functions
SHA-512
SHA-384
SHA-256
SHA-224
SHA-0 SHA-1
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Suite B
Suite B
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Suite B
ECDSA-
AES-128-GCM ECDH-P256 SHA-256
P256
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Suite B 192-bit Profile
AES-256-GCM
ECDSA-
ECDH-P384 SHA-384
P384
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Suite B AES Galois/Counter Mode
Galois/Counter Mode (GCM)
Cisco Nexus 7000 Series 32-Port 10Gb Ethernet Module with 80 Gb bandwidth to the fabric
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
AES Counter Mode Pipeline
0000001 0000002 0000003 0000004
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
AES Counter Mode Pipeline
0000011 0000012 0000013 0000014
P0 P1 P2 P3
C0 C1 C2 C3
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
AES GCM
P0 P1 P2
C0 C1 C2
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Cipher Block Chaining (CBC)
P0 P1 P2
C0 C1 C2
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Cipher Block Chaining (CBC)
P0 P1 P2
C0 C1 C2
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Suite B Elliptic Curve Cryptography
Elliptic Curve Cryptography
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
ECC Efficient at High Security
Integer
Computational
Cost
ECC
Security
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
ECC History
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Timeline
Meta
Homogeneous ElGamal
EC ElGamal Coordinates Signatures
[K1987] [KMOV1991] [HMP1994]
1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995
EC ElGamal
Signatures
[A1992]
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Cisco Next Generation Encryption
Future Ready
Meets security and scalability requirements of next two decades
Communications and IT infrastructures must be defended against attack
and exploitation
Attackers are persistent and well-funded
Computing advances driving a move to higher cryptographic strengths
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Next Generation Encryption
Authenticated
AES-128-GCM
Encryption
Authentication HMAC-SHA-256
Hashing SHA-256
Entropy SP800-90
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Security Problems Solved by NGE
HMAC-MD5 HMAC-SHA-256
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Cisco NGE ASR
ISR
ASA
Now 2013
AnyConnect
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Trends and Issues
Quantum Computers: Threat
Post-Quantum Cryptography:
Better Defense
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Quantum Computers
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Quantum Computers
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Quantum Cryptography
X X
0,1 0,1
+ +
key courier
Shared Secret Shared Secret
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Quantum Cryptography
Limitations
Relies on initial pre-shared secret
Compares unfavorably to other cryptosystems
Less assurance, less flexibility, higher cost
Laughable data rates (< 1 kbit/sec)
Quantum PHY attacks are serious threat
QC is point-to-point and requires dedicated PHY
QC cannot cross routing or switching
QC has little value to most networks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Post-Quantum Cryptography
AES-256-GCM SHA-512
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Post-Quantum Cryptography
McEliece-
AES-256-GCM SHA-512
120K
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Post-Quantum Cryptography
McEliece- Lamport-SHA-
AES-256-GCM SHA-512
120K 512
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Crypto Globalization
3DES
AES
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Crypto Globalization
Camellia
GOST-89 CLEFIA
KCipher2
3DES
AES
SEED
SMS4 ARIA
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
How Many Do We Need?
Background: draft-irtf-cfrg-cipher-catalog-00
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Recommendations
Recommendations
Now
AES-128-GCM,
AES-128-CCM
HMAC-SHA-256
DH-2048,
RSA-2048
RSA-2048
SHA-256
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Recommendations
Now
AES-128-GCM,
AES-128-CCM
HMAC-SHA-256
DH-2048,
RSA-2048
RSA-2048
SHA-256
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Recommendations
Now Soon
AES-128-GCM, AES-128-GCM,
AES-128-CCM AES-128-CCM
HMAC-SHA-256 HMAC-SHA-256
DH-2048,
ECDH-P256
RSA-2048
RSA-2048 ECDSA-P256
SHA-256 SHA-256
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Other Recommendations
Use Certificates
Manually installed or authenticated good for transition
Audit how your organization uses uncertified public keys
Do not use password based keys
Generate with tool if need be
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Other Recommendations
Use Certificates
Manually installed or
authenticated good for
transition
Audit how your organization
uses uncertified public keys
Do not use password based
keys
Generate with tool if need be
Use Authenticated Encryption
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
What to Avoid
XCBC-MAC, HMAC-MD5
DH-1024, RSA-1024
RSA-1024
MD5, SHA-1
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Complete Your Online
Session Evaluation
Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
Receive 20 Passport points for each
session evaluation you complete.
Complete your session evaluation
online now (open a browser through
our wireless network to access our Dont forget to activate your
portal) or visit one of the Internet Cisco Live Virtual account for access to
stations throughout the Convention all session material, communities, and
on-demand and live activities throughout
Center. the year. Activate your account at the
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Final Thoughts
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contact me: mcgrew@cisco.com
Backup
Export Restricted Zone
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Export
Attacks on IPsec
Padding
Attacks on TLS
Bleichenbacher chosen ciphertext attack
Renegotiation attack
Side channels
Timing attacks
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Why is Crypto Hard?
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Public Key Sizes
30x
Source: RFC3766, Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
BRKSEC-3009 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 128