More Related Content Similar to Basic Network Security_Primer (20) More from n|u - The Open Security Community (20) Basic Network Security_Primer1. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Network Security
Primer
Authentication and Encryption Techniques
Akshat Sharma,
Cisco Systems
2. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Core
Distribution
Catalyst
3750 Catalyst
3750
Catalyst
3750
Video-
Conferencing
Units
Server farms
C2960s
C2960s
C2960s
C2960s
C4500
5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Web
Auth
VLANs
802.1X ACLs
SGTs
MAB
7. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
• Defined by IEEE and designed to provide port-based
network access.
• 802.1x authenticates network clients using
information unique to the client and with credentials
known only to the client.
•Service known as port-level authentication
8. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Username / Password
Directory
alice
c1sC0L1v
Certificate
Authority
Token
Server
Deployment Best Practices
Re-use Existing Credentials
Understand the Limitations of Existing Systems
Common Types
Passwords
Certificates
Tokens
Deciding Factors
Security Policy
Validation
Distribution & Maintenance
9. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
• The framework is defined by three authentication
processes:
1. The supplicant
Possibly a standalone device or an end user, such as a
remote user.
2. The authenticator
A device to which the supplicant directly connects and
through which the supplicant obtains network access
permission
3. The authentication server
The authenticator acts as a gateway to the authentication
server, which is responsible for actually authenticating the
supplicant.
10. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Authenticator
(e.g. Switch, Access
Point, PAE)
Supplicant
(Client)
Enterprise NetworkSemi-Public Network /
Enterprise Edge
AuthenticationServer
(Radius Server/LDAP or
Kerberos)
R
A
D
I
U
S
NAS
11. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
• EAP
Extensible Authentication Protocol
A flexible protocol used to carry arbitrary authentication information
Typically rides on top of another protocol such as 802.1x (EAPoL) or
RADIUS/TACACS+, etc.
• EAP Messages
Request
Sent to supplicant to indicate a challenge
Response
Supplicant reply message
Success
Notification to supplicant of success
Failure
Notification to supplicant of failure
12. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
EthernetLaptop computer
802.1X Authenticator/Bridge
Radius Server
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request
Radius-Access-Request
Radius-Access-Challenge
EAP-Response (cred) Radius-Access-Request
EAP-Success
Access blocked
Port connect
Radius-Access-Accept
Access allowed
RADIUSEAPOL
16. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
• MAB stands for MAC Authentication Bypass.
• It enables port-based access control using the MAC address of
the endpoint.
• A MAB-enabled port can be dynamically enabled or disabled
based on the MAC address of the device that connects to it.
17. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
• WebAuth is a Layer 3 authentication method.
• After IEEE 802.1X (or MAB) has timed out or failed, the port is
opened long enough to allow the packets required for WebAuth.
• After the port has been opened, the switch enforces a preconfigured
ACL in some VLAN
• At a minimum, the preconfigured ACL should allow the traffic required
to complete the WebAuth process. In most cases, the ACL should at
least allow DHCP (so the client can acquire an address) and DNS (so
the client can trigger WebAuth when using fully qualified domain
names in URLs).
19. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
802.1Q Trunk
EAP Authentication
AAA
Corporate
Resources
Internet
Employee
Guest User
802.1X fails
MAB : “Printer”
Employee Vlan
Web-Auth
802.1X fails
MAB fails
Guest Vlan
22. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
• Brute Force considerations : 128 to 256 bit keys
• Landauer’s Limit kT ln 2 (10^18 Joules for 128 bits)
• Available Wireless Encryption Techniques:
WEP (outdated)
WPA + TKIP (most compatible, less secure)
WPA2+AES (Most secure)
• DO NOT use WEP!
• PKI infrastructure for strong Authentication and encryption WPA2-AES
+ PKI based 802.1x
23. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
• Basically a pseudo random number generator that encrypts data
packets.
• Start with generic 802.11 packet
• Use a secret key plus IV to seed RC4 stream cipher to create
pseudo random number
• Create a CRC-32 of data portion of packet which is then called ICV.
• Data || ICV XOR Pseudo Random Number = Encrypted portion of
WEP Packet
24. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Frame Header Frame Body FCS
Secret Key
(40Bits)
RC4 Algorithm
IV
(24bits)
Generic 802.11 Packet Frame
Shared before communication
begins
Created by
Sending Device
Integrity Check
Algorithm
Frame Body ICV
Frame Header IV Frame Body ICV FCS WEP Packet Frame
Encrypted
25. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
• Key Generation
• ICV Generation
• Weak Key’s and Weak IV’s
• WEP Attacks
26. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
• The main problem of WEP is Key Generation.
• Secret Key is too small, only 40 Bits.
Very susceptible to brute force attacks.
• IV is too small.
Only 16 Million different possibilities for every packet.
• Secret Keys are accessible to user, therefore not secret.
• Key distribution is done manually.
27. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
• The ICV is generated from a cyclic redundancy check (CRC-32)
Only a simple arithmetic computation. Can be done easily
by anyone.
Not cryptographically secure.
• Easy for attacker to change packet and then change ICV to get
response from AP.
28. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
• Certain keys are more susceptible to showing the relationship between
plaintext and ciphertext.
There are approx 9000 weak keys out of the 40 bit WEP
secret key.
• Weak IV will correspond to weak Keys.
29. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
• Replay
Statistical gathering of certain ciphertext that once sent to server will cause
wanted reaction.
• 802.11 LLC Encapsulation
Predictable headers to find ciphertext, plaintext combinations
• Denial of Service Attacks
Flooding the 2.4Ghz frequency with noise.
30. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
• 802.1x
• WPA
• 802.11i
• All much more secure.
31. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
33. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Encryption
“The quick
brown fox
jumps over
the lazy
dog”
“AxCv;5bmEseTfid3)
fGsmWe#4^,sdgfMwi
r3:dkJeTsY8Rs@!q3
%”
“The quick
brown fox
jumps over
the lazy
dog”
Decryption
Plain-text input
Plain-text outputCipher-text
Same key
(shared secret)
34. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
• Strength:
Simple and really very fast (order of 1000 to 10000 faster than asymmetric
mechanisms)
Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael)
• Weakness:
Must agree the key beforehand
Securely pass the key to the other party
35. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
• Knowledge of the encryption key doesn’t give you knowledge of the
decryption key
• Receiver of information generates a pair of keys
Publish the public key in a directory
• Then anyone can send him messages that only she can read
36. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Encryption
“The quick
brown fox
jumps over
the lazy dog”
“Py75c%bn&*)9|fDe^bD
Faq#xzjFr@g5=&nmdFg
$5knvMd’rkvegMs”
“The quick
brown fox
jumps over
the lazy dog”
Decryption
Clear-text Input Clear-text OutputCipher-text
Different keys
Recipient’s
public key
Recipient’s
private key
privatepublic
37. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
• Weakness:
Extremely slow
Susceptible to “known ciphertext” attack
Problem of trusting public key (see later on PKI)
• Strength
Solves problem of passing the key
Allows establishment of trust context between parties
38. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
As above, repeated
for other recipients
or recovery agents
Digital
Envelope
Other recipient’s or
agent’s public key
(in certificate)
in recovery policy
Launch key
for nuclear
missile
“RedHeat”
is...
Symmetric key
encrypted asymmetrically
(e.g., RSA)
Digital
Envelope
User’s
public key
(in certificate)
RNG
Randomly-
Generated symmetric
“session” key
Symmetric
encryption
(e.g. DES)
*#$fjda^j
u539!3t
t389E *&@
5e%32^kd
39. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
*#$fjda^j
u539!3t
t389E *&@
5e%32^kd
Launch key
for nuclear
missile
“RedHeat”
is...
Symmetric
decryption
(e.g. DES)
Digital
Envelope
Asymmetric
decryption of
“session” key (e.g. RSA)
Symmetric
“session” key
Session key must be
decrypted using the
recipient’s private key
Digital envelope
contains “session” key
encrypted using
recipient’s public key
Recipient’s
private key
40. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
• We just solved the problem of symmetric key distribution by using
public/private keys
• But…
• Scott creates a keypair (private/public) and quickly tells the world
that the public key he published belongs to Bill
• People send confidential stuff to Bill
• Bill does not have the private key to read them…
• Scott reads Bill’s messages
• Solution ? – Remember Digital Signatures ?
41. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Hash
Function
(SHA, MD5)
Jrf843kjfgf*
£$&Hdif*7o
Usd*&@:<C
HDFHSD(**
Py75c%bn&*)9|fDe^b
DFaq#xzjFr@g5=&n
mdFg$5knvMd’rkveg
Ms”
This is a
really long
message
about
Bill’s…
Asymmetric
Encryption
Message or File Digital Signature128 bits Message
Digest
Calculate a short
message digest from
even a long input using a
one-way message digest
function (hash)
Signatory’s
private key
private
42. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Jrf843kjf
gf*£$&Hd
if*7oUsd
*&@:<CHD
FHSD(**
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
Asymmetric
decryption
(e.g. RSA)
Everyone has access
to trusted public key of
the signatory
Signatory’s
public key
Digital Signature
This is a
really long
message
about Bill’s…
Same hash function
(e.g. MD5, SHA…)
Original Message
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
? == ?
Are They Same?
43. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
• Message is captured.
• Hash value of the message is calculated.
• Sender's private key is retrieved from the sender's digital certificate.
• Hash value is encrypted with the sender's private key.
• Encrypted hash value is appended to the message as a digital signature.
• Message is sent.
44. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
• Sender's public key is retrieved from the sender's digital certificate
• Encrypted hash value is decrypted with the sender's public key.
• Decrypted hash value is compared against the hash value produced on receipt.
• If the values match, the message is valid.
• Message is received.
• Digital signature containing
encrypted hash value is retrieved
from the message.
• Message is retrieved.
• Hash value of the message is
calculated.