Nge navy tech day
-
Upload
cisco-public-sector -
Category
Technology
-
view
350 -
download
1
Transcript of Nge navy tech day
Next-Generation Encryption (NGE) and the Commercial Solutions for Classified (CSfC) Program
Neil LoveringCCIE #1772Consulting Systems Engineer – Security
[email protected] March 3, 2016
Navy Tech Day – San Diego
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Next-Generation Encryption Overview
• NGE and the Commercial Solution for Classified Program
• CSfC Use-Case
• Cisco NGE Innovation Focus Areas
• Summary
2
Next-Generation Encryption Overview
3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Cryptography
• Cryptography is embedded in all Cisco products
• Cryptography is critical to every solution and market
• Cryptography is vital to Cybersecurity efforts across all markets
• On the flip side … Cryptography makes network traffic invisible
The Universal Security Feature
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cryptographic Mechanisms
Encryption
Data Authentication
Key Establishment
Signatures
Hashing
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Security at Different Layers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
802.11 WPA2 Wireless Security
Application
Presentation
Session
Transport
Network
Link
Physical
802.11i
802.11i
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Ethernet MACSec
Application
Presentation
Session
Transport
Network
Link
Physical
MACSec
802.1AE
MACSec
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
IPSec
Application
Presentation
Session
Transport
Network
Link
Physical
IPSec
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Transport Layer Security (TLS)
Application
Presentation
Session
Transport
Network
Link
Physical
TLS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Secure Shell (SSH)
SSH
Application
Presentation
Session
Transport
Network
Link
Physical
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Secure RTP
SRTP
Application
Presentation
Session
Transport
Network
Link
Physical
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Defense in Depth
Application
Presentation
Session
Transport
Network
Link
Physical
IPSec 802.11i
MACSecTLS SRTP
SSH
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
What is Next-Generation Encryption (NGE)?
• New/upgraded algorithms, key sizes, protocols and entropy
• Compatible with existing security architectures
Cryptographic Technologies
• Algorithm efficiency enabling increased security
• Scales well to high throughput
Secure and Efficient
• Suite B (US)• FIPS-140 (US/Canada)• NATO
Compatible with Government Standards
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Next-Generation Encryption: Why is it Important?
• Crypto moves in ten-year investment waves/cycles –Starting with Governments, Financials, etc.
• The explosion of mobile devices (BYOD)
• Low-power endpoint evolution driving need for more efficient, stronger crypto
• Higher data throughputs driving scalability needs
• Current cryptographic implementations *will not* scale to 10G, 40G and 100G
• Vulnerabilities and threats continue to change, and hackers are becoming more skilled and funded
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Next-Generation Encryption: Why is it Needed?
• Cryptography is a fundamental underpinning of nearly all security products, solutions, and architectures
• Cisco has increased the R&D and innovation focus on its Security portfolio
• NGE is the strongest and most efficient commercial cryptography– Leverages standards-based solutions– Elliptic Curve, AES-GCM (Galois Counter Mode), etc…
• Networking technologies continue to evolve:– Ethernet (10/100Mb,1Gb,10Gb, 40Gb, 100Gb, …) – Wi-Fi (11, 54, 150, 300, 450, etc… )– Cryptography (3DES, AES-CBC, AES-GCM)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next-Generation Encryption Protocol Suite
Key Establishment ECDH-P256/384/521
Digital Signatures ECDSA-P256/384/521
Hashing SHA-256/384/512
Authenticated Encryption AES-128/256-GCM
Authentication HMAC-SHA-256/384/512
Entropy SP800-90
17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
What is Suite B?
• NSA encryption guidance titled “Suite B”– http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf
• “Suite B” is not a protocol – – It is a profile for consistent security when using multiple cryptographically strong
protocols– It enables government customers to conform to Suite B requirements– Suite B offers the best technologies for future-proof cryptography, setting the trend for
the industry
• CNSSP-15 Policy Compliant (Committee on National Security Systems Policy)– (6) The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and
256) are sufficient to protect classified information up to the SECRET level– TOP SECRET information will require use of either the 192 or 256 key lengths. The
implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Standards and Protocols
• The following documents provide guidance for using Suite B cryptography with Internet protocols:
Source: http://www.nsa.gov/ia/programs/suiteb_cryptography/
– RFC 6239: "Suite B Cryptographic Suites for Secure Shell (SSH)”– RFC 6318: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)”– RFC 6380: "Suite B Profile for Internet Protocol Security (IPSec)”– RFC 6460: "Suite B Profile for Transport Layer Security (TLS)”– RFC 7030: “Enrollment over Secure Transport”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Cisco NGE and Suite B
• NGE is a super set of “Suite B” – Cisco has additional Cipher Suites
• Upgrades all crypto mechanisms – New/Upgraded algorithms, key sizes, protocols and entropy
• Compatible with existing security architectures, e.g., DMVPN, GETVPN, P2P SAs
• Standards-based components, available today in next-generation solutions
• Targets Suite B (US), FIPS-140 (US/Canada), NATO
NGE(Cisco)
Suite B(NSA)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next-Generation Encryption vs. Suite B
Encryption
Data Authentication
Key Establishment
Digital Signatures
Hashing
AES-128-GCM ECDH-P256 SHA-256ECDSA-P256
AES-256-GCM
ECDH-P384 SHA-384ECDSA-P384
ECDH-P521 SHA-512ECDSA-P521
AES-192-GCM
Suite BmLoS 128
21
Suite BmLoS 192
mLoS = Minumum Level of Security
NGE, Suite B and the Commercial Solution for Classified Program
22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
CNSSP-15
• CNSSP-15 (Committee on National Security Systems Policy 15), National Information Assurance Policy (NIAP) on the Use of Public Standards for Secure Sharing of Information Among National Security Systems
• CNSSP-15 states:– IA and IA-enabled IT products with integrated cryptography acquired to protect NSS and
information therein shall adhere to the following:• After 1 October 2015, the appropriate Suite B cryptographic algorithms or a commensurate suite
of NSA-approved cryptographic algorithms shall be included;• Prior to 1 October 2015, the appropriate Suite B cryptographic algorithms and/or the appropriate
legacy cryptographic algorithms, or a commensurate suite of NSA-approved cryptographic algorithms shall be included;
• Be compliant with NSA-approved public key and key management infrastructures as appropriate; and
• Successfully complete security protocol interoperability testing by an NSA-approved security protocol interoperability testing service.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
NGE Target Use-CasesNGE for Unclassified
Use: For protection of unclassified data• Strengthens existing data protection
needs
• Opportunity to leverage NGE for advanced protection
• Traditional deployment models
• Upgrade cipher suites for added security
• CNSSP-15 compliance
Why not? Because “they” said so
NGE for ClassifiedUse: For protection of classified data• NSA-led CSfC program
• Well-defined Deployment Architectures
• More stringent deployment policies than Civilian/non-DoD customers
• Leverages a Layered Architectural Approach
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
NGE Enabled Encryption Architectures:Available Today
Remote Access VPNs
ASA Firewall
CSM / ASDM GM4
GM5
GM6 GM7
GM8
GM9
GM1GM2
GM3KS
GETVPN*
&^*RTW#(*J^*&*sd#J$%UJ&(
802.1X
Supplicantwith
MACSec
Guest User
MACSec Capable Devices
&^*RTW#(*J^*&*sd#J$%UJWD&(
Data sent in clear
MACSec Link
Encrypt DecryptAuthenticated User
MACSec
Spoke-3
. .
.
Site-to-Site, DMVPN and FlexVPN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Commercial Solutions for Classified Program
• NSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data
• This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years
• CSfC program requirements are customer-driven – CSfC vendors do not request features or drive requirements
– http://www.nsa.gov/ia/programs/csfc_program/index.shtml
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Why is CSfC Interesting to Customers?
• Leverages well-known COTS encryption solutions and operation models
• Operational Simplicity– Operational expense – complexity of COTS is not new and risk has diminished– Well understood capabilities, troubleshooting, etc.
• Quicker time-to-market of innovation– Can leverage COTS technology, speeds/feeds, innovation and scale testing by vendors– Will not lag – “industry best practices” and SW feature innovations
• Reduced Cost– COTS TCO will be lower given open market chip sets, silicon and vendor familiarity
• Availability– EAR export restrictions mean fewer availability, handling issues– Rapid Deployment: Allows field to deploy solutions more rapidly
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
CSfC “Layered” Architectures for Classified
• Architectural, defense-in-depth (e.g. “layers”), approach to security– SECRET require 2 Layers of ‘countable’ Crypto mLoS 128– TOP SECRET requires 2 layers of ‘countable’ Crypto mLoS 192
– Example: 1+1 = 2 ‘countable’ layers sufficient for protecting SECRET information
Suite B VPN / Countable Layer #1
Suite B Application Layer Security / Countable Layer #2
Approved Encryption Technologies can vary at each Layer
Outer Tunnel
Inner Tunnel
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
CSfC Components
• VPN• Mobility• Campus WLAN
• Must be validated against an approved PP
• NDPP v1.1 minimum• VPNGW EP• SIP Server• Application (VPN, VoIP, etc.)• WLAN
• FIPS 140-2
Capability Packages NIAP Evaluations FIPS
Memorandum of Agreement (MoA) is entered between the CSfC Program office and the Vendor
• The MoA states that the vendor’s product must be NIAP certified, FIPS certified, and that the vendor agrees to fix vulnerabilities in a timely fashion
• The MoA may also reference technology-specific selections for NIAP testing
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
What is a Capabilities Package (CP)?
• Contain product-neutral information that will allow customers/integrators to successfully implement their own solutions
• Customers/integrators make product selections while following the guidelines/restrictions to create an architecture with specific commercial products configured in a particular manner
• Provide sufficient guidance for accreditors to make informed decisions on whether solutions meet their mission and security requirements
Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
NGE vs Suite B vs CSfC (1)
• NGE is a super-set of Suite B– Includes older, transitional ciphers as well as Suite B compliant and stronger ciphers
• Suite B is a consistent and specific implementation of cryptographic ciphers
• CSfC is a layered architecture of Suite B compliant COTS equipment
NGE(Cisco)
Suite B(NSA)
CSfC(NSA)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NGE vs Suite B vs CSfC (2)
• Therefore …– Suite B = NGE but NGE > Suite B– CSfC = two compliant layers of Suite B
• Customers can deploy Suite B and be compliant with CNSSP-15 and not require a CSfC Architecture
• Customers that are tasked with protecting CLASSIFIED material must adhere to the CSfC requirements
32
NGE(Cisco)
Suite B(NSA)
CSfC(NSA)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Manufacturer Diversity Requirement
• CSfC layered solutions, with a single vendor is now permitted under certain conditions
• The manufacturer must document the similarities and differences between the two products, including: cryptographic HW components, SW code base (i.e. operating system), software cryptographic libraries, and development teams
• NSA will review the information of solutions and determine if they meet the requirements for independent layers
• Cisco’s variation of OSs, across certain platforms are targeting this “single-vendor” solution that is compliant with the CSfC guidelines
“The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain
conditions, single-manufacturer implementations of both layers.”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Cisco as the Single Vendor Multi-Platform for CSfC• Allows Cisco ASA to be used as an Inner or Outer VPN Gateway when
paired with an approved IOS/IOS-XE VPN router
CSfC Use-Cases
35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Some Quick Terminology
• CSfC – Commercial Solutions for Classified – an NSA-
sponsored program
• Red Network– Red Data consists of unencrypted classified data
including Voice and Video
• Gray Network– Gray Data consists of classified data (including Voice/Video) that has been encrypted
once (TLS/SRTP/IPSec)
• Black Network– Black Data consists of classified data (including Voice/Video) that has been encrypted
twice (typically but not limited to IPSec)
CSfC VPN Compatibility Package
37
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
CSfC Site-to-Site VPN
– Solution BoundaryOuter IPSec Tunnel – 2nd encryptionInner IPSec Tunnel – 1st encryptionCustomer Traffic - unencrypted
Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )
* SECRET requires mLoS 128
** TOP SECRET requires mLoS 192
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
CSfC Multiple Security Levels
Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )
* SECRET requires mLoS 128
** TOP SECRET requires mLoS 192
– Solution BoundaryOuter IPSec Tunnel – 2nd encryptionInner IPSec Tunnel – 1st encryptionCustomer Traffic - unencrypted
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
CSfC Client-to-Site (Remote Access)
Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )
* SECRET requires mLoS 128** TOP SECRET requires mLoS 192
– Solution BoundaryOuter IPSec Tunnel – 2nd encryptionInner IPSec Tunnel – 1st encryptionCustomer Traffic - unencrypted
Cisco NGE Innovation Focus AreasOptical EncryptionMACSec
41
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Foundations of High Speed Crypto
IPSec EncryptionLayer 3
Layer 2
Layer 1
Cisco Product Lines: ISRs, ASR1K, ASR9K
802.11AE (aka MACSec) Ethernet EncryptionCisco Product Lines: Cat 2k,3K,4K,6K; Nexus 7K; ISRNG, ASR1K, ASR9K
OTN EncryptionCisco Product Lines: ONS 15454
OSI Layers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
DWDM Encryption Architecture
256 bitAES
Key exchange over OTU2 GCC
OTU2 Payload Encrypted with 256-bit AES
DWDM Wavelength(s)
Ethernet
Fibre Channel
OTN
Ethernet
Fibre Channel
OTN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Why MACSec in the WAN?
• Ethernet services have moved beyond the campus
• Ethernet is growing rapidly as a WAN/Metro wire-line “transport” service– WAN/Metro SP offerings are replacing existing T1, ATM/FR, and SONET OC-x with Ethernet– Ethernet services apply to:
• WAN links for core, edge, remote branch back-haul• PE-CE backhaul• Metro-E service hand-offs (E-LINE, E-LAN, E-TREE)
• Current IPSec encryption rates cannot run line-rate, for all packet sizes beyond 40Gbps
• Cisco’s goal is to integrate MACsec as part of new Ethernet interface/LC development moving forward
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Confidentiality and Integrity: 802.1AE based Encryption• MACSec provides Layer-2 hop-by-hop encryption and integrity,
based on IEEE 802.1AE standard
• 128bit AES-GCM (Galois/Counter Mode) – NIST Approved
• Line-rate Encryption/Decryption for 1/10/40/100GbE interfaces
• Replay protection of each and every frame
• 802.1AE encryption to protect CMD field (SGT value)
802.1AE
Customer Benefits• Protects against man-in-the-middle attacks (snooping, tampering, replay)• Standards-based frame format and algorithm (AES-GCM) • 802.1X-2010/MKA addition supports per-device security associations in shared media
environments (e.g. PC vs. IP Phone) to provide secured communication• Network service amenable hop-by-hop approach compared to end-to-end approach (e.g.
Microsoft Domain Isolation/virtualization)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
802.1AE (MACSec) Tagging
• Frames are encrypted and protected with an integrity check value (ICV)
• MACSec Ethertype is 0x88e5
• No impact to IP MTU/Fragmentation
• L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame (~1600 bytes with 1552 bytes MTU)
D-MAC S-MAC 802.1AE Header 802.1Q CMD E-Type Payload ICV CRC
MACSec EtherType TCI/AN SL Packet Number SCI (optional)
TrustSec Frame Format
Encrypted
0x88e5
Authenticated
NGE and Cisco VPNs
47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
VPN Review
• The players in large, multi-site VPN deployments:– Site-to-site (S2)– Dynamic Multipoint VPN (DMVPN)– Group Encrypted Transport VPN (GETVPN)– FlexVPN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
IKEv2 Benefits
• Uses less bandwidth than IKEv1
• Supports EAP authentication (not standard in IKEv1)
• Supports Mobile IKE (MOBIKE)– Changing IP addresses
• Built-in NAT traversal
• Can detect whether a tunnel is still alive
• Anti-DOS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
VPN Technology ComparisonFeatures DMVPN GETVPN FlexVPN
3rd Party Compatibility xAAA attributes support x
Dynamically addressed spoke x x xDynamic Routing x x x
Dynamic Spoke to Spoke tunnel x x xIKEv2 x x
Public Transport x xIPv6 x x x
IP Multicast x x xNAT x x
Non-IP
QoS x x xVRF x x x
Wrap-Up
61
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
NGE and CSfC Summary
• Cisco has many products that can satisfy all current CSfC CPs
• NGE/Suite B impacts all Federal customers (CNSSP-15)
• Cisco is actively engaging with the Program office to add more products
• CSfC requirements are Customer led, not Vendor led
• Customers should contact [email protected] for specific Mission requirements that fall outside the Capability Packages
62
Neil LoveringCCIE #1772