Public Key Infrastructure and Virtual Private Network: concepts, solutions and projects

Transcript

1 Public Key Infrastructure and Virtual Private Network: concepts, solutions and projects Ing. Mirko Tedaldi CryptoNet Overview Introduction: who is CryptoNet Outlines of introduction to cryptography, PKI and relative Entrust Technologies Introduction to Virtual Private Network (VPN) and the IPSec protocol The Role of PKI in VPN A case study: the VPN project for OMNITEL The architecture of the VPN OMNITEL Outlines of the VPN project management

2 CryptoNet: who we are The only Italian Company 100% devoted to security (infosec as the only business area, from corporate security policy design to router secure configurations); Committed to enable Customer INNOVATION as a way to gain Competitive Advantage : first mass market Crypto SC in Italy; first WWW-based Information System over the Internet in Italy : first Corporate Internet-connection security CERTIFICATION in Italy : first secure Internet Home banking in Italy; introduction of first Active RSA SC in Italy : very large "BNL Group security" contract; the first Ipsec WW network in Europe (Luxottica); first IPSEC demo with CISCO in Europe (TIM). 1999: the two largest Ipsec VPNs in the world with CISCO (1000 routers, OMNITEL 2000, , RUPA...); the first on-line trading with digi sig and timestamping 2000: the largest SSO and digi sig integration for SAP ( seats) in Europe, implemented in 12 Weeks from contract signature; Customers list: FIAT, ENEL, ENI, Pirelli, SIA, CSELT, SSGRR, BNL, Magneti Marelli, Urmet, ABB, Luxottica, Omnitel, SOGEI/Ministero delle Finanze, RUPA, Ministero del Tesoro, WIND ; Good experience in the technical, regulatory and business-drivers fields. How can we do it? 1. Focus, Focus, Focus. 2. Have a highly trained sales force, used to consult with customers as a mean to design the solution 3. Have an extremely skilled delivery group, expose it to the most challenging projects in the marketplace, invest all the money needed to improve skills, experiences, qualifications. 4. Enjoy what we do, and be proud of our achievements. 5. Deliver the highest quality services in the industry, and look for customers who need the quality and pay for it 6. Network with other companies similar to ours (Cybersafe, Entrust, Timestep, PeerLogic ). 6. In the end, we do it from day one!

3 What we do best 1. Use technology to COLLAPSE technological and organizational complexity (technology layers requiring attention have to diminish, if DP people are to survive!!) 2. Constantly adopt the best practices through our partnership with the best companies in the world 3. Always take into account our systems will have stakeholders in the IT community (systems managers), in the End Users community, in the Financial community. ROI has to be measurable. Expensive systems have to deliver high value, or we re out of business quickly. Being out of business quickly is bad we don t like it-. 4. Don t be worried being the first at doing complex things: there will always be the first, and all the times it happened to us we were successful. 5. Avoid unnecessary complexity: the less pieces you use, the less pieces will have the chance to break. 6. Earn the genuine enthusiasm of every customer we serve Just an example: Some of the requirements to have an operational system:: Authentication Authorization, Streamlined and generalized access to Information Resources, Network security from internal and external intrusions and Denial of Service Attacks, Support for roaming users, Support for non-repudiation of transactions, confidentiality, Integration with pre-existent systems, Integration with pre-existent systems environment (OS, Network.). And, again: disaster recovery, security policy, personnel education and training. In the end, architectural openness to new technologies (WAP.). We have already done it.

4 Confidentialità Evitare che destinatari non autorizzati leggano il messaggio Autenticazione Integrità Proteggere l identità del mittente del messaggio da alterazioni Proteggere i messaggi da alterazioni intenzionali o accidentali Non-ripudio I livelli ISO di sicurezza Proteggere i destinatari di un messaggio dal rischio di ripudio dell invio da parte del mittente Controllo degli accessi Rendere accessibile il contenuto del messaggio solo ai destinatari autorizzati I due tipi di algoritmi crittografici Crittografia simmetrica ( o a chiave segreta): utilizza una sola chiave crittografica che deve essere posseduta sia dal mittente sia dal destinatario del messaggio Crittografia asimmetrica Crittografia asimmetrica (o a chiave pubblica): utilizza una coppia di chiavi (una pubblica e l altra privata) possedute entrambi da un unico proprietario

5 La Crittografia Simmetrica Chiave segreta comune CIFRA Chiave segreta comune DECIFRA Bob Alice Bob e Alice condividono una chiave segreta comune La Crittografia Asimmetrica CONFIDENZIALITÀ Chiave pubblica di Bob CIFRA Chiave privata di Bob DECIFRA Alice Bob Solo Bob può decifrare il documento, perché solo lui possiede la chiave privata

6 La Crittografia Asimmetrica AUTENTICAZIONE Chiave privata di Alice CIFRA Chiave pubblica di Alice DECIFRA Alice Bob Bob è sicuro che il messaggio è stato cifrato da Alice perché solo lei possiede la sua chiave privata Creazione della Firma Digitale Funzione hash = Documento hash hash Chiave privata = DIGITAL SIGNATURE Documento Digital Signature Chiave pubblica

7 Verifica della Firma Digitale Funzione hash = Documento Hash fresco Chiave pubblica del firmatario = Hash decifrato =? Comparazione del hash decifrato con hash fresco I Certificati Elettronici Mirko Tedaldi CA: CryptoNet Valido dal 16/1/2000 al 15/1/2001 Valore della chiave pubblica Informazioni contenute nel certificato Chiave privata della CA Firma della CA

8 Third-Party Trust Garantisce la corrispondenza tra chiave pubblica e soggetto attraverso i certificati digitali Autorità di Certificazione Alice Bob Public Key Infrastructure certificate/crl download policy/cps download Certificate/CRL repository RA registration authentication initialization key generation certification key backup/recovery key update certificate revocation CA/RA communication End entity certificate/crl pubblication policy/cps distribution external CA CA cross-certification or hierarchical relation

9 Requirements Certification Cross-certification Authority Key Histories Support for non-repudiation Key Backup & Recovery Timestamping Certificate Repository Automatic Key Update ENTRUST PKI software Certificate Revocation Entrust/Authority Entrust/PKI Architecture Entrust/Admin Security Officers Administrators Directory Entrust/Timestamp Entrust/Entelligence Entrust-Ready Applications Web Browsers & Servers SET Wallets Merchants Payment Gateway Routers Firewalls Gateways Access Devices

10 Entrust/Authority Entrust/PKI Architecture Entrust/Admin Security Officers Administrators Entrust Authority :: Emissione certificati, Revoca certificati, Directory Entrust/Timestamp Aggiornamento automatico delle chiavi, Aggiornamento automatico delle chiavi, SET Impostazione delle politiche, Wallets Entrust/Entelligence Web Browsers Merchants Entrust-Ready & Servers Payment Gateway Altre Applications Routers Firewalls Gateways Access Devices Entrust/Authority Entrust/PKI Architecture Entrust/Admin Security Officers Administrators Directory La La directory è il il repository ove sono pubblicate: Entrust/Timestamp le le liste di di revoca dei certificati (CRL), SET Wallets le le liste di Entrust/Entelligence di revoca dei cross-certificati (ARL), Web Browsers Merchants Entrust-Ready & Servers Payment Gateway Applications i i certificati di di cifra. Routers Firewalls Gateways Access Devices

11 Entrust/Authority Entrust/PKI Architecture Entrust/Admin Security Officers Administrators Directory Entrust/RA :: tramite questa Entrust/Timestamp interfaccia è possibile amministrare remotamente l Authority. Entrust/Entelligence Entrust-Ready Applications Web Browsers & Servers SET Wallets Merchants Payment Gateway Routers Firewalls Gateways Access Devices Entrust // Entelligence. Entrust/Authority Il software lato client di Entrust è completamente Entrust/Admin Security Officers Administrators Entrust/Timestamp Entrust/PKI Architecture Il software lato client di Entrust è completamente integrato con con le le funzioni del del desktop di di Windows 95/98 e NT. NT. Directory E E possibile cifrare (decifrare), firmare (verificare), apporre una una marca temporale (validare temporalmente) ogni tipo tipo di di file file con con un un semplice click. Entrust/Entelligence Entrust-Ready Applications Web Browsers & Servers SET Wallets Merchants Payment Gateway Routers Firewalls Gateways Access Devices

12 Entrust/Admin Security Officers Administrators Entrust/PKI Architecture Entrust // VPN CONNECTOR: Entrust/Authority una registration authority per i i device IPSec :: cisco, axent, etc Directory Entrust/Timestamp Entrust/Entelligence Entrust-Ready Applications Web Browsers & Servers SET Wallets Merchants Payment Gateway Routers Firewalls Gateways Access Devices Scalability: Automatic Key Lifecycle Management Keys and certificates require periodic renewal For scalability, VPN devices and IPSec client software should transparently update keys and certificates prior to expiry Key Expiry Key Generation Certificate Issuance Certificate Validation Key Usage

13 What is a VPN? At its simplest, a VPN (Virtual Private Network) is a network built on top of the services of another network often VPNs are built on the public Internet, but not always Network Network Network Network Network Network Network Network New York Office Network Paris Office Tokyo Office Network Network Network Network Network Network Network Network Network Sydney Office Uses for VPNs There are three key problems being solved: 1.Remote Access: giving remote users ondemand access to network resources 2.Branch Office: giving remote offices permanent VPN connectivity (sometimes called gateway to gateway) 3.Extranet: giving partners access to common resources

14 Prevailing Methods Remote Office Lan HQ Lan Router Internet Router Firewall Home User Roaming User Modem Pool VPN Methods Clear Text Remote Office Lan Encrypted Tunnel Clear Text HQ Lan Router Internet Router Firewall Home User Roaming User Modem Pool

15 Business Reasons for VPNs Increased business being done over Internet Secures communications at network layer (IP) across all applications (including legacy apps) Cost effective for remote access: compare to a modem pool and long distance charges How often do they dial in and for how long? What about international calls? What will it cost to maintain this? The Nature of Secure VPNs The classic problems authentication integrity confidentiality Which devices do I trust? Which client machines do I trust? Is anyone able to monitor my session? Is anyone able to hijack my session?

16 Why is PKI important to VPN? It is relatively easy to build a secure pipe or tunnel between two nodes or users on a public network Unless you know exactly who is at both ends of the pipe it has little value (initial authentication is fundamental) Digital certificates provide a means to strongly authenticate users and devices in a VPN tunnel A managed PKI provides a scalable platform upon which to build large, secure, and trusted VPN s. Scalability VPNs do not scale without using public-key certificates Preshared Keys Certificates Without Certificates (fully-meshed) Effort n 2 Effort n With certificates

17 VPN + PKI PKI Internal network Internal network VPN Authentication in IPSec Manual keying Difficult to administer, distribute Prone to error Pre-shared keys Single key or passphrase per peer Still results in huge numbers of keys in meshed networks Digital signature and certificates Third Party Trust minimizes the number of keys required for strong authentication

18 An outline of IPSec The goal of the IPSec architecture is to provide various security services for traffic at the IP layer, in both the IPv4 and IPv6 environments. (IETF-RFC2401) Interoperable authentication, integrity and encryption IP Data (Encrypted) IPSec Header(s) AH/ESP IP Header Encapsulating Security Payload Header (ESP) ESP header is prepended to IP datagram Confidentiality through encryption of IP datagram Integrity through keyed hash function Security Parameter Index (SPI) Sequence Number Field Initialization Vector Payload Data Padding (If Any) Pad Length Authentication Data Next Header

19 Authentication Header (AH) AH header is prepended to IP datagram or to upper-layer protocol IP datagram, part of AH header, and message itself are authenticated with a keyed hash function Next Header Payload Length RESERVED Security Parameter Index (SPI) Sequence Number Field Authentication Data IPSec Sessions IKE (1) From net A to net B From net A to net C ISAKMP SA IKE(2) IPSEC SA IKE(2) IPSEC SA Ip tunneled Ip tunneled IKE(2) IPSEC SA IKE(2) IPSEC SA Ip tunneled Ip tunneled

20 IKE Utilizzato per effettuare l autenticazione tra i punti terminali della VPN e per lo scambio delle chiavi delle sessioni IPSEC. Si appoggia sul protocollo UDP (porta 500). phase 1 - durante questa fase avviene l autenticazione tra i punti terminali della VPN (sessione ISAKMP), phase 2 - in questa fase vengono contrattati gli algoritmi, la lunghezza della chiave, la durata massima della sessione e la chiave di sessione per le sessioni IPSEC Security Association (SA) Firewall Router Insecure Channel Agreement between two entities on method to communicate securely Unidirectional two-way communication consists of two SAs

21 ROUTER 2 ROUTER 1 VPN Architecture VPN GCI VPN CON. SLAVE 1 DIR CA ADMNI SLAVE 2 DIR MASTER DIR CA Protocolli di Comunicazione Protocollo Funzionalità Porta TCP CMP Certificate Management Key and certificate management 829 Protocol LDAP Lightweight Directory Access Protocol Accesso a directory X.500 attraverso TCP/IP 389 DISP Directory Shadowing Protocol CEP Certificate Enrollment Protocol HTTP Hypertext Transfer Protocol Shadowing tra master directory e slave directory 102 Enrollment dei router Cisco 1600 Accesso tramite web server alla CGI del VPN Connector 80

22 Protocolli di Amministrazione Protocollo Funzionalità Porta TCP SPKM Simple Public-Key GSS- API Mechanism Amministrazione remota della CA attraverso l interfaccia Entrust/Admin 710 DAP Directory Access Protocol Amministrazione remota delle directory attraverso l interfaccia DAC 102 Le comunicazioni in una VPN (1) Sorgente Destinatario Protocol Azione ENROLLMENT Router VPN CGI HTTP Richiesta di enrollement VPN CGI VPN Connector CEP Dispatch della richiesta di enrollment VPN Connector Certification Authority Certification Authority SEP Abilitazione del router nella CA Master Directory LDAP Pubblicazione dei certificati dei router Master Directory Slave Directory DISP Update delle copie shadow

23 Le comunicazioni in una VPN (2) Sorgente Destinatario Protocol Azione IPSEC Router Slave Directory LDAP Scaricamento delle CRL REVOCA VPN Connector Master Directory LDAP Revoca dei certificati dei router Il processo di enrollment Quando un nuovo router entra a far parte di una VPN occorre innanzitutto effettuare il processo di enrollment, che consiste in : autenticazione e riconoscimento della certification authority, generazione delle coppie di chiavi crittografiche, richiesta di certificazione delle chiavi ed ottenimento dei proprio certificati digitali

24 Il processo di enrollment 1 passo : il riconoscimendo dell authority RA (VPN Connector) CERTS? Il processo di enrollment 1 passo : il riconoscimendo dell authority RA (VPN Connector) Aa:b0:c2:... Fingerprint? Fingerprint: aa:b0:c2:...

25 Il processo di enrollment 2 passo : generazione delle chiavi a bordo del router RA (VPN Connector) CA: o=cryptonet,c=it Il processo di enrollment 3 passo : certificazione delle chiavi pubbliche RA (VPN Connector) Per favore certificare CA: o=cryptonet,c=it

26 Il processo di enrollment 3 passo : certificazione delle chiavi pubbliche Fingerprint: b2:c4:e6:00:?e9:aa:cc:01:... RA (VPN Connector) Fingerprint? b2:c4:e6:00: e9:aa:cc:01:... CA: o=cryptonet,c=it Il processo di enrollment 3 passo : certificazione delle chiavi pubbliche GRANT! CA CA: o=cryptonet,c=it

27 Il processo di enrollment Fine : il router possiede tutto il materiale necessario per farsi riconoscere. CA: o=cryptonet,c=it Il processo di enrollment Viene effettuato una tantum, è un processo complesso e molto delicato, la procedura deve essere eseguita scrupolosamente per non comprometterne la validità, coinvolge diversi attori : Amministratori del router, Amministratori della VPN (RA), Amministratori della CA

28 L autenticazione tra routers Durante il normale funzionamento della VPN, gli unici momenti in cui vi è un contatto con la PKI è durante la fase di autenticazione: DIRECTORY X.500 CRL? Revoked certs: , , , ca trust OK! Il download delle CRL Durante il normale funzionamento della VPN, l unica interazione con la PKI avviene con la sola directory, per ottenere le CRL più aggiornate: non richiede alcuna operazione manuale, viene effettuata soltanto quando scade l ultima CRL che è stata scaricata

29 The customer Name : Omnitel Pronto Italia Importance: 2 nd mobile operator in the world Subscribers: > 9M The project Name: Omnitel2000 Scope: use GSM as distribution points of new services (from horoscope to finance) Challenge: time to market Requirements: availability of service, scalability

30 The solution Idea: create a star network between Omnitel and content providers, use IP over CDN, authenticate end-points Products: Cisco routers (the net), Entrust/PKI, Entrust/VPN Connector, PeerLogic i500 directory Results: 1 st (for birth) and 2 nd (for growth = 1000 routers) largest VPN in the world based on this technology OmnitelVPN: : main project tasks 1) Fase preparatoria 2) Approviggionamento 3) Installazione 4) Test sistema 5) Consegna del sistema 6) Istruzione del personale 7) Documentazione 8) Manutenzione 12 man-day 2 man-day 54 man-day 6 man-day 2 man-day 70 man-day 60 man-day (out of project plan)

31 6XE7DVNV )DVHSUHSDUDWRULD Fase preparatoria Studio topologia Configurazione rete Sistemi di protezione Struttura di naming X.500 $SSURYLJJLRQDPHQWR Hardware Licenze Software,QVWDOOD]LRQH 'LUHFWRU\0DVWHU ½Installazione software 1 ½Configurazione DSA 1 ½Installazione software 2 ½Configurazione DSA 2 ½Configurazione ridondanza &HUWLILFDWLRQ$XWKRULW\ ½Installazione software ½Preconfigurazione 6XE7DVNV 931&RQQHFWRU ½Installazione e configurazione web server ½Registration Authority GUI 7HVWLQWHUPHGLRGLVLVWHPD ½Configurazione CISCO ½Enrollment e debug 'LUHFWRU\6HFRQGDULH ½Installazione software 1 ½Configurazione DSA 1 ½Installazione software 2 ½Configurazione DSA 2 ½Configurazione ridondanza

32 6XE7DVNV 7HVWVLVWHPD VLVWHPD &RQILJXUD]LRQH&,6&2 ½Dichiarazione CA ½Generazione chiavi 'RFXPHQWD]LRQH Documentazione di progetto Guida risoluzione problemi Guida alle procedure (QUROOPHQWHGHEXJ &RQVHJQD &RQVHJQDGHOVLVWHPD,VWUX]LRQH,VWUX]LRQHGHOSHUVRQDOH Generico su PKI Amministratore VPN Amministratore ID Task Name 1 3URMHFWPDQDJHPHQW 2 )DVHSUHSDUDWRULD 3 Studio topologia 4 Configurazione rete 5 Sistemi di protezione 6 Struttura di naming X $SSURYLJJLRQDPHQWR 8 Hardware 9 Licenze Software 10,QVWDOOD]LRQH 11 Directory Master 12 Certification Authority 13 VPN Connector 14 Test intermedio di sistema 15 Directory Secondarie 16 7HVWVLVWHPD 17 Configurazione CISCO 18 Enrollment e debug 19 &RQVHJQDGHOVLVWHPD 20,VWUX]LRQHGHOSHUVRQDOH 21 Generico su PKI 22 Amministratore VPN 23 Amministratore CISCO 24 'RFXPHQWD]LRQH 25 Documentazione di progetto 26 Guida risoluzione problemi 3URMHFW:RUNSODQ 27 Nov Dec Dec Dec Dec Jan Jan Jan Jan Jan

33 Question Time Altro materiale

34 Types of Enrollment Certification Authority (CA) PKCS #10 File-based certificate request PKCS #7 File-based certificate retrieval CEP HTTP-based certificate request and retrieval PKIX-CMP certificate request and management PKCS-equipped VPN device CEP-equipped VPN device PKIX-equipped VPN device Supported in VPN Connector Supported with EntrustIPSec Negotiator How IPSec works in PKI environment 1. PKI Enrollment Key/cert lifetime ~1yr User/Node A IPSec SA IPSec AH/ESP AH/ESP User/Node B IPSec AH/ESP IPSec SA 2. Mutual authentication using digital signature and certificates. On success IKE SA is negotiated. Lifetime ~days. IKE SA PK(A) IKE PKI Support Cert(B)+Sig IPSec IKE SA Cert(A)+Sig IKE PKI Support IKE SA PK(B) 3. IKE SA used to secure IPSec SA negotiation. Lifetime shorter than IKE SA and can be limited by data volume. 4. IPSec SA and keys used to secure AH/ESP traffic. 5. When IPSec SA expires: -> re-negotiate with pre-existing IKE SA When IKE SA expires: -> authenticate with dig sig and certs and negotiate new IKE SA (step 2) 6. When certs expire re-enroll (PKCS#10) or use PKIX-CMP to automatically update with new keys and certs. PKIX- CMP LDAP LDAP Directory Entrust/Authority (CA)

35 An example of Cisco Configuration CA definition ip domain-name cryptonet.it crypto ca identity myca enrollment mode ra enrollment url query url ldap:// crl optional Step 1 Generate Public/Private Keys cisco(config)#crypto key gen rsa usage-key The name for the keys will be: mirko.cryptonet.it Choose the size of the key modulus in the range of 360 to 2048 for your Signature Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [1024]: Generating RSA keys... [OK] Choose the size of the key modulus in the range of 360 to 2048 for your Encryption Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [1024]: Generating RSA keys... [OK] An example of Cisco Configuration

36 An example of Cisco Configuration Step 1 Generate Public/Private Keys #sho crypto key mypublic rsa % Key pair was generated at: 01:18:43 UTC Mar Key name: mirko.cryptonet.it Usage: Signature Key Key Data: 305C300D 06092A F70D B BEDC6C FBD327FC 2AFC7521 F2DE3D04 D C8F1 64F0E58F 0116CF6A 897D6210 2D4BFC80 CE41DF7B AA75ECAA 6680B13F 30F079BE DD A325B72A 3D % Key pair was generated at: 01:18:45 UTC Mar Key name: mirko.cryptonet.it Usage: Encryption Key Key Data: 305C300D 06092A F70D B C06DC2 3AE2BF72 CE9FD6F6 55C13A0D A3C183D5 1E7E4523 E8863DDC D852FD BBC F10EEA77 8A6A5AC9 AFEF6B0A DB4 4E6C4A77 0C594B An example of Cisco Configuration Step 2 Request the CA and RA Certificates Manually verify Fingerprint of CA Cisco(config)#cryp ca authenticate myca Certificate has the following attributes: Fingerprint: 1A5416D6 2EEE8943 D11CCEE1 3DEE9CE7 % Do you accept this certificate? [yes/no]: y

37 An example of Cisco Configuration Step 2 Request the CA and RA Certificates Manually verify Fingerprint of CA Step 3 Enrol the Router with the CA cisco(config)#crypto ca enroll myca % Start certificate enrollment.. % Create a challenge password. You will need to verbally provide this password to the CA Administrator in order to revoke your certificate. For security reasons your password will not be saved in the configuration. Please make a note of it. Password: Re-enter password: An example of Cisco Configuration % The subject name in the certificate will be: mirko.cryptonet.it % Include the router serial number in the subject name? [yes/no]: n % Include an IP address in the subject name? [yes/no]: n Request certificate from CA? [yes/no]: y

38 An example of Cisco Configuration Step 3 Enrol the Router with the CA Fingerprints sent to CA for manual verification cisco(config)# Signing Certificate Request Fingerprint: 4C6DB57D 7CAF DDB3 CCEB1FFB Encryption Certificate Request Fingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7 An example of Cisco Configuration Step 3 Enrol the Router with the CA Fingerprints sent to CA for manual verification

39 Step 4 CA grants Certificates Status Pending -> Available An example of Cisco Configuration cisco#show crypto ca certificate Certificate Subject Name Name: mirko.cryptonet.it Status: Pending Key Usage: Signature Fingerprint: 4C6DB57D 7CAF DDB3 CCEB1FFB Certificate Subject Name Name: mirko.cryptonet.it Status: Pending Key Usage: Encryption Fingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7 Step 4 CA grants Certificates An example of Cisco Configuration