Post on 16-Jul-2015
Towards Secure and Dependable Authentication and Authorization Infrastructures
Diego Kreutz, Alysson Bessani, Eduardo Feitosa, Hugo Cunha
PRDC2014, Singapore
Cyber threats: state of affairs
2
NSA Director Rogers Urges Cyber-Resiliency Threat Post, Washington, D.C. (United States) Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2014 The White House, Washington, D.C. (United States) Biggest ever cyber security exercise in Europe today European Commission - PRESS RELEASES, October 30, 2014 Survey: Cyber security priorities shift to insider threats FEDERALTIMES US
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
3
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
A user requesting
network access
AAIs are of the most critical pillars of
current IT systems!
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
4
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Credential theft
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
5
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Access deny/grant
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
6
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Access deny/grant
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
7
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Permissions & credentials
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
8
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
What if end-to-end EAP-TLS?
EAP-TLS
Backend Service
Client
Authentication & Authorization Infra (AAI)
A typical Authentication & Authorization architecture in an enterprise network
9
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
EAP-TLS by itself is still not
enough!
EAP-TLS
Backend Service
Client
AAI Federations & Threats
A typical AAI Federation among enterprise networks (mobility, …)
10
.PT .SG Federation top-level RADIUS servers
Confederation top-level RADIUS sever
Institutional level RADIUS servers
Network infrastructure, systems and services
U1 U2 U3 U4
AAI Federations & Threats
A typical AAI Federation among enterprise networks (mobility, …)
11
.PT .SG Federation top-level RADIUS servers
Confederation top-level RADIUS sever
Institutional level RADIUS servers
Network infrastructure, systems and services
U1 U2 U3 U4
Outline
Our Solution
Goals & Challenges
Intrusion-Tolerant AAIs
Conclusion
Evaluation
13
Mapping the current state of affairs of AAIs
14
Current State of Affairs of AAIs
Dependability
Secu
rity & Trust
C1
C2
C3 C4
C6
C5
Exiting systems are of categories C1, C2 and C43
Our goal is to design systems of categories C4-C6
15
What can we do about it?
Approach 1: try to fix everything!?
16
What can we do about it?
Approach 2: increase the system’s security and
dependability
Hybrid system architectures, specialized components, clouds, …
Goals
17
Develop new hybrid system architectures for AAIs.
Design & Provide mechanisms for building fault- and
intrusion-tolerant AAIs
Challenges
18
Arbitrary fault tolerance in AAI systems
Ensure confidentiality of sensitive data
Keep backward compatibility
Outline
Our Solution
Goals & Challenges
Intrusion-Tolerant AAIs
Conclusion
Evaluation
20
Traditional RADIUS architecture
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Shared secret
Shared secret (confidentiality,
integrity)
21
Traditional RADIUS architecture
802.1X RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Shared secret
How to avoid single points of
failure?
22
Building a resilient architecture
802.1X
RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Shared secret
‘Multi-path’ by simple
replication
23
Building a resilient architecture
802.1X
RADIUS LDAP, SQL
NAS (e.g., WiFi router)
Authentication Server
Backend Service
Client
Shared secret
How to tolerate arbitrary faults?
24
Building a resilient architecture
802.1X
RADIUS
NAS (e.g., WiFi router)
Authentication Gateway
Client Authentication Server & Back-end
Backward compatibility &
SMR integration
BFT-SMR
25
Building a resilient architecture
802.1X
RADIUS
NAS (e.g., WiFi router)
Authentication Gateway
Client
Shared secret
Authentication Server & Back-end
How to ensure the confidentiality of shared secrets?
26
Building a resilient architecture
802.1X
RADIUS
NAS (e.g., WiFi router)
Authentication Gateway
Client
Shared secret
Authentication Server & Back-end
Solution = secure elements on the RADIUS replicas
27
Building a resilient architecture
802.1X
RADIUS
NAS (e.g., WiFi router)
Authentication Gateway
Client
Shared secret
Authentication Server & Back-end
EAP-TLS with BFT-SMR? How
can it work?
EAP-TLS
28
Building a resilient architecture
802.1X
RADIUS
NAS (e.g., WiFi router)
Authentication Gateway
Client
Shared secret
Authentication Server & Back-end
EAP-TLS
EAP-TLS handshake with an adapted PRF
29
Building a resilient architecture
802.1X
RADIUS
NAS (e.g., WiFi router)
Authentication Gateway
Client
Shared secret
Authentication Server & Back-end
EAP-TLS
Let’s simplify by removing the
back-ends
30
Sensitive Data & Secure Component (SC)
USER Table!!
<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!
…!<IDn> <…, Perm>MAC!
TLS$
EAP$
RADIUS$
BFT.SMaRT$
Authentication Service Replica!
OpenID$
HTTP/HTTPS$
Secure$Component$
PuCA$
KNAS$ PrS$
KUser$ ID$
KAssoc$
$$
31
Sensitive Data & Secure Component (SC)
USER Table!!
<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!
…!<IDn> <…, Perm>MAC!
TLS$
EAP$
RADIUS$
BFT.SMaRT$
Authentication Service Replica!
OpenID$
HTTP/HTTPS$
DATA Table (NAS | Association)!!
<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!
…!<NASn | Handlern> <…, EKn>!
Secure$Component$
PuCA$
KNAS$ PrS$
KUser$ ID$
KAssoc$
32
Sensitive Data & Secure Component (SC)
USER Table!!
<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!
…!<IDn> <…, Perm>MAC!
TLS$
EAP$
RADIUS$
BFT.SMaRT$
Authentication Service Replica!
OpenID$
HTTP/HTTPS$
DATA Table (NAS | Association)!!
<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!
…!<NASn | Handlern> <…, EKn>!
Secure$Component$
PuCA$
KNAS$ PrS$
KUser$ ID$
KAssoc$
33
Sensitive Data & Secure Component (SC)
USER Table!!
<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!
…!<IDn> <…, Perm>MAC!
DATA Table (NAS | Association)!!
<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!
…!<NASn | Handlern> <…, EKn>!
TLS$
EAP$
RADIUS$
SC methods:!!
1. HMAC!2. DecryptRSA!3. SymmCipher!4. Confidential!5. SignRSA!6. GenAssociation 7. GenNonce
BFT.SMaRT$
Authentication Service Replica!
OpenID$
HTTP/HTTPS$
Secure$Component$
PuCA$
KNAS$ PrS$
KUser$ ID$
KAssoc$
34
Sensitive Data & Secure Component (SC)
Method Protocol Input Output DecryptRSA TLS Packet to be
verified. Status of the signature verification.
SignRSA TLS Data to sign. RSA signature using the key PrS .
SymmCipher TLS/RADIUS Protocol id and data.
Ciphered output of the input data.
Confidential TLS/RADIUS The packet data. A confidential share of the data.
HMAC RADIUS data + encrypted shared key.
HMACMD5 of the input data.
GenAssoc OpenID Public key and two big integers.
Association info + server’s public key.
GenNonce OpenID Two big integers. Pseudo random nonce.
35
Sensitive Data & Secure Component (SC)
Method Protocol Input Output DecryptRSA TLS Packet to be
verified. Status of the signature verification.
SignRSA TLS Data to sign. RSA signature using the key PrS .
SymmCipher TLS/RADIUS Protocol id and data.
Ciphered output of the input data.
Confidential TLS/RADIUS The packet data. A confidential share of the data.
HMAC RADIUS data + encrypted shared key.
HMACMD5 of the input data.
GenAssoc OpenID Public key and two big integers.
Association info + server’s public key.
GenNonce OpenID Two big integers. Pseudo random nonce.
36
How to implement a secure component?
A secure component can be “any” device capable of ensuring the !data and operation confidentiality of the target system/environment.!
Smart Cards! Intel SGX! Tamper Resistant a FPGA!
A Highly Secured (shielded) Computer!
Virtual TPM!(e.g. vTPM)!
Secure Hypervisor (e.g. sHyper)!
Generic resilient architecture for AAIS
37
Protocol 2
Service / Application / Device (fS + 1)
Gateway (AAI front-end)
(fG + 1)
Client AAI Replicas (mfR + 1)
AA
I SC
s (m
f R +
1)
Generic resilient architecture for AAIS
38
Protocol 2
Service / Application / Device (fS + 1)
Gateway (AAI front-end)
(fG + 1)
Client AAI Replicas (mfR + 1)
AA
I SC
s (m
f R +
1)
Protocol-specific connection
between elements
Generic resilient architecture for AAIS
39
Protocol 2
Service / Application / Device (fS + 1)
Gateway (AAI front-end)
(fG + 1)
Client
Shared secret
AAI Replicas (mfR + 1)
AA
I SC
s (m
f R +
1)
Protocol-specific shared secrets
Generic resilient architecture for AAIS Trusted Third Party (TTP)
40
Protocol 2
Service / Application / Device (fS + 1)
Gateway (AAI front-end)
(fG + 1)
Shared secret
AAI Replicas (mfR + 1)
EAP-TLS
AA
I SC
s (m
f R +
1)
Client
Outline
Our Solution
Goals & Challenges
Intrusion-Tolerant AAIs
Conclusion
Evaluation
Resilient RADIUS architecture
42
801.1X/ EAP-TLS
Network Access Server (NAS)
(fS + 1)
RADIUS Gateway (fG + 1)
Symmetric shared secret
Resilient RADIUS (3fR + 1)
Supplicant
RADIUS/ EAP-TLS
SMR/ RADIUS/ EAP-TLS
Resilient RADIUS communications
43
NAS RADIUS Gateway
RADIUS Replicas
Supplicant Trusted Components
BFT Agreement
801.1X RADIUS BFT-SMR EAP-TLS
BFT Agreement
801.1X RADIUS BFT-SMR EAP-TLS
Resilient OpenID architecture
44
Service Provider (Relying Party)
(fS + 1)
Resilient OpenID (3fR + 1)
SMR/ HTTP/HTTPS/
OpenID 2.0 HTTP/HTTPS OpenID 2.0
steps 4 and 5
Resilient OpenID Identity Provider
OpenID Gateway (fG + 1)
Client/Web Browser
45
Resilient OpenID communications
1. Service Request
2. Identification Request
3. Identification URL 4. Discovery (YADIS)
5. XRDS Response
6. Association Request (RP DH public-key)
9. Association Response (IdP DH public-key)
Association Established
10. Authentication Request
11. Credentials Request / Browser Redirection
12. Credentials
15. Authentication Response 16. Authentication
Response
Client/Browser Relying Party OpenID Gateway OpenID Replicas Trusted Components
7. Request (Association Handle + MAC Key + DH
keypair)
8. Response
13. Credentials + Nonce Random Number request
14. Authentication Assertion + Number
Outline
Our Solution
Goals & Challenges
Intrusion-Tolerant AAIs
Conclusion
Evaluation
47
Resilient RADIUS vs FreeRADIUS Environment / Configuration
Resilient RADIUS
7 machines
FreeRADIUS 3 machines
CPU MEM Net
2x4 32G Giga
Supplicant! Network Access Server (NAS)!
(fN + 1) with fN = 0!!
RADIUS !Servers!
(fG + 1) with fG = 1!
Symmetric shared secret!
Supplicant!
Replicated RADIUS (3fR + 1) with fR = 1!
Network Access Server (NAS)!
(fN + 1) with fN = 0!!
RADIUS !Gateway !
(fG + 1) with fG = 1!
Symmetric shared secret!
48
Resilient RADIUS vs FreeRADIUS
Latency
49
Resilient RADIUS vs FreeRADIUS
Throughput
50
Resilient RADIUS vs FreeRADIUS
Fail-stop (crash) and Byzantine faults
Attack FreeRADIUS RADIUS Rep RADIUS Gw
Fail-stop 9s delay No delay 9s delay
Byzantine Max delay of 9s No delay Up to 9s delay
Note: using the default configuration of the RADIUS protocol, i.e., 3s between each retry.
51
Resilient OpenID
Average Latency: 78.360ms!
Average Latency: 87.343ms!
Average Latency: 32.103ms!
Environment vCPU ECUs MEM Network Quinta-VMsR 3 --- 4GB Gigabit Ethernet Quinta-VMsG 6 --- 8GB Gigabit Ethernet Quinta-Phy 16 --- 32GB Gigabit Ethernet Amazon-DCs 2 6.5 7.5GB Public WAN
52
Resilient OpenID
Near linear gain
0
1000
2000
3000
4000
5000
6000
10 20 40 80 100 200
Quinta-VMs Quinta-PHY Amazon-DCs
53
Resilient OpenID (faults & attacks)
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Number of authentications/s
Number of OpenID clients
ROpenID throughput under chash faults and attacks
FF-Exec
1s-Crash
2s-Crash
4s-Crash
8s-Crash
16s-Crash
TCP-ACK-A
TCP-SYN-A
Outline
Our Solution
Goals & Challenges
Intrusion-Tolerant AAIs
Conclusion
Evaluation
55
A hybrid architecture for intrusion-tolerant AAIs
56
A hybrid architecture for intrusion-tolerant AAIs
A secure component for ensuring the confidentiality
57
A hybrid architecture for intrusion-tolerant AAIs
A secure component for ensuring the confidentiality
Backward compatibility for both RADIUS & OpenID
58
A hybrid architecture for intrusion-tolerant AAIs
A secure component for ensuring the confidentiality
Backward compatibility for both RADIUS & OpenID
Performance assessment and evaluation under fault & attacks
Towards Secure and Dependable Authentication and Authorization Infrastructures
Diego Kreutz, Alysson Bessani, Eduardo Feitosa, Hugo Cunha
PRDC2014, Singapore
Cyber Crimes/Attacks!
Software Bugs & Vulnerabilities
Logical Failures
60
Bugs, failures, threats, attacks, …
Cyber threats: state of affairs
61
NSA Director Rogers Urges Cyber-Resiliency Threat Post, Washington, D.C. (United States)
Guide to Cyber Threat Information Sharing (Draft) National Institute of Standards and Technology (NIST)
Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2014 The White House, Washington, D.C. (United States)
Biggest ever cyber security exercise in Europe today European Commission - PRESS RELEASES, October 30, 2014
Emerging Cyber Threats Report 2015 Georgia Institute of Technology
One million cyber attacks a day on Deutsche Telekom network EU News & policy debates, across languages
Survey: Cybersecurity priorities shift to insider threats FEDERALTIMES US
Authentication & Authorization Infra (AAI)
62 Client / Web Browser!
Service Provider (SP) Relying Party (RP)!
OpenID Server!
steps 4 and 5!
OpenID! Backends!
SQL$
LDAP$Supplicant!
AAA! Backends!
SQL$
LDAP$
Network Access Server (NAS)!
AAA/RADIUS!Server!
Symmetric shared secret!
802.1X! RADIUS!
AAA$
Traditional OpenID Architecture
Traditional RADIUS Architecture
Typical Authentication & Authorization Infrastructure Architecture
Client!
Auth! Backends!
SQL$
LDAP$Service! Authentication!Service!
Protocol 1! Protocol 2!
Protocol 3!Protocol 2!
State Machine Replication (SMR) with BFT-SMaRt
63
Main building blocks (SMR)
AAI#Gateway#
PROPOSE# WEAK#R0#(leader)#
R1#
R2#
R3#
STRONG#
REQUEST# REPLY#
AAI#Replicas#
64
Vulnerabilities and Threats in AAIs
Vulnerability/Supported features RADIUS OpenID Tolerates crash faults (e.g., back-end clusters) YES YES Tolerates arbitrary faults NO NO Tolerates infrastructure outages NO NO Tolerates DDoS attacks NO NO Risk of common vulnerabilities HIGH HIGH Risk of sensitive data leakage HIGH HIGH Protocol security-related vulnerabilities YES YES Susceptibility to resource depletion attacks YES YES
65
Resilient OpenID
# of clients Quinta-VMs Quinta-PHY Amazon-DCs 10 501 1489 62 20 769 2540 111 40 986 3487 210 80 1077 4719 401
100 1136 5011 489 200 1424 5290 704
Number of authentications/s
Near linear gain. Saturation points.
Wait! What about resource depletion
attacks?
In virtualized environments, how malicious VMs can
affect the execution of non-malicious VMs?
67
Resource Depletion Attacks
68
Resource Depletion Attacks
69
Resource Depletion Attacks
200
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Number of authentications/s
Number of OpenID clients
ROpenID throughput under CPU depletion attacks
FF-Exec
3vCPUs-Attack
6vCPUs-Attack
12vCPUs-Attack
70
Resource Depletion Attacks
200
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Number of authentications/s
Number of OpenID clients
ROpenID throughput under attacks
QuintaVMs
TCP-ACK-A
TCP-SYN-A
TCP-SYN-ACK-A
TCP-SSH-A