Transport Layer Encryption for the Evolved
-
Upload
cisco-public-sector -
Category
Technology
-
view
489 -
download
2
Transcript of Transport Layer Encryption for the Evolved
Brent Taylor - CCIE Consulting Systems Engineer Mar 2015
Transport Layer Encryption for the Evolved Programmable Network Secure Transport
The Challenge Securing Data Center Interconnects
Data Center A
Data Center B
Data Center C Major concerns on data confidentiality and integrity
Lack of Encryption between DCI due to infrastructure complexity
False level of trust in private & leased fiber & circuits over MAN or WAN
Belief that encryption incurs unacceptable latency
Difficulties associated with cost effective & scalable security solutions
Common Challenges
• Customers are looking to secure all data leaving on-premises services including Data Centers and/or Points-of-Presences due to the growing awareness of Network and/or Fiber Optic hacks
• Both Active and Passive attacks are becoming prevalent
• Protecting data at multiple layers of the OSI stack increases network resiliency and reliability while providing a secure transport medium
• Protecting data at high speeds/line rate is a requirement for todays Data Center environments
Network Security Issues
Certifications
OTN Transport Encryption 10G and 100G Multi-Rate OTN/DWDM Encryption Cards
Authentication Hardware Features
Single slot card
Compatible with ONS 15454 and NCS 2000
Integrated Transponder/Muxponder Functionalities
FIPS 140-2 level 2 Certified
Common Criteria Certified
Key Exchange Mechanism over G.709 GCC2 using TLS and ECDH
AES-256 Data Payload Encryption
Card Authentication
GMAC Frame Authentication
NCS 2006 • 30 streams of 10Gbps encrypted
services in a 6RU package • 6 streams of 100Gbps encrypted
services in a 6RU package
WSE – Industry Leading Crypto Density
NCS 2015 75 streams of 10Gbps encrypted
services in a 13RU package 15 streams of 100Gbps encrypted
services in a 13RU package
NCS 2002 10 streams of 10Gbps encrypted
services in a 2RU package 2 streams of 100Gbps encrypted
services in a 2RU package
NCS 2000 Crypto Appliance Fully integrated Transport platform
Why OTN Encryption?
Data Center A
Data Center B
Data Center C
Data Center C
Data Center A
OTN Overhead PAYLOAD
OC-192/STM-64 Fibre Channel Ethernet OTU-2
Encapsulation with OTN Ensures Transparency, Interoperability, and Line Rate Performance
Transport Encryption Architecture
Data Center A Data Center C
Any 10G Transport Cisco Private DWDM
3rd Party Private DWDM Leased 10G Wave Services
Dark Fiber
256 Bit Encryption
Ethernet
Fibre Channel
SONET/SDH OTN
Ethernet
Fibre Channel
SONET/SDH OTN
Layer 1 Encryption & Securing the Network
• Bulk Encryption at the OTN layer provides agnostic, line rate, client payload encapsulation security across the transport network
• Current encryption devices are not protocol agnostic and will only encrypt a single type of traffic i.e. Ethernet, IP, SONET often requiring upper-layer protocol work-a-rounds i.e. GRE.
• When used with MACsec/IPsec as part of CSFC with Suite-B compliance, allows for two layer encryption solutions comparable with Type I encryption
Encryption stacking - CSfC
Ethernet
Fibre Channel
SONET/SDH OTN
Ethernet
Fibre Channel
SONET/SDH OTN
3rd Party Private DWDM
OTN Layer 1 AES-256
MACSec Layer 2 AES-256
IPSec Layer 3 AES-256
OTN - Advanced Encryption • Role Based Access Control (RBAC) for separation between a Transport user profile
and a Security user profile • Complete User Management and Cryptographic Lifecycle Management through
Cisco Transport Controller (CTC) and/or PRIME Optical • Card to Card Authentication • Passive Attack protection – Monitors optical loss, with threshold alarms • Active Attack Protection – GMAC frame authentication detects modified OTN traffic • Secure boot – Anti-counterfeiting, anti-tampering, and key storage via ACT2Lite ASIC • Key generation – based on Secure Unique Device Identifier (SUDI) – Supports X.509
certificates • Key exchange - Elliptic Curve (ECDH) Cryptography over a secured TLS channel
(GCC2) • XTS-AES 256 algorithm for encryption of payload • GMAC for authentication of payload • Key zeroization in case of card reboot / removal from the chassis • FIPS 140-2 Level 2 and Common Criteria compliant design
WSE – Wire Speed Encryption 10G Multi-Rate OTN/DWDM Encryption Card
• Single slot card for 2, 6, and 15 slot chassis – ONS-MSTP/NCS 2000 • 10x SFP+ ports supporting 5x completely independent Encrypted 10Gbps
streams • Real-time Encryption and Authentication of Multiple Client types • CTC & CPO controlled • Integrated Transponder Functionalities
• Trunk SFP+’s can be grey (SR, LR, ER, ZR) or WDM (Full C-band Tunable) • FEC or E-FEC can be SW Provisioned on Trunk • OTN Ports can be interconnected with 40G or 100G MXP for wavelength
aggregation
Flexible options depending on Traffic Types
Unencrypted, Grey Client Encrypted, DWDM Trunk
Unencrypted / Encrypted DWDM Trunk
Per Port Flexibility
OTU2 output from AnyRate Xponder
Encrypted, DWDM Trunk
Unencrypted, Grey Client Unencrypted, DWDM Trunk
Unencrypted, Grey Client Encrypted, Gray output to 40G or 100G Muxponder
Unencrypted / Encrypted DWDM Trunk
WSE - FPGA Crypto Details
Overhead Processing
SFI (SFP+)
Overhead Bus
Encryption
OTU-2 Framer
10G GFEC
GTX GTH
OTU-2 Framer
10GE 10G
GFEC
GTX GTH
Mapper
Encryption
OTU-2 Framer
10G GFEC
GTX GTH
OTU-2 Framer
10GE 10G
GFEC
GTX GTH
Mapper
Encryption
OTU-2 Framer
10G GFEC
GTX GTH
OTU-2 Framer
10GE 10G
GFEC
GTX GTH
Mapper
Encryption
OTU-2 Framer
10G GFEC
GTX GTH
OTU-2 Framer
10GE 10G
GFEC
GTX GTH
Mapper
Encryption
OTU-2 Framer
10G GFEC
GTX GTH
OTU-2 Framer
10GE 10G
GFEC
GTX GTH
Mapper
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
SFI (SFP+)
Client Signals
10GE LAN PHY 10GE WAN PHY
OC-192 STM64 10G FC
8G FC OTU2
OTU2e OTU1e
OTU2
OTU2e
OTU1e Encrypted
Encrypted
Grey/ITU Trunk Signals
MODES of Operation Encryption + Authentication Encryption only Authentication only
* All the above modes can work simultaneously on the same card
Transponder with FEC / E-FEC Ultra Low Latency Transponder (latency in sub 10 ns) (O-E-O) Regenerator
Client Payload Input Date Rate Trunk Mapping Output Data Rate Mapping Type Clock
10GE LAN PHY 10Gbps OTU2 10.709Gbps GFP-F Asynchronous Mapping—Clock derived from Controller
10GE LAN PHY 10Gbps OTU2e 11.095Gbps GFP-F Asynchronous Mapping—Clock derived from Controller
OTU2 10.709Gbps OTU2 10.709Gbps BMP Synchronous Mapping—Clock derived from incoming signal
OTU2e 11.095Gbps OTU2e 11.095Gbps BMP Synchronous Mapping—Clock derived from incoming signal
OTU1e 11.049Gbps OTU1e 11.049Gbps BMP Synchronous Mapping—Clock derived from incoming signal
OC192/STM64/10GE WAN
9.953 Gbps OTU2 10.709Gbps AMP
Asynchronous Mapping—Clock derived from Controller
8G FC 8.5Gbps OTU2 10.709Gbps BMP Asynchronous Mapping—Clock derived from Controller
10G FC 10.0591Gbps OTU2e 11.095Gbps GFP-T Synchronous Mapping—Clock derived from incoming signal
WSE – Supported Payloads
100G Transport Encryption Multi-Rate 10G/40G Aggregation Line Card Single Slot Client card for 10G, 40G, and 100G clients 2 x 10G SFP+, 2 x 40G QSFP+, and 1 x 100G CPAK ports 10G / 40G clients aggregated to backplane or CPAK port Clients aggregated to 100G or 200G DWDM trunk (TXP) Aggregated client signal can be encrypted
100G TXP
MR 100G
100G client Grey (unencrypted)
100G IT (encrypted)
MR 100G
MR 100G
100G client Grey (unencrypted)
100G client Grey (encrypted)
100G TXP
MR 100G
Nx40G/Nx10G client Grey (unencrypted)
100G ITU (encrypted)
MR 100G
Nx40G/Nx10G client Grey (unencrypted)
100G ITU (encrypted)
Secure Chip + Secure Boot = Hardware Anchored Trust
Secure Storage
Secure Processor, Memory & Boot ROM
Immutable Identity
Run-time Integrity Validation
Entropy source with true randomization
Signed Cisco and 3rd Party Software, Boot Loader
Hardware Anchored
Trust
Image Signing
Secure Boot
Secure Chip
Secure Development Run-time
Integrity
Trusted System Components
1. Immutable Identity
2. Secure Information Storage
3. Certifiable Entropy Source
Secure Chip – ACT2Lite
NIST (FIPS) Approved Chip provides 3 key features:
Card Authentication
Cisco OTN encryption provides TLS 1.2 based card-to-card authentication per port.
• An authentication failure on one trunk port does not affect the traffic on any other trunk port.
• The card authentication must be enabled to configure encryption on the card.
• Cisco Signed certificates are installed on the card by default. These certificates are exchanged between the cards during card authentication.
• All ports are re-authenticated upon a soft-reset of the card.
• In case of TLS or SSL authentication failure, the KEY_EX_FAIL alarm is raised on the particular trunk port.
Key Management A single key, called a master key, is exchanged for each TLS session.
• It is exchanged using an asymmetric key algorithm (Elliptic Curve
Diffie Hellman).
• The master key is used to derive a set of symmetric keys for payload encryption. The user can change the master key at anytime from CTC, which initiates another DH exchange between the sender and the receiver.
• The user can also specify the time when the master key is periodically reset.
*keys used for encryption of data are never stored in plaintext on the card. All keys are deleted when the card reboots or is removed from the chassis. The key changes do not affect the traffic.
Payload Encryption
• The payload on each port can be encrypted independent of the other streams.
• NIST approved Advanced Encryption Standard (AES) AES-256, a symmetric key cryptographic algorithm in XTS mode of operation, is used to encrypt the OTN payload.
• The payload encryption needs to be enabled at both source and destination trunk ports; otherwise, it affects traffic.
• Whenever there is change in optical loss below a threshold that is set based on normal operation, one can suspect presence of an intruder.
• By constantly monitoring the link for optical power characteristics one can detect a pattern in optical loss that would help in understanding passive attack.
• Sporadic errors of the physical layer are corrected using FEC.
• ICV mismatch after FEC are not expected during the normal behavior of the card and they are a clear indication that someone is try to actively modify the OTN traffic.
Optical Intrusion: Active or Passive
• Role Based Access Control to manage different user privileges and provide separation of transport and security domains.
• Single Management interface - the Cisco Transport Controller and PRIME Optical for: • Supporting different functional levels for transport and
security users. • Limiting user access to a subset of network elements. • Providing security users granular access to individual
encryption cards in a network element.
• Traceability of work with event logs
FIPS 140-2 level 2 validation and Common Criteria Network Device Protection Profile (NDPP) compliance
Manageability Options
• Entire cryptographic lifecycle management through GUI – the Cisco Transport Controller and PRIME Optical for: • Mode of operation (encryption and transponder) selection on a
per stream basis. • Card to card authentication. • Provisioning encryption on existing transport circuits. • Defining master key change interval • Forcing master key change. • Complete alarm management and performance monitoring
capability.
Cryptographic Lifecycle Management
Zeroization of Critical Security Parameters in case of card removal or power down of chassis.
Encryption Across Third Party Transport
Payload is encrypted between A and B. GCC2 channel secured using TLS is used for key exchange. End to end encryption is achieved using 256 bit AES even in a 3rd party OTN switched network.
OTN - Security AES Secure Packet • The concept of a packet does not exist within OTN; however, packet-based
traffic is necessary for encryption using an XTS-AES algorithm. • A single OTN frame cannot be tagged with the necessary Encapsulating
Security Payload (ESP) header, which carry the information necessary for encryption and decryption of payloads.
• The ESP header and trailer require a total of 32 bytes within the OTN overhead.
• Pseudo Random Binary Sequence (PRBS) testing is used to ensure that the selected overhead bytes can be used to transport the ESP header and trailer safely. Both the transmitting node and receiving node must be aware that PRBS testing is taking place. Each node must also know which bytes are to be tested.
4 OTN frame based AES secure packet
ESP – Encapsulating Security Payload
The four OTN frame-based AES secure packet transports four ESP header and four ESP trailer bytes within each OTN frame. In the four OTN frame-based AES secure packet, eight overhead bytes are utilized in each OTN frame in order to transport all 32 bytes of ESP header and trailer within a single AES secure packet. Each location is four bytes wide, therefore two locations from each OTN frame are utilized, one for the ESP header and one for the ESP trailer.
8 OTN frame based AES secure packet
ESP – Encapsulating Security Payload
• The eight OTN frame-based AES secure packet transports two ESP header and two ESP trailer bytes within each OTN frame. In the eight OTN frame-based AES secure packet, four overhead bytes are utilized in each OTN frame in order to transport all 32 bytes of ESP header and trailer within a single AES secure packet. Each location is four bytes wide; therefore, only one location from each OTN is utilized. Within the selected location, two bytes are used for the ESP header, and two bytes for the ESP trailer.
• Lower Rate (Sub 10G) Encryption • Higher Rate (100G) Encryption
WSE - Encryption of Multi-Protocol Client Traffic
Ethernet: FE, GE SAN: 1G, 2G, 4G, 8G FC Video: SD, HD, 3G SDI TDM: OC-3/12/48, OTU-1
Card Options and Footprint
• Unlicensed/Full version that gives 5 x 10G streams day one - ideal for networks where number of 10G services to be encrypted is large.
• Licensed version giving 1 x 10G streams day one – cost effective solution with option to encrypt more 10G services through a PAYG software license.
• 30 x 10G encrypted streams in a 6RU chassis. The most dense encryption solution available in the market.
WSE – Pricing and Bundles
Single 10G Encrypted solution ~$110-$130k List
• WSE Card • 15454-M-WSE-K9 - $75k List – Full 5 streams • 15454-M-WSE-L-K9 - $45k List – Licensed w/ one 10G stream • L-NCS2K-WSE-1 - $12k List – Additional 10G stream
• Chassis options (Appliance)
• NCS2006-SEC-DC-K9 • ~$66k (One 10G Stream)
• NCS2006-SEC-AC-K9 • ~$66k (One 10G Stream)
• NCS2002-SEC-K9 • ~$55k (One 10G Stream)
• WSE and AR-MXP card options/Bundles
• 15454-ARE-K9-SK - ~$84k • 15454-ARE-L-K9-SK - ~$48k
100G Transport Encryption 200G Muxponder Line Card
Single wavelength supporting: 50G BPSK 100G QPSK 200G 16-QAM 250G 16-QAM
Pluggable WDM CFP2 Interface CPAK client interfaces supporting:
100G LR4 100G SR10 10x10G LR / SR
100G, 10x10G
100G, 10x10G
50/100/200/250G
Layer 1 (L1) Encryption Use Case
Challenge Need to encrypt all traffic between sites Existing infrastructure requires separate encryption devices for
Ethernet & TDM and separate management platforms Reduce Capital and Operational Expenses
Solutions WSE 5 stream encryption card on NCS chassis with
Grey Optics Encrypted traffic aggregation 10GE and OC192 clients in Grey Trunk optics out
over 3rd party DWDM network
Ethernet
Fibre Channel
SONET/SDH OTN
Ethernet
Fibre Channel
SONET/SDH OTN
3rd Party Private DWDM
256 Bit Encryption
3rd Party Private DWDM
Results Secure Data Transmission across backbone Flexible, Scalable OTN Encryption with Integrated
Management Reduces Costs by Eliminating Redundant 3rd Party
Encryption Devices
Secure Transport Network
Driver - Business Continuance (DCI) Multi-Site Geographically Dispersed HA Clusters
Heartbeat
Private LAN
Public LAN VIP Cluster
Cluster A Node 2
Cluster A Node 1
OTN Encryption
OTN Transport
Layer 1 (L1) Encryption Use Case
Global IP/MPLS Core
West Theater
Enterprise Routing Infrastructure
Private IP
Service
Metro Service
East Region
Public IP
Service
Metro Service
Tier
1
Tier
2
Tier
3
In-Theater IP/MPLS Core
West Region
East Theater
Internet Cloud
Public Voice/Video Mobility
Encryption
Layer 1 (L1) Encryption Use Case