TXT

LarryHofer_Cryptographic_Use_Cases

By Troy Gomez,2014-05-26 12:40
16 views 0
LarryHofer_Cryptographic_Use_Cases

     ??ÎÄÓÉricky_susu??Ï×

    pdfÎĵµ?ÉÄÜÔÚWAP?Ëä?ÀÀÌåÑé???Ñ????ÒéÄúÓÅÏÈÑ?ÔñTXT???òÏÂÔØÔ?ÎÄ?þµ????ú?é????

     Cryptographic Use Cases and the Rationale for End-to-End Security

     Larry Hofer, CISSP Emulex

     SNIA Legal Notice

     The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions:

     Any slide or slides used must be reproduced without modification The SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations.

     This presentation is a project of the SNIA Education Committee.

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     2

     Abstract

     Cryptographic Use Cases and the Rationale for End-to-End Security

     The variety of environments in which Fibre Channel (FC) fabrics and other technologies such as iSCSI and FCIP are deployed makes it likely that customers will have many choices for data protection in the future. Data protection solutions such as data integrity, data-at-rest, and in-flight data protection are among those choices. This tutorial surveys many use cases that identify the locations in a SAN where security may be applied and explores an end-to-end security approach.

     Learning Objectives

     Develop an understanding of various data protection alternatives, including data integrity, data-at-rest, and data in-flight and how they mitigate different threats in SANs Identify numerous locations in a SAN where security technologies can be applied and the pros/cons of each alternative End-to-end security is studied in-depth as one common approach

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     3

     Storage Security Terminology

     Data Integrity: the assurance that data is consistent and correct. In cryptography and information security in general, integrity refers to the validity of data. http://en.wikipedia.org/wiki/Data_integrity Data at Rest: Data residing on servers, storage arrays, NAS appliances, tape libraries, and other media (e.g. tape). * Data in Flight: Data as it is transferred across the storage network, the LAN, and the WAN. The data may include management traffic. * Also important to secure:

     Storage System: embedded OS and applications as well as integration with IT and security infrastructure (e.g. external authentication services, logging, firewalls) * Storage Resource Management: Provisioning, monitoring, tuning, reallocating, and controlling the storage resources so that data may be stored and retrieved. (i.e. represents all storage management) * *Source: Introduction to Storage Security, A SNIA Security White Paper, October, 2005.

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     4

     Data Protection & Privacy

     Simply stated for this tutorial:

     Getting the right information to the right people or systems at the right time. Preventing the wrong information from being accessed by the wrong people or systems at any time.

     For security professionals these are fundamental:

     Confidentiality ?C Is the data private? Integrity ?C Is the data accurate? Availability ?C Is the data accessible?

     From the web:

     Data protection: The implementation of administrative, technical, or physical measures to guard against the unauthorized access to data. http://www.atis.org/tg2k/_data_protection.html Data privacy: refers to the evolving relationship between technology and the legal right to, or public expectation of privacy in the collection and sharing of data. http://en.wikipedia.org/wiki/Data_privacy

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     5

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     6

     Attack Scenarios

     1. Accidental Corruption 2. Theft of privileged access (access to root and admin accounts) 3. Privilege Abuse (e.g. Authorized users doing unauthorized things) 4. Application compromise 5. Sniffing for Confidential Data 6. Sniffing for Identities 7. Spoofing (i.e. Impersonation) 8. Media or Hardware Theft 9. Unauthorized data moves, e.g. Cut and Paste 10. Tampering with Data at Rest 11. Modify Packets 12. Inject Packets 13. Hijack Connections 14. Destruction of Data 15. Traffic Replay Attacks 16. Man in the Middle Attacks 17. Unauthorized Access of Data (e.g. Data Copies) 18. Unauthorized Management or Maintenance Control 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. Single Point of Failure (Natural Cause Denial of Service) Accidental Access or Changes Disaster Recovery, Insecure Remote Data Denial of

    Service (e.g. Too many connections, Bandwidth Stealing, Too Many Cycles, Access Disablement) Server Compromise Software Compromise Driver Compromise Unintended Disclosure of Data/Information (Caution: e.g. Inferences or Traffic Analysis) Encryption Key Loss or Deletion or Corruption Encryption Key Disclosure Disrupt Security Negotiation to Downgrade Authentication or access passwords Compromised discovery systems.

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     7

     The Big Picture

     Protecting sensitive data from unauthorized access

     Portable information like CD??s, Tapes? Data in a 3rd Party??s Data Center?

     Access

     Ensuring the integrity and authenticity of data

     Accurate

     Connection taps or tampered data Physical protection, ends of cables too And everything in between it?

     Reliable

     Ensuring the accessibility and reliability of data

     Did the data get corrupted ANYWHERE along the way? Will I know where it happened to fix the faulty item?

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     8

     Attack, Information Breach, or Denial Points

     Management Station

     Servers

     FC SAN Switches

     Access

     Gateway/Router

     Accurate

     IP or FC Network

     Gateway/Router

     Storage

     Reliable

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     9

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     10

     SNIA Storage Security Best Current Practices (BCPs)

     Core:

     General Storage Security Storage Systems Security Storage Management Security

     Technology Specific:

     Network Attached Storage (NFS & CIFS) Block-based IP Storage (iSCSI & FCIP) Fibre Channel Storage Encryption for Storage Key Management for Storage Archive Security

     Reference: www.snia.org/ssif/documents

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     11

     Relevant BCPs

     General Storage Security

     Stop Accidents, etc.

     Protect Storage Management Technology:

     Encryption of Storage, FC, Block-based IP

     Lost or distant media or data

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     12

     Data Protection ?C Selected Use Cases

     Protecting Data At Rest (DAR) Protecting Data In-flight (DIF) End-to-End Security

     Including Protecting Data Integrity

     For all: Importance of Authentication

     Security Perspective!

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     13

     Threats Mitigated Summary 1

     Use Case

     Host Based At Rest Network Based At Rest Device Based At Rest

     Threats Mitigated (see slide 8)

     Accidental Corruption Sniffing for Confidential Data Media or Hardware Theft Unauthorized data moves, e.g. Cut and Paste Tampering with Data at Rest Destruction of Data Man in the Middle Attacks Unauthorized Access of Data (e.g. Data Copies) Disaster Recovery, Insecure Remote Data Unintended Disclosure of Data/Information Encryption Key Disclosure

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     14

     Threats Mitigated Summary 2

     Use Case

     Host Based Data Integrity

     Threats Mitigated (see slide 8)

     Accidental Corruption Destruction of Data Single Point of Failure (Natural Cause Denial of Service) Accidental Access or Changes Disaster Recovery, Insecure Remote Data Accidental Corruption, Destruction of Data Single Point of Failure (Natural Cause Denial of Service) Accidental Access or Changes Sniffing for Confidential Data, Sniffing for Identities Spoofing (i.e. Impersonation) Modify Packets, Inject Packets, Hijack Connections Destruction of Data Traffic Replay Attacks Man in the Middle Attacks Unauthorized Management or Maintenance Control Disaster Recovery, Insecure Remote Data Unintended Disclosure of Data/Information Encryption Key Disclosure Compromised discovery systems.

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     Data In Flight

     15

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     16

     Relevant Best Current Practices

     Use DH-CHAP for FC devices Use CHAP for iSCSI devices Use good User Passwords for human interfaces

     Stops ?C Spoofs of User Names, WWN??s, iSCSI Names

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     17

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     18

     Why Apply Encryption?

     Compliance or security?

     Alternatives to encryption ?C examine your current practices Cost and impact vs risk of doing nothing Legal, ethical, or economic loss concerns are compelling

     Often times cryptographic solutions are deployed

     After basic processes and access controls, such as user authentication Can be more cost effective than the $ loss of data breaches

     E.g. Notification expenses

     Can help reduce likelihood of lost reputation due to data breaches

     What is your corporate reputation worth?

     Will it become so common that there is little reason or risk to not to use it? Complicated systems make it more difficult to assess holes

in coverage To stay a step ahead of adversaries

     Keep in mind some challenges that may be encountered.

     Performance Combinations of technologies (DAR, DIF) Key Management Understanding differences in encryption modes How and when to upgrade/migrate and potential disruption of existing practices

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     19

     Where to Apply Encryption

     Depends on the business drivers*

     Depends on data confidentiality and integrity drivers Depends on if security or compliance driven Depends on if data classification and flow understood

     Depends on the threats to be mitigated Best practice from security perspective is to encrypt as close to the information source as possible

     *Source: Encryption of Data at Rest Checklist

     www.snia.org

     20

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     Points of Encryption

     Users/Apps/OS

     Servers Switches, Routers Tape Drives Or Libraries Storage Devices

     Host Devices

     Network Devices

     Disk Drives, Removable Media

     NAS

     Gateways, Appliances

     SAN Disk Disk Drives

     Application Level ?File System Level ?Data Set/Volume Level ?Transport Level

     Network Level ?File System Level ?Transport Level ?Data Set/Volume Level

     Controller Level ?Data Set/Volume Level ?Device Level ?Transport Level

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     21

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     22

     Storage System Layers and Likely Use Cases

     Applications Server OS and File System Command Set (e.g. SCSI) Transport/Storage Network Storage Device Storage Media

     Data Integrity, Data At Rest, Data In Flight* Data Integrity, Data At Rest, Data In Flight Data Integrity, Data At Rest, Data In Flight Data Integrity, Data At Rest , Data In Flight Data Integrity, Data At Rest, Data In Flight Data Integrity, Data At Rest

     Note: It depends on the application whether the coverage was meant to Cover Data At Rest or Data In Flight. (e.g. DB or storage applications)

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     23

     Primary Use Cases - Overview

     1.

     ?C ?C

     Data Integrity Protection at SCSI layer (Business case ?C data corruption.)

     SCSI Protection Information end-to-end security ILM or OSD Authenticated Integrity

     2.

     ?C ?C ?C ?C

     Data At Rest Protection by Storage (Business case ?C Lost storage)

     Tape Drive Library Disk Array Full Disk Drive Encryption

     3.

     ?C ?C ?C

     Data At Rest Protection by Host End (Business case ?C Lost storage)

     Software Hardware Local storage devices encryption (e.g. HDD, USB flash drives)

     4.

     ?C

     Data At Rest Protection By Network (Business case ?C Lost storage)

     Switch or Appliance

     5.

     ?C ?C ?C

     Data In Flight Protection Point to Point (Business case ?CLost or tampered data)

     Within network End point to End point across network Hop by Hop End to End

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     24

     Data Integrity Host to Storage Use Case

     Application

     DATA+CRC

     Host Devices

     Servers

     Switches, Routers Network Devices

     Tape Drives Or Libraries

     Storage Devices

     NAS

     Gateways, Appliances

     SAN Disk Disk Drives

     Examples: SCSI Protection Information OSD Integrity Fields

     Primary Threats mitigated: Accidental Corruption Accidental Access or Changes Single Point of Failure

     CONS: Doesn??t cover malicious attacks 25

     PROS: End to End

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     SCSI Protection Information and OSD

     T10 DIF Data Integrity Overview

     May use SCSI Protection Information standard to attach a CRC to SCSI data, assuring integrity from end to end.

     Implementation variations exist that, for example, strip and replace CRC as data progresses through the system.

     Reference: SCSI Block Commands (SBC ?C 2)

     ILM or OSD scheme

     MetaData with Attributes associated to data objects (e.g. Confidentiality, Integrity)

     Reference: Information Technology ?C SCSI Object Based Storage commands

     Note: SNIA Data Integrity Initiative task force recently formed.

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     26

     Data At Rest Use Cases

     Users Applications Servers

     CipherDATA

     Host Devices

     CipherDATA

     Switches, Routers Network Devices

     DATA -> CipherData

     Tape Drives Or Libraries

     Storage Devices

     NAS

     Gateways, Appliances

     SAN Disk Disk Drives

     Examples: Encrypts SCSI I/O Commands Payloads or Data Files or Blocks and stores the data on the media, a la IEEE P1619.x. Or encrypts the entire disk.

     PROS: Supports non-disclosure goals

     Primary Threats mitigated: Media or Hardware Theft Unintentional Disclosure

     CONS: May not address all in flight data risks 27

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     Various Data At Rest approaches DAR Choices Overview

     Device Based

     Tape Drives ?C IEEE P1619.1 Full encrypting Disk Drives ?C TCG Encrypts SCSI I/O Commands Payloads or Data Files or Blocks and stores the data on the media, a la IEEE P1619.x.

     Network Based

     NAS Appliances or Switches ?C IEEE P1619 and P1619.1

     Host Based

     Encrypting File Systems IEEE P1619 and P1619.1 Supporting applications

     Many, many sub use cases and scenarios possible.

     Acceleration

     The New Problem: Key Management

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     28

     Data In-Flight Use Cases

     Users Servers

     (Cypher)DATA in Frames

     Host Devices

     Switches, Routers

     Tape Drives Or Libraries

     Network Devices

     Storage Devices

     NAS

     Gateways, Appliances

     SAN Disk Disk Drives

     Examples: FC ESP_Header, IPSec, VPN??s, Encrypts Transport Layer Frames, FC CT or IP Management Traffic w SSH, SNMPv3, SSL/TLS, at upper layers.

     Primary Threats mitigated: Sniffed or tampered data ??on the wire?? Unauthorized disclosure of customer data in-flight

     CONS: Does not cover beyond point to point 29

     PROS: Supports non-disclosure goals while data in motion. Protects against malicious and non-malicious attacks

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     In-flight point to point protection options Data In-flight Choices

     FC Technology

     FC ESP_Header w IKEv2 FC-SP DH-CHAP or IKEv2 authentication

     IP Block Storage Technology

     IPSec w ESP and IKE or IKEv2 IKE or IKEv2 authentication iSCSI ?C CHAP authentication FCIP ?C DH-CHAP authentication

     FC Management

     FC CT Authentication and Confidentiality (Mgt and/or discovery) Authentication on each message

     IP Management

     SNMP3, SSH, TLS/SSL for Management traffic

     NOTE: Authentication is critical to in-flight protection??s usefulness! You must know who/what you are talking to!

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     30

     Is it Possible to Tie it all together?

     Why would you use data integrity?

     Your biggest concern is accidental corruption Corruption has high impact, easy to relate to Avoid bad publicity

     Why would you use data in-flight?

     Your biggest concern is malicious attacks on the wire Bad publicity and due diligence

     Why would you use data at rest?

     Because everyone else is (just kidding) Because theft of media is a real concern and attracts bad publicity

     Can I use them all together?

     Today, fairly challenging to accomplish. Much confusion on differences in technologies Key management interoperability non-existent (DAR)

     Authentication is the foundation on which to build security!

     RADIUS and AD are examples of how to centrally manage and tie in not only user authentication but also to prevent equipment spoofing.

     Crypto Use Cases and Rationale for End to End Security ? 2007 Storage Networking Industry Association. All Rights Reserved.

     31

     Use Case Pros and Cons

     Use Case

     Host Based Data Integrity

     Pros and Cons

     Pros: End to End coverage. Cons: Generally protects against accidents only. May not cover Mgt traffic. (e.g. SCSI Prot. ) Pros: Closest to data source. In-flight confidentiality. Supports non-disclosure. Cons: Large performance impact (software). Doesn??t cover Mgt traffic. Pros: Closer to data source. Performance. Cons: Limited in-flight protection. Protects within the network only. Pros:

Report this document

For any questions or suggestions please email
cust-service@docsford.com