Secure Multicast - Cisco PDF Free Download

2y ago

35 Views

1 Downloads

4.40 MB

63 Pages

Report/dmca

Download PDF

Transcription

Unicast vs. MulticastUnicastsoftwaredistributionUnicast MoHMultiply times number of UnicastendpointsVPNBranch AHeadquartersExpected behavior forUnicast-based applicationsBranch BTake advantage of Multicast-basedapplications that provide same service 2005 Cisco Systems, Inc. All rights reserved.4

Unicast vs. MulticastMulticastsoftwareMulticast MoHdistributionOne-to-few streams sent to group(s)of receiversVideo/Streaming mediaVPNBranch AHeadquartersConvert Unicast applications toMulticast, if supportedMulticast-enabled infrastructureallows for new technologiesBranch BLess BW consumed to provide same serviceLess CPU utilization on source devicesLess overall impact on network devices replicatingand forwarding traffic 2005 Cisco Systems, Inc. All rights reserved.5

Why IP Multicast over VPN? Efficiently deploy and scale distributedgroup applications across a VPN Reduce network load associated withsending the same data to multiplereceivers Alleviates high host/router processingrequirements for serving individualconnections across VPN tunnels To IP Multicast, VPN is just another WANtype 2005 Cisco Systems, Inc. All rights reserved.6

Secure Multicast : Business ProblemSecurely and efficiently protect Multicast network data traffic frommultimedia, video, voice, on an IP networkBenefits: Help in complying withmandates for encryption Increase productivity &save costApplicationsService Provider Native IPv4 / IPv6 Internetsecured Multicast Secured Multicast VPN Triple-play & videobroadcastEnterprise Stock trading, corporatecommunications, elearning, hoot-and-hollerover IP,videoconferencing,content delivery,conferencing 2005 Cisco Systems, Inc. All rights reserved.Small/Medium Business e-learning IP surveillance Content delivery Videoconferencing8

Cisco IOS Secure MulticastOvercoming Existing IP Multicast Security ChallengesTunnel BasedSecure MulticastBolted onBuilt inComplex architectureSeamless integrationWasted capitalInvestment protectionRigid designFlexible designSimple transportIntelligent transportFueled by demand for agilitywithin a security framework 20052005 CiscoCisco Systems,Systems, Inc.Inc. AllAll rightsrights reserved.reserved. Cisco Confidential99

What is Secure MulticastFeatures necessary to secure IP Multicast group traffic originating on orflowing through a Cisco IOS device A new security frameworkArchitecture and components necessary in order for Cisco IOSSoftware to provide scalable security to IP Multicast group traffic A new key management paradigmAn ISAMKP domain of interpretation (DOI) for group key managementcalled the “group domain of interpretation" (GDOI) A way to provide scalable security to native IP Multicast packetsScalable security (e.g. encryption and authentication) to nativeIP Multicast packetsNative Multicast encryption avoids the needless packetreplication that occurs when encapsulating IP Multicast packetsusing Unicast tunnels 2005 Cisco Systems, Inc. All rights reserved.11

Benefits of Cisco IOS Secure Multicast in VPNDeploymentsPrevious LimitationFeature and Associated Benefits Group mode encryption with group SA:Multicast traffic encryptionwas supported through IPsectunnels:Not scalableDifficult to troubleshootLimited QoS supportNo need for 2 IPSec 1 IKE SA *per spoke*Allows much higher scalability, simplifies troubleshooting Group controller/key server:Key and policies distributed using centralized mechanism Extensible standards-based framework:Supports Multicast today and extends to support Unicast infutureNative Multicast encryptionNo optimal security for nativemulticast in mVPN typearchitectures Supports Multicast encryption in mVPN architecturesOverlay VPN networkLeverage core for Multicast replicationOverlay routing resulting insuboptimal convergence Day-one transparent interoperability between variouscore Cisco IOS technologies; e.g. native multicastencryption Investment protection: New architecture leverages thecore and investment costs spent on building core 2005 Cisco Systems, Inc. All rights reserved.12

Secure Multicast Application: mVPNBeforeAfter: Secure MulticastMulticast SourceVPN AMulticast SourceVPN AVPN BVPN AVPN AVPN AVPN BVPN AVPN AMPLS VPN NetworkMPLS VPN NetworkVPN AVPN BVPN BVPN BVPN BGRE TunnelsCE-CEMulticast in the coreVPN BVPN AVPN BMulticast VRFVPN AMulticastSourceVPN BMulticast SourceVPN B Multicast data traffic protected byIPSec Scalability – an issue (N 2 problem) Multicast key distribution solved byGDOI Highly inefficient Allows MPLS VPN customers toaccess Multicast content Standards based 2005 Cisco Systems, Inc. All rights reserved.13

Large-Scale IPSec WAN AggregationDeployment ModelsComparison of Deployment ModelsDynamicRoutingMeshingHAQoSMulticastIPSec onlyNoNoStatefulfailoverYes*NoIPSec and GREYesNoRPYes*DMVPN (Hub-Spoke)YesNoRPYes*DMVPN (Spoke-Spoke)YesDynamicfull meshRPYes*IPSec VTI/Easy VPNNoNoStatefulfailoverYes*NoSecure MulticastYesYesRPYes*ScalableYes(hub replicated)Yes(hub replicated)Yes(hub-spoke)*Note: See specific topologies for limitations 2005 Cisco Systems, Inc. All rights reserved.14

What’s a Group? Three or more parties who send and receive thesame data transmitted over a network Transmission can be Multicast, or Unicast (identicaldata sent to multiple parties) Parties can be routers, PCs, telephones, any IPdevice There are many different examples of grouptopologies 2005 Cisco Systems, Inc. All rights reserved.16

Multicast Group Models: ExampleMulticast Models: Single-source MulticastMulticast Models: Multiple-source MulticastIP Multicast GroupMember 1MulticastsenderIP MulticastGroup Member 3Receiver 1IP MulticastGroup Member 4Receiver 2IP MulticastGroup Member 2Receiver 3IP MulticastGroup Member 5Example: IP/TV multicast presentationMulticast Models: Multipoint control unitMCU serverExample: multicast video conferenceMulticast Models: Publish-SubscribeunicastConferenceParticipant 1ConferenceParticipant 2ConferenceParticipant 3Example: Video conference MCU 2005 Cisco Systems, Inc. All rights reserved.Receiver 1ContentengineReceive r 2Receiver 3Example: Video-on-demand service17

IPSec Key Management Pair-wise key management– IKE– KINK– Manual IPSec keys Group key management– Manual IPSec keys– GDOI (Group domain of interpretation for ISAKMP)GDOI enables native Multicast encryption 2005 Cisco Systems, Inc. All rights reserved.19

Relationship of GDOI to IKE:GDOI Coexists with IKE IKE Phase 1 is used to provide confidentiality, integrity, andreplay protectionIKE Phase 1 is UNCHANGED A newly defined Phase 2 exchange (called GDOI registration) isrun rather than IKE Phase 2.IKE Phase 2 is UNUSED and UNCHANGED. A new DOI number is used to differentiate GDOI exchanges fromIKE Phase 2At the end of IKE Phase 1 a state machine looks at the DOI number todetermine next exchange A GDOI service must listen on a port other than port 500 (IKE) 2005 Cisco Systems, Inc. All rights reserved.20

Quick Comparison of IKEv1, IKEv2 vs. GDOIIKEv1IKEv2GDOI2407/2408/ 2409RFC 4306RFC 3547500, 4500500, 45008482, Ph. 1 (6/3messages), Ph. 2(3 messages)2, Ph. 1 (4messages), Ph. 2(2 messages)2, Ph. 1 (6/3 messages),AuthenticationTypeSA negotiationSignature, PSK, PKISignature, PSK,PKISignature, PSK, PKIResponder selectsinitiator’s proposalSame as IKEV1,proposalstructuresimplifiedNot negotiated, GDOI is used topush keys and policiesIdentity hidingYes in MM, No in AMYesYes in MM, No in lityPFSNoYesNoNoYesYesYesYesYes 2005 Cisco Systems, Inc. All rights reserved.YesNoRFC documentsUDP portPhasesEAP/CPNoPh. 2 (4 messages)21

RFC 3547 GDOI (Group Domain of Interpretation)Spec located at: http://www.rfc-archive.org/getrfc.php?rfc 3547 An ISAKMP DOI for group key management RFC 3547 Cisco championed the effort GDOI specification presents an ISAMKP DOI for group keymanagement to support secure group communications GDOI describes a protocol for a group of systems (“groupmembers”) to download keys and security policy from akey server GDOI manages group security associations, which areused by IPSec and potentially other data securityprotocols running at the IP or application layers 2005 Cisco Systems, Inc. All rights reserved.22

Key DistributionGroup domainof interpretationSecure Multicast: Implementation ofGroup Domain of Interpretation (GDOI) Key distribution mechanism(RFC3547)Group Domain of InterpretationIETF Multicast Security (msec) WG Group member security protectionsIKE Phase 1 provides memberauthentication, confidentiality, andintegrityGDOI registration providesauthorization and replay protection Distribute keys and policy forgroupsGroupMemberGroupMemberSubnet 3Subnet SAsGroupMemberRekeySASubnet 4Subnet 2IPSecSAsGroupMemberIPsecKeys andPolicyRekeySARekeyKeys andPolicyKey Server–Security associations–Secret keys, public keys Efficiently adjust group membership Intended for use with small or largegroups.–The desire to support large groupsdrives the design.* GSA Group Security Association 2005 Cisco Systems, Inc. All rights reserved.Addressing State ComplexityGDOIGSA*23

GDOI Group Key management In a group key management model, GDOI is the protocol runbetween a group member and a "group controller/key server"(GCKS). The GDOI protocol establishes security associations amongauthorized group members. A group member registers with the key server to obtain keys. The GDOI registration defines two phases of negotiation. Phase I is protected via IKE Phase I. The key server rekeys the group (pushes new keys) when needed.Rekey messages can be IP multicast packets for efficiency. Public signature keys and preshared keys, the only methods ofIKE authentication. 2005 Cisco Systems, Inc. All rights reserved.24

GDOI Exchanges GDOI defines a registration exchange for initialgroup key mgmtFollows the IKE Phase 1IKE Phase 1KeyServerGroupMemberGDOI Registration GDOI defines a rekey exchange for subsequent keyupdatesCan be multicast for efficiencyGroupMemberGDOI Rekey 2005 Cisco Systems, Inc. All rights reserved.KeyServer25

Key DistributionGroup domainof interpretationGDOI eySAGMINET10.0.2.0/24 Each router registers with the key server. The key serverauthenticates the router, performs an authorization check, anddownloads the encryption policy and keys to the router 2005 Cisco Systems, Inc. All rights reserved.27

Rekey Protocol The “cookie pair” in the ISAKMP HDR acts as a SPI whichidentifies the group SEQ contains a counter used for replay protection SA and KD are same format as during registration SIG contains a digital signature of the packet 2005 Cisco Systems, Inc. All rights reserved.28

Key DistributionGroup domainof interpretationGDOI .1.0/24GMGMGMINET10.0.2.0/24IPSecSAs The key server generates and pushes new IPSec keys andpolicy to the routers when necessary Rekey messages can also cause group members to beejected from the group 2005 Cisco Systems, Inc. All rights reserved.29

Multicast / Unicast Key DistributionKey DistributionGroup domainof interpretation Multicast key distribution over multicast-enablednetworkVia multicast-formatted key message and network replicationFallback to group member GDOI Unicast registrationKEK 235687404Protect: 10.0.0.0/8 to 10.0.0.0/8Group Member 192.168.3.4Group Member 192.168.3.2Group Member 192.168.3.3IPmc 2005 Cisco Systems, Inc. All rights reserved.30

GDOI Example: VoIP Audio Conference VoIP phones behind IPSec- or SRTP-capablerouters An audio conference is reached by dialing aspecial phone number Router recognizes that the phone number isassociated with a conferenceNote: A theoretical example is illustrated in following slides, but we don't actually have any such teleconference technology for IP phones. 2005 Cisco Systems, Inc. All rights reserved.31

Configuration SetupGDOI client 3GDOI client 1GDOI client 2GDOI client 4GDOI key server 2005 Cisco Systems, Inc. All rights reserved.Policy for x1234:IP addr 239.1.1.2,SPI 0x12049a92,IPSEC policy: 3DES/SHA,3DES key three keys ,SHA key key 32

First Client CallPhone dialsx1234GDOIregistrationfor x1234GDOI key server 2005 Cisco Systems, Inc. All rights reserved.Policy for x1234:IP addr 239.1.1.2,SPI 0x12049a92,IPSEC policy: 3DES/SHA,3DES key three keys ,SHA key key 33

First Client Call Completed“Hello?”Encrypted voicemulticast packetsIPSec SAGDOI key server 2005 Cisco Systems, Inc. All rights reserved.Policy for x1234:IP addr 239.1.1.2,SPI 0x12049a92,IPSEC policy: 3DES/SHA,3DES key three keys ,SHA key key 34

Second Client Call“Hello?”Encrypted voicemulticast packetsIPSec SAGDOIregistrationfor x1234GDOI key server 2005 Cisco Systems, Inc. All rights reserved.Phone dialsx1234Policy for x1234:IP addr 239.1.1.2,SPI 0x12049a92,IPSEC policy: 3DES/SHA,3DES key three keys ,SHA key key 35

Rekey Message Sent“Yak, yak.”Encrypted voicemulticast packets“Yak, yak.”IPSec SAIPSec SA“Yak, yak.”IPSec SA“Yak, yak.”IPSec SAGDOI key server 2005 Cisco Systems, Inc. All rights reserved.Policy for x1234:IP addr 239.1.1.2,SPI 0x97b3a243,IPSEC policy: 3DES/SHA,3DES key three keys ,SHA key key 38

New SA Installed“Yak, yak.”Encrypted voicemulticast packetsIPSec SA“Yak, yak.”IPSec SAIPSec SAIPSec SA“Yak, yak.”IPSec SA“Yak, yak.”IPSec SAIPSec SAIPSec SAGDOI key server 2005 Cisco Systems, Inc. All rights reserved.Policy for x1234:IP addr 239.1.1.2,SPI 0x97b3a243,IPSEC policy: 3DES/SHA,3DES key three keys ,SHA key key 39

Steps in configurationKey server configurationGroup membersISAKMP PoliciesCisco IOS CLI-Configurationcrypto ipsec transform-set e esp-descrypto ipsec transform-set gdoi-p esp-3des esp-sha-hmacKey Server ConfigClearing a GM registrationwith a key serverVerifying securemulticastcrypto isakmp policy 1authentication pre-sharecrypto isakmp key p address 10.0.3.1crypto isakmp key p address 10.0.3.2crypto isakmp key p address 10.0.4.2crypto ipsec profile gdoi-pset security-association lifetime seconds 3600set transform-set gdoi-pcrypto gdoi group gdoigroupnameidentity number 3333server localrekey address ipv4 1020rekey lifetime seconds 36000rekey authentication mypubkey rsa mykeyssa ipsec 1profile gdoi-pmatch address ipv4 101! The following line is the access control list downloaded from the key server to the group member! This line tells the group members which encrypted traffic is acceptable in this SSM configuration:access-list 101 permit ip host 10.0.1.1 host 192.168.5.1! The following line is the rekey access control list to which multicast addresses the rekeys are to be sent:402005 CiscoSystems,Inc. All rights reserved.access-list 102 permit udphost10.0.5.2eq 848 host 192.168.1.2 eq 848

Key server configurationGroup membersClearing a GM registrationwith a key serverVerifying securemulticastGroup Member ConfigSteps in configurationISAKMP PoliciesCisco IOS CLI-Configurationcrypto isakmp policy 1authentication pre-sharecrypto isakmp key key1 address 10.0.5.2crypto gdoi group diffintidentity number 3333server address ipv4 10.0.5.2crypto map diffint 10 gdoiset group diffintinterface Loopback0ip address 10.65.9.2 255.255.255.255ip pim sparse-dense-modeip pim bidir-enableip pim send-rp-announce Loopback0 scope 16 group-list 1ip pim send-rp-discovery scope 16interface Ethernet0/0ip address 10.0.3.2 255.255.255.01 ip mtu 1000ip pim sparse-dense-modeno ip route-cachecrypto map diffint 2005 Cisco Systems, Inc. All rights reserved.41

Cisco IOS CLI-ConfigurationSteps in configurationclear crypto gdoiKey server configurationGroup membersClearing a GM registrationwith a key serverVerifying securemulticastClears current group-member registrationwith the key server and starts a new registration.All current group-member policy is deleted. A newregistration is started.show crypto gdoiDisplays information about a GDOI configuration. 2005 Cisco Systems, Inc. All rights reserved.42

Multicast Group Security ConfigurationGroup Controller / Key Server Configurationcrypto ipsec transform-set gdoi-trans esp-3des esp-sha-hmaccrypto ipsec profile gdoi-pset security-association lifetime seconds 120set transform-set gdoi-transcrypto gdoi group diffintidentity number 3333rekey address ipv4 101rekey lifetime seconds 300rekey authentication mypubkey rsa mykeys server localsa ipsec 1profile gdoi-pmatch address ipv4 120address ipv4 gdoi source access-list 120 permit ip s prefix/mask d prefix/mask access-list 101 permit udp host gdoi source eq 848 host mroute eq 848ip pim ssm defaultGroup Member Configurationip pim ssm default 2005 Cisco Systems, Inc. All rights reserved.43

Secure Multicast:General Design ConsiderationsApplications (e.g. voice, video)Hub SiteNumber ofrouting peersWANRouterNumber ofbranches Other servicesprovided byhub (e.g. FW,IPS, QoS)KeyServerService er ofconcurrentIKE registrationsWANaggregationcircuit speedGroupMemberAnticipatedutilizationBranchaccess speeds HW encryption modules required and recommended Running routing protocols doesn’t require a tunneling protocol Set MTU on all network devices to 1400 to avoid fragmentation Summarize routes 2005 Cisco Systems, Inc. All rights reserved.44

Secure Multicast: General Design ConsiderationsWhich Mode—Sparse or Dense“Sparse mode Good! Dense modeBad!”Source: “The Caveman’s Guide to IP Multicast”, 2000, R. Davis 2005 Cisco Systems, Inc. All rights reserved.45

PIM-SM (RFC 2362) Assumes no hosts wants multicast traffic unless they specifically askfor it Uses a rendezvous point (RP)Senders and receivers “rendezvous” at this point to learn of each othersexistence.Senders are “registered” with RP by their first-hop routerReceivers are “joined” to the shared tree (rooted at the RP) by theirlocal designated router (DR) Appropriate for Wide scale deployment for both densely and sparsely populated groups inthe enterpriseOptimal choice for all production networks regardless of size andmembership density 2005 Cisco Systems, Inc. All rights reserved.46

RP Resource Demands (*,G) entry – 260 bytes outgoing interface list overhead (S,G) entry – 212 bytes outgoing interface list overhead Outgoing interface list overhead 80 bytes per OIL entryExample of 10 groups with 6 sources per group:# of (*,G)s (260 ( # of OIL entries x 80) 10 (260 (3 x 80)) 5000 bytes for (*,G)# of (S,G)s (212 ( # of OIL e

secured Multicast Secured Multicast . Architecture and components necessary in order for Cisco IOS Software to provide scalable security to IP Multicast group traffic . Via multicast-formatted key message and network replication Fallback t