Documente Academic
Documente Profesional
Documente Cultură
Communications
BRKCCIE-3242
BRKCCIE-3242
Cisco Public
Agenda
BRKCCIE-3242
Cisco Public
Loss of Integrity
Deposit
$1000
Deposit
$100
Confidential
Information
Customer
Impersonation
I am Bob, send me
phone calls.
I am the
PSTN,
send me
calls.
BRKCCIE-3242
Loss
of
Dial
Tone
Bank
Denial of Service
Cisco Public
Introduction to Cryptography:
Symmetric vs. Asymmetric Encryption
Symmetric Encryption
$1000
Encryption and
Decryption Key
Encryption and
Decryption Key
Encrypt
Decrypt
$!@#I
$1000
BRKCCIE-3242
Cisco Public
Usage
Bulk Data Encryption (e-mail, IPsec packets, SRTP, HTTPS, TLS)
Algorithm ExampleAES
Publicly announced by NIST in 2000
Much faster and more efficient than DES/3DES
Used to encrypt signaling (TLS) and media (SRTP)
BRKCCIE-3242
Cisco Public
Asymmetric Encryption
$1000
Encryption
Key
Decryption
Key
Encrypt
Decrypt
%3f7
$1000
Based on key pairs: data encrypted by one key can only be decrypted by other
key
Each entity owns its pair of keys
Only one key (decryption key) must be kept secret
Slow
Algorithms: RSA, ECC, etc.
BRKCCIE-3242
Cisco Public
10
Usage
Low Volume Data (symmetric keys)
Algorithm ExampleRSA
Developed in 1977, public domain since patent expired in 2000
BRKCCIE-3242
Cisco Public
11
BRKCCIE-3242
Cisco Public
12
Hash Functions
One-way functions
Generate fixed-length output
(hash, digest or fingerprint)
from arbitrary input data
Impossible to recover hashed data
from digest
Collisions (multiple inputs result in
same hash
output) possible
Fast
Algorithm Examples: MD5, SHA-1,
SHA-2, SHA-3, etc.
BRKCCIE-3242
Data of Arbitrary
Length
Message
~~~~~~~~~~~~~~
~~~~~~~~~~~~
~~~~~~~~~~~
~~~~~~~~~~~~~
Hash
Function
Fixed-Length
Hash
e883aa0b24c09...
Cisco Public
14
BRKCCIE-3242
Data
Confirm
Order
Confirm
Order
e8F0s31a...
Hashing
Algorithm
Hashing
Algorithm
e8F0s31a...
Same Hash
Digest?
e8F0s31a...
Hash Digest
Cisco Public
15
Data
Confirm
Order
Secret Key
Confirm
Order
Secret Key
bff6f12a0
Hashing
Algorithm
bff6f12a0
HMAC
(Authenticated
Fingerprint)
Hashing
Algorithm
bff6f12a0
HMAC
Verified
Cisco Public
16
Introduction to Cryptography:
Digital Signatures
Digital Signatures
Provide authenticity, integrity and non-repudiation
Based on asymmetric cryptographic methods
Senders private key used as signature-generating key
Senders public key used as signature-verification key
BRKCCIE-3242
Cisco Public
18
Untrusted Network
49eD0e3A7c44.
..
RSA
Encrypt
Signature
Purchase
Order
$100,000
e10d6200aCe
...
Purchase Order
$100,000
RSA
Decrypt
Private
Key of
Signer
BRKCCIE-3242
Public
Key of
Signer
SHA-1
Hash
49eD0e3A7c44...
Same Hash
Digest?
Cisco Public
19
Introduction to Cryptography:
Public Key Infrastructure (PKI)
BRKCCIE-3242
Cisco Public
21
AES Key
User A
User B
RSA
Public Key
of User A
RSA
Private Key
of User B
BRKCCIE-3242
Cisco Public
22
BRKCCIE-3242
User B
User A
Public Key
of User A
Public Key
of User B
Cisco Public
23
BRKCCIE-3242
Cisco Public
24
Public Key
of Trusted
Introducer
User B
User A
Public Key
of User A
Public Key
of User B
Private Key
of User A
Private Key
of User B
Cisco Public
25
Public Key
of Trusted
Introducer
User B
User A
Public Key
of User B
Public Key
of User A
Private Key
of User A
Public Key
of Trusted
Introducer
Public Key
of Trusted
Introducer
Private Key
of User B
Each entity obtains the public key of the trusted introducer and verifies its
authenticity and integrity (out-of-band)
BRKCCIE-3242
Cisco Public
26
Trusted
Introducer
Private Key
of Trusted
Introducer
Public Key
of User B
Public Key
of Trusted
Introducer
User B
User A
Public Key
of User A
Private Key
of User A
Public Key
of User B
Public Key
of Trusted
Introducer
Public Key
of Trusted
Introducer
Private Key
of User B
Each entity submits its public key to the trusted introducer and requests a
certificate
BRKCCIE-3242
Cisco Public
27
PKISigning Certificates
User A
Public Key
of User A
Content
Trusted Introducer
Sign
RSA
Public Key
of User A
Trusted
Introducer
Public Key
of Trusted
Introducer
Signing Key
Private Key
of Trusted
Introducer
The trusted introducer verifies the received public key (out-of-band) and
creates a certificate signed with the trusted introducers private key
BRKCCIE-3242
Cisco Public
28
User A
Public Key of
Trusted
Introducer
Trusted Introducer
Trusted Introducer
Public Key
of User A
Public Key
of User A
Public Key
of User B
Private Key
of User A
Public Key
of Trusted
Introducer
Public Key
of Trusted
Introducer
User B
Public Key
of User B
Private Key
of User B
Cisco Public
29
User A
Public Key
of User A
Trusted Introducer
Public Key
of User B
Public Key
of User A
User B
Public Key
of User B
Untrusted Network
Private Key
of User A
Public Key
of Trusted
Introducer
Public Key
of Trusted
Introducer
Private Key
of User B
Entities can now exchange their public keys by means of their signed
certificates
Signature of a received certificate is verified using the public key of the trusted
introducer. This ensures the authenticity and integrity of the peers public key
BRKCCIE-3242
Cisco Public
30
PKI Entities
Term
Function
CA (Certificate
Authority)
PKI Users
Certificates
Digital form (X.509v3) including the identity of a PKI user, its public
key, and a signature (created by the CA)
Self-signed
Certificates
BRKCCIE-3242
Cisco Public
31
X.509v3 Certificates
Certificate Format Version
Version 3
12457801
C = US O = Cisco CN = CA
Start = 04/01/12
Validity Period
Expire = 04/01/17
C = US O = Cisco CN = CCMCluster001
756ECE0C9ADC7140...
Extension(s) (v3)
CA Signature
BRKCCIE-3242
2C086C7FE0B6E90DA396AB
Cisco Public
32
Introduction to Cryptography:
PKI Example: SSL in the Internet
Internet-CA
Private Key of
Internet-CA
Web Server
Internet-CA
Public Key of
Web Server
Public Key of
Web Server
BRKCCIE-3242
Private Key of
Web Server
Cisco Public
34
BRKCCIE-3242
Cisco Public
35
Web Server
Internet-CA
Public Key of
Internet-CA
Verify Signature
Internet-CA
Internet-CA
Public Key of
Web Server
Public Key of
Web Server
Private Key of
Web Server
Internet
Public Key of
Web Server
Public Key of
Web Server
Cisco Public
36
Web Server
Random String
Sign
Challenge
Rj@as94i...
RSA
Internet
RSA
Public Key of
Web Server
Response
p2CksD3r...
Private Key of
Web Server
Rj@as94i...
The client sends challenge with random data to the web server
The web server uses its private key to sign the data and sends it back to the client
The client verifies the returned data using the public key of the web server previously
retrieved from the certificate
If returned data matches the sent data, the web server has the correct private key, and
therefore it is authentic
BRKCCIE-3242
Cisco Public
37
Web Server
Generate
Session Keys
ke4P6d2e...
RSA
Internet
Session Keys
Private Key of
Web Server
RSA
Public Key of
Web Server
Session
Keys
The client generates symmetric session keys for encryption and HMAC algorithms to
provide session protection
The client encrypts the keys using the public key of the web server and sends them to
the web server
The web server (only) can decrypt the session keys using its private key
BRKCCIE-3242
Cisco Public
38
Session Encryption
Web Browser
Data from
Browser
Data from
Browser
Ss199l4...
AES
Web Server
AES
Session Keys
Session Keys
Data from
Server
Internet
Data from
Server
AES
AES
dV46a7...
Packets between web server and client can now be authenticated (using
HMAC, such as keyed SHA-1) and encrypted (using symmetric encryption
algorithms such as AES)
BRKCCIE-3242
Cisco Public
39
BRKCCIE-3242
Cisco Public
41
Self-Signed Certificates
CCM1
CCM1
Private Key
of CCM1
Private Key
of TFTP
Public Key
of CCM1
Public Key
of TFTP
Public Key
of CCM1
CCM2
Public Key
of TFTP
CCM2
CAPF
CAPF
Private Key
of CCM2
Public Key
of CCM2
TFTP
TFTP
Private Key
of CAPF
Public Key
of CCM2
Public Key
of CAPF
Public Key
of CAPF
Cisco Public
42
Issue Certificate
During Production
Public Key
of Phone
Private Key
of Cisco CA
Cisco CA
Public Key
of Cisco CA
Public Key
of Cisco CA
Cisco IP phone models with MICs have a public and a private key pair and MIC for the
phone installed
The certificate of the IP phone is signed by the Cisco manufacturing CA
Cisco manufacturing CA is the PKI root for all MICs
BRKCCIE-3242
Cisco Public
43
CAPF
Enterprise CA
CAPF Enroll
Enroll
Enroll
LSCs can be used on phones with MICs or on Cisco Unified IP Phone 7940
and 7960 models (SCCP only)
They use LSCs issued by the CAPF
The CAPF can be a CA itself (self-signed) or Sub-CA of Enterprise CA
CAPF or external CA is the root for all LSCs
BRKCCIE-3242
Cisco Public
44
CCM1
Private Key
of TFTP
Private Key
of CCM1
Public Key
of CCM1
Public Key
of TFTP
Public Key
of TFTP
Public Key
of CCM1
Cisco CA
TFTP
TFTP
MIC
7941
Cisco CA
Public Key
of 7941
LSC
7940
CAPF CA
CAPF
Public Key
of 7940
Cisco Public
45
CCM1
Cisco CTL Client
TFTP
CCM1
Private Key
of Cisco
Cisco CA
CTL Client
Public Key
of TFTP
Public Key
of CCM1
Cisco CA
CAPF
Public Key
of Cisco
CTL Client
Public Key
of CAPF
Public Key
of CCM1
TFTP
TFTP
Public Key
of TFTP
CAPF
CAPF
Public Key
of CAPF
Cisco Public
47
CTL Download
Cisco CTL Client
TFTP
CCM1
Public Key
of TFTP
Public Key
of CCM1
Cisco CA
TFTP
Public Key
of Phone
Private Key
of Phone
Cisco CA
Public Key
of Phone
Public Key
of Cisco
CTL Client
Cisco Public
48
Security Token
Cisco Public
49
CCM1
Public Key
of TFTP
Public Key
of CCM1
Cisco CA
CCM2
Cisco CA
Public Key
of Cisco
CTL Client
Public Key
of CCM2
Public Key
of Cisco
CTL Client
TFTP
New CTL
over TFTP
Public Key
of TFTP
CCM1
Public Key
of CCM1
Cisco Public
50
BRKCCIE-3242
Cisco Public
51
TFTP
Server
XML
Configuration
File
TFTP
Public Key
of TFTP
Signature of
TFTP Server
Config2.xml.sgn
TFTP
Configuration files signed by the TFTP server (using its private key)
Phone verifies signature before applying configuration (using corresponding
public key from CTL)
Automatically done for supported IP phones when security mode is enabled for
cluster
Prevents falsification of phone configuration files
BRKCCIE-3242
Cisco Public
53
TFTP Server
XML Configuration
File with Encrypted
Content
Symmetric Key
Used for
Encryption and
Decryption
Config2.xml.sgn
TFTP
Cisco Public
54
TLS hellos are used to negotiate attributes of the TLS session (one or two-way
certificate exchange, encryption and HMAC algorithms, key lengths, etc.)
Certificates are exchanged
Certificates are then validated
BRKCCIE-3242
Cisco Public
56
Server-to-Phone Authentication
Phone Hello
CallManager Hello
CallManager Certificate
Certificate Request
Phone Certificate
Challenge1
Response1
Cisco Public
57
Phone-to-Server Authentication
Phone Hello
CallManager Hello
CallManager Certificate
Certificate Request
Phone Certificate
Challenge1
Response1
Challenge2
Response2
The server sends a challenge to the IP phone containing random data to be signed by the IP
phone
The IP phone signs the random data with its private key and returns the signed data to the
server
The server verifies the signature using the public key of the IP phone
Prevents impersonation of IP phone
BRKCCIE-3242
Cisco Public
58
The IP phone generates session keys for SHA-1 and AES, encrypts them using the public key
of the server and sends the encrypted keys to the server
The server decrypts the keys
IP phone and server now share secret keys
BRKCCIE-3242
Cisco Public
59
TLS
SHA-1
AES
SCCP
or SIP
SHA-1
AES
Symmetric keys shared by IP phone and server are used to protect signaling
message (SCCP or SIP) using authenticated and encrypted TLS packets
Prevents falsification and eavesdropping of signaling messages
BRKCCIE-3242
Cisco Public
60
P X CC M
PT
Sequence Number
Time Stamp
Synchronization Source (SSRC) Identifier
Contributing Sources (CSRC) Identifier
...
RTP Extension (Optional)
RTP Payload
SRTP MKI0 Bytes for Voice
SHA-1 Authentication Tag (Truncated Fingerprint)
Encrypted Data
BRKCCIE-3242
Authenticated Data
Cisco Public
62
SRTP Encryption
Voice
Voice
AES
AES
AES Key
74liz22U
AES Key
Encrypted Voice
74liz22U
74liz22U
The sender encrypts the RTP payload using the AES algorithm and a symmetric key
The receiver uses the same key to decrypt the RTP payload
Prevents eavesdropping of conversation
BRKCCIE-3242
Cisco Public
63
SRTP Authentication
Voice or
Encrypted
Voice
Voice or
Encrypted
Voice
+
SHA-1 Key
+
SHA-1 Key
SHA-1
SHA-1
32-bit Truncated
Hashes Equal?
s197i
Voice or
Encrypted
Voice
s197i
s197i
The sender hashes the RTP payload together using the SHA-1 algorithm and a symmetric key
The hash digest is truncated to 32 bits and added to the RTP packet
The receiver uses the same key for a local computation of the truncated hash and compares it against
the received one
Prevents falsification of RTP packets
BRKCCIE-3242
Cisco Public
64
Cisco Public
65
IPsec
Network layer based security
Applicable for any sensitive traffic that is not protected by applications themselves
Especially important when cryptographic keys are sent in clear textlike SRTP keys in
signaling messages
Cisco Public
67
H.323
IP Phone
H.323
Gateway
SRTP
Cisco Unified
Communications Manager
TLS
MGCP
IP Phone
SRTP
Cisco Unified
Communications Manager
TLS
IP Phone
BRKCCIE-3242
Recommendation: Use
closest-possible network
infrastructure device
instead of Cisco Unified
Communications
Manager
MGCP
Gateway
Cisco Unified
Communications Manager
inter- or intra-cluster
SRTP
TLS
IP Phone
Cisco Public
68
Secure SRST
TLS
IP Phone
SRTP
TLS
Secure
SRST
IP Phone
Allows Cisco IP phones to use TLS for signaling and SRTP for
media when in SRST mode
Prevents impersonation of SRST gateway and IP phones
Prevents falsification and eavesdropping of signaling and
RTP packets
BRKCCIE-3242
Cisco Public
70
MIC
CA
LSC
SRST Certificate
SRST
IP Phone
Phones have certificates (MIC and/or LSC) and CTL
The SRST gateway obtains a certificate from any (external) CA
BRKCCIE-3242
Cisco Public
71
Cisco Public
72
Imports certificate from the Secure SRST gateway over the network
Manual certificate fingerprint verification required
BRKCCIE-3242
Cisco Public
73
BRKCCIE-3242
Cisco Public
74
SRST
Certificate
Obtained from Gateway
Credentials Service during Configuration
and added to IP Phone Configuration Files
Configuration
File (signed)
Compare
Certificates
SRST
Certificate
SRST Certificate
(signed by any CA)
Manually entered
SRST
Certificate
SRST
or
IP Phone
CAPF Certificate
Cisco CA
Certificates
Certificates
Signature
IP phone verifies received SRST gateway certificate against the one in its
configuration file
SRST gateway checks received IP phone certificates signature using public key of
issuer (Cisco CA or CAPF)
BRKCCIE-3242
Cisco Public
75
BRKCCIE-3242
Cisco Public
77
Cisco Public
78
IP Phone
downloads ITL
file from TFTP
server.
2
IP phone requests
ITL file from TFTP
Server at boot time
BRKCCIE-3242
Cisco Public
79
Cisco Unified
Communications
Manager cluster with
TVS servers
TFTP server
sends the signed
and encrypted
configuration file
Phone requests
configuration file from
TFTP server
3
BRKCCIE-3242
Phone registers at
Cisco Unified
Communications
Manager
Cisco Public
80
4. Phone requests
TVS to validate
received
certificate
2. Server sends
its certificate
Certificate Repository
5. TVS Server
validates received
certificate
5
Cisco Unified
Communications
Manager cluster with
TVS servers
1. Request to 1
establish HTTPS
connection
3. Establish TLS
encrypted
communication
4
3
6
BRKCCIE-3242
6. Certificate
validation result is
sent to phone
Cisco Public
81
BRKCCIE-3242
Cisco Public
82
Cisco IP Phones
with VPN Tunnels
Internet
SSL VPN: TLS/DTLS
Cisco ISR
BRKCCIE-3242
Cisco Public
Cisco Unified
Communications
Manager Cluster
84
Options
Description
Gateway
authentication
Certificate
Client
authentication
Username with
password
Phone certificate
Username with
password and phone
certificate
BRKCCIE-3242
Cisco Public
85
relevant VPN
certificates are
added to signed
configuration file
Cisco Unified
Communications
Manager
Public Key of
ISR-VPN
Any-CA
Public Key of
ISR-VPN
BRKCCIE-3242
Any CA
Any CA
Public Key of
ASA-VPN
Cisco Public
86
CAPF
CAPF
Public Key of
CAPF
Public Key of
Phone1
Cisco CA
Cisco CA
Any-CA
Public Key of
Phone1
BRKCCIE-3242
CA
certificates
are
manually
added
Public Key of
ASA-VPN
Cisco Public
87
Summary
Summary
Threats to Cisco Unified
Communications
Loss of privacy
Loss of integrity
Impersonation
Denial of service
Cryptography
BRKCCIE-3242
Cisco Public
89
Q&A
Cisco Public
91