towards secure and dependable authentication and authorization infrastructures

Towards Secure and Dependable Authentication and Authorization Infrastructures

Diego Kreutz, Alysson Bessani, Eduardo Feitosa, Hugo Cunha

PRDC2014, Singapore

Cyber threats: state of affairs

NSA Director Rogers Urges Cyber-Resiliency Threat Post, Washington, D.C. (United States) Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2014 The White House, Washington, D.C. (United States) Biggest ever cyber security exercise in Europe today European Commission - PRESS RELEASES, October 30, 2014 Survey: Cyber security priorities shift to insider threats FEDERALTIMES US

Authentication & Authorization Infra (AAI)

A typical Authentication & Authorization architecture in an enterprise network

802.1X RADIUS LDAP, SQL

NAS (e.g., WiFi router)

Authentication Server

Backend Service

Client

A user requesting

network access

AAIs are of the most critical pillars of

current IT systems!

Backend Service

Client

Credential theft

Backend Service

Client

Access deny/grant

Backend Service

Client

Access deny/grant

Backend Service

Client

Permissions & credentials

What if end-to-end EAP-TLS?

EAP-TLS

Backend Service

Client

EAP-TLS by itself is still not

enough!

EAP-TLS

Backend Service

Client

AAI Federations & Threats

A typical AAI Federation among enterprise networks (mobility, …)

.PT .SG Federation top-level RADIUS servers

Confederation top-level RADIUS sever

Institutional level RADIUS servers

Network infrastructure, systems and services

U1 U2 U3 U4

AAI Federations & Threats

A typical AAI Federation among enterprise networks (mobility, …)

.PT .SG Federation top-level RADIUS servers

Confederation top-level RADIUS sever

Institutional level RADIUS servers

Network infrastructure, systems and services

U1 U2 U3 U4

Outline

Our Solution

Goals & Challenges

Intrusion-Tolerant AAIs

Conclusion

Evaluation

Mapping the current state of affairs of AAIs

Current State of Affairs of AAIs

Dependability

rity & Trust

Exiting systems are of categories C1, C2 and C43

Our goal is to design systems of categories C4-C6

What can we do about it?

Approach 1: try to fix everything!?

What can we do about it?

Approach 2: increase the system’s security and

dependability

Hybrid system architectures, specialized components, clouds, …

Develop new hybrid system architectures for AAIs.

Design & Provide mechanisms for building fault- and

intrusion-tolerant AAIs

Challenges

Arbitrary fault tolerance in AAI systems

Ensure confidentiality of sensitive data

Keep backward compatibility

Outline

Our Solution

Goals & Challenges

Conclusion

Evaluation

Traditional RADIUS architecture

Backend Service

Client

Shared secret

Shared secret (confidentiality,

integrity)

Traditional RADIUS architecture

Backend Service

Client

Shared secret

How to avoid single points of

failure?

Building a resilient architecture

802.1X

RADIUS LDAP, SQL

Backend Service

Client

Shared secret

‘Multi-path’ by simple

replication

802.1X

RADIUS LDAP, SQL

Backend Service

Client

Shared secret

How to tolerate arbitrary faults?

802.1X

RADIUS

Authentication Gateway

Client Authentication Server & Back-end

Backward compatibility &

SMR integration

BFT-SMR

802.1X

RADIUS

Client

Shared secret

Authentication Server & Back-end

How to ensure the confidentiality of shared secrets?

802.1X

RADIUS

Client

Shared secret

Solution = secure elements on the RADIUS replicas

802.1X

RADIUS

Client

Shared secret

EAP-TLS with BFT-SMR? How

can it work?

EAP-TLS

802.1X

RADIUS

Client

Shared secret

EAP-TLS

EAP-TLS handshake with an adapted PRF

802.1X

RADIUS

Client

Shared secret

EAP-TLS

Let’s simplify by removing the

back-ends

Sensitive Data & Secure Component (SC)

USER Table!!

<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!

…!<IDn> <…, Perm>MAC!

RADIUS$

BFT.SMaRT$

Authentication Service Replica!

OpenID$

HTTP/HTTPS$

Secure$Component$

KNAS$ PrS$

KUser$ ID$

KAssoc$

USER Table!!

RADIUS$

BFT.SMaRT$

OpenID$

HTTP/HTTPS$

DATA Table (NAS | Association)!!

<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!

…!<NASn | Handlern> <…, EKn>!

Secure$Component$

KNAS$ PrS$

KUser$ ID$

KAssoc$

USER Table!!

RADIUS$

BFT.SMaRT$

OpenID$

HTTP/HTTPS$

Secure$Component$

KNAS$ PrS$

KUser$ ID$

KAssoc$

USER Table!!

RADIUS$

SC methods:!!

1. HMAC!2. DecryptRSA!3. SymmCipher!4. Confidential!5. SignRSA!6.  GenAssociation 7.  GenNonce

BFT.SMaRT$

OpenID$

HTTP/HTTPS$

Secure$Component$

KNAS$ PrS$

KUser$ ID$

KAssoc$

Method Protocol Input Output DecryptRSA TLS Packet to be

verified. Status of the signature verification.

SignRSA TLS Data to sign. RSA signature using the key PrS .

SymmCipher TLS/RADIUS Protocol id and data.

Ciphered output of the input data.

Confidential TLS/RADIUS The packet data. A confidential share of the data.

HMAC RADIUS data + encrypted shared key.

HMACMD5 of the input data.

GenAssoc OpenID Public key and two big integers.

Association info + server’s public key.

GenNonce OpenID Two big integers. Pseudo random nonce.

Method Protocol Input Output DecryptRSA TLS Packet to be

verified. Status of the signature verification.

SignRSA TLS Data to sign. RSA signature using the key PrS .

SymmCipher TLS/RADIUS Protocol id and data.

Ciphered output of the input data.

Confidential TLS/RADIUS The packet data. A confidential share of the data.

HMAC RADIUS data + encrypted shared key.

HMACMD5 of the input data.

GenAssoc OpenID Public key and two big integers.

Association info + server’s public key.

GenNonce OpenID Two big integers. Pseudo random nonce.

How to implement a secure component?

A secure component can be “any” device capable of ensuring the !data and operation confidentiality of the target system/environment.!

Smart Cards! Intel SGX! Tamper Resistant a FPGA!

A Highly Secured (shielded) Computer!

Virtual TPM!(e.g. vTPM)!

Secure Hypervisor (e.g. sHyper)!

Generic resilient architecture for AAIS

Protocol 2

Service / Application / Device (fS + 1)

Gateway (AAI front-end)

(fG + 1)

Client AAI Replicas (mfR + 1)

Protocol 2

(fG + 1)

Client AAI Replicas (mfR + 1)

Protocol-specific connection

between elements

Protocol 2

(fG + 1)

Client

Shared secret

AAI Replicas (mfR + 1)

Protocol-specific shared secrets

Generic resilient architecture for AAIS Trusted Third Party (TTP)

Protocol 2

(fG + 1)

Shared secret

AAI Replicas (mfR + 1)

EAP-TLS

Client

Outline

Our Solution

Goals & Challenges

Conclusion

Evaluation

Resilient RADIUS architecture

801.1X/ EAP-TLS

Network Access Server (NAS)

(fS + 1)

RADIUS Gateway (fG + 1)

Symmetric shared secret

Resilient RADIUS (3fR + 1)

Supplicant

RADIUS/ EAP-TLS

SMR/ RADIUS/ EAP-TLS

Resilient RADIUS communications

NAS RADIUS Gateway

RADIUS Replicas

Supplicant Trusted Components

BFT Agreement

801.1X RADIUS BFT-SMR EAP-TLS

BFT Agreement

801.1X RADIUS BFT-SMR EAP-TLS

Resilient OpenID architecture

Service Provider (Relying Party)

(fS + 1)

Resilient OpenID (3fR + 1)

SMR/ HTTP/HTTPS/

OpenID 2.0 HTTP/HTTPS OpenID 2.0

steps 4 and 5

Resilient OpenID Identity Provider

OpenID Gateway (fG + 1)

Client/Web Browser

Resilient OpenID communications

1. Service Request

2. Identification Request

3. Identification URL 4. Discovery (YADIS)

5. XRDS Response

6. Association Request (RP DH public-key)

9. Association Response (IdP DH public-key)

Association Established

10. Authentication Request

11. Credentials Request / Browser Redirection

12. Credentials

15. Authentication Response 16. Authentication

Response

Client/Browser Relying Party OpenID Gateway OpenID Replicas Trusted Components

7. Request (Association Handle + MAC Key + DH

keypair)

8. Response

13. Credentials + Nonce Random Number request

14. Authentication Assertion + Number

Outline

Our Solution

Goals & Challenges

Conclusion

Evaluation

Resilient RADIUS vs FreeRADIUS Environment / Configuration

Resilient RADIUS

7 machines

FreeRADIUS 3 machines

CPU MEM Net

2x4 32G Giga

Supplicant! Network Access Server (NAS)!

(fN + 1) with fN = 0!!

RADIUS !Servers!

(fG + 1) with fG = 1!

Symmetric shared secret!

Supplicant!

Replicated RADIUS (3fR + 1) with fR = 1!

Network Access Server (NAS)!

(fN + 1) with fN = 0!!

RADIUS !Gateway !

(fG + 1) with fG = 1!

Resilient RADIUS vs FreeRADIUS

Latency

Throughput

Fail-stop (crash) and Byzantine faults

Attack FreeRADIUS RADIUS Rep RADIUS Gw

Fail-stop 9s delay No delay 9s delay

Byzantine Max delay of 9s No delay Up to 9s delay

Note: using the default configuration of the RADIUS protocol, i.e., 3s between each retry.

Resilient OpenID

Average Latency: 78.360ms!

Environment vCPU ECUs MEM Network Quinta-VMsR 3 --- 4GB Gigabit Ethernet Quinta-VMsG 6 --- 8GB Gigabit Ethernet Quinta-Phy 16 --- 32GB Gigabit Ethernet Amazon-DCs 2 6.5 7.5GB Public WAN

Resilient OpenID

Near linear gain

10 20 40 80 100 200

Quinta-VMs Quinta-PHY Amazon-DCs

Resilient OpenID (faults & attacks)

10 20 40 80 100

Number of authentications/s

Number of OpenID clients

ROpenID throughput under chash faults and attacks

FF-Exec

1s-Crash

2s-Crash

4s-Crash

8s-Crash

16s-Crash

TCP-ACK-A

TCP-SYN-A

Outline

Our Solution

Goals & Challenges

Conclusion

Evaluation

A hybrid architecture for intrusion-tolerant AAIs

A secure component for ensuring the confidentiality

Backward compatibility for both RADIUS & OpenID

Performance assessment and evaluation under fault & attacks

Towards Secure and Dependable Authentication and Authorization Infrastructures

Diego Kreutz, Alysson Bessani, Eduardo Feitosa, Hugo Cunha

PRDC2014, Singapore

Cyber Crimes/Attacks!

Software Bugs & Vulnerabilities

Logical Failures

Bugs, failures, threats, attacks, …

Cyber threats: state of affairs

NSA Director Rogers Urges Cyber-Resiliency Threat Post, Washington, D.C. (United States)

Guide to Cyber Threat Information Sharing (Draft) National Institute of Standards and Technology (NIST)

Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2014 The White House, Washington, D.C. (United States)

Biggest ever cyber security exercise in Europe today European Commission - PRESS RELEASES, October 30, 2014

Emerging Cyber Threats Report 2015 Georgia Institute of Technology

One million cyber attacks a day on Deutsche Telekom network EU News & policy debates, across languages

Survey: Cybersecurity priorities shift to insider threats FEDERALTIMES US

62 Client / Web Browser!

Service Provider (SP) Relying Party (RP)!

OpenID Server!

steps 4 and 5!

OpenID! Backends!

LDAP$Supplicant!

AAA! Backends!

Network Access Server (NAS)!

AAA/RADIUS!Server!

802.1X! RADIUS!

Traditional OpenID Architecture

Traditional RADIUS Architecture

Typical Authentication & Authorization Infrastructure Architecture

Client!

Auth! Backends!

LDAP$Service! Authentication!Service!

Protocol 1! Protocol 2!

Protocol 3!Protocol 2!

State Machine Replication (SMR) with BFT-SMaRt

Main building blocks (SMR)

AAI#Gateway#

PROPOSE# WEAK#R0#(leader)#

STRONG#

REQUEST# REPLY#

AAI#Replicas#

Vulnerabilities and Threats in AAIs

Vulnerability/Supported features RADIUS OpenID Tolerates crash faults (e.g., back-end clusters) YES YES Tolerates arbitrary faults NO NO Tolerates infrastructure outages NO NO Tolerates DDoS attacks NO NO Risk of common vulnerabilities HIGH HIGH Risk of sensitive data leakage HIGH HIGH Protocol security-related vulnerabilities YES YES Susceptibility to resource depletion attacks YES YES

Resilient OpenID

# of clients Quinta-VMs Quinta-PHY Amazon-DCs 10 501 1489 62 20 769 2540 111 40 986 3487 210 80 1077 4719 401

100 1136 5011 489 200 1424 5290 704

Near linear gain. Saturation points.

Wait! What about resource depletion

attacks?

In virtualized environments, how malicious VMs can

affect the execution of non-malicious VMs?

Resource Depletion Attacks

10 20 40 80 100

ROpenID throughput under CPU depletion attacks

FF-Exec

3vCPUs-Attack

6vCPUs-Attack

12vCPUs-Attack

Resource Depletion Attacks

10 20 40 80 100

ROpenID throughput under attacks

QuintaVMs

TCP-ACK-A

TCP-SYN-A

TCP-SYN-ACK-A

TCP-SSH-A

towards secure and dependable authentication and authorization infrastructures

dependable authentication

radius ldap

typical aai federation

sql nas

network access aais

enterprise networks

current state of affairs

endtoend eaptls

Technology

dependable dads

building dependable software

for peer review only...for peer review only malware...

dependable software systems

european research infrastructures (including...

national authentication and authorization infrastructures...

dependable systems

building dependable systems

dependable - case-center

chapter 10 – dependable systems chapter 10 dependable...

appropriate home technology: depending on dependable...

quick — dependable — secure

dependable wastewater handling

dependable, large capacity pi · dependable, large capacity...

authentication and authorization infrastructures: kerberos...

pervasive authentication and authorization infrastructures...

dependable systems (cse 890), thursday, 27 th 2003 irl...

dependable dad

1 model based risk assessment for dependable critical...

theme 6 – infrastructures techniques 22 infrastructures