towards secure and dependable authentication and authorization infrastructures

Towards Secure and Dependable Authentication and Authorization Infrastructures

Diego Kreutz, Alysson Bessani, Eduardo Feitosa, Hugo Cunha

PRDC2014, Singapore

Cyber threats: state of affairs

2

NSA Director Rogers Urges Cyber-Resiliency Threat Post, Washington, D.C. (United States) Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2014 The White House, Washington, D.C. (United States) Biggest ever cyber security exercise in Europe today European Commission - PRESS RELEASES, October 30, 2014 Survey: Cyber security priorities shift to insider threats FEDERALTIMES US

Authentication & Authorization Infra (AAI)

A typical Authentication & Authorization architecture in an enterprise network

3

802.1X RADIUS LDAP, SQL

NAS (e.g., WiFi router)

Authentication Server

Backend Service

Client

A user requesting

network access

AAIs are of the most critical pillars of

current IT systems!



4




Backend Service

Client

Credential theft



5




Backend Service

Client

Access deny/grant



6




Backend Service

Client

Access deny/grant



7




Backend Service

Client

Permissions & credentials



8




What if end-to-end EAP-TLS?

EAP-TLS

Backend Service

Client



9




EAP-TLS by itself is still not

enough!

EAP-TLS

Backend Service

Client

AAI Federations & Threats

A typical AAI Federation among enterprise networks (mobility, …)

10

.PT .SG Federation top-level RADIUS servers

Confederation top-level RADIUS sever

Institutional level RADIUS servers

Network infrastructure, systems and services

U1 U2 U3 U4

AAI Federations & Threats

A typical AAI Federation among enterprise networks (mobility, …)

11

.PT .SG Federation top-level RADIUS servers

Confederation top-level RADIUS sever

Institutional level RADIUS servers

Network infrastructure, systems and services

U1 U2 U3 U4

Outline

Our Solution

Goals & Challenges

Intrusion-Tolerant AAIs

Conclusion

Evaluation

13

Mapping the current state of affairs of AAIs

14

Current State of Affairs of AAIs

Dependability

Secu

rity & Trust

C1

C2

C3 C4

C6

C5

Exiting systems are of categories C1, C2 and C43

Our goal is to design systems of categories C4-C6

15

What can we do about it?

Approach 1: try to fix everything!?

16

What can we do about it?

Approach 2: increase the system’s security and

dependability

Hybrid system architectures, specialized components, clouds, …

Goals

17

Develop new hybrid system architectures for AAIs.

Design & Provide mechanisms for building fault- and

intrusion-tolerant AAIs

Challenges

18

Arbitrary fault tolerance in AAI systems

Ensure confidentiality of sensitive data

Keep backward compatibility

Outline

Our Solution

Goals & Challenges


Conclusion

Evaluation

20

Traditional RADIUS architecture




Backend Service

Client

Shared secret

Shared secret (confidentiality,

integrity)

21

Traditional RADIUS architecture




Backend Service

Client

Shared secret

How to avoid single points of

failure?

22

Building a resilient architecture

802.1X

RADIUS LDAP, SQL



Backend Service

Client

Shared secret

‘Multi-path’ by simple

replication

23


802.1X

RADIUS LDAP, SQL



Backend Service

Client

Shared secret

How to tolerate arbitrary faults?

24


802.1X

RADIUS


Authentication Gateway

Client Authentication Server & Back-end

Backward compatibility &

SMR integration

BFT-SMR

25


802.1X

RADIUS



Client

Shared secret

Authentication Server & Back-end

How to ensure the confidentiality of shared secrets?

26


802.1X

RADIUS



Client

Shared secret


Solution = secure elements on the RADIUS replicas

27


802.1X

RADIUS



Client

Shared secret


EAP-TLS with BFT-SMR? How

can it work?

EAP-TLS

28


802.1X

RADIUS



Client

Shared secret


EAP-TLS

EAP-TLS handshake with an adapted PRF

29


802.1X

RADIUS



Client

Shared secret


EAP-TLS

Let’s simplify by removing the

back-ends

30

Sensitive Data & Secure Component (SC)

USER Table!!

<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!

…!<IDn> <…, Perm>MAC!

TLS$

EAP$

RADIUS$

BFT.SMaRT$

Authentication Service Replica!

OpenID$

HTTP/HTTPS$

Secure$Component$

PuCA$

KNAS$ PrS$

KUser$ ID$

KAssoc$

$$

31


USER Table!!



TLS$

EAP$

RADIUS$

BFT.SMaRT$


OpenID$

HTTP/HTTPS$

DATA Table (NAS | Association)!!

<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!

…!<NASn | Handlern> <…, EKn>!

Secure$Component$

PuCA$

KNAS$ PrS$

KUser$ ID$

KAssoc$

32


USER Table!!



TLS$

EAP$

RADIUS$

BFT.SMaRT$


OpenID$

HTTP/HTTPS$




Secure$Component$

PuCA$

KNAS$ PrS$

KUser$ ID$

KAssoc$

33


USER Table!!






TLS$

EAP$

RADIUS$

SC methods:!!

1. HMAC!2. DecryptRSA!3. SymmCipher!4. Confidential!5. SignRSA!6.  GenAssociation 7.  GenNonce

BFT.SMaRT$


OpenID$

HTTP/HTTPS$

Secure$Component$

PuCA$

KNAS$ PrS$

KUser$ ID$

KAssoc$

34


Method Protocol Input Output DecryptRSA TLS Packet to be

verified. Status of the signature verification.

SignRSA TLS Data to sign. RSA signature using the key PrS .

SymmCipher TLS/RADIUS Protocol id and data.

Ciphered output of the input data.

Confidential TLS/RADIUS The packet data. A confidential share of the data.

HMAC RADIUS data + encrypted shared key.

HMACMD5 of the input data.

GenAssoc OpenID Public key and two big integers.

Association info + server’s public key.

GenNonce OpenID Two big integers. Pseudo random nonce.

35


Method Protocol Input Output DecryptRSA TLS Packet to be

verified. Status of the signature verification.

SignRSA TLS Data to sign. RSA signature using the key PrS .

SymmCipher TLS/RADIUS Protocol id and data.

Ciphered output of the input data.

Confidential TLS/RADIUS The packet data. A confidential share of the data.

HMAC RADIUS data + encrypted shared key.

HMACMD5 of the input data.

GenAssoc OpenID Public key and two big integers.

Association info + server’s public key.

GenNonce OpenID Two big integers. Pseudo random nonce.

36

How to implement a secure component?

A secure component can be “any” device capable of ensuring the !data and operation confidentiality of the target system/environment.!

Smart Cards! Intel SGX! Tamper Resistant a FPGA!

A Highly Secured (shielded) Computer!

Virtual TPM!(e.g. vTPM)!

Secure Hypervisor (e.g. sHyper)!

Generic resilient architecture for AAIS

37

Protocol 2

Service / Application / Device (fS + 1)

Gateway (AAI front-end)

(fG + 1)

Client AAI Replicas (mfR + 1)

AA

I SC

s (m

f R +

1)


38

Protocol 2



(fG + 1)

Client AAI Replicas (mfR + 1)

AA

I SC

s (m

f R +

1)

Protocol-specific connection

between elements


39

Protocol 2



(fG + 1)

Client

Shared secret

AAI Replicas (mfR + 1)

AA

I SC

s (m

f R +

1)

Protocol-specific shared secrets

Generic resilient architecture for AAIS Trusted Third Party (TTP)

40

Protocol 2



(fG + 1)

Shared secret

AAI Replicas (mfR + 1)

EAP-TLS

AA

I SC

s (m

f R +

1)

Client

Outline

Our Solution

Goals & Challenges


Conclusion

Evaluation

Resilient RADIUS architecture

42

801.1X/ EAP-TLS

Network Access Server (NAS)

(fS + 1)

RADIUS Gateway (fG + 1)

Symmetric shared secret

Resilient RADIUS (3fR + 1)

Supplicant

RADIUS/ EAP-TLS

SMR/ RADIUS/ EAP-TLS

Resilient RADIUS communications

43

NAS RADIUS Gateway

RADIUS Replicas

Supplicant Trusted Components

BFT Agreement

801.1X RADIUS BFT-SMR EAP-TLS

BFT Agreement

801.1X RADIUS BFT-SMR EAP-TLS

Resilient OpenID architecture

44

Service Provider (Relying Party)

(fS + 1)

Resilient OpenID (3fR + 1)

SMR/ HTTP/HTTPS/

OpenID 2.0 HTTP/HTTPS OpenID 2.0

steps 4 and 5

Resilient OpenID Identity Provider

OpenID Gateway (fG + 1)

Client/Web Browser

45

Resilient OpenID communications

1. Service Request

2. Identification Request

3. Identification URL 4. Discovery (YADIS)

5. XRDS Response

6. Association Request (RP DH public-key)

9. Association Response (IdP DH public-key)

Association Established

10. Authentication Request

11. Credentials Request / Browser Redirection

12. Credentials

15. Authentication Response 16. Authentication

Response

Client/Browser Relying Party OpenID Gateway OpenID Replicas Trusted Components

7. Request (Association Handle + MAC Key + DH

keypair)

8. Response

13. Credentials + Nonce Random Number request

14. Authentication Assertion + Number

Outline

Our Solution

Goals & Challenges


Conclusion

Evaluation

47

Resilient RADIUS vs FreeRADIUS Environment / Configuration

Resilient RADIUS

7 machines

FreeRADIUS 3 machines

CPU MEM Net

2x4 32G Giga

Supplicant! Network Access Server (NAS)!

(fN + 1) with fN = 0!!

RADIUS !Servers!

(fG + 1) with fG = 1!

Symmetric shared secret!

Supplicant!

Replicated RADIUS (3fR + 1) with fR = 1!

Network Access Server (NAS)!

(fN + 1) with fN = 0!!

RADIUS !Gateway !

(fG + 1) with fG = 1!


48

Resilient RADIUS vs FreeRADIUS

Latency

49


Throughput

50


Fail-stop (crash) and Byzantine faults

Attack FreeRADIUS RADIUS Rep RADIUS Gw

Fail-stop 9s delay No delay 9s delay

Byzantine Max delay of 9s No delay Up to 9s delay

Note: using the default configuration of the RADIUS protocol, i.e., 3s between each retry.

51

Resilient OpenID

Average Latency: 78.360ms!



Environment vCPU ECUs MEM Network Quinta-VMsR 3 --- 4GB Gigabit Ethernet Quinta-VMsG 6 --- 8GB Gigabit Ethernet Quinta-Phy 16 --- 32GB Gigabit Ethernet Amazon-DCs 2 6.5 7.5GB Public WAN

52

Resilient OpenID

Near linear gain

0

1000

2000

3000

4000

5000

6000

10 20 40 80 100 200

Quinta-VMs Quinta-PHY Amazon-DCs

53

Resilient OpenID (faults & attacks)

400

600

800

1000

1200

1400

1600

10 20 40 80 100

Number of authentications/s

Number of OpenID clients

ROpenID throughput under chash faults and attacks

FF-Exec

1s-Crash

2s-Crash

4s-Crash

8s-Crash

16s-Crash

TCP-ACK-A

TCP-SYN-A

Outline

Our Solution

Goals & Challenges


Conclusion

Evaluation

55

A hybrid architecture for intrusion-tolerant AAIs

56


A secure component for ensuring the confidentiality

57



Backward compatibility for both RADIUS & OpenID

58



Backward compatibility for both RADIUS & OpenID

Performance assessment and evaluation under fault & attacks

Towards Secure and Dependable Authentication and Authorization Infrastructures

Diego Kreutz, Alysson Bessani, Eduardo Feitosa, Hugo Cunha

PRDC2014, Singapore

Cyber Crimes/Attacks!

Software Bugs & Vulnerabilities

Logical Failures

60

Bugs, failures, threats, attacks, …

Cyber threats: state of affairs

61

NSA Director Rogers Urges Cyber-Resiliency Threat Post, Washington, D.C. (United States)

Guide to Cyber Threat Information Sharing (Draft) National Institute of Standards and Technology (NIST)

Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2014 The White House, Washington, D.C. (United States)

Biggest ever cyber security exercise in Europe today European Commission - PRESS RELEASES, October 30, 2014

Emerging Cyber Threats Report 2015 Georgia Institute of Technology

One million cyber attacks a day on Deutsche Telekom network EU News & policy debates, across languages

Survey: Cybersecurity priorities shift to insider threats FEDERALTIMES US


62 Client / Web Browser!

Service Provider (SP) Relying Party (RP)!

OpenID Server!

steps 4 and 5!

OpenID! Backends!

SQL$

LDAP$Supplicant!

AAA! Backends!

SQL$

LDAP$

Network Access Server (NAS)!

AAA/RADIUS!Server!


802.1X! RADIUS!

AAA$

Traditional OpenID Architecture

Traditional RADIUS Architecture

Typical Authentication & Authorization Infrastructure Architecture

Client!

Auth! Backends!

SQL$

LDAP$Service! Authentication!Service!

Protocol 1! Protocol 2!

Protocol 3!Protocol 2!

State Machine Replication (SMR) with BFT-SMaRt

63

Main building blocks (SMR)

AAI#Gateway#

PROPOSE# WEAK#R0#(leader)#

R1#

R2#

R3#

STRONG#

REQUEST# REPLY#

AAI#Replicas#

64

Vulnerabilities and Threats in AAIs

Vulnerability/Supported features RADIUS OpenID Tolerates crash faults (e.g., back-end clusters) YES YES Tolerates arbitrary faults NO NO Tolerates infrastructure outages NO NO Tolerates DDoS attacks NO NO Risk of common vulnerabilities HIGH HIGH Risk of sensitive data leakage HIGH HIGH Protocol security-related vulnerabilities YES YES Susceptibility to resource depletion attacks YES YES

65

Resilient OpenID

# of clients Quinta-VMs Quinta-PHY Amazon-DCs 10 501 1489 62 20 769 2540 111 40 986 3487 210 80 1077 4719 401

100 1136 5011 489 200 1424 5290 704


Near linear gain. Saturation points.

Wait! What about resource depletion

attacks?

In virtualized environments, how malicious VMs can

affect the execution of non-malicious VMs?

67

Resource Depletion Attacks

68


69


200

400

600

800

1000

1200

1400

1600

10 20 40 80 100



ROpenID throughput under CPU depletion attacks

FF-Exec

3vCPUs-Attack

6vCPUs-Attack

12vCPUs-Attack

70


200

400

600

800

1000

1200

1400

1600

10 20 40 80 100



ROpenID throughput under attacks

QuintaVMs

TCP-ACK-A

TCP-SYN-A

TCP-SYN-ACK-A

TCP-SSH-A

towards secure and dependable authentication and authorization infrastructures

Technology

dependable authentication

radius ldap

typical aai federation

sql nas

network access aais

enterprise networks

current state of affairs

endtoend eaptls