Presentation is loading. Please wait.

Presentation is loading. Please wait.

A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Similar presentations

Presentation on theme: "A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications."— Presentation transcript:

1 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 3 Data Link Layer Security

2 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 2 Security Protocols for the OSI Stack Application layerPlatform Security, Web Application Security, VoIP Security, SW Security Transport layerTLSNetwork layerIPsecData Link layer[PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE 802.11i (WPA2) Physical layerQuantum CryptographyCommunication layersSecurity protocols

3 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 3 Information Security 2 (InfSi2) 3.1 Port-Based Network Access Control - IEEE 802.1X

4 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 4 IEEE 802.1X Access Control using EAP Methods 802.1X Supplicant User Credentials 802.1X Authentication Server User Credentials 802.1X Authenticator (WLAN AP, LAN Switch) EAP RADIUSEAPOL*L2 * EAP over LAN (Ethertype 0x888E) 802.1X Supplicants and Authenticators are both Port Access Entities (PAEs)

5 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 5 Information Security 2 (InfSi2) 3.2 Secure Device Identity IEEE 802.1AR - DevID

6 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 6 IEEE 802.1AR Secure Device Identifier DevIDSecure Device Identifier Secure Device Identifier IDevIDInitial Device Identifier Created during manufacturing and cannot be modified Either reaches end of lifetime (certificate) or can be disabled LDevIDLocally Significant Device Identifier One or several may be created by network administrator DevID Module Hardware module which stores the DevID secrets, credentials and the entire credential chain up to the root certificate Contains a strong Random Number Generator (RNG) Implements Asymmetric Algorithms (2048 bit RSA and/or 256 bit ECDSA) Implements SHA-256 Hash Function

7 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 7 IEEE 802.1AR DevID Module Storage Random Number Generator Hash Algorithms Asymmetric Cryptography Service Interface Management Interface DevID Secret[s] DevID Credentials[s] Credential Chain Applications & Operating System

8 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 8 Use of DevIDs DevID use EAP-TLS Authentication Device authentication can be based on its DevID certificate. DevID use in Consumer Devices Similar but more secure than access control based on a MAC address list which can easily be spoofed, a switch, router or access point can allow access based on a registered commonName (CN), serialNumber (SN) or a subjectAltName contained in the DevID certificate. DevID use in Enterprise Devices Similar to the consumer device use case but the DevID is usually registered with a centralAAA server. DevID Module based on Trusted Platform Module (TPM) Each TPM has a unique non-erasable Endorsement Key (EK) to which DevID secrets and credentials can be bound.

9 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 9 Information Security 2 (InfSi2) 3.3 Media Access Layer Security IEEE 802.1AE - MACsec

10 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 10 Four Stations Attached to a LAN PAE Port Access Entity PAE

11 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 11 Connectivity Association (CA) Station D is not part of the CA SecY MAC Security Entity CAK (CA Key) CAK

12 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 12 Secure Channel (SC) and Secure Association (SA) Each SC comprises a succession of SAs each with a different SAK (SA Key)

13 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 13 Secure Channel and Secure Association Identifiers System Identifier Port Identifier Association Number SCI Secure Channel Identifier SAI Secure Association Identifier The Association Number (2 bits) allows the overlapping rekeying of the Secure Association during which two different SAKs co-exist.

14 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 14 Two Stations in a point-to-point LAN PAE

15 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 15 Connectivity Association (CA) CAK SecY CAK SecY

16 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 16 Secure Channel (SC) and Secure Association (SA) SA A  SAK A0, SAK A1, … SA B  SAK B0, SAK B1, … CKN (CAK Name) CAK SecY CKN CAK SecY

17 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 17 IEEE 802.1AE MACsec Frame Format Secure DataFCSDASASecTag MAC Addresses ICV MPDU Optional Encryption Data Integrity User Data DASA MSDUMAC Addresses User Data VLAN Tag PT MSDU – MAC Service Data Unit MPDU – MACsec Protocol Data Unit ICV – Integrity Check Value 8 or 168 to 16

18 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 18 SecTag – Security Tag PN SCI (optional encoding) 0x88E5 MACsec Ethertype – is 0x88E5 TCI – TAG Control Information (6 bits) AN – Association Number (2 bits) SL – Short Length (6 bits) – length of User Data if < 48 octets, 0 otherwise PN – Packet Number – replay protection and IV for encryption SCI – Secure Channel Identifier – identifies Secure Association (SA). In point-to-point links the SCI consists of the Source MAC Address and the Port Identifier 00-01 and thus the SCI doesn’t have to be encoded. 2 0 or 8 TCIAN 14 SL 1

19 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 19 TCI – TAG Control Information Bits V – Version (currently 0) ES – End Station – if set means that the Source MAC Address is part of the SCI and the SCI shall not be explicitly encoded. SC – shall be set only if an explicitly encoded SCI is present SCB – Single Copy Broadcast capability – if ES and SCB are set then the implicit SCI comprises a reserved Port Identifier of 00-00. E – Encryption – if set encryption is enabled C – Changed Text – if clear the Secure Data exactly equals User Data V=0 8 ES 76 SC SCB E C 3 AN 1 5 4 2 Bit

20 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 20 Authenticated Encryption with Associated Data AEAD is based on special block cipher modes: Block size: 128 bits Key size: 128/256 bits Tag size : 128 bits Nonce size: 128 bits 64 bits 32 bits 32 bits AES-Galois/Counter Mode AES-GMAC (auth. only) SCIPNCounter SCIPN0SCIPN1 SCIPN2 Key K Hash Subkey H 0………………..0 Key K Hash Subkey Derivation ICV

21 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 21 Information Security 2 (InfSi2) 3.4 MACsec Key Agreement IEEE 802.1X - MKA

22 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 22 MKA distributes random SAK using CAK MKPDU – MACsec Key Agreement Protocol Data Unit – carried via EAPOL CAK – Connectivity Association Key – pairwise or group root key ICK – ICV Key – used for MKPDU Data Integrity KEK – Key Encrypting Key – used for AES Key Wrap in MKPDU SAK – Secure Association Key MKPDU

23 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 23 MKA Key Derivation Function - KDF The MKA KDF is a Pseudo Random Function (PRF) based on AES-CMAC with a 128 or 256 bit key. Output  KDF(Key, Label, Context, Length) KEK  KDF(CAK,  IEEE8021 KEK , CKN[0..15], 128/256) ICK  KDF(CAK,  IEEE8021 ICK , CKN[0..15], 128/256) SAK  KDF(CAK,  IEEE8021 SAK , KS-nonce | MI-value list | KN, 128/256) KS – Key Server – either elected or EAP Authenticator MI – Member Identifier – all members of a CA KN – Key Number – assigned by Key Server

24 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 24 Connectivity Association Key – CAK CAK as a Pre-Shared-Key (PSK) Can be used either as a pairwise CAK or group CAK Statically configured PSK CKN can be chosen arbitrarily with a size of 1..32 octets CAK via EAP Can be used as a pairwise CAK. Dynamically derived CAK and CKN between two PAEs via EAP CAK  KDF(MSK[0..15]/MSK[0..31],  IEEE8021 EAP CAK , mac1 | mac2, 128/256) CKN  KDF(MSK[0..15]/MSK[0..31],  IEEE8021 EAP CKN , EAP Session-ID | mac1 | mac2, 128/256) where mac1 < mac2 are the MAC addresses of the PAEs and the Master Session Key (MSK) and Session-ID of the EAP method (EAP-TLS, EAP-PEAP, etc) is included.

25 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 25 Use of Pairwise CAKs to Distribute a Group CAK MKPDU

26 A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 26 IEEE 802.1AE Enabled Products Cisco Catalyst 3750-X / 3560-X LAN Access Switch Supports MACsec and MKA on both user/downlink and network/uplink ports Juniper EX Series Switches 802.1AE available with the controlled version of Junos OS

Download ppt "A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications."

Similar presentations

Ads by Google