Académique Documents
Professionnel Documents
Culture Documents
Cryptography in Cisco
Unified Communications
BRKCRT-2202
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Agenda
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5
Confidential Information
Customer Bank
Loss
I am Bob, of Dial
send me Tone
I am the PSTN, phone calls.
send me calls.
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7
Symmetric Encryption
Encryption and Encryption and
Decryption Key Decryption Key
Encrypt Decrypt
$1000 $!@#IQ $1000
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Key Management
Different key for each pair of devices
Keys should be changed frequently (hours to weeks)
Same key must be known by both parties
Usage
Bulk Data Encryption (e-mail, IPsec packets, sRTP, HTTPS, TLS)
Algorithm Example—AES
Publicly announced by NIST in 2000
Much faster and more efficient than DES/3DES
Used to encrypt signaling (TLS) and media (sRTP)
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Asymmetric Encryption
Encryption Decryption
Key Key
Encrypt Decrypt
$1000 %3f7&4 $1000
Key Management
Different key pair for each entity
Keys can be used for longer periods (months to years)
One key must remain secret (“private key”), the other key must
be known by other entities (“public key”)
Usage
Low Volume Data (symmetric keys)
Algorithm Example—RSA
Developed in 1977, public domain since patent expired in 2000
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Confidentiality
Sender encrypts data with public key of the receiver
Any sender can generate encrypted message
Senders need to know public key of receiver
Only receiver can decrypt encrypted data
Only receiver knows its corresponding private key
Authenticity and Integrity
Sender encrypts data with its own private key
Only sender can generate encrypted (signed) message
Only sender knows its private key
All receivers can decrypt encrypted (signed) message
All receivers need to know corresponding public key of sender
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13
Hash Functions
One-way functions
Message
Generate fixed-length Data of ~~~~~~~~~~~~~~
Arbitrary ~~~~~~~~~~~~
output (“hash”, “digest” or ~~~~~~~~~~~
Length
“fingerprint”) from arbitrary ~~~~~~~~~~~~~
input data
Impossible to recover Hash
Function
hashed data from digest
Collisions (multiple inputs
result in same hash
output) possible
Fast Fixed-Length
e883aa0b24c09...
Algorithms: MD5, SHA-1 Hash
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14
e8F0s31a...
Receiver cannot detect Hashing
Algorithm
the manipulation. e8F0s31a...
Same Hash
For security, a secret e8F0s31a...
Digest?
element has to be added Hash Digest
to the computation.
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Digital Signatures
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Digital Signatures
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18
SHA-1 Hash
Untrusted Network
49eD0e3A7c44...
Purchase Order Purchase Order
$100,000 $100,000
RSA Signature
e10d6200aCe...
Encrypt
RSA
SHA-1 Hash
Decrypt
Private Key Public Key
of Signer of Signer 49eD0e3A7c44...
Same Hash Digest?
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Introduction to
Cryptography
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21
A RSA RSA B
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Each entity obtains the public key of the trusted introducer and
verifies its authenticity and integrity (out-of-band)
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Each entity submits its public key to the trusted introducer and
requests a certificate
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27
PKI—Signing Certificates
A
Public Key
of User A Content
Trusted
Introducer
Sign
RSA
Public Key
of User A
Public Key
Trusted of Trusted Signing Public Key of User A
Introducer Key Signed by the
Introducer
Trusted Introducer
Private Key
of Trusted
Introducer
The trusted introducer verifies the received public key (out-of-band) and
creates a certificate signed with the trusted introducer’s private key
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28
Trusted Trusted
Introducer Introducer
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29
Trusted Trusted
Introducer Introducer
Untrusted Network
Private Key Public Key Public Key Private Key
A of User A of Trusted of Trusted of User C C
Introducer Introducer
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30
Term Function
CA (Certificate The trusted introducer signing certificates of PKI entities
Authority) (PKI users)
PKI Users Devices, users, or applications that want to safely
distribute their public keys
Certificates Digital form (X.509v3) including the identity of a PKI
user, its public key, and a signature (created by the CA)
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31
X.509v3 Certificates
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34
Public Key of
Internet-CA
Verify
Signature
The client sends challenge with random data to the web server
The web server uses its private key to sign the data and sends it back to the client
The client verifies the returned data using the public key of the web server
previously retrieved from the certificate
If returned data matches the sent data, the web server has the correct private key,
and therefore it is authentic
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37
Generate
Session Keys
ke4P6d23Le... RSA
Session Keys
Internet Private Key of
Web Server
RSA
Session Keys
Public Key of
Web Server
The client generates symmetric session keys for encryption and HMAC algorithms
to provide session protection
The client encrypts the keys using the public key of the web server and sends them
to the web server
The web server (only) can decrypt the session keys using its private key
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38
Ss199le4... AES
Session Keys
Session Keys
Internet
Data from
AES
Server
Data from
AES dV46ax7...
Server
Packets between web server and client can now be authenticated (using HMAC,
such as keyed SHA-1) and encrypted (using symmetric encryption algorithms such
as AES)
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39
Cisco Unified
Communications
Manager Security
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41
Self-Signed Certificates
CCM1 TFTP TFTP
CCM1
Private Key Private Key
of CCM1 of TFTP
Cisco CA
Cisco CA
Issue Certificate
Private Key During Production Private Key
of Phone of Cisco CA
Public Key
of Phone
Public Key Cisco CA Public Key
of Phone of Cisco CA
Public Key
of Cisco CA Public Key
of Cisco CA
Cisco IP phone models with MICs have a public and a private key pair
and MIC for the phone installed
The certificate of the IP phone is signed by the Cisco manufacturing CA
Cisco manufacturing CA is the PKI root for all MICs
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43
Enroll Enroll
Cisco CA CAPF
Cisco Unified
Communications
Manager Security
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46
TFTP TFTP
Public Key Public Key
Private Key of TFTP of CCM1
of Cisco
Public Key CTL Client
of TFTP Cisco CA Cisco CA CAPF
CAPF
CAPF
Public Key Public Key Public Key
of Cisco of Cisco of Cisco Public Key
CTL Client CTL Client CTL Client of CAPF
Public Key
of CAPF
CTL Download
Cisco CTL Client
Cisco CA
TFTP CCM1
Private Key
Cisco CA of Phone
Public Key
of Cisco Public Key
CTL Client of Phone
Public Key Public Key New CTL Public Key Public Key
of TFTP of CCM1 of TFTP of CCM1
over TFTP
Cisco Unified
Communications
Manager Security
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52
Image.bin.sgn
TFTP
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53
Cisco Unified
Communications
Manager Security
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54
Config2.xml.sgn
TFTP
Configuration files signed by the TFTP server (using its private key)
Phone verifies signature before applying configuration (using
corresponding public key from CTL)
Automatically done for supported IP phones when security mode is
enabled for cluster
Prevents falsification of phone configuration files
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55
Config2.xml.sgn
TFTP
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57
RTP Payload
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58
AES AES
AES AES
The sender encrypts the RTP payload using the AES algorithm and a
symmetric key
The receiver uses the same key to decrypt the RTP payload
Prevents eavesdropping of conversation
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59
sRTP Authentication
Voice or
Encrypted +
Voice or SHA-1
+ Voice
Encrypted
SHA-1
Voice
SHA-1
SHA-1
32-bit Truncated
Hashes Equal?
s197i
Voice or
s197i Encrypted s197i
Voice
A B
The sender hashes the RTP payload together using the SHA-1 algorithm and a
symmetric key
The hash digest is truncated to 32 bits and added to the RTP packet
The receiver uses the same key for a local computation of the truncated hash and
compares it against the received one
Prevents falsification of RTP packets
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60
Cisco Unified
Communications
Manager Security
Secure Signaling
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62
CallManager Hello
CallManager Certificate
Certificate Request
Phone Certificate
TLS hellos are used to negotiate attributes of the TLS session (one
or two-way certificate exchange, encryption and HMAC algorithms,
key lengths, etc.)
Certificates are exchanged
Certificates are then validated
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63
Server-to-Phone Authentication
Phone Hello
CallManager Hello
CallManager Certificate
Certificate Request
Phone Certificate
Challenge1
Response1
CallManager Hello
CallManager Certificate
Certificate Request
Phone Certificate
Challenge1
Response1
Challenge2
Response2
CallManager Hello
CallManager Certificate
Certificate Request
Phone Certificate
Challenge1
Response1
Challenge2
Response2
Key Exchange
The IP phone generates session keys for SHA-1 and AES, encrypts them
using the public key of the server and sends the encrypted keys to the server
The server decrypts the keys
IP phone and server now share secret keys
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66
TLS
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67
Cisco Unified
Communications
Manager Security
Secure Conferencing
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68
Secure Conferencing
Configuration Procedure
1. Obtain a certificate for the secure conference media resource at
the Cisco IOS router
2. Configure a secure conference media resource in Cisco IOS
software and associate it with the previously obtained certificate
3. Export Cisco Unified Communications Manager certificate(s)
4. Add downloaded Cisco Unified Communications Manager
certificate(s) to Cisco IOS router
5. Export certificate of the CA that issued the certificate to the secure
conference media resource
6. Add downloaded CA certificate(s) to Cisco Unified
Communications Manager server(s)
7. Add and configure the secure conference bridge in Cisco Unified
Communications Manager
8. Optional: Configure a minimum security level for Meet-Me
conferences if desired (default is nonsecure)
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71
IPSec
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73
IPsec
Network layer based security
Applicable for any sensitive traffic that is not protected
by applications themselves
Especially important when cryptographic keys are sent in clear
text—like sRTP keys in signaling messages
Server-to-server intra-cluster signaling
Inter-cluster trunk signaling
Signaling to H.323 gateways
Signaling MGCP gateways
Supported by Cisco Unified Communications Manager 5
ESP only, no AH
Pre-shared keys or X.509 certificates
Recommended to be used on network infrastructure devices
Prevents impersonation of IPsec peers
Prevents falsification and eavesdropping of protected IP packets
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74
TLS MGCP
IP Phone MGCP
sRTP Gateway
TLS TLS
IP Phone IP Phone
sRTP
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75
Cisco Unified
Communications
Manager Security
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76
TLS
IP Phone
sRTP
Secure
TLS SRST
IP Phone
Allows Cisco IP phones to use TLS for signaling and sRTP for
media when in SRST mode
Prevents impersonation of SRST gateway and IP phones
Prevents falsification and eavesdropping of signaling and
RTP packets
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77
SRST Certificate
MIC LSC
SRST
IP Phone
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79
Imports certificate from the Secure SRST gateway over the network
Manual certificate fingerprint verification required
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80
Compare
SRST Certificate Manually
Certificates Entered
SRST Certificate SRST
TLS Two-way CAPF Certificate
Certificate Exchange
MIC Cisco CA
signed by LSC signed by CAPF Certificates
Check
Cisco CA Certificate’s
or
IP Phone Signature
LSC MIC signed by Cisco CA
signed by
CAPF
IP phone verifies received SRST gateway certificate against the one in its
configuration file
SRST gateway checks received IP phone certificate’s signature using
public key of issuer (Cisco CA or CAPF)
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83
Summary
Threats to Cisco Unified Communications
Loss of privacy
Loss of integrity
Impersonation
Denial of service
Cryptography
Symmetric and asymmetric encryption
HMACs
Digital signatures
PKI
Cisco Unified Communications Manager security features
PKI-enabled, certificate-based solution; CTL in IP phones
Signed phone loads, signed and encrypted configuration files
sRTP and secure signaling
SIP digest authentication
IPsec
Secure SRST
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85
Recommended Reading
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87
BRKCRT-2202
14370_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88