Group Encryption. The key to protecting data in motion BLACK BOX blackbox.com

Transcription

1 The key to protecting data in motion BLACK BOX blackbox.com

2 Table of Contents Introduction... 3 Why data encryption?... 3 Types of data encryption... 4 The problem with IPsec... 5 The group encryption solution... 6 Group encryption architecture... 7 Group encryption applications... 9 Conclusion...10 About Box...10 We re here to help! If you have any questions about your application, our products, or this white paper, contact Box Tech Support at or go to blackbox.com and click on Talk to Box. You ll be live with one of our technical experts in less than 30 seconds blackbox.com Page 2

3 Introduction Anyone who reads the headlines knows why it s important to protect data. Data in motion over public networks such as the Internet or a shared MPLS network is particularly vulnerable to theft because there is no way to secure these networks. Data encryption is a valuable tool for protecting data but can often come at the cost of decreased efficiency. This white paper examines encryption methods available for protecting data in motion and explains why group encryption via dedicated encryption appliances may be the most effective way to ensure data safety without affecting network performance or placing excessive demands on IT staff. Why data encryption? Consequences of intercepted data In today s world, data encryption isn t an option, it s necessary to fight the growing threat of data theft. Almost every organization has data to protect: Credit-card numbers Social Security numbers Medical records Sensitive company information Financial statements Private correspondence and personal information The number of data breaches increases every year, and data theft can be devastating to any organization. Most organizations, recognizing that prevention is far less costly than a data breach, are now budgeting for data encryption. Regulatory compliance Many industries face increased regulatory pressure to protect their data. Regulations such as HIPAA and PCI require that files be secured when stored on the network and while in transit, leading to a need for encryption services. Data on public networks Organizations often use public networks such as the Internet or MPLS service for data transfer because they offer clear advantages in performance and cost effectiveness over private data lines. As convenient as these networks are, however, they leave data vulnerable. The Internet is, in every sense, a public network. Anyone and everyone is on it, making it a hotbed for all kinds of scam and hacking activity. Professional hackers from around the world are available for hire as sort of high-tech hit men. Secrets aren t secret on the Internet unless they re securely encrypted. Organizations using a Multiprotocol Label Switching (MPLS) network may believe that encryption is not needed because the network is marketed as private. Because MPLS is really a shared network that mimics privacy by logically separating data with labels, the logical separation offered by MPLS isn t secure and isn t adequate for data protection. A private MPLS link actually traverses a network that also carries traffic from thousands of other users, including traffic from other carriers. Protecting data in motion has become a high priority as more organizations realize how easy it is for attackers to pick data from the stream. With more companies facing the real and growing threat of data theft, along with increased regulatory pressure to protect their data, encryption of data in motion has gone from a nice-to-have technology to a necessity blackbox.com Page 3

4 Types of data encryption Symmetric-key encryption In symmetric-key encryption, each computer has a secret key, which is a kind of code that it uses to encrypt information before it s sent to another computer. The other computer, which has the same key, which it uses to decrypt the data. Because symmetrickey encryption requires that the same key be installed on each computer, it requires pre-knowledge of which computers will be communicating. The Data Encryption Standard (DES) is an older symmetric algorithm, created in the 1970s, which uses a 56-bit key. Although a 56-bit key offers more than 7 x possible combinations, security experts no longer consider DES to be secure because today s faster computers can easily crack it by using a brute-force attack to try every possible combination. DES has since been replaced by the Advanced Encryption Standard (AES), which uses larger 128-, 192-, or 256-bit keys, which are much harder to crack. A 128-bit key, for instance, has more than 3 x key combinations Asymmetric encryption The primary weakness of symmetric-key encryption is that two sites that don t have a previous relationship and thus don t have the same key, can t communicate with each other securely. The solution to this problem was asymmetric encryption, also known as public-key encryption, which uses two different keys to encrypt data: a private key and a public key. The private key is kept by one computer, which gives a public key to any computer that wants to communicate securely with it. The key to public-key encryption is that the encrypting key is different from the decrypting key one key is used to encrypt a message, and another, different key is used to decrypt it. With asymmetric encryption, users can send a private message without providing the receiver with a secret key, even if they had never before communicated with the receiver in any way. Public-key encryption is based on prime numbers. It s easy to multiply primes together, but very difficult to take the resulting product and reduce it back to the original primes. This kind of one-way function, called a trap door, is at the heart of asymmetric encryption. Because there is an essentially infinite supply of prime numbers, there is a near infinite number of keys, making asymmetric encryption very secure. When public-key encryption is implemented on a large scale, for instance in servers that process a large number of credit-card transactions, digital certificates come into the picture. A digital certificate is a unique number that proves that a Web server is trusted by an independent source known as a certificate authority, which acts as a middleman and provides public keys for the transaction. IPsec VPN Internet Protocol Security (IPsec) is used to authenticate and encrypt IP packets during a communication session on an IP network, such as the Internet. IPsec is often used to establish virtual private networks (VPNs) called VPN tunnels in which packets are authenticated, encrypted, and encapsulated for transport. VPN tunnels work point-to-point to connect hosts to hosts, hosts to networks, or networks to networks. With today s IP-based networks, the data-in-motion standard is IPsec for data packet protection and Internet Key Exchange (IKE) for point-to-point key management. When IKE is used for key management, a connection is initiated, each endpoint authenticates the other, and the peers negotiate symmetric keys for the connection. The result is a point-to-point secure tunnel through the network. However, companies that have deployed IPsec VPNs across their network have discovered that, while this is a great mode of data protection, the deployment and management of VPN tunnels is difficult, time consuming, and largely incompatible with other network requirements, such as flexibility, performance, and intelligent traffic routing blackbox.com Page 4

5 The problem with IPsec Protecting data in motion has been a best practice since the introduction of networking. As networking technologies have advanced, so has the technology used to secure data in motion. Although IKE is an effective means of exchanging keys between two endpoints, it only works between two endpoints. IPsec packet protection requires the configuration of traffic policies at each endpoint or gateway for all potential destinations. For each connection, the algorithms for protection, authentication, key exchange, gateway addresses, and numerous other parameters must be defined. Each end of the tunnel must have the same configurations or the IKE negotiation will fail. In configuring an IPsec deployment, most systems require each unit to receive a painstakingly generated set of policies carefully crafted and manually installed on each system. In other words, IKE-based IPSec is hard to maintain, which costs you money. The point-to-point nature of IKE-created IPsec tunnels precludes the effective use of IPsec for multicast traffic, latency-sensitive applications, and multipath data flows. This characteristic also often causes administrators to try to avoid tunnels between each pair of endpoints by aggregating traffic to a central hub where it s redistributed. This causes unnecessary traffic hairpins with increased network latency as traffic is encrypted and decrypted at the aggregation point and then sent to its destination. Point-to-point tunnels have an inherent scalability problem. The number of point-to-point tunnels required to achieve full-mesh connectivity for n nodes is approximately n 2. In other words, for a network with 100 nodes, approximately 10,000 point-to-point tunnels are required. Each tunnel requires CPU and memory resources to set up and maintain. As WANs grow, resource requirements quickly become significant and limit the overall router performance and scalability. In addition to VPN tunnel setup and maintenance requirements, the router must consider each policy rule for each incoming and outgoing packet (policy rules specify which tunnel and which encryption keys to use). This creates CPU load from tunnel setup and maintenance and performing the encryption, plus policy lookup puts a heavy burden on the CPU. In this scenario, there s a high likelihood of configuration errors while performing such a large task loading, reviewing, and monitoring of the thousands of policies on each machine can quickly become overwhelming to a network administrator. IKE is most often deployed on routers, which does not allow the security team to have any control over security policies or encryption keys. Only by taking security out of the router and deploying it on a separate device, and by providing role-based access to security administrators, can the security team have effective control and responsibility for network security. The point-to-point orientation of IKE-created IPsec tunnels also makes provisioning, status monitoring, and error detection problematic, because there s typically no centralized management for the secured network. This also makes auditing the secure network a challenge. Encryption often gets the blame for poor network performance because it consumes bandwidth, causes latency, and can be time consuming to manage. On closer examination, however, the issue is not the encryption itself, but the setup and management of the encryption and the artificial constraints that many encryption solutions impose on the network blackbox.com Page 5

6 The group encryption solution Because of the management costs and performance issues associated with IPsec and IKE, the solution is a policy- and key-management encryption device designed specifically for network encryption. A purpose-built group encryption solution greatly reduces configuration complexity, removes the challenge of scale, and eliminates the limitations for multicast or multiple path encryption. Group encryption: Distributes keys efficiently using group keying to allow any-to-any encrypted and authenticated communication among group members. Expands IPsec protection to multicast and multiple nodes through group keying with centralized management of keys and policies. Simplifies management through centralized, straightforward policy definition, distribution, and management. Provides maximum security and network uptime with reliable and scalable key and policy distribution and regular key rotation. Separates security from the router and provides role-based access control to allow the security team to control keys and policies while allowing cost-effective outsourcing of network management functions. Uses IPsec standards-based packet formats and FIPS validated AES-256 encryption to provide Layer 2 Ethernet encryption, Layer 3 IP encryption, or Layer 4 payload-only encryption. Duplicates the inner IP address to the outer IPsec header to preserve routing information. Group Enryption With encryption, any group memeber can communicate securely with any other group member without the need to establish IPsec VPN tunnels. Network with encryption appliance Network with encryption appliance Network with encryption appliance Internet or other IP network Network with encryption appliance Network with encryption appliance In group encryption, all encryption and authentication keys are generated centrally, encrypted, and securely distributed to all authorized group members, usually to a dedicated encryption appliance. Group encryption avoids point-to-point tunnels and their associated configuration and maintenance headaches by distributing the encryption keys to all group members, so that any group member can communicate securely with any other group member. Group encryption is versatile because all encryption appliances in the network can be defined as a single group so that any site can send and receive encrypted data to and from any other site. Each site in the group has the shared group key, so all the sites in the group can communicate any group member can receive and decrypt the traffic. Network administrators can also segment the network into trust zones. This isolates areas of the network that are particularly sensitive from the rest of the network. Group encryption is a major technological advancement over tunnel-based IPsec or Layer 2 encryption-only solutions because it can support encryption across Layer 2 Ethernet, Layer 3 IP, and Layer 4 payload-only. Group encryption supports encryption across the Internet or private networks with multiple carriers, It separates encryption from the router to provide network encryption that can be controlled by the security team without affecting applications and services. It can perform authentication on a packet-by-packet or frame-by-frame basis blackbox.com Page 6

7 Group encryption architecture Group encryption is generally based on purpose-built encryption appliances deployed to all linked sites. These encryption appliances are under the control of a central manager. Group policies specify what traffic to secure, how to secure it, and which enforcement points should use the rule. Group policies also specify which encryption and authentication algorithms to use and how often to rotate the keys. The central manager generates keys and securely distributes the keys and group policies to encryption appliances. Group management Encryption appliances can be organized into multiple groups that can be managed from a single central manager. Group A: Keys are refreshed daily Encryption appliances Central manager Management server Group B: Keys are refreshed hourly Encryption appliances Certificate exchange is used to authenticate the central manager and prevent man-in-the-middle attacks. A username and a password are required to log into the central manager, which securely distributes keys and policies to the encryption appliances using SSL (TLS) encrypted and authenticated sessions, with optional bilateral authentication both sides check the certificate of the other side to prevent man-in-the-middle attacks. Group policies are defined according to the organization s security requirements. The whole network can be encrypted using one shared key, or unique keys can be allocated to separate groups to cryptographically segment the network. Each group policy specifies: The group of encryption appliances to which the policy applies. Which traffic to encrypt.. Policy action: encrypt, pass in the clear, or drop. The re-key period. Encryption and hash algorithms. Whether the key-generation technique used is per group or global. A central manager makes it easy to deploy policies by automatically checking the policies for mistakes and by showing the network administrator which elements will be affected by a policy change before the change is made. Policies may also be saved so they can be recovered in case policies are changed back or a mistake is made blackbox.com Page 7

8 Role-based access control Central management in a group encryption system should offer role-based access controls that provide separate roles for security control and network management. For instance: Administrator Policy Creator Policy Deployer Appliance Administrator Appliance Operator Each user may be assigned one or more of these roles. By using roles to separate duties among personnel, organizations can follow security best practices and even outsource some network management tasks while retaining control of security-critical responsibilities. Multicast network traffic Group encryption is suited for encrypting multicast traffic. Traffic encrypted with a group key can be decrypted by all group members without re-encapsulating it or rekeying it for each individual destination with a unique key. Encryption groups can easily be created for multicast video or VoIP without adding measurable latency or jitter, and without the need to modify native traffic flows. Key rotation The central manager in a group encryption system automatically performs key rotation for all encryption appliances in the network by generating new keys and distributing them to the appliances. Key updates can be set to occur at specified intervals or at specific times. Frequent key rotation makes it much more difficult for an attacker to decrypt the data. A brute force attack on encrypted data only exposes data sent during a single rekey period. After keys are rotated, an attacker needs to start over. High availability Group encryption operates continuously with the central manager generating new keys and resending any failed rekey messages. It s easy to build redundancy into the system. For instance, the central manager can be installed on a cluster of servers, so any cluster node can fail without affecting the rekey schedule. If the main site fails, a disaster recovery site with a central manager in place can rekey the network and take over scheduled rekey operations automatically until the main central manager returns to active status. Group encryption payload Group encryption makes it possible to deploy transparent encryption over any infrastructure or topology. This is possible if only the payload portion of a frame or packet is encrypted, leaving the header information in the clear. Group encryption can encrypt at Layer 2 (Ethernet), Layer 3 (IP), or Layer 4 (IP), so it works transparently with all IP networks, even MPLS-based services such as IP VPN and Metro Ethernet services such as E-LAN and E-Line. With group encryption, standards-based IPsec packet formats are used for Layer 3 (IP) encryption and authentication, preserving the original IP header, rather than appending a tunnel IP address when encrypting the entire IP packet. This allows the encapsulated packet to be sent through the network intact. Group encryption uses header and packet formats that are similar to the IPsec standard formats for Layer 2 and Layer 4 encryption and authentication. Standard algorithms are used for encryption and authentication: FIPS validated AES-256 for encryption and FIPS validated HMAC-SHA-1-96 for authentication, as well as other algorithms blackbox.com Page 8

9 Group encryption applications Layer 2 WAN encryption Organizations using Layer 2 technologies such as metro Ethernet or VPLS for their WAN are often forced to deploy point-to-point encryption solutions, or worse, introduce latency-inducing Layer 3 VPNs to secure their data in motion. Group encryption enables companies to secure their data with an encryption solution that can secure any Layer 2 topology, including multipoint-tomultipoint or mesh. Group encryption allows policies based on VLAN IDs, enabling companies to cryptographically segment their VLANs. Because authentication is a critical component of security, group encryption provides authentication for each encrypted packet and frame. Layer 3 WAN encryption Layer 3 encryption over IP or MPLS networks enables organizations to secure their data across the WAN using group encryption policies that mirror their WAN transport topologies and application flows, providing transparent data privacy and regulatory compliance without changes to existing infrastructure. Layer 4 encryption Group encryption can support Layer 4 encryption, which encrypts only the payload in a packet, leaving the headers intact. Because the headers are intact, data looks unencrypted, so it can pass through NAT devices and doesn t interfere with network optimization and high-availability features such as load balancing, traffic engineering, and fast failover. VoIP/multicast video Although VoIP and multicast video are two of the fastest-growing network applications, both are very susceptible to latency and jitter. Organizations recognize the need to secure these applications, but performance concerns often lead to these applications operating in the clear. With group encryption, VoIP and video can be secure and reliable. Data centers and private clouds Group encryption makes it easy to encrypt data traveling in and out of data centers and private clouds. By creating encrypted groups and setting a permit by encryption group association policy, enterprises can not only protect their data in motion, they can also ensure that the data was not modified in transit because group encryption authenticates on a packet-by-packet basis. In addition, the wire-speed capabilities of encryption appliances make it possible to discard unauthorized packets at wire speed, helping to prevent denial-of-service attacks. Encryption as a Service (EaaS). Layer 4 group encryption enables service providers to add encryption service without altering existing network infrastructure or modifying customer-premise equipment. Leaving Layer 4 headers in the clear ensures that this service doesn t impact service level agreements that use Layer 4 information to shape or monitor traffic. Public Internet and multicarrier Group encryption s ability to create flexible policies that meet the requirements of any network is unique among network encryption solutions. Group encryption can support multiple network layers, using Layer 2 Ethernet, Layer 3 IP, or Layer 4 payload-only encryption to work in a variety of network environments, including a mix of public and private addresses or a multicarrier environment blackbox.com Page 9

10 Conclusion Although it does require an additional network device in the form of a dedicated encryption appliance, the advantages of group encryption outweigh this factor. Group encryption offers many advantages, including: Time savings Because group encryption sets up quickly without the need to establish VPN tunnels between each pair of nodes, it s an ideal encryption solution for organizations with limited IT staff. Transparency Group encryption supports Layer 4 encryption, which is transparent to both applications and network operations. Centralized management Even very large WANs with multiple remote sites can be managed from one interface, making it fast and easy to re-key the network, change groups, or change security policies. Line-speed performance Group encryption doesn t slow network traffic by adding latency or jitter, so time-sensitive applications such as VoIP continue to perform flawlessly. Scalability With group encryption, adding a new site requires little more than adding an encryption appliance. Versatility Encryption policies can based on IP addresses, port numbers, protocol IDs, or VLAN tags can quickly change depending on network requirements. About Box Box Network Services is a leading networking and connectivity solutions provider, serving 175,000 clients in 150 countries with 200 offices throughout the world. The company provides an extensive range of products including network security products such as network access control (NAC) and encryption solutions. The company s encryption solution, EncrypTight, provides transparent WAN encryption with no VPN tunnels. More information is available at blackbox.com/go/encryptight. Box also offers network switches, media converters, Ethernet extenders, and wireless solutions, as well as cabinets, racks, cables, connectors, and other data infrastructure products. To learn more, visit the Box Web site at Copyright All rights reserved. Box and the Double Diamond logo are registered trademarks, and EncrypTight is a trademark, of BB Technologies, Inc. Any third-party trademarks appearing in this white paper are acknowledged to be the property of their respective owners. WP00049-Encryption_v blackbox.com Page 10