Date: Tue, 22 Aug 95 12:00:10 PST From: "tim" Message-Id: <9507228091.AA809118024@snail.rsa.com> Subject: Summary of Crypto in Firewalls Workshop Cryptography in Internet Firewalls Workshop Hotel Sofitel, Redwood Shores, CA August 14, 1995 Companies in Attendance: BlueLine Software, Inc. Checkpoint Software Cygnus Support Digital Pathways Exodus Communications, Inc. Gemini Computers, Inc. Harris Computer Systems Corp. Intel Corporation Intl. NW Svcs Milkyway Networks Network Systems Corporation RSA Data Security, Inc. Secure Computing Corp. Security Dynamics Security Services Semi-Custom Logic, Inc. Soliton Systems K.K. Sun Microsystems Labs, Inc. Telos Corporation Trusted Information Systems, Inc. UUNET Summary of Presentations. Comments from audience in square brackets []. I. Welcome - Jim Bidzos, President, RSA II. Advanced Cryptography - Tim Matthews - RSA - Security Services offered by cryptography - Algorithms (Symmetric, Asymmetric, Secret Sharing) - Constructs (Digital Envelopes, Digital Signatures, Password-based encryption, Secret Sharing - Key Management (Policies, Certificates) II. Recent Developments in Cryptography - Steve Dusse, Product Manager, RSA - Applications of Cryptography * desktop, client/server, peer-to-peer * clipper chip vs. emergency access - Export * gov't agencies involved * export process - Standards * Public Key Cryptography Standards (PKCS) * PKCS #11 - CRYPTOKI * Internet Standards (PEM, S/HTTP, SSL, S/.MIME, IPSec, DNSSEC) * Other standards (ANSI, CCITT, ISO, IEEE) - Current Events * U.S. Gov't - Clipper continues * State Gov't - Digital Signature Act (Utah, California pending) * Industry - widespread use of public key * Electronic Commerce - myriad payment mechanisms [Comment was made that export of Triple-DES allowed to a financial institution overseas. May be a precedent.] III. Customer Perspective - Jerzy Rub, Intel - Firewall Requirements (must haves) * strong encryption for firewall-to firewall, firewall-to-server, firewall-to-desktop * configurable key sizes * works with unmodified clients * controlled by Intel IS (no outside support) * works with SDI and Digital Pathways tokens and servers * logging and reporting * third party evaluation - Firewall Requirements (nice to haves) * supports other protocols (IPX, DECnet, Banyan) * generic API * good GUI * provides key management * comes with source [Additional comments from Jerzy: traveling employees need encryption; want ability to manage users by username, not IP address. Possible that all the above features may be overloading firewall] IV Internet Security Authentication Issues - Tommy Ward, Digital Pathways - Perfect World * Global X.500 directory, X.509 Certs in all apps. * IPng provides secure transport * public key crypto is ubiquitous, seamlessly integrated - Reality * no X.500 infrastructure * insecure OS, apps. * encryption is the exception, not the norm * IPng is off in the hazy future - Security Issues * Authentication * Confidentiality - Review of several authentication and encryption schemes * TACACS+, RADIUS protocols * authentication server integration * file-level and link-level encryption - Summary * need authentication standards, need to resolve conflicts * user authentication must be linked to message authentication and encryption [Customers uneducated about standards and issues of cryptography.] [Currently 1-2 million security tokens in use worldwide] [May be useful to keep authentication server separate from firewall. Most customers allow both dial-up and Internet access - authentication server can handle both. Need standard like TACACS+ or RADIUS accepted by all firewall vendors for easy integration.] V. An Implementer's Guide to IPSec Activities and Status, Ken Hardwick, Network Systems Corp. - IPSec Objectives * confidentiality and authentication for IP datagrams * host-to-host, host-to-security gateway, gateway to gateway - IPSec Security Evolution - Security Associations - IP Authentication Header - Keyed MD5 (RFC 1828) - Encapsulated Security Payload (RFC 1827) - ESP DES-CBC - Photuris - Early Implementations * AH + ESP * Photuris [Comment that firewall vendors probably more interested in tunneled encryption over transport encryption.] [IPSec not specific about encryption details using RSA.] [IPSec has no provision for exportable encryption.] VI. Public Key Distribution and Management with Secure DNS - Steve Lipner, TIS - Objectives - global availability, uniqueness, real-time access to keys - DNS overview - Secure DNS solution * secure DNS uses RSA digital signatures * inherits existing DNS structure * cryptographically verifiable bindings * root uses public/private key pair to sign and verify * zones sign the public key of their sub-zones - Security Infrastructure for Users * use Secure DNS with RFC822 e-mail address [Question of whether policy has been drafted to go along with technical infrastructure for users.] [Issue of how used in split DNS was brought up.] VII. SunScreen and SKIP, Bill Danielson, Sun - SunScreen * description of SunScreen SPF-100 * can do transparent encryption - SKIP (Simple Key Management for IP) * network-level encryption * sessionless protocol * selectable algorithms * source code will be available - Future Interests * packet vectoring * higher performance * end-node SKIP * certificate management [Question of overlap in IPSec and SKIP, and SKIP vs. Photurus.] [Sun plans to move Diffie-Hellman calculation into hardware.] VIII. Cryptography in Firewalls - Steve Lipner, TIS - Firewall Overview - Current Applications of Crypto * User Authentication (various security token/software schemes) * Firewall Encryption (hardware and software; manual key exchange) * PC to Firewall Encryption - Future Developments * Authenticate/Encrypt other protocols (HTTP, DB query) * Interoperate end-to-end * Automate key management * Integrate Key Management with user, system, Secure DNS - Opportunities for Standards * Virtual Network Perimeters (encryption, key dist, IPSec) * User Authentication (APIs, IPSec) [Need for modularity to change algorithms and security tokens] [TIS is using SWIPE, moving to IPSec] IX. Open Discussion - Poll of room showed half a dozen vendors with encryption in their firewalls - Some baseline of crypto services is desirable. This would allow firewalls from different vendors to interoperate. - Seems to be frustration on the part of users - no agreed upon standards and issues/standards are hard to understand. - Standards like SWIPE, SKIP, and IPSec exist. Vendors just need to get going and integrate. IPSec strong contender. - Possible to allow multiple options on install if vendors can't agree on standard protocol for encryption and authentication. - Users want at least security for FTP, Telnet, and POP mail from the road. - May be a role for TCP/IP stack vendors to help with remote user security. Some kind of crypto enabled stack. Network providers could sell this to users as a package. - Implementation Guidelines/Interoperability Testing * seems desirable * separate problem into 3 areas: encryption, key management, authentication * straw man for testing will be drafted * testing this fall and winter, maybe at IETF meeting in Dallas.