Category Archives: Security

Researchers suspect NSA as FBI probes Juniper back door vulnerability

Some are suggesting American Secret Service  has created a backdoor in an American vendors products – popularly installed in American government offices for connections to the Internet.

Not only that but the devices themselves affected – are supposed to be security devices – is the state now at threat from this hack?

As CRN states….”Just shy of a week after Juniper revealed vulnerabilities in its firewall operating system, partners said a document saying that the NSA exploited the flaws to gain backdoor access to VPN connections has them concerned. The document, provided by whistleblower Edward Snowden and published Wednesday by The Intercept, indicates that the NSA has cooperated with British counterpart GCHQ to exploit vulnerabilities in Juniper NetScreen firewall devices running the ScreenOS operating system.”

The tech World is astounded!

nsa offices
nsa offices

Further Information here

The equipment in question is coomonly known as Netscreen or ScreenOS firewalls of the SSG ISG range

juniper
juniper

 

Juniper Secure Access: Understanding ECC Certificates

Understanding ECC Certificates

Public-key cryptography is a cryptographic system that requires a secret key and a public key that are mathematically linked with each other. One key encrypts the plain text while the other decrypts the cipher text. RSA is the most widely used public-key algorithm.

Elliptic Curve Cryptography (ECC) were introduced as an alternative to RSA in public key cryptography. One advantage of ECC over RSA is key size versus strength. For example, a security strength of 80 bits can be achieved through an ECC key size of 160 bits, whereas RSA requires a key size of 1024. With a 112-bit strength, the ECC key size is 224 bits and the RSA key size is 2048 bits.

The most popular signature scheme that uses elliptic curves is called the Elliptic Curve Digital Signature Algorithm (ECDSA). The most popular key agreement scheme is called Elliptic Curve Diffie-Hellman (ECDH). An ECDH exchange is a variant of the Diffie-Hellman (DH) protocol and is an integral part of the Suite B cryptography standards proposed by the National Security Agency (NSA) for protecting both classified and unclassified information.

About Suite B

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Because a single encryption algorithm cannot satisfy all of the needs of the national security community, NSA created a larger set of cryptographic algorithms, called Suite B, which can be used along with AES in systems used by national security users. In addition to AES, Suite B includes cryptographic algorithms for hashing, digital signatures, and key exchanges.

Per RFC 6460, to be Suite B TLS 1.2 compliant the server and client should negotiate with the following ciphers:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

RFC 6460 also lists a transitional Suite B profile for TLS 1.0 and TLS 1.1. Clients and servers that do not yet support Suite B TLS 1.2 should negotiate with the following ciphers:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

There is no special configuration to ensure that Secure Access Service and Access Control Service negotiates Suite B ciphers. However, the following general steps should be performed to enable Suite B compliance:

  • An ECC certificate signed by an ECC Root CA is associated with a network port.
    • A P-256 CSR is signed by either a P-256 or P-384 Root CA.
    • A P-384 CSR is be signed by a P-384 Root CA.
  • Manually enable only AES128 and/or AES256 custom ciphers.
Note: Secure Access Service and Access Control Service cannot be configured to allow only Suite B ciphers.

Using ECC Certificates with Secure Access Service and Access Control Service

ECC certificates are currently supported only on the MAG and virtual appliance platforms. As with RSA certificates, ECC certificates are associated with a network port. You can create multiple virtual ports on the server with each port supporting a specific certificate. For example, external virtual port 1 can use a 1024-bit RSA while external virtual port 2 uses ECC P-256 and external virtual port 3 uses ECC P-384. Only clients that support ECC cipher suites can connect to the web server on that network port.

When an Elliptic Curve Cryptography (ECC) certificate is associated with a network port, only clients that support ECC cipher suites can connect to the Web server on that network port.

Except for the key and certificate generation process, the use of ECC certificates is basically the same as using RSA certificates.

Published: 2013-11-15
Client Verification

Click the lock icon located at the end of the address bar and then click the View Certificate link

SSL

Click the Details tab and scroll down until you see the Public key field. In this example, the public key value is ECC (256 Bits) which matches the server port p3 certificate.

ECC cert

 

CESG IPSEC Guides (2013) & Juniper Appliances

cesg

About CESG

CESG protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia.

CESG IPSEC GUIDES

CESG have produced some guidance for IPSEC VPN’s – guidance adhered to by government departments & associated bodies.

  • Version2.1 CESG IPSEC Security Gateway Guide can be found on the CESG site
  • Version 2.3 CESG IPSEC VPN FOR REMOTE WORKING – SOFTWARE CLIENT Guide can be found on the CESG site

Juniper MAG Devices with Juniper Pulse Secure Access Service

The Juniper Pulse Secure Access Service running version 7.4+ software on a Juniper MAG device can be used for CESG IPSEC VPNs which supports ECDHE Ciphers & IKEv2

A caveat is that MAG devices don’t support FIPS level 3 compliant cryptographic modules – but FIPS is not referenced directly in the guide.

ECDHE Ciphers supported by SA

With Elliptic-Curve Cryptography (ECC) certificates:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

With RSA Certificates:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

IKEv2 Clients

Any IKEv2 Client can be used for CESG IPSEC eg:

About IKEv2

CESG IPSEC refers to use of IKEv2. More information can be found on the Juniper Website. Also please note the following:

  • On the Juniper SA/MAG Device – IKEv2 does not support automatic cluster failover. After cluster failover, IKEv2 users must reconnect to Secure Access Service.
  • On the Juniper SA/MAG Device -IKEv2 uses UDP port 500 with Juniper Pulse Secure Access Service.

Notes about use with Certificates

For IKEv2 with client certification authentication to work with Windows 7 IKEv2 client, the certificate imported in to Secure Access Service must have the enhanced key usage (EKU) value set to serverAuth(1.3.6.1.5.5.7.3.1)

Also ECC certificates are currently only supported on MAG and Virtual Appliance platforms, they are not usable on SAx500 devices.  See Chapter 32, Elliptic Curve Cryptography, in the 7.4 or later Admin Guide for more details on these certificates and setting custom cipher options.

FIPS level 1 Supported Platforms

  • The following platforms support FIPS level 1:
    • Junos Pulse Gateway MAG2600
    • Junos Pulse Gateway MAG4610
    • Junos Pulse Gateway MAG6610
    • Junos Pulse Gateway MAG6611
    • Junos Pulse Gateway MAG-SM160
    • Junos Pulse Gateway MAG-SM360
    • Secure Access Service and Access Control Service virtual appliances

More info here

FIPS  Level 3 Supported Platforms

  • Juniper SA4500 FIPS
  • Juniper SA6500 FIPS
Note
  • FIPS Level 3 refers to a Cryptographic Hardware Security Module
  • You cannot run FIPS level 1 support on a hardware FIPS platform such as the SA4500/6500 FIPS SSL VPN Appliance
  • SA4500/6500 FIPS SSL VPN Appliances do not support newer ECC certificates.

The last point leaves a conundrum – go with MAG and have a higher encrypted channel across the Internet or go with SA and have a weaker encrypted channel & a higher protected stored private key.