Patent Application
20240422139
Two entities (e.g., communication devices) on a network may, at times, require a secure channel to communicate with one another, while excluding other entities on the network. A virtual private network (VPN) protocol may be used to establish such a secure channel. An example of such a VPN protocol is the Internet Key Exchange, version 2 (IKEv2).
The IKEv2 protocol facilitates exchanging cryptographic keys between a pair of network devices. Once the keys are exchanged, the network devices use the keys to encrypt and decrypt network packets between that pair of devices. Each device will independently (e.g., via configuration) add what applications and users associated with the device should use the keys for encryption/decryption.
IKEv2 supports exchanging exactly one pair of keys between the two network devices. Once exchanged, the devices will use the single pair of keys to encrypt/decrypt all data packets that are authorized to use the key pair. This does not provide the desired granularity of a key per user/application access and instead supports a shared key. When this key pair is compromised, the security of all applications being accessed may be compromised.
The described embodiments support segmentation of data traffic via Cryptographic operation while using IKEv2 to exchange key pairs between a pair of network entities (communication devices). This approach allows each access to an application within the network entity to be associated with a unique cryptographic key, rather than being associated with a single shared key between the pair of network entities.
In contrast with the IKEv2 model alone, which uses one cryptographic key pair to encrypt all data passing between the two network devices, the described embodiments generate security keys per policy, which provides more granular security for accessing critical applications. This ensures that even if the security key associated with one of the applications is compromised, the other applications are safe, as they use a different Policy-Session-Key for their security.
The described embodiments (which may be referred to as “Cryptographic Micro-Segmentation”) facilitate granular security for enterprises to secure their data while decoupled from the infrastructure. The described embodiments provide a security overlay, by using encryption, that is agnostic to the network infrastructure. The described embodiments support compartmentalized mitigation of threats or security breaches rather than requiring a complete shutdown of communications.
Existing communication security systems can either do Micro-Segmentation (also known as Access Control List Policies or ACL), or device-to-device encryption, but not both. The described embodiments provide both functions in a single solution.
The described embodiments may also derive the existing IKEv2 key rotation functions to ensure that keys can be changed periodically between the network devices. Additionally, key rotation per policy may also be performed by a central management system.
In one aspect, the invention may be a method of establishing one or more secure data channels between network devices, comprising, by a management system, (i) configuring a first network device and a second network device to enable generation of a base key pair and exchanging the base key pair between the first network device and the second network device, (ii) generating a nonce corresponding to each of a plurality of policies, and (iii) distributing each of the plurality of policies and the corresponding nonces to the first network device and the second network device.
The method may further comprise receiving, from a user, information that defines one or more of the plurality of policies required to secure data traffic conveyed between the first network device and the second network device. The first network device may be a first endpoint device. The second network device may be a second endpoint device. The method may further comprise generating, by the management system, a unique key per policy of the plurality of policies. The method may further comprise distributing, by the management system, the unique key per policy of the plurality of policies to the first network device and the second network device.
The method may further comprise receiving, from a user, information that defines to which network device each of the plurality of policies should be applied. The method may further comprise configuring the first network device and the second network device to enable Internet Key Exchange, version 2 (IKEv2) protocol. The method may further comprise using a random number generator to generate the nonce corresponding to each of the plurality of policies.
In another aspect, the invention may be a management system for establishing one or more secure data channels between network devices, comprising a processor and a memory with computer code instructions stored thereon. The memory may be operatively coupled to the processor such that, when executed by the processor, the computer code instructions cause the management system to (i) configure a first network device and a second network device to enable generation of a base key pair and exchanging the base key pair between the first network device and the second network device, (ii) generate a nonce corresponding to each of a plurality of policies, and (iii) distribute each of the plurality of policies and the corresponding nonces to the first network device and the second network device.
The computer code instructions, when executed by the processor, may further cause a management system to receive, from a user, information that defines one or more of the plurality of policies required to secure data traffic conveyed between the first network device and the second network device. The first network device may be a first endpoint device and the second network device may be a second endpoint device. The computer code instructions, when executed by the processor, may further cause the management system to generate a unique key per policy of the plurality of policies.
The computer code instructions, when executed by the processor, may further cause the management system to distribute the unique key per policy of the plurality of policies to the first network device and the second network device. The computer code instructions, when executed by the processor, may further cause the management system to receive, from a user, information that defines to which network device each of the plurality of policies should be applied. The computer code instructions, when executed by the processor, may further cause the management system to configure the first network device and the second network device to enable Internet Key Exchange, version 2 (IKEv2) protocol. The computer code instructions, when executed by the processor, may further cause the management system to use a random number generator to generate the nonce corresponding to each of the plurality of policies.
In another aspect, the invention may be a non-transitory computer-readable medium with computer code instruction stored thereon. The computer code instructions, when executed by a processor, cause a management system to (i) configure a first network device and a second network device to enable generation of a base key pair and exchanging the base key pair between the first network device and the second network device, (ii) generate a nonce corresponding to each of a plurality of policies, and (iii) distribute each of the plurality of policies and the corresponding nonces to the first network device and the second network device.
The computer code instructions, when executed by the processor, may further cause the management system to receive, from a user, information that defines one or more of the plurality of policies required to secure data traffic conveyed between the first network device and the second network device. The computer code instructions, when executed by the processor, may further cause the management system to generate a unique key per policy of the plurality of policies. The computer code instructions, when executed by the processor, may further cause the management system to receive, from a user, information that defines to which network device each of the plurality of policies should be applied.
The foregoing will be apparent from the following more particular description of example embodiments, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating embodiments.
A description of example embodiments follows.
The teachings of all patents, published applications and references cited herein are incorporated by reference in their entirety.
The described embodiments implement segmentation of data traffic between network entities via cryptographic operation, and IKEv2 to exchange key pairs between a pair of network entities (communication devices). Each access to an application within the network entity is associated with a unique cryptographic key, rather than being associated with a single shared key between the pair of network entities.
The following definitions may apply to the embodiments described herein.
Network Device-A network device is an appliance that is present at the edge of the user network and is responsible for securing user data as it traverses the untrusted network between a pair of Network devices. The network devices are responsible for (i) exchanging cryptographic keys using IKEv2 protocol, (ii) enforcing user defined policies on network traffic, and (iii) encrypting and decrypting user network traffic based on the policies. Network devices can be hardware, virtual machines or software containers.
Internet Key Exchange v2 Protocol (IKEv2)—The IKEv2 protocol is a standards-based protocol, defined by the Internet Engineering Task Force (IETF), that may be used to exchange cryptographic keys between two network devices. IKEv2 implements a secure channel and exchanges keys in that secure channel. A key-pair, referred to herein as the IKEv2-key, is generated between a pair of network devices using IKEv2 application.
Central Management System—The central management system is a software application that is stored on and executed by a hardware computer or server device. The central management system allows users to configure the network devices in a way that will secure the network data. The central management system is responsible for (i) allowing users to define policies for securing traffic, (ii) applying the policies on the network devices, and (iii) enabling the network devices to perform IKEv2 key exchange protocol.
The central management system enables users to define policies that determine access between two network endpoint devices. Each endpoint may be an application running on a device (e.g., a web server, a database server, a network service, et al.) and/or a user device (e.g., a device such as a laptop, a mobile phone, a desktop computer, et al.). The central management system generates a unique key per policy (referred to herein as a “policy-key”), and distributes the policy-key to the two network devices associated with the policy.
The network devices operate as policy enforcement points. Using a predefined key derivation function, each network device combines the IKEv2-key and the policy-key to generate a session key for the policy (referred to herein as a policy-session-key). The policy-session-key is generated by each network device and stored on the data path lookup table of each network device. Any packet that arrives on the customer port, and is determined to match that policy, will now use the policy-session-key to encrypt the data traffic and wrap the encrypted data in an encapsulating security payload (ESP) and forward the ESP to the other network device.
In general, the described embodiments may utilize any rules known in the art for matching a packet to policy. On both clear and encrypted data, the selectors specified in a policy to match a packet can, for example, be one or more of (i) Ethernet VLAN Identifier, (ii) IPv4 source and/or destination addresses, (iii) IPv4 transport protocol type (For example, ICMP, TCP, UDP etc.), (iv) TCP or UDP source and/or destination ports, or (v) other IPv4 headers such as DSCP (Diff Serve Code point), or other such techniques known in the art.
The network device receiving the encrypted traffic on its network port will decrypt the packet using the same locally-generated Policy-Session-Key and forward the packet in the clear towards the customer port.
In an example embodiment, a user may access the central management system 106 to define security policies and to define where such security policies are to be applied (e.g., at the network devices N1102 and N2104). The central management system may configure N1102 and N2104 to enable IKEv2 protocol and subsequently perform key exchange.
To generate the base key (B1, B2), an IKEv2 daemon runs on the network devices N1102 and N2104, as is known to one skilled in the art. The network devices N1102 and N2104 communicate over the control channel to exchange the base keys (B1, B2). During this exchange, network device N2104 directs network device N1102 to use B2 for encrypting data to be transmitted to network device N2104, and network device N1102 directs network device N2104 to use B1 for encrypting data to be transmitted to network device N1102. Network device N2104 will accept data that was encrypted using B2, and network device N1102 will accept data that was encrypted using B1.
Referring to
Each network device N1102 and N2104 uses the base key (B1, B2) and the key nonce received from the central management system 106 to generate a session key (S1, S2).
KDF[(K1P,K2P)]→(S1P,S2P)
The network devices N1102 and N2104 use the session key (S1P, S2P) to encrypt and decrypt the traffic that matches the policy P. That procedure is described as below.
Referring to
To summarize, assuming a given policy P:
Both network devices N1102 and N2104 will generate the same S1P and S2P independently as both are using the same Base Key, Key Nonce associated with policy P, and KDF. In some embodiments, a specific KDF may be distributed along with the key nonce, to provide an extra level of “uniqueness” to the session key. Doing so may require an intruder to ascertain three variables (i.e., KDF, key nonce, and base key) to break the micro-segmented encryption. Further, although for simplicity, the example embodiments show a common KDF being used for each session key generation, other embodiments may more than one KDF, for example a different KDF for each policy.
In an example embodiment of applying a policy P at N1102, a packet arrives on N1102 from the trusted network and needs to traverse the untrusted network between the network device N1102 and network device N2104, and so needs to be secured. Network device N1102 evaluates the packet against a user defined policy by performing a lookup using the packet match rules. If the incoming packet matches a rule, and the rule is associated with an encrypt Session Key (e.g., S2P) then N1 will encrypt the packet with the session key S2P. Network device N1102 forwards encrypted packet on to the untrusted network towards the network device N2. Network device N2 receives the packet from the untrusted network and identifies that it is an encrypted packet. Network device N2 performs a lookup using the packet match rules. If the incoming encrypted packet matched a rule and the rule is associated with a decrypt session key (S2P) then N2 decrypts the packet with the session key S2p. If decryption is determined to be successful, N2 will forward the packet on to the trusted network.
In an example embodiment of applying a policy P at N2104, a packet arrives on N2104 from the trusted network and needs to traverse the untrusted network between the network device N2104 and network device N1102, and so needs to be secured. Network device N2104 evaluates the packet against a user defined policy by performing a lookup using the packet match rules. If the incoming packet matches a rule, and the rule is associated with an encrypt Session Key (e.g., S1P) then N2 will encrypt the packet with the session key S1P. Network device N2104 forwards encrypted packet on to the untrusted network towards the network device N1. Network device N1 receives the packet from the untrusted network and identifies that it is an encrypted packet. Network device N1 performs a lookup using the packet match rules. If the incoming encrypted packet matched a rule and the rule is associated with a decrypt session key (S1P) then N1 decrypts the packet with the session key S1P. If decryption is determined to be successful, N1 will forward the packet on to the trusted network.
In an example embodiment, a user may define multiple policies (e.g., P1, P2, . . . . PN) with different selectors (non-overlapping). The central management system 106 generates a unique key nonce for each policy. For example, key nonce for policy P1 may be (K1P1, K2P1), key nonce for policy P2 may be (K1P2, K2P2), and so on through policy PN of (K1PN, K2PN).
The central management system 106 then distributes the policy and associated key nonce binding for all policies (i.e., P1, (K1Pi, K2Pi), for all i from 1 to N) to the network devices N1102 and N2104. N1102 and N2104 use IKEv2 to generate the base key (B1 and B2). N1 and N2 independently generate the session key for each policy by using the policy's key nonce, base key and the KDF.
In a secure environment, it is important to rotate security keys so that they cannot be guessed by assigning sufficient compute power against encrypted data. The IKEv2 protocol uses a native mechanism to rotate keys periodically. Thus, in the described embodiments, IKEv2 will periodically rotate the values of the base key (B1, B2). When network devices N1102 and N2104 detect the updated value for base key (B1, B2), both devices will re-compute the session keys for all policies that according to the updated base key, and re-determine the new session keys for encrypt and decrypt functions according to the updated base key. Incoming packets that are matched to policy rules, as described herein, will the perform encrypt and decrypt functions using the new session keys.
While example embodiments have been particularly shown and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the embodiments encompassed by the appended claims.
This application is a continuation of U.S. application Ser. No. 17/657,211, filed Mar. 30, 2022, which claims the benefit of U.S. Provisional Application No. 63/168,072, filed on Mar. 30, 2021. The entire teachings of the above applications are incorporated herein by reference.
| Number | Date | Country | |
|---|---|---|---|
| 63168072 | Mar 2021 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 17657211 | Mar 2022 | US |
| Child | 18816442 | US |
