Forwarded from: Elizabeth Lennon <elizabeth.lennon@private> ITL Bulletin for July 2005 PROTECTING SENSITIVE INFORMATION THAT IS TRANSMITTED ACROSS NETWORKS: NIST GUIDANCE FOR SELECTING AND USING TRANSPORT LAYER SECURITY IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Technology Administration U.S. Department of Commerce The protection of sensitive information that is transmitted across interconnected networks is an essential part of an organization's integrated program for the security of information and information systems. Management, operational, and technical controls are needed throughout the organization to protect information and information systems from threats of all kinds. New guidance recently issued by the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) helps federal and private sector organizations select and use technical controls at the transport layer of a layered communications protocol stack. Transport layer security (TLS) can be implemented and used effectively to authenticate network servers and clients, and to protect the confidentiality and integrity of data that is exchanged between two communicating information technology (IT) applications. Background on Transport Layer Security (TLS) Technical controls implemented at the transport layer of a communications protocol stack can protect sensitive information during electronic dissemination across the Internet. The TLS protocol (TSL 1.0) is a voluntary industry standard (RFC 2246) that was developed by the Internet Engineering Task Force. TSL 1.0 is based on the Secure Sockets Layer Version 3.0 (SSL 3.0), which had been developed originally by Netscape Corporation. These protocols are part of the seven-layer model (also known as the seven-layer stack) that provides for communications operations between applications running on disparate computing systems on the Internet. The seven-layer model defines the layers of computer communications services, which are provided by a protocol stack. The transport layer is frequently used to provide connection-oriented services between applications running on hosts that are on interconnected networks. The layering of communications protocols enables systems developers to design new communication systems using already defined services, protocols, and specific communication requirements within each layer of the stack. Each protocol layer of the system that is transmitting information through the network communicates with the corresponding layer of the stack on the system that receives the information. Within the communications stack, the internal mechanisms of each layer generally are independent of each other layer. Placement of security services and the implementation of the security mechanisms within the stack are specific to each individual layer of the stack. The seven-layer model does not explicitly define where security services are to be placed, and there has been considerable discussion about the correct placement of security services and other implementation mechanisms. These discussions will continue as new standards are developed to meet the communications needs of users, local and wide area networking vendors, Internet service providers (ISPs), and World Wide Web (Web) application designers. In this model, the telephone lines, network routers, firewalls, and other network components that comprise the underlying structure of the network are usually not under the control of the end user's client software or of the server's application software. In the typical Internet architecture, the Transmission Control Protocol/Internet Protocol (TCP/IP) stack provides for the transmission of packets through complex arrangements of local, wide, or metropolitan area or globally connected sets of inter-networking or intra-networking technology. Protocols below IP include, for example, local area network (LAN) protocols or other link protocols such as dial up, or directly connected modems, fiber optic links, or satellite links. Security services are needed to protect data privacy and data integrity, and to assure the authentication of the server and the end user. The TSL 1.0 specifications use cryptographic mechanisms, including encryption of data, message authentication codes, and public key cryptography-based digital signatures, to implement the security services and to establish and maintain a secure TCP/IP connection. Secure connections prevent eavesdropping, tampering, or message forgery. Protocol options must be selected and used by both clients and servers in order to achieve communication security at the transport layer. The transport layer is not the only place in this architectural model where these security services can be provided. In overall security design, the transport layer is only a small portion of the network, and it alone cannot provide complete network security. Security involves an integrated and complex set of related properties that work together to protect information and systems. NIST Special Publication (SP) 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations: Recommendations of the National Institute of Standards and Technology NIST has issued new guidelines to help organizations select and implement transport level security, making effective use of Federal Information Processing Standards (FIPS)-approved cryptographic algorithms and open source technology. Written by C. Michael Chernick (NIST), Charles Edington III (Booz Allen Hamilton), Matthew J. Fanto (NIST), and Rob Rosenthal (Booz Allen Hamilton), the guide advises organizations how to use authentication, confidentiality, and integrity mechanisms to protect information at the transport layer. Authentication mechanisms provide assurance of the identity of the sender or receiver of information. The confidentiality mechanisms provide assurance that data is kept secret and prevent eavesdropping. The message integrity mechanisms detect any attempts to modify data and prevent deletions, additions, or modifications of data. NIST SP 800-52 explains the concepts of security in the layered communications architecture in general, and in the transport layer in particular. The security options in selecting an encryption method, or cipher, and communications protocols are explained, and recommended selections are discussed. Tables are provided for mapping the security parts of TLS to FIPS, and for recommended client and server cipher suites. The reference section includes documents, publications, and organizations that provide extensive information on many aspects of transport layer security. While primarily designed to help federal agencies achieve more secure information systems, other activities including state, local and tribal governments, and private sector organizations should find the guide useful in selecting transport layer security implementations. NIST SP 800-52 and other publications dealing with controls and procedures needed for secure systems are available from the NIST Computer Security Resource Center at: http://csrc.nist.gov/publications/nistpubs/index.html. NIST SP 800-52 and FISMA Requirements NIST SP 800-52 is one of the guidelines developed by NIST to help federal agencies implement their responsibilities under the Federal Information Security Management Act (FISMA). FISMA requires that all federal agencies develop, document, and implement agency-wide information security programs to protect the information and information systems that support the operations and assets of the agency, including those systems provided or managed by another agency, contractor, or other source. Under Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, federal managers of publicly accessible information repositories, or of dissemination systems that contain sensitive but unclassified data, are required to ensure that sensitive data is protected. The protection mechanisms used should be in accordance with the risk and magnitude of the harm that would result from the loss, misuse, or unauthorized access to or modification of such data. Security requirements are usually derived from an assessment of the threats or potential attacks that an adversary could mount against a system. Threats to systems take advantage of implementation vulnerabilities found in many system components including computer operating systems, application software systems, and the computer networks that interconnect them. Security within the network is just one consideration in establishing an effective information security program. NIST SP 800-30, Risk Management Guide for Information Technology Systems, describes the management process to analyze and balance the operational and economic costs of protective measures and to protect the IT systems and data that support the organization's mission. Special Publications and Federal Information Processing Standards (FIPS) mentioned in this bulletin are available in electronic format at: http://csrc.nist.gov/publications/nistpubs/index.html. Guidance in Implementing Transport Layer Security NIST recommends that organizations consider the following issues when implementing transport layer security mechanisms, such as web servers and browsers: * Implementation of standards. The interaction between components in transport layer security mechanisms should be through a well-defined communication protocol with no deviations. FIPS-approved algorithms for authentication, encryption, and the generation of message digests should be used in all implementations. * Interoperability. An implementation should promote interoperability among components. The selection of a particular server solution should not prevent the use of any standards-based client or vice versa. * Use of evaluated products. Key components of the implementation should be independently evaluated for conformance to standards, such as FIPS 140-1 and 140-2, Security Requirements for Cryptographic Modules. * Selection of important features. The implementation should include those features that users consider most important to their operating environments. * Open Source Solutions. The implementation should be an open source solution that allows users to choose future implementations that will support interoperability or standards. NIST recommends the use of the TLS 1.0 protocol specifications, which call for cryptographic mechanisms to implement the security services that establish and maintain a secure TCP/IP connection. The secure connection prevents eavesdropping, tampering, or message forgery. Implementing data confidentiality with cryptography prevents eavesdropping; generating a message authentication code with a secure hash function prevents undetected tampering; and authenticating clients and servers with public key cryptography-based digital signatures prevents message forgery. In all of these processes, a key or shared secret is required by the cryptographic mechanism. A pseudorandom number generator and a key establishment algorithm are used to provide for the generation and sharing of these secrets. NIST SP 800-52 provides tables that guide an organization in implementing services to prevent eavesdropping, tampering, or message forgery. The guide identifies the key establishment, confidentiality, digital signature, and hash mechanisms that are Federal Information Processing Standards (FIPS). Recommendations are made for the selection of FIPS-approved ciphers. Some specific implementation details include: * In selecting and procuring transport layer security implementations, officials should ensure that products meet a minimum set of universally accepted tests. Products should provide quality random numbers for key generation, protect the keying material and its storage, and properly implement and test key establishment, encryption, and signature algorithms and hash functions. NIST has published information to help agencies in buying security products in NIST SP 800-23, Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products, and in NIST SP 800-36, Guide to Selecting Information Technology Security Products. * Organizations should follow the vendor's general guidelines, as well as local practices, when installing TLS implementations. For example, a client's local policy might state that server authentication is required. The system administrator should follow the vendor's prescribed methods for enabling client/server authentication. Security services for confidentiality, data integrity, and peer entity authentication for clients and servers should be configured and provided by the TLS implementation. Appropriate cipher suites must also be selected. * In the maintenance phase, administrators should follow local policies and operating procedures. For example, the site system administrator may be required to check for product updates and security patches and to install them as needed. Within the local operating procedures, provisions should be made for checking for and obtaining updated information concerning the issuance and validation of authentication certificates, which are issued by public key infrastructure services. Some Operational Considerations After administrators select cipher suites to support transport layer security within the TLS protocol, applications should be configured only for those selected cipher suites. In addition, the key lengths used in the cipher suites for both clients and servers must be specified. TSL 1.0 and SSL 3.0 use the Hypertext Transfer Protocol (HTTPS), which is an extremely flexible protocol that allows for many uses and implementations and that introduces vulnerabilities. The client should be configured to check all data received and to verify the pathway of the message and the message's integrity. This includes verifying the server's identity at the time the connection is established. Both the server and the client should not base authentication decisions solely upon the Transport Layer Security's mechanism for determining possession of the private key corresponding to the authentication certificate. Rather, the decision should also consider whether or not the authentication certificate is valid or has been revoked. Information on public key infrastructure services is available in NIST SP 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure. Organizations should consult NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations, for complete details concerning selection of protocols, cipher suites, client-server issues, generation of random numbers, and other implementation issues. Disclaimer Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST nor does it imply that the products mentioned are necessarily the best available for the purpose. NOTE: ITL is seeking a Division Chief for its Computer Security Division. For more information, see http://www.itl.nist.gov/itl-opportunities.html Elizabeth B. Lennon Writer/Editor Information Technology Laboratory National Institute of Standards and Technology 100 Bureau Drive, Stop 8900 Gaithersburg, MD 20899-8900 Telephone (301) 975-2832 Fax (301) 975-2378 _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Wed Aug 03 2005 - 09:34:08 PDT