Cryptographic Wiretappingat 100 Megabits

Charles J. Antonelli, Asst. DirectorCenter for Information Technology IntegrationThe University of MichiganAnn Arbor

2 April 2002

Project Goals

Complete long-term storage of network traffic Cryptographically secured Evidentiary purposes Rapid response to intrusion incident

Problem Space

Systems engineering Cryptographic organization Terabyte storage technologies Legal and regulatory constraints

Systems Engineering

866 Mhz Pentium III CPU (× 2) 528 MB/s PCI (66 Mhz × 64 wide) Ultra-160 SCSI

30 MB/s SCSI disk 15 MB/s SCSI tape

Architecture

intelinsideMFS

UFS

LTO

Architecture RedHat Linux 7.2

2.4 Kernel SMP Packet sockets Memory filesystem

Architecture Storage hierarchy

16 MB segments 1 GB volumes 100 GB tapes

Software pipeline listener creates segments encrypter fills volumes archiver fills tapes Scripts drive pipeline

Cryptographic Organization

AES Bulk encryption

ElGamal (gpg) Symmetric key encryption

Cryptographic Organization

Three encryption formats Open header

Translated headers, encrypted payloads Conversation (default)

Encrypted packets Retrieve by src/dst pair

Endpoint Encrypted packets Retrieve by src or dst endpoint

Cryptographic Organization

Three encryption formats Security

Translation security vs. traffic analysis Performance

Translation open to spoofing attack Retrieval

Retrieve when only one endpoint is known

Cryptographic Organization

volume symmetric key(KV)

master public key

translation table symmetric key(KT)master public key

translation tables

KT

Cryptographic Organization

Open Header

Conversation

EndpointKC

Header, payloadKC

KT

Header, payloadKCKC KC

KCKTKDKS

translated header packet payloadconversation key(KC)

Cryptographic Organization

KC = {src || dst}KV

KS = {src || 0 || “S”}KV

KD = { 0 || dst || “D”}KV

Terabyte Storage Technologies

Leverage Moore’s law Start small

LTO w/ library 15 MB/s (13 MB/s), 100 GB/tape 10 Mbps: 1 or 2 tapes/day, every day

Grow large 100 Mbps: 10-15 tapes/day 1 Gbps: 100-150

Terabyte Storage TechnologiesType Adv

MB/sMeasMB/s

GB/volnative

$/GB cc/GB

AIT2 6 50 1.50 1.9

DLT 8000 6 4.6 40 1.40 7.0

Mammoth2

12 9.6 60 1.50 1.5

AIT3 12 100 1.29 0.95

LTO 15 13 100 1.15 2.3

Super DLT 110 1.05 2.6

DVD-R 2.76 4.7/9.4 0.47-0.63

3.2/1.6

EIDE 17-35

163 1.57 2.38

Results

APV running at CITI Fully meets requirements on 100

Mbps network Conversation format

Four week sample 200 GB (two tapes)

Results – Observed Mbps

Results – Observed Mbps

Results – Observed Size Distribution

Results –Performance Extrema

Packet Size

Max input (observed)

Max input (calc)

Max output (calc)

60 bytes 44 Mbps(92K pps)

68 Mbps(142K pps)

65 Mbps(135K pps)

Synthetic observed

70 Mbps(39K pps)

83 Mbps(46K pps)

93 Mbps(52K pps)

1514 93 Mbps(8K pps)

94 Mbps(8K pps)

104 Mbps(9K pps)

Vault at Work

Vault at Work

The Vault

Half a Terabyte

Evidence Handling

Rules for evidence gathering Scene “frozen” Continuity of evidence

Authenticated volume contents Second factor might prove useful

Auditable procedures Open source

Legal and Regulatory Issues Carrier-transport/ECPA Student information/FERPA Privacy/First amendment Human subject guidelines Ownership/copyright Right to know/FOIA Discovery/evidence Search and seizure/Fourth amendment Civil liability HIPAA

Previous Work

Prototype (1998) 166 Mhz Pentium machines (x2) Private 100 Mbps network CD-ROM storage

10 Mbps Vault (2001) OpenBSD (no SMP)

Current Work

100 Mbps APV Flexible crypto policies

Site-specific customization Loss-free degradation

Data integrity Data recovery

Future Work

1000 Mbps APV Cooperating APVs

Round-robin, packet content

Integrity vault Additional requirements?

Non-IP traffic? Network speeds? Retrieval modes? Contacts needed!

Deliverables

Source code Operations Guide Research Report Live statistics

http://www.citi.umich.edu/projects/apv

Any questions?http://www.citi.umich.edu/