IOS XR Attestation Trust Me, Or Trust Me Not?

IOS XR Attestation Trust me, or Trust me not?

Dan Backman, Portfolio Architect @jonahsfo

BRKSPG-1768 Cisco Webex Teams

Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

• Risks to the Network Infrastructure

• Measuring and Validating Trust in Cisco IOS-XR routers

• New commands for Trust Integrity Measurement in IOS XR

• Building a Service to Report on Trust Evidence

• Conclusion

“Integrity, not just security.”

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public “Network devices are ideal targets. Most or all organizational and customer traffic must traverse these critical devices.” Source: US-CERT Alert (TA18-106A) Original release date: April 16, 2018

“The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations.” Source: US-CERT Alert (TA16-250A) Original release date: Sep 6, 2016

Targeted attacks on Critical Infrastructure

Impact on Economy Untrusted Locations Complex to Manage

To build a trustworthy platform

The network infrastructure must be constructed on a platform of trustworthy technologies to ensure devices operating are authentic and can create verifiable evidence that they have not been altered.

? If hardware or software running my critical ? systems was modified, how would I know? How can I track what hardware and software has changed? ? How would I prove where & when critical ? security updates are applied and are active? How do I know that the running software is built by Cisco? ? In an audit, how can I prove my systems are running compliant hardware and software? ? How do I prove what HW & SW was running in the past?

Visualize and report on trust Diagnostics

Runtime Maintain trust Environment

Network OS Verify trust

Firmware and Trust begins in the hardware Processor

NOS Protection against XR Protection

Integrity Visibility (Boot & Run-time)

• Run-time defenses IOS-XR • Integrity Management Arch. Ransomware MitM attacks 3rd Party Security (Maintain Trust at Run-time)

• Run-time defense • Security Enhanced Linux BSP & Linux Kernel (Establish Trustworthy NOS)

Known Vulnerabilities Credential Theft Malware Attacks • Secure UDI RP BIOS LC BIOS • Trust Anchor Module • Secure Boot X86 - CPU • Hardware Integrity (Establish Trust in Hardware) Malware Attacks Known Vulnerability Credential Theft

Boot & Runtime Measurements Known Good Values (KGV)

e5fa44f2b31c1fb553b46021e7360d07d5d91ff5e e5fa44f2b31c1fb553b46021e7360d07d5d91ff5e

7448d8798a4380162d4b56f9b452e2f6f9e24e7a 7448d8798a4380162d4b56f9b452e2f6f9e24e7a a3db5c13ff90a36963278c6a39e4ee3c22e2a436 a3db5c13ff90a36963278c6a39e4ee3c22e2a436

9c6b057a2b9d96a4067a749ee3b3b0158d390cf 9c6b057a2b9d96a4067a749ee3b3b0158d390cf 1 1 5d9474c0309b7ca09a182d888f73b37a8fe1362c 5d9474c0309b7ca09a182d888f73b37a8fe1362c

ccf271b7830882da1791852baeca1737fcbe4b90 ccf271b7830882da1791852baeca1737fcbe4b90

d3964f9dad9f60363c81b688324d95b4ec7c8038 d3964f9dad9f60363c81b688324d95b4ec7c8038

dd71038f3463f511ee7403dbcbc87195302d891c dd71038f3463f511ee7403dbcbc87195302d891c

4143d3a341877154d6e95211464e1df1015b74b 4143d3a341877154d6e95211464e1df1015b74b

b6abd567fa79cbe0196d093a067271361dc6ca8b b6abd567fa79cbe0196d093a067271361dc6ca8b 136571b41aa14adc10c5f3c987d43c02c8f5d498 136571b41aa14adc10c5f3c987d43c02c8f5d498

Anti-Theft and Anti- Built-In Crypto Tamper Chip Design Functions

Hardware Entropy Secure Storage

• Hardware designed to provide both End-user and supply chain protections • End-user protections include highly secure storage of user credentials, passwords, settings. • Supply chain protections -- Cisco SUDI (secure unique device identifier) inserted during manufacturing

• Secured at Manufacturing. No user intervention required

“How do I know this is really my router?”

• Unique cryptographic key embedded in hardware trust anchor module within every IOS XR Router • Secure Unique Device Identifier (SUDI) • Provides 802.1AR Secure Device Identity • Immutable key imbedded in Trust Anchor Module at time of manufacture • Signed by Cisco for proof of authenticity • Includes PID and Serial number of device

• Cryptographically strong identification of remote hardware

• Establishes unique, immutable hardware identity

1 BIOS 3 Operating System 3 Fetch Start-up Firmware Operating 2 4 Instruction 4 System 4 set

1 Changing the boot interface 2 Booting from alternate device

3 Bypassing Integrity checks 4 Adding persistent code

Cisco Secure Boot Boot Code Integrity Anchored in Hardware

Step 1 Step 2 Step 3 Step 4 Software Authenticity:

. Only Authentic signed Cisco software boots up on a Cisco platform Hardware CPU CPU CPU Anchor . The boot process Stops if Microloader Bootloader OS any step fails to authenticate Microloader . IOS “show software Microloader Bootloader OS launched authenticity” command checks checks OS illustrates the results bootloader

External service to Verify trust • Measure each boot stage Attestation • Securely store measurements Server

• Retrieve signed measurements from TAm/TPM Validate • Compare against reference measurements

Reference Measurement PCR Database

Application Containment and Policy SELinux • A Mandatory Access Control (MAC) facility built into the Linux Kernel • Protection from malicious or misbehaving compromising the system

Integrity Visibility and Secure Measurement Linux Integrity Measurement Architecture • All processes executed by the kernel are securely measured and reported • Kernel checks process signature to prevent unsigned code from executing

Logging (Process Fingerprint) /bin/sh

10 7103f91ed91be355abeef84853301e11dccd9e4a ima-sig sha256:0b46fb8e7635a02320aceed326128b0f146c369476dfe5fd704aceca4a135b88 /bin/sh

IMA Log: /sys/kernel/security/ima/ascii_runtime_measurements

Appraisal (Signature Validation) /bin/sh + Signature (hash) Trust-Root Certificate in IMA Keyring FAIL: Execution Blocked Pass: Execution Allowed + Log w/ Signature 10 d27747646f317e3ca1205287d0615073fe676bc6 ima-sig sha1:08f8f20c14e89da468bb238 d2012c9458ae67f6a /bin/sh 030202afab451100802b22e3ed9f6a70fb5babf030d1181 8152b493bd6bfd916005fad7fdcfd7f88d43f6cffaf6fd1ea3b75032dd702b661d4717729e4a3fa4 ee95a47f239955491fc8064eca8cb96302d305d59750ae4ffde0a5f615f910475eee72ae0306e4ae 0269d7d04af2a485898eec3286795d621e83b7dedc99f5019b7ee49b189f3ded0a2

[PCR] [SHA1] ima-sig [SHA256] [filename]

Fully-qualified file path

SHA256 hash of file

Extended Hash

• IMA builtin policy enabled using boot command line • Example policy (kernel command-line parameters - onchange) BOOT_IMAGE=/bzImage rootfs-thin-lv=latest console=ttyS0,115200 boardtype=RP platform=ASR9k quiet rootflags=i_version ima_tcb ima_appraise_tcb ima_appraise=log bigphysarea=10M noissu pci=hpmemsize=0M,hpiosize=0M crashkernel=192M • Measures all files read as root and all files executed • Appraises (verifies IMA signature) all files owned by root • IMA will capture logs for many file types: • Executable files • Libraries • Config files • Scripts

… This is a very useful whitelisting engine for RUNTIME measurements … know FOR SURE what has been running, match to known-good … can also be used to track known 3rd party code … can be used to track execution of code (hashes) with known vulnerabilities

What would you do with this?

• It’s a cryptographically verifiable view into what was running in the past • You want this to troubleshoot things • You want this to know WHAT CHANGED • You want this to be a SIGNED and SECURE audit trail • You want to be able to report on this flexibly • You want a standard way to gather this type of data

• Basic Inventory Information • Run-time Integrity Measurements • Hardware and Software Inventory • Kernel IMA Values

• Running and/or Persistent Configuration • Operational Reports • Boot-Time Integrity Measurements • Any “show” command • Hardware BIV attestation with PCRs (Boot • Ex: Reboot history, etc Integrity)

• Traditional TPM-style PCR values

• New forms of hardware measurements

1) Service requests quote with unique nonce value

Integrity Verification Service

3) Service validates: Signature with enrolled key Nonce Value e5fa44f2b31c1fb553b46021e7360d07d5d91ff5e

7448d8798a4380162d4b56f9b452e2f6f9e24e7a Measurements vs KGVs

a3db5c13ff90a36963278c6a39e4ee3c22e2a436 9c6b057a2b9d96a4067a749ee3b3b0158d390cf 1 5d9474c0309b7ca09a182d888f73b37a8fe1362c

ccf271b7830882da1791852baeca1737fcbe4b90

d3964f9dad9f60363c81b688324d95b4ec7c8038

dd71038f3463f511ee7403dbcbc87195302d891c 2) Router gathers measurements with nonce, creates 4143d3a341877154d6e95211464e1df1015b74b attestation dossier within signed envelope b6abd567fa79cbe0196d093a067271361dc6ca8b

BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Demo: IOS XR CLI signing and Trust Dossier BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 IOS XR New Feature: Trust Dossier

New function in IOS XR to generate integrity snapshot with cryptographic signature

3 new features in XR CLI: • Create self-signed system trust point for attestation enrollment • CLI command to generate trust dossier • New CLI utility to generate signed output from CLI

# show platform security integrity dossier nonce abc123 | utility sign include-certificate nonce abc123

• New CLI signing utility adds cryptographic signature to CLI output • Designed as generalized function to extract signed output from IOS XR CLI • Supports nonce for replay protection • Can be used as a mechanism for building in PROOF to CLI output

RP/0/RP0/CPU0:ios# show version | utility sign nonce abc123 Mon Jan 13 18:16:28.867 UTC { "cli-output": "Cisco IOS XR Software, Version 7.0.12.13I LNT\nCopyright (c) 2013-2019 by Cisco Systems, Inc.\n\nBuild Information:\n Built By : nkhai\n Built On : Wed Dec 11 07:55:40 UTC 2019\n Build Host : iox-lnx-033\n Workspace : /auto/iox-lnx-033-san1/prod/7.0.12.13I.DT_IMAGE/8000/ws\n Version : 7.0.12.13I\n Label : 7.0.12.13I\n\ncisco 8000\nSystem uptime is 1 week, 2 days, 18 hours, 50 minutes\n\n", "signature-envelop": { "nonce": "abc123", "signature-version": "01", "digest-algorithm": "RSA-SHA256", "pub-key-id": "4501", "signature": "6/T56/9yENJoGu65KosZ6fCsvpirhASKOD0tP2oYv+UbbIBszRkwHL0lzLI3EdTqhPfYszJx6DYx9bSLU3oRqZLQgqn//tvHOiapjhO47LXUX+FI BJ99eHZVwOJnW6eebwGUGfOob4CFR0JUCN7ER1e1HkKSyTM/MuTZDGSJXeYYDrlSaCF28+siWUFWLUFh3j9tYjVsc0QKGuRFkDGAVdtOoE5ILkIw2 +1tN7ehSKDxa6l/4rfShVblMZ+onLLDfA/hmqdidIANGPDNk61sd4tDZw30OXQj9CQw32tLKKgXNUOEammCMKpUdg2FbjMdT+4eyuEOIgxge1XWZV jlnA==" } }

• Some prerequisites required: • Must generate and self-sign “enrollment key” in IOS XR • Trust “dossier” requires NETCONF YANG support enabled • Digital signature required for cryptographic validation of Trust “dossier” contents • Nonce is used to uniquely prove integrity of transaction

#conf t # hostname asr9kv-01 # domain name cisco.com # ssh server v2 # ssh server netconf # netconf-yang agent ssh

• Used to sign output for trust validation / remote attestation

• Public key is enrolled into trust validation service

• Private key components stored in Hybrid TAm secure storage in IOS XR RP • Private key is securely replicated to backup RP

RP/0/RP0/CPU0:asr9kv-1# crypto key generate rsa system-root-key RP/0/RP0/CPU0:asr9kv-1# crypto key generate rsa system-enroll-key

RP/0/RP0/CPU0:asr9kv-1# show crypto key mypubkey rsa Wed Jan 8 17:07:57.637 UTC Key label: system-root-key Type : RSA General purpose Size : 2048 Created : 17:07:05 UTC Wed Jan 08 2020 Data : 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00CA1207 65F7E55F 5732C741 5F4304E2 7506B625 C519FE91 FB924568 9566D717 4A9CE628 A083249B 1D267173 D3E9D435 B4DB71BA 9F5D7B79 03B86AFA 117E9AF4 EAC3357E 3FFBDE07 10C55997 2B0DB974 DC9BACC3 20485AFC 0B93CD12 69BA1016 6360E27E D1BA5615 964ACCE4 2731FBFB 5FD399D0 2069A72C 9E2A854D 180CAF4B E21AD65C 8669341D 495D1B10 2C54A186 828AF828 A3D1B9A8 1C0D1D7E B6584FBC 527FD148 22428B37 5E74B78F 5BA104CF 51109569 83C1F590 4FD4751F 7618B140 41BA5E0D 68D3FA65 AADFE360 62A4FFD5 196F1152 0BBAAE05 FCE6FB1E 1C8B6448 A0516DBC 398D5D56 0A871814 EC4A9DE3 B18B0006 B30B6F0C 65B70544 52843F1D 0B020301 0001

Step 1b: Generate Enrollment Key RP/0/RP0/CPU0:ios#conf t Wed Jan 8 16:20:27.081 UTC RP/0/RP0/CPU0:ios(config)#crypto ca trustpoint system-trustpoint RP/0/RP0/CPU0:ios(config-trustp)# keypair rsa system-enroll-key RP/0/RP0/CPU0:ios(config-trustp)# ca-keypair rsa system-root-key RP/0/RP0/CPU0:ios(config-trustp)# ip-address 1.1.1.1 RP/0/RP0/CPU0:ios(config-trustp)# subject-name CN=cisco.com RP/0/RP0/CPU0:ios(config-trustp)# enrollment url self RP/0/RP0/CPU0:ios(config-trustp)# message-digest sha256 RP/0/RP0/CPU0:ios(config-trustp)#commit

RP/0/RP0/CPU0:asr9kv-01#crypto ca authenticate system-trustpoint Mon Jan 13 11:29:45.907 UTC

% The subject name in the certificate will include: asr9kv-01.test.cisco.com Serial Number : 1C:B1 Subject: serialNumber=18ebd759,unstructuredName=asr9kv-01.test.cisco.com Issued By : serialNumber=18ebd759,unstructuredName=asr9kv-01.test.cisco.com Validity Start : 11:29:46 UTC Mon Jan 13 2020 Validity End : 11:29:46 UTC Tue Jan 12 2021 SHA1 Fingerprint: 8AADAA1812C3BCC7A589E3613A9D2E8D1001923E

Fingerprint Self signed CA cert: 00EE58E880932A0D9CA79C287881B041

RP/0/RP0/CPU0:asr9kv-01# crypto ca enroll system-trustpoint Mon Jan 13 11:30:02.343 UTC

% The subject name in the certificate will include: CN=cisco.com % The subject name in the certificate will include: asr9kv-01.test.cisco.com % Include the router serial number in the subject name? [yes/no]: yes % The serial number in the certificate will be: 18ebd759 % The IP address in the certificate is 1.1.1.1 Serial Number : 1C:B2 Subject: serialNumber=18ebd759,unstructuredAddress=1.1.1.1,unstructuredName=asr9kv-01.test.cisco.com,CN=cisco.com Issued By : serialNumber=18ebd759,unstructuredName=asr9kv-01.test.cisco.com Validity Start : 11:30:02 UTC Mon Jan 13 2020 Validity End : 11:30:02 UTC Fri Jul 31 2020 SHA1 Fingerprint: 8EA95F57CC4E4BFA02165ECEC6607E41076E27D3

• Note: must have enrollment key and certificate complete before signing operations will work correctly. • Existing version of signing utility may generate envelope without signature data if no key/certificate is available.

• Execute CLI command and user “| utility sign” to verify signature • Specify nonce for unique session identification • Nonce is within signed dossier envelope and is within SUDI quotes (from TAm HW)

RP/0/RP0/CPU0:asr9kv-01# show version | utility sign nonce abc123 include-certificate Mon Jan 13 11:33:57.598 UTC { "cli-output": "Cisco IOS XR Software, Version 7.0.1\nCopyright (c) 2013-2019 by Cisco Systems, Inc.\n\nBuild Information:\n Built By : ahoang\n Built On : Thu Aug 29 16:11:57 PDT 2019\n Built Host : iox-ucs-030\n Workspace : /auto/srcarchive15/prod/7.0.1/xrv9k/ws\n Version : 7.0.1\n Location : /opt/cisco/XR/packages/\n\ncisco IOS-XRv 9000 () processor\nSystem uptime is 11 minutes\n\n", "signature-envelop": { "nonce": "abc123", "signature-version": "01", "digest-algorithm": "RSA-SHA256", "pub-key-id": "7346", "signature": "b1Cn9uosPIUTvGrzzWk7sEsYBaO+xtDqbN92tHI0Hn3R3Q7/Fl3NcGhbnHjqa2bMOiiKTtj0DHt28yLnZ+87HlZ5ZLzIBtmmcXEjzJAdoJCpAU5I4cdPbjx8myFmiqfepSY cyGoyWHtWoxEP7C+WLmBlpnrMazxuKAevDs9GkiMyKwVy2ZaFbmeyY7lvu8wkVsgMXgaadJSKgo/YY4aNa8erF/DlMl+aMUWl5iz62uzRNsdXY57/p1+eBSSLPgJfJqxk3n0 nEMe+y3BmzRItNxzVr3YeGpjiKclH7u35ArAjtHW9J+eQuid+wo0Xwv2KfjvYUp8xeQUKdiHbc/mpDw==", "signing-certificate": [ "MIIDNjCCAh6gAwIBAwICHLEwDQYJKoZIhvcNAQELBQAwPDEnMCUGCSqGSIb3DQEJAhYYYXNyOWt2LTAxLnRlc3QuY2lzY28uY29tMREwDwYDVQQFEwgxOGViZDc1OTAeFw0 yMDAxMTMxMTI5NDZaFw0yMTAxMTIxMTI5NDZaMDwxJzAlBgkqhkiG9w0BCQIWGGFzcjlrdi0wMS50ZXN0LmNpc2NvLmNvbTERMA8GA1UEBRMIMThlYmQ3NTkwggEiMA0GCSq GSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh1x73M1Sg66ggSYOgpFZZnS+CszmEWKTkJEKJLJFr0CoKRzjT5R4yvag1CFa7UjywR3fR1+AMGr7fzRO0Y1X9UXOxZtVv9F3IT3H so2yGiSe1p4m0ipYUv8y+VDkAm6PmGtGeNjC8WWM0kq3TeIpmrcWBrtoaNVowGa247lKBMFgmCBwPTg6pwpSv5tvzu Z8FLMiC1sB8eZIDYkko6it8Zq2AMoZ0VG56PoylEpP4ITtOVCKrZZu2g7EoYB0r6O9EdoWW3a3kc20Al+vfDKcJIdrSmSDrTVSzzxff331CLNaQxN/qAeb49UM3Fv/XFW7Em GVQAuODT0D0FfB3PzFdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQ0anr8pnoJhlx5B0/tMq2x93QyNDANBgkqhkiG9w0BA QsFAAOCAQEAnQLpT+nrL2Gagpb995hyinLrsm/xS1KL83DJVtpwaskJdiA2caACD+H9DSt0lvClDo+FTEVuTKiWEuoPKRT1htYpKs8mIEecX5B30CsN1D5y3iC6WpMcQ7F5z ROCNDQQb79Mjfxu2YXVb/0AIfc/+PF2kWmyzAfT7dxeVn7TsfwCybsROxrisI+YP0lPioo3uKTmgwjYkNpM95Wog6tfiC390HOjCXuKMpPZp19ZUnLQt gIQ63UnaQRHt+VpDinU+8YTpRWRZLUrFz4EsfjmBZ91CKM0WC2m4moWbyRf5b0Vv9OGe2kR4CW9jhDJ9I877Ho3oo2sEdjfTzy182H7Xw==", "MIIDhDCCAmygAwIBAwICHLIwDQYJKoZIhvcNAQELBQAwPDEnMCUGCSqGSIb3DQEJAhYYYXNyOWt2LTAxLnRlc3QuY2lzY28uY29tMREwDwYDVQQFEwgxOGViZDc1© 2020 Cisco and/or its affiliates. All rights reserved. Cisco PublicOTAeFw0 MDA MTM MTM MDJ F 0 MDA3M E MTM MDJ MG EjAQB NVBAMMCWN 2N L N bTE MCUGCS GSIb3DQEJAhYYYXN OWt2LTA L Rl 3Q Y2l Y28 Y29tMRY FAYJK Z Step 3: Generate Security Dossier

• Execute CLI command to generate dossier • Specify nonce for unique session identification • Nonce is within signed dossier envelope and is within SUDI quotes (from TAm HW) • Can select data models to include in trust dossier

RP/0/RP0/CPU0:ios# show platform security dossier nonce abc123 include ? packages Include installed packages reboot-history Include reboot history rollback-history Include config rollback history running-config Include running config system-integrity-snapshot Include system integrity snapshot system-inventory Include inventory RP/0/RP0/CPU0:ios#

• Add signing utility function to add signature to dossier • Designed as generalized function to extract signed output from IOS XR CLI • Use nonce for replay protection

RP/0/RP0/CPU0:ios# show platform security integrity dossier | utility sign include-certificate

• Note: two nonces: • Nonce in dossier is passed to hardware TAm modules for HW quote • Nonce in signing command used for dossier envelope signature+nonce

• Add additional options for full dossier with nonce in dossier components and in external signature envelope

RP/0/RP0/CPU0:ios# show platform security integrity dossier include packages reboot-history rollback-history system-integrity-snapshot system- inventory nonce abc123 | utility sign include-certificate nonce abc123

Crosswork Data Gateway

• IOS XR Trust Dossier collected via CLI command (via SSH) • Dossier signed with TI enrollment key • Human-readable JSON encoding with signature envelope • Based on YANG models • Supports nested signatures for hardware- signed values (ex: SUDI or BIV)

• IOS XR Version + Platform Output • Anti-Replay Nonce • Specified as CLI option • System Hardware inventory • Cisco-IOS-XR-invmgr-oper.yang • Cisco-IOS-XR-spi-invmgr-oper.yang • Hardware Attestation Data • Cisco-IOS-XR-remote-attestation-act.yang • SUDI (Hardware Identity) Certificate • Separate signature per FRU (includes nonce) • Software Package inventory • Cisco-IOS-XR-spirit-install-instmgr-oper.yang • Cisco-IOS-XR-install-oper.yang • Reboot History • Cisco-IOS-XR-linux-os-reboot-history-oper.yang • Human-readable JSON • Rollback History formatted output via CLI • Cisco-IOS-XR-config-cfgmgr-exec-oper.yang command • Running Configuration (optional) • Trust Insights does not gather config • Signed envelope (not encrypted)

• Inventory: • Track hardware and software history and changes • Query hardware SUDI to validate PID / Serial number / Authenticity • Reporting on runtime IMA measurements • Track running SW vs installed SW • Track 3rd party code • Track code with known vulnerabilities • Which version of a binary is running where • Software inventory based on observed running code • … a totally new view into your systems and operations

• Secure quote process • A more complete data model to include more extensive evidence gathering • Support for complex systems (modular platforms with many running OS kernels) • Signature • Considerations for signing keys and device enrollment? • What key do you use to sign the data? • Key usage in modular systems • Reporting on evidence timeline • Build extensible reporting for useful operational values • Dashboard (What changed since yesterday) • Device lifecycle and history

Where can you get known-good values?

• Source: Cisco • Extract hashes from known-good images/ISO • Published KGV from Cisco (HW and SW)

• Source: 3rd Party or user-provided code • Extract hashes from known-good packages • Signed KGV output from developers • Track known software installed onto IOS XR systems

BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Trust Visualization and Attestation requires a Service Demo Flow: 1 Read and Verify Known Good Values(KGV) for all the packages Request for IMA Analyzer IMA events 5 2 Analyze 4 IMA records against KGV IMA Response IMA events matching selection

3 Attestation Client

IOS-XR node

Cisco Crosswork Trust Insights The product, features and releases described are currently unavailable, remain in varying stages of development, and will be offered on a when‐and‐if‐available basis.

The information provided is for informational purposes only and is subject to change at the sole discretion of Cisco.

Cisco will have no liability for delay in the delivery, or failure to deliver, any of the products or features described. Introducing Crosswork Trust Insights

• Visualize Trustworthiness

• Track & Verify Inventory

• Utilize Trusted Data for Automation

A Cloud-based SaaS offer that reports on the trustworthiness of network devices and provides forensics for assured inventory

Notifications API

• Requires up-to-date feed of Known- Dashboard Good-Values (KGV) from IOS XR Build and and Regression Trust Insights Reports Cryptographically A SaaS Offer Secured Cisco Crosswork Cloud • Constantly evolving analytics of hardware Collection and software fingerprints in Cloud Service B Crosswork • On-Premises Data Gateway collects trust A CrossworkData Gateway Crosswork On- dossier from IOS XR Routers Data Gateway Data Gateway Premise Customer -

Customer - • Dossier creation controlled via AAA, and is human-readable with digital signature

Trust Insights A SaaS Offer

Cisco Crosswork Cloud Operational Status

Cryptographically Inventory Secured Collection Signed Evidence Hardware Integrity Crosswork Data Gateway Dossier Boot Integrity

Run-time Integrity

IOS XR Trust Dossier

SJC1-1

SJC1-2 Crosswork Data Gateway

SJC1-3 1. Cloud Data Gateway connects to Crosswork Cloud (HTTPS) 2. Routers enrolled into Trust Insights service by user 3. Trust Insights delivers list of BXB1-1 routers to query to each Cloud Data Gateway BXB1-2 Crosswork 4. Cloud Data Gateway logs into Data Gateway routers and queries Trust BXB1-3 Dossier 5. Cloud Gateway forwards Trust Dossier to cloud service for verification and analytics

1 Trust Insights securely requests and collects IOS Trust Insights XR signed evidence dossier from IOS XR devices

2 Dossier evidence verified and added to timeline Change Detected of running hardware and software

3 Trust data verified against Known-Good-Values (KGV) for hardware and software from Cisco

4 Trust Insights delivers assured inventory reporting with history, and trust visibility for IOS XR systems

API 5 Trust and Assured Inventory data accessible via API Automation to enable Closed-Loop Automation

Unprecedented Visibility and Forensics: Analyze system integrity and trustworthiness of network devices – BRKSPG-2415

• Deepak Bhargava, Product Manager • SP Networking, Automation

Thursday, January 30 11:15 AM - 12:45 PM

Key Takeaways on Trust

Trusted Platforms requires a hardware root-of-trust Visibility and Reporting is critical to attest for the integrity of your Trusted infrastructure Learn more @ trust.cisco.com Visit cisco.com/go/sp-trust

Establish Trust in • Enhanced Hardware Integrity Verification Protects against: • Unique Cryptographic Identity (SUDI) • Counterfeit Hardware Hardware • Strong Crypto in Hardware • Hardware Tampering

Verify • Support for Customer Code Signing Protects Against: • Process Level Signature Verification • “Boot-kit” Attacks Trust in OS • Secure Storage for Secrets / Keys • Malware injection

Maintain • SE Linux Policy Protects against: • Runtime Protections: ASLR / W^X • Remote Exploits Trust at Runtime • Cloud Based DDoS Protection • Denial of Service

• Boot Integrity Verification Enables: • Process Integrity Measurement Visualize Trust Detection of compromise • Support for Remote Attestation and Trust Posture Report • Trust Insights

Service Provider Networks are increasingly being recognized as Critical Infrastructure

Cisco is committed to continually enhancing the security and resilience of our networking solutions

Cisco Crosswork Cloud Trust Insights empowers you with visibility to affirm Trust in your Network Infrastructure

BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Complete your online session • Please complete your session survey survey after each session. Your feedback is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live t-shirt.

• All surveys can be taken in the Cisco Events Mobile App or by logging in to the Content Catalog on ciscolive.com/emea.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.com.

Demos in the Walk-In Labs Cisco Showcase

Meet the Engineer Related sessions 1:1 meetings