ISSAP Session 3 7 September 2011
Cryptography 1 • Questions from Session 2 ? • Session 1 & 2 handout is posted on www. silverbulletinc. com/DM 2 • Contact Shelton Lee for credentials – Shelton. lee@lmco. com • Should have book by now. If not contact Paola Aviles (paola. aviles @lmco. com – Must have by next Session (Sep 7)
Cryptography 1 • Application and Use of Cryptographic solutions – Interoperability of devices – Strength of cryptographic algorithms • Cryptographic Methods and Methodologies • Key Management Issues • Pages 125 -172 in book
Cryptography 1 • Codes – Cryptology: Machine functions – Ciphers: Book codes • Provides Confidentiality and Integrity – Hash functions integrity only • MD 5, SHA 256, SHA 3 • Confidentiality, Integrity, Availability • Non-Repudiation – legal concept – Many different concepts PKI can provide form of non-repudiation Why there are three certificates
Cryptography 1 • Cryptography depends on both physical and logical security – HSM – Smart Cards – Best if have use of but not access to private keys • ID and Encryption private keys may be escrowed. Signature key may not.
Cryptography 1 • Physical security required for private keys – Recent attacks have not compromised the cryptography, they have compromised the key management – Same mechanism used by Allies in WWII – Four rotor Enigma was never broken.
Cryptography 1 • Message Encryption – Secure Multi-purpose Internet Mail Encryption • • S/MIME Base 64 encoding ASN-1 Defacto standard understood by browsers/e-mail programs – Privacy Enhanced Mail (PEM) • Early messaging methodology • Only PEN headers remain in use – Pretty Good Privacy
Cryptography 1 – Secure IP Communication • TCP-IP as maintained by the IETF include the IPSEC protocol – VPN mechanism – Three parts: » UDP 500 key exchange & authentication (IKE) » IP 51 Authentication Header (optional) » IP 50 Encapsulation Security Protocol – Data – Sometimes used UDP 4500 for firewall transversal • IPSEC has two modes • Transport Mode – only IP Payload is protected • Tunnel Mode – both payload and header is protected - VPN
Cryptography 1 • Other IP mechanisms – Secure Socket Layer/ Transport Layer Security SSL/TLS • • • Client-server using web Potential issue with SSLv 3 led to third cert. SSL VPNs use web for access Can also be used for secure transport of FTP, LDAP, SMTP
Cryptography 1 • Remote Access – Both SSL/VPN and IPSEC are generally used for providing secure remote access. – Virtual Private Network concept dates back to early 1990’s • Remote Access VPN • Site-to-Site VPN • Extranet VPN – Point to Point Protocol – connection, not security • Dialups used PPPOE • Data link Layer – L 2 TP • Optional encryption PPP Encryption Control Protocol ECP
Cryptography 1 • Application Layer Protocols – SSH (Secure Shell) often used for file transfer • Also provides integral integrity management using hash. – SFTP and Secure Copy (SCP) also have specs but are little used. – SSL also at application layer • Easier to utilize than IPSEC – Do not need to maintain connection
Cryptography 1 • Secure Wireless Communication – IEEE 802. 11 – Wireless Local Area Networks (WLANs) – WEP : Wireless Equivalent Privacy • 64 or 128 bit RC 4 • Broken early by forcing resyncs & gathering data – WPA: WIFi protected access • RC 4 – does not require AES – WPA 2 includes Extensible Authentication Protocols (EAP) • Includes EAP-TLS • Includes AES
Cryptography 1 • Secure Wireless Communication – Bluetooth • • • Short range Optionally encrypts but no IM Can be modified – CRC is minimal 2. 0 and earlier: unencrypted pairing 2. 1 added Elliptic Curve DH Has native E 0 encryption considered weak – Not a FIPs standard
Cryptography 1 • Other Secure Communication – Encrypted POTs – Fiber Channel (SAN) Security Protocol (FCSP) – RFID (Radio Frequency Identification) • Most devices too simple to support cryptography – No passive, some Hybrid/Active capable
Cryptography 1 • Identification (Authentication) and Authorization – WWII codes RADAR signal triggered transponder IFF – RFID relies on tag for identification • RFID crypto may be needed • X. 509 cert 1. 5 kb minimum – Password +/or PIN low cost but easily compromised • Password on secure channel not so.
Cryptography 1 • I&A – Bar Codes, Watermarks, Steganography, Steppanography, holographic labels, signets – Encryption or secure coding of physical assets prevents forgery or substitution. – One way hash vale can be copied. – Token based – Kerberos: symmetric function generates tickets. Obsolete but widely used. – USB tokens and Crypto Ignition Key (STU-III)
Cryptography 1 • I&A – PPP uses PAP (password) or CHAP (Challenge Handshake Authentication Protocol) – Extensible Authentication Protocol (EAP) • EAP-MD 5, EAP-TLS
Cryptography 1 • Storage Encryption – encryption at rest • SAN encryption • Content Addressable Storage (CAS) • Storage Media encryption – tape, flopy, USB removable • Full Disk or Volume encryption: EPHD, PGP Disk • File or directory encryption: EFS, PGP • IEEE 1619 disk encryption – 1619. 1 tape encryption
Cryptography 1 • Electronic Commerce – Business to Business B 2 B – Business to Consumer B 2 C – Consumer to Consumer C 2 C – Consists of client, front end systems, back end systems – Requires confidentiality, integrity, authentication, non-repudiation – Also Auditing, Authorization, and Privacy
Cryptography 1 • B 2 B uses EDI – Large volume, few trusted connections – Applicability Statement 2 – RFC 4130 • S/MIME, Cryptographic Message Syntax (CMS), and Cryptographic Hash Algorithms • B 2 C uses SSL – Small volume, large number of untrusted connection – XML: SAML and WS-Security
Cryptography 1 • Software Code Signing – WS-Security: XML messaging – Code signing is different • Digital certs • Hash functions
Cryptography 1 • Interoperability – NSA Suite B • Encryption – AES FIPS 197 • Signing – DSS FIPS 186 -2, Elliptic Curve • Key Exchange – Elliptic Curve, D-H, 800 -56 A-C • Hashing – SHA, FIPS 180 -2. SHA 1 is now deprecated – Symmetric Crypto • FIPS 140 -2 evaluation
Cryptography 1 • Methods of cryptography – Symmetric – E(M)=C encryption of message = cyphertext – E(C)=M • • • AES ( Rijndael ) Blowfish (Two. Fish) DES IDEA RC 2, RC 4, RC 5, RC 6 3 DES
Cryptography 1 • Block cipher – – Initialization vector (IV) or Seed 64 or 128 bit blocks Register vs register Fast • Electronic Code Book (ECB) – no IV best short • Cipher Block Chaining (CBC) IV + feedback • Stream Cipher • Cipher Feedback CFB, Output Feedback OFB, Counter CTR • Low latency • Not as fast
Cryptography 1 • Additional security block modes – Cipher Based Message Authentication CMAC • Data integrity, data authentication – Counter with Cipher Block Chaining Message Authentication Mode CCM • Confidentiality and authenticity – Galois Counter Mode GCM • Combines counter with hash function
Cryptography 1 • Block Ciphers – – – AES CAST Cellular Message Encryption Algorithm CMEA GOST (SU) International Data Encryption Algorithm IDEA LOKI Lucifer – IBM RC 2. RC 5, RC 6 Skipjack Tiny Encryption Algorithm TEA XXTEA Two. Fish
Cryptography 1 • Stream Ciphers – XOR based – Requires synchronization – May use feedback – RC 4 and HC-128
Cryptography 1 • Assymetric Cryptosystems – El Gamal, Diffie-Helman, RSA, Elliptic Curve – One key to encrypt, other to decrypt – Most are binary but could be n-ary – Secure distribution – Slow and complex – Generally used to encrypt symmetric keys – X. 509 certificates.
Cryptography 1 • Hash functions & Message Authentication – Hash function: cryptographic representation of data. • • Compressed version Easy to compute Preimage resistance, Infeasible to reverse Second Preimage Resistance: no duplicate hashes – Second input same hash • Collision resistance: infeasible to find two images with same hash – birthday
Cryptography 1 • Merkle-Damgard – Block oriented – Fixed length regardless of number of blocks – MD 5 One way algo with M-D blocks – SHA-1: 160 bits SHA 224/256 – Collisions possible • HAVAL 128/160/192/224/256 • MD 4, MD 5 • SHA 1
Cryptography 1 • Collisions not found – SHA 2 (224/256) – RIPEMD 128/256 160/320 – Tiger 128/160/192 • Use any block cipher – AES – MDC-2 Modification Detection Code 2 • Meyer- Schilling – – MAC: key dependant hash function HMAC: Hashed MAC CBC-MAC With secret key can provide authentication • RFC 2104 • RIPEMD or SHA
Cryptography 1 • Digital Signatures – MAC that uses a digital signature – Encrypt with private key, public can decrypt – Origin authentication, message validation, nonrepudiation • • – – Cryptographic hash function Key Generattion Algo. (need once) Signing algo Verification algo (inverse of signing) PKI: ECC, El Gamal, DSA, RSA DSS FIPS Pub 186 ISO/IEC 9696 &14888 ANSI x 9. 30. 1, x 9. 62, IEEE 1363
Cryptography 1 • Key Management – This is the hard part, rest is just math – Different keys require different techniques • • Who may have For what use Symmetric or Assymmetric At rest needs a long period In transit may be shorter At present, no need for different strengths Key Management System (KMS) need to be at least as strongest
Cryptography 1 • Confidentiality – Supported by • • • Symmetric data encryption key Symmetric key wrapping key Public and private transport keys Symmetric Key Agreement Key Public and private static key agreement keys Public and private ephemeral key agreement keys
Cryptography 1 • Authentication verifies origin – Private signature key – Public signature verification key – Symmetric authentication key – Pub & Priv authentication (ID) keys
Cryptography 1 • Integrity – Private signature key – Public signature verification key – Symmetric authentication key – Pub & Priv authentication (ID) keys • Non-Repudiation – Legal concept – Private signature key – Public signature verification key
Cryptography 1 • Authorization – Symmetric authorization key – Private authorization key – Public authorization verification key
Cryptography 1 • Cryptographic Strength and Key Size – Two different elements – Must align with each other – Example 3 DES. • 112 bit Dual key as strong as 168 bit triple key • Algorithm has effective length of 120 bits • Beyond 112 bits attack will be to algorithm, not key. – Crypto Period: NIST SP 800 -57 -1 • May be extended by other means (lockout) • Originator Usage Period (OUP): time in which a symmetric key may be used. (Often changed daily) • Time for brute force attack – Hard part: know when successful
Cryptography 1 • Asymmetric breaking may take less time than symmetric – Dense vs sparse key space – DES withdrawn replaced by TDEA SP 800 -67 – Elliptic Curve may replace RSA • Smaller, denser, stronger • See tables 2. 2 and 2. 3 – RSA specified in ANSI x 9. 3, PKCS #1, FIPS 186 -3 • Value of k (1024, 2048) is considered key size – 1024 being deprecated
Cryptography 1 • Key Life Cycle – Preoperational phase • Generation, distribution • Signing/certificate generation – Operational • Certificate validity • Stored for use – Non retrievable – Postoperational • Escrow • Recovery – Key destruction • All copies
Cryptography 1 • Key Creation – NIST 800 -57 -1 – Security is based on confidentiality of private or symmetric keys – Avoid “weak” keys and make random • Pseudo-random generation has been a problem in past: Netscape 2. 0, Open SSL • FIPS 140 -2 and -3 • Need true random generation • Any reduction in randomness can be attacked – Reduction to 56 bits effective has been broken in a day – Rainbow tables – As disk space expands, so can diirectory
Cryptography 1 • RSA key generation – Public key consists of modulus n product of two prime integers p and q (n=p*q) and a public key exponent e. Key is n^e – Private key is n^d d is dependant on n & e (see Schneier) – NIST specifies moduluses of 1024, 2048, and 3072 bits
Cryptography 1 • Key Distribution and Crypto in transit – Public keys require no protection, only authentication – Symmetric and Private keys must be protected • Use Asymmetric keys to protect symmetric. • Physical (courier, etc) delivery also possible – Availability, Integrity, Confidentiality, Association
Cryptography 1 • Symmetric Key Distrobution – Key splitting via cryptographic module – Components must be entered without any opportunity for capture or store en route • Exception: one time keys – At least two components required to regenerate keyset
Cryptography 1 • Public and Private Key Distrbution – Private key should not be – Must be singular to support non-repudiation – May be securely escrowed for decryption – When generated on site, no need for distribution • Certificate needs only public key – Relying party: • • Key belongs to subject Associaated with attributes belonging to subject Valid Allowed by policy for use in intended purpose
Cryptography 1 • Vetting & Distribution of Certificates is part of PKI – Certificates are public – Anchored by trust of issuing authority – May be transmitted through open channels – Only usable by holder of private key – PKI discussed in part 2
Cryptography 1 • Key Storage – Integrity: through checksum or attribute in certificate • CRC, MAC, signing, checksums, parity, etc. – Hardware Security Module: high speed equivalent of Smart Card. – Confidentiality • Encryption, wrapping, logical access control • Physical security – Association with attributes and objects • Part of x. 509 • Protected key store – Assurance of domain parameters • Used by DSA and ECDSA
Cryptography 1 • Key Store – RSA PKCS 11 interfaces: Cryptoki API • • Smart Cards (ISO 7816 & 14443) Tokens PCMCIA USB • Key destruction vs Archive – Type of key • Table 2. 4 Key Protection Requirements
Cryptography 1 • Destruction and Zeroization – Anti-tamper devices • Required for HLOA, optional for MLOA • Compromise or expiration – Key rotation (decrypt with old, encrypt with new) – Key archive – Storage unique keys • Simplify sanitization
Cryptography 1 • Key Updates – Life cycles – Renewal • • New certificate vs new key Can never upgrade an existing key Rekey – new key entirely Recertification – Revocation • Notification • CRLs – Few check
Cryptography 1 • Key Escrow – Escrow Agent -Trusted Third Party – Not for Non-repudiation – FIPS 185 – split & two independent agents • Two risks: collusion & failure – Skip. Jack LEAF (Law Enforcement Access Field) 80 bits but effectively 64 same way DES is 64 bits, 56 effective. • LEAF + 2 escrowed components
Cryptography 1 • Backup and Recovery – Authorized recovery method for some keys – Any number of copies of key store if encrypted – RNG seed & signing keys should not be backed up – Ephemeral keys do not require backup • SSL/VPN session keys – Life of recovery needs to be equal or greater than life of keys in store
Cryptography 1 • End of Cryptography session 1 • Will continue with session 2 on 12 September • Questions ?
Скачать презентацию ISSAP Session 3 7 September 2011 Cryptography
e36cebe2d36bc2e49c723bf663d50fa1.ppt