280 likes | 417 Views
Lesson 7-Standards and Protocols. Background. Internet commerce uses PKI to provide the standards and protocols to provide a common, interoperable environment for securely exchanging information.
E N D
Background • Internet commerce uses PKI to provide the standards and protocols to provide a common, interoperable environment for securely exchanging information. • Though only a portion of the related standards and protocols may be used on a daily basis, it is important to understand how they interact to provide confidentiality, integrity, authentication, and nonrepudiation.
Background • The various standards developed fall into three categories: • Standards that define the PKI data and the data structures • Standards that define the interface and the services required by applications. • Standards that provide an overarching business process (for example, ISO 17799 and the FIPS PUBS). • Standards that address the PKI structure as well as the methods and protocols for using it. • These standards do not fit in either of the previous two categories.
PKI Standards and Protocols • The internet PKI Implementation relies on 3 main standards for establishing interoperable PKI services: • PKIX -Public Key Intrastructure • PKCS- Public Key Cryptography • X.509 – Authentication of entities • Other protocols and standards • ISAKMP and XKMS is a key management protocol • CMP manages certificates • S/MIME manages email • SSL, TLS and WTLS for secure packet transmissions • IPSEC and PPTP for VPN • PGP provides an alternative method spanning the protocol and application layer
X.509 • Late 1980, the X.500 OSI directory standard was developed for implementing a network directory system. • Part of this standard provides authentication of entities within the directory. • X.509 defines a hierarchical certification structure that relies on a root certificate authority that is self-certifying. • Uses DN to identify individual, especially when trusts and certificates are extended beyond the CA • Several versions exist and each version has extended the certificate with additional content fields. • V1 – 2 fields added for directory access control • V2 – added fields improved Privacy Enhanced Mail • V3 – added fields improved subject ID info, key attribute info, policy info, and certificate path constraints. • To obtain a X.509, you must ask a CA to issue you one.
PKIX • PKIX and PKCS are based on the X.509 certificate standard. • The PKIXdefines standards for interactions and operations for four component types: • End-entity is either subject or user of the PKI certificate, or both. • CA is responsible for issuing, storing, and revoking certs, both Public Key Certs (PKCs) or Attribute Certs (AC). • RA manages activities designated by CA • Repository provides certficates and CRL to end-entities. • PKIX defines standards for public key infrastructure. • PKCS defines many of the lower-level standards for message syntax, crypto algorithms, etc. It is a produce to RSA Security.
The Five Areas of PKIX Standards • PKIX addresses 5 major areas: • Outlines certificate extension providing compatibility standards for sharing certs and CRLs between CAs and end-entitites in different PKIs. • PKIX provides certificate management message formats and protocols, defining the data structures, management messages, and management functions for PKIs. • PKIX outlines certificate policies and certification practices statements (CPSs), establishing the relationship between policies and CPSs. • PKIX specifies operational protocols, defining the protocols for certificate handling. • PKIX includes time-stamping and data certification and validation services to support non-repudiation.
Two Types of PKIX Certificates • The PKIX working group has been working on two types of certificates, PMI model: • Attribute Certificates (AC) – grants permissions using rule-based, role-based and rank-based ACL and used to implement a privilege management system (PMI). • Qualified Certificates (QC) - based on the term used within the European Commission to identify specific individuals (not entities). The PKIX is like a passport and PMI is like a visa, the former provides identity and the latter provides permission. The PKIX PMI model
Active PKCS Standards • The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. • PKCS is composed of a set of (currently) 13 active standards, with 2 other standards that are no longer active PKCS #1-PKCS #15). • The standards combine to establish a common base for services required in a PKI. PKIX defines standards for public key infrastructure. PKCS defines many of the lower-level standards for message syntax, crypto algorithms, etc. It is a produce to RSA Security.
PKCS • PKCS #1: RSA Cryptography Standard –The PKCS#1 standard provides recommendations for the implementation of "public-key" cryptography based on the RSA algorithmPKCS #2: Encryption of message digest and has been incorporated into PKCS #1PKCS #3: Diffie-Hellman Key Agreement StandardPKCS #4: Incorporated into PKCS #1PKCS #5: Password-Based Cryptography Standard -provides recommendations for the implementation of password based cryptography, including key derivation functions, encryption schemes, and message-authentication schemes.PKCS #6: Extended-Certificate Syntax StandardPKCS #7: Cryptographic Message Syntax Standard -used to provide messaging security as in S/MIME.PKCS #8: Private-Key Information Syntax StandardPKCS #9: Selected Attribute TypesPKCS #10: Certification Request Syntax StandardPKCS #11: Cryptographic Token Interface Standard -describes a programming interface named "Cryptoki" for performing cryptographic operations with hardware "tokens" (typically a "smartcard"). Popular applications like Netscape use PKCS#11 to provide smartcard support for their SSL and S/MIME capabilities. • PKCS #12: Personal Information Exchange Syntax StandardPKCS #13: Elliptic Curve Cryptography StandardPKCS #15: Cryptographic Token Information Format StandardMore info: http://www.rsasecurity.com/rsalabs/pkcs/
WWW History - SSL • WWW was invented in 1990 by Tim Berners-Lee to give physicists a convenient method to exchange information. • Already in use was Telnet and FTP, but not a common addressing scheme (URL) and a method to link documents (HTML). • Berners-Lee developed 2 programs; web server and web browser. • Marc Andreessen’s team at the University of Illinois supercomputing center developed Mosaic, and joined a Silicon Valley business called Mosaic Company which became Netscape. • SSL is a general purpose protocol developed by Netscape for for transmitting private documents via the Internet using PKI. • URLs that require an SSL connection start with “https:” instead of “http:” • IETF embraced SSL in 1996 through a series of RFCs and named the group Transport Layer Security (TLS). • Each version of SSL had security weaknesses, therefore, starting with TLS 1.0 (SSL V3.1) Kerberos authentication was added.
Transport Layer Security (TLS) • SSL and TLS are essentially the same protocol although not interchangeable. • TLS is a protocol that ensures privacy between communicating applications and their users on the Internet. • Runs on top of the TCP and below higher-level protocols, therefore, is supported by an operating system that runs on the TCP/IP stack. • Allows SSL-enabled server to authenticate itself to SSL-enabled client and visa versa. • Uses public key to encrypted data
How SSL/TLS Works • When a client requests a secure connection to a server, a SSL/TLS handshake is used to agree on which SSL/TLS protocol (SSL v1, v2, v3 or TLS v1) and also, which encryption algorithm (Diffie-Hellman and RSA) to use. • Next step is to exchange X.509 digital certificates and public keys for mutual authentication. • Once authentication is established, the channel is secured with symmetric key methods, typically TC4 or 3DES, and MD5 or SHA-1 hash functions.
HTTPS • HTTPS uses the Secure Sockets Layer (SSL) to transfer information. • It uses the open standard SSL to encrypt data at the application layer. • In addition, HTTPS uses the standard port 443 for TCP/IP communications rather than the standard port 80 used for HTTP. • HTTPS uses the 40-bit RC4 encryption algorithm in most cases. • The 128-bit version is also implemented.
ISAKMP • The Internet Security Association and Key Management Protocol (ISAKMP) provides a common framework for implementing a key exchange protocol and security policy. • It defines procedures and packet formats to negotiate, establish, modify, and delete security associates (a relationship where two or more entities define how they will communicate securely) at all levels of the OSI model. • First step is to secure negotiations. • Second step is to secure the protocols used for remainder of the communications. • Transfers key data and authentication data independent of the key generation technique. Uses UDP port 500
CMP • CMPdefines the protocol for managing keys and certificates. : • CA and CRL establishment, and export of the public key for the CA • Certification of an end-entity, including the following: • Initial registration and certification of the end-entity • Updates to the key pair • End-entity cert updates • Cross-cert requests • Cert and CRL publication • Key pair recover • Revocation requests • Defines mechanisms for performing online or offline operations using files, email, tokens or web operations • CMP provides a framework that works well with other standards: • PKCS #7 - Cryptographic Message Syntax Standard -used to provide messaging security as in S/MIME.PKCS #10: Certification Request Syntax Standard
XKMS Services • The XML Key Management Specification (XKMS) defines services to manage PKI operations within the XML (Extensible Markup Language) environment. • XKMS services reside on a separate server that interacts with an established PKI.
Secure/Multipurpose Internet Mail Extentions (S/MIME) • Created by RSA email to support email features such as audio, images, apps. • Based on X.509, but more flexible and uses a different set of encryption and signature algorithms than PGP • Authentication using digital signatures and privacy using encryption. • Original MIME lacked security features required by Dept. of Defense • The Secure/Multipurpose Internet Mail Extensions (S/MIME) message specification is an extension to the MIME standard that provides a way to satisfy DOD and provide backward compatibility.
S/MIME v3 Specification • For different implementations of the S/MIME v3 to be interoperable, a minimum set of cryptographic algorithms were mandated. • The current IETF S/MIME v3 set of specifications includes: • Cryptographic Message Syntax (CMS) • S/MIME version 3 message and certificate handling specification. • Enhanced security services (ESS) for S/MIME. • Using digital signatures by the CMS provides integrity, authentication, and nonrepudiation security. • CMS Triple Encapsulated Message • A feature of CMS is the ability to nest security envelopes. • Triple encapsulation is not required of every CMS object. • RC2 – 40 bit
PGP • Pretty Good Privacy (PGP) provides the ability to digitally sign a message so the receiver can be certain of the sender's identity. • PGP uses both public-key cryptography and symmetric key cryptography. • PGP uses asymmetric key encryption, in which the recipient of a message has previously generated a linked key pair, a public key and a private key. • The recipient's public key is used by a sender to encrypt a shared key (aka a secret key or conventional key) for a symmetric cipher algorithm; that key is then used to encrypt the plaintext of a message. • Many PGP users' public keys are available to all from the many PGP key servers around the world which act as mirror sites for each other. • PGP encrypted e-mail can be exchanged with most users outside the United States and many versions of PGP are available from numerous sites overseas
Internet Protocol Security • IPSec (Internet Protocol Security) is a collection of IP security features designed to introduce security at the TCP/IP network layer. • IPSec is designed to provide secure VPN capability over the Internet. • IPSec provides two types of security services. It ensures authentication and confidentiality for: • The data alone • IPSec transport mode • Both data and header • Tunnel mode
Certificate Enrollment Protocol • Certificate Enrollment Protocol (CEP) was designed to support certificate issuance, distribution, and revocation using existing technologies. • Originally developed by VeriSign for Cisco Systems. • It uses PKCS #7and PKCS #10 to define a common message syntax. • PKCS #7: Cryptographic Message Syntax Standard -used to provide messaging security as in S/MIME • PKCS #10: Certification Request Syntax Standard
FIPS • The Federal Information Processing Standards Publications (FIPS PUBS or FIPS) describes various standards for data communication issues. • There are three categories of FIPS PUBS currently maintained by NIST: • Hardware and Software Standards/Guidelines • Data standards/guidelines • Computer security standards/guidelines • http://www.itl.nist.gov/fipspubs/
Common Criteria • The Common Criteria (CC) are the result of an effort to develop a joint set of security processes and standards to be used by the international community. • Provides a listing of laboratories that apply the criteria in the testing of security products. • Products that are evaluated receive an Evaluation Assurance Level of EAL1 – EAL7.
Wireless Transport Layer Security • Wireless Transport Layer Security (WTLS) is the security layer of the WAP, providing privacy, data integrity and authentication for WAP services. • WTLS, designed specifically for the wireless environment, is needed because the client and the server must be authenticated in order for wireless transactions to remain secure and because the connection needs to be encrypted. • For example, a user making a transaction with a bank over a wireless device needs to know that the connection is secure and private and not subject to a security breach during transfer (sometimes referred to as a man-in-the-middle attack). WTLS is needed because mobile networks do not provide complete end-to-end security.
WEP Security Issues • WEP is an optional security protocol specified in the 802.11 standard designed to address the security needs in this wireless environment (Wi_Fi). • WEP uses a 24-bit initialization vector as a seed value to begin the security association. • The initialization is flawed. • Another problem is that the secret key is only 40 to 64 bits in length. • It does not take too long to brute-force break encryption schemes utilizing such short key lengths. • The WEP keys are static. • More coming in chapter 12.
ISO 17799 / BS 7799 • International Standards Organization (ISO) 17799 is based on Version 2 of the British Standard 7799 (BS 7799) published in May 1999. It is a comprehensive set of controls comprising best practices in information security, an internationally recognized generic standard. • This standard is divided into ten sections, each containing more detailed statements describing what is involved for that topic. • Business continuity planning • System access control • System development and maintenance • Physical and environmental security • Compliance • Personnel security • Security organization • Computer and network management • Asset classification and control • Security policy