320 likes | 620 Views
Standards and Protocols. Chapter 7. Objectives. Identify the standards involved in establishing an interoperable Internet PKI. Explain interoperability issues with PKI standards. Describe how the common Internet protocols implement the PKI standards. Key Terms. Certificate
E N D
Standards and Protocols Chapter 7
Objectives • Identify the standards involved in establishing an interoperable Internet PKI. • Explain interoperability issues with PKI standards. • Describe how the common Internet protocols implement the PKI standards.
Key Terms • Certificate • Certificate Authority (CA) • Certificate Revocation List (CRL) • IPsec • Secure Sockets Layer (SSL) • Public key infrastructure (PKI) • Secure/Multipurpose Internet Mail Extensions (S/MIME) • Pretty Good Privacy (PGP)
Key Terms (continued) Transport Layer Security (TLS) Wired Equivalent Privacy (WEP) - compromised Wireless Application Protocol (WAP) Wireless Transport Layer Security (WTLS) X.509
Standards and Protocols Commercial use of the Internet has been one of the biggest growth industries since the 1990s. Public key infrastructures (PKI) are implemented to secure transactions online. Three categories of standards associated with PKI: Standards that define the PKI Standards that define the interface between applications and the underlying PKI Other standards
PKIX Standard and PKCS Two main standards for implementing PKI. Both based on X.509 standard. PKIX produced by Internet Engineering Task Force (IETF); interactions and operations have four component types: The user, certificate authority (CA), registration authority (RA), and the certificate revocation list (CRLs) PKCS produced by RSA security.
Public Key Cryptography Standards (PKCS) Public Key Cryptography Standards (PKCS) fills gaps in standards that existed for implementing PKI. PKCS is composed of 13 active standards and 2 discontinued standards.
X.509 X.509 is the portion of the X.500 standard that addresses the structure of certificates used for authentication. X.509 specifies standard formats for public key certificates, certificate revocation lists, and Attribute Certificates. Version 3 is the current version of the X.509 standard.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Provide secure connections between the client and server for exchanging information Provide authentication and confidentiality of information transfers Provide data integrity and security over networksby encrypting network connections at the transport layer
SSL/TLS TLS & SSL are not interchangeable; TLS is the more modern of the two. TLS is superior to SSL since SSL’s use of hashing forces a reliance on MD5 rather than SHA1. http://tools.ietf.org/html/rfc5246#page-4 Web Server Software – market share
TLS Record Protocol TLS Record protocol send data by: Fragmenting message data into manageable blocks Optionally compressing the data Applying a message authentication code (MAC) to the data Encrypting the data Transmitting the results Received data is decrypted, verified, decompressed, and reassembled and sent on to the higher-level client.
Pretty Good Privacy (PGP) Program used to encrypt and decrypt e-mails and files Provides the ability to digitally sign a message How PGP works Creator uses encryption program to create a key pair. Public key designed to give freely to others Private key designed to be known only be the creator Messages encrypted by the sender using the recipients public key. The recipients private key is used to decrypt the message.
How PGP Works • PGP uses a variation of the standard public key encryption process. • An individual (here called the creator) uses the encryption program to create a pair of keys. • One key is known as the public key and is designed to be given freely to others. • The other key is called the private key and is designed to be known only by the creator. • Individuals who want to send a private message to the creator encrypt the message using the creator’s public key. • The algorithm is designed such that only the private key can decrypt the message, so only the creator will be able to decrypt it.
HTTPS Uses SSL to secure Hypertext Transfer Protocol (HTTP) communications Uses TCP port 443 Supports 40-bit RC4 encryption algorithm and 128-bit encryption
IPsec Collection of IP security features designed to introduce security at the network layer Optional in IPv4, required in IPv6 Two types of security service: Transport mode can be used to ensure authentication and confidentiality for data alone. Tunnel mode can be used to ensure authentication and confidentiality for both data and header.
Wireless Transport Layer Security (WTLS) Provides security for Wireless Application Protocol (WAP) Implemented due to the limited memory and processing of WAP-enabled phones Implemented in one of three classes: Class 1: anonymous authentication Class 2: server authentication Class 3: server and client authentication Class 3 the strongest form of WTLS
Wired Equivalent Privacy (WEP) Used to protect wireless communications from being intercepted Used to prevent unauthorized access to the wireless network Part of the original 802.11 standard WEP 1 supported 64 bit encryption; WEP 2 supports 128 bit encryption Both WEP 1 and WEP 2 vulnerable to various attack vectors
WEP Security Issues • Wireless networking with 802.11 is common. • WEP is an optional security protocol with significant issues: • It uses a 24-bit initialization vector as a seed. • This allows for more than 16 million vectors. • At modern networks speeds it does not take long for initialization vectors to repeat. • The secret key is only 40 bits, and is also quickly breakable. • Some provides use 128-bit WEP but is almost equally vulnerable.
Chapter Summary • Identify the standards involved in establishing an interoperable Internet PKI. • Explain interoperability issues with PKI standards. • Describe how the common Internet protocols implement the PKI standards.