310 likes | 323 Views
This session covers key distribution methods in cryptography, including public key infrastructure (PKI). Topics include certificates, certificate policies, key recovery, and revocation lists.
E N D
ISSAP Session 4Cryptography 2 12 September 2011
Cryptography 2 • Questions from Session 3 ? • Session 1, 2, &3 handout is posted on www.silverbulletinc.com/DM2 • Contact Shelton Lee for credentials • Shelton.lee@lmco.com • Should have book by now. If not contact Paola Aviles (paola.aviles @lmco.com • Must have
Cryptography 2 • Schedule – Ten Sessions 08/24/2011 Organization08/29/2011 Access Control pg 3-6208/31/2011 Access Control pg 62-117 09/07/2011 Cryptography pg 125-17209/12/2011 Cryptography pg 173-21209/14/2011 Physical Security pg 222-28509/19/2011 Requirements pg 293-35109/21/2011 BCP & DRP pg 357-37109/26/2011 Telecommunications pg 379-44009/28/2011 Review
Cryptography 2 • Public Key Infrastructure (PKI) • Certificates, Certificate Framework (RFC 3647), Certificate Policy Statements (CPS), Key Recovery Policy (KRP), & Certificate Revocation List (CRL) • "a CPS is a statement of the practices which a certification authority employs in issuing certificates." • Is a matter of trust • Subscribers • Relying Parties • Certificate Authority
Cryptography 2 • Single Key Pair • All that is needed technically • Lawyers made complicated • One for encryption (may be ecrowed) • One for signing (must be non-repudiatable) • One for Identification (cannot use signing key forID) • Interoperability and Integration • Federal Bridge • Federation
Cryptography 2 • Key Distribution • Symmetric keys require secure distrobution • Public Key does not • Private key must be kept secure • Only one party has private key • Best Security: private keys never leave physical device • No backup or recovery • Binding: Public key is bound to individual through signing by CA
Cryptography 2 • Single Key Pair (Identification only) • May be escrowed (stored in CA database) • Dual Key Pair (sign and encrypt) • Triple Key pair (sign, encrypt, id) • Key Usage Bits • Key Storage • PKI/CA database • Directory Server • User Machine • HSM • Smart Card • Location dependant on CP
Cryptography 2 10 02 1: . . INTEGER 2 13 02 16: . . INTEGER : . . . 7C 09 A1 D1 9B DD 2E BC 4F D1 27 0C 10 AE 8F 9B 33 06 9: . . . OBJECT IDENTIFIER : . . . . sha1withRSAEncryption (1 2 840 113549 1 1 5) 53 06 3: . . . . . OBJECT IDENTIFIER countryName (2 5 4 6) 58 13 2: . . . . . PrintableString 'US' 66 06 3: . . . . . OBJECT IDENTIFIER stateOrProvinceName (2 5 4 8) 71 13 7: . . . . . PrintableString 'Florida' 89 13 7: . . . . . PrintableString 'Orlando' 107 13 27: . . . . . PrintableString 'Lockheed Martin Corporation' 145 13 3: . . . . . PrintableString 'EIS' 159 13 35: . . . . . PrintableString 'Lockheed Martin Corporation Root CA' 198 17 13: . . . UTCTime '021205150439Z' 213 17 13: . . . UTCTime '130509171644Z' 235 06 3: . . . . . OBJECT IDENTIFIER countryName (2 5 4 6) 240 13 2: . . . . . PrintableString 'US' 253 13 7: . . . . . PrintableString 'Florida' 271 13 7: . . . . . PrintableString 'Orlando' 289 13 27: . . . . . PrintableString 'Lockheed Martin Corporation' 327 13 3: . . . . . PrintableString 'EIS' 341 13 35: . . . . . PrintableString 'Lockheed Martin Corporation Root CA'
Cryptography 2 384 06 9: . . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 406 02 513: . . . . . . INTEGER : . . . . . . . 00 CD 4C 9A FC 9C CD F9 4C 47 13 F4 EE BE AA E9 : . . . . . . . 06 32 3D 8F 0A C9 63 8D 72 4B 86 81 E0 E5 14 CD : . . . . . . . DC 8B C9 14 BB 0C 49 08 23 E9 14 C3 93 B9 3D DC : . . . . . . . 91 75 A6 D7 41 2B 1C 97 B6 22 A6 A3 6E 31 28 9B : . . . . . . . 4A 23 81 33 81 BB 2E E8 3E BA 47 CD 07 6C 36 C7 : . . . . . . . AF 4D E2 3C 7F FD 8A 63 4F 73 9E 44 B5 A9 88 B7 : . . . . . . . F0 35 A7 17 D4 3C EA 34 0D D1 97 B4 A7 8B 74 55 : . . . . . . . EF E4 DA 21 06 A1 31 F6 D5 46 E6 F2 61 04 CB 3D : . . . . . . . . . . . [ Another 385 bytes skipped ] : . . . . . . enrollCerttypeExtension (1 3 6 1 4 1 311 20 2) 949 1E 4: . . . . . . . BMPString 'CA' 957 06 3: . . . . . OBJECT IDENTIFIER keyUsage (2 5 29 15) : . . . . . . . . '1100010'B 970 06 3: . . . . . OBJECT IDENTIFIER basicConstraints (2 5 29 19) 982 01 1: . . . . . . . . BOOLEAN TRUE 987 06 3: . . . . . OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) : . . . . . . . . 54 79 23 A7 0B 69 E7 10 EF 63 26 83 D6 75 4A 46 : . . . . . . . . ED 78 FB 1E 020 06 3: . . . . . OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31) : . . . . . . . . . 'ldap:///CN=Lockheed%20Martin%20Corporation%20ROO' : . . . . . . . . . 'T%20CA,CN=adrlmrca,CN=CDP,CN=Public%20Key%20Serv' : . . . . . . . . . 'ices,CN=Services,CN=Configuration,DC=adroot,DC=l' : . . . . . . . . . 'mco,DC=com?certificateRevocationList?base?object' : . . . . . . . . . 'class=cRLDistributionPoint' : . . . . . . . . . 'http://crl.global.lmco.com/CertEnroll/Lockheed%2' : . . . . . . . . . '0Martin%20Corporation%20ROOT%20CA.crl' : . . . . . . . . . 'http://crl.external.lmco.com/crl/certupd/Lockhee' : . . . . . . . . . 'd%20Martin%20Corporation%20Root%20CA.crl'
Cryptography 2 : . . . . . . authorityInfoAccess (1 3 6 1 5 5 7 1 1) : . . . . . . . . . . caIssuers (1 3 6 1 5 5 7 48 2) : . . . . . . . . . 'ldap:///CN=Lockheed%20Martin%20Corporation%20ROO' : . . . . . . . . . 'T%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Serv' : . . . . . . . . . 'ices,CN=Configuration,DC=adroot,DC=lmco,DC=com?c' : . . . . . . . . . 'ACertificate?base?objectclass=certificationAutho' : . . . . . . . . . 'rity' : . . . . . . . . . . caIssuers (1 3 6 1 5 5 7 48 2) : . . . . . . . . . 'http://crl.global.lmco.com/CertEnroll/adrlmrca.a' : . . . . . . . . . 'droot.lmco.com_Lockheed%20Martin%20Corporation%2' : . . . . . . . . . '0Root%20CA(9).crt' : . . . . . . . . . 'http://crl.external.lmco.com/crl/certupd/Lockhee' : . . . . . . . . . 'd%20Martin%20Corporation%20Root%20CA(9).crt' 1938 06 9: . . OBJECT IDENTIFIER : . . . sha1withRSAEncryption (1 2 840 113549 1 1 5) 1949 05 0: . . NULL : . . } 1951 03 513: . BIT STRING 0 unused bits : . . 7C 77 55 2A EF C8 E2 31 9C F4 14 B1 6B 55 7E E0 : . . 74 32 42 F9 63 29 91 23 E0 07 AF 86 C8 02 44 BE : . . B3 BC EE 18 AC D7 A4 59 4B 64 F4 21 B7 87 61 19 : . . BB 87 AD 86 6E 14 EA E4 A7 D2 FE 48 4C D3 E6 E6 : . . 07 43 51 A8 04 EA 57 11 F0 4E E3 D6 4E D9 A6 5B : . . 81 3B CA 9D 76 89 14 F2 64 FB D8 3F 28 AD 36 80 : . . 54 5D ED 2B AD 7D 5E 1D 6C 3D BB 14 28 05 8E 9B : . . 68 F3 B5 6E F0 4D 32 0A A6 FA F9 13 B4 78 2E 00 : . . . . . . [ Another 384 bytes skipped ]
Cryptography 2 RFC 2457 KeyUsage ::= BIT STRING { (reversed in ASN 1 digitalSignature (0), 0 00000001 nonRepudiation (1), 0 00000010 keyEncipherment (2), 0 00000100 dataEncipherment (3), 0 00001000 keyAgreement (4), 0 00010000 keyCertSign (5), 0 00100000 cRLSign (6), 0 01000000 encipherOnly (7), 0 10000000 decipherOnly (8), 1 00000000 "The digitalSignature bit is asserted when the subject public key is used with a digital signature mechanism to support security services other than non-repudiation " (e.g ID cert. LM Root Cert 01100010 Non-Repudiation, Certificate Signing, CRL Signing ) Few get it right
Cryptography 2 • PKI Registration • Many components: Technical Infrastructure, Policies, Procedures, People (PKIREGAG) • Acronym seems unique to publication • Depends on Certificate policy • Can get a Verisign class 1 for my cat. • Poof of organization, entity, key • Proofing/vetting an important part of cert • Federations require levels of proofing • I-9 authentication • Immigration Reform and Control Act (IRCA) of 1986
Cryptography 2 • Individual Authentication • Password • Challenge response question • Face to Face (Personal recognition) • Expensive • High risk, responsibility, value • Proof of possession • Have private key • Prior certification
Cryptography 2 • Certificate Issuance • X.509 • Key usage bit • Trusted as signer is trusted • Certificate Template (part of CPS) • Trust Models • PKI represents trust relationship • Root CA is anchor • Intermediate part of chain • Inherited trust
Cryptography 2 • Subordinate CAs • Different functions/policies e.g. signing vs encryption. • Can be any number of levels providing each can do signing • Cross-certified mesh • Good for non-inheritable • Each signs other’s • More than two: web of trust • Bridge CA • Federal Bridge • Has own specific requirements • Manages cross certification • Large number of “trusted roots”
Cryptography 2 • Certificate chain • Validity and life of complete chain • If any element expires, so does trust • Higher levels require higher security • CRL publishing • Hierarchial mode • Certificate Revocation • Private key compromised or person loses trust • Described in CPL • Included in Cert • Relying party only required to check CRL • CRL may get very large • One reason to retire CA
Cryptography 2 • Traditional CRL • Modified CRL • Issue CRLs before they expire • Segmented CRLs • Segmentation supported • Delta CRL • Issue only change • Sliding window delta CRL • Are ways to maintain signature
Cryptography 2 • OCSP Online Certificate Status Protocol • Signed response • Asks if valid (Good, Revoked, Unknown)
Cryptography 2 • Cross Certification • Each signs other’s root • Each root can verify other • Each root can request other’s CRL • A’s key is in B’s directory • Online or offline • Cross certification revocation • Can be done by any • Effect is local
Cryptography 2 • Cross Certification with bridge • Bridge signs each member’s key • Each member trusts bridge • Can accept or revoke bridge but bridge must revoke members
Cryptography 2 • Cytanalytic attack • Cypertext only • Brute force • Most difficult • Hard to recognize success • Known plain text • Final test can be XOR • All trials assume • Chosen Plaintext • Forced crypto • Seed issue in SSL • Chosen ciphertext • Look for patterns
Cryptography 2 • Assymetric Attacks • So far all take years (theoretically) • Largest “crack” was RSA 129 (430 bits) • Even 1024 is exponentially more difficult • NIST moving to 2048 bit minimum • Hash function attacks • MD5 broken • SHA not broken but deprecated • Crack vs collision (birthday)
Cryptography 2 • Network based attacks • Man in the Middle (MITM) • SSL • Relies on parties not validating • May work with v2 not with v3/TLS • Replay attack • Hashed passwords (Netware 4.0) • IPSec has protections • Traffic analysis • May provide “known plaintext”
Cryptography 2 • Attacks against keys • Meet in the middle • Attack against 3DES (encrypt-decrypt-encrypt) • Why 2DES never worked • Reduces effect of 3DES to 112 bits • Related Key • WEP – clear IV/RC4 • Brute Force • Simply trying every possible key • Last resort unless key is short • NTLM and Rainbow Tables
Cryptography 2 • Side Channel Attacks • Leakage • Timing • Differential Fault • Differential power consumption
Cryptography 2 • Risk Based Cryptographic Architecture • Hardware and software based components • Security of cryptographic modules • Network environment • Algorithms and key length • Key Management • Hosting infrastructure • User interface/acceptance/training • Include social engineering
Cryptography 2 • Identifying risk • Table from NIST 800-21 • Cryptographic Compliance Monitoring • Use only FIPS evaluated products • NSA suite B
Cryptography 2 • Compliance Defects • Authentication of user • Authenticate the CA • CRLs • Private key management • Passphrase quality
Cryptography 2 • Regulation • SB1386 • PCI DSS (2.0) • HIPAA • Access controls • Audit controls • Integrity • Person or entity authentication • Transmission security • DS – integrity, non-repudiation, authentication
Cryptography 2 • International Laws • EU Data Protection Article 17 • “appropriate controls and technical measures” • Audit • All elements must support auditability • Say what you do, do what you say.
Cryptography 2 • End of Cryptography session 2 • Will continue with Physical Security on 14 September • Questions ?