530 likes | 548 Views
ISSAP Session 3. 7 September 2011. Cryptography 1. Questions from Session 2 ? Session 1 & 2 handout is posted on www.silverbulletinc.com/DM2 Contact Shelton Lee for credentials Shelton.lee@lmco.com Should have book by now. If not contact Paola Aviles (paola.aviles @lmco.com
E N D
ISSAP Session 3 7 September 2011
Cryptography 1 • Questions from Session 2 ? • Session 1 & 2 handout is posted on www.silverbulletinc.com/DM2 • Contact Shelton Lee for credentials • Shelton.lee@lmco.com • Should have book by now. If not contact Paola Aviles (paola.aviles @lmco.com • Must have by next Session (Sep 7)
Cryptography 1 • Application and Use of Cryptographic solutions • Interoperability of devices • Strength of cryptographic algorithms • Cryptographic Methods and Methodologies • Key Management Issues • Pages 125-172 in book
Cryptography 1 • Codes • Cryptology: Machine functions • Ciphers: Book codes • Provides Confidentiality and Integrity • Hash functions integrity only • MD5, SHA, SHA 256, SHA 3 • Confidentiality, Integrity, Availability • Non-Repudiation – legal concept • Many different concepts PKI can provide form of non-repudiation Why there are three certificates
Cryptography 1 • Cryptography depends on both physical and logical security • HSM • Smart Cards • Best if have use of but not access to private keys • ID and Encryption private keys may be escrowed. Signature key may not.
Cryptography 1 • Physical security required for private keys • Recent attacks have not compromised the cryptography, they have compromised the key management • Same mechanism used by Allies in WWII – Four rotor Enigma was never broken.
Cryptography 1 • Message Encryption • Secure Multi-purpose Internet Mail Encryption • S/MIME • Base 64 encoding • ASN-1 • Defacto standard understood by browsers/e-mail programs • Privacy Enhanced Mail (PEM) • Early messaging methodology • Only PEN headers remain in use • Pretty Good Privacy
Cryptography 1 • Secure IP Communication • TCP-IP as maintained by the IETF include the IPSEC protocol • VPN mechanism • Three parts: • UDP 500 key exchange & authentication (IKE) • IP 51 Authentication Header (optional) • IP 50 Encapsulation Security Protocol – Data • Sometimes used UDP 4500 for firewall transversal • IPSEC has two modes • Transport Mode – only IP Payload is protected • Tunnel Mode – both payload and header is protected - VPN
Cryptography 1 • Other IP mechanisms • Secure Socket Layer/ Transport Layer Security SSL/TLS • Client-server using web • Potential issue with SSLv3 led to third cert. • SSL VPNs use web for access • Can also be used for secure transport of FTP, LDAP, SMTP
Cryptography 1 • Remote Access • Both SSL/VPN and IPSEC are generally used for providing secure remote access. • Virtual Private Network concept dates back to early 1990’s • Remote Access VPN • Site-to-Site VPN • Extranet VPN • Point to Point Protocol – connection, not security • Dialups used PPPOE • Data link Layer – L2TP • Optional encryption PPP Encryption Control Protocol ECP
Cryptography 1 • Application Layer Protocols • SSH (Secure Shell) often used for file transfer • Also provides integral integrity management using hash. • SFTP and Secure Copy (SCP) also have specs but are little used. • SSL also at application layer • Easier to utilize than IPSEC • Do not need to maintain connection
Cryptography 1 • Secure Wireless Communication • IEEE 802.11 • Wireless Local Area Networks (WLANs) • WEP : Wireless Equivalent Privacy • 64 or 128 bit RC4 • Broken early by forcing resyncs & gathering data • WPA: WIFi protected access • RC4 – does not require AES • WPA2 includes Extensible Authentication Protocols (EAP) • Includes EAP-TLS • Includes AES
Cryptography 1 • Secure Wireless Communication • Bluetooth • Short range • Optionally encrypts but no IM • Can be modified – CRC is minimal • 2.0 and earlier: unencrypted pairing • 2.1 added Elliptic Curve DH • Has native E0 encryption considered weak • Not a FIPs standard
Cryptography 1 • Other Secure Communication • Encrypted POTs • Fiber Channel (SAN) Security Protocol (FC-SP) • RFID (Radio Frequency Identification) • Most devices too simple to support cryptography • No passive, some Hybrid/Active capable
Cryptography 1 • Identification (Authentication) and Authorization • WWII codes RADAR signal triggered transponder IFF • RFID relies on tag for identification • RFID crypto may be needed • X.509 cert 1.5kb minimum • Password +/or PIN low cost but easily compromised • Password on secure channel not so.
Cryptography 1 • I & A • Bar Codes, Watermarks, Steganography, Steppanography, holographic labels, signets • Encryption or secure coding of physical assets prevents forgery or substitution. • One way hash vale can be copied. • Token based • Kerberos: symmetric function generates tickets. Obsolete but widely used. • USB tokens and Crypto Ignition Key (STU-III)
Cryptography 1 • I&A • PPP uses PAP (password) or CHAP (Challenge Handshake Authentication Protocol) • Extensible Authentication Protocol (EAP) • EAP-MD5, EAP-TLS
Cryptography 1 • Storage Encryption • encryption at rest • SAN encryption • Content Addressable Storage (CAS) • Storage Media encryption – tape, flopy, USB removable • Full Disk or Volume encryption: EPHD, PGP Disk • File or directory encryption: EFS, PGP • IEEE 1619 disk encryption • 1619.1 tape encryption
Cryptography 1 • Electronic Commerce • Business to Business B2B • Business to Consumer B2C • Consumer to Consumer C2C • Consists of client, front end systems, back end systems • Requires confidentiality, integrity, authentication, non-repudiation • Also Auditing, Authorization, and Privacy
Cryptography 1 • B2B uses EDI • Large volume, few trusted connections • Applicability Statement 2 – RFC 4130 • S/MIME, Cryptographic Message Syntax (CMS), and Cryptographic Hash Algorithms • B2C uses SSL • Small volume, large number of untrusted connection • XML: SAML and WS-Security
Cryptography 1 • Software Code Signing • WS-Security: XML messaging • Code signing is different • Digital certs • Hash functions
Cryptography 1 • Interoperability • NSA Suite B • Encryption • AES FIPS 197 • Signing • DSS FIPS 186-2, Elliptic Curve • Key Exchange • Elliptic Curve, D-H, 800-56 A-C • Hashing • SHA, FIPS180-2. SHA1 is now deprecated • Symmetric Crypto • FIPS 140-2 evaluation
Cryptography 1 • Methods of cryptography • Symmetric • E(M)=C encryption of message = cyphertext • E(C)=M • AES ( Rijndael ) • Blowfish (TwoFish) • DES • IDEA • RC2, RC4, RC5, RC6 • 3DES
Cryptography 1 • Block cipher • Initialization vector (IV) or Seed • 64 or 128 bit blocks • Register vs register • Fast • Electronic Code Book (ECB) – no IV best short • Cipher Block Chaining (CBC) IV + feedback • Stream Cipher • Cipher Feedback CFB, Output Feedback OFB, Counter CTR • Low latency • Not as fast
Cryptography 1 • Additional security block modes • Cipher Based Message Authentication CMAC • Data integrity, data authentication • Counter with Cipher Block Chaining Message Authentication Mode CCM • Confidentiality and authenticity • Galois Counter Mode GCM • Combines counter with hash function
Cryptography 1 • Block Ciphers • AES • CAST • Cellular Message Encryption Algorithm CMEA • GOST (SU) • International Data Encryption Algorithm IDEA • LOKI • Lucifer – IBM • RC2. RC5, RC6 • Skipjack • Tiny Encryption Algorithm TEA XXTEA • TwoFish
Cryptography 1 • Stream Ciphers • XOR based • Requires synchronization • May use feedback • RC4 and HC-128
Cryptography 1 • Assymetric Cryptosystems • El Gamal, Diffie-Helman, RSA, Elliptic Curve • One key to encrypt, other to decrypt • Most are binary but could be n-ary • Secure distribution • Slow and complex • Generally used to encrypt symmetric keys • X.509 certificates.
Cryptography 1 • Hash functions & Message Authentication • Hash function: cryptographic representation of data. • Compressed version • Easy to compute • Preimage resistance, Infeasible to reverse • Second Preimage Resistance: no duplicate hashes • Second input same hash • Collision resistance: infeasible to find two images with same hash • birthday
Cryptography 1 • Merkle-Damgard • Block oriented • Fixed length regardless of number of blocks • MD5 One way algo with M-D blocks • SHA-1: 160 bits SHA 224/256 • Collisions possible • HAVAL 128/160/192/224/256 • MD4, MD5 • SHA1
Cryptography 1 • Collisions not found • SHA 2 (224/256) • RIPEMD 128/256 160/320 • Tiger 128/160/192 • Use any block cipher • AES • MDC-2 Modification Detection Code 2 • Meyer- Schilling • MAC: key dependant hash function • HMAC: Hashed MAC • CBC-MAC • With secret key can provide authentication • RFC 2104 • RIPEMD or SHA
Cryptography 1 • Digital Signatures • MAC that uses a digital signature • Encrypt with private key, public can decrypt • Origin authentication, message validation, non-repudiation • Cryptographic hash function • Key Generattion Algo. (need once) • Signing algo • Verification algo (inverse of signing) • PKI: ECC, El Gamal, DSA, RSA • DSS FIPS Pub 186 • ISO/IEC 9696 &14888 • ANSI x9.30.1, x9.62, IEEE1363
Cryptography 1 • Key Management • This is the hard part, rest is just math • Different keys require different techniques • Who may have • For what use • Symmetric or Assymmetric • At rest needs a long period • In transit may be shorter • At present, no need for different strengths • Key Management System (KMS) need to be at least as strong as strongest
Cryptography 1 • Confidentiality • Supported by • Symmetric data encryption key • Symmetric key wrapping key • Public and private transport keys • Symmetric Key Agreement Key • Public and private static key agreement keys • Public and private ephemeral key agreement keys
Cryptography 1 • Authentication verifies origin • Private signature key • Public signature verification key • Symmetric authentication key • Pub & Priv authentication (ID) keys
Cryptography 1 • Integrity • Private signature key • Public signature verification key • Symmetric authentication key • Pub & Priv authentication (ID) keys • Non-Repudiation • Legal concept • Private signature key • Public signature verification key
Cryptography 1 • Authorization • Symmetric authorization key • Private authorization key • Public authorization verification key
Cryptography 1 • Cryptographic Strength and Key Size • Two different elements • Must align with each other • Example 3DES. • 112 bit Dual key as strong as 168 bit triple key • Algorithm has effective length of 120 bits • Beyond 112 bits attack will be to algorithm, not key. • Crypto Period: NIST SP 800-57-1 • May be extended by other means (lockout) • Originator Usage Period (OUP): time in which a symmetric key may be used. (Often changed daily) • Time for brute force attack • Hard part: know when successful
Cryptography 1 • Asymmetric breaking may take less time than symmetric • Dense vs sparse key space • DES withdrawn replaced by TDEA SP800-67 • Elliptic Curve may replace RSA • Smaller, denser, stronger • See tables 2.2 and 2.3 • RSA specified in ANSI x9.3, PKCS #1, FIPS 186-3 • Value of k (1024, 2048) is considered key size • 1024 being deprecated
Cryptography 1 • Key Life Cycle • Preoperational phase • Generation, distribution • Signing/certificate generation • Operational • Certificate validity • Stored for use • Non retrievable • Postoperational • Escrow • Recovery • Key destruction • All copies
Cryptography 1 • Key Creation • NIST 800-57-1 • Security is based on confidentiality of private or symmetric keys • Avoid “weak” keys and make random • Pseudo-random generation has been a problem in past: Netscape 2.0, Open SSL • FIPS 140-2 and -3 • Need true random generation • Any reduction in randomness can be attacked • Reduction to 56 bits effective has been broken in a day • Rainbow tables • As disk space expands, so can diirectory
Cryptography 1 • RSA key generation • Public key consists of modulus n product of two prime integers p and q (n=p*q) and a public key exponent e. Key is n^e • Private key is n^d d is dependant on n & e (see Schneier) • NIST specifies moduluses of 1024, 2048, and 3072 bits
Cryptography 1 • Key Distribution and Crypto in transit • Public keys require no protection, only authentication • Symmetric and Private keys must be protected • Use Asymmetric keys to protect symmetric. • Physical (courier, etc) delivery also possible • Availability, Integrity, Confidentiality, Association
Cryptography 1 • Symmetric Key Distrobution • Key splitting via cryptographic module • Components must be entered without any opportunity for capture or store en route • Exception: one time keys • At least two components required to regenerate keyset
Cryptography 1 • Public and Private Key Distrbution • Private key should not be • Must be singular to support non-repudiation • May be securely escrowed for decryption • When generated on site, no need for distribution • Certificate needs only public key • Relying party: • Key belongs to subject • Associaated with attributes belonging to subject • Valid • Allowed by policy for use in intended purpose
Cryptography 1 • Vetting & Distribution of Certificates is part of PKI • Certificates are public • Anchored by trust of issuing authority • May be transmitted through open channels • Only usable by holder of private key • PKI discussed in part 2
Cryptography 1 • Key Storage • Integrity: through checksum or attribute in certificate • CRC, MAC, signing, checksums, parity, etc. • Hardware Security Module: high speed equivalent of Smart Card. • Confidentiality • Encryption, wrapping, logical access control • Physical security • Association with attributes and objects • Part of x.509 • Protected key store • Assurance of domain parameters • Used by DSA and ECDSA
Cryptography 1 • Key Store • RSA PKCS 11 interfaces: Cryptoki API • Smart Cards (ISO 7816 & 14443) • Tokens • PCMCIA • USB • Key destruction vs Archive • Type of key • Table 2.4 Key Protection Requirements
Cryptography 1 • Destruction and Zeroization • Anti-tamper devices • Required for HLOA, optional for MLOA • Compromise or expiration • Key rotation (decrypt with old, encrypt with new) • Key archive • Storage unique keys • Simplify sanitization
Cryptography 1 • Key Updates • Life cycles • Renewal • New certificate vs new key • Can never upgrade an existing key • Rekey – new key entirely • Recertification • Revocation • Notification • CRLs • Few check