1 / 58

PKI Design

GOPAS TechEd 2012. Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com |. PKI Design. PKI Design. Algorithms. Cryptographic Algorithms. Hash algorithms no keys MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512

trey
Download Presentation

PKI Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GOPAS TechEd 2012 Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | PKI Design

  2. PKI Design Algorithms

  3. Cryptographic Algorithms • Hash algorithms • no keys • MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512 • Symmetric key algorithms • secret key • RC4, DES, 3-DES, AES • Asymmetric key algorithms • public and private key • RSA, DH, EC

  4. PKI Design Thoughts ON Hashing

  5. Hash example (not good) • Sum alphabet letter positionsHELLO = 8 + 5 + 12 + 12 + 15 = 52 • Can obtain arbitrary clear-text (collision) without brute-forcing • Several similar clear-texts lead to similar output

  6. Hash collisions • Pure arithmetic collisions • limited exploitability • Post-signing collisions • Chosen-prefix collisions

  7. Post-signing collision Name: Ondrej Name: Ondrej Owes: 100 $ Owes: 1 000 000 $ To: Kamil To: Kamil Hash: 14EEDA49C1B7 Trash: XX349%$@#BB... Signature: 3911BA85 Hash: 14EEDA49C1B7 Signature: 3911BA85

  8. Chosen-prefix collision Serial #: 325 Serial #: 325 CN: www.idtt.com CN: www.microsoft.com Valid: 2010 Valid: 2010 Public: 35B87AA11... Public: 4E9618C9D... Hash: 24ECDA49C1B7 Hash: 24ECDA49C1B7 Signature: 5919BA85 Signature: 5919BA85

  9. MD5 problems • Pure arithmetic in 2^112 evaluations • Post-signing collisions suspected • Chosen-prefix collisions • Practically proved for certificates with predictable serial numbers • 2^50

  10. SHA-1 problems • General brute-force attack at 2^80 • as about 12 characters complex password • Some collisions found at 2^63 • pure arithmetic collisions, no exploitation proved

  11. PKI Design Algorithm Combinations

  12. Performance considerations • Asymmetric algorithms use large keys • EC is about 10 times smaller • Encryption/decryption time about 100x longer • symmetric is faster

  13. Digital Signature (not good) Document Private key Document

  14. Digital Signature Document Private key Hash

  15. Storage Encryption (slow) Public key Document

  16. Storage Encryption Symmetric encryption key (random) Document Public key (User A) Symmetric key

  17. Storage Encryption Symmetric encryption key (random) Document Public key (User A) Public key (User B) Symmetric key Symmetric key

  18. Transport encryption Public key Server Client Public key Symmetric Key Symmetric Key Data

  19. PKI Design Fun With Random Numbers

  20. Random Number Generators • Deterministic RNG use cryptographic algorithms and keys to generate random bits • attack on randomly generated symmetric keys • DNS cache poisoning • Nondeterministic RNG (true RNG) use physical source that is outside human control • smart cards, tokens • HSM – hardware security modules

  21. Random Number Generators • CryptGenRandom() • hashed • Vista+ AES (NIST 800-900) • 2003- DSS (FIPS 186-2) • Entropy from • system time, process id, thread id, tick counter, virtual/physical memory performance counters of the process and system, free disk clusters, user environment, context switches, exception count, …

  22. PKI Design Standards

  23. US standards • FIPS – Federal Information Processing Standards • provides standard algorithms • NIST – National Institute for Standards and Technology • approves the algorithms for US government non-classified but sensitive use • latest NIST SP800-57, March 2007 • NSA – National Security Agency • Suite-B for Secure and Top Secure (2005)

  24. Cryptoperiods (SP800-57)

  25. Comparable Algorithm Strengths (SP800-57)

  26. Security lifetimes (SP800-57 and Suite-B)

  27. NSA Suite-B Algorithms • NSA publicly published algorithms (2005) • as against Suite-A which is private • AES-128, ECDH-256, ECDSA-256, SHA-256 • Secret • AES-256, ECDH-384, ECDSA-384, SHA-384 • Top Secret

  28. PKI Design OperatinG System Support

  29. Cryptographic Providers • Cryptographic Service Provider – CSP • Windows 2000+ • can use only V1 and V2 templates • Cryptography Next Generation – CNG • Windows Vista+ • require V3 templates • enables use of ECC • CERTUTIL -CSPLIST

  30. Cryptographic Providers

  31. SHA-2 Support • Windows XP • Windows 2003 + KB938397 • Windows Phone 7 • AD CS on Windows 2008+ • Autoenrollment on XP with KB • TMG 2010 with KB in the future 

  32. Cryptography support

  33. Cryptography support

  34. Encryption

  35. Hashing

  36. CNG (v3) Not Supported • EFS • Windows 2008/Vista- • VPN/WiFi Client (EAPTLS, PEAP Client) • Windows 2008/7- • user or computer certificate authentication • TMG 2010 • server certificates on web listeners • Outlook 2003 • user email certificates for signatures or encryption • Kerberos • Windows 2008/Vista- DC certificates • System Center Operations Manager 2007 R2System Center Configuration Manager 2007 R2 • SQL Server 2008 R2- • Forefront Identity Manager 2010 (Certificate Management)

  37. PKI Design CA Hierarchy

  38. CA Hierarchy IDTT Root CA IDTT Roma CA IDTT London CA IDTT Paris CA Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate

  39. Offline Root • Root CA cannot be revoked if compromised • Making new RootCA trusted may be difficult • Delegation of administration • Must issue CRLs • the more frequent the more secure, but more “costly”

  40. Active Directory • Group Policy • every 120 minutes by default • Trusted Root CAs • Untrusted CAs • NTAuth CA issues logon certificates

  41. PKI Design AD CS Features

  42. SKU Features

  43. SKU Features

  44. Role Separation • Enrollment Agent = Registration Authority • sign cert request • Certificate Managers • approve cert requests • Different groups of EA/CM approve requests for different groups of Enrollees

  45. PKI Design Public Certificates

  46. SSL Certificate prices • Verisign – 1999 • 300$ year • Thawte – 2003 • 150$ year • Go Daddy – 2005 • 60$ year • GlobalSign – 2006 • 250$ year • StartCom – 2009 • free

  47. EV Certificate prices • Verisign – 1999 • 1500$ year • Thawte – 2003 • 600$ year • Go Daddy – 2005 • 100$ year • GlobalSign – 2006 • 900$ year • StartCom – 2009 • 50$ year

  48. Support for SAN and wildcards

  49. OCSP and Delta CRL

More Related