1 / 20

Cryptographic Security

Cryptographic Security. Presented by: Josh Baker October 9 th , 2012. Overview. What is cryptographic security? Uses Main Points What is a “ Key/Certificate”? Implementations CAC based PKI Demonstration References. What is it?. Cryptographic Security :

admon
Télécharger la présentation

Cryptographic Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographic Security Presented by: Josh Baker October 9th, 2012 CS5204 – Operating Systems

  2. Overview • What is cryptographic security? • Uses • Main Points • What is a “Key/Certificate”? • Implementations • CAC based PKI Demonstration • References CS5204 – Operating Systems

  3. What is it? Cryptographic Security: Leveraging a standardized system that uses a set of operations that are publicly available in order to authenticate identities, securely share data, or irrefutably sign data. def Cryptography: cryp∙tog∙ra∙phy[3] :the enciphering and deciphering of messages in secret code or cipher; also : the computerized encoding and decoding of information CS5204 – Operating Systems

  4. Uses • Establishing Transport Layer Security (TLS/SSL) • HTTPS • SFTP • Data Encryption / Decryption • Digital Signature • Login / Authentication Protocols • Relies on digital signature CS5204 – Operating Systems

  5. Main Points • Use of a publicly formalized system • Centers around a third party “Certificate Authority” • Certify Identities • Manage (create, distribute, revoke) Keys • Eliminates many security vulnerabilities • Can be used to enforce least privilege, separation of duties, economy of mechanism, and complete mediation while being an open design. • Heavy use of hashing algorithms (sha1, MD5,…) CS5204 – Operating Systems

  6. What is a “Key”? • Cryptographic Key: A set of 2 integers that can be used with a cryptographic algorithm in order to encrypt or decrypt data. • Two types of cryptographic systems: • Private Key – using only one secret key (symmetric) • Public Key – using two keys, a secret key and a shared key (asymmetric) • RSA and NIST recommend using at least: • 112 bit symmetric keys (harder to break, efficient) • 2048 bit asymmetric keys CS5204 – Operating Systems

  7. What is a “Certificate”? • Cryptographic Certificate: The combination of identity information with cryptographic information. • Identity of the certificate owner • Identity of the certificate authority (issuer) • Dates that the certificate is valid for • Which cryptographic algorithms are used • Key information • One owner may have multiple certificates for various uses: authentication, encryption, signature CS5204 – Operating Systems

  8. TLS / SSL • Used for transporting data securely over non-secure channels, most namely the internet. • Uses Handshaking: • Employs both Symmetric and Asymmetric keys • Symmetric keys are smaller than asymmetric keys and provide improved performance • A secure channel must be established using asymmetric keys in order to transmit the shared secret symmetric key • “Nonces” are used to defend against replay attacks CS5204 – Operating Systems

  9. TLS / SSL source: [9] CS5204 – Operating Systems

  10. Encryption / Decryption Source:[7] • Private Key Encryption (symmetric): • Encrypting local files • Must share the key in order to share the data • Cannot use private key from PKI • Group Authentication • Cipher: stream/block • AES 128 bit block CS5204 – Operating Systems

  11. Encryption / Decryption source:[8] Provides confidentiality but not authentication Public Key Encryption (asymmetric): CS5204 – Operating Systems

  12. Encryption / Decryption • The RSA Cryptosystem: • Developed by Rivest, Shamir, and Adleman in 1977 • The de facto standard for PKI • The encryption key is public (E) • The decryption key is private (D) • The Message M can be calculated by: • M = D(E(M)) • M = E(D(M)) CS5204 – Operating Systems

  13. Encryption / Decryption • RSA Algorithm details (generate keys) • 1. Find 2 unique large prime numbers • 2. Calculate n n = p ∙ q • 3. Pick a large random integer d that is relatively prime to (p-1)∙(q-1) such that gcd(d, (p-1)∙(q-1)) = 1 • 4. Calculate e e ∙ d = 1∙(mod (p­1)∙(q­1)) CS5204 – Operating Systems

  14. Encryption / Decryption • RSA Algorithm details (encrypt/decrypt) • Encryption: • Given message M create ciphertext C • C = E(M) = Me (mod n) • Decryption: • Given ciphertext C create message M • M = D(C) = Cd(mod n) • Can be calculated quickly using modular exponentiation (repeated squaring) CS5204 – Operating Systems

  15. Digital Signature Not “electronic signature” which is typically implemented with a digital representation of a hand signature or acknowledgment gesture. Provides non-repudiation, irrefutably evidence that the signature was created by the identified party. Provides data integrity validation Provides authentication but not confidentiality CS5204 – Operating Systems

  16. Digital Signature source:[8] CS5204 – Operating Systems

  17. Digital Signature • RSA Digital Signature details: • A message M is signed using the private key • S = D(M) • A digital signature is validated using the public key • M = E(S) • Decryption of the message can be used to prove the identity of a user, authentication • Validating a digital signature also validates the data by comparing the hash values CS5204 – Operating Systems

  18. CAC PKI • Common Access Card (CAC) aka Smart Card • Utilized extensively by the DoD • Enforces two factor authentication • Something you have – CAC • Something you know – PIN • Can be used for three factor authentication with addition of finger print reader (something you are) • Newer generation cards can also be used with proximity based passive RFID readers • Great for enforcing separation of duties and least privilege CS5204 – Operating Systems

  19. CAC PKI Demo One last note, using an in house certificate authority (CA) and a smart card enabled PKI cryptosystem throughout an organization can enable greater PII (Personally Identifiable Information) security by replacing things like SSNs with othewise meaningless unique identifiers like the DoD EDIPI (Electronic Data Interchange Personal Identifier). CS5204 – Operating Systems

  20. References 1. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Rivest et al 2. “Introduction to Algorithms, Second Edition”, Cormen et al 3. Merriam-Webster dictionary, term: cryptography, (www.merriam-webster.com) 4. National Institute for Standards and Technology, (www.nist.gov) 5. http://blog.securism.com/2009/01/summarizing-pki-certificate-validation/ 6. RSA Laboratories, (www.rsa.com) 7. http://www.itportal.in/2011/12/encryption-decryption-information.html 8. http://gdp.globus.org/gt4-tutorial/multiplehtml/ch09s03.html 9. http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx CS5204 – Operating Systems

More Related