1 / 31

Cryptography 2 - Key Distribution & PKI

This session covers key distribution methods in cryptography, including public key infrastructure (PKI). Topics include certificates, certificate policies, key recovery, and revocation lists.

Télécharger la présentation

Cryptography 2 - Key Distribution & PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ISSAP Session 4Cryptography 2 12 September 2011

  2. Cryptography 2 • Questions from Session 3 ? • Session 1, 2, &3 handout is posted on www.silverbulletinc.com/DM2 • Contact Shelton Lee for credentials • Shelton.lee@lmco.com • Should have book by now. If not contact Paola Aviles (paola.aviles @lmco.com • Must have

  3. Cryptography 2 • Schedule – Ten Sessions 08/24/2011 Organization08/29/2011 Access Control pg 3-6208/31/2011 Access Control pg 62-117 09/07/2011 Cryptography pg 125-17209/12/2011 Cryptography pg 173-21209/14/2011 Physical Security pg 222-28509/19/2011 Requirements pg 293-35109/21/2011 BCP & DRP pg 357-37109/26/2011 Telecommunications pg 379-44009/28/2011 Review

  4. Cryptography 2 • Public Key Infrastructure (PKI) • Certificates, Certificate Framework (RFC 3647), Certificate Policy Statements (CPS), Key Recovery Policy (KRP), & Certificate Revocation List (CRL) • "a CPS is a statement of the practices which a certification authority employs in issuing certificates." • Is a matter of trust • Subscribers • Relying Parties • Certificate Authority

  5. Cryptography 2 • Single Key Pair • All that is needed technically • Lawyers made complicated • One for encryption (may be ecrowed) • One for signing (must be non-repudiatable) • One for Identification (cannot use signing key forID) • Interoperability and Integration • Federal Bridge • Federation

  6. Cryptography 2 • Key Distribution • Symmetric keys require secure distrobution • Public Key does not • Private key must be kept secure • Only one party has private key • Best Security: private keys never leave physical device • No backup or recovery • Binding: Public key is bound to individual through signing by CA

  7. Cryptography 2 • Single Key Pair (Identification only) • May be escrowed (stored in CA database) • Dual Key Pair (sign and encrypt) • Triple Key pair (sign, encrypt, id) • Key Usage Bits • Key Storage • PKI/CA database • Directory Server • User Machine • HSM • Smart Card • Location dependant on CP

  8. Cryptography 2 10 02 1: . . INTEGER 2 13 02 16: . . INTEGER : . . . 7C 09 A1 D1 9B DD 2E BC 4F D1 27 0C 10 AE 8F 9B 33 06 9: . . . OBJECT IDENTIFIER : . . . . sha1withRSAEncryption (1 2 840 113549 1 1 5) 53 06 3: . . . . . OBJECT IDENTIFIER countryName (2 5 4 6) 58 13 2: . . . . . PrintableString 'US' 66 06 3: . . . . . OBJECT IDENTIFIER stateOrProvinceName (2 5 4 8) 71 13 7: . . . . . PrintableString 'Florida' 89 13 7: . . . . . PrintableString 'Orlando' 107 13 27: . . . . . PrintableString 'Lockheed Martin Corporation' 145 13 3: . . . . . PrintableString 'EIS' 159 13 35: . . . . . PrintableString 'Lockheed Martin Corporation Root CA' 198 17 13: . . . UTCTime '021205150439Z' 213 17 13: . . . UTCTime '130509171644Z' 235 06 3: . . . . . OBJECT IDENTIFIER countryName (2 5 4 6) 240 13 2: . . . . . PrintableString 'US' 253 13 7: . . . . . PrintableString 'Florida' 271 13 7: . . . . . PrintableString 'Orlando' 289 13 27: . . . . . PrintableString 'Lockheed Martin Corporation' 327 13 3: . . . . . PrintableString 'EIS' 341 13 35: . . . . . PrintableString 'Lockheed Martin Corporation Root CA'

  9. Cryptography 2 384 06 9: . . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 406 02 513: . . . . . . INTEGER : . . . . . . . 00 CD 4C 9A FC 9C CD F9 4C 47 13 F4 EE BE AA E9 : . . . . . . . 06 32 3D 8F 0A C9 63 8D 72 4B 86 81 E0 E5 14 CD : . . . . . . . DC 8B C9 14 BB 0C 49 08 23 E9 14 C3 93 B9 3D DC : . . . . . . . 91 75 A6 D7 41 2B 1C 97 B6 22 A6 A3 6E 31 28 9B : . . . . . . . 4A 23 81 33 81 BB 2E E8 3E BA 47 CD 07 6C 36 C7 : . . . . . . . AF 4D E2 3C 7F FD 8A 63 4F 73 9E 44 B5 A9 88 B7 : . . . . . . . F0 35 A7 17 D4 3C EA 34 0D D1 97 B4 A7 8B 74 55 : . . . . . . . EF E4 DA 21 06 A1 31 F6 D5 46 E6 F2 61 04 CB 3D : . . . . . . . . . . . [ Another 385 bytes skipped ] : . . . . . . enrollCerttypeExtension (1 3 6 1 4 1 311 20 2) 949 1E 4: . . . . . . . BMPString 'CA' 957 06 3: . . . . . OBJECT IDENTIFIER keyUsage (2 5 29 15) : . . . . . . . . '1100010'B 970 06 3: . . . . . OBJECT IDENTIFIER basicConstraints (2 5 29 19) 982 01 1: . . . . . . . . BOOLEAN TRUE 987 06 3: . . . . . OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) : . . . . . . . . 54 79 23 A7 0B 69 E7 10 EF 63 26 83 D6 75 4A 46 : . . . . . . . . ED 78 FB 1E 020 06 3: . . . . . OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31) : . . . . . . . . . 'ldap:///CN=Lockheed%20Martin%20Corporation%20ROO' : . . . . . . . . . 'T%20CA,CN=adrlmrca,CN=CDP,CN=Public%20Key%20Serv' : . . . . . . . . . 'ices,CN=Services,CN=Configuration,DC=adroot,DC=l' : . . . . . . . . . 'mco,DC=com?certificateRevocationList?base?object' : . . . . . . . . . 'class=cRLDistributionPoint' : . . . . . . . . . 'http://crl.global.lmco.com/CertEnroll/Lockheed%2' : . . . . . . . . . '0Martin%20Corporation%20ROOT%20CA.crl' : . . . . . . . . . 'http://crl.external.lmco.com/crl/certupd/Lockhee' : . . . . . . . . . 'd%20Martin%20Corporation%20Root%20CA.crl'

  10. Cryptography 2 : . . . . . . authorityInfoAccess (1 3 6 1 5 5 7 1 1) : . . . . . . . . . . caIssuers (1 3 6 1 5 5 7 48 2) : . . . . . . . . . 'ldap:///CN=Lockheed%20Martin%20Corporation%20ROO' : . . . . . . . . . 'T%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Serv' : . . . . . . . . . 'ices,CN=Configuration,DC=adroot,DC=lmco,DC=com?c' : . . . . . . . . . 'ACertificate?base?objectclass=certificationAutho' : . . . . . . . . . 'rity' : . . . . . . . . . . caIssuers (1 3 6 1 5 5 7 48 2) : . . . . . . . . . 'http://crl.global.lmco.com/CertEnroll/adrlmrca.a' : . . . . . . . . . 'droot.lmco.com_Lockheed%20Martin%20Corporation%2' : . . . . . . . . . '0Root%20CA(9).crt' : . . . . . . . . . 'http://crl.external.lmco.com/crl/certupd/Lockhee' : . . . . . . . . . 'd%20Martin%20Corporation%20Root%20CA(9).crt' 1938 06 9: . . OBJECT IDENTIFIER : . . . sha1withRSAEncryption (1 2 840 113549 1 1 5) 1949 05 0: . . NULL : . . } 1951 03 513: . BIT STRING 0 unused bits : . . 7C 77 55 2A EF C8 E2 31 9C F4 14 B1 6B 55 7E E0 : . . 74 32 42 F9 63 29 91 23 E0 07 AF 86 C8 02 44 BE : . . B3 BC EE 18 AC D7 A4 59 4B 64 F4 21 B7 87 61 19 : . . BB 87 AD 86 6E 14 EA E4 A7 D2 FE 48 4C D3 E6 E6 : . . 07 43 51 A8 04 EA 57 11 F0 4E E3 D6 4E D9 A6 5B : . . 81 3B CA 9D 76 89 14 F2 64 FB D8 3F 28 AD 36 80 : . . 54 5D ED 2B AD 7D 5E 1D 6C 3D BB 14 28 05 8E 9B : . . 68 F3 B5 6E F0 4D 32 0A A6 FA F9 13 B4 78 2E 00 : . . . . . . [ Another 384 bytes skipped ]

  11. Cryptography 2 RFC 2457 KeyUsage ::= BIT STRING { (reversed in ASN 1 digitalSignature (0), 0 00000001 nonRepudiation (1), 0 00000010 keyEncipherment (2), 0 00000100 dataEncipherment (3), 0 00001000 keyAgreement (4), 0 00010000 keyCertSign (5), 0 00100000 cRLSign (6), 0 01000000 encipherOnly (7), 0 10000000 decipherOnly (8), 1 00000000 "The digitalSignature bit is asserted when the subject public key is used with a digital signature mechanism to support security services other than non-repudiation " (e.g ID cert. LM Root Cert 01100010 Non-Repudiation, Certificate Signing, CRL Signing ) Few get it right

  12. Cryptography 2 • PKI Registration • Many components: Technical Infrastructure, Policies, Procedures, People (PKIREGAG) • Acronym seems unique to publication • Depends on Certificate policy • Can get a Verisign class 1 for my cat. • Poof of organization, entity, key • Proofing/vetting an important part of cert • Federations require levels of proofing • I-9 authentication • Immigration Reform and Control Act (IRCA) of 1986

  13. Cryptography 2 • Individual Authentication • Password • Challenge response question • Face to Face (Personal recognition) • Expensive • High risk, responsibility, value • Proof of possession • Have private key • Prior certification

  14. Cryptography 2 • Certificate Issuance • X.509 • Key usage bit • Trusted as signer is trusted • Certificate Template (part of CPS) • Trust Models • PKI represents trust relationship • Root CA is anchor • Intermediate part of chain • Inherited trust

  15. Cryptography 2 • Subordinate CAs • Different functions/policies e.g. signing vs encryption. • Can be any number of levels providing each can do signing • Cross-certified mesh • Good for non-inheritable • Each signs other’s • More than two: web of trust • Bridge CA • Federal Bridge • Has own specific requirements • Manages cross certification • Large number of “trusted roots”

  16. Cryptography 2 • Certificate chain • Validity and life of complete chain • If any element expires, so does trust • Higher levels require higher security • CRL publishing • Hierarchial mode • Certificate Revocation • Private key compromised or person loses trust • Described in CPL • Included in Cert • Relying party only required to check CRL • CRL may get very large • One reason to retire CA

  17. Cryptography 2 • Traditional CRL • Modified CRL • Issue CRLs before they expire • Segmented CRLs • Segmentation supported • Delta CRL • Issue only change • Sliding window delta CRL • Are ways to maintain signature

  18. Cryptography 2 • OCSP Online Certificate Status Protocol • Signed response • Asks if valid (Good, Revoked, Unknown)

  19. Cryptography 2 • Cross Certification • Each signs other’s root • Each root can verify other • Each root can request other’s CRL • A’s key is in B’s directory • Online or offline • Cross certification revocation • Can be done by any • Effect is local

  20. Cryptography 2 • Cross Certification with bridge • Bridge signs each member’s key • Each member trusts bridge • Can accept or revoke bridge but bridge must revoke members

  21. Cryptography 2 • Cytanalytic attack • Cypertext only • Brute force • Most difficult • Hard to recognize success • Known plain text • Final test can be XOR • All trials assume • Chosen Plaintext • Forced crypto • Seed issue in SSL • Chosen ciphertext • Look for patterns

  22. Cryptography 2 • Assymetric Attacks • So far all take years (theoretically) • Largest “crack” was RSA 129 (430 bits) • Even 1024 is exponentially more difficult • NIST moving to 2048 bit minimum • Hash function attacks • MD5 broken • SHA not broken but deprecated • Crack vs collision (birthday)

  23. Cryptography 2 • Network based attacks • Man in the Middle (MITM) • SSL • Relies on parties not validating • May work with v2 not with v3/TLS • Replay attack • Hashed passwords (Netware 4.0) • IPSec has protections • Traffic analysis • May provide “known plaintext”

  24. Cryptography 2 • Attacks against keys • Meet in the middle • Attack against 3DES (encrypt-decrypt-encrypt) • Why 2DES never worked • Reduces effect of 3DES to 112 bits • Related Key • WEP – clear IV/RC4 • Brute Force • Simply trying every possible key • Last resort unless key is short • NTLM and Rainbow Tables

  25. Cryptography 2 • Side Channel Attacks • Leakage • Timing • Differential Fault • Differential power consumption

  26. Cryptography 2 • Risk Based Cryptographic Architecture • Hardware and software based components • Security of cryptographic modules • Network environment • Algorithms and key length • Key Management • Hosting infrastructure • User interface/acceptance/training • Include social engineering

  27. Cryptography 2 • Identifying risk • Table from NIST 800-21 • Cryptographic Compliance Monitoring • Use only FIPS evaluated products • NSA suite B

  28. Cryptography 2 • Compliance Defects • Authentication of user • Authenticate the CA • CRLs • Private key management • Passphrase quality

  29. Cryptography 2 • Regulation • SB1386 • PCI DSS (2.0) • HIPAA • Access controls • Audit controls • Integrity • Person or entity authentication • Transmission security • DS – integrity, non-repudiation, authentication

  30. Cryptography 2 • International Laws • EU Data Protection Article 17 • “appropriate controls and technical measures” • Audit • All elements must support auditability • Say what you do, do what you say.

  31. Cryptography 2 • End of Cryptography session 2 • Will continue with Physical Security on 14 September • Questions ?

More Related