622 likes | 1.56k Vues
Chapter 3: Cryptographic Primitives. 3. Cryptographic primitives. symmetric encryption. cryptographic hash functions. message authentication codes. digital signatures. secure random number generation. asymmetric encryption. cryptographic primitive. consists of.
E N D
3. Cryptographic primitives symmetric encryption cryptographic hash functions message authentication codes digital signatures secure random number generation asymmetric encryption cryptographic primitive consists of one or more algorithms are combined in protocols to achieve protection goals confidentiality integrity message authentication non-repudiation …
3.1.1 Cryptographic hash functions H cryptographic hash function = fingerprint = message digest M_1 HM_1 H HM_2 M_2 H M_3 HM_3 fixed size arbitrary size (1) one-way function (2) collision-resistant H H M M’ HM HM M SHA = Secure Hash Algoritm 160 bit output MD5 = Message Digest 128 bit output used for integrity check
3.1.2. Secure random number generation • generation of random number = difficult!!! • based on user interface events • based on load in system SRNG random_bits_X random_bits_Y seed (1) RNG: output should pass statistic tests of randomness (2) SRNG: if seed is unknown, it is computationally unfeasible to predict next bit of RNG ANSI X9.17 Blum-Blum-Shub used for generating cryptographic keys used for building stream ciphers
3.1.3. Symmetric encryption secret key Alice Bob secret key D E plaintext ciphertext plaintext (2) known-plaintext attack (1) cipher-text only atttack P_1 C_1 C_1 P_1 P_2 C_2 P_2 C_2 … … … … P_X C_X P_X C_X P_Y C_Y (3) chosen-plaintext attack idem as (2) but attacker chooses pairs ( , ) used for realising confidentiality C_T P_T
3.1.3. Symmetric encryption • Symmetric encryption systems: • Block ciphers • Stream ciphers
3.1.3. Symmetric encryption Electronic Codebook mode (ECB) P_1 P_2 P_n block ciphers E E E ……… different modes (ECB, CBC, …) C_1 C_2 C_n Cipher Block Chaining (CBC) P_1 P_2 P_n initialisation vector E E E …… C_1 C_2 C_n
3.1.3. Symmetric encryption P_1 P_2 P_3 P_4 P_5 P_6 block cipher padding schemes padding for symmetric algorithms PKCS#7 standaard PKCS#7: n bytes each byte value n DES = Data Encryption Standard = 64 bit block size AND 56 bit key TripleDES = 3 DES operations with independent keys AES = Advanced Encryption Standard = variable block size and variable key size
3.1.3. Symmetric encryption Stream ciphers = bit per bit encryption bit Stream SRNG key stream seed encrypted bit Stream SEAL = Software-optimized Encryption ALgorithm RC4 = made in RSA Labs using block ciphers as stream ciphers ~ Output Feedback Mode
3.1.4. Asymmetric encryption KPG random bits public key private key D E plaintext ciphertext plaintext (1) cipher-text only atttack used for realising confidentiality (2) known-plaintext attack (3) chosen-plaintext attack RSA = Rivest, Shamir, Adleman Rabin encryption system ECC = Elliptic Curve Cryptography
3.1.4. Asymmetric encryption symmetric encryption asymmetric encryption secure channel integrity protected channel key distribution smaller block size larger PKCS#1v1.5 / OAEP padding scheme PKCS#7 integer factoring algorithms brute force attacks 56 bit key key length 1024/2048 bit key encryption speed fast very slow used to distribute symmetric key
3.1.5. Message Authentication Codes (MAC’s) fixed size MAC M MACM fixed size arbitrary size (1) one-way function (2) collision-resistant H-MAC DES-CBC-MAC used for integrity check
3.1.6. Digital Signatures KPG random bits public key private key Verify message Sign message true/false sig very slow ! used for integrity check ~ MAC NON-REPUDIATION !!!
3.1.6. Digital Signatures KPG random bits public key private key H Verify HM_1 true/ false Sign H message HM_1 sig RSA = can also be used for digital signature DSA = Digital Signature Algorithm ElGamal = for systems with limited resources
3.1.8. Conclusion • six cryptographic building blocks: • long history of abuses • use well-known algoritms • rely on crypto libraries
3.2. Key Management rely on secrecy of private keys Key Management Problem • encryption algoritms • digital signatures Generating keys computer generated keys > SRNG seed key seed key human generated keys ALG dictionary attack password key password long key – short key passphrase - password - PIN security versus convenience security versus convenience
3.2. Key Management Storing keys storing keys in human memory passphrase - password - PIN access control by operating system storing keys in encrypted form where to store key encryption key? storing keys on tamper resistant device smartcard/dedicated hardware cryptographic coprosessor
3.2. Key Management Key agreement or key distribution passive attacker = OK active attacker = NOK Key agreement KDC Key distribution passive attacker = OK active attacker = OK
3.3. Software interfaces to cryptographic primitives QUALITIES cryptographic library algorithm independence encrypt() encrypt(ECC) IAIK.DSA SUN.RSA SUN.DSA SUN.MD5 resist against broken algorithms!!! SUN.ECC IAIK.MD5 implementation independence IAIK.ECC IAIK.RC4 … encrypt() encrypt(SUN) … … … support new algoritms from SUN, IAIK, ABA… CSP = Cryptographic Service Provider Library = framework in which CSPs kan be plugged in
3.3. Software interfaces to cryptographic primitives every cryptographic primitive is represented by a so-called engine class Factory method to create MessageDigest object engine class BRIDGE PATTERN (JAVA) algorithm class
(1) no direct access to data items (2) encoded in provider-specific format (3) no sharing between CSPs possible 3.3. Software interfaces to cryptographic primitives engine classes and algorithm classes enable algorithm independency How to encapsulate data items (keys, parameters for algorithms, …)? Opaque representation Transparent representation (1) direct access to data items (2) encoded in provider-independent format (3) Sharing between CSPs possible keys parameters keys parameters y = …p = …q = …g = … g = …p = …q = …
3.3. Software interfaces to cryptographic primitives Cryptographic framework Cryptographic Service Provider (1) defines engine classes (and possibly some algorithm classes) (2) Transparant key and parameter classes (for algorithms that are supported) (3) Logic for finding/instantiating default implementations • implementation for some engine classes • Opaque key and parameter classes • (provider specific format) • (3) Methods to convert between • opaque and transparant representation y = …p = …q = …g = … g = …p = …q = …
3.3.2. The Java Cryptography Architecture and Extensions implementation independence bridge pattern algorithm independence factory method approach JCA = Java Cryptography Architecture (supports cryptographic technology exportable under US law before 2000) JCE = Java Cryptography Extension (supports cryptographic technology not exportable under US law before 2000)
3.3.2. The Java Cryptography Architecture and Extensions “every engine class has a corresponding Service Provider Interface (SPI)” JCA/JCE CSP subclasses 1:1 engine class Implementation SPI MessageDigestSpi CipherSpi DigitalSignatureSpi MessageDigestImpl CipherImpl DigitalSignatureImpl MessageDigest Cipher DigitalSignature engine classes in JCA engine classes in JCE java.security.*; javax.security.*; Cipher Mac KeyGenerator SecretKeyFactory KeyAgreement CertificateFactory KeyStore AlgorithmParameters AlgorithmParameterGenerator MessageDigest Signature SecureRandom KeyPairGenerator KeyFactory
3.3.2. The Java Cryptography Architecture and Extensions keys JCA/JCE CSP implements implements Opaque representation Key Interface KeySpec Interface Transparent representation RSAPrivateKeyImpl DesKeyImpl RSAPublicKeyImpl PrivateKey PublicKey SecretKey RSAPrivateKeySpec DesKeySpec RSAPublicKeySpec SecretKeySpec PublicKeySpec PrivateKeySpec KeyFactory parameters IDEM AlgorithmParameters = conversion class (~KeyFactory)
3.3.2. The Java Cryptography Architecture and Extensions • converting keys to bytestream for transmission • serialize Key object • deserialisation on VM with same CSP installed • serialialize KeySpec object • deserialisation on any VM with JCA/JCE • encoding key material to a key encoding standard • parsed by anybody (format = standardized) • getEncoded() g = …p = …q = …
3.3.2. The Java Cryptography Architecture and Extensions • Administrative classes: • Security class: • initialisation from configuration file • contains list of installed CSPs • Provider class: • subclassed by CSP (= master class of CSP) • contains information about algorithms of CSP • for each engine class it implements: engineclass.algorithm_name (f.i. MessageDigest.SHA)
3.3.2. The Java Cryptography Architecture and Extensions Security 2: getProvider("IAIK") 1: getInstance("DES/CBC/PKCS5Padding", "IAIK") application : Cipher 3: getProperty("Cipher.DES") 4: CipherSpi( ) 5: engineSetMode("CBC") IAIK : Provider 6: engineSetPadding("PKCS5Padding") des : CipherSpi
3.3.2. The Java Cryptography Architecture and Extensions • Generate random session key KeyGenerator keyGen = KeyGenerator.getInstance(“DES”, “SUN”);SecretKey sKey = keyGen.generateKey(); • Create and initialize cipher Cipher cipher = Cipher.getInstance(“DES/CBC/PKCS5Padding”);cipher.init(Cipher.ENCRYPT_MODE, sKey);
3.3.2. The Java Cryptography Architecture and Extensions • Encrypt data (single stage) cipherText = cipher.doFinal(clearText); • Encrypt data (multi stage) while ( <more bytes> ) { // produce clearText cipherText = cipher.update(clearText); }cipherText = c.doFinal();
3.3.2. The Java Cryptography Architecture and Extensions • Create transparent key BigInteger y = …; BigInteger p = …; BigInteger q = …; BigInteger g = …; DSAPublicKeySpec spec = new DSAPublicKeySpec(y, p, q, g); • Convert to opaque key KeyFactory kfac = KeyFactory.getInstance("DSA"); PublicKey dsaPubKey = kfac.generatePublic(spec); • And back to transparent PublicKeySpec spec2 = kfac.getKeySpec(dsaPubKey, DSAPublicKeySpec.class)
3.3.2. The Java Cryptography Architecture and Extensions • Create key pair generator KeyPairGenerator keyGen = KeyPairGenerator.getInstance(“DSA”); • Algorithm-independent initialization keyGen.initialize(1024); • Algorithm-specific initialization p = …; q = …; g = …; DSAParameterSpec dsaSpec = new DSAParameterSpec(p, q, g); keyGen.initialize(dsaSpec); • Generate key pair KeyPair dsaPair = keyGen.generateKeyPair();
3.3.2. The Java Cryptography Architecture and Extensions • Create and initialize signature object Signature signEngine = Signature.getInstance(“SHA1withDSA”); PrivateKey priv = dsaPair.getPrivate(); signEngine.initSign(priv); • Sign data signEngine.update(data); byte[] signature = signEngine.sign(); • Verify signature PublicKey pub = dsaPair.getPublic(); signEngine.initVerify(pub); signEngine.update(data); boolean valid = signEngine.verify(signature);