1 / 53

ISSAP Session 3

ISSAP Session 3. 7 September 2011. Cryptography 1. Questions from Session 2 ? Session 1 & 2 handout is posted on www.silverbulletinc.com/DM2 Contact Shelton Lee for credentials Shelton.lee@lmco.com Should have book by now. If not contact Paola Aviles (paola.aviles @lmco.com

tomn
Télécharger la présentation

ISSAP Session 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISSAP Session 3 7 September 2011

  2. Cryptography 1 • Questions from Session 2 ? • Session 1 & 2 handout is posted on www.silverbulletinc.com/DM2 • Contact Shelton Lee for credentials • Shelton.lee@lmco.com • Should have book by now. If not contact Paola Aviles (paola.aviles @lmco.com • Must have by next Session (Sep 7)

  3. Cryptography 1 • Application and Use of Cryptographic solutions • Interoperability of devices • Strength of cryptographic algorithms • Cryptographic Methods and Methodologies • Key Management Issues • Pages 125-172 in book

  4. Cryptography 1 • Codes • Cryptology: Machine functions • Ciphers: Book codes • Provides Confidentiality and Integrity • Hash functions integrity only • MD5, SHA, SHA 256, SHA 3 • Confidentiality, Integrity, Availability • Non-Repudiation – legal concept • Many different concepts PKI can provide form of non-repudiation Why there are three certificates

  5. Cryptography 1 • Cryptography depends on both physical and logical security • HSM • Smart Cards • Best if have use of but not access to private keys • ID and Encryption private keys may be escrowed. Signature key may not.

  6. Cryptography 1 • Physical security required for private keys • Recent attacks have not compromised the cryptography, they have compromised the key management • Same mechanism used by Allies in WWII – Four rotor Enigma was never broken.

  7. Cryptography 1 • Message Encryption • Secure Multi-purpose Internet Mail Encryption • S/MIME • Base 64 encoding • ASN-1 • Defacto standard understood by browsers/e-mail programs • Privacy Enhanced Mail (PEM) • Early messaging methodology • Only PEN headers remain in use • Pretty Good Privacy

  8. Cryptography 1 • Secure IP Communication • TCP-IP as maintained by the IETF include the IPSEC protocol • VPN mechanism • Three parts: • UDP 500 key exchange & authentication (IKE) • IP 51 Authentication Header (optional) • IP 50 Encapsulation Security Protocol – Data • Sometimes used UDP 4500 for firewall transversal • IPSEC has two modes • Transport Mode – only IP Payload is protected • Tunnel Mode – both payload and header is protected - VPN

  9. Cryptography 1 • Other IP mechanisms • Secure Socket Layer/ Transport Layer Security SSL/TLS • Client-server using web • Potential issue with SSLv3 led to third cert. • SSL VPNs use web for access • Can also be used for secure transport of FTP, LDAP, SMTP

  10. Cryptography 1 • Remote Access • Both SSL/VPN and IPSEC are generally used for providing secure remote access. • Virtual Private Network concept dates back to early 1990’s • Remote Access VPN • Site-to-Site VPN • Extranet VPN • Point to Point Protocol – connection, not security • Dialups used PPPOE • Data link Layer – L2TP • Optional encryption PPP Encryption Control Protocol ECP

  11. Cryptography 1 • Application Layer Protocols • SSH (Secure Shell) often used for file transfer • Also provides integral integrity management using hash. • SFTP and Secure Copy (SCP) also have specs but are little used. • SSL also at application layer • Easier to utilize than IPSEC • Do not need to maintain connection

  12. Cryptography 1 • Secure Wireless Communication • IEEE 802.11 • Wireless Local Area Networks (WLANs) • WEP : Wireless Equivalent Privacy • 64 or 128 bit RC4 • Broken early by forcing resyncs & gathering data • WPA: WIFi protected access • RC4 – does not require AES • WPA2 includes Extensible Authentication Protocols (EAP) • Includes EAP-TLS • Includes AES

  13. Cryptography 1 • Secure Wireless Communication • Bluetooth • Short range • Optionally encrypts but no IM • Can be modified – CRC is minimal • 2.0 and earlier: unencrypted pairing • 2.1 added Elliptic Curve DH • Has native E0 encryption considered weak • Not a FIPs standard

  14. Cryptography 1 • Other Secure Communication • Encrypted POTs • Fiber Channel (SAN) Security Protocol (FC-SP) • RFID (Radio Frequency Identification) • Most devices too simple to support cryptography • No passive, some Hybrid/Active capable

  15. Cryptography 1 • Identification (Authentication) and Authorization • WWII codes RADAR signal triggered transponder IFF • RFID relies on tag for identification • RFID crypto may be needed • X.509 cert 1.5kb minimum • Password +/or PIN low cost but easily compromised • Password on secure channel not so.

  16. Cryptography 1 • I & A • Bar Codes, Watermarks, Steganography, Steppanography, holographic labels, signets • Encryption or secure coding of physical assets prevents forgery or substitution. • One way hash vale can be copied. • Token based • Kerberos: symmetric function generates tickets. Obsolete but widely used. • USB tokens and Crypto Ignition Key (STU-III)

  17. Cryptography 1 • I&A • PPP uses PAP (password) or CHAP (Challenge Handshake Authentication Protocol) • Extensible Authentication Protocol (EAP) • EAP-MD5, EAP-TLS

  18. Cryptography 1 • Storage Encryption • encryption at rest • SAN encryption • Content Addressable Storage (CAS) • Storage Media encryption – tape, flopy, USB removable • Full Disk or Volume encryption: EPHD, PGP Disk • File or directory encryption: EFS, PGP • IEEE 1619 disk encryption • 1619.1 tape encryption

  19. Cryptography 1 • Electronic Commerce • Business to Business B2B • Business to Consumer B2C • Consumer to Consumer C2C • Consists of client, front end systems, back end systems • Requires confidentiality, integrity, authentication, non-repudiation • Also Auditing, Authorization, and Privacy

  20. Cryptography 1 • B2B uses EDI • Large volume, few trusted connections • Applicability Statement 2 – RFC 4130 • S/MIME, Cryptographic Message Syntax (CMS), and Cryptographic Hash Algorithms • B2C uses SSL • Small volume, large number of untrusted connection • XML: SAML and WS-Security

  21. Cryptography 1 • Software Code Signing • WS-Security: XML messaging • Code signing is different • Digital certs • Hash functions

  22. Cryptography 1 • Interoperability • NSA Suite B • Encryption • AES FIPS 197 • Signing • DSS FIPS 186-2, Elliptic Curve • Key Exchange • Elliptic Curve, D-H, 800-56 A-C • Hashing • SHA, FIPS180-2. SHA1 is now deprecated • Symmetric Crypto • FIPS 140-2 evaluation

  23. Cryptography 1 • Methods of cryptography • Symmetric • E(M)=C encryption of message = cyphertext • E(C)=M • AES ( Rijndael ) • Blowfish (TwoFish) • DES • IDEA • RC2, RC4, RC5, RC6 • 3DES

  24. Cryptography 1 • Block cipher • Initialization vector (IV) or Seed • 64 or 128 bit blocks • Register vs register • Fast • Electronic Code Book (ECB) – no IV best short • Cipher Block Chaining (CBC) IV + feedback • Stream Cipher • Cipher Feedback CFB, Output Feedback OFB, Counter CTR • Low latency • Not as fast

  25. Cryptography 1 • Additional security block modes • Cipher Based Message Authentication CMAC • Data integrity, data authentication • Counter with Cipher Block Chaining Message Authentication Mode CCM • Confidentiality and authenticity • Galois Counter Mode GCM • Combines counter with hash function

  26. Cryptography 1 • Block Ciphers • AES • CAST • Cellular Message Encryption Algorithm CMEA • GOST (SU) • International Data Encryption Algorithm IDEA • LOKI • Lucifer – IBM • RC2. RC5, RC6 • Skipjack • Tiny Encryption Algorithm TEA XXTEA • TwoFish

  27. Cryptography 1 • Stream Ciphers • XOR based • Requires synchronization • May use feedback • RC4 and HC-128

  28. Cryptography 1 • Assymetric Cryptosystems • El Gamal, Diffie-Helman, RSA, Elliptic Curve • One key to encrypt, other to decrypt • Most are binary but could be n-ary • Secure distribution • Slow and complex • Generally used to encrypt symmetric keys • X.509 certificates.

  29. Cryptography 1 • Hash functions & Message Authentication • Hash function: cryptographic representation of data. • Compressed version • Easy to compute • Preimage resistance, Infeasible to reverse • Second Preimage Resistance: no duplicate hashes • Second input same hash • Collision resistance: infeasible to find two images with same hash • birthday

  30. Cryptography 1 • Merkle-Damgard • Block oriented • Fixed length regardless of number of blocks • MD5 One way algo with M-D blocks • SHA-1: 160 bits SHA 224/256 • Collisions possible • HAVAL 128/160/192/224/256 • MD4, MD5 • SHA1

  31. Cryptography 1 • Collisions not found • SHA 2 (224/256) • RIPEMD 128/256 160/320 • Tiger 128/160/192 • Use any block cipher • AES • MDC-2 Modification Detection Code 2 • Meyer- Schilling • MAC: key dependant hash function • HMAC: Hashed MAC • CBC-MAC • With secret key can provide authentication • RFC 2104 • RIPEMD or SHA

  32. Cryptography 1 • Digital Signatures • MAC that uses a digital signature • Encrypt with private key, public can decrypt • Origin authentication, message validation, non-repudiation • Cryptographic hash function • Key Generattion Algo. (need once) • Signing algo • Verification algo (inverse of signing) • PKI: ECC, El Gamal, DSA, RSA • DSS FIPS Pub 186 • ISO/IEC 9696 &14888 • ANSI x9.30.1, x9.62, IEEE1363

  33. Cryptography 1 • Key Management • This is the hard part, rest is just math • Different keys require different techniques • Who may have • For what use • Symmetric or Assymmetric • At rest needs a long period • In transit may be shorter • At present, no need for different strengths • Key Management System (KMS) need to be at least as strong as strongest

  34. Cryptography 1 • Confidentiality • Supported by • Symmetric data encryption key • Symmetric key wrapping key • Public and private transport keys • Symmetric Key Agreement Key • Public and private static key agreement keys • Public and private ephemeral key agreement keys

  35. Cryptography 1 • Authentication verifies origin • Private signature key • Public signature verification key • Symmetric authentication key • Pub & Priv authentication (ID) keys

  36. Cryptography 1 • Integrity • Private signature key • Public signature verification key • Symmetric authentication key • Pub & Priv authentication (ID) keys • Non-Repudiation • Legal concept • Private signature key • Public signature verification key

  37. Cryptography 1 • Authorization • Symmetric authorization key • Private authorization key • Public authorization verification key

  38. Cryptography 1 • Cryptographic Strength and Key Size • Two different elements • Must align with each other • Example 3DES. • 112 bit Dual key as strong as 168 bit triple key • Algorithm has effective length of 120 bits • Beyond 112 bits attack will be to algorithm, not key. • Crypto Period: NIST SP 800-57-1 • May be extended by other means (lockout) • Originator Usage Period (OUP): time in which a symmetric key may be used. (Often changed daily) • Time for brute force attack • Hard part: know when successful

  39. Cryptography 1 • Asymmetric breaking may take less time than symmetric • Dense vs sparse key space • DES withdrawn replaced by TDEA SP800-67 • Elliptic Curve may replace RSA • Smaller, denser, stronger • See tables 2.2 and 2.3 • RSA specified in ANSI x9.3, PKCS #1, FIPS 186-3 • Value of k (1024, 2048) is considered key size • 1024 being deprecated

  40. Cryptography 1 • Key Life Cycle • Preoperational phase • Generation, distribution • Signing/certificate generation • Operational • Certificate validity • Stored for use • Non retrievable • Postoperational • Escrow • Recovery • Key destruction • All copies

  41. Cryptography 1 • Key Creation • NIST 800-57-1 • Security is based on confidentiality of private or symmetric keys • Avoid “weak” keys and make random • Pseudo-random generation has been a problem in past: Netscape 2.0, Open SSL • FIPS 140-2 and -3 • Need true random generation • Any reduction in randomness can be attacked • Reduction to 56 bits effective has been broken in a day • Rainbow tables • As disk space expands, so can diirectory

  42. Cryptography 1 • RSA key generation • Public key consists of modulus n product of two prime integers p and q (n=p*q) and a public key exponent e. Key is n^e • Private key is n^d d is dependant on n & e (see Schneier) • NIST specifies moduluses of 1024, 2048, and 3072 bits

  43. Cryptography 1 • Key Distribution and Crypto in transit • Public keys require no protection, only authentication • Symmetric and Private keys must be protected • Use Asymmetric keys to protect symmetric. • Physical (courier, etc) delivery also possible • Availability, Integrity, Confidentiality, Association

  44. Cryptography 1 • Symmetric Key Distrobution • Key splitting via cryptographic module • Components must be entered without any opportunity for capture or store en route • Exception: one time keys • At least two components required to regenerate keyset

  45. Cryptography 1 • Public and Private Key Distrbution • Private key should not be • Must be singular to support non-repudiation • May be securely escrowed for decryption • When generated on site, no need for distribution • Certificate needs only public key • Relying party: • Key belongs to subject • Associaated with attributes belonging to subject • Valid • Allowed by policy for use in intended purpose

  46. Cryptography 1 • Vetting & Distribution of Certificates is part of PKI • Certificates are public • Anchored by trust of issuing authority • May be transmitted through open channels • Only usable by holder of private key • PKI discussed in part 2

  47. Cryptography 1 • Key Storage • Integrity: through checksum or attribute in certificate • CRC, MAC, signing, checksums, parity, etc. • Hardware Security Module: high speed equivalent of Smart Card. • Confidentiality • Encryption, wrapping, logical access control • Physical security • Association with attributes and objects • Part of x.509 • Protected key store • Assurance of domain parameters • Used by DSA and ECDSA

  48. Cryptography 1 • Key Store • RSA PKCS 11 interfaces: Cryptoki API • Smart Cards (ISO 7816 & 14443) • Tokens • PCMCIA • USB • Key destruction vs Archive • Type of key • Table 2.4 Key Protection Requirements

  49. Cryptography 1 • Destruction and Zeroization • Anti-tamper devices • Required for HLOA, optional for MLOA • Compromise or expiration • Key rotation (decrypt with old, encrypt with new) • Key archive • Storage unique keys • Simplify sanitization

  50. Cryptography 1 • Key Updates • Life cycles • Renewal • New certificate vs new key • Can never upgrade an existing key • Rekey – new key entirely • Recertification • Revocation • Notification • CRLs • Few check

More Related