Chapter 12: Fundamentals of Cryptography and VPN Technologies

Fundamentals of Cryptography and VPN TechnologiesThis chapter introduces the concepts of cryptography and VPN technologies. It covers the following topics:• Need for VPN and VPN deployment models• Encryption, hashing, and digital signatures and how they provide confidentiality, integrity, and nonrepudiation• Methods, algorithms, and purposes of symmetric encryption• Use and purpose of hashes and digital signatures in providing integrity and nonrepudiation• Use and purpose of asymmetric encryption and Public Key Infrastructure (PKI)ContentsHistorically, a VPN was an IP tunnel. Therefore, a generic routing encapsulation (GRE) tunnel is technically a VPN, even though GRE does not encrypt. Today, the use of a VPN implies the use of encryption.With a VPN, the information from a private network is transported over a public network, such as the Internet, to form a virtual network instead of using a dedicated Layer 2 connectionVPN OverviewWhere VPNs Are Found• Cost savings• Scalability• Compatibility with broadband technology• SecurityVPNs have many benefitsThere are different types of commercially deployed VPNs. VPN are classified according to the following criteria:• Based on deployment mode: Site-to-site VPN and remote-access VPN• Based on Open Systems Interconnection (OSI) layer: Layer 2 VPN (legacy protocols such as Frame Relay or ATM, and Layer 2 MPLS VPN), Layer 3 VPN (IPsec and MPLS Layer 3 VPN), and Layer 7 VPN (SSL VPN)• Based on underlying technology: IPsec VPN, SSL VPN, MPLS VPN, other Layer 2 technologies such as Frame Relay or ATM, and hybrid VPNs combining multiple technologiesVPN TypesCisco VPN SolutionsSite-to-Site VPNsRemote-Access VPNsCryptographic services are the foundation for many security implementations. The key services provided by cryptography are as follows:• Confidentiality: The assurance that no one can read a particular piece of data except the receivers explicitly intended.• Integrity or data authentication: The assurance that data has not been altered in transit, intentionally or unintentionally.• Peer authentication: The assurance that the other entity is who he, she, or it claims to be.• Nonrepudiation: A proof of the integrity and origin of data. The sender can’t repudiate that he or she is the person who sent the data.• Key management: The generation, exchange, storage, safeguarding, use, vetting, and replacement of keys.Examining Cryptographic ServicesCryptology OverviewCryptology is the science of making and breaking secret codes. Cryptology is broken into two separate disciplines: Cryptography is the development and use of codes, and cryptanalysis is the breaking of those codes. A symbiotic relationship exists between the two disciplines because each makes the other one better. National security organizations employ members of both disciplines and put them to work against each other.Cryptology OverviewThe history of cryptography starts in diplomatic circles thousands of years ago. Messengers from a king’s court would take encrypted messages to other courts. Occasionally, other courts not involved in the communication would attempt to steal any message sent to a kingdom they considered an adversary. Encryption was first used to prevent this information theft.The History of CryptographyA cipher is an algorithm for performing encryption and decryption. It is a series of well-defined steps that you can follow as a procedure. Substitution ciphers simply substitute one letter for another.CiphersThe cipher attributed to Julius Caesar is a simple substitution cipher. Every day has a different key, and that key is used to adjust the alphabet accordingly. For example, if today’s key is five, an A is moved five spaces, resulting in an encoded message using F instead; a B is a G, a C is an H, and so forth. The next day the key might be eight, and the process begins again, so A is now I, B is J, and so on.Substitution CipherThe Vigenère Cipher abcdefghijklmnopqrstuvwxyzAabcdefghijklmnopqrstuvwxyzBbcdefghijklmnopqrstuvwxyzaCcdefghijklmnopqrstuvwxyzabDdefghijklmnopqrstuvwxyzabcEefghijklmnopqrstuvwxyzabcdFfghijklmnopqrstuvwxyzabcdeGghijklmnopqrstuvwxyzabcdefHhijklmnopqrstuvwxyzabcdefgIijklmnopqrstuvwxyzabcdefghJjklmnopqrstuvwxyzabcdefghiKklmnopqrstuvwxyzabcdefghijLlmnopqrstuvwxyzabcdefghijkMmnopqrstuvwxyzabcdefghijklNnopqrstuvwxyzabcdefghijklmOopqrstuvwxyzabcdefghijklmnPpqrstuvwxyzabcdefghijklmnoQqrstuvwxyzabcdefghijklmnopRrstuvwxyzabcdefghijklmnopqSstuvwxyzabcdefghijklmnopqrTtuvwxyzabcdefghijklmnopqrsUuvwxyzabcdefghijklmnopqrstVvwxyzabcdefghijklmnopqrstuWwxyzabcdefghijklmnopqrstuvXxyzabcdefghijklmnopqrstuvwYyzabcdefghijklmnopqrstuvwxZzabcdefghijklmnopqrstuvwxyTransposition CiphersF...K...T...T...A...W..L.N.E.S.A.T.A.K.T.A.N..A...A...T...C...D...3Ciphered textFKTTAWLNESATAKTANAATCDThe clear text message.1Use a rail fence cipher and a key of 3.2Solve the ciphertext.FLANK EASTATTACK AT DAWNClear textOne-Time Pad CipherEncryption Using One-Time PadDecryption Using One-Time PadComputer Version of a Substitution CipherAlgorithms can operate in two modes:• Block mode: The algorithm can work on only fixed chunks of data.• Stream mode: The algorithm can process data bit by bit.Block ciphers transform a fixed-length block of plaintext into a block of ciphertext. Unlike block ciphers, stream ciphers operate on smaller units of plaintext, typically bitsBlock and Stream CiphersThe following are common block ciphers:• DES and 3DES, running in either Electronic Code Book (ECB) mode or Cipher Block Chaining (CBC) mode• Advanced Encryption Standard (AES)• International Data Encryption Algorithm (IDEA)• Secure and Fast Encryption Routine (SAFER)• Skipjack• Blowfish• Rivest-Shamir-Alderman (RSA)Block CipherDES ECB Mode Versus DES CBC ModeIn stream cipher mode, the cipher uses previous ciphertext and the secret key to generate a pseudorandom stream of bits, which only the secret key can generateCommon stream ciphers include the following:• DES and 3DES, running in output feedback (OFB) or cipher feedback (CFB) mode• Rivest Cipher 4 (RC4)• Software-optimized Encryption Algorithm (SEAL)Stream CiphersThe Process of EncryptionEncryption can provide confidentiality at an OSI layer, such as the following:• Encrypt application layer data, such as secure email, secure database sessions (Oracle SQL*Net), and secure messaging (Lotus Notes sessions)• Encrypt session layer data, using a protocol such as SSL or Transport Layer Security (TLS)• Encrypt network layer data, using protocols such as those provided in the IPsec protocol suite• Encrypt link layer data, using proprietary link-encrypting devicesOSI layer and EncrytionCryptanalysis is the practice of breaking codes to obtain the meaning of encrypted data. An attacker who tries to break an algorithm or encrypted ciphertext might use one of the following attacks:• Brute-force attack• Ciphertext-only attack• Known-plaintext (the usual brute-force) attack• Chosen-plaintext attack• Chosen-ciphertext attack• Birthday attack• Meet-in-the-middle attackCryptanalysisOn average, a brute-force attack succeeds about 50 percent of the way through the keyspace, which is the set of all possible keys. A DES cracking machine recovered a 56-bit DES key in 22 hours using brute force. It is estimated it would take 149 trillion years to crack an AES key using the same method.Brute-Force MethodAn attacker has:Access to the ciphertext of several messages.Knowledge (underlying protocol, file type, or some characteristic strings) about the plaintext underlying that ciphertext. The attacker uses a brute-force attack to try keys until decryption with the correct key produces a meaningful result. Modern algorithms with enormous keyspaces make it unlikely for this attack to succeed because, on average, an attacker must search through at least half of the keyspace to be successful.Known-Plaintext MethodThe meet-in-the-middle attack is a known plaintext attack. The attacker knows:A portion of the plaintext and the corresponding ciphertext. The plaintext is encrypted with every possible key, and the results are stored. The ciphertext is then decrypted using every key, until one of the results matches one of the stored values.Meet-in-the-Middle MethodAn attacker chooses which data the encryption device encrypts and observes the ciphertext output. A chosen-plaintext attack is more powerful than a known-plaintext attack because the chosen plaintext might yield more information about the key. This attack is not very practical because it is often difficult or impossible to capture both the ciphertext and plaintext.Chosen-Plaintext MethodAn attacker chooses different ciphertext to be decrypted and has access to the decrypted plaintext. With the pair, the attacker can search through the keyspace and determine which key decrypts the chosen ciphertext in the captured plaintext. This attack is analogous to the chosen-plaintext attack. Like the chosen-plaintext attack, this attack is not very practical. Again, it is difficult or impossible for the attacker to capture both the ciphertext and plaintext.Chosen-Ciphertext MethodKey management is often considered the most difficult part of designing a cryptosystem. Many cryptosystems have failed because of mistakes in their key management, and all modern cryptographic algorithms require the services of key management procedures. In practice, most attacks on cryptographic systems will be aimed at the key management level rather than at the cryptographic algorithm itself.Key Management• Key generation• Key verification• Key storage• Key exchange• Key revocation and destructionKey Management ComponentsThe keyspace of an algorithm is the set of all possible key values. A key that has n bits produces a keyspace that has 2^n possible key values. By adding 1 bit to the key, you effectively double the keyspace. For example, DES with its 56-bit keys has a keyspace of more than 72,000,000,000,000,000 (256) possible keys, But by adding 1 bit to the key length, the keyspace doubles, and an attacker needs twice the amount of time to search the keyspace.KeyspacesAn encryption algorithm, which is also called a cipher, is a mathematical function that is used to encrypt and decrypt dataModern cryptography takes a different approach: all algorithms are public, and cryptographic keys are used to ensure the secrecy of data. There are two classes of encryption algorithms, which differ in their use of keys:• Symmetric encryption algorithms: Use the same key to encrypt and decrypt data• Asymmetric encryption algorithms: Use different keys to encrypt and decrypt dataSymmetric and Asymmetric Encryption OverviewThe following are well-known encryption algorithms that use symmetric keys:• DES: 56-bit keys• Triple DES (3DES): 112- and 168-bit keys• AES: 128-, 192-, and 256-bit keys• IDEA: 128-bit keys The RC series (RC2, RC4, RC5, and RC6):• RC2: 40- and 64-bit keys• RC4: 1- to 256-bit keys• RC5: 0- to 2040-bit keys• RC6: 128-, 192-, and 256-bit keysBlowfish: 32- to 448-bit keysSymmetric Encryption AlgorithmsAcceptable Key Lengths in BitsCharacteristics of Symmetric Encryption AlgorithmsData Encryption Standard (DES) is a symmetric encryption algorithmDES uses two different types of ciphers:Block CiphersStream Ciphers3DES uses a method called 3DES-Encrypt-Decrypt-Encrypt (3DES-EDE) to encrypt plaintextDES and 3DESAsymmetric algorithms, also sometimes called public-key algorithms, Are designed in such a way that the key used for encryption differs from the key used for decryptionAsymmetric Encryption AlgorithmsPublic key (encrypt) + Private key (decrypt) = ConfidentialityPublic Key ConfidentialityYou should consider two main criteria when selecting an encryption algorithm for your organization:Trust in the algorithm by the cryptographic communityProtection against brute-force attacksEncryption Algorithm SelectionCryptographic hashes and digital signatures play an important part in modern cryptosystemsThese are two well-known hash functions:Message Digest 5 (MD5) with 128-bit digestsSecure Hash Algorithm 1 (SHA-1) with 160-bit digestsCryptographic Hashes and Digital SignaturesHMAC Digest CreationData Integrity: Hashing in ActionHashing AlgorithmsComparing Hashing AlgorithmsHashed Message Authentication CodesHMAC in ActionCisco products use hashing for entity-authentication, data-integrity, and data-authenticity purposes:• IPsec gateways and clients use hashing algorithms, such as MD5 and SHA-1 in HMAC mode, to provide packet integrity and authenticity.• Cisco IOS routers use hashing with secret keys in an HMAC-like manner, to add authentication information to routing protocol updates.• Cisco software images that you can download from Cisco.com have an MD5-based checksum available so that customers can check the integrity of downloaded images.• Hashing can also be used in a feedback-like mode to encrypt data; for example, TACACS+ uses MD5 to encrypt its session.Cisco products and HashingWhen data is exchanged over untrusted networks, several major security issues must be determined:Whether data has changed in transitWhether a document is authenticDigital signatures provide three basic security services in secure communications:Authenticity of digitally signed dataIntegrity of digitally signed dataNonrepudiation of the transactionOverview of Digital SignaturesDigital Signatures in ActionA digital signature is the result of encrypting, with the user’s private key, the digest and appending that encrypted digest to the plaintext or encrypted message to verify the identity of the sender. The digest will be decrypted with the corresponding public key.Digitally signing code provides several assurances about the code:• The code has not been modified since it left the software publisher.• The code is authentic and is actually sourced by the publisher.• The publisher undeniably publishes the code. This provides nonrepudiation of the act of publishing.Digital Signatures = Encrypted Message DigestThe DH algorithm is the basis of most modern automatic key exchange methods. The Internet Key Exchange (IKE) protocol in IPsec VPNs uses DH algorithms extensively to provide a reliable and trusted method for key exchange over untrusted channels.Diffie-HellmanDiffie-Hellman Key Exchange AlgorithmDiffie-Hellman ExampleDifferent protocols support different cryptographic algorithms to accomplish these goalsThe selection of the protocol is part of the design phase of VPN implementations, and is directly tied to the strength of the protocol itself, as well as the strength of the keys. The strength of the keys, as you know, is directly related to the key sizeAsymmetric encryption algorithms accomplish two primary objectives: confidentiality and authentication. Asymmetric algorithms are slower than symmetric algorithms because they use more complex mathematics. Because asymmetric algorithms are slower, they are usually used as key exchange protocols and are rarely used for bulk encryptionCryptographic Processes in VPNsPublic Key AuthenticationPrivate key (encrypt) + Public key (decrypt) = AuthenticationStep 1. Alice, using her private key, creates a digital signature and appends it to the message.Step 2. Alice transmits the signed message to Bob.Step 3. Bob acquires Alice’s public key.Step 4. Bob uses Alice’s public key to verify the signature.RSA is one of the most common asymmetric algorithms. Ron Rivest (discussed earlier in this chapter), Adi Shamir, and Len Adleman invented the patented public-key RSA algorithm in 1977RSA and Digital SignaturesPassports and driver’s licenses are real-life examples of a trusted third-party environment that uses the concept of a trusted introducer. Certificate authority (CA) servers are an example of this concept in PKI environments.Public Key InfrastructureTrusted Third Party ExampleA PKI is the service framework that is needed to support large-scale, public-key-based technologies. PKI is a set of technical, organizational, and legal components that are needed to establish a system that enables large-scale use of public-key cryptography to provide authenticity, confidentiality, integrity, and nonrepudiation services.Three very important terms must be defined when talking about a PKI:• PKI: A service framework needed to support large-scale PK-based technologies• Certificate authority (CA): The trusted third party that signs the public keys of entities in a PKI-based system• Certificate: A document that in essence binds together the name of the entity and its public key and that has been signed by the CAPKI Terminology and ComponentsThere are five main areas of a PKI:• CAs for key management• PKI users, such as people, devices, servers, and so on• Storage and protocols• Supporting organizational framework, known as practices and user authentication using local registration authorities (LRA)• Supporting legal frameworkMany vendors offer CA servers as a managed service or as an end-user product:• VeriSign• Entrust Technologies• RSA• Cybertrust• Microsoft• NovellPKI Certificate AuthoritiesPKI Topology Using a Single-Root CAPKI Topology Using Hierarchical CAsPKI Topology Using Cross-Certifying CAsThere are many defined PKCS standards:• PKCS #1: RSA Cryptography Standard• PKCS #3: Diffie-Hellman Key Agreement Standard• PKCS #5: Password-Based Cryptography Standard• PKCS #6: Extended-Certificate Syntax Standard• PKCS #7: Cryptographic Message Syntax Standard• PKCS #8: Private-Key Information Syntax Standard• PKCS #9: Selected Attribute Types• PKCS #10: Certification Request Syntax Standard• PKCS #11: Cryptographic Token Interface Standard• PKCS #12: Personal Information Exchange Syntax Standard• PKCS #13: Elliptic Curve Cryptography Standard• PKCS #15: Cryptographic Token Information Format StandardPKI StandardsCertificate Signing RequestAn example of a distinguished name used as the Subject Name field in an X.509 user certificate would appear asCN=Harry Wales,OU=Sales,O=My Computer,L=My Company,L=Chicago,S=Ohio,C=USwhere• CN= commonName• OU= organizationalUnitName• O= Organization• L= Locality (City)• S= State• C= USNoteThe following steps occur to retrieve the CA certificate:Step 1. Alice and Bob request the CA certificate that contains the CA public key.Step 2. Upon receipt of the CA certificate, Alice’s and Bob’s systems verify the validity of the certificate using public-key cryptography.Step 3. Alice and Bob follow up the technical verification done by their systems by telephoning the CA administrator and verifying the public key and serial number of the certificate.Retrieving a CA CertificateAfter retrieving the CA certificate, Alice and Bob perform the following steps to submit certificate requests to the CA, as shown in Figure 12-34:Step 1. Alice’s and Bob’s systems forward a certificate request that includes their public keys along with some identifying information. All of this information is encrypted using the public key of the CA.Step 2. Upon receipt of the certificate requests, the CA administrator telephones Alice and Bob to confirm their submittals and the public keys.Step 3. The CA administrator issues the certificate by adding some additional data to the certificate request, and digitally signing it all.Step 4. Either the end user manually retrieves the certificate or SCEP automatically retrieves the certificate, and the certificate is installed onto the system.Certificate EnrollmentHaving installed certificates signed by the same CA, Bob and Alice are now ready to authenticate each otherStep 1. Bob and Alice exchange certificates. The CA is no longer involved.Step 2. Each party verifies the digital signature on the certificate by hashing the plaintext portion of the certificate, decrypting the digital signature using the CA public key, and comparing the results. If the results match, the certificate is verified as being signed by a trusted third party, and the verification by the CA that Bob is Bob and Alice is Alice is accepted.Authentication Using CertificatesCertificate Revocation ProcessCertificate Revocation MethodsWhere We Find Certificates Being UsedA PKI has the following characteristics:• To authenticate each other, users have to obtain the certificate of the CA and their own certificate. These steps require the out-of-band verification of the processes. After this verification is complete, the presence of the CA is no longer required until one of the certificates that is involved expires.• Public-key systems use asymmetric keys where one is public and the other one is private. One of the features of these algorithms is that whatever is encrypted using one key can only be decrypted using the other key. This provides nonrepudiation.• Key management is simplified because two users can freely exchange the certificates. The validity of the received certificates is verified using the public key of the CA, which the users have in their possession.• Because of the strength of the algorithms involved, you can set a very long lifetime for the certificates, typically a lifetime measured in years.Digital Certificates and CAs• A user certificate is compromised (stolen private key): • The certificate of the CA is compromised (stolen private key):• The CA administrator:The disadvantages of using trusted third parties relate to key managementThe key points covered in this chapter are as follows:• A cryptosystem is made up of a combination of hashing, symmetric, and asymmetric algorithms.• Symmetric algorithms use a single key for encrypting and decrypting. Generally speaking, symmetric algorithms are the strongest and fastest algorithms and therefore are used for most encryption.• Hashing algorithms use a one-way process designed to provide integrity. Usually, successful decryption of a digest provides proof of integrity and authenticity.• Asymmetric algorithms use a key pair for the encrypting/decrypting process. One key encrypts, and the other key decrypts.• RSA is a widely used algorithm for public-key cryptography.• A PKI uses asymmetric encryption to provide confidentiality, integrity, and authentication services.• PKI solutions are based on digital certificates and a trusted third party trust model.• X.509v3, PKCS, and others provide standards for certificate formats and interoperability.• CRL, OCSP, and AAA server certificate authorization are means to validate a certificate.• The hierarchical trust model of PKI solutions includes CAs and RAs.Summary