Quản trị mạng - Chapter 7: Cryptographic systems

Chapter 7- Cryptographic Systems CCNA Security Major Concepts • Describe how the types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication • Describe the mechanisms to ensure data integrity and authentication • Describe the mechanisms used to ensure data confidentiality • Describe the mechanisms used to ensure data confidentiality and authentication using a public key Học viện mạng Bach Khoa - Website: www.bkacad.com Lesson Objectives Upon completion of this lesson, the successful participant will be able to: 1. Describe the requirements of secure communications including integrity, authentication, and confidentiality 2. Describe cryptography and provide an example 3. Describe cryptanalysis and provide an example 4. Describe the importance and functions of cryptographic hashes 5. Describe the features and functions of the MD5 algorithm and of the SHA-1 algorithm 6. Explain how we can ensure authenticity using HMAC 7. Describe the components of key management Học viện mạng Bach Khoa - Website: www.bkacad.com Lesson Objectives 8. Describe how encryption algorithms provide confidentiality 9. Describe the function of the DES algorithms 10. Describe the function of the 3DES algorithm 11. Describe the function of the AES algorithm 12. Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithm 13. Describe the function of the DH algorithm and its supporting role to DES, 3DES, and AES 14. Explain the differences and their intended applications 15. Explain the functionality of digital signatures 16. Describe the function of the RSA algorithm 17. Describe the principles behind a public key infrastructure (PKI) Học viện mạng Bach Khoa - Website: www.bkacad.com Lesson Objectives 18. Describe the various PKI standards 19. Describe the role of CAs and the digital certificates that they issue in a PKI 20. Describe the characteristics of digital certificates and CAs Học viện mạng Bach Khoa - Website: www.bkacad.com Secure Communications CSARefer to 7.1.1.1 • The first goal for network administrators is to secure the network infrastructure, including routers, switches, servers, and hosts . • The next goal is to secure the data as it travels across various links Học viện mạng Bach Khoa - Website: www.bkacad.com Secure Communications Secure communications involves a few primary tasks: 1. Authentication - Guarantees that the message is not a forgery and does actually come from who it states it comes from. 2. Integrity - Similar to a checksum function in a frame, guarantees that no one intercepted the message and altered it. 3. Confidentiality - Guarantees that if the message is captured, it cannot be deciphered. Học viện mạng Bach Khoa - Website: www.bkacad.com Authentication • Authentication guarantees that a message comes from the source that it claims to come from. • Authentication can be accomplished with cryptographic methods. • Authentication is similar to entering a secure personal information number (PIN) for banking at an ATM • The PIN is a shared secret between a bank account holder and the financial institution. Học viện mạng Bach Khoa - Website: www.bkacad.com Refer to 7.1.1.2 Authentication •What is the nonrepudiation ? Học viện mạng Bach Khoa - Website: www.bkacad.com Non-repudiation • /index.jsp?topic=/com.ibm.mq.csqzas.doc/sy10280_ .htm • If the sender of a message ever denies sending it, the non-repudiation service with proof of origin can provide the receiver with undeniable evidence that the message was sent by that particular individual. • If the receiver of a message ever denies receiving it, the non-repudiation service with proof of delivery can provide the sender with undeniable evidence that the message was received by that particular individual. Học viện mạng Bach Khoa - Website: www.bkacad.com Authenticity versus nonrepudiation • Data nonrepudiation is a similar service that allows the sender of a message to be uniquely identified. • The most important part of nonrepudiation is that a device cannot repudiate, or refute, the validity of a message sent. • Nonrepudiation relies on the fact that only the sender has the unique characteristics or signature for how that message is treated. Học viện mạng Bach Khoa - Website: www.bkacad.com Integrity • Data integrity ensures that messages are not altered in transit. • The receiver can verify that the received message is identical to the sent message and that no manipulation occurred. Học viện mạng Bach Khoa - Website: www.bkacad.com Confidentiality Refer to 7.1.1.4 • Data confidentiality ensures privacy so that only the receiver can read the message. Encryption is the process of scrambling data so that it cannot be read by unauthorized parties. Học viện mạng Bach Khoa - Website: www.bkacad.com Confidentiality • When enabling encryption, readable data is called plaintext, or cleartext, while the encrypted version is called ciphertext. • A key is required to encrypt and decrypt a message. The key is the link between the plaintext and ciphertext. • Using a hash function is another way to ensure data confidentiality. •What is the difference between hasing and encryption ? • The purpose of encryption and hashing is to guarantee confidentiality so that only authorized entities can read the message. Học viện mạng Bach Khoa - Website: www.bkacad.com Cryptography • Cryptographic services are the foundation for many security implementations and are used to ensure the protection of data when that data might be exposed to untrusted parties. • Authentication, integrity, and confidentiality are components of cryptography. • The history of cryptography starts in diplomatic circles thousands of years ago. Học viện mạng Bach Khoa - Website: www.bkacad.com Cipher • Each of these encryption methods use a specific algorithm, called a cipher, to encrypt and decrypt messages. • A cipher is a series of well-defined steps that can be followed as a procedure when encrypting and decrypting messages. • There are several methods of creating cipher text: 1. Transposition 2. Substitution 3. Vernam Học viện mạng Bach Khoa - Website: www.bkacad.com Transposition Ciphers • In transposition ciphers, no letters are replaced; they are simply rearranged. • Modern encryption algorithms, such as the Data Encryption Standard (DES) and the Triple Data Encryption Standard (3DES), still use transposition as part of the algorithm. Học viện mạng Bach Khoa - Website: www.bkacad.com Substitution Ciphers • Substitution ciphers substitute one letter for another. In their simplest form, substitution ciphers retain the letter frequency of the original message. Học viện mạng Bach Khoa - Website: www.bkacad.com Substitution Ciphers: Caesar Cipher The clear text message would be encoded using a key of 3. 1 FLANK EAST ATTACK AT DAWN Shift the top scroll over by three 2 Clear text Cipherered text 3 IODQN HDVW DWWDFN DW GDZQ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C A B C D E F G H I J K L M N O P Q R S T U V W X Y Z characters (key of 3), an A becomes D, B becomes E, and so on. The clear text message would be encrypted as follows using a key of 3. Học viện mạng Bach Khoa - Website: www.bkacad.com Cipher Wheel The clear text message would be encoded using a key of 3. 1 FLANK EAST ATTACK AT DAWN Shifting the inner wheel by 3, then the 2 Clear text Cipherered text 3 IODQN HDVW DWWDFN DW GDZQ A becomes D, B becomes E, and so on. The clear text message would appear as follows using a key of 3. Học viện mạng Bach Khoa - Website: www.bkacad.com Vigenѐre Table a b c d e f g h i j k l m n o p q r s t u v w x y z A a b c d e f g h i j k l m n o p q r s t u v w x y z B b c d e f g h i j k l m n o p q r s t u v w x y z a C c d e f g h i j k l m n o p q r s t u v w x y z a b D d e f g h i j k l m n o p q r s t u v w x y z a b c E e f g h i j k l m n o p q r s t u v w x y z a b c d F f g h i j k l m n o p q r s t u v w x y z a b c d e G g h i j k l m n o p q r s t u v w x y z a b c d e f H h i j k l m n o p q r s t u v w x y z a b c d e f g I i j k l m n o p q r s t u v w x y z a b c d e f g h J j k l m n o p q r s t u v w x y z a b c d e f g h i Refer to 7.1.2.3 K k l m n o p q r s t u v w x y z a b c d e f g h i j L l m n o p q r s t u v w x y z a b c d e f g h i j k M m n o p q r s t u v w x y z a b c d e f g h i j k l N n o p q r s t u v w x y z a b c d e f g h i j k l m O o p q r s t u v w x y z a b c d e f g h i j k l m n P p q r s t u v w x y z a b c d e f g h i j k l m n o Q q r s t u v w x y z a b c d e f g h i j k l m n o p R r s t u v w x y z a b c d e f g h i j k l m n o p q S s t u v w x y z a b c d e f g h i j k l m n o p q r T t u v w x y z a b c d e f g h i j k l m n o p q r s U u v w x y z a b c d e f g h i j k l m n o p q r s t V v w x y z a b c d e f g h i j k l m n o p q r s t u W w x y z a b c d e f g h i j k l m n o p q r s t u v X x y z a b c d e f g h i j k l m n o p q r s t u v w Y y z a b c d e f g h i j k l m n o p q r s t u v w x Z z a b c d e f g h i j k l m n o p q r s t u v w x y Học viện mạng Bach Khoa - Website: www.bkacad.com Stream Ciphers- teletype cipher •Invented by the Norwegian Army Signal Corps in 1950, the ETCRRM machine uses the Vernam stream cipher method. •It was used by the US and Russian governments to exchange information. •Plain text message is eXclusively OR'ed with a key tape containing a random stream of data of the same length to generate the ciphertext. •Once a message was enciphered the key tape was destroyed. •At the receiving end, the process was reversed using an identical key tape to decode the message. Học viện mạng Bach Khoa - Website: www.bkacad.com Defining Cryptanalysis Allies decipher secret NAZI encryption code! Cryptanalysis is from the Greek words kryptós (hidden), and analýein (to loosen or to untie). It is the practice and the study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key. Học viện mạng Bach Khoa - Website: www.bkacad.com Cryptanalysis Methods Known Ciphertext •Brute Force Attack Recently, a DES cracking machine was used to recover a 56-bit DES key in 22 hours using brute force. It is estimated that on the same equipment it would take 149 trillion years to crack Advanced Encryption Refer to 7.1.3.2 With a Brute Force attack, the attacker has some portion of ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys. Successfully Unencrypted Key found Học viện mạng Bach Khoa - Website: www.bkacad.com Standard (AES) using the same method. • Ciphertext-Only Attack – In a ciphertext-only attack, the attacker has the ciphertext of several messages, all of which have been encrypted using the same encryption algorithm, but the attacker has no knowledge of the underlying plaintext. – The job of the attacker is to recover the ciphertext of as Cryptanalysis Methods many messages as possible. • Known-Plaintext Attack – In a known-plaintext attack, the attacker has access to the ciphertext of several messages, but also knows something about the plaintext underlying that ciphertext. Học viện mạng Bach Khoa - Website: www.bkacad.com • Chosen-Plaintext Attack – The attacker chooses which data the encryption device encrypts and observes the ciphertext output. – A chosen-plaintext attack is more powerful than a known-plaintext attack because the chosen plaintext might yield more information about the key. – This attack is not very practical Cryptanalysis Methods • Chosen-Ciphertext Attack – The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext. – With the pair, the attacker can search through the keyspace and determine which key decrypts the chosen ciphertext in the captured plaintext. – Like the chosen-plaintext attack, this attack is not very practical. Học viện mạng Bach Khoa - Website: www.bkacad.com Meet-in-the-Middle Attack Known Ciphertext Known Plaintext Use every possible decryption key until a result is found matching the corresponding plaintext. Use every possible encryption key until a result is found matching the corresponding ciphertext. With a Meet-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found. MATCH of Ciphertext! Key found Học viện mạng Bach Khoa - Website: www.bkacad.com Choosing a Cryptanalysis Method 1 The graph outlines the frequency of letters in the English language. For example, the letters E, T and A are the most popular. Cipherered text 2 IODQN HDVW DWWDFN DW GDZQ There are 6 occurrences of the cipher letter D and 4 occurrences of the cipher letter W. Replace the cipher letter D first with popular clear text letters including E, T, and finally A. Trying A would reveal the shift pattern of 3. Học viện mạng Bach Khoa - Website: www.bkacad.com Refer to 7.1.3.4 Defining Cryptology Cryptology + Cryptography Cryptanalysis Cryptology is the science of making and breaking secret codes. Cryptology combines the two separate disciplines of cryptography, which is the development and use of codes, and cryptanalysis, which is the breaking of those codes.. Học viện mạng Bach Khoa - Website: www.bkacad.com Cryptanalysis • Cryptanalysis is often used by governments in military and diplomatic surveillance, by enterprises in testing the strength of security procedures, and by malicious hackers in exploiting weaknesses in websites Học viện mạng Bach Khoa - Website: www.bkacad.com Cryptographic Hashes, Protocols, and Algorithm Examples Integrity Authentication Confidentiality MD5 SHA HMAC-MD5 HMAC-SHA-1 RSA and DSA DES 3DES AES SEAL RC (RC2, RC4, RC5, and RC6) NIST Rivest HASH HASH w/Key Encryption • In the world of communications and networking, authentication, integrity, and data confidentiality are implemented in many ways using various protocols and algorithms. The choice of protocol and algorithm varies based on the level of security required to meet the goals in the network security policy. Học viện mạng Bach Khoa - Website: www.bkacad.com Hashing Basics • A hash function takes binary data, called the message, and produces a condensed representation, called the message digest. • Hashes are used for integrity assurance. • Hashes are based on one-way functions. • The hash function hashes arbitrary data into a fixed-length digest known as the hash value, message digest, digest, or fingerprint. • Is applied in situations: – Symmetric secret authentication key – CHAP – Public key infrastructure certificates Học viện mạng Bach Khoa - Website: www.bkacad.com Hashing Properties A cryptographic hash function should have the following properties: • The input can be any length. • The output has a fixed length. • H(x) is relatively easy to compute for any given x. • H(x) is one way and not reversible. • H(x) is collision free, meaning that two different input values will result in different hash results. Học viện mạng Bach Khoa - Website: www.bkacad.com Hashing in Action • Well-known hash functions – MD5 with 128-bit hashes – SHA-1 with 160-bit hashes Học viện mạng Bach Khoa - Website: www.bkacad.com •Hash functions are helpful when ensuring data is not changed accidentally, but they cannot ensure that data is not changed deliberately. •Hashing only prevents the message from being changed accidentally, such as by a communication error. There is nothing unique to the sender in the hashing procedure. MD5 • MD5 is a ubiquitous hashing algorithm • Hashing properties – One-way function—easy to compute hash and infeasible to MD5 compute data given a hash – Complex sequence of simple binary operations (XORs, rotations, etc.) which finally produces a 128-bit hash. Học viện mạng Bach Khoa - Website: www.bkacad.com SHA • SHA is similar in design to the MD4 and MD5 family of hash functions • SHA-1: – Takes an input message of no more than 264 bits – Produces a 160-bit message digest SHA • The algorithm is slightly slower than MD5. • SHA-1 is a revision that corrected an unpublished flaw in the original SHA. • SHA-224, SHA-256, SHA-384, and SHA- 512 are newer and more secure versions of SHA and are collectively known as SHA-2. Học viện mạng Bach Khoa - Website: www.bkacad.com Hashing Example In this example the clear text entered is displaying hashed results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the various algorithm. The longer the key, the more secure the hash function. Học viện mạng Bach Khoa - Website: www.bkacad.com Features of HMAC- Authenticity • A keyed-hash message authentication code (HMAC or KHMAC) is a type of message authentication code (MAC). • Uses an additional secret key as input to the hash function • The secret key is known to the sender and receiver – Adds authentication to integrity + Secret Key Data of Arbitrary Length assurance – Defeats man-in-the-middle attacks • Cisco technologies use two well-known HMAC functions: – Keyed MD5 (HMAC-MD5), based on the MD5 hashing algorithm – Keyed SHA-1 (HMAC-SHA-1), based on the SHA-1 hashing algorithm The same procedure is used for generation and verification of secure fingerprints Fixed Length Authenticated Hash Value e883aa0b24c09f Học viện mạng Bach Khoa - Website: www.bkacad.com HMAC Example Data Secret Key Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars Received Data Secret Key Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars HMAC (Authenticated Fingerprint) Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars 4ehIDx67NMop9 4ehIDx67NMop9 HMAC (Authenticated Fingerprint) 4ehIDx67NMop9 If the generated HMAC matches the sent HMAC, then integrity and authenticity have been verified. If they don’t match, discard the message. Học viện mạng Bach Khoa - Website: www.bkacad.com Using Hashing e883aa0b24c09f Data Integrity Data Authenticity Cisco products use hashing for entity authentication, data integrity, and data authenticity purposes: • Routers use hashing with secret keys • IPsec gateways and clients use hashing algorithms • Software images downloaded from the website have checksums • Sessions can be encrypted Fixed-Length Hash Value Entity Authentication Học viện mạng Bach Khoa - Website: www.bkacad.com Key Management • Key management is often considered the most difficult part of designing a cryptosystem. Two terms that are used to describe keys are key length and keyspace Học viện mạng Bach Khoa - Website: www.bkacad.com Keyspace
The keyspace of an algorithm is the set of all possible key values.
A key that has n bits produces a keyspace that has 2^n possible key values.
For each bit added to the DES key, the attacker would require twice the amount of time to search the keyspace.
Longer keys are more secure but are also more resource intensive and can affect throughput. Học viện mạng Bach Khoa - Website: www.bkacad.com Types of Keys Học viện mạng Bach Khoa - Website: www.bkacad.com Types of Keys Several types of cryptographic keys: 1. Symmetric keys. 2. Asymmetric keys. Học viện mạng Bach Khoa - Website: www.bkacad.com 3. Digital signatures. 4. Hash keys. Shorter keys = faster processing, but less secure Longer keys = slower processing, Key Properties but more secure • An administrator must find a good balance between the speed and protective strength of an algorithm. Học viện mạng Bach Khoa - Website: www.bkacad.com Học viện mạng Bach Khoa - Website: www.bkacad.com Confidentiality and the OSI Model • Cryptographic encryption can provide confidentiality at several layers: – For Data Link Layer confidentiality, use proprietary link- encrypting devices – For Network Layer confidentiality, use secure Network Layer protocols such as the IPsec protocol suite – For Session Layer confidentiality, use protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) – For Application Layer confidentiality, use secure e-mail, secure database sessions (Oracle SQL*net), and secure messaging (Lotus Notes sessions) • Two basic classes of encryption algorithms protect keys: symmetric and asymmetric • Asymmetric algorithms are typically hundreds to thousands times slower than symmetric algorithms Học viện mạng Bach Khoa - Website: www.bkacad.com Symmetric Encryption Học viện mạng Bach Khoa - Website: www.bkacad.com Symmetric Encryption and XOR The XOR operator results in a 1 when the value of either the first bit or the second bit is a 1 The XOR operator results in a 0 when neither or both of the bits is 1 Plain Text 1 1 0 1 0 0 1 1 Key (Apply) 0 1 0 1 0 1 0 1 XOR (Cipher Text) 1 0 0 0 0 1 1 0 Key (Re-Apply) 0 1 0 1 0 1 0 1 XOR (Plain Text) 1 1 0 1 0 0 1 1 Học viện mạng Bach Khoa - Website: www.bkacad.com Asymmetric Encryption Encryption Key Decryption Key Encrypt Decrypt $1000 $1000%3f7&4 Two separate keys which are not shared • Also known as public key algorithms • The usual key length is 512–4096 bits • A sender and receiver do not share a secret key • Relatively slow because they are based on difficult computational algorithms • Examples include RSA, ElGamal, elliptic curves, and DH. Học viện mạng Bach Khoa - Website: www.bkacad.com Asymmetric Example : Diffie-Hellman Get Out Your Calculators? Học viện mạng Bach Khoa - Website: www.bkacad.com Symmetric Algorithms Symmetric Encryption Algorithm Key length (in bits) Description DES 56 Designed at IBM during the 1970s and was the NIST standard until 1997. Although considered outdated, DES remains widely in use. Designed to be implemented only in hardware, and is therefore extremely slow in software. Based on using DES three times which means that the input data is 3DES 112 and 168 encrypted three times and therefore considered much stronger than DES. However, it is rather slow compared to some new block ciphers such as AES. AES 128, 192, and 256 Fast in both software and hardware, is relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being deployed on a large scale. Software Encryption Algorithm (SEAL) 160 SEAL is an alternative algorithm to DES, 3DES, and AES. It uses a 160-bit encryption key and has a lower impact to the CPU when compared to other software-based algorithms. The RC series RC2 (40 and 64) RC4 (1 to 256) RC5 (0 to 2040) RC6 (128, 192, and 256) A set of symmetric-key encryption algorithms invented by Ron Rivest. RC1 was never published and RC3 was broken before ever being used. RC4 is the world's most widely used stream cipher. RC6, a 128-bit block cipher based heavily on RC5, was an AES finalist developed in 1997. Học viện mạng Bach Khoa - Website: www.bkacad.com Symmetric Encryption Techniques 64 bits 64bits 64bits 01010010110010101010100101100101011100101blank blank Block Cipher – transform a fixed-length block of plaintext into a common block of ciphertext of 0101010010101010100001001001001 0101010010101010100001001001001 64 or 128bits. Exam: DES-64bits, AES-128bits... Stream Cipher – encryption is one bit at a time Học viện mạng Bach Khoa - Website: www.bkacad.com Selecting an Algorithm • Other criteria to consider: – The algorithm supports variable and long key lengths and scalability – The algorithm does not have export or import restrictions: some countries do not allow the export of cryption algorithms. Học viện mạng Bach Khoa - Website: www.bkacad.com Data Encryption Standard- DES Scorecard • DES is a symmetric encryption algorithm that usually operates in block mode. It encrypts data in 64-bit blocks. • DES has a fixed key length. The key is 64-bits long, but only 56 bits are used for encryption. The remaining 8 bits are used for parity. Học viện mạng Bach Khoa - Website: www.bkacad.com Block Cipher Modes • ECB mode serially encrypts each 64- bit plaintext block using the same 56- bit key. If two identical plaintext blocks are encrypted using the same key, their ciphertext blocks are the same. • In CBC mode, each 64-bit plaintext block is exclusive ORed (XORed) bitwise with the previous ciphertext block and then is encrypted using the DES key. The encryption of each block depends on previous blocks. Encryption of the same 64-bit plaintext block can result in different ciphertext blocks. Học viện mạng Bach Khoa - Website: www.bkacad.com Block Cipher Modes Học viện mạng Bach Khoa - Website: www.bkacad.com Stream Cipher Mode • Encrypt and decrypt more than 64bits of data. • Two common stream cipher modes: – Cipher feedback (CFB): similar CBC and can encrypt any number of bits, including single bits or single characters. – Output feedback (OFB): generates keystream block, which are then XORed with the plaintext blocks to get the ciphertext. Học viện mạng Bach Khoa - Website: www.bkacad.com Considerations • Change keys frequently to help prevent brute-force attacks. • Use a secure channel to communicate the DES key from the sender to the receiver. • Consider using DES in CBC mode. With CBC, the encryption DES of each 64-bit block depends on previous blocks. • Test a key to see if it is a weak key before using it. Học viện mạng Bach Khoa - Website: www.bkacad.com 3DES Scorecard • 3DES is the technique of applying DES three times in a row to a plaintext block. Học viện mạng Bach Khoa - Website: www.bkacad.com Encryption Steps 1 The clear text from Alice is encrypted using Key 1. That ciphertext is decrypted using a different key, Key 2. Finally that ciphertext is encrypted using another key, Key 3. When the 3DES ciphered text is received, the process is reversed. That is, the ciphered text must first be decrypted using Key 3, encrypted using Key 2, and finally decrypted using Key 1. 2 Học viện mạng Bach Khoa - Website: www.bkacad.com Advanced Encryption Standard- AES • Variable block length and key length. • A 128-, 192-, or 256-bit key can be used to encrypt data blocks that are 128, 192, or 256 bits long, and all nine combinations of key and block length are possible. Học viện mạng Bach Khoa - Website: www.bkacad.com Advantages of AES • The key is much stronger due to the key length • AES runs faster than 3DES on comparable hardware • AES is more efficient than DES and 3DES on comparable hardware Học viện mạng Bach Khoa - Website: www.bkacad.com Software-optimized Encryption Algorithm-SEAL • SEAL is an alternative algorithm to software-based DES, 3DES, and AES. • It is a stream cipher that uses a 160-bit encryption key. • SEAL has several restrictions: – The Cisco router and the peer must support IPsec. – The Cisco router and the other peer must run an IOS image with k9 long keys (the k9 subsystem). – The router and the peer must not have hardware IPsec encryption. Học viện mạng Bach Khoa - Website: www.bkacad.com Rivest Codes Scorecard Description RC2 RC4 RC5 RC6 Timeline 1987 1987 1994 1998 Type of Algorithm Block cipher Stream cipher Block cipher Block cipher Key size (in bits) 40 and 64 1 - 256 0 to 2040 bits (128 suggested) 128, 192, or 256 Học viện mạng Bach Khoa - Website: www.bkacad.com DH Scorecard Description Diffie-Hellman Algorithm Timeline 1976 Type of Algorithm Asymmetric Key size (in bits) 512, 1024, 2048 Speed Slow Time to crack (Assuming a computer could try 255 keys per second) Unknown but considered very safe Resource Consumption Medium Học viện mạng Bach Khoa - Website: www.bkacad.com Using Diffie-Hellman Alice Bob Calc Calc 56mod 23 = 8 5, 23 5, 23 6 Secret SharedShared Secret 1 1 2 3 8 1. Alice and Bob agree to use the same two numbers. For example, the base number g=5 and prime number p=23 2. Alice now chooses a secret number x=6. 3. Alice performs the DH algorithm: gx modulo p = (56 modulo 23) = 8 (Y) and sends the new number 8 (Y) to Bob. Học viện mạng Bach Khoa - Website: www.bkacad.com Using Diffie-Hellman Alice Bob 6 Secret Calc Shared Calc 1556mod 23 = 8 515mod 23 = 19 Shared Secret 8 19 4 5, 23 5, 23 4. Meanwhile Bob has also chosen a secret number x=15, performed the DH algorithm: gx modulo p = (515 modulo 23) = 19 (Y) and sent the new number 19 (Y) to Alice. 5. Alice now computes Yx modulo p = (196 modulo 23) = 2. 6. Bob now computes Yx modulo p = (815 modulo 23) = 2. 196mod 23 = 2 815mod 23 = 2 The result (2) is the same for both Alice and Bob. This number can now be used as a shared secret key by the encryption algorithm. 5 6 Học viện mạng Bach Khoa - Website: www.bkacad.com Asymmetric Key Characteristics • Asymmetric algorithms, also sometimes called public-key algorithms, are designed so that the key that is used for encryption is different from the key that is used for decryption. • Asymmetric algorithms use two keys: a public key and a private key. • Example: IKE, SSL, SSH, PGP. Học viện mạng Bach Khoa - Website: www.bkacad.com Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality Bob’s Public Key Can I get your Public Key please? Here is my Public Key. 1 Bob’s Public Key 2 Bob’s Private Key4 Computer A acquires Computer B’s public key Computer A transmits Computer A 3 Encrypted Text Encryption Algorithm Encryption Algorithm Encrypted Text Computer B Computer A uses Computer B’s public key to encrypt a message using an agreed-upon algorithm The encrypted message to Computer B Computer B uses its private key to decrypt and reveal the message Học viện mạng Bach Khoa - Website: www.bkacad.com Private Key (Encrypt) + Public Key (Decrypt) = Authentication Bob uses the public key to successfully decrypt the message and authenticate that the message did, indeed, come from Alice. Alice’s Private Key 1 Encrypted Text Encryption 4 Alice’s Public Key Alice encrypts a message with her private key Alice transmits the Algorithm Encrypted Text 2 Alice’s Public Key Can I get your Public Key please? Here is my Public Key 3 Encryption Algorithm Encrypted Text Computer A Computer B encrypted message to Bob Bob needs to verify that the message actually came from Alice. He requests and acquires Alice’s public key Học viện mạng Bach Khoa - Website: www.bkacad.com Confidentiality, Integrity and Authentication Học viện mạng Bach Khoa - Website: www.bkacad.com Asymmetric Key Algorithms Key length (in bits) Description DH 512, 1024, 2048 Invented in 1976 by Whitfield Diffie and Martin Hellman. Two parties to agree on a key that they can use to encrypt messages The assumption is that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome. Digital Signature Standard (DSS) and Digital Signature 512 - 1024 Created by NIST and specifies DSA as the algorithm for digital signatures. A public key algorithm based on the ElGamal signature scheme. Algorithm (DSA) Signature creation speed is similar with RSA, but is slower for verification. RSA encryption algorithms 512 to 2048 Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 Based on the current difficulty of factoring very large numbers Suitable for signing as well as encryption Widely used in electronic commerce protocols EIGamal 512 - 1024 Based on the Diffie-Hellman key agreement. Described by Taher Elgamal in 1984and is used in GNU Privacy Guard software, PGP, and other cryptosystems. The encrypted message becomes about twice the size of the original message and for this reason it is only used for small messages such as secret keys Elliptical curve techniques 160 Invented by Neil Koblitz in 1987 and by Victor Miller in 1986. Can be used to adapt many cryptographic algorithms Keys can be much smaller Học viện mạng Bach Khoa - Website: www.bkacad.com Security Services- Digital Signatures • Specifically, digital signatures provide three basic security services: – Authenticity of digitally signed data: Authenticates a source, proving a certain party has seen, and has signed, the data in question – Integrity of digitally signed data: Guarantees that the data has not changed from the time it was signed – Nonrepudiation of the transaction: Signing party cannot repudiate that it signed the data Authenticity Integrity Nonrepudiation Học viện mạng Bach Khoa - Website: www.bkacad.com Digital Signatures • The signature is authentic and not forgeable: The signature is proof that the signer, and no one else, signed the document. • The signature is not reusable: The signature is a part of the document and cannot be moved to a different document. • The signature is unalterable: After a document is signed, it cannot be altered. • The signature cannot be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer cannot claim later that they did not sign it. Học viện mạng Bach Khoa - Website: www.bkacad.com The Digital Signature Process Confirm Order Data Signature Verified 0a77b3440Signed Data1 6 Validity of the digital signature is verified hash The sending device creates a hash of the document The receiving device accepts the document with digital signature and obtains the public key Encrypted hash Confirm Order ____________ 0a77b3440 Signature Algorithm Signature Key Verification Key 0a77b3440 2 3 4 5 The sending device encrypts only the hash with the private key of the signer The signature algorithm generates a digital signature and obtains the public key Signature is verified with the verification key Học viện mạng Bach Khoa - Website: www.bkacad.com The Digital Signature Process Học viện mạng Bach Khoa - Website: www.bkacad.com Code Signing with Digital Signatures • The publisher of the software attaches a digital signature to the executable, signed with the signature key of the publisher. • The user of the software needs to obtain the public key of the publisher or the CA certificate of the publisher if PKI is used. Học viện mạng Bach Khoa - Website: www.bkacad.com DSA Scorecard Description Digital Signature Algorithm (DSA) Timeline 1994 Type of Algorithm Provides digital signatures Advantages: Signature generation is fast Disadvantages: Signature verification is slow Học viện mạng Bach Khoa - Website: www.bkacad.com RSA Scorecard Description Ron Rivest, Adi Shamir, and Len Adleman Timeline 1977 Type of Algorithm Asymmetric algorithm Key size (in bits) 512 - 2048 Advantages: Signature verification is fast Disadvantages: Signature generation is slow Học viện mạng Bach Khoa - Website: www.bkacad.com Properties of RSA • One hundred times slower than DES in hardware • One thousand times slower than DES in software • Used to protect small amounts of data • Ensures confidentiality of data thru encryption • Generates digital signatures for authentication and nonrepudiation of data Học viện mạng Bach Khoa - Website: www.bkacad.com Public Key Infrastructure Alice applies for a driver’s license. She receives her driver’s license after her identity is proven. Alice attempts to cash a check. Her identity is accepted after her driver’s license is checked. Học viện mạng Bach Khoa - Website: www.bkacad.com PKI: A service framework (hardware, software, people, policies and procedures) needed to support large- Public Key Infrastructure PKI terminology to remember: scale public key-based technologies. Certificate: A document, which binds together the name of the entity and its public key and has been signed by the CA Certificate authority (CA): The trusted third party that signs the public keys of entities in a PKI-based system Học viện mạng Bach Khoa - Website: www.bkacad.com CA Vendors and Sample Certificates Học viện mạng Bach Khoa - Website: www.bkacad.com Usage Keys • When an encryption certificate is used much more frequently than a signing certificate, the public and private key pair is more exposed due to its frequent usage. In this case, it might be a good idea to shorten the lifetime of the key pair and change it more often, while having a separate signing private and public key pair with a longer lifetime. • When different levels of encryption and digital signing are required because of legal, export, or performance issues, usage keys allow an administrator to assign different key lengths to the two pairs. • When key recovery is desired, such as when a copy of a user’s private key is kept in a central repository for various backup reasons, usage keys allow the user to back up only the private key of the encrypting pair. The signing private key remains with the user, enabling true nonrepudiation. Học viện mạng Bach Khoa - Website: www.bkacad.com The Current State X.509 • Many vendors have proposed and implemented proprietary solutions • Progression towards publishing a common set of standards for PKI protocols and data formats Học viện mạng Bach Khoa - Website: www.bkacad.com X.509v3 • X.509v3 is a standard that describes the certificate structure. • X.509v3 is used with: – Secure web servers: SSL and TLS – Web browsers: SSL and TLS – Email programs: S/MIME – IPsec VPNs: IKE Học viện mạng Bach Khoa - Website: www.bkacad.com X.509v3 Applications Internet Enterprise Network External Web Server Internet Mail Server Cisco Secure ACS CA SSL S/MIME EAP-TLS • Certificates can be used for various purposes. • One CA server can be used for all types of authentication as long as they support the same PKI procedures. Server IPsec VPN Concentrator Học viện mạng Bach Khoa - Website: www.bkacad.com RSA PKCS Standards • PKCS #1: RSA Cryptography Standard • PKCS #3: DH Key Agreement Standard • PKCS #5: Password-Based Cryptography Standard • PKCS #6: Extended-Certificate Syntax Standard • PKCS #7: Cryptographic Message Syntax Standard • PKCS #8: Private-Key Information Syntax Standard • PKCS #10: Certification Request Syntax Standard • PKCS #12: Personal Information Exchange Syntax Standard • PKCS #13: Elliptic Curve Cryptography Standard • PKCS #15: Cryptographic Token Information Format Standard Học viện mạng Bach Khoa - Website: www.bkacad.com Public Key Technology PKCS#7 PKCS#10 Certificate Signed Certificate CA • A PKI communication protocol used for VPN PKI enrollment • Uses the PKCS #7 and PKCS #10 standards PKCS#7 Học viện mạng Bach Khoa - Website: www.bkacad.com Single-Root PKI Topology • Certificates issued by one CA • Centralized trust decisions • Single point of failure Root CA Học viện mạng Bach Khoa - Website: www.bkacad.com Hierarchical CA Topology Root CA Subordinate • Delegation and distribution of trust • Certification paths CA Học viện mạng Bach Khoa - Website: www.bkacad.com Cross-Certified CAs CA2 CA1 • Mutual cross-signing of CA certificates CA3 Học viện mạng Bach Khoa - Website: www.bkacad.com Registration Authorities 2 Completed Enrollment Request Forwarded to CA CA After the Registration Authority adds specific information to the certificate request and the request is approved under the organization’s The CA will sign the certificate request and send it back to the host 1 Enrollment request 3 Certificate Issued RA Hosts will submit certificate requests to the RA policy, it is forwarded on to the Certification Authority Học viện mạng Bach Khoa - Website: www.bkacad.com Retrieving the CA Certificates Alice and Bob telephone the CA administrator and verify the public key and serial number of the certificate CA Admin POTS Out-of-Band Authentication of the CA Certificate POTS Out-of-Band Authentication of the CA Certificate 33 CA CA Certificate CA Certificate Enterprise Network 1 1 2 2 Alice and Bob request the CA certificate that contains the CA public key Each system verifies the validity of the certificate Học viện mạng Bach Khoa - Website: www.bkacad.com Submitting Certificate Requests CA Admin Out-of-Band Authentication of the CA Certificate Out-of-Band Authentication of the CA Certificate 2 The certificate is retrieved and the certificate is installed onto the system The CA administrator telephones to confirm their submittal and the public key and issues the certificate by adding some additional data to the request, and digitally signing it all CA Enterprise Network POTS POTS 1 1 3 Certificate Request Certificate Request 3 Both systems forward a certificate request which includes their public key. All of this information is encrypted using the public key of the CA Học viện mạng Bach Khoa - Website: www.bkacad.com Authenticating Private Key (Alice) Private Key (Bob) Certificate (Alice) 1 2 2 Bob and Alice exchange certificates. The CA is no longer involved Certificate (Alice) CA Certificate Certificate (Bob) CA Certificate Certificate (Bob) Each party verifies the digital signature on the certificate by hashing the plaintext portion of the certificate, decrypting the digital signature using the CA public key, and comparing the results. Học viện mạng Bach Khoa - Website: www.bkacad.com PKI Authentication Characteristics • To authenticate each other, users have to obtain the certificate of the CA and their own certificate. These steps require the out-of-band verification of the processes. • Public-key systems use asymmetric keys where one is public and the other one is private. • Key management is simplified because two users can freely exchange the certificates. The validity of the received certificates is verified using the public key of the CA, which the users have in their possession. • Because of the strength of the algorithms, administrators can set a very long lifetime for the certificates. Học viện mạng Bach Khoa - Website: www.bkacad.com Summary Học viện mạng Bach Khoa - Website: www.bkacad.com Summary Học viện mạng Bach Khoa - Website: www.bkacad.com Summary Học viện mạng Bach Khoa - Website: www.bkacad.com Summary Học viện mạng Bach Khoa - Website: www.bkacad.com Summary Học viện mạng Bach Khoa - Website: www.bkacad.com Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com