Slide 1

Download Report

Transcript Slide 1 

CIST 1601 Information Security Fundamentals
Chapter 7 Cryptography Basics, Methods, and Standards
Collected and Compiled
By JD Willard
MCSE, MCSA, Network+,
Microsoft IT Academy Administrator
Computer Information Systems Instructor
Albany Technical College
An Overview of Cryptography
Cryptography Overview (8:35)
Cryptography has become increasingly important because of concerns
over the security of data and because attacks have become more
sophisticated.
There has been growing concern over the security of data, which
continues to rapidly grow across information systems and reside in many
different locations.
Combining this with more sophisticated attacks and a growing economy
around computer related fraud and data theft, make the need to protect
the data itself even more important than in the past.
Those that develop or make codes are known as Cryptographers.
Cryptanalysts are individuals who specialize in the breaking of codes.
Understanding Physical Cryptography
Physical cryptography includes several different approaches. The more
common methods involve transposition or substitution of characters or words.
Physical methods also include a method of encryption called steganography,
which is the science of hiding information within other information, such as
within a picture, so that unintended recipients aren’t even aware of any
message.
In general, physical cryptography refers to any method that doesn’t alter a value
using a mathematical process.
A cipher is a method used to encode characters to hide their value. Ciphering is
the process of using a cipher to encode a message.
The three primary types of cryptography, or ciphering methods are:
Substitution
Transposition
Steganography
Cryptography is always changing in an effort to make algorithms that are more
difficult to crack.
Substitution Ciphers
A substitution cipher works by substituting character-for-character from a list so that
every “A” becomes a “T” for example.
Character substitution can be a relatively easy method of encrypting information. You
may see this method used in a childhood toy such as a decoder ring.
One of the oldest known encoding algorithms is rot13. This simple algorithm rotates
every letter 13 places in the alphabet. Thus an A becomes an N, a B becomes an O, and
so forth. The same rotation of 13 letters that is used to encrypt the message is also used
to decrypt the message.
See if you can solve this encryption:
Ze. Jvyyneq Vf Na Rkpryyrag Vafgehpgbe.
One of the easiest ways to solve rot13 text messages is to take a sheet of paper and
write the letters from A to M in one column and from N to Z in a second. To decipher,
replace the letter in the encrypted message with the one that appears beside it in the
other column.
Transposition Ciphers
A transposition cipher (also referred to as a transposition code) involves
transposing or scrambling the letters in a certain manner.
Typically, a message is broken into blocks of equal size, and each block is then
scrambled.
In the figure below, the characters are transposed by changing the order of the
group.
In this case, the letters are rotated three places in the message.
You could change the way Block 1 is transposed from Block 2 and make it a little
more difficult, but it would still be relatively easy to decrypt.
A simple transposition
code in action
Steganography
Steganography (4:23)
Steganography is the process of hiding one message in another. In theory, doing this prevents analysts
from detecting the real message.
You could encode your message in another file or message and use that file to hide your message. This
type of encryption can be somewhat harder to detect, but it’s still breakable.
Consider the following message:
“Meet the mini me that ate later.”
The real message is every third word: “Meet me later.”
Steganography may also be referred to as electronic watermarking. A watermark is a commercial
application of steganography and is used to identify images and their authenticity. Watermarks can appear
as a pattern embedded on a sheet of paper during the manufacturing process, or it can be embedded in an
audio file as implanted code.
A watermark is used to verify the authenticity of an object, either on paper or on digital media by ensuring
that no illegal copies of the images are displayed in violation of copyright laws.
You can detect copyright violations by using watermark detection software. This software searches the
World Wide Web to ensure that an image with a watermark is not displayed if copyright laws are violated.
A watermark can be removed. Cryptographic research has identified techniques to remove watermarks.
Understanding Mathematical Cryptography
Mathematical cryptography deals with using
mathematical processes on characters or messages.
The most common is a function called hashing.
Hashing refers to performing a calculation on a
message and converting it into a numeric hash value.
Hashing (4:27)
A simple hashing process
The hash value is transmitted with the message to the
receiver, and the receiving end uses the same hash
function to determine that the message is authentic. If
the hash value is different, the message has been
altered in some way. This process is also known as
performing a checksum.
This type of hashing is called a one-way process.
There is no way to reverse the hash and turn the
number back into the original message. It is used
primarily to verify the integrity of the message.
A Trusted Platform Module (TPM) can be used to
assist with hash key generation. At the most basic
level, TPM provides for the secure storage of keys,
passwords, and digital certificates, and is hardware
based, typically attached to the circuit board of the
system.
The hash value is computed by
multiplying each character by 2,
adding those results together, and
then dividing the sum by 10.
Working with Passwords
Account Policy Enforcement (5:13)
Many password-generation systems are based on a one-way hashing approach. You can’t
take the hash value and reverse it to guess the password. In theory, this makes it harder
to guess or decrypt a password.
Passwords should be as long and as complicated as possible. Most security experts
believe a password of 10 characters is the minimum to be used.
Lowercase letters of the alphabet = 26 characters.
Uppercase letters of the alphabet = 26 characters.
Numeric values 0 through 9 = 10 characters.
You’ll then have a total of 62 characters with which to work to construct a password.
A 4-character password would be 62 × 62 × 62 × 62, or approximately 14 million
password possibilities.
A 5 character password would be 62 to the fifth power, or approximately 920 million
password possibilities.
A 10-character password would be 62 to the tenth power possibilities. Gazillions of
password possibilities
A password cracker could probably break the 4-digit password in a fraction of a day. The
10-digit password would take considerably longer and much more processing power.
Windows Password Policies
A Policy Setting Object has attributes for all the
settings that can be defined in the Default Domain
Policy Group Policy Object. These settings include
attributes for the following password settings:
Enforce password history
The number of unique new passwords a user must
use before an old password can be reused. The value
can be between 0 and 24; 0 = enforce password history
is disabled. For most organizations, set this value to 24
passwords.
Maximum password age
How many days a password can be used before the
user is required to change it. The value of this between
0 and 999; if it is set to 0, passwords never expire. For
most organizations, set this value to 42 days.
Minimum password age
How many days a user must keep new passwords
before they can change them. This setting is designed
to work with the Enforce password history setting so
that users cannot quickly reset their passwords the
required number of times and then change back to
their old passwords. The value of this setting can be
between 0 and 999; if it is set to 0, users can
immediately change new passwords. It is recommended
that you set this value to 2 days.
Minimum password length
How short passwords can be. Windows XP and
Windows Server 200X support passwords up to 28
characters. You should not use a value of 0. It is
recommended that you set this value to 8 characters.
Windows Password Policies
Passwords must meet complexity
requirements determines whether password
complexity is enforced. If this setting is enabled,
user passwords meet the following
requirements:
The password is at least six characters long.
The password contains characters from at
least three of the following five categories:
English uppercase characters (A - Z)
English lowercase characters (a - z)
Base 10 digits (0 - 9)
Non-alphanumeric (For example: !, $, #, or %)
Unicode characters
The password does not contain three or more
characters from the user's account name.
Store passwords using reversible encryption
Windows Password Policies
These settings also include attributes for the following account lockout settings:
Account lockout duration
The Account lockout duration policy setting determines the number of minutes a locked-out
account remains locked out before automatically becoming unlocked. The available range is
from 1 through 99,999 minutes. A value of 0 specifies that the account will be locked out until
an administrator explicitly unlocks it. If Account lockout threshold is set to a number greater
than zero, Account lockout duration must be greater than or equal to the value of Reset
account lockout counter after.
Account lockout threshold
The Account lockout threshold policy setting determines the number of failed logon
attempts that will cause a user account to be locked out. A locked-out account cannot be used
until it is reset by an administrator or until the number of minutes specified by Account
lockout duration expires. You can set a value from 1 through 999 failed logon attempts, or you
can specify that the account will never be locked out by setting the value to 0. If Account
lockout threshold is set to a number greater than zero, Account lockout duration must be
greater than or equal to the value of Reset account lockout counter after.
Reset account lockout after
The Reset account lockout counter after policy setting determines the number of minutes
that must elapse from the time a user fails to log on before the failed logon attempt counter is
reset to 0 bad logon attempts. If Account lockout threshold is set to a number greater than
zero, this reset time must be less than or equal to the value of Account lockout duration.
Understanding Quantum Cryptography
In quantum cryptography, a message is
sent using a series of photons.
If the receiver knows the sequence and
polarity of the photons, they can decode
the message.
Otherwise, the photons look like random
noise.
If someone intercepts the photons, some
of the photon positions will change
polarity and the message will be altered.
This will inform the receiver that someone
is listening in on the message.
The sender, when informed, can change
the pattern and resend the message with a
new photon position key.
Intercepting the data alters the data and
ruins the message.
As you can see in this example, the message has
been altered as a result of the interception. Each
bar in the message is part of the message:
The interception changes the polarity of some of
the photons (represented by the bars), making
the message unreadable.
Uncovering the Myth of Unbreakable Codes
The following list includes some common code-breaking techniques:
Frequency analysis involves looking at blocks of an encrypted message to determine if any common
patterns exist. Initially, the analyst does not try to break the code, but looks at the patterns in the
message. The letters E and T are very common. Single letters are usually limited to a and I. A
determined cryptanalyst looks for these types of patterns and, over time, may be able to deduce the
method used to encrypt the data.
An algorithm is a mathematical formula that is used in cryptography to encrypt data by
transforming plaintext into ciphertext.
Plaintext, sometimes referred to as clear text, is information in its pre-encrypted form.
Ciphertext is data in its post-encrypted form.
Encryption takes plaintext data and converts it into an unreadable format (ciphertext) by using an
algorithm (cipher).
A key is information that can be plugged into an encryption algorithm to either encrypt plaintext or
decrypt ciphertext.
Sometimes complex algorithms produce unpredictable results; when discovered, the results can
cause the entire encryption algorithm to be compromised.
Brute force methods simply try many different combinations of alphanumeric characters in an
attempt to simply stumble upon the correct combination. Although it may take a long time to find the
key, the key can be found.
Human error is one of the major causes of encryption vulnerabilities. If an e-mail is sent using an
encryption scheme, someone else may send it in the clear (unencrypted). If a cryptanalyst gets hold of
both messages, the process of decoding future messages will be considerably easier. Many systems
have been broken as a result of these types of accidents.
Understanding Cryptographic Algorithms
An algorithm is the mathematical procedure or sequence of steps taken to perform
encryption and decryption. A cryptography key describes a string of bits, which are used
for encrypting and decrypting data. These keys can also be thought of as a password or
table.
The Science of Hashing
Cryptographic Hash Functions (6:56)
Hashing algorithms are not encryption methods but a generated summary from a
mathematical rule or algorithm, and is used commonly as a “digital fingerprint” or
“signature,” to verify the integrity of files and messages as well as to ensure message
integrity and provide authentication verification.
Hash functions work by taking a string (for example, a password or email) of any length,
and producing a fixed-length string for output.
A one-way hash doesn’t allow a message to be decoded back to the original value. Most hashing
functions are one way.
A two-way hash allows a message to be reconstructed from the hash.
Message Digest 5 (MD5) hashing is the most commonly used, and SHA1 is also
commonly used. Hashing is used to ensure the integrity of transmitted data.
The Science of Hashing
Secure Hash Algorithm
Secure Hash Algorithm (SHA, SHA-1) are hash algorithms
pioneered by the National Security Agency and widely used in
the U.S. government.
SHA was designed to ensure the integrity of a message.
SHA is a one-way hash that provides a hash value that can be
used with an encryption protocol. The SHA algorithm produces
a 160-bit hash value.
SHA1 can generate a 160 bit hash from any variable length
string of data, making it very secure but also resource intensive.
Because of the higher bit strength of the SHA1 algorithm, it will
be in the range of 20% to 30% slower than the MD family of
algorithms.
The Science of Hashing
Message Digest Algorithm
Message Digest Series Algorithms MD2, MD4, and MD5 are a series of
encryption algorithms that are designed to be fast, simple, and secure.
MDA uses a one-way hash. The hash value is used to help maintain integrity.
MDA generates a hash of up to a 128 bit strength out of any length of data.
MD5 is the newest version of the algorithm. MD5 is a symmetric encryption
scheme. MD5 produces a 128-bit hash, but the algorithm is more complex than
its predecessors and it offers greater security. The MD5 algorithm verifies
integrity of data from a remote user.
MD5 derives the hashing function for the challenge response of the Challenge
Handshake Authentication Protocol (CHAP).
When you are given the MD5 hash for a file, you can verify that the file has not
been tampered with. If the MD5 hash values of a file do not match, the file has
been compromised. You should discard the compromised file.
When using SSL to download a file for which you have the MD5 hash, you
cannot verify the MD5 hash until after the file is downloaded.
The Science of Hashing
LANMAN
CHAP, PAP, and NTLM (7:17)
LAN Manager (LANMan) is the oldest authentication protocol
listed. LANMan uses a hash and two Digital Encryption Standard
(DES) keys.
NT LAN Manager version 1 (NTLMv1) and NTLMv2 replaced
LANMan and use the MD4/MD5 hashing algorithm, and is used
on more recent versions of the Windows operating system.
Kerberos is the preferred authentication protocol for Windows
2000 Server, Windows Server 2003, and Windows Server 2008.
It uses DES for encryption.
While LANMAN and NTLM both employ hashing, they are/were
used primarily for the purpose of authentication.
Working with Symmetric Algorithms
Symmetric vs. Asymmetric Encryption (4:20)
There are two fundamental types of encryption algorithms:
Symmetric key
Asymmetric key
Symmetric cryptography uses either symmetric or secret keys to encrypt
or decrypt messages. In Symmetric cryptography, the same key that
encrypts the data is used to decrypt the data.
Symmetric keys do not ensure security and scalability for key
management because the same key is used for encryption and
decryption. Therefore, symmetric cryptography requires a secure
mechanism to deliver keys among the communicating hosts.
Out-of-band transmittal of a key is used to avoid sending a key through
the encrypted channel. This process might be used in the situation where
a private key must be sent to use a symmetric system.
Working with Symmetric Algorithms
Symmetric key algorithms are often referred to as secret key algorithms,
private key algorithms, and shared secret algorithms.
Symmetric algorithms can be classified into either being a block cipher or
a stream cipher:
A stream cipher encrypts the message bit by bit, one at a time
A block cipher encrypts the message in chunks
Block and Stream Ciphers (3:15)
Symmetric cryptography is 1000 to 10,000 times faster than asymmetric
cryptography and uses far less resources than asymmetric algorithms.
Symmetric cryptography may be less secure than asymmetric
cryptography because of the same keys being used for encryption and
decryption. If a key is lost or stolen, the entire process is breached.
Working with Symmetric Algorithms
Symmetric Encryption Ciphers (5:02)
The Data Encryption Standard (DES) has been used since the ‘70s. This standard
was the primary standard used in government and industry until superseded by
3DES and AES. It is a strong and efficient algorithm. Strong refers to the fact that
it is hard to break. DES has several modes that offer security and integrity.
DES is a block cipher encryption standard that uses a single 56-bit encryption
key and 8 bits of parity to encrypt 64-bit blocks of data. It is a symmetric or
private key encryption algorithm.
DES is now considered to be insecure for many applications.
Triple Data Encryption Standard (3DES), also known as Triple-DES, dramatically
improves upon the DES by using the DES algorithm three times with three
distinct keys. This provides a total effective key length of 168 bits.
3DES is still used, even though AES is the preferred choice for government
applications. 3DES is considerably harder to break than many other systems.
Working with Symmetric Algorithms
The Advanced Encryption Standard (AES) has replaced DES
as the current standard, and it uses the Rijndael algorithm.
Similar to DES, the data is passed through three layers,
each with a specific task, such as generating random keys
based on the data and the bit strength being used.
AES uses 128-bit, 192-bit, and 256-bit encryption keys.
AES256 (also often written as AES-256) uses 256 bits
instead of 128. This qualifies for U.S. government
classification as Top Secret, and makes it the current
product used by U.S. governmental agencies.
Working with Symmetric Algorithms
CAST uses 40 to 128-bit encryption keys and is used on many products from
Microsoft and IBM. CAST is very fast and efficient.
Rivest's Cipher (RC ) is an encryption family produced by RSA laboratories. The
current levels are RC5 and RC6. RC5 uses a key size of up to 2,048 bits. It is
considered to be a strong system.
Blowfish is a private key symmetric encryption algorithm, optimized for use on
32-bit processors, which supports encryption keys with a maximum length of
448 bits, making it both flexible and secure.
Blowfish performs a 64-bit block cipher at very fast speeds and can support
variable length keys.
The next generation product Twofish was a finalist in the AES selection process.
International Data Encryption Algorithm (IDEA) uses a 128-bit encryption key
to encrypt 64-bit blocks of data.
This product is similar in speed and capability to DES, but it is more secure. IDEA
is used in PGP. Pretty Good Privacy (PGP) is a public domain encryption system
used by many for e-mail.
Working with Asymmetric Algorithms
Asymmetric key cryptography, often referred to as public key algorithms, is an encryption system where
each user has two keys:
A public key
Made available to whoever is going to encrypt the data sent to the holder of the private key.
The key is made available in a number of fashions, such as email or centralized servers that host a pseudo address book of
published public encryption keys.
A private key
Is maintained on the host system or application.
The two keys are mathematical reciprocals of each other.
Another user can use the distributed public key to encrypt a file before sending that file to the owner of
the private key. The owner then uses the private key to decrypt the received file.
Some general rules for asymmetric algorithms include the following:
The public key can never decrypt a message that it was used to encrypt with.
Private keys should never be able to be determined through the public key (if it is designed properly).
Each key should be able to decrypt a message made with the other.
If a hacker wants to decrypt a file that was encrypted with a user’s public key, then the hacker must gain
access to or fabricate a replacement for the private key.
Working with Asymmetric Algorithms
RSA is named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman.
RSA is an early public key encryption system that supports encryption and
decryption and secures data with an algorithm that is based on the difficulty of
factoring large numbers. It works for both encryption and digital signatures.
RSA is widely implemented, and it has become a de facto standard. It is used in
many environments, including SSL. It is considered by many to be the standard
for encryption and core technology that secures most business conducted on
the Internet.
Diffie-Hellman is one of the first implementations of a public/private key
system.The Diffie-Hellman key exchange was conceptualized by Dr. W. Diffie and
Dr. M. E. Hellman. They are considered the founders of the public/private key
concept.
This algorithm is used primarily to send keys across public networks. The
process is not used to encrypt or decrypt messages; it used merely for the
transmission of keys in a secure manner.
Working with Asymmetric Algorithms
Elliptic Curve and Quantum Cryptography (2:30)
Elliptic Curve Cryptography (ECC) is a method used to implement public key cryptography. ECC serves as an
alternative to the RSA algorithm and provides similar functionalities. The functions of ECC are as follows:
Digital signature generation
Secure key distribution
Encryption and decryption of data
ECC techniques utilize a method (points on a curve) in which elliptic curves could be used to calculate
simple, but very difficult to break, encryption keys to use in general purpose encryption.
To ensure efficient use of resources, ECC provides encryption by using shorter key lengths. Shorter key
lengths do not imply less secure systems. Therefore, ECC provides the same level of security as RSA by
using a shorter key that enables easier processing by the resource-constrained devices. This is an obvious
advantage when the future lies in smaller devices and increased security.
Wireless devices, handheld computers, smart cards, and cellular telephones have limited processing
power, storage, power, memory, and bandwidth compared to other systems.
The El Gamal algorithm, also called DSA, was first published in 1985, and is an asymmetric public key
encryption algorithm based on the Diffie-Hellman key agreement. The process used is similar to the DiffieHellman key exchange and is based on the characteristics of logarithmic numbers and calculations.
It is used for:
Digital signatures
Encryption of data
Key exchange
Using Cryptographic Systems
Cryptographic systems exist for the same reasons that security exists: to provide
confidentiality, integrity, authentication, nonrepudiation, and access control.
Confidentiality
Confidentiality identifies sensitive data and ensures that unauthorized entities cannot
access it.
A major reason to implement a cryptographic system is to ensure the confidentiality of
the information being used. This confidentiality may be intended to prevent the
unauthorized disclosure of information in a local network or to prevent the unauthorized
disclosure of information across a network.
The strength of encryption and the method used to deliver keys securely to their
intended recipient helps to ensure confidentiality. Strong encryption is hard to break. If
the delivery technique is flawed and a key is captured, then the key is compromised.
Asymmetric encryption provides confidentiality because encryption protects the
contents of a file from being viewed by unauthorized users.
When considering confidentiality in the private sector, information that is considered
highly confidential should be available to anyone whose job requires access to the
confidential data.
Authorization to access highly confidential data should be required each time the data is
accessed.
Using Cryptographic Systems
Integrity
Integrity pertains to preventing unauthorized modification of information or
systems. Integrity is the assurance that data and information can only be
modified by those authorized to do so.
A major goal of a cryptographic system involves providing assurance that a
message was not modified during transmission. This modification may render a
message unintelligible or, even worse, inaccurate. If a message is tampered
with, the encryption system should have a mechanism to indicate that the
message has been corrupted or altered.
A packet checksum provides data integrity. It is an error-control technique that
ensures that files have not been changed. An initial packet checksum is
calculated. Future packet checksums can be compared to the initial checksum
to ensure integrity.
Using Cryptographic Systems
Integrity
Message authentication code (MAC), which is also referred to as
message integrity code (MIC), ensures the integrity of messages.
MAC adds authentication capability to a one-way hashing
function. A one-way hashing function does not use any key and
only ensures that the message that is transferred is not tampered
with by calculating a checksum value. Messages with one-way
hashing can be intercepted and hashing can be reproduced.
MAC can be thought of as an encrypted hash, combining an
encryption key and a hashing algorithm.
The MAC is a small piece of data known as an authentication tag,
which is derived by applying a message or file combined with a
secret key to a cryptographic algorithm. The resulting MAC value
can ensure the integrity of the data as well as its authenticity as
one in possession of the secret key can subsequently detect if
there are any changes from the original. The recipient knows that
the message is authentic and that the sender is who they say they
are.
MAC was developed to prevent fraud in electronic fund transfers
involved in online transactions. MAC is able to resist forgery and is
not open to man in the middle attacks.
MAC applies a secret key to the message
that is known to the authorized recipient
only.
Using Cryptographic Systems
Digital Signatures
Digital signatures attempt to guarantee the identity
of the person sending the data from one point to
another. They provide integrity, authentication, and
nonrepudiation in electronic mail.
A digital signature is a hash value that is encrypted
with the sender’s private key.
The public key of the signer is used to verify a digital
signature.
The receiver compares the signature area referred to
as a message digest in the message with the
calculated value. If the values match, the message
hasn’t been tampered with and the originator is
verified as the person they claim to be.
Microsoft uses digital signing to ensure the integrity
of driver files.
For example, a file on Windows 98 that has been
digitally signed indicates that the file has passed
quality testing by Microsoft. The message is digitally
signed. Therefore, it provides authentication,
nonrepudiation, and integrity.
A digital signature cannot be spoofed. Therefore,
attacks such as man-in-the-middle attacks, cannot
harm the integrity of the message.
The message is encrypted using the encryption
system, and a second piece of information, the
digital signature, is added to the message.
Using Cryptographic Systems
Authentication
Authentication is the process of
verifying that the sender is who
they say they are. This is very critical
in many applications. A valid
message from an invalid source is
not authentic.
Authentication provides
accountability by establishing an
individual’s identity and defining
that individual’s access to resources.
One of the more common methods
of verifying authenticity is the
addition of a digital signature.
Authenticity can be established
using secret words that have been
mutually agreed upon in advance.
The military has used a series of one-time pads that each
radio or communications operator could use to verify the
authenticity of the sender. These pads were changed
either daily or weekly depending on the circumstances.
Although it wasn’t foolproof, the system was effective and
easy to use.
Using Cryptographic Systems
Nonrepudiation
Non-repudiation (5:34)
Nonrepudiation is intended to provide, through encryption, a method of accountability
in which there is no refute from where data has been sourced (or arrived from).
The four key elements that nonrepudiation services provide are:
Proof of origin
Proof of submission
Proof of delivery
Proof of receipt
This can be achieved in a two-key system. If for example, you encrypted the message
with a private key, the only way the message can decrypted properly is with the public
key.
Nonrepudiation is a requirement for many cryptographic applications. The sender or
receiver, using an electronic signature, can’t repudiate a message.
This process has one serious problem; anybody can claim to be the legitimate receiver,
and if they have access to this type of system, they can send you a public key.
Using Cryptographic Systems
Access Control
Access control refers to the methods, processes, and mechanisms of preventing
unauthorized access to the systems that do the cryptography.
Keys are very vulnerable to theft, loss, and human security failings. Access control
ensures that sensitive keys aren’t divulged to unauthorized personnel.
A key component of access control involves both physical and operational security of
these resources.
Key management presents a major challenge with large encryption systems. Keeping the
keys in secured areas with limited access by unauthorized personnel is important. If the
keys become compromised, the entire system breaks down, no matter how good it is.
Make sure the keys are kept in the highest security areas available to you. Physical keys,
such as smart cards, should be immediately erased when they are retired; these keys
should also be kept in a secured area for storage.
Make sure all your security devices are kept under tight physical control when they
aren’t in use.
Using Public Key Infrastructure
A public key infrastructure is a vast collection of varying technologies and policies for the
creation and use of digital certificates.
PKI is a widely implemented cryptographic system. Corporations, government, and
individuals use PKI extensively. The need for universal systems to support e-commerce,
secure transactions, and information privacy is one aspect of the issues being addressed
with PKI.
PKI is a two-key asymmetric system with four key components:
Certificate Authority (CA)
Registration Authority (RA)
RSA
Digital certificates
Messages are encrypted with a public key and decrypted with a private key.
The main goal of PKI is to define an infrastructure that should work across multiple
vendors, systems, and networks. Implementations of PKI are dependent on the
perspective of the software manufacturers that implement it. This has been one of the
major difficulties with PKI: Each vendor can interpret the documents about this
infrastructure and implement it however they choose. For this reason, many of the
existing PKI implementations aren’t compatible with each other.
Using a Certificate Authority
A certificate authority (CA) is an organization responsible
for maintaining certificates in the public key infrastructure
(PKI) environment. CAs are trusted entities and an
important concept within PKI.
Certificate Authorities (5:37)
Implementing Certificate Authorities (3:16)
CAs can be either private or public. Many OS providers
allow their systems to be configured as CAs. These CAs can
be used to generate internal certificates used within a
business.
The CA’s job is to issue certificates, as well as to verify the
holder of a digital certificate, and ensure that the holder of
the certificate is who they claim to be.
This includes:
Issuing certificates
Revoking certificates
Distributing certificates
A certificate is really nothing more than a mechanism that
associates the public key with an individual. A certificate
contains a great deal of information about the user.
A root certificate authority differs from subordinate CAs in
that the root CA is taken offline to reduce the risk of key
compromise, and the root CA should be made available
only to create and revoke certificates for subordinate CAs. If
the root CA is compromised, then the entire architecture is
compromised. If a subordinate CA is compromised,
however, the root CA can revoke the subordinate CA.
In a certificate trust model, everybody’s certificate
is issued by a third party called certificate authority
(CA). If one trusts the CA, he automatically trusts
the certificates that CA issues.
Working with Registration Authorities and
Local Registration Authorities
A registration authority (RA) can offload some
of the work from a CA. RAs don’t issue
certificates, but they can serve as
intermediaries in the process by authenticating
requests.
An RA provides authentication to the CA as to
the validity of a client’s certificate request; In
addition, the RA serves as an aggregator of
information.
It can:
Distribute keys
Accept registrations for the CA
Validate identities.
The RA doesn’t issue certificates; that
responsibility remains with the CA.
A local registration authority (LRA) can
establish an applicant’s identity and verify that
the applicant for a certificate is valid. The LRA
sends verification to the CA that issues the
certificate.
An RA offloading
work from a CA
The LRA verifying
identity for the CA
Implementing Certificates
Certificates provide the primary method of
identifying that a given user is valid. Certificates
can also be used to store authorization
information.
Key certification is a system that enables the
receivers of a key to certify the identity of a key
sender. Encryption systems typically provide
password protection to protect private keys.
Digital Certificates (3:04)
Implementing Digital Certificates (2:57)
A certificate illustrating some of the
information stored
X.509
The most popular certificate used is the X.509
version 3. Adopting a standard certificate format
is important for systems to be assured
interoperability in a certificate-oriented
environment.
Always remember that the purpose of the
certificate is to basically bind the public key to
the user’s identity. When authenticating,
certificates can be used to authenticate only the
client (single sided) or both parties (dual sided),
the client and server.
Notice that the certificate contains identifiers
of two different algorithms used in the
process. In this case, the signature algorithm
is Md2RSA, and the digital signature
algorithm is sha1. This certificate also has a
unique serial number issued by the CA.
Implementing Certificates
The certificate life cycle is typically based on two documents: the certificate policy and
the certificate practice statement (CPS).
Certificate policies affect how a certificate is issued and how it is used.
A certificate policy indicates specific uses applied to a digital certificate, as well as other
technical details. Thus, the certificate policy provides the rules that indicate the purpose
and use of an assigned digital certificate.
A CA can potentially issue a number of different types of certificates:
One for e-mail
One for e-commerce
One for financial transactions
The policy might indicate that it is not to be used for signing contracts or for purchasing
equipment.
A CA would have policies regarding the interoperability or certification of another CA
site; the process of requiring interoperability is called cross certification.
A certificate practice statement (CPS) is a statement that the CA uses to issue certificates
and implement the policies of the CA. This is a detailed document that is used to enforce
policy at the CA. These statements should discuss how certificates are issued, what
measures are taken to protect certificates, and the rules that CA users must follow in
order to maintain their certificate eligibility. These policies should be readily available to
CA users.
Understanding Certificate Revocation
Certificate revocation is the process of revoking a certificate before it expires. A CRL is created and
distributed to all CAs to revoke a certificate or key.
Revoking a certificate is just not enough. The community that trusts these certificates must be notified that
the certificates are no longer valid. This is accomplished via a certificate revocation list (CRL) or the Online
Certificate Status Protocol (OCSP). The CRL is published on a regular basis, but it isn’t current once it’s
published.
A CRL contains a list of serial numbers for digital certificates that have not expired, but that a CA has
specified to be invalid. Typically, the serial number of a digital certificate is placed in a CRL because the
digital certificate has been compromised in some way.
A certificate is revoked either when the information contained in the certificate is supposedly
compromised or when the certificate expires. The revocation request can be initiated by the following
entities:
The certificate holder
The CA itself
Another CA that issued certificates
An associated RA
During the process of revocation, the requesting entity should be duly authenticated as with a regular
transaction. The procedure used to authenticate the entity during revocation remains the same as that
used to issue the certificate. The revocation request carries a digital signature with a valid digital
certificate.
The CA that entertains the revocation request placed by an entity decides the amount of time necessary to
process the request. This is referred to as the revocation request grace period.
Understanding Certificate Revocation
Online Certificate Status Protocol (OCSP) is the mechanism used to
immediately verify whether a certificate is valid.
OCSP solves the latency problem:
If the recipient or relying party uses OCSP for verification, the answer is
available immediately.
Certificate suspension occurs when a certificate is under investigation to
determine if it should be revoked. This mechanism allows a certificate to
stay in place, but it is not valid for any type of use during the suspension.
Like the status checking that occurs with revoked certificates, users and
systems are notified of suspended certificates in the same way.
The primary difference is that new credentials will not need to be
retrieved; it is only necessary to be notified that current credentials have
had a change in status and are temporarily not valid for use.
Implementing Trust Models
Trust Models (3:41)
In the single certificate authority (CA) model, only one CA exists to issue and
revoke certificates. Although this model may be beneficial to smaller
organizations because of its administrative simplicity, it has the potential to
present problems. If the private key of the CA becomes compromised, all the
issued certificates from that CA would then be invalid.
Cross certification is primarily used to establish trust between different PKIs and
build an overall PKI hierarchy. The process implies the establishment of a trust
relationship between two CAs through the signing of another CA’s public key in
a certificate referred to as a cross certificate.
Cross certification allows users to build a trust relationship between different
certification hierarchies, when users are required to communicate, and might
require authentication for legitimate connections.
CAs are organized in a trust hierarchy or trust mesh.
In a hierarchy model, a root CA is at the top of a CA trust hierarchy and contains a
root certificate, which is used to sign certificates for CAs in the level immediately
below the root CA.
In a mesh model, CAs may certify other CAs, provided no naming constraints are
applied.
Hierarchical Trust Models
A Hierarchical trust model, also known as
a tree, (hierarchy of certificate servers) is
the most common model.
In a hierarchical trust model, the
intermediate CAs only trust information
that is provided from the root CA.
Additionally, the root CA will also trust
intermediate CAs that are in their
hierarchy.
This might be the most common
implementation in a large organization
that wants to extend its certificate
processing capabilities.
Hierarchical models allow tight control
over certificate-based activities at all levels
of the hierarchical tree.
In this situation, the intermediate CAs trust only
the CAs directly above them or below them.
Bridge Trust Models
In a bridge trust model, a peer-to-peer
relationship exists between the root CAs. Each of
the root CAs can communicate with each other,
allowing cross certification.
It is possible to have a single CA, known as the
bridge CA, be the central point of trust.
This allows a certification process to be
established between organizations or
departments.
Each of the intermediate CAs trusts only the CAs
above and below it, but the CA structure can now
be expanded without creating additional layers of
CAs.
Additional flexibility and interoperability between
organizations are the primary advantages of a
bridge model.
Lack of trustworthiness of the root CAs can be a
major disadvantage. If one of the root CAs doesn’t
maintain tight internal security an illegitimate
certificate could become available to all the users
in the bridge structure and its subordinate or
intermediate CAs.
This model may be useful if you’re dealing with a
large, geographically dispersed organization or you
have two organizations that are working together.
The intermediate CAs communicate only with their
respective root CA. All cross certification is handled
between the two root CA systems.
Mesh Trust Models
An alternative to the hierarchical model is the
mesh trust model, often referred to as the
cross-certification model or Web of Trust.
The mesh model expands the concepts of the
bridge model by supporting multiple paths and
multiple root CAs. Certificate authorities are
considered peers to one another. It also has the
ability to cross certify with the other root CAs in
the mesh. This may also be referred to as a web
structure.
This structure may be useful in a situation
where several organizations must cross-certify
certificates.
The advantage is that you have more flexibility
when you configure the CA structures.
The major disadvantage of a mesh is that each
root CA must be trustworthy in order to
maintain security.
Each of the root CAs can cross-certify
with the other root CAs in the mesh.
Hybrid Trust Model
A hybrid trust model can use
the capabilities of any or all of
the structures that have been
discussed in the previous
sections. You can be extremely
flexible when you build a hybrid
trust structure.
The major difficulty with hybrid
models is that they can become
complicated and confusing. A
user can unintentionally acquire
trusts that they shouldn’t have
obtained. In addition,
relationships between CAs can
continue long past their
usefulness, even after the
parent organizations have
terminated their relationships.
Notice the single intermediate CA server on the right side is the
only server that is known by the CA below it.
The subordinates of the middle-left CA are linked to the two CAs
on its sides. These two CAs don’t know about the other CAs,
because they are linked only to the CA that provides them a
connection.
The two intermediate servers in the middle of the illustration and
their subordinates trust each other; they don’t trust others that
aren’t in the link.
Preparing for Cryptographic Attacks
Specific attacks on cryptographic systems can be divided into three
types:
Attacking the key
Key attacks are typically launched to discover the value of a key by attacking the
key directly. The keys can be passwords, encrypted messages, or other key-based
encryption information. An attacker might try to apply a series of words, commonly
used passwords, and other randomly selected combinations to crack a password.
The anticipated amount of time it takes to break a password depends on the
length of the password and the characters used in the password. Making keys
longer and more complicated tends to make key attacks more difficult.
Attacking the algorithm
The programming instructions and algorithms used to encrypt information are as
much at risk as the keys. Many algorithms have well-publicized back doors. If a
weakness in the programming or model used to develop an algorithm is discovered,
a significant security exposure may exist.
Intercepting the transmission
The process of intercepting a transmission may, over time, allow attackers to
inadvertently gain information about the encryption systems used and then use
frequency analysis to break an algorithm. Human error is also a problem in security
situations, and it’s likely that someone will unintentionally release information that
can be used to undermine a security system.
Preparing for Cryptographic Attacks
You should also be aware of the following three types of attacks:
Birthday attack
A birthday attack is an example of an attack targeted at the key. It isn’t an attack
on the algorithm itself, just on the results. If your key is hashed, the possibility is that
given enough time, another value can be created that will give the same hash value.
Birthday attacks are based on the statistical likelihood of a match. As the key
length grows, the probability of a match decreases.
 Weak key attack
Weak key attacks are based on the premise that many common passwords are
used by lots of people. If the key length is short, the resulting hash value will be
easier to guess.
Make sure your users use passwords and encryption keys that are hard to guess.
The longer and more complicated a password is, the more difficult it is to
successfully launch a weak key attack against it. Enforcing strict password guidelines
can minimize this vulnerability.
Mathematical attack
Mathematical attacks can be focused on the encryption algorithm itself, the key
mechanism, or any potential area of weakness in the algorithm. These attacks
use mathematical modeling and statistical analysis to determine how the system
operates.
These types of attacks depend on intercepting large amounts of data and
methodically attempting to decrypt the messages using one of the methods
previously described.
Understanding Cryptography
Standards and Protocols
Several U.S. government agencies are involved in the creation of standards for
secure systems. They either directly control specific sectors of government or
provide validation, approval, and support to government agencies.
National Security Agency
The National Security Agency (NSA) is responsible for creating codes, breaking codes, and
coding systems for the U.S. government. For many years, the government didn’t publicly
acknowledge its existence.
The NSA is responsible for obtaining foreign intelligence and supplying it to the various U.S.
government agencies that need it. The NSA’s missions are extremely classified, but its finger is in
everything involving cryptography and cryptographic systems for the U.S. government,
government contractors, and the military.
 National Security Agency/Central Security Service
The National Security Agency/Central Security Service (NSA/CSS) is an independently
functioning part of the NSA. It was created in the early 1970s to help standardize and support
Department of Defense (DoD) activities. The NSA/CSS supports all branches of the military.
 National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) develops general-purpose
encryption standards for the U.S. government. One of the many things they do is publish lists of
known vulnerabilities in software and operating systems.
NIST was formerly known as the National Bureau of Standards (NBS). NIST has become very
involved in cryptography standards, systems, and technology in a variety of areas.
Industry Associations and the Developmental Process
The need for security in specific industries, such as the banking
industry, has driven the development of standards. Standards
frequently begin as voluntary or proprietary efforts.
The Request for Comments (RFC) is essentially a proposed
standard document that is requesting people review it and
make comments on the proposed standard for the Internet.
The RFC editor manages the RFC process.
The editor is responsible for cataloging, updating, and tracking
RFCs through the process.
The RFC is then thrown open to the computer-user community
for comments and critique.
This process ensures that all interested parties have the
opportunity to comment on an RFC.
Industry Associations and the Developmental Process
American Bankers Association
The American Bankers Association (ABA) has been very involved in the security
issues facing the banking and financial industries. Banks need to communicate with
each other in a secure manner. The ABA sponsors and supports several key
initiatives regarding financial transactions.
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is an international community of
computer professionals, which includes network engineers, vendors, administrators,
and researchers.
The IETF is mainly interested in improving the Internet. It is also very interested in
computer security issues. The IETF uses working groups to develop and propose
standards.
Internet Society
The Internet Society (ISOC) is a professional group that is comprised primarily of
Internet experts. The ISOC oversees a number of committees and groups, including
the IETF.
World Wide Web Consortium
The World Wide Web Consortium (W3C) is a standards body that is primarily
interested in developing standards (like XML) for the web as well as the
interoperability, growth, and standardization of the World Wide Web.
Industry Associations and the Developmental Process
International Telecommunications Union
The International Telecommunications Union (ITU) is responsible for
virtually all aspects of telecommunications and radio communications
standards worldwide.
The ITU is broken into three main groups that are targeted at specific
areas of concern:
ITU-R is concerned with radio communication and spectrum management.
ITU-T is concerned with telecommunication standards.
ITU-D is concerned with expanding telecommunications throughout undeveloped
countries.
Institute of Electrical and Electronics Engineers
The Institute for Electrical and Electronics Engineers (IEEE) is primarily
concerned with standards for both electrical and electronic items.
IEEE is an international organization focused on technology and related
standards. IEEE is organized into several working groups and standards
committees. IEEE is very actively involved in the development of PKC,
wireless, and networking protocols standards.
Ethernet is an IEEE standard.
Public Domain Cryptography
Public domain cryptography refers to the standards and protocols that
emerge from individual or corporate efforts and are released to the
general public for use.
PGP and RSA are two common public cryptographic initiatives:
Pretty Good Privacy
Pretty Good Privacy (PGP) was developed by Phil Zimmerman for humanitarian
reasons. In 1991, he published the encryption system on the Internet. His stated
objective was to preserve privacy and protect citizens from oppressive
governments.
PGP is used for signing, encrypting, and decrypting email messages. PGP is used
to send and receive emails in a confidential, secure fashion.
Since its release, PGP has become a de facto standard for e-mail encryption. PGP
uses both symmetrical and asymmetrical encryption.
RSA
RSA provides cryptographic systems to both private businesses and the
government. The name RSA comes from the initials of its three founders (Rivest,
Shamir, and Adleman). RSA has been very involved in developing Public-Key
Cryptography Standards (PKCS), and it maintains a list of standards for PKCS.
RSA is used for the SSL/TLS key exchange. After the key exchange, the Web client
uses a Web server’s key information to authenticate the Web server. Finally, the
Web client and the Web server establish an encrypted connection and exchange
data on an SSL-encrypted connection.
Public-Key Infrastructure X.509/Public-Key
Cryptography Standards
The Public-Key Infrastructure X.509 (PKIX), a working group formed by the IETF,
develops standards and models for the PKI environment. The PKIX working group is
responsible for the X.509 standard.
The Public-Key Cryptography Standards (PKCS) is a set of voluntary standards created by
RSA and security leaders. Early members of this group included Apple, Microsoft, DEC
(now HP), Lotus, Sun, and MIT.
Currently, there are 15 published PKCS standards:
PKCS #1: RSA Cryptography Standard
PKCS #2: Incorporated in PKCS #1
PKCS #3: Diffie-Hellman Key Agreement Standard
PKCS #4: Incorporated in PKCS #1
PKCS #5: Password-Based Cryptography Standard
PKCS #6: Extended-Certificate Syntax Standard
PKCS #7: Cryptographic Message Syntax Standard
PKCS #8: Private-Key Information Syntax Standard
PKCS #9: Selected Attribute Types
PKCS #10: Certification Request Syntax Standard
PKCS #11: Cryptographic Token Interface Standard
PKCS #12: Personal Information Exchange Syntax Standard
PKCS #13: Elliptic Curve Cryptography Standard
PKCS #14: Pseudorandom Number Generators
PKCS #15: Cryptographic Token Information Format Standard
X.509
The X.509 standard defines a framework for authentication services by a directory and the format of required data for
digital certificates. The X.509 standard is the accepted standard for certificate formats and public key fields for use in PKI. It
also defines the procedures that should be used to distribute public keys.
The X.509 version 2 certificates are still used as the primary method of issuing CRL certificates.
An X.509 Certificate Revocation List (CRL) contains a list of serial numbers of unexpired or revoked digital certificates that
should be considered invalid. CRLs are created by certification authorities (CAs).
All X.509 certificates have the following:
Signature, which is the primary purpose for the certificate
Version
Serial number
Signature algorithm ID
Issuer name
Validity period
Subject name
Subject public key information
Issuer unique identifier (relevant for versions 2 and 3 only)
Subject unique identifier (relevant for versions 2 and 3 only)
Extensions (in version 3 only)
Information about the signature algorithm identifier, user’s public key information, and serial number of the issuing
certificate authority (CA) is all included within a digital certificate.
The validity period identifies the time frame for which the private key is valid, if the private key has not been compromised.
This period is indicated with both a start and an end time, and may be of any duration, but it is often set to one year.
The X.509v3 certificate is the most commonly used certificate in the PKI environment.
SSL and TLS
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the most
widely used cryptographic protocols for managing secure communication
between a client and server over the Web. Both essentially serve the same
purpose with TLS being the successor of SSL.
HTTPS and TLS/SSL (2:25)
SSL is used to establish a secure communication connection between two TCPbased machines.
When a connection request is made to the server, the server sends a message back
to the client indicating a secure connection is needed.
The client then sends the server a certificate indicating the capabilities of the client.
The server then evaluates the certificate and responds with a session key and an
encrypted private key.
SSL supports an encryption key length of 40 bits or 128 bits.
SSL uses public key or symmetric encryption, and provides data encryption and
server authentication. SSL version 2 provides client-side authentication. To
enable SSL to operated, the server and the client browser must have SSL
enabled.
The main advantage of SSL is that SSL supports additional application layer
protocols, such as FTP and NNTP. HTTP does not. SSL is used to protect Internet
transactions. It works in conjunction with HTTP to provide secure HTTP
connections (HTTPS). When SSL is used, the browser address will have the
https:// prefix, instead of the http:// prefix.
A common implementation of SSL is wireless transport layer security (WTLS) for
wireless networks. WTLS transmission is required to traverse both wired and
wireless networks. Therefore, the packets that are decrypted at the gateway are
required to be re-encrypted with SSL for use over wired networks. This is a
security loophole referred to as the Wap Gap security issue.
The main vulnerabilities of SSL are small key sizes and outdated CRLs.
The SSL connection process
SSL and TLS
Transport Encryption Algorithms (9:13)
Transport Layer Security (TLS) is a security protocol
that combines SSL and other security protocols.
SSL/TLS serves as the security layer in a TCP session.
Many industry analysts predict that TLS will replace
SSL in the near future.
TLS consist of two additional protocols:
TLS record protocol
The record protocol provides connection security.
TLS handshake protocol
The handshake protocol allows the client and sever to
authenticate to one another.
SSL with TLS supports both server and client
authentication. In most cases, the use of SSL and TLS
is single sided. Only the server is being
authenticated as valid with a verifiable certificate.
For example, when conducting an online banking
transaction, one can be assured they are at the
legitimate site by verifying the server side certificate,
whereas the client is verified by a means other than
a certificate, such as a username and password.
The TLS connection process
Certificate Management Protocols
Certificate Management Protocol (CMP) is a
messaging protocol used between PKI entities.
This protocol isn’t yet widely used, but you may
encounter it in some PKI environments.
XML Key Management Specification (XKMS) is a
standard of the World Wide Web Consortium
(W3C). XKMS is designed to allow XML-based
programs access to PKI services.
Secure Multipurpose Internet Mail Extensions
Secure/Multipurpose Internet Mail Extensions (S/MIME)
provides email privacy using encryption and authentication via
digital signatures. It uses the PKCS #7 standard (Cryptographic
Message Syntax Standard) and is the most widely supported
standard used to secure e-mail communications.
MIME is the de facto standard for e-mail messages. S/MIME,
which is a secure version of MIME, was originally published to
the Internet as a standard by RSA. It provides asymmetric
encryption, integrity, and authentication when used in
conjunction with PKI.
S/MIME version 3, the current version, is supported by IETF, and
is defined in Request for Comments (RFC) 2633. S/MIME 3
provides non-repudiation, authentication, and integrity for email messages.
Secure Electronic Transaction
Secure Electronic Transaction (SET) provides
encryption for credit card numbers that can be
transmitted over the Internet. It was developed by
Visa and MasterCard and is becoming an accepted
standard by many companies.
SET is most suited for transmitting small amounts
of data.
SET works in conjunction with an electronic wallet
that must be set up in advance of the transaction.
An electronic wallet is a device that identifies you
electronically in the same way as the cards you
carry in your wallet.
The consumer must establish an electronic wallet
that is issued by the consumer/issuing bank.
When the consumer wants to make a purchase,
they communicate with the merchant.
The wallet is accessed to provide credit/payment
information.
The merchant then contacts the credit processor
to complete the transaction.
The credit processor interfaces with the existing
credit network.
In this situation, the transactions between the
issuing bank, the consumer, the merchant, and the
credit processor all use SET.
The SET transaction in process
Secure Shell
Secure Shell (SSH) is a tunneling protocol
originally used on Unix systems, and is now
available for Windows environments.
SSH and Encrypted File Transfer (2:55)
SSH is primarily intended for interactive
terminal sessions. SSH utilizes the
asymmetric (public key) RSA cryptography
method to provide an authenticated and
encrypted data stream, as opposed to the
cleartext communications of a Telnet session.
The handshake process between the client
and server is similar to the process described
in SSL.
SSH connections are established in two
phases:
The first phase is a secure channel to negotiate
the channel connection
The second phase is a secure channel used to
establish the connection
Data encryption with SSH is accomplished
using one of the following algorithms: IDEA,
Blowfish, or DES.
The SSH connection-establishment process
Pretty Good Privacy
Asymmetric Encryption with PGP and GPG (12:36)
Pretty Good Privacy (PGP) is a computer
program used for signing, encrypting, and
decrypting email messages.
PGP is used to send and receive emails in a
confidential, secure fashion.
PGP uses symmetric and asymmetric
schemes to encrypt data. It follows the
OpenPGP format using a combination of
public key and private key encryption
With PGP, a document is encoded using a
public key and a session key, which is a oneuse random number, to create the ciphertext.
The session key is encrypted into the public
key and sent with the ciphertext.
On the receiving end, the private key is used
to weed out the session key.
The session key and the private key are then
used to decrypt the ciphertext back into the
original document.
.
The PGP encryption system
HTTP Secure and Secure HTTP
Hypertext Transfer Protocol Secure (HTTPS) securely transmits Web pages over
Secure Sockets Layer (SSL).
The connection is protected, and all traffic between the two computers is
encrypted. HTTPS uses Secure Sockets Layer (SSL) or Transport Layer Security
(TLS). It uses private key encryption to encrypt the entire channel.
HTTPS employs X.509 digital certificates and operates over port 443.
An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP),
which was developed to support connectivity for banking transactions and
other secure web communications
S-HTTP allows computers to negotiate an encryption connection and is not as
secure as HTTPS. It uses document encryption to protect the HTTP document’s
contents only.
S-HTTP also uses port 443 by default.
IPIPsec
Security
(1:47)
Internet Protocol Security (IPSec) is a dual mode end-to-end security scheme that operates at the Network
Layer of the OSI model, also known as the Internet Layer within the IP Suite.
For IPSec to work, the sending and receiving devices must share a public key.
IPSec is often used with L2TP to create virtual private networks (VPNs). A virtual private network (VPN) is
used to encrypt data over an unsecure public network such as the Internet.
IPSec supports two encryption modes:
Transport
In transport mode, only the message part of a packet (the payload) is encrypted by Encapsulating Security Payload (ESP).
Tunnel
In IPSec tunnel mode, the entire packet including the packet header and the routing information is encrypted.
Either of the two modes can be used to secure either gateway-to-gateway or host-to-gateway
communication. If used in gateway-to-host communication, the gateway must act as the host.
IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols.
AH provides the authentication mechanism, and ESP provides encryption, confidentiality, and message
integrity.
Both can operate in Transport mode or Tunnel mode.
Cisco routers have support for IPSec built into the product.
IPSec provides security by protecting against traffic analysis and replay attacks.
The most effective attack against an IPSec-based VPN is a man in the middle attack.
Tunneling Protocols
Tunneling protocols add the capability to create tunnels between networks that
can be more secure, support additional protocols, and provide virtual paths
between systems.
The most common protocols used for tunneling are as follows:
Point-to-Point Tunneling Protocol
Point-to-Point Tunneling Protocol (PPTP) enables the secure transfer of data from a remote
client to a private server by creating a VPN across a TCP/IP network. PPTP supports on-demand,
multiprotocol, and virtual private networking over public networks, such as the Internet.
The negotiation between the two ends of a PPTP connection is done in the clear.
Then the channel is encrypted. This is one of the major weaknesses. A sniffer, can captures the
negotiation process and determine the connection type and information about how the tunnel
works. PPTP uses port 1723 and TCP for connections.
Layer 2 Forwarding
Layer 2 Forwarding (L2F) creates tunnels primarily for dial-up connections. It’s similar in
capability to PPP and shouldn’t be used over WANs. L2F provides authentication, but not
encryption. L2F uses port 1701 and TCP for connections.
Layer 2 Tunneling Protocol
Layer 2 Tunneling Protocol (L2TP), a hybrid of PPTP and L2F, is an encapsulated tunneling
protocol often used to support the creation of VPNs. It’s primarily a point-to-point protocol.
L2TP supports multiple network protocols such as IPX, SNA, and IP, so it can be used as a
bridge across many types of systems. The major problem is that it doesn’t provide data security.
The information isn’t encrypted. Security can be provided by protocols such as IPSec. L2TP uses
port 1701 and UDP for connections.
Wireless Encryption
Wireless Transport Layer Security
Wireless Transport Layer Security (WTLS) provides an encrypted and authenticated
connection between a wireless client and a server.
WTLS, similar in function to TLS, is used to support wireless devices, which don’t yet
have extremely powerful processors.
WEP vs. WPA (4:18)
Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a
wired network.
WEP uses the RC4 cipher for confidentiality; however, the WEP algorithm, although
widely used, is no longer considered secure and has been replaced, largely by WPA.
To make the encryption stronger, Temporal Key Integrity Protocol (TKIP) can also be
employed. TKIP uses the RC4 algorithm, and does not require an upgrade to existing
hardware.
The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) technologies
were designed to address the core problems with WEP.
The WPA2 standard implements the 802.11i-2004 protocols, and is currently the highest
standard for Wi-Fi communication security.
Understanding Key Management
and the Key Life Cycle
Public Key Infrastructure (3:33)
Key management includes the following stages/areas:
Centralized versus decentralized key generation
Key storage and distribution
Key escrow
Key expiration
Key revocation
Key suspension
Key recovery and archival
Key renewal
Key destruction
Key usage
The certificate key life cycle refers to those events required to create, use, and destroy
public keys and the digital certificates with which they are associated. The certificate life
cycle is typically based on two documents: the certificate policy and the certification
practice statement (CPS).
Three basic status levels exist in most public key infrastructure (PKI) solutions: Valid,
Suspended, and Revoked.
Comparing Centralized and
Decentralized Key Generation
Key generation (creating the key) is an
important first step in the process of working
with keys and certificates. Certificates are one
of the primary methods used to deliver keys to
end entities. Key length and the method used
to create the key also affect the security of the
system in use.
Centralized Key Generation
Although the benefit of central control may be
seen as an advantage, a centralized system also
has other disadvantages:
Additional required infrastructure
A need to positively authenticate the end entity
prior to transmitting the private key
Key archival and storage process may be
vulnerable to an attack against a single point
The need for a secure channel to transmit the
private key.
Transmitting private keys is a major concern.
Private keys are typically transported using outof-band methods to ensure security.
A centralized key-generating facility
Comparing Centralized and
Decentralized Key Generation
Decentralized Key Generation
In a decentralized key generation
system, the end user generates his or
her own key pair.
One of the primary advantages of using
decentralized/distributed key
generation is that the key distribution
isn’t vulnerable to a single point of
failure or attack.
Decentralized generation addresses the
distribution issue, but it creates a
storage and management issue.
Split-System Key Generation
Many systems, including the PKI system,
require the use of a split system. In a
split system, the central server
generates encryption keys. Digital
signature keys are created at the client
or in a smart card.
A distributed key-generating
system
In this situation, the loss of any single keygenerating system doesn’t disrupt the entire
network.
The RA in the figure refers to a registration
authority, and the CA refers to a certificate
authority.
Storing and Distributing Keys
Proper key storage requires
that the keys be physically
stored in a secure
environment.
This may include using locked
cabinets, hardened servers,
and effective physical and
administrative controls.
Where and how keys are
stored affects how they are
distributed.
Distributing keys is usually
accomplished using a Key
Distribution Center (KDC), as
used in Kerberos, or by using a
Key Exchange Algorithm
(KEA), as in the case of PKI.
Kerberos uses a KDC to store, distribute and maintain
cryptographic session keys and secret keys, and keep a list of
revoked keys.
The master key is used to exchange the session keys. The keys
are automatically distributed to the communicating client
and the server. The KDC also provides the authentication
services for the users.
The client requests resource access through the KDC. As a
response to the request, the KDC generates a session key that
is a combination of the secret keys of the client and the
server. The session key is decrypted by both the client and
the server to successfully authenticate to each other and to
initiate communication.
Storing and Distributing Keys
The KEA process is slightly
different from the KDC
process.
KEA is used to create a
temporary session to
exchange key information.
This session creates a
secret key.
The KEA session
terminates once the key
has been successfully
transmitted, and the
regular session begins.
The KEA process
Using Key Escrow
Key Escrow (2:47)
A key escrow system stores keys for the purpose of law enforcement
access.
If a criminal investigation is underway, law enforcement agents, with a
search warrant, have the right to access and search records within the
scope of the warrant.
Key escrow occurs when a CA or other entity maintains a copy of the
private key associated with the public key signed by the CA. It allows the
CA or escrow agent to have access to all the information that is
encrypted using the public key from a user’s certificate, as well as create
digital signatures on behalf of the users.
Key escrow can also allow access to information in a PKI system if the
client’s private key becomes unavailable for some reason.
It also enables an organization to overcome the large problem of
forgotten passwords. Rather than revoke and reissue now keys, an
organization can generate a new certificate using the private key stored
in escrow.
Identifying Key Expiration
A key expiration date identifies when a key is no
longer valid.
Normally, a key is date stamped. This means that it
becomes unusable after a specified date.
A new key or certificate is normally issued before the
expiration date. Keys with expiration dates work
similarly to credit cards that expire.
So long as the certificate holder’s needs or identity
information has not changed, the process is relatively
simple.
After the issuing CA validates the entity’s identity, a
new certificate can be generated based on the
current public key.
Revoking Keys
Key Revocation (2:54)
Implementing Key Revocation (2:19)
Keys are revoked when they are compromised, the authentication process has
malfunctioned, when people are transferred, and when many other security
risks occur.
Revoking a key keeps it from being misused. A revoked key must be assumed to
be invalid or possibly compromised.
A component of public key infrastructure (PKI) includes a mechanism for
distributing certificate revocation information, called certificate revocation lists
(CRLs).
A CRL is used when verification of digital certificate takes place to ensure the
validity of a digital certificate.
Systems such as PKI use a CRL to perform a check on the status of revoked keys.
Revocations are permanent. Once a certificate is revoked, it can’t be used again;
a new key must be generated and issued.
Suspending Keys
Suspending keys is a good practice: It disables a key, making it unusable
for a certain period of time. This can prevent the key from being used
while someone is gone. The key can be reactivated when that person
returns.
If an employee were to take a leave of absence, the employee's key
could be suspended until they came back to work.
This temporary suspension would ensure that the key would not be
usable during their absence.
A suspension might also occur if a high number of failed authentications
or other unusual activities were occurring.
Checking the status of suspended keys is accomplished by checking with
the certificate server or by using other mechanisms.
In a PKI system, a CRL would be checked to determine the status of a
certificate.
Recovering and Archiving Keys
Key recovery is the process of restoring a key pair from a
backup and recreating a digital certificate using the recovered
keys.
A key recovery process must be able to recover a previous key.
If not recovered, then all the information for which the key
was used will be irrecoverably lost.
Key Recovery (3:10)
Implementing Key Recovery (2:30)
One of the problems with a key-based system is that older
information, unless processed with a new key, may become
inaccessible.
If for example, you have a two-year-old file on your system and
it is still encrypted, will you remember which key was used to
encrypt it two years ago? If you are like most people, you
won't. If you can't decrypt the data, it is useless.
To deal with this problem, archiving old keys is essential. Any
time a user or key generator creates and issues a key, the key
must also be sent to the key archive system. This is most easily
done on a server that offers secure storage. Older keys can be
stored and retrieved when necessary.
The key archival system
Many recovery and archive systems use the M of N Control
method of access. Simply stated, in order to access the key
server if n number of administrators have the ability to
perform a process, m number of those administrators must
authenticate for access to occur.
M of N control as it relates to PKI refers to the concept of
backing up the public and private key across multiple systems.
This multiple backup provides a protective measure to ensure
that no one individual can re-create his or her key pair from
the backup.
Renewing Keys
Key renewal defines the process of enabling a key for use
after its scheduled expiration date.
A key would be reissued for a certain time in this situation.
This process is called a key rollover. In most cases, the
rollover of keys is something that occurs for a given time
frame.
In general, key renewals are a bad practice and should not
be performed except in the direst of situations.
The longer a key is used, the more likely it is to be
compromised.
It is always better to renew keys than to do a key rollover.
Many systems provide a way to renew existing keys, rather
than a rollover.
Destroying Keys
Key destruction is the process of destroying keys that have become invalid. For
example, an electronic key can be erased from a smart card.
Many symmetrically based encryption systems use a dedicated device to carry
the key for the encryption. This key would be physically delivered to the site
using the encryption system. Old keys would be recovered and destroyed.
If the key pair to be destroyed is used for digital signatures, the private key
portion should be destroyed first, to prevent future signing activities with the
key.
In addition, a digital certificate associated with a key that is no longer valid
should be added to the CRL regardless of whether the key is actually destroyed
or archived.
Whether you’re using physical keys or software-oriented key systems, old keys
must be destroyed in a manner that ensures they don’t fall into unauthorized
hands.
Identifying Key Usage
During the time when the key is not being
revoked, suspended, renewed, or destroyed, it is
being used.
Key usage is simply the use (and management) of
public and private keys for encryption.
There is nothing additional to know here, thank
goodness!
The End