Chapter 7 Overview

May 10, 2018 | Author: http://utsit.blogspot.com.au/ | Category: Public Key Cryptography, Key (Cryptography), Cryptography, Cryptanalysis, Transport Layer Security
Share Embed Donate


Short Description

Uploaded from Google Docs...

Description

CCNA Security

Chapter Seven Cryptographic Systems

 © 2009 Cisco Learning Institute. Institute.

1

Lesson Planning • This lesson should take 3-4 hours to present • The lesson should include lecture, demonstrations, discussions and assessments • The lesson can be taught in person or using remote instruction

 © 2009 Cisco Learning Institute. Institute.

2

Major Concepts • Describe how the types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication • Describe the mechanisms to ensure data integrity and authentication • Describe the mechanisms used to ensure data confidentiality • Describe the mechanisms used to ensure data confidentiality and authentication using a public key  © 2009 Cisco Learning Institute. Institute.

3

Lesson Objectives Upon completion of this lesson, the successful participant will be able to: 1. Describe the requirements of secure communications including integrity, authentication, and confidentiality 2. Describe cryptography and provide an example 3. Describe cryptanalysis and provide an example 4. Describe the importance and functions of cryptographic hashes 5. Describe the features and functions of the MD5 algorithm and of the SHA-1 algorithm 6. Explain how we can ensure authenticity using HMAC 7. Describe the components of key management

 © 2009 Cisco Learning Institute. Institute.

4

Lesson Objectives 8. Describe how encryption algorithms provide confidentiality 9. Describe the function of the DES algorithms 10. Describe the function of the 3DES algorithm 11. Describe the function of the AES algorithm 12. Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithm 13. Describe the function of the DH algorithm and its supporting role to DES, 3DES, and AES 14. Explain the differences and their intended applications 15. Explain the functionality of digital signatures 16. Describe the function of the RSA algorithm 17. Describe the principles behind a public key infrastructure (PKI)

 © 2009 Cisco Learning Institute. Institute.

5

Lesson Objectives 18. Describe the various PKI standards 19. Describe the role of CAs and the digital certificates that they issue in a PKI 20. Describe the characteristics of digital certificates and CAs

 © 2009 Cisco Learning Institute. Institute.

6

Secure Communications CSA

MARS Firewall

VPN IPS

CSA

VPN

Remote Branch

CSA

Iron Port

CSA

CSA CSA

CSA CSA Web Server

Email Server

DNS

• Traffic between sites must be secure • Measures must be taken to ensure it cannot be altered, forged, or deciphered if intercepted  © 2009 Cisco Learning Institute. Institute.

7

 Authentication • An ATM Personal Information Number (PIN) is required for authentication. • The PIN is a shared secret between a bank account holder and the financial institution.

 © 2009 Cisco Learning Institute. Institute.

8

Integrity

• An unbroken wax seal on an envelop ensures integrity. • The unique unbroken seal ensures no one has read the contents.  © 2009 Cisco Learning Institute. Institute.

9

Confidentiality

I O D Q N H D V W D W W D F N D W G D Z Q

 © 2009 Cisco Learning Institute. Institute.

• Julius Caesar would send encrypted messages to his generals in the battlefield. • Even if intercepted, his enemies usually could not read, let alone decipher, the messages.

10

History Scytal Scytale e - (700 (700 BC)

Vigenère table 

German Enigma Machine 

Jefferson encryption device 

 © 2009 Cisco Learning Institute. Institute.

11

Transposition Ciphers 1 FLANK EAST  ATTACK AT DAWN

The clear text message would be encoded using a key of 3.

Clear Text

2 F...K...T...T...A...W. .L.N.E.S.A.T.A.K.T.A.N ..A...A...T...C...D...

Use a rail fence cipher and a key of 3.

FKTTAW LNESATAKTAN  AATCD

The clear text message would appear as follows.

3

Ciphered Text

 © 2009 Cisco Learning Institute. Institute.

12

Substitution Ciphers Caesar Cipher 1 FLANK EAST  ATTACK AT DAWN DAWN

The clear text message would be encoded using a key of 3.

Clear text

2  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

3 IODQN HDVW DWWDFN DW GDZQ

Shift the top scroll over by three characters (key of 3), an A becomes D, B becomes E, and so on.

The clear text message would be encrypted as follows using a key of 3.

Cipherered text  © 2009 Cisco Learning Institute. Institute.

13

Cipher Wheel 1 FLANK EAST  ATTACK AT DAWN

The clear text message would be encoded using a key of 3.

Clear text

2

Shifting the inner wheel by 3, then the A becomes D, B becomes E, and so on.

3 IODQN HDVW DWWDFN DW GDZQ

The clear text message would appear as follows using a key of 3.

Cipherered text  © 2009 Cisco Learning Institute. Institute.

14

 Vigenѐre Table a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

 A 

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

B

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

C

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

D

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

E

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

F

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

G

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

H

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

I

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

J

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

K

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

L

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

 M 

m

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

 N

n

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

O

o

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

P

p

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

Q

q

r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p



r

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

S

s

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

T

t

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

U

u

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

 V 

v

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

 W

w

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

X

x

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

Y

y

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

Z

z

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

 © 2009 Cisco Learning Institute. Institute.

15

Stream Ciphers • Invented by the Norwegian Army Signal Corps in 1950, the ETCRRM machine uses the Vernam stream cipher method. • It was used by the US and Russian governments to exchange information. • Plain text message is eXclusively OR'ed with a key tape containing a random stream of data of the same length to generate the ciphertext. • Once a message was enciphered the key tape was destroyed. • At the receiving end, the process was

Defining Cryptanalysis

Allies decipher secret NAZI encryption code!

Cryptanalysis is from the Greek words kryptós (hidden), and analýein (to loosen or to untie). It is the practice and the study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key.  © 2009 Cisco Learning Institute. Institute.

17

Cryptanalysis Methods Brute Force Attack Known Ciphertext

Successfully Unencrypted Key found

With a Brute Force attack, the attacker has some portion of ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys.  © 2009 Cisco Learning Institute. Institute.

18

Meet-in-the-Middle Attack  Known Ciphertext Use every possible decryption key until a result is found matching the corresponding plaintext.

Known Plaintext Use every possible encryption key until a result is found matching the corresponding ciphertext.

MATCH of Ciphertext! Key found

With a Meet-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencrypt unencr ypt the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found.  © 2009 Cisco Learning Institute. Institute.

19

Choosing a Cryptanalysis Method The graph outlines the frequency of letters in the English language.

1

For example, the letters E, T and A are the most popular.

There are 6 occurrences of the cipher letter D and 4 occurrences of the cipher letter W. 2 IOD IODQN HD H V    DV   W    WWD DWWDFN  W  W GDZQ D

Cipherered text

 © 2009 Cisco Learning Institute. Institute.

Replace the cipher letter D first with popular clear text letters including E, T, T, and finally A. Trying A would reveal r eveal the shift pattern of 3. 20

Defining Cryptology

Cryptology +

Cryptography

 © 2009 Cisco Learning Institute. Institute.

Cryptanalysis

21

Cryptanalysis

 © 2009 Cisco Learning Institute. Institute.

22

Cryptographic Hashes, Protocols, and Algorithm Examples Integrity

MD5 SHA

Authentication

Confidentiality

HMAC-MD5 HMAC-SHA-1 RSA and DSA

DES 3DES AES SEAL RC (RC2, RC4, RC5, and RC6)

HASH NIST

 © 2009 Cisco Learning Institute. Institute.

HASH w/Key Rivest

Encryption

23

Hashing Basics • Hashes are used for integrity assurance.

Data of Arbitrary Length

• Hashes are based on one-way functions. • The hash function hashes arbitrary data into a fixedlength digest known as the hash value, message digest, digest, or fingerprint.

 © 2009 Cisco Learning Institute. Institute.

Fixed-Length Hash Value

e883aa0b24c09f

24

Hashing Properties

Arbitrary length text

h  =

Why is x not in Parens?

H (x) Hash Function

Hash Value

 © 2009 Cisco Learning Institute. Institute.

X

(H) Why is H in Parens?



e883aa0b24c09f

25

Hashing in Action • Vulnerable to man-in-the-middle attacks - Hashing does not provide security to transmission.

• Well-known hash functions

I would like to cash this check.

- MD5 with 128-bit hashes - SHA-1 with 160-bit hashes

Internet Pay to Terry Smith $100.00

Pay to Alex Jones $1000.00

One Hundred and xx/100 Dollars

One Thousand and xx/100 Dollars

4ehIDx67NMop9

12ehqPx67NMoX

Match = No changes No match = Alterations  © 2009 Cisco Learning Institute. Institute.

26

MD5 • MD5 is a ubiquitous hashing algorithm • Hashing properties - One-way function—easy to compute hash and infeasible to compute data given a hash

MD5

- Complex sequence of simple binary operations (XORs, rotatio rotations, ns, etc.) etc.) which which finally finally produces a 128-bit hash.

 © 2009 Cisco Learning Institute. Institute.

27

SHA  • SHA is similar in design to the MD4 and MD5 family of hash functions - Takes an input message of no more than 264 bits - Produces a 160-bit message digest

• The algorithm is slightly slower than MD5.

SHA

• SHA-1 is a revision that corrected an unpublished flaw in the original SHA. • SHA-224, SHA-256, SHA-384, and SHA512 are newer and more secure versions of SHA and are collectively known as SHA-2.  © 2009 Cisco Learning Institute. Institute.

28

Hashing Example

In this example the clear text entered enter ed is displaying hashed results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the various var ious algorithm. The longer the key, key, the more secure the hash function.

 © 2009 Cisco Learning Institute. Institute.

29

Features of HMAC • Uses an additional secret key as input to the hash function

Data of Arbitrary Length

+

Secret Key

• The secret key is known to the sender and receiver - Adds authentication to integrity assurance - Defeats man-in-the-middle attacks

• Based on existing hash functions, such as MD5 and SHA-1.  © 2009 Cisco Learning Institute. Institute.

Fixed Length Authenticated Hash Value

e883aa0b24c09f

The same procedure is used for generation and verification of secure fingerprints 30

HMAC Example

Data

Received Data

Pay to Terry Smith

$100.00

One Hundred and xx/100

Dollars

HMAC (Authenticated Fingerprint)

Secret Key

4ehIDx67NMop9

Pay to Terry Smith

$100.00

One Hundred and xx/100

Dollars

4ehIDx67NMop9  © 2009 Cisco Learning Institute. Institute.

Pay to Terry Smith

$100.00

One Hundred and xx/100

Dollars

HMAC (Authenticated Fingerprint)

Secret Key

4ehIDx67NMop9

If the generated HMAC matches the sent HMAC, then integrity and authenticity have been verified. If they don’t match, discard the message. 31

Using Hashing Data Authenticity

Data Integrity

e883aa0b24c09f Fixed-Length Hash Value

Entity Authentication

• Routers use hashing with secret keys • Ipsec gateways and clients use hashing algorithms • Software images downloaded from the website have checksums • Sessions can be encrypted  © 2009 Cisco Learning Institute. Institute.

32

Key Management

Key Generation

Key Exchange

Key Verification Key Management

Key Storage

Key Revocation and Destruction

 © 2009 Cisco Learning Institute. Institute.

33

Keyspace DES Key 56-bit

Keyspace 256

11111111 11111111 11111111 11111111 11111111 11111111 11111111

# of Possible Keys 72,000,000,000,000,000 Twice as much time

57

2

57-bit

11111111 11111111 11111111 11111111 11111111 11111111 11111111 1

58-bit

11111111 11111111 11111111 11111111 11111111 11111111 11111111 11

258

144,000,000,000,000,000

288,000,000,000,000,000

259

59-bit

11111111 11111111 11111111 111 1 11111111 11111111 11111111 11111111 11

60-bit

11111111 11111111 11111111 11111111 11111111 11111111 11111111 1111

260

Four time as much time

576,000,000,000,000,000

With 60-bit DES an attacker would require sixteen more time than 56-bit DES

1,152,000,000,000,000,000

 For

each bit added to the DES key, the attacker would require twice the amount of time to search the keyspace.

 Longer

keys are more secure but are also more resource intensive and can affect throughput.

 © 2009 Cisco Learning Institute. Institute.

34

Types of Keys Symmetric Key

Asymmetric Key

Digital Signature

Hash

80

1248

160

160

Protection up to 10 years

96

1776

192

192

Protection up to 20 years

112

2432

224

224

Protection up to 30 years

128

3248

256

256

Protection against quantum computers

256

15424

512

512

Protection up to 3 years

Calculations are based on the fact that computing power will continue to grow at its present rate and the ability to perform brute-force attacks will grow at the same rate.  Note the comparatively short symmetric key lengths illustrating that symmetric algorithms are the strongest type of algorithm. 

 © 2009 Cisco Learning Institute. Institute.

35

Key Properties

Shorter keys = faster processing, but less secure

Longer keys = slower processing, but more secure

 © 2009 Cisco Learning Institute. Institute.

36

Confidentiality and the OSI Model • For Data Link Layer confidentiality, use proprietary linkencrypting devices • For Network Layer confidentiality, use secure Network Layer protocols such as the IPsec protocol suite • For Session Layer confidentiality, use protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) • For Application Layer confidentiality, use secure e-mail, secure database sessions (Oracle SQL*net), and secure messaging (Lotus Notes sessions)

 © 2009 Cisco Learning Institute. Institute.

37

Symmetric Encryption

Key

Encrypt $1000

Pre-shared key

$!@#IQ

Key

Decrypt

$1000

• Best known as shared-secret key algorithms • The usual usual key length length is 80 80 - 256 bits bits • A sender and receiver must share a secret key • Faster processing because they use simple mathematical operations. • Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.

 © 2009 Cisco Learning Institute. Institute.

38

Symmetric Encryption and XOR  The XOR operator results in a 1 when the value of either the first bit or the second bit is a 1 The XOR operator results in a 0 when neither or both  of the bits is 1 Plain Text

1

1

0

1

0

0

1

1

Key Key (Apply)

0

1

0

1

0

1

0

1

XOR (Cipher Text)

1

0

0

0

0

1

1

0

Key Key (Re‐Apply)

0

1

0

1

0

1

0

1

XOR (Plain Text)

1

1

0

1

0

0

1

1

 © 2009 Cisco Learning Institute. Institute.

39

 Asymmetric Encryption

Encryption Key

Encrypt $1000

Two separate keys which are not shared

%3f7&4

Decryption Key

Decrypt

$1000

• Also known as public key algorithms • The usual key length is 512–4096 bits • A sender and receiver do not share a secret key • Relatively slow because they are based on difficult computational algorithms • Examples include RSA, ElGamal, elliptic curves, and DH.  © 2009 Cisco Learning Institute. Institute.

40

 Asymmetric Example : Diffie-Hellman Get Out Your Calculators?

 © 2009 Cisco Learning Institute. Institute.

41

Symmetric Algorithms Symmetric Encryption Algorithm

Key length (in bits)

Description Designed at IBM during the 1970s and was the NIST standard until 1997. Although considered outdated, DES remains widely in use. Designed to be implemented only in hardware, and is therefore extremely slow in software.

DES

56

3DES

112 and 168

Based on using DES three times which means that the input data is encrypted three times and therefore considered cons idered much stronger than DES. However, However, it is rather slow compared to some new block ciphers such as AES.

AES

128, 192, and 256

Fast in both software and hardware, is relatively easy to implement, and requires little memory. memory. As a new encryption standard, it is currently being deployed on a large scale.

Software Encryption Algorithm (SEAL)

160

The RC series

RC2 (40 and 64) RC4 (1 to 256) RC5 (0 to 2040) RC6 (128, 192, and 256)

 © 2009 Cisco Learning Institute. Institute.

SEAL is an alternative algorithm to DES, 3DES, and AES. It uses a 160-bit encryption key and has a lower impact to the CPU when compared to other software-based algorithms. A set of symmetric-key encryption algorithms invented by Ron Rivest. RC1 was never published and RC3 was broken before ever being used. RC4 is the world's most widely used stream st ream cipher. RC6, a 128-bit block ccipher ipher based heavily on RC5, was an AES finalist developed in 1997. 42

Symmetric Encryption Techniques

blan blank k blan blank k 1100101

64 bits

01010010110010101

01010010110010101

64bits

64bits

Block Cipher – encryption encryption is completed completed in 64 bit blocks

01010100 01010100101 1010101 01010100 0100001 0010010 00100100 01001 1 0101010 01010100101 0101010 0101010 10100001 0001001 0010010 001001 01

Stream Cipher – encryption encryption is one one bit bit at a time  © 2009 Cisco Learning Institute. Institute.

43

Selecting an Algorithm

DE S

3DES

AES

The algorithm is trusted by the cryptographic community

Been replaced by 3DES

Yes

Verdict is still out

The algorithm adequately protects against brute-force attacks

No

Yes

Yes

 © 2009 Cisco Learning Institute. Institute.

44

DES Scorecard Description Timeline

Data Encryption Standard Standardized 1976

Type of Algorithm

Symmetric

Key size (in bits)

56 bits

Speed Time to crack (Assuming a computer could try 255 keys per second)

Resource Consumption  © 2009 Cisco Learning Institute. Institute.

Medium Days (6.4 days by the COPACABANA COPACABANA machine, a specialized specializ ed cracking device)

Medium

45

Block Cipher Modes ECB

CBC Message of Five 64-Bit Blocks

Message of Five 64-Bit Blocks Initialization Vector

D  E   S 

 © 2009 Cisco Learning Institute. Institute.

D  E   S 

D  E   S 

D  E   S 

D  E   S 

D  E   S 

D  E   S 

D  E   S 

D  E   S 

D  E   S 

46

Considerations • Change keys frequently to help prevent brute-force attacks.

DES

• Use a secure channel to communicate the DES key from the sender to the receiver. • Consider using DES in CBC mode. With CBC, the encryption of each 64-bit block depends on previous blocks. • Test a key to see if it is a weak key before using it.

 © 2009 Cisco Learning Institute. Institute.

47

3DES Scorecard Description Timeline

Triple Data Encryption Standard Standardized 1977

Type of Algorithm

Symmetric

Key size (in bits)

112 and 168 bits

Speed Time to crack (Assuming a computer could try 255 keys per second)

Resource Consumption  © 2009 Cisco Learning Institute. Institute.

Low 4.6 Billion years with current technology Medium

48

Encryption Steps

1

2

 © 2009 Cisco Learning Institute. Institute.

The clear text from fr om Alice is encrypted using Key 1. That ciphertext is decrypted using a different key, Key 2. Finally that ciphertext is encrypted using another key, key, Key 3.

When the 3DES ciphered text is received, the process is reversed. That is, the ciphered text must first be decrypted using Key 3, encrypted using Key 2, and finally decrypted using Key 1. 49

 AES Scorecard Description Timeline

Advanced Encryption Standard Official Standard since 2001

Type of o f Algorithm

Symmetric

Key size (in bits)

128, 192, and 256

Speed Time to crack (Assuming a computer could try 255 keys per second)

Resource Consumption  © 2009 Cisco Learning Institute. Institute.

High 149 Trillion years Low

50

 Advantages of AES • The key is much stronger due to the key length • AES runs faster than 3DES on comparable hardware • AES is more efficient than DES and 3DES 3D ES on comparable hardware The plain text is now encrypted using 128 AES

An attempt at deciphering the text using a lowercase, and incorrect key

 © 2009 Cisco Learning Institute. Institute.

51

SEAL Scorecard Description Timeline

Software-Optimized Encryption Algorithm First published in 1994. Current version is 3.0 (1997)

Type of Algorithm

Symmetric

Key size (in bits)

160

Speed

High

Time to crack (Assuming a computer could try 255 keys per second)

Resource Consumption

 © 2009 Cisco Learning Institute. Institute.

Unknown but considered very safe Low

52

Rivest Codes Scorecard Description

RC2

RC4

RC5

RC6

Timeline

1987

1987

1994

1998

Type of Algorithm

Block cipher

Stream cipher

Bloc lock ci cipher Block cipher

1 - 256

0 to 2040 bits (128 suggested)

Key size (in bits)

 © 2009 Cisco Learning Institute. Institute.

40 and 64

128, 192, or 256

53

DH Scorecard Description Timeline

Diffie-Hellman Algorithm 1976

Type of Algorithm Asymmetric Key size (in bits) Speed Time to crack (Assuming a computer could try 255 keys per second)

Resource Consumption

 © 2009 Cisco Learning Institute. Institute.

512, 1024, 2048 Slow Unknown but considered very safe Medium

54

Using Diffie-Hellman Alice Shared 1

B ob Calc

Secret

Shared

5, 23

1 3 2

6

56mod 23 =

Secret

Calc

5, 23

8 8

1. Alice and Bob agree to use the same two numbers. For example, the base number prime me nu numb mber er p=23 5 and pri

g=

6.

secret ret nu numb mber er x= 2. Alice now chooses a sec

3. Alice performs the DH algorithm: gx modulo p = ( sends the new number  © 2009 Cisco Learning Institute. Institute.

56 modulo 23 23)) = 8 (Y) and

8 (Y) to Bob. 55

Using Diffie-Hellman Alice Shared

B ob Calc

Secret

Shared

Calc

Secret

5, 23

5, 23

6

8 8 19 19 mod 23 = 2 56mod 23 =

5

6

15

4

515mod 23 = 19 6

815mod 23 =

15, performed the DH algorithm: modulo p = (515 modulo 23) = 19 (Y) and sent the new number 19 (Y) to

secret ret num number ber x= 4. Meanwhi Meanwhile le Bob has has also also chosen chosen a sec gx

Alice.

196 modulo 23) = 2.

5. Alice Alice now now comput computes es Yx modulo p = ( 6. Bob Bob now now comput computes es Yx modulo p = (  © 2009 Cisco Learning Institute. Institute.

86 modulo 23) = 2.

The result ( 2) is the same for both Alice and Bob. This number can now be used as a shared secret key by the encryption algorithm. 56

2

 Asymmetric Key Characteristics

Encryption Key Encryption Plain text

Encrypted text

Decryption Key Decryption Plain text

• Key length ranges from 512–4096 bits • Key lengths greater than or equal to 1024 bits can be trusted • Key lengths that are shorter than 1024 bits are considered unreliable for most algorithms

 © 2009 Cisco Learning Institute. Institute.

57

Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality Computer A acquires Computer B’s public key

2

Here is my Public Key.

Bob’s Public Key

Computer A

Computer A transmits The encrypted message to Computer B

Bob’s Private Key

4

Computer B

Encrypted Text

Encryption

Encryption

Algorithm

Algorithm

Encrypted Text

3

Computer A uses Computer B’s public key to encrypt a message using an agreed-upon algorithm  © 2009 Cisco Learning Institute. Institute.

Bob’s Public Key

Can I get your Public Key please?

1

Computer B uses its private key to decrypt and reveal the message

58

Private Key (Encrypt) + Public Key (Decrypt) = Authentication Alice encrypts a message with her private key 1

Alice’s Private Key

Encrypted Text

Encryption Algorithm

2

Computer A

Bob uses the public key to successfully decrypt the message and authenticate that the message did, indeed, come from Alice.

Alice transmits the encrypted message to Bob

Encrypted Text Alice’s Public Key

3 Can I get your Public Key please?

4

Alice’s Public Key

Encrypted Text

Computer B

Encryption Algorithm

Here is my Public Key

Bob needs to verify that the message actually came from Alice. He requests and acquires Alice’s public key

 © 2009 Cisco Learning Institute. Institute.

59

 Asymmetric Key Algorithms

DH

Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)

RSA encryption algorithms

EIGamal

Elliptical curve techniques  © 2009 Cisco Learning Institute. Institute.

Key length (in bits)

Description

512, 1024, 2048

Invented in 1976 by Whitfield Diffie and Martin Hellman. Two Two parties to agree on a key that they can use to encrypt messages The assumption is that it is easy to raise a number to a certain power, power, but difficult to compute which power was used given the number and the outcome.

512 512 - 1024 1024

Created by NIST and specifies DSA as the algorithm for digital signatures. A public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar with RSA, but is slower for verification.

512 to 2048

Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 Based on the current difficulty of factoring very large numbers Suitable for signing as well as encryption Widely used in electronic commerce protocols

512 512 - 1024 1024

Based on the Diffie-Hellman key agreement. Described by Taher Taher Elgamal in 1984and is used in GNU Privacy Guard software, s oftware, PGP, PGP, and other cryptosystems. The encrypted message becomes about twice the size s ize of the original message and for this reason it is only used for small messages such as secret keys

160

Invented by Neil Koblitz in 1987 and by Victor Miller in 1986. Can be used to adapt many cryptographic algorithms Keys can be much smaller 60

Securit Sec urity y Ser Servic viceses- Dig Digita itall Sign Signatur atures es • Authenticates a source, proving a certain party has seen, and has signed, the data in question • Signing party cannot repudiate that it signed the data • Guarantees that the data has not changed from the time it was signed

Authenticity

Integrity

Nonrepudiation  © 2009 Cisco Learning Institute. Institute.

61

Digital Signatures • The signature is authentic and not forgeable: The signature is proof that the signer, and no one else, signed the document. • The signature is not reusable: The signature is a part of the document and cannot be moved to a different document. • The signature is unalterable: After a document is signed, it cannot be altered. • The signature cannot be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer cannot claim later that they did not sign it.

 © 2009 Cisco Learning Institute. Institute.

62

The Digital Signature Process The sending device creates a hash of the document

Data Confirm Order

The receiving device accepts the document with digital signature and obtains the public key

Validity of the digital signature is verified Signature Verified 0a77b3440…

1

Signature Key

2

hash

Encrypted hash

Signed Data Confirm Order  ____________  0a77b3440…

6 4

3 The sending device encrypts only the hash 0a77b3440… with the private key of the signer The signature algorithm generates a digital signature and obtains the public key  © 2009 Cisco Learning Institute. Institute.

Signature Algorithm

Verification Key

Signature is verified with the verification key 5

63

Code Signing with Digital Signatures

• The publisher of the software attaches a digital signature to the executable, signed with the signature key of the publisher. • The user of the software needs to obtain the public key of the publisher or the CA certificate of the publisher if PKI is used.

 © 2009 Cisco Learning Institute. Institute.

64

DSA Scorecard Description Timeline

Digital Signature Algorithm (DSA) 1994

Type of Algorithm Provides digital signatures Advantages:

Signature generation is fast

Disadvantages:

Signature verification is slow

 © 2009 Cisco Learning Institute. Institute.

65

RSA Scorecard

Description Timeline

Ron Rivest, Adi Shamir, and Len Adleman 1977

Type of Algorithm Asymmetric algorithm Key size (in bits)

512 - 2048

Advantages:

Signature verification is fast

Disadvantages:

Signature generation is slow

 © 2009 Cisco Learning Institute. Institute.

66

Properties of RSA  • One hundred times slower than DES in hardware • One thousand times slower than DES in software • Used to protect small amounts of data • Ensures confidentiality of data thru encryption • Generates digital signatures for authentication and nonrepudiation of data

 © 2009 Cisco Learning Institute. Institute.

67

Public Key Infrastructure Alice applies for a driver’s license. She receives her driver’s license after her identity is proven.

Alice attempts to cash a check.

Her identity is accepted after her driver’s license is checked.

 © 2009 Cisco Learning Institute. Institute.

68

Public Key Infrastructure

PKI terminology to remember: PKI: A service framework (hardware, software, people, policies and procedures) needed to support largescale public key-based technologies. Certificate: A document, which binds together the t he name of the entity and its public key and has been signed by the CA Certificate authority (CA): The trusted third party that signs the public keys of entities in a PKI-based system  © 2009 Cisco Learning Institute. Institute.

69

CA Vendors and Sample Certificates

http://www.verisign.com

http://www.entrust.com

http://www.verizonbusiness.com/

http://www.novell.com

http://www.rsa.com/ http://www.microsoft.com  © 2009 Cisco Learning Institute. Institute.

70

Usage Keys • When an encryption certificate is used much more frequently than a signing certificate, the public and private key pair is more exposed due to its frequent usage. In this case, it might be a good idea to shorten the lifetime of the key pair pai r and change it more often, while having a separate signing private and public key pair with a longer lifetime. • When different levels of encryption and digital signing are required because of legal, export, or performance issues, usage keys allow an administrator to assign different key lengths to the two pairs. • When key recovery is desired, such as when a copy of a user’s private key is kept in a central repository for various backup reasons, usage keys allow the user to back up only the private key of the encrypting pair. The signing private key remains with the user, enabling true nonrepudiation.  © 2009 Cisco Learning Institute. Institute.

71

The Current State

X.509

• Many vendors have proposed and implemented proprietary solutions • Progression towards publishing a common set of standards for PKI protocols and data formats

 © 2009 Cisco Learning Institute. Institute.

72

X.509v3 • X.509v3 is a standard that describes the certificate structure. • X.509v3 is used with: - Secure web servers: SSL and TLS - Web browsers: SSL and TLS - Email programs: S/MIME - IPsec VPNs: IKE

 © 2009 Cisco Learning Institute. Institute.

73

X.509v3 Applications SSL

External Web Server

Enterprise Network

Internet

Internet Mail Server

S/MIME

EAP-TLS Cisco Secure ACS CA Server

IPsec

VPN Concentrator

• Certificates can be used for various purposes. • One CA server can be used for all types of authentication as long as they support the same PKI procedures.

 © 2009 Cisco Learning Institute. Institute.

74

RSA PKCS Standards

• • • • • • • • • •

PKCS PKCS PKCS PKCS PKCS PKCS PKCS PKCS PKCS PKCS

 © 2009 Cisco Learning Institute. Institute.

#1: RSA Cryptography Standard #3: DH Key Agreement Standard #5: Password-Based Cryptography Standard #6: Extended-Certificate Syntax Standard #7: Cryptographic Message Syntax Standard #8: Private-Key Information Syntax Standard #10: Certification Request Syntax Standard #12: Personal Information Exchange Syntax Standard #13: Elliptic Curve Cryptography Standard #15: Cryptographic Token Information Format Standard

75

Public Key Technology PKCS#7 PKCS#10

CA Certificate

Signed Certificate

PKCS#7

• A PKI communication protocol used for VPN PKI enrollment • Uses Uses the the PKCS PKCS #7 and and PKC PKCS S #10 #10 sta stand ndar ards ds  © 2009 Cisco Learning Institute. Institute.

76

Single-Root PKI Topology • Certificates issued by one CA • Centralized trust decisions • Single point of failure Root CA

 © 2009 Cisco Learning Institute. Institute.

77

Hierarchical CA Topology

Root CA

Subordinate CA

• Delegation and distribution of trust • Certification paths  © 2009 Cisco Learning Institute. Institute.

78

Cross-Certified CAs

CA2 CA1

CA3

• Mutual cross-signing of CA certificates  © 2009 Cisco Learning Institute. Institute.

79

Registration Authorities

CA

2 Completed Enrollment Request Forwarded to CA

Hosts will submit certificate requests to the RA Enrollment request

RA

After the Registration Authority adds specific information to the certificate request and the request is approved under the organization’s policy, it is forwarded on to the Certification Authority

3 1

Certificate Issued

The CA will sign the certificate request and send it back to the host

 © 2009 Cisco Learning Institute. Institute.

80

Retrieving the CA Certificates Alice and Bob telephone the CA administrator and verify the public key and serial number of the certificate Out-of-Band Authentication of the CA Certificate

Out-of-Band Authentication of the CA Certificate 3

CA Admin

POTS 3

POTS CA 1 1

CA Certificate

CA Certificate

Enterprise Network 2

Alice and Bob request re quest the CA certificate certificate that contains the CA public key  © 2009 Cisco Learning Institute. Institute.

2

Each system verifies the validity of the certificate 81

Submitting Certificate Requests The certificate is retrieved and the certificate is installed onto the system

2

Out-of-Band Authentication of the CA Certificate

The CA administrator telephones to confirm their submittal and the public key and issues the certificate by adding some additional data to the request, and digitally signing it all Out-of-Band Authentication of the CA Certificate

CA Admin

POTS

POTS CA 3

1 1

Certificate Request

Certificate Request

3

Enterprise Network

Both systems forward a certificate request which includes their public key. key. All of this information is encrypted using the public key of the CA  © 2009 Cisco Learning Institute. Institute.

82

 Authenticating Bob and Alice exchange certificates. The CA is no longer involved 2

2

Private Key (Alice)

Private Key (Bob) Certificate (Alice) 1

Certificate (Alice)

Certificate (Bob)

Certificate (Bob) CA Certificate

CA Certificate

Each party verifies the digital signature on the certificate by hashing the plaintext portion of the certificate, decrypting the digital signature using the CA public key, and comparing the results.  © 2009 Cisco Learning Institute. Institute.

83

PKI Authentication Characteristics • To authenticate each other, users have to obtain the certificate of the CA and their own certificate. These steps require the out-of-band verification of the processes. • Public-key systems use asymmetric keys where one is public and the other one is private. • Key management is simplified because two users can freely exchange the certificates. The validity of the received certificates is verified using the public key of the CA, which the users have in their possession. • Because of the strength of the algorithms, algor ithms, administrators can set a very long lifetime for the certificates.

 © 2009 Cisco Learning Institute. Institute.

84

 © 2009 Cisco Learning Institute. Institute.

85

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF