CCNA Security - Chapter 7

3,663
-1

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,663
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Media Notes:
  • Source: http://en.wikipedia.org/wiki/File:USpatent1310719.fig1.png
  • More Information: The terms message digest and hash value are often used interchangeably to describe the output of a hash function. The terms digest or fingerprint may also be used.
  • More Information: In 2005, security flaws were identified in MD5 and SHA-1 indicating that a stronger hash function would be desirable. SHA-2 is the recommended hash functions. There is also a contest sponsored by the National Institute of Standards and Technology to design a hash function which will be given the name SHA-3 by 2012. For more detail, refer to http://www.itl.nist.gov/lab/bulletns/B-05-08.pdf .
  • TIP: To try an online HASH converter, refer to http://hash-it.net/ .
  • More Information: Refer to the National Institute of Standards and Technology (NIST) website at http://www.keylength.com/en/4/ to see updated key length recommendations
  • Generic – someone working in a sever farm…
  • More Information: For a sample DH demo, refer to http://ds9a.nl/tmp/dh.html .
  • More Information: In January 2000, the restrictions that the U.S. Department of Commerce placed on export regulations were dramatically relaxed. Currently, any cryptographic product is exportable under a license exception unless the end users are governments outside of the United States or are embargoed. Visit http://www.commerce.gov for more information on the current U.S. Department of Commerce export regulations.
  • More Information: For more information on AES, go to http://www.nist.gov/aes . Also, In 2008, the NIST held a similar competition to develop a new SHA version, SHA-3. For more information, refer to http://csrc.nist.gov/groups/ST/hash/sha-3/index.html .
  • More Information: For a sample DH demo, refer to http://ds9a.nl/tmp/dh.html .
  • More Information: For a demonstration of the RSA algorithm refer to http://www.securecottage.com/demo/rsa2.html
  • More Information: The draft and additional PKI information is available at http://www.ietf.org/html.charters/pkix-charter.html.
  • More Information: For more information on these standards, visit http://www.rsa.com/rsalabs/node.asp?id=2124
  • CCNA Security - Chapter 7

    1. 1. CCNA Security Chapter Seven Cryptographic Systems© 2009 Cisco Learning Institute. 1
    2. 2. Lesson Planning • This lesson should take 3-4 hours to present • The lesson should include lecture, demonstrations, discussions and assessments • The lesson can be taught in person or using remote instruction© 2009 Cisco Learning Institute. 2
    3. 3. Major Concepts • Describe how the types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication • Describe the mechanisms to ensure data integrity and authentication • Describe the mechanisms used to ensure data confidentiality • Describe the mechanisms used to ensure data confidentiality and authentication using a public key© 2009 Cisco Learning Institute. 3
    4. 4. Lesson Objectives Upon completion of this lesson, the successful participant will be able to: 1. Describe the requirements of secure communications including integrity, authentication, and confidentiality 2. Describe cryptography and provide an example 3. Describe cryptanalysis and provide an example 4. Describe the importance and functions of cryptographic hashes 5. Describe the features and functions of the MD5 algorithm and of the SHA-1 algorithm 6. Explain how we can ensure authenticity using HMAC 7. Describe the components of key management© 2009 Cisco Learning Institute. 4
    5. 5. Lesson Objectives 8. Describe how encryption algorithms provide confidentiality 9. Describe the function of the DES algorithms 10. Describe the function of the 3DES algorithm 11. Describe the function of the AES algorithm 12. Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithm 13. Describe the function of the DH algorithm and its supporting role to DES, 3DES, and AES 14. Explain the differences and their intended applications 15. Explain the functionality of digital signatures 16. Describe the function of the RSA algorithm 17. Describe the principles behind a public key infrastructure (PKI)© 2009 Cisco Learning Institute. 5
    6. 6. Lesson Objectives 18. Describe the various PKI standards 19. Describe the role of CAs and the digital certificates that they issue in a PKI 20. Describe the characteristics of digital certificates and CAs© 2009 Cisco Learning Institute. 6
    7. 7. Secure Communications CSA MARS Firewall VPN IPS CSA VPN Iron Port CSA Remote Branch CSA CSA CSA CSA CSA Web Email Server Server DNS • Traffic between sites must be secure • Measures must be taken to ensure it cannot be altered, forged, or deciphered if intercepted© 2009 Cisco Learning Institute. 7
    8. 8. Authentication • An ATM Personal Information Number (PIN) is required for authentication. • The PIN is a shared secret between a bank account holder and the financial institution.© 2009 Cisco Learning Institute. 8
    9. 9. Integrity • An unbroken wax seal on an envelop ensures integrity. • The unique unbroken seal ensures no one has read the contents.© 2009 Cisco Learning Institute. 9
    10. 10. Confidentiality • Julius Caesar would send encrypted messages to his I O D Q N H D V W generals in the battlefield. D W W D F N D W G D Z Q • Even if intercepted, his enemies usually could not read, let alone decipher, the messages.© 2009 Cisco Learning Institute. 10
    11. 11. History Scytale - (700 BC) Vigenère table German Enigma Machine Jefferson encryption device© 2009 Cisco Learning Institute. 11
    12. 12. Transposition Ciphers 1 FLANK EAST The clear text message would be ATTACK AT DAWN encoded using a key of 3. Clear Text 2 F...K...T...T...A...W. .L.N.E.S.A.T.A.K.T.A.N Use a rail fence cipher and a ..A...A...T...C...D... key of 3. 3 FKTTAW The clear text message would LNESATAKTAN AATCD appear as follows. Ciphered Text© 2009 Cisco Learning Institute. 12
    13. 13. Substitution CiphersCaesar Cipher 1 FLANK EAST The clear text message would be ATTACK AT DAWN encoded using a key of 3. Clear text Shift the top 2 scroll over by A B C D E F G H I J K L M N O P Q R S T U V W X Y Z three characters (key of 3), an A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C becomes D, B becomes E, and so on. 3 IODQN HDVW The clear text message would DWWDFN DW GDZQ be encrypted as follows using a key of 3. Cipherered text© 2009 Cisco Learning Institute. 13
    14. 14. Cipher Wheel 1 FLANK EAST The clear text message would be ATTACK AT DAWN encoded using a key of 3. Clear text 2 Shifting the inner wheel by 3, then the A becomes D, B becomes E, and so on. 3 IODQN HDVW The clear text message would DWWDFN DW GDZQ appear as follows using a key of 3. Cipherered text© 2009 Cisco Learning Institute. 14
    15. 15. Vigenѐre Table a b c d e f g h i j k l m n o p q r s t u v w x y z A a b c d e f g h i j k l m n o p q r s t u v w x y z B b c d e f g h i j k l m n o p q r s t u v w x y z a C c d e f g h i j k l m n o p q r s t u v w x y z a b D d e f g h i j k l m n o p q r s t u v w x y z a b c E e f g h i j k l m n o p q r s t u v w x y z a b c d F f g h i j k l m n o p q r s t u v w x y z a b c d e G g h i j k l m n o p q r s t u v w x y z a b c d e f H h i j k l m n o p q r s t u v w x y z a b c d e f g I i j k l m n o p q r s t u v w x y z a b c d e f g h J j k l m n o p q r s t u v w x y z a b c d e f g h i K k l m n o p q r s t u v w x y z a b c d e f g h i j L l m n o p q r s t u v w x y z a b c d e f g h i j k M m n o p q r s t u v w x y z a b c d e f g h i j k l N n o p q r s t u v w x y z a b c d e f g h i j k l m O o p q r s t u v w x y z a b c d e f g h i j k l m n P p q r s t u v w x y z a b c d e f g h i j k l m n o Q q r s t u v w x y z a b c d e f g h i j k l m n o p R r s t u v w x y z a b c d e f g h i j k l m n o p q S s t u v w x y z a b c d e f g h i j k l m n o p q r T t u v w x y z a b c d e f g h i j k l m n o p q r s U u v w x y z a b c d e f g h i j k l m n o p q r s t V v w x y z a b c d e f g h i j k l m n o p q r s t u W w x y z a b c d e f g h i j k l m n o p q r s t u v X x y z a b c d e f g h i j k l m n o p q r s t u v w Y y z a b c d e f g h i j k l m n o p q r s t u v w x Z z a b c d e f g h i j k l m n o p q r s t u v w x y© 2009 Cisco Learning Institute. 15
    16. 16. Stream Ciphers • Invented by the Norwegian Army Signal Corps in 1950, the ETCRRM machine uses the Vernam stream cipher method. • It was used by the US and Russian governments to exchange information. • Plain text message is eXclusively ORed with a key tape containing a random stream of data of the same length to generate the ciphertext. • Once a message was enciphered the key tape was destroyed. • At the receiving end, the process was reversed using an identical key tape to decode the message.© 2009 Cisco Learning Institute. 16
    17. 17. Defining Cryptanalysis Allies decipher secret NAZI encryption code! Cryptanalysis is from the Greek words kryptós (hidden), and analýein (to loosen or to untie). It is the practice and the study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key.© 2009 Cisco Learning Institute. 17
    18. 18. Cryptanalysis Methods Brute Force Attack Known Ciphertext Successfully Unencrypted Key found With a Brute Force attack, the attacker has some portion of ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys.© 2009 Cisco Learning Institute. 18
    19. 19. Meet-in-the-Middle Attack Known Ciphertext Known Plaintext Use every possible Use every possible decryption key until a result encryption key until a is found matching the result is found matching corresponding plaintext. the corresponding ciphertext. MATCH of Ciphertext! Key found With a Meet-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found.© 2009 Cisco Learning Institute. 19
    20. 20. Choosing a Cryptanalysis Method The graph outlines the 1 frequency of letters in the English language. For example, the letters E, T and A are the most popular. There are 6 occurrences of the cipher letter D and 4 occurrences of the cipher letter W. 2 Replace the cipher letter D first with IODQN HDVW DWWDFN DW GDZQ popular clear text letters including E, T, and finally A. Cipherered text Trying A would reveal the shift pattern of 3.© 2009 Cisco Learning Institute. 20
    21. 21. Defining Cryptology Cryptology + Cryptography Cryptanalysis© 2009 Cisco Learning Institute. 21
    22. 22. Cryptanalysis© 2009 Cisco Learning Institute. 22
    23. 23. Cryptographic Hashes, Protocols,and Algorithm Examples Integrity Authentication Confidentiality DES HMAC-MD5 3DES MD5 HMAC-SHA-1 AES SHA RSA and DSA SEAL RC (RC2, RC4, RC5, and RC6) HASH HASH w/Key NIST Rivest Encryption© 2009 Cisco Learning Institute. 23
    24. 24. Hashing Basics • Hashes are used for integrity assurance. Data of Arbitrary Length • Hashes are based on one-way functions. • The hash function hashes arbitrary data into a fixed- length digest known as the hash value, message digest, digest, or fingerprint. Fixed-Length Hash Value e883aa0b24c09f© 2009 Cisco Learning Institute. 24
    25. 25. Hashing Properties Arbitrary X length text Why is x not in Parens? h = H (x) Hash Function (H) Why is H in Parens? Hash h e883aa0b24c09f Value© 2009 Cisco Learning Institute. 25
    26. 26. Hashing in Action • Vulnerable to man-in-the-middle attacks - Hashing does not provide security to transmission. • Well-known hash functions I would like to - MD5 with 128-bit hashes cash this - SHA-1 with 160-bit hashes check. Internet Pay to Terry Smith Pay to Alex Jones $100.00 $1000.00 One Hundred and One Thousand and xx/100 xx/100 Dollars Dollars 4ehIDx67NMop9 12ehqPx67NMoX Match = No changes No match = Alterations© 2009 Cisco Learning Institute. 26
    27. 27. MD5 • MD5 is a ubiquitous hashing algorithm • Hashing properties - One-way function—easy to compute hash and infeasible to MD5 compute data given a hash - Complex sequence of simple binary operations (XORs, rotations, etc.) which finally produces a 128-bit hash.© 2009 Cisco Learning Institute. 27
    28. 28. SHA • SHA is similar in design to the MD4 and MD5 family of hash functions - Takes an input message of no more than 264 bits - Produces a 160-bit message digest SHA • The algorithm is slightly slower than MD5. • SHA-1 is a revision that corrected an unpublished flaw in the original SHA. • SHA-224, SHA-256, SHA-384, and SHA- 512 are newer and more secure versions of SHA and are collectively known as SHA-2.© 2009 Cisco Learning Institute. 28
    29. 29. Hashing Example In this example the clear text entered is displaying hashed results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the various algorithm. The longer the key, the more secure the hash function.© 2009 Cisco Learning Institute. 29
    30. 30. Features of HMAC • Uses an additional secret key as input to the hash Data of Arbitrary Secret function Length + Key • The secret key is known to the sender and receiver - Adds authentication to integrity assurance - Defeats man-in-the-middle Fixed Length attacks Authenticated e883aa0b24c09f Hash Value • Based on existing hash functions, such as MD5 The same procedure is used for generation and verification of and SHA-1. secure fingerprints© 2009 Cisco Learning Institute. 30
    31. 31. HMAC ExampleData Received Data Secret KeyPay to Terry Smith $100.00 Secret Pay to Terry Smith $100.00One Hundred and xx/100 Dollars Key One Hundred and xx/100 Dollars HMAC HMAC(Authenticated 4ehIDx67NMop9 (Authenticated 4ehIDx67NMop9 Fingerprint) Fingerprint) Pay to Terry Smith $100.00 If the generated HMAC matches the One Hundred and xx/100 Dollars sent HMAC, then integrity and authenticity have been verified. 4ehIDx67NMop9 If they don’t match, discard the message.© 2009 Cisco Learning Institute. 31
    32. 32. Using Hashing Data Integrity Data Authenticity e883aa0b24c09f Fixed-Length Hash Value Entity Authentication • Routers use hashing with secret keys • Ipsec gateways and clients use hashing algorithms • Software images downloaded from the website have checksums • Sessions can be encrypted© 2009 Cisco Learning Institute. 32
    33. 33. Key Management Key Generation Key Verification Key Management Key Storage Key Exchange Key Revocation and Destruction© 2009 Cisco Learning Institute. 33
    34. 34. Keyspace DES Key Keyspace # of Possible Keys 256 56-bit 11111111 11111111 11111111 72,000,000,000,000,000 11111111 11111111 11111111 11111111 Twice as much time 2 57 11111111 11111111 11111111 57-bit 144,000,000,000,000,000 Four time as 11111111 11111111 11111111 11111111 1 much time 258 58-bit 11111111 11111111 11111111 288,000,000,000,000,000 11111111 11111111 11111111 11111111 11 With 60-bit DES an attacker would require sixteen 259 more time than 56-bit DES 11111111 11111111 11111111 59-bit 11111111 11111111 11111111 11111111 111 576,000,000,000,000,000 260For each bit added to the DES key, the attacker 1,152,000,000,000,000,000amount of time to 60-bit 11111111 11111111 11111111 would require twice the search the keyspace. 11111111 11111111 11111111 1111 11111111Longer keys are more secure but are also more resource intensive and can affect throughput.© 2009 Cisco Learning Institute. 34
    35. 35. Types of Keys Symmetric Asymmetric Digital Hash Key Key Signature Protection up to 3 years 80 1248 160 160 Protection up to 10 years 96 1776 192 192 Protection up to 20 years 112 2432 224 224 Protection up to 30 years 128 3248 256 256 Protection against quantum computers 256 15424 512 512  Calculations are based on the fact that computing power will continue to grow at its present rate and the ability to perform brute-force attacks will grow at the same rate.  Note the comparatively short symmetric key lengths illustrating that symmetric algorithms are the strongest type of algorithm.© 2009 Cisco Learning Institute. 35
    36. 36. Key Properties Shorter keys = faster processing, but less secure Longer keys = slower processing, but more secure© 2009 Cisco Learning Institute. 36
    37. 37. Confidentiality and the OSI Model • For Data Link Layer confidentiality, use proprietary link- encrypting devices • For Network Layer confidentiality, use secure Network Layer protocols such as the IPsec protocol suite • For Session Layer confidentiality, use protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) • For Application Layer confidentiality, use secure e-mail, secure database sessions (Oracle SQL*net), and secure messaging (Lotus Notes sessions)© 2009 Cisco Learning Institute. 37
    38. 38. Symmetric Encryption Pre-shared Key key Key Encrypt Decrypt $1000 $!@#IQ $1000 • Best known as shared-secret key algorithms • The usual key length is 80 - 256 bits • A sender and receiver must share a secret key • Faster processing because they use simple mathematical operations. • Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.© 2009 Cisco Learning Institute. 38
    39. 39. Symmetric Encryption and XOR The XOR operator results in a 1 when the value of either the first bit or the second bit is a 1 The XOR operator results in a 0 when neither or both of the bits is 1 Plain Text 1 1 0 1 0 0 1 1 Key (Apply) 0 1 0 1 0 1 0 1 XOR (Cipher Text) 1 0 0 0 0 1 1 0 Key (Re-Apply) 0 1 0 1 0 1 0 1 XOR (Plain Text) 1 1 0 1 0 0 1 1© 2009 Cisco Learning Institute. 39
    40. 40. Asymmetric Encryption Two separate keys which are Encryption Key not shared Decryption Key Encrypt Decrypt $1000 %3f7&4 $1000 • Also known as public key algorithms • The usual key length is 512–4096 bits • A sender and receiver do not share a secret key • Relatively slow because they are based on difficult computational algorithms • Examples include RSA, ElGamal, elliptic curves, and DH.© 2009 Cisco Learning Institute. 40
    41. 41. Asymmetric Example : Diffie-HellmanGet Out Your Calculators?© 2009 Cisco Learning Institute. 41
    42. 42. Symmetric Algorithms Symmetric Key length Encryption Description Algorithm (in bits) Designed at IBM during the 1970s and was the NIST standard until 1997. Although considered outdated, DES remains widely in use. DES 56 Designed to be implemented only in hardware, and is therefore extremely slow in software. Based on using DES three times which means that the input data is encrypted three times and therefore considered much stronger than DES. 3DES 112 and 168 However, it is rather slow compared to some new block ciphers such as AES. Fast in both software and hardware, is relatively easy to implement, and AES 128, 192, and 256 requires little memory. As a new encryption standard, it is currently being deployed on a large scale. Software SEAL is an alternative algorithm to DES, 3DES, and AES. Encryption 160 It uses a 160-bit encryption key and has a lower impact to the CPU when Algorithm (SEAL) compared to other software-based algorithms. RC2 (40 and 64) A set of symmetric-key encryption algorithms invented by Ron Rivest. RC4 (1 to 256) RC1 was never published and RC3 was broken before ever being used. The RC series RC5 (0 to 2040) RC4 is the worlds most widely used stream cipher. RC6 (128, 192, RC6, a 128-bit block cipher based heavily on RC5, was an AES finalist and 256) developed in 1997.© 2009 Cisco Learning Institute. 42
    43. 43. Symmetric Encryption Techniques Enc Mes rypted blank blank 1100101 01010010110010101 sag e 01010010110010101 64 bits 64bits 64bits Block Cipher – encryption is completed in 64 bit blocks Enc Mes rypted sag e 0101010010101010100001001001001 0101010010101010100001001001001 Stream Cipher – encryption is one bit at a time© 2009 Cisco Learning Institute. 43
    44. 44. Selecting an Algorithm DES 3DES AES The algorithm is trusted by Been Verdict is the cryptographic replaced by Yes still out community 3DES The algorithm adequately protects against brute-force No Yes Yes attacks© 2009 Cisco Learning Institute. 44
    45. 45. DES Scorecard Description Data Encryption Standard Timeline Standardized 1976 Type of Algorithm Symmetric Key size (in bits) 56 bits Speed Medium Time to crack Days (6.4 days by the COPACABANA machine, a specialized (Assuming a computer could try cracking device) 255 keys per second) Resource Medium Consumption© 2009 Cisco Learning Institute. 45
    46. 46. Block Cipher Modes ECB CBC Message of Five 64-Bit Blocks Message of Five 64-Bit Blocks Initialization Vector DES DES DES DES DES DES DES DES DES DES© 2009 Cisco Learning Institute. 46
    47. 47. Considerations • Change keys frequently to help prevent brute-force attacks. DES • Use a secure channel to communicate the DES key from the sender to the receiver. • Consider using DES in CBC mode. With CBC, the encryption of each 64-bit block depends on previous blocks. • Test a key to see if it is a weak key before using it.© 2009 Cisco Learning Institute. 47
    48. 48. 3DES Scorecard Description Triple Data Encryption Standard Timeline Standardized 1977 Type of Algorithm Symmetric Key size (in bits) 112 and 168 bits Speed Low Time to crack (Assuming a computer could try 4.6 Billion years with current technology 255 keys per second) Resource Medium Consumption© 2009 Cisco Learning Institute. 48
    49. 49. Encryption Steps The clear text from Alice is encrypted using Key 1. That ciphertext is decrypted using a different key, Key 2. 1 Finally that ciphertext is encrypted using another key, Key 3. When the 3DES ciphered text 2 is received, the process is reversed. That is, the ciphered text must first be decrypted using Key 3, encrypted using Key 2, and finally decrypted using Key 1.© 2009 Cisco Learning Institute. 49
    50. 50. AES Scorecard Description Advanced Encryption Standard Timeline Official Standard since 2001 Type of Algorithm Symmetric Key size (in bits) 128, 192, and 256 Speed High Time to crack (Assuming a computer could try 149 Trillion years 255 keys per second) Resource Low Consumption© 2009 Cisco Learning Institute. 50
    51. 51. Advantages of AES • The key is much stronger due to the key length • AES runs faster than 3DES on comparable hardware • AES is more efficient than DES and 3DES on comparable hardware The plain text is now encrypted using 128 AES An attempt at deciphering the text using a lowercase, and incorrect key© 2009 Cisco Learning Institute. 51
    52. 52. SEAL Scorecard Description Software-Optimized Encryption Algorithm Timeline First published in 1994. Current version is 3.0 (1997) Type of Algorithm Symmetric Key size (in bits) 160 Speed High Time to crack (Assuming a computer could try Unknown but considered very safe 255 keys per second) Resource Low Consumption© 2009 Cisco Learning Institute. 52
    53. 53. Rivest Codes Scorecard Description RC2 RC4 RC5 RC6 Timeline 1987 1987 1994 1998 Stream Type of Algorithm Block cipher Block cipher Block cipher cipher 0 to 2040 128, 192, or Key size (in bits) 40 and 64 1 - 256 bits (128 256 suggested)© 2009 Cisco Learning Institute. 53
    54. 54. DH Scorecard Description Diffie-Hellman Algorithm Timeline 1976 Type of Algorithm Asymmetric Key size (in bits) 512, 1024, 2048 Speed Slow Time to crack (Assuming a computer could Unknown but considered very safe try 255 keys per second) Resource Medium Consumption© 2009 Cisco Learning Institute. 54
    55. 55. Using Diffie-Hellman Alice Bob Shared Secret Calc Shared Secret Calc1 5, 23 1 5, 23 3 2 6 56mod 23 = 8 8 1. Alice and Bob agree to use the same two numbers. For example, the base number g= 5 and prime number p=23 2. Alice now chooses a secret number x= 6. 3. Alice performs the DH algorithm: gx modulo p = ( 56 modulo 23) = 8 (Y) and sends the new number 8 (Y) to Bob.© 2009 Cisco Learning Institute. 55
    56. 56. Using Diffie-Hellman Alice Bob Shared Secret Calc Shared Secret Calc 5, 23 5, 23 6 56mod 23 = 8 8 15 4 19 515mod 23 = 19 19 mod 23 = 2 2 5 6 6 815mod 23 = 15, performed the DH algorithm: 4. Meanwhile Bob has also chosen a secret number x= g modulo p = (515 modulo 23) = 19 (Y) and sent the new number 19 (Y) to x 23 Alice. The result (2) is the same 2 for both Alice and Bob. 196 modulo 23) = 2. 5. Alice now computes Yx modulo p = ( This number can now be used as a shared secret key by the encryption 6. Bob now computes Y modulo p = (86 modulo 23) = 2. x algorithm.© 2009 Cisco Learning Institute. 56
    57. 57. Asymmetric Key Characteristics Encryption Decryption Key Key Plain Encryption Encrypted Decryption Plain text text text • Key length ranges from 512–4096 bits • Key lengths greater than or equal to 1024 bits can be trusted • Key lengths that are shorter than 1024 bits are considered unreliable for most algorithms© 2009 Cisco Learning Institute. 57
    58. 58. Public Key (Encrypt) + Private Key(Decrypt) = Confidentiality Computer A acquires Computer B’s public key Can I get your Public Key please? Bob’s Public 1 Key Here is my Public Key. Bob’s Public Computer A transmits Bob’s Private 2 4 Key The encrypted message Key Computer Computer to Computer B Encrypted Text B A Encryption Encryption Algorithm Algorithm Encrypted 3 Computer B uses Text its private key to decrypt and reveal Computer A uses Computer B’s the message public key to encrypt a message using an agreed-upon algorithm© 2009 Cisco Learning Institute. 58
    59. 59. Private Key (Encrypt) + Public Key(Decrypt) = Authentication Bob uses the public key to Alice encrypts a message successfully decrypt the message with her private key and authenticate that the message did, indeed, come from Alice. Alice’s Private 1 Key Encrypted Text Encryption Alice transmits the 4 Alice’s Public Key Algorithm encrypted message Encrypted 2 to Bob Text Encrypted Computer Text 3 Computer Encryption A B Algorithm Alice’s Public Can I get your Public Key please? Key Here is my Public Key Bob needs to verify that the message actually came from Alice. He requests and acquires Alice’s public key© 2009 Cisco Learning Institute. 59
    60. 60. Asymmetric Key Algorithms Key length Description (in bits) Invented in 1976 by Whitfield Diffie and Martin Hellman. 512, 1024, Two parties to agree on a key that they can use to encrypt messages DH 2048 The assumption is that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome. Digital Signature Created by NIST and specifies DSA as the algorithm for digital signatures. Standard (DSS) and Digital Signature 512 - 1024 A public key algorithm based on the ElGamal signature scheme. Algorithm (DSA) Signature creation speed is similar with RSA, but is slower for verification. Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 RSA encryption Based on the current difficulty of factoring very large numbers 512 to 2048 algorithms Suitable for signing as well as encryption Widely used in electronic commerce protocols Based on the Diffie-Hellman key agreement. Described by Taher Elgamal in 1984and is used in GNU Privacy Guard software, EIGamal 512 - 1024 PGP, and other cryptosystems. The encrypted message becomes about twice the size of the original message and for this reason it is only used for small messages such as secret keys Invented by Neil Koblitz in 1987 and by Victor Miller in 1986. Elliptical curve 160 Can be used to adapt many cryptographic algorithms techniques Keys can be much smaller© 2009 Cisco Learning Institute. 60
    61. 61. Security Services- Digital Signatures • Authenticates a source, proving a certain party has seen, and has signed, the data in question • Signing party cannot repudiate that it signed the data • Guarantees that the data has not changed from the time it was signed Authenticity Integrity Nonrepudiation© 2009 Cisco Learning Institute. 61
    62. 62. Digital Signatures • The signature is authentic and not forgeable: The signature is proof that the signer, and no one else, signed the document. • The signature is not reusable: The signature is a part of the document and cannot be moved to a different document. • The signature is unalterable: After a document is signed, it cannot be altered. • The signature cannot be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer cannot claim later that they did not sign it.© 2009 Cisco Learning Institute. 62
    63. 63. The Digital Signature Process The sending device creates a hash of the document The receiving device Validity of the digital Data accepts the document signature is verified Confirm with digital signature and obtains the public key Signature Verified Order 0a77b3440… 1 hash Signed Data 6 Signature Confirm Key Order 4 ____________ Encrypted 0a77b3440… hash Signature is 2 Signature Algorithm verified withThe sending device 3 the verificationencrypts only the hash key 0a77b3440…with the private keyof the signer The signature algorithm Verification 5 generates a digital signature Key and obtains the public key © 2009 Cisco Learning Institute. 63
    64. 64. Code Signing with Digital Signatures • The publisher of the software attaches a digital signature to the executable, signed with the signature key of the publisher. • The user of the software needs to obtain the public key of the publisher or the CA certificate of the publisher if PKI is used.© 2009 Cisco Learning Institute. 64
    65. 65. DSA Scorecard Description Digital Signature Algorithm (DSA) Timeline 1994 Type of Algorithm Provides digital signatures Advantages: Signature generation is fast Disadvantages: Signature verification is slow© 2009 Cisco Learning Institute. 65
    66. 66. RSA Scorecard Description Ron Rivest, Adi Shamir, and Len Adleman Timeline 1977 Type of Algorithm Asymmetric algorithm Key size (in bits) 512 - 2048 Advantages: Signature verification is fast Disadvantages: Signature generation is slow© 2009 Cisco Learning Institute. 66
    67. 67. Properties of RSA • One hundred times slower than DES in hardware • One thousand times slower than DES in software • Used to protect small amounts of data • Ensures confidentiality of data thru encryption • Generates digital signatures for authentication and nonrepudiation of data© 2009 Cisco Learning Institute. 67
    68. 68. Public Key Infrastructure Alice applies for a driver’s license. She receives her driver’s license after her identity is proven. Alice attempts to cash a check. Her identity is accepted after her driver’s license is checked.© 2009 Cisco Learning Institute. 68
    69. 69. Public Key Infrastructure PKI terminology to remember: PKI: A service framework (hardware, software, people, policies and procedures) needed to support large- scale public key-based technologies. Certificate: A document, which binds together the name of the entity and its public key and has been signed by the CA Certificate authority (CA): The trusted third party that signs the public keys of entities in a PKI-based system© 2009 Cisco Learning Institute. 69
    70. 70. CA Vendors and Sample Certificates http://www.verisign.com http://www.entrust.comhttp://www.verizonbusiness.com/ http://www.novell.com http://www.rsa.com/ http://www.microsoft.com © 2009 Cisco Learning Institute. 70
    71. 71. Usage Keys • When an encryption certificate is used much more frequently than a signing certificate, the public and private key pair is more exposed due to its frequent usage. In this case, it might be a good idea to shorten the lifetime of the key pair and change it more often, while having a separate signing private and public key pair with a longer lifetime. • When different levels of encryption and digital signing are required because of legal, export, or performance issues, usage keys allow an administrator to assign different key lengths to the two pairs. • When key recovery is desired, such as when a copy of a user’s private key is kept in a central repository for various backup reasons, usage keys allow the user to back up only the private key of the encrypting pair. The signing private key remains with the user, enabling true nonrepudiation.© 2009 Cisco Learning Institute. 71
    72. 72. The Current State X.509 • Many vendors have proposed and implemented proprietary solutions • Progression towards publishing a common set of standards for PKI protocols and data formats© 2009 Cisco Learning Institute. 72
    73. 73. X.509v3 • X.509v3 is a standard that describes the certificate structure. • X.509v3 is used with: - Secure web servers: SSL and TLS - Web browsers: SSL and TLS - Email programs: S/MIME - IPsec VPNs: IKE© 2009 Cisco Learning Institute. 73
    74. 74. X.509v3 Applications SSL S/MIME Internet Mail External Server Web Server EAP-TLS Cisco Secure Internet Enterprise ACS Network CA Server VPN IPsec Concentrator • Certificates can be used for various purposes. • One CA server can be used for all types of authentication as long as they support the same PKI procedures.© 2009 Cisco Learning Institute. 74
    75. 75. RSA PKCS Standards • PKCS #1: RSA Cryptography Standard • PKCS #3: DH Key Agreement Standard • PKCS #5: Password-Based Cryptography Standard • PKCS #6: Extended-Certificate Syntax Standard • PKCS #7: Cryptographic Message Syntax Standard • PKCS #8: Private-Key Information Syntax Standard • PKCS #10: Certification Request Syntax Standard • PKCS #12: Personal Information Exchange Syntax Standard • PKCS #13: Elliptic Curve Cryptography Standard • PKCS #15: Cryptographic Token Information Format Standard© 2009 Cisco Learning Institute. 75
    76. 76. Public Key Technology PKCS#7 PKCS#10 CA Certificate Signed Certificate PKCS#7 • A PKI communication protocol used for VPN PKI enrollment • Uses the PKCS #7 and PKCS #10 standards© 2009 Cisco Learning Institute. 76
    77. 77. Single-Root PKI Topology • Certificates issued by one CA • Centralized trust decisions • Single point of failure Root CA© 2009 Cisco Learning Institute. 77
    78. 78. Hierarchical CA Topology Root CA Subordinate CA • Delegation and distribution of trust • Certification paths© 2009 Cisco Learning Institute. 78
    79. 79. Cross-Certified CAs CA2 CA1 CA3 • Mutual cross-signing of CA certificates© 2009 Cisco Learning Institute. 79
    80. 80. Registration Authorities After the Registration Authority adds specific information to the 2 CA certificate request and Completed Enrollment Request Forwarded to the request is approved CA under the organization’s policy, it is forwarded Hosts will submit on to the Certification certificate requests RA Authority to the RA 3 1 Certificate Issued Enrollment request The CA will sign the certificate request and send it back to the host© 2009 Cisco Learning Institute. 80
    81. 81. Retrieving the CA Certificates Alice and Bob telephone the CA administrator and verify the public key and serial number of the certificate Out-of-Band Out-of-Band Authentication of Authentication of the CA Certificate the CA Certificate CA Admin POTS 3 POTS 3 CA 1 CA 1 Certificate CA Certificate Enterprise Network 2 2Alice and Bob request the CA certificate Each system verifies thethat contains the CA public key validity of the certificate© 2009 Cisco Learning Institute. 81
    82. 82. Submitting Certificate Requests The CA administrator telephones toThe certificate is confirm their submittal and the publicretrieved and the key and issues the certificate bycertificate is installed 2 adding some additional data to theonto the system request, and digitally signing it all Out-of-Band Out-of-Band Authentication of Authentication of the CA Certificate CA the CA Certificate Admin POTS POTS CA 1 Certificate 3 1 Certificate Request 3 Request Enterprise Network Both systems forward a certificate request which includes their public key. All of this information is encrypted using the public key of the CA© 2009 Cisco Learning Institute. 82
    83. 83. Authenticating Bob and Alice exchange certificates. The CA is no longer involved 2 2 Private Key (Alice) Private Key (Bob) Certificate (Alice) 1 Certificate (Alice) Certificate (Bob) Certificate (Bob) CA Certificate CA CertificateEach party verifies the digital signature on the certificate by hashing theplaintext portion of the certificate, decrypting the digital signature using theCA public key, and comparing the results.© 2009 Cisco Learning Institute. 83
    84. 84. PKI Authentication Characteristics • To authenticate each other, users have to obtain the certificate of the CA and their own certificate. These steps require the out-of-band verification of the processes. • Public-key systems use asymmetric keys where one is public and the other one is private. • Key management is simplified because two users can freely exchange the certificates. The validity of the received certificates is verified using the public key of the CA, which the users have in their possession. • Because of the strength of the algorithms, administrators can set a very long lifetime for the certificates.© 2009 Cisco Learning Institute. 84
    85. 85. © 2009 Cisco Learning Institute. 85

    ×