Chapter OverviewConcepts you will learn: •Symmetric and asymmetric encryption •Different encryption algorithms •Encryption applications •Certificate authority security model •Web of trus
Trang 1Encryption Tools
So far, the tools discussed have been used for protecting your network and the machines that reside within that network However, once that data passes outside the network bound-aries, it is beyond the protection of the tools discussed thus far and is susceptible to poten-tial capture by hostile entities Most Internet applications today send their data in the clear,
also known as plain text This means that anyone viewing the packet can see your data.
When your data crosses the Internet, it passes through different systems, many of which are out of your direct control and thus should be assumed to be nonfriendly ISP routers and switches can be co-opted either from the inside or outside, and other mail and Web servers regularly handle your private data
There is no way to avoid sending your data outside of your network The biggest advantage of a global Internet is being able to share information with all of your business partners and customers in the outside world You can’t go back to the days of totally pri-vate networks So, how do you protect your important data once it leaves the comfy and safe confines of your home network? Encryption is what most businesses rely on to make the Internet safe for their data, and it is an important tool you can use too for maintaining the integrity and confidentiality of your data on the Internet
You may also want to protect your data from unauthorized viewers within your net-work, because certain information may not be for all eyes within the company Finally, encrypting your important data can be a final line of defense against hackers Even if they manage to break into your network and exploit the server, they still have to crack the encryption to get at your data
Trang 2Chapter Overview
Concepts you will learn:
•Symmetric and asymmetric encryption
•Different encryption algorithms
•Encryption applications
•Certificate authority security model
•Web of trust security model
Tools you will use:
PGP, GnuPG, OpenSSH, FreeS/WAN, and John the Ripper
There are many different protocols for encryption Looking again at the OSI Refer-ence Model (Figure 9.1), you can see that there are encryption tools that operate at several different levels of the network model As you probably guessed, there are many excellent open source encryption tools available for just about every application, from encrypting single files to protecting all of your outbound Internet connections In fact, the ready avail-ability of high-quality encryption software has its roots in the open source movement
Figure 9.1 OSI Model and Encryption
Trang 3Types of Encryption
There are two main ways to do encryption today The first kind of encryption, called sym-metric cryptography or shared secret encryption, has been used since ancient Egyptian times This form of encryption uses a secret key, called the shared secret, to scramble the
data into unintelligible gibberish The person on the other end needs the shared secret (key) to unlock the data—the encryption algorithm You can change the key and change the results of the encryption It is called symmetric cryptography because the same key is used on both ends for both encryption and decryption (see Figure 9.2)
The problem with this method is that you have to communicate the secret key securely to your intended recipient If your enemy intercepts the key, he can read the mes-sage All kinds of systems were invented to try to get around this basic weakness, but the fact remained: you still had to communicate the secret key in some way to your intended recipient before you could commence secure communications
A revolution in encryption was started when Whitfield Diffie, Martin Hellman, and Ralph Merkle invented Public Key cryptography (Actually, there is some debate whether the British civil servant James Ellis really invented it earlier and kept it secret, but Diffie, Hellman, and Merkle were the first to go public with it in 1976.) They were trying to solve the age-old problem of key exchange Diffie wondered how two individuals wanting to make a financial transaction over an electronic network could do so securely He was thinking far ahead here, because the Internet was in its infancy at the time and e-commerce didn’t yet exist If big governments had problems dealing with the key exchange problem, how could the average person manage this? He wanted to come up with a system by which two parties could easily hold protected conversations and secure transactions without hav-ing to exchange keys every time He knew that if he could solve the key exchange prob-lem, it would be a huge advance in cryptography
Diffie partnered with Martin Hellman and Ralph Merkle It took them a few years, but
finally they came up with a system called public key encryption (PKE), also known as asymmetric cryptography
Figure 9.2 Symmetric Cryptography
Encrypted document
Plain text document Plain text document
Decrypted with shared key Encrypted with
shared key
Trang 4Asymmetric cryptography uses encryption that splits the key into two smaller keys One of the keys is made public and one is kept private You encrypt a message with the recipient’s public key The recipient can then decrypt it with their private key And they can do the same for you, encrypting a message with your public key so you can decrypt it with your private key (see Figure 9.3) The difference here is that you don’t need some-one’s private key to send him or her a secure message You use his or her public key, which doesn’t have to be kept secure (in fact, it can be published like a phone number) By using your recipient’s public key, you know that only that person can encrypt it using his or her private key This system allows two entities to communicate securely without any prior exchange of keys
Asymmetric cryptography is usually implemented by the use of one-way functions In mathematic terms, these are functions that are easy to compute in one direction but very difficult to compute in reverse This is what allows you to publish your public key, which
is derived from your private key It is very difficult to work backwards and determine the private key A common one-way function used today is factoring large prime numbers It
is easy to multiply two prime numbers together and get a product However, to determine which of the many possibilities are the two factors of the product is one of the great math-ematical problems If anyone were to invent a method for easily deducing factors of large prime numbers, it could make obsolete much of the public key encryption used today For-tunately, other one-way functions work for this application, such as calculations on ellipti-cal curves or computation of inverse logarithms over a finite field
Soon after the paper by Diffie, Hellman, and Merkle was released, another group of three men developed a practical application of the theory Their system for public key encryption was called RSA after their names: Ronald Rivest, Adi Shamir, and Leonard Adleman They formed a company and began licensing their system The adoption rate was slow and their company almost went out of business, until they cut a deal to take advantage of the growing Internet commerce field with a then little-known company
Figure 9.3 Asymmetric Cryptography (Public Key)
Encrypted document
Plain text document Plain text document
Decrypted with
recipient's private key
Encrypted with recipient's public key
Trang 5called Netscape The rest is history, and RSA is now the most widely used public key encryption algorithm Diffie and Hellman eventually released a practical application of their own, but it is usable only for key exchanges, whereas RSA can do authentication and nonrepudiation
Public key encryption is now behind every Web server that offers you a secure pur-chase Your transaction is encrypted without giving or taking a secret key, and it all hap-pens in the background All we know as users is that the little SSL lock symbol displays in our browser and we feel safer Imagine the effects on Internet commerce if every time you wanted to buy something online you had to think of a secret key, encrypt the message, and then somehow communicate that key to the other party Obviously, e-commerce could not exist as it does today without public key cryptography
There are many different encryption algorithms, protocols, and applications based on these two main types of encryption The following sections introduce some of these
Encryption Algorithms
Today, strength of encryption is usually measured by key size No matter how strong the algorithm, the encrypted data can be subject to brute force attacks in which all possible combinations of keys are tried Eventually the encryption can be cracked For most mod-ern ciphers with decent key lengths, the time to crack them with brute force them is mea-sured in millennia However, an undisclosed flaw in an algorithm or an advance in computer technology or mathematical methods could sharply decrease these times Generally, the thinking is that the key length should be suitable for keeping the data secure for a reasonable amount of time If the item is very topical, such as battlefield com-munications or daily stock information, then a cipher that protects it for a matter of weeks
or months is just fine However, something like your credit card number or national secu-rity secrets need to be kept secure for a longer period, effectively forever So using weaker encryption algorithms or shorter key lengths for some things is okay, as long as the infor-mation usefulness to an outsider expires in a short amount of time
Data Encryption Standard (DES) DES is the original standard that the U.S govern-ment began promoting for both governgovern-ment and business use Originally thought to be practically unbreakable in the 1970s, the increase in power and decrease in cost of com-puting has made its 56-bit key functionally obsolete for highly sensitive information However, it is still used in many commercial products and is considered acceptable for lower security applications It also is used in products that have slower processors, such as smart cards and appliance devices that can’t process a larger key size
TripleDES TripleDES, or 3DES as it is sometimes written, is the newer, improved ver-sion of DES, and its name implies what it does It runs DES three times on the data in three phases: encrypt, decrypt, and then encrypt again It actually doesn’t give a threefold increase in the strength of the cipher (because the first encryption key is used twice to
Trang 6encrypt the data and then a second key is used to encrypt the results of that process), but it still gives an effective key length of 168 bits, which is plenty strong for almost all uses
RC4, RC5, and RC6 This is an encryption algorithm developed by Ronald Rivest, one
of the developers of RSA, the first commercial application of public key cryptography Improvements have been made over time to make it stronger and fix minor issues The current version, RC6, allows up to a 2,040-bit key size and variable block size up to 128 bits
AES When the U.S government realized that DES would eventually reach the end of its useful life, it began a search for a replacement The National Institute of Standards and Technology (NIST), a government standards body, announced an open competition for a new algorithm that would become the new government standard There were many com-petitors including RC6, Blowfish by renowned cryptographer Bruce Schneier, and other worthy algorithms They settled on AES, which is based on an algorithm called Rijndael, designed by two Belgian cryptographers This is significant because they used an open competition to decide on the standard Also, selecting an algorithm by two non-American developers with no significant commercial interests helped to legitimize this selection worldwide AES is rapidly becoming the new standard for encryption It offers up to a 256-bit cipher key, which is more than enough power for the foreseeable future Typically, AES is implemented in either 128- or 192-bit mode for performance considerations
Encryption Applications
Hashes Hashes are a special use of one-way functions to provide authentication and verification using encryption A hash function takes a file and puts it through a function so that it produces a much smaller file of a set size By hashing a file, you produce a unique fingerprint of it This gives you a way to make sure that the file has not been altered in any way By hashing a suspect file and comparing the hash to the known good hash, you can tell if any changes have been made It is unlikely that a file with a different structure would produce an identical hash Even changing one character changes the hash significantly The chances of two different files producing the same hash are infinitesimal
Hashes are often provided on downloaded versions of software to make sure you are getting the real thing This is important, especially with open source software, where it may have been passed around quite a bit or downloaded from another site The official Web site will usually post the correct hash of the latest version If the two don’t match, then you know some changes have been made, possibly without the permission or knowl-edge of the software developers The most popular hashing algorithm is called MD5
Digital Certificates Digital certificates are the “signature” of the Internet commerce world These use a combination of encryption types to provide authentication They prove that who you are connecting to is really who they say they are Simply put, a certificate is
a “certification” of where the information is coming from A certificate contains the public
Trang 7key of the organization encrypted with either its private key or the private key of a signing authority Using a signing or certificate authority is considered the more secure method of the two If you can decrypt the certificate with their public key, then you can reasonably assume the Web site belongs to that organization
Certificates are usually tied to a particular domain They can be issued by a central entity, called a Certificate Authority (CA), or created and signed locally as described above There are several of these organizations, the biggest of which is VeriSign, the com-pany that also runs the domain names system They have sanctioned many other compa-nies to offer certificates under their authority Getting a certificate from VeriSign or one of the companies it authorizes is like having someone vouch for you Generally, they will not issue you a certificate until they verify the information you are putting in the certificate, either by phone or via some kind of paper documentation, such as a corporate charter Once they “certify” you, they will take this information, including the URLs you are going
to use the certificate for, and digitally “sign” it by encrypting it with their private key Then
a Web server or other program can use this certificate When outside users receive some data, such as a Web page from the server, and it has a certificate attached, they can use public key cryptography to decrypt the certificate and verify your identity Certificates are used most often at e-commerce Web sites, but they can also be used for any form of com-munications SSH and Nessus both can use certificates for authentication VPNs also can use certificates for authentication instead of passwords
Encryption Protocols
IPsec It’s a well-known fact that the IP protocol as designed originally was not very secure IP version 4 (IPv4), which is what most of the world uses for IP communications, doesn’t provide any kind of authentication or confidentiality Packet payloads are sent in the clear, and packet headers can easily be modified since they are not verified at the desti-nation Many Internet attacks rely on this basic insecurity in the Internet infrastructure A new IP standard, called IPv6, was developed to provide authentication and confidentiality via encryption It also expanded the IP address space by using a 128-bit address rather than the 32-bit currently used and improved on a number of other things as well
Fully implementing the IPv6 standard would require wide-scale hardware upgrades,
so IPv6 deployment has been pretty slow However, an implementation of security for IP, called IPsec, was developed that wouldn’t require major changes in the addressing scheme Hardware vendors have jumped on this, and IPsec has gradually become a de facto standard for creating Internet VPNs
IPsec is not a specific encryption algorithm, but rather a framework for encrypting and verifying packets within the IP protocol IPsec can use different algorithms and can be implemented in whole or just partially A combination of public key and private key cryp-tography is used to encrypt the packet contents, and hashes add authentication as well
This function is called Authentication Header (AH) With AH, a hash is made of the IP
header and passed along When the packet arrives at the destination, a new hash is made of each header If it doesn’t compare to the one sent, then you know the header has been
Trang 8altered somehow in transit This provides a high level of assurance that the packet came from where it says it does You may choose to do encryption of the packet payload but not
do AH, as this can slow down the throughput AH can also get fouled up in some environ-ments with NAT or firewalls There are also different two operation modes you can run IPsec in: tunnel mode or transport mode
In tunnel mode, the entire packet—header and all—is encapsulated and encrypted,
placed in another packet, and forwarded to a central VPN processor The endpoints decrypt the packets and then forward them to the correct IP A benefit of this method is that outsiders can’t even tell what the final destination is for the encrypted packet Another advantage is that the VPN can be controlled and administered from a few central points The downside is that this requires dedicated hardware at both ends to do the tunneling
In transport mode, only the packet payloads are encrypted; the headers are sent
intact This makes deployment a little easier and requires less infrastructure You can still
do AH when using transport mode and verify the source address of the packets
Point-to-Point Tunneling Protocol (PPTP) PPTP is a standard that was developed
by Microsoft, 3Com, and other large companies to provide encryption Microsoft has added it to Windows 98 and later releases This made it seem a likely candidate to be the major standard for widespread encryption technology However, some major flaws were discovered in PPTP, which limited its acceptance When Microsoft bundled IPsec with Windows 2000, it seemed a tacit admission that IPsec had won as the new encryption stan-dard However, PPTP is still a useful and inexpensive protocol for setting up VPNs between older Windows PCs
Layer Two Tunneling Protocol (L2TP) This is another industry-developed proto-col, and is endorsed by Microsoft and Cisco Although used frequently in hardware-based encryption devices, its use in software is relatively limited
Secure Socket Layer (SSL) This protocol was designed specifically for use on the Web, although it can be used for almost any type of TCP communications Netscape orig-inally developed it for their browser to help stimulate e-commerce SSL provides data encryption, authentication on both ends, and message integrity using certificates Most of the time, SSL is used when connecting to a Web server so that we know the information
we send it is being protected along the way Most people don’t even realize that SSL is running in the background Usually it only authenticates one end, the server side, since most end users don’t have certificates
Encryption Applications
Phil Zimmerman is a programmer who was heavily involved with human rights He was concerned that the growing use of computers and communication networks would make it easier for the state security agencies of repressive regimes to intercept and gather informa-tion on dissidents Phil wanted to write some software that would help these people keep
Trang 9their information private and safe from the eyes of the brutal regimes that ruled them This software could quite literally save people’s lives He also didn’t entirely trust his own gov-ernment not to observe his personal data as it traveled across interconnected networks He knew how easy it would be for the government to build systems to search every line of every e-mail for certain key words He wanted to provide people with a way to protect and guarantee their constitutional right to privacy
He called his software Pretty Good Privacy (PGP), as he felt it did a good enough job
to protect the data from smaller countries’ intelligence forces However, the U.S informa-tion security agency, NSA, didn’t see it that way Zimmerman was investigated for violat-ing federal munitions export laws for allowviolat-ing his software to be downloaded out of the country
He originally intended on founding a company to sell his innovation However, when the government came after him, he freely distributed the software over the Internet to get it widely distributed He did subsequently form a company to market commercial versions
of the software, but there are open source implementations of PGP all over the Internet Some of them are more popular than others, and some are for niche applications such as e-mail encryption The next section reviews the official PGP Corporation freeware version
as well as a full open source version You can find a list of all the implementations of PGP
at www.cypherspace.org/openpgp/
P G P F r e e w a r e : A P u b l i c K e y E n c r y p t i o n T o o l
PGP Freeware
Author/primary contact: Phil Zimmerman
Other resources:
www.pgpi.com Mailing lists:
PGP Freeware Help Team IETF OpenPGP working group PGP users mailing list
PGP/MIME working group PGPi developers mailing list PGPi translators mailing list Pgplib developers mailing list All these lists can be accessed and subscribed to at www.pgpi.org/links/mailinglists/en/
Trang 10MIT maintains the official freeware version of PGP Since it is licensed from Phil Zimmerman and PGP Corporation, you can be reasonably sure of its integrity and validity The downside of the PGP freeware is that it is licensed for personal use only, so you can use it for your personal e-mail or for educational purposes if you are student If you are going to use this version of PGP, make sure that you carefully read the license and under-stand it While this version of PGP is open source and freeware, there are considerable restrictions on what you can use it for Remember, open source doesn’t always mean free
If you want the best of both worlds, both the most current version and ease of use and sup-port, you should look into buying a full license from PGP Corporation It runs about $125 for a single user, and has a discount for volume purchases If you can’t or won’t pay, then the next tool, GnuPG, which is a fully free implementation of PGP, may be of more inter-est to you
The official PGP from PGP Corporation does have some excellent features
• A built-in VPN client, IPsec 3DES VPN, which can be used to communicate securely with anyone who has PGP 8.0 or later
• The ability to build self-decrypted archives to send PGP messages to someone who doesn’t have PGP software loaded
• Deleted file wiping, which is the ability to permanently delete a file by overwriting the data on the disk multiple times
• Free space wiping, which is the same concept as deleted file wiping, but for your disk free space that may contain traces of old data
• Integrated command line support for those familiar with old-style commands
• Plug-ins for major e-mail programs, including Outlook, Eudora, and Claris Emailer (paid version only)
• Proxy support, which is useful for users behind a proxy firewall (paid version only)
• PGPDisk, which lets you encrypt a whole volume or subvolume of your disk so that encryption and decryption of your data happens automatically (paid version only) Before you install and begin using PGP, you should understand a little about how it works and the principles behind it This section is not meant to give you detailed training and understanding of cryptography or PGP; you can refer to the many books on those sub-jects But you should come out of this chapter being able to encrypt and decrypt messages using PGP
USENET Newsgroups:
Alt.security.pgp
Comp.security.pgp.announce
Comp.security.pgp.discuss
Comp.security.pgp.resources
Comp.security.pgp.tech
P G P F r e e w a r e : A P u b l i c K e y E n c r y p t i o n T o o l