The content chapter 5 (part 1) include: Preparing for cryptographic attacks, cryptography standards and protocols, key management and key life cycle, introduction of PKI, trust models, PKI management.
Trang 1
Public Key Infrastructure
Trang 2v Preparing for Cryptographic Attacks
v Cryptography Standards and Protocols
v Key management and Key life cycle
v Introduction of PKI
v Trust models
v PKI management
Trang 3Cryptographic Attacks
v Specific attacks on cryptographic systems can be divided into three types:
v Attacking the key
v Attacking the algorithm
v Intercepting the transmission
Trang 4Cryptographic Attacks: Birthday
attack
v A birthday attack is an example of an attack targeted at the key
v It isn’t an attack on the algorithm itself, just on the results
v If 25 people are in a room, there is some probability that two of those people will have the same birthday
v The probability increases as additional people enter the room
v It’s important to remember that probability doesn’t mean that something will occur, only that it’s more likely to occur
Trang 5Cryptographic Attacks: Weak key
Trang 6Cryptographic Attacks: Mathematical attack
v Mathematical attacks can be focused on the encryption algorithm itself, the key mechanism, or any potential area
of weakness in the algorithm
v These attacks use mathematical modeling and statistical analysis to determine how the system operates
v These types of attacks depend on intercepting large amounts of data and methodically attempting to decrypt the messages using one of the methods previously described
Trang 7v Preparing for Cryptographic Attacks
v Cryptography Standards and Protocols
v Key management and Key life cycle
v Introduction of PKI
v Trust models
v PKI management
Trang 8Public Domain Cryptography
v Public domain cryptography refers to the standards and protocols that emerge from individual or corporate efforts and are released to the general public for use
v PGP and RSA are two common public cryptographic initiatives
Trang 9Pretty Good Privacy (PGP) - Bí mật
tương đối tốt
v Developed by Phil Zimmerman
v In 1991, he published the encryption system on the Internet
v PGP has become a de facto standard for e-mail encryption
v PGP uses both symmetrical and asymmetrical encryption
Trang 10Pretty Good Privacy (PGP)
Trang 11v Rivest, Shamir, and Adleman
v RSA has been very involved in developing Public-Key Cryptography Standards (PKCS), and it maintains a list of standards for PKCS
Trang 12Public-Key Infrastructure X.509 (PKIX)
v Public-Key Cryptography Standards (PKCS) is a set of voluntary standards created by RSA and security leaders
v Early members of this group included Apple, Microsoft, DEC (now HP), Lotus, Sun, and MIT
Trang 13v The X.509 standard defines
v Certificate formats and fields for public keys
v The procedures that should be used to distribute public keys
v The X.509 version 2 certificate is still used as the primary method of issuing Certificate Revocation List (CRL) certificates
v The current version of X.509 certificates is version 3, and it comes in two basic types:
v End-entity certificate
v The CA certificate is issued by one CA to another CA The second CA can, in turn, issue certificates to an end entity.
Trang 14So what’s in a X.509 Digital Certificate?
Trang 15So what’s in a X.509 Digital Certificate?
Trang 16SSL and TLS
v Secure Sockets Layer (SSL):
v Establish a secure communication connection between two TCP-based machines
v Uses the handshake method of establishing a session
v The number of steps is always between four and nine, inclusive, based on who is doing the documentation
v http://support.microsoft.com:80/support/kb/articles/Q25 7/5/91.ASP
Trang 17SSL and TLS
v Secure Sockets Layer (SSL):
Trang 18SSL and TLS
v Transport Layer Security (TLS): Bảo mật lớp truyền dẫn
v Expands upon SSL
v TLS may replace SSL in the near future
v The TLS protocol is also referred to as SSL 3.1, but despite its name, it doesn’t interoperate with SSL
Trang 19Certificate Management Protocol (CMP)
v A messaging protocol used between PKI entities
v XML Key Management Specification (XKMS) is designed
to allow XML-based programs access to PKI services
v CMP is expected to be an area of high growth as PKI usage grows
Trang 20Secure Multipurpose Internet Mail
Extensions
v S/MIME
v A standard used for encrypting e-mail
v Uses the PKCS #7 standard (Cryptographic Message Syntax Standard) and is the most widely supported standard used to secure e-mail communications
Trang 21Secure Electronic Transaction (SET)
v Provides encryption for credit card numbers that can be transmitted over the Internet
v Developed by Visa and MasterCard
Trang 22Secure Shell (SSH)
v A tunneling protocol originally used on Unix systems
v Now available for both Unix and Windows
v SSH connections are established in two phases:
v The first phase is a secure channel to negotiate the channel connection
v The second phase is a secure channel used to establish the connection
Trang 23Secure Shell (SSH)
Trang 25Secure HTTP
v Secure Hypertext Transport Protocol (S-HTTP) is HTTP with message security (added by using RSA or a digital certificate)
v Whereas HTTPS creates a secure channel, S-HTTP creates a secure message.
v S-HTTP can use multiple protocols and mechanisms to protect the message
v It also provides data integrity and authentication
Trang 26IP Security (IPSec)
v Provides authentication and encryption across the Internet
v Becoming a standard for encrypting virtual private network (VPN) channels
v One of the primary uses of IPSec is to create VPNs IPSec, in conjunction with Layer 2 Tunneling Protocol (L2TP) or Layer 2 Forwarding (L2F), creates packets that are difficult to read if intercepted by a third party
v IPSec works at layer 3 of the OSI model
Trang 27IP Security (IPSec)
v Protocols used by IPSec at the bottom layer are
v Authentication Header (AH)
v Encapsulating Security Payload (ESP).
v Both can operate in either the transport or tunnel mode
v Port 50 is used for ESP
v Port 51 is used for AH
Trang 28Tunneling Protocols
v Point-to-Point Tunneling Protocol (PPTP)
v Encapsulation in a single point-to-point environment
v PPTP encapsulates and encrypts Point-to-Point Protocol (PPP) packets
v PPTP uses port 1723 and TCP for connections.
v Layer 2 Forwarding (L2F)
v Created by Cisco
v Creating tunnels primarily for dial-up connections.
v Shouldn’t be used over WANs.
v Provides authentication, but doesn’t provide encryption
v L2F uses port 1701 and TCP for connections.
Trang 29Tunneling Protocols
v Layer 2 Tunneling Protocol (L2TP)
v L2TP is a hybrid of PPTP and L2F
v Primarily a point-to-point protocol
v Supports multiple network protocols so it can be used as a bridge across many types of systems
v IPX, SNA, and IP
v L2TP doesn’t provide data security: The information isn’t encrypted (Security can be provided by protocols such as IPSec.)
v L2TP uses port 1701 and UDP for connections
Trang 30Wireless Transport Layer Security
(WTLS)
v Provides an encrypted and authenticated connection between a wireless client and a server
v WTLS is similar in function to TLS,
v Uses a lower bandwidth
v Less processing power
v It’s used to support wireless devices
Trang 31v Preparing for Cryptographic Attacks
v Cryptography Standards and Protocols
v Key management and Key life cycle
v Introduction of PKI
v Trust models
v PKI management
Trang 32Key Management
v Centralized versus decentralized key generation
v Key storage and distribution
Trang 34Key generation
v Centralized Key Generation
Trang 35Key generation
v Decentralized Key Generation
Trang 36Storing and Distributing Keys
v Usually accomplished using a Key Distribution Center (KDC), as used in Kerberos, or by using a Key Exchange Algorithm (KEA), as in the case of PKI
Trang 37Storing and Distributing Keys
v Usually accomplished using a Key Distribution Center (KDC), as used in Kerberos, or by using a Key Exchange Algorithm (KEA), as in the case of PKI
Trang 40Revoking Keys
v Keys are revoked when
v they are compromised
v the authentication process has malfunctioned
v people are transferred
v other security risks occur
v Revoking a key keeps it from being misused
v A revoked key must be assumed to be invalid or possibly compromised
v PKI use a CRL to perform a check on the status of revoked keys
Trang 41Suspending Keys
v A key suspension is a temporary situation
v If an employee were to take a leave of absence, the employee’s key could be suspended until they came back
to work
v In a PKI system, a CRL would be checked to determine the status of a certificate
Trang 42Recovering and Archiving Keys
v Key archiving
Trang 43Recovering and Archiving Keys
v Key recovery
v Current keys
v Previous Keys
v Archived keys
Trang 44Renewing Keys
v Key renewal defines the process of enabling a key for use after its scheduled expiration date
v A key would be reissued for a certain time in this situation
v This process is called a key rollover
Trang 46v Preparing for Cryptographic Attacks
v Cryptography Standards and Protocols
v Key management and Key life cycle
v Introduction of PKI
v Trust models
v PKI management
Trang 47MiM (normal exchange)
Trang 48MiM Attack! (part 1)
Trang 49MiM Attack! Part 2
Trang 50Public Key Infrastructure
v Wouldn’t it be nice if some one we could distribute public keys AND be assured that the public key we received was the actual public key of the person we expect to talk to?
Trang 51Public Key Infrastructure
v PKIs are generally concerned with ensuring and managing identity trust, specifically using “digital certificates”.
v Provides all the components necessary for users to be able to communicate securely in a managed method
v Includes hardware, software, policies, services, algorithms and protocols
v Enables C, and I of the CIA triad
v Enables non-repudiation
Trang 52CIA Triad
Trang 54Public Key Infrastructure
v In a PKI you are given a digital certificate, which contains your identity, and a key (public key) people can use to encrypt data securely to you OR verify items that you have digitally signed!
v However we must have some way of ensuring that the digital certificate has not been “faked” so we have a entity called a Certificate Authority (CA) that digitally signs your digital certificate, proving that the digital certificate is really yours!
v It is important that users trust the CA, otherwise there is no purpose!!! The entire PKI structure relies upon the fact that the CA can be trusted! If the CA is comprimised the whole PKI is useless.
Trang 55Public Key Infrastructure
v CAs are computer technology entities that issue/sign your digital certificates, however they rely on an entity to actually do a “background” check on you to prove you really are you you say you are before the CA will “vouch” for you This “background” check entity is called an
Registration Authority (RA)
v RA would take identifying information that proves I am who
Trang 56How PKI works?
v Once a digital certificate has been created and signed, they are stored in a “Certificate repository” which can be queried by users and applications in a PKI when someone wants to communicate with a user
v These repositories are usually LDAP compliant databases
Trang 57Lets look at a digital Certificate together
v Firefox – https://www.redhat.com
v Click on the yellow lock at the bottom
v In the pop-up click on “view certificate”
v What version is it?
v What’s the “Common Name”
v Who is the Issuing Certificate Authority
v When does the Certificate Expire
v Why would a certificate expire?
Trang 58Lets look at a digital Certificate
together
v Now click on the details tab
v What is this “Certificate Hierarchy” stuff?
v Who Signed the cert for www.redhat.com
v Who signed the cert for that CA?
v This “vouching” for CAs is called a “certificate chain”
v If someone signed for someone else… who signed for them? When does this end? Let’s explore this…
Trang 59PKI hierarchy – Phân cấp PKI
v PKI implementations are usually a hierarchy, where one
CA signs another CAs certificate
v Parent - Child relationship
v Top parent is called a root CA
v All others are called subordinate CA
Trang 60PKI hierarchy
Trang 61CA concerns
v Every CA should have a Certification Practice Statement which outlines
v How the RA verifies identities
v How the Certificates are transferred
v How keys are secured
v What data is in a Digital Certificate
v How revocations are handled… etc
v Before using a 3rd party CA, you should understand and
be comfortable with CPS and the security controls they use If the CA does not handle things securely… there is
no point in using them
Trang 62v Given to CAs, can be signed by another CA or “self signed”
v What does it mean to be self signed, what does it imply?
Trang 63Certificate Practice Statements
v A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and implement its policies of the CA
v If a CA is unwilling to provide this information to a user, the
CA itself may be untrustworthy, and the trustworthiness of that CA’s users should be questioned
Trang 64Multiple Certificates
v Some PKIs use multiple certificates, and as such multiple public/private key pairs
v One for digitally signing data
v One for encrypting data
v Why would we want to have two different keys? (Hint think key storage and non-repudiation)
Trang 65v Preparing for Cryptographic Attacks
v Cryptography Standards and Protocols
v Key management and Key life cycle
v Introduction of PKI
v Trust models
v PKI management
Trang 66v Granularity refers to the ability to manage individual resources in the CA network.
Trang 67Hierarchical Trust Models
v A root CA at the top provides all the information
v The intermediate CAs are next in the hierarchy, and they only trust information provided by the root CA
v The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t
v This arrangement allows a high level of control at all levels
of the hierarchical tree
Trang 68Hierarchical Trust Models
Trang 69Bridge Trust Models
Trang 70Mesh Trust Models
Trang 71Hybrid Trust Model
Trang 72Web of Trust model
Trang 73v Web of Trust is a PKI with no central hierarchy, it’s literally
a web It’s like 6 degrees of separation
v Bob vouches for Andy
v Sarah trusts Bob, so she trusts the identity of Andy
v Sara vouches for Bob
v Steve trusts Sara, therefore he trusts the identities of Bob, and Andy via Sarah…
v PGP uses web of trust
Trang 74Web of Trust model
Trang 75Example PGP verification
v Verifing the signature of ClamAV
Trang 76v Preparing for Cryptographic Attacks
v Cryptography Standards and Protocols
v Key management and Key life cycle
v Introduction of PKI
v Trust models
v PKI management
Trang 77Certificate Renewals
v Certificates have a lifetime after which they expire Why?
v When a certificate expires you have to renew it You don’t have to go through the RA again You just have to be able
to sign a message with your old private key
v When renewing you can use the old public/private key pair
or generate a new key pair What is the advantage of generating a new pair?
Trang 78v An employee moved to a new company
v Someone has had their access revoked
v …
v A certificate revocation is handled either through a
Certificate Revocation List (CRL) or by using the Online Certificate Status Protocol (OCSP)