Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Slides:



Advertisements
Similar presentations
Digital Signatures and Hash Functions. Digital Signatures.
Advertisements

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
Linux Networking and Security Chapter 8 Making Data Secure.
Cryptography, Authentication and Digital Signatures
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Key Exchange Methods Diffie-Hellman and RSA CPE 701 Research Case Study Derek Eiler | April 2012.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Lecture 2: Introduction to Cryptography
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
Private key
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Basics of Cryptography
Computer Communication & Networks
Cryptography.
NET 311 Information Security
Chapter 3 - Public-Key Cryptography & Authentication
Presentation transcript:

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Outline 1.What’s Crypto Good for Anyway? Secrecy and beyond 2.Symmetric Cryptography Shared secrets 3.Crypto Toolbox Hashing, signing, encrypting 4.Asymmetric Cryptography Indistinguishable from magic… 5.Applied to Windows Azure Management Certificates, RDP, Publish Profiles, SSL Goal: grok concepts so Azure “just makes sense”

Dramatis Personae (Bruce Schneier’s book: Applied Cryptography, 2 nd Edition)

Four Uses of Cryptography Authentication – sender of a message is known (Bob knows Alice sent it) or intended recipient of message is known (Alice knows it’s really Bob) Confidentiality – if a message is intercepted by (eavesdropper) Eve, she cannot read it Data Integrity – if a message is tampered with by (malicious) Mallory, this will be evident Non-repudiation – a received message cannot be repudiated (Alice cannot deny having sent it)

Alice and Bob know each other and wish to communicate such that: If someone (like Eve) intercepts the message, the message contents will remain private If someone (like Mallory) intercepts and modifies the message, Alice or Bob can detect a change has been made Goal: Secure Communication (type 1) Bob Alice

Solution (type 1) : Shared Secret Alice and Bob agree on a Secret – Secret is exchanged securely in advance Shared Secret is used both to encrypt and decrypt the message This is symmetric cryptography Covers privacy directly, tampering indirectly State-of-the-art for around 4,000 years Still important (e.g., NIST): DES, 3DES, Rijndael

Goal: Secure Communication (type 2) Alice and Bob NOT ABLE TO agree on a secret – There is no opportunity to securely exchange a secret in advance How to ensure privacy? How to ensure no tampering? Before answering these questions, let’s look at a few crypto concepts we’ll need for our toolbox…

Crypto Toolbox: Hashing Hashing – Input is text (or binary) of any size – Output (“the hash”) is fixed size (e.g., 20 bytes) – Goal: Changing 1 input bit changes ½ the output bits – “Trap Door” – easy to create from an input, but given a hash, too hard to guess valid input (no collisions) – No cryptographic keys involved (just an algorithm) Well-known hashing algorithms: SHA1, MD5 Not unlike.NET’s virtual Object.GetHashCode() Passwords often stored hashed (salted/stretched)

Crypto Toolbox: Signing Signing – Input is any size – Output (“the signature”) is proportional – Cryptographic key is involved Can be cryptographically verified: Tamper Detection Commonly used in conjunction with Hashing – Hashing faster than signing – Signing a hash yields consistent signature size var msg = text + Sign(Hash(text), key) var valid = Verify(Hash(text), sig, key)

Crypto Toolbox: Encrypting Encrypting – Input is any size – Output (“the ciphertext”) is proportional – Cryptographic key is involved Can be cryptographically reversed: Privacy Can be used with Singing and Hashing var data = Encrypt(text, key) var msg = data + Sign(Hash(data), key) var valid = Verify(Hash(data), sig, key) var text = Decrypt(data, key)

Crypto Toolbox: Asymmetric Keys Asymmetric means that: Encryption Key != Decryption Key Signing Key != Verification Key (Pause for effect as minds are blown) Two kinds of keys, related cryptographically: – Public Key – intended to be (widely) distributed Used for Encrypting and Signature Verification – Private Key – intended to be secured Used for Decryption and Signing Signing Key == Decryption Key Encryption Key == Signature Verification Key

Crypto Toolbox: Asymmetric Keys var ciphertext = Encrypt(plaintext, publickeyB) var msg = ciphertext + Sign(Hash(ciphertext), privatekeyA) … … … … … … … … … … … … … … … … … … var valid = Verify(Hash(ciphertext), publickeyA) var plaintext = Decrypt(ciphertext, privatekeyB) Alice Bob 

Asymmetric Keys How could this possibly work? – Think of a Private Key as a pair of 500 digit primes – Think of a Public Key as their product – infeasible to factor – It is a lot easier to multiple together two 500-digit prime numbers than it is to factor the product – Computationally not happening to factor 1000-digit number into two 500-digit primes A related Pub/Priv Key pair commonly issued together as a digital certificate

Goal: Secure Communication (type 2) Alice and Bob NOT ABLE TO agree on a secret – There is no opportunity to securely exchange a secret in advance How to ensure privacy? How to ensure no tampering? Now we can answer this from our crypto toolbox

Solution (type 2) : Digital Certificates Alice and Bob independently generate certificates – Public Keys are exchanged openly – Private Keys are used to Sign and Decrypt This is asymmetric cryptography Covers privacy, tampering, non-repudiation – With PKI could also cover authentication Internet commerce relies on this – Alice is Amazon.com, Bob is anyone State-of-the-art since 1977 (RSA algorithm)

Role in Signing Role in Encryption File FormatManagement API access RDP Access to Role Instances Enable HTTPS Endpoints on Cloud Service Public Key Verify signature Encrypt.CERUpload to Windows Azure portal into Account No action needed, though it may happen to be installed in the certificate store of machine from which it is created Installed in local certificate store for self- signed-cert; no action for PKI certs Private Key SignDecrypt.PFX (also contains Public Key) Installed in local certificate store Upload to portal; reference in Service Model Azure Scope SubscriptionCloud Service The.publishprofile simulates account-scope

Resources Using Remote Desktop with Windows Azure Roles us/library/gg aspx us/library/gg aspx DRM Whitepaper with example of applying some of the principles - tal_rights_management_whitepaper.pdf tal_rights_management_whitepaper.pdf Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition by Bruce Schneier