Cryptographic methods: Recommended reading: Applied Cryptography, Bruce Schneier PacNOG I Workshop Presented by Hervey Allen Materials originally by Brian.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Services and Security through Cryptography ccTLD Workshop November 27, 2007 Amman, Jordan Hervey Allen.
Security through Cryptography PacNOG 6 Hervey Allen.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Cryptography 101 Frank Hecker
Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.
Cryptographic methods: Recommended reading: "Applied Cryptography", Bruce Schneier Brian Candler Updated by Hervey Allen ccTLD Workshop Apia, Samoa.
CSCI 6962: Server-side Design and Programming
Chapter 31 Network Security
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Security & Cryptographic Methods Unix System Administration May 28, 2008 Rabat, Morocco Hervey Allen.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Security & Cryptographic Methods PacNOG 6 Hervey Allen PacNOG 6 Hervey Allen.
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
Security & Cryptographic Methods AfNOG 2007 April 25-26, 2007 Abuja, Nigeria Hervey Allen.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Network Security David Lazăr.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security AFNOG 3 Workshop. Main Security Concerns ● Confidentiality ● Keeping our data safe from prying eyes ● Integrity ● Protecting our data from loss.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Public Key Encryption, Secure WWW Transactions & Digital Signatures.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Digital Signatures and Digital Certificates Monil Adhikari.
Private key
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.
Unix System Administration Based on AfNOG Notes Security Brian Candler Hervey Allen.
Cryptographic Applications and Methods Joel Jaeggli Some liberal help from: Brian Candler and Hervey Allen Most recently updated for AFNOG 2006.
Security & Cryptographic Methods
Hervey Allen Phil Regnauld 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Public / Private.
Security & Cryptographic Methods ccTLD Workshop November 27, 2007 Amman, Jordan Hervey Allen.
Security through Cryptography SA-E Workshop May 13, 2009 Cairo, Egypt Hervey Allen.
Security & Cryptographic Methods
Web Applications Security Cryptography 1
Cryptographic methods:
Presentation transcript:

Cryptographic methods: Recommended reading: Applied Cryptography, Bruce Schneier PacNOG I Workshop Presented by Hervey Allen Materials originally by Brian Candler

● Can offer genuinely secure solutions to important security problems ● Some governments forbid it ● Confidentiality ● Can I be sure no-one else can see my data? (e.g. sniffing) ● Integrity ● Has my data been modified? ● Authentication Why use cryptography?

1. "Private key" or "symmetric" ciphers clear text clear text k k cipher text The same key is used to encrypt the document before sending and decrypt it at the far end

We assume an eavesdropper is able to intercept the ciphertext ● How can they recover the cleartext?

Examples of symmetric ciphers ● DES - 56 bit key length, designed by US security service ● 3DES - effective key length 112 bits ● AES (Advanced Encryption Standard) to 256 bit key length ● Blowfish bits, optimised for fast operation on 32-bit microprocessors ● IDEA bits, patented (requires a licence for commercial use)

Features of symmetric ciphers ● Fast to encrypt and decrypt, suitable for large volumes of data ● A well-designed cipher is only subject to brute-force attack; the strength is therefore directly related to the key length ● Current recommendation is a key length of at least 90 bits ● i.e. to be fairly sure that your data will be safe for at least 20 years ● ● Problem - how do you distribute the keys?

2. "Hashing" - one-way encryption clear text Munging the document gives a short "message digest" (checksum). Not possible to go back from the digest to the original document. Fixed length "hash" or "message digest" hashing function

Examples ● Unix crypt() function, based on DES ● MD5 (Message Digest 5) bit hash ● SHA1 (Secure Hash Algorithm) bits ● Collisions have been found for SHA1/MD5. Some discussions here: ● Almost no two documents have been discovered which have the same MD5 digest ● So far, no feasible method to create any document which has a given MD5 digest

So what use is that? a. Integrity checks ● You can run many megabytes of data through MD5 and still get only 128 bits to check ● It is difficult for an attacker to modify your file and leave it with the same MD5 checksum ● Gives your document an almost unique "fingerprint"

Exercise ● Exercise: on your machine type ● cat /etc/motd ● Look at your neighbour's machine. Is their file exactly the same as yours? Can you be sure? ● md5sum /etc/motd ● Compare the result with your neighbour ● Now change ONE character in /etc/motd and repeat the md5sum test

Software announcements often contain an MD5 checksum ● It's trivial to check ● Protects you against hacked FTP servers and download errors $ md5 exim-4.50_1.tbz MD5 (exim-4.50_1.tbz) = 1884ca8e48536a087b86c279de5c9e69 $ Two Considerations: 1. Could the attacker have modified the original announcment? 2. You need to keep the md5sum file on a separate server from the software being downloaded.

So what use is that? b. Encrypted password storage ● We don't want to keep cleartext passwords if possible; the password file would be far too attractive a target ● Store hash(passwd) in /etc/master.passwd (shadow password in Linux) ● When user logs in, calculate the hash of the password they have given, and compare it to the hash in the password file ● If the two hashes match, the user must have entered the correct password ● Can an attacker still recover the password?

So what use is that? c. Generating encryption keys ● Users cannot remember 128 bit binary encryption keys ● However they can remember "passphrases" ● A hash can be used to convert a passphrase into a fixed-length encryption key ● The longer the passphrase, the more "randomness" it contains and the harder to guess. English text is typically only 1.3 bits of randomness per character.

Generating encryption keys for symmetric ciphers Passphrase entered by user 128-bit key MD5 hash Every passphrase generates a different 128-bit key

Example: GPG with symmetric cipher # vi foobar.txt # gpg -c foobar.txt Enter passphrase: ding/dong 479 fruitbat Repeat passphrase: ding/dong 479 fruitbat # ls foobar.txt* foobar.txt foobar.txt.gpg # rm foobar.txt rm: remove regular file `foobar.txt'? y # gpg foobar.txt.gpg gpg: CAST5 encrypted data Enter passphrase: ding/dong 479 fruitbat # cat foobar.txt ("gpg --version" shows the ciphers available)

3. "Public key" ciphers clear text clear text k 1 (public key) k 2 (private key) cipher text One key is used to encrypt the document, a different key is used to decrypt it

Public key and Private key ● The Public key and Private key are mathematically related (generated as a pair) ● It is easy to convert the Private key into the Public key. It is not easy to do the reverse. ● Key distribution problem is solved: you can post your public key anywhere. People can use it to encrypt messages to you, but only the holder of the private key can decrypt them. ● Examples: RSA, Elgamal (DSA)

Use for authentication: reverse the roles of the keys clear text clear text k 2 (private key) k 1 (public key) cipher text If you can decrypt the document with the public key, it proves it was written by the owner of the private key (and was not changed)

Key lengths ● Attacks on public key systems involve mathematical attempts to convert the public key into the private key. This is more efficient than brute force. ● 512-bit has been broken ● Recent developments suggest that 1024-bit keys might not be secure for long ● Recommend using 2048-bit keys* *

Protecting the private key* ● The security of the private key is paramount: keep it safe! ● Keep it on a floppy or a smartcard? ● Prefer to keep it encrypted if on a hard drive ● That means you have to decrypt it (using a passphrase) each time you use it ● An attacker would need to steal the file containing the private key, AND know or guess the passphrase. *Some disagree with this notion...

Protecting the private key k 2 (encrypted on disk) Passphrase entered by user k 2 ready for use hash symmetric cipher key

Public key cryptosystems are important ● But they require a lot of computation (expensive in CPU time) ● So we use some tricks to minimise the amount of data which is encrypted

When encrypting: ● Use a symmetric cipher with a random key (the "session key"). Use a public key cipher to encrypt the session key and send it along with the encrypted document. k1k1 k2k2 encrypted session key cipher text random session key ksskss ksskss (private) (public)

When authenticating: ● Take a hash of the document and encrypt only that. An encrypted hash is called a "digital signature" k2k2 k1k1 digital signature COMPARE hash (public) (private)

Digital Signatures have many uses, for example: ● E-commerce. An instruction to your bank to transfer money can be authenticated with a digital signature. ● Legislative regimes are slow to catch up ● A trusted third party can issue declarations such as "the holder of this key is a person who is legally known as Alice Hacker" ● like a passport binds your identity to your face ● Such a declaration is called a "certificate" ● You only need the third-party's public key to check the signature

Do public keys really solve the key distribution problem? ● Often we want to communicate securely with a remote party whose key we don't know ● We can retrieve their public key over the network ● But what if there's someone in between intercepting our traffic? public key

The "man in the middle" attack ● Passive sniffing is no problem ● But if they can modify packets, they can substitute a different key ● The attacker uses separate encryption keys to talk to both sides ● You think your traffic is secure, but it isn't! key 1key 2 Attacker sees all traffic in plain text - and can modify it!

Digital Certificates can solve the man-in-the-middle problem ● Problem: I have no prior knowledge of the remote side's key ● But someone I trust can check who they are ● The trusted third party can vouch for the remote side by signing a certificate which contains the remote side's name and public key ● I can check the validity of the certificate using the trusted third party's public key

Example: TLS (SSL) web server with digital certificate ● I generate a private key on my webserver ● I send my public key plus my identity (my webserver's domain name) to a certificate authority (CA) ● The CA manually checks that I am who I say I am, i.e. I own the domain ● They sign a certificate containing my public key, my domain name, and an expiration date (Q: why is an expiration date included?) ● I install the certificate on my web server

When a client's web browser connects to me with HTTPS: ● They negotiate an encrypted session with me, during which they learn my public key ● I send them the certificate ● They verify the certificate using the CA's public key, which is built-in to the browser ● If the signature is valid, the domain name in the URL matches the domain name in the certificate, and the expiration date has not passed, they know the connection is secure

The security of TLS depends on: ● Your webserver being secure ● So nobody else can obtain your private key ● The CA's public key being in all browsers ● The CA being well managed ● How carefully do they look after their own private keys? ● The CA being trustworthy ● Do they vet all certificate requests properly? ● Could a hacker persuade the CA to sign their key pretending to be someone else? What about a government?

PGP takes a different view ● We don't trust anyone except our friends (especially not big corporate monopolies) ● You sign your friends' keys to vouch for them ● Other people can choose to trust your signature as much as they trust you ● Generates a distributed "web of trust" ● Sign someone's key when you meet them face to face - "PGP key signing parties"

SSH uses a simple solution to man-in-the-middle ● The first time you connect to a remote host, remember its public key ● Stored in ~/.ssh/known_hosts ● The next time you connect, if the remote key is different, then maybe an attacker is intercepting the connection! ● Or maybe the remote host has just got a new key, e.g. after a reinstall. But it's up to you to resolve the problem ● Relies on there being no attack in progress the first time you connect to a machine

SSH can eliminate passwords ● Use public-key cryptography to prove who you are ● Generate a public/private key pair locally ● ssh-keygen -t dsa ● Private key is ~/.ssh/id_dsa ● Public key is ~/.ssh/id_dsa.pub ● Install your PUBLIC key on remote hosts ● mkdir.ssh ● chmod 755.ssh ● Copy public key into ~/.ssh/authorized_keys ● Login!

Notes on SSH authentication ● Private key is protected by a passphrase ● So you have to give it each time you log in ● Or use "ssh-agent" which holds a copy of your passphrase in RAM ● No need to change passwords across dozens of machines ● Disable passwords entirely! ● /etc/ssh/sshd_config ● Annoyingly, for historical reasons there are three different types of SSH keys ● SSH1 RSA*, SSH2 DSA, SSH2 RSA (*largely gone)

Designing a good cryptosystem is very difficult ● Many possible weaknesses and types of attack, often not obvious ● DON'T design your own! ● DO use expertly-designed cryptosystems which have been subject to widespread scrutiny ● Understand how they work and where the potential weaknesses are ● Remember the other weaknesses in your systems, especially the human ones

Where can you apply these cryptographic methods? ● At the link layer ● PPP encryption ● At the network layer ● IPSEC ● At the transport layer ● TLS (SSL): many applications support it ● At the application layer ● SSH: system administration, file transfers ● PGP/GPG: for securing messages, stand- alone documents, software packages etc. ● Tripwire (and others): system integrity checks

Some Resources Some interesting web links for further reading: ● Crypto FAQ from RSA Security ● Cryptography resources from Schneier.com ● Wikipedia SHA-1 collision discussion