Chapter 7 - Cryptographic Systems (Crypto).pdf

CCNA Security
1 © 2009 Cisco Learning Institute.
Chapter Seven
Cryptographic Systems

Major Concepts
•
Describe how the types of encryption, hashes,
and digital signatures work together to provide
confidentiality, integrity, and authentication
•
Describe the mechanisms to ensure data integrity and authentication
222 © 2009 Cisco Learning Institute.
integrity and authentication
•
Describe the mechanisms used to ensure data
confidentiality
•
Describe the mechanisms used to ensure data
confidentiality and authentication using a public
key

Lesson Objectives
Upon completion of this lesson, the successful participant
will be able to:
1.
Describe the requirements of secure communications including
integrity, authentication, and confidentiality
2.
Describe cryptography and provide an example
333 © 2009 Cisco Learning Institute.
2.
Describe cryptography and provide an example
3.
Describe cryptanalysis and provide an example
4.
Describe the importance and functions of cryptograp hic hashes
5.
Describe the features and functions of the MD5 algo rithm and of
the SHA-1 algorithm
6.
Explain how we can ensure authenticity using HMAC
7.
Describe the components of key management

Lesson Objectives
8.
Describe how encryption algorithms provide confiden tiality
9.
Describe the function of the DES algorithms
10.
Describe the function of the 3DES algorithm
11.
Describe the function of the AES algorithm
12.
Describe the function of the Software Encrypted Alg orithm (SEAL) and the Rivest ciphers (RC) algorithm
444 © 2009 Cisco Learning Institute.
(SEAL) and the Rivest ciphers (RC) algorithm
13.
Describe the function of the DH algorithm and its s upporting role
to DES, 3DES, and AES
14.
Explain the differences and their intended applicat ions
15.
Explain the functionality of digital signatures
16.
Describe the function of the RSA algorithm
17.
Describe the principles behind a public key infrast ructure (PKI)

Lesson Objectives
18.
Describe the various PKI standards
19.
Describe the role of CAs and the digital certificat es that they
issue in a PKI
20.
Describe the characteristics of digital certificate s and CAs
555 © 2009 Cisco Learning Institute.

Secure Communications
MARS
VPN
Firewall
IPS
CSA
666 © 2009 Cisco Learning Institute.
•
Traffic between sites must be secure
•
Measures must be taken to ensure it cannot be alter ed, forged, or
deciphered if intercepted Remote Branch
VPN
Iron Port
CSA
Web
Server
Email
ServerDNS
CSA
CSA
CSA
CSA
CSA
CSA

Authentication
•
An ATM Personal
Information Number (PIN)
is required for
authentication.
•
The PIN is a shared
777 © 2009 Cisco Learning Institute.
•
The PIN is a shared secret between a bank
account holder and the
financial institution.

Integrity
888 © 2009 Cisco Learning Institute.
•
An unbroken wax seal on an envelop ensures integrity.
•
The unique unbroken seal ensures no one has read the
contents.

Confidentiality
•
Julius Caesar
would send
encrypted
messages to his
generals in the
I O D Q N H D V W
999 © 2009 Cisco Learning Institute.
generals in the battlefield.
•
Even if
intercepted, his
enemies usually
could not read, let
alone decipher,
the messages.
I O D Q N H D V W
D W W D F N D W G D Z Q

History
Scytale - (700 BC)
Vigenère table
101010 © 2009 Cisco Learning Institute.
Jefferson encryption device
German Enigma Machine

Transposition Ciphers
The clear text message would be
encoded using a key of 3.
1
FLANK EAST
ATTACK AT DAWN
2
Clear Text
111111 © 2009 Cisco Learning Institute.
F...K...T...T...A...W.
.L.N.E.S.A.T.A.K.T.A.N
..A...A...T...C...D...
Ciphered Text
3
FKTTAW
LNESATAKTAN
AATCD
Use a rail fence cipher and a
key of 3.
The clear text message would
appear as follows.

Substitution Ciphers Caesar Cipher
The clear text message would be
encoded using a key of 3.
1
FLANK EAST
ATTACK AT DAWN
Shift the top
scroll over by
2
Clear text
121212 © 2009 Cisco Learning Institute.
Cipherered text
3
IODQN HDVW
DWWDFN DW GDZQ
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
scroll over by three characters
(key of 3), an A
becomes D, B
becomes E, and
so on.
2
The clear text message would
be encrypted as follows using a
key of 3.

Cipher Wheel
The clear text message would be
encoded using a key of 3.
1
FLANK EAST
ATTACK AT DAWN
Shifting the inner wheel by 3, then
2
Clear text
131313 © 2009 Cisco Learning Institute.
Cipherered text
3
IODQN HDVW
DWWDFN DW GDZQ
Shifting the inner wheel by 3, then the A becomes D, B becomes E,
and so on.
2
The clear text message would
appear as follows using a key of 3.

Vigen#re Table
a b c d e f g h i j k l m n o p q r s t u v w x y z
Aa b c d e f g h i j k l m n o p q r s t u v w x y z
Bb c d e f g h i j k l m n o p q r s t u v w x y z a
Cc d e f g h i j k l m n o p q r s t u v w x y z a b
Dd e f g h i j k l m n o p q r s t u v w x y z a b c
Ee f g h i j k l m n o p q r s t u v w x y z a b c d
Ff g h i j k l m n o p q r s t u v w x y z a b c d e
Gg h i j k l m n o p q r s t u v w x y z a b c d e f
Hh i j k l m n o p q r s t u v w x y z a b c d e f g
Ii j k l m n o p q r s t u v w x y z a b c d e f g h
Jj k l m n o p q r s t u v w x y z a b c d e f g h i
141414 © 2009 Cisco Learning Institute.
Kk l m n o p q r s t u v w x y z a b c d e f g h i j
Ll m n o p q r s t u v w x y z a b c d e f g h i j k
Mm n o p q r s t u v w x y z a b c d e f g h i j k l
Nn o p q r s t u v w x y z a b c d e f g h i j k l m
Oo p q r s t u v w x y z a b c d e f g h i j k l m n
Pp q r s t u v w x y z a b c d e f g h i j k l m n o
Qq r s t u v w x y z a b c d e f g h i j k l m n o p
Rr s t u v w x y z a b c d e f g h i j k l m n o p q
Ss t u v w x y z a b c d e f g h i j k l m n o p q r
Tt u v w x y z a b c d e f g h i j k l m n o p q r s
Uu v w x y z a b c d e f g h i j k l m n o p q r s t
Vv w x y z a b c d e f g h i j k l m n o p q r s t u
Ww x y z a b c d e f g h i j k l m n o p q r s t u v
Xx y z a b c d e f g h i j k l m n o p q r s t u v w
Yy z a b c d e f g h i j k l m n o p q r s t u v w x
Zz a b c d e f g h i j k l m n o p q r s t u v w x y

Stream Ciphers
•
Invented by the Norwegian Army Signal
Corps in 1950, the ETCRRM machine
uses the Vernam stream cipher method.
•
It was used by the US and Russian
governments to exchange information.
•
Plain text message is eXclusively OR'ed
151515 © 2009 Cisco Learning Institute.
•
Plain text message is eXclusively OR'ed with a key tape containing a random
stream of data of the same length to
generate the ciphertext.
•
Once a message was enciphered the
key tape was destroyed.
•
At the receiving end, the process was
reversed using an identical key tape to
decode the message.

Defining Cryptanalysis
Allies decipher secret
NAZI encryption code!
161616 © 2009 Cisco Learning Institute.
Cryptanalysis is from the Greek words kryptós (hidd en), and analýein
(to loosen or to untie). It is the practice and the study of determining
the meaning of encrypted information (cracking the code), without
access to the shared secret key.

Cryptanalysis Methods
Known Ciphertext
Brute Force Attack
171717 © 2009 Cisco Learning Institute.
With a Brute Force attack, the attacker has some po rtion of
ciphertext. The attacker attempts to unencrypt the ciphertext with
all possible keys.
Successfully
Unencrypted
Key found

Meet-in-the-Middle Attack
Known Ciphertext
Known Plaintext
Use every possible
decryption key until a result
is found matching the
corresponding plaintext.
Use every possible
encryption key until a
result is found matching
the corresponding
ciphertext.
181818 © 2009 Cisco Learning Institute.
With a Meet-in-the-Middle attack, the attacker has some portion of text
in both plaintext and ciphertext. The attacker atte mpts to unencrypt
the ciphertext with all possible keys while at the same time encrypt the
plaintext with another set of possible keys until o ne match is found.
MATCH of
Ciphertext!
Key found

Choosing a Cryptanalysis Method
1
The graph outlines the
frequency of letters in the
English language.
For example, the letters E,
T and A are the most
popular.
191919 © 2009 Cisco Learning Institute.
Cipherered text
2
IO
D
QN H
D
V
W
D
WW
D
FN
D
W
G
D
ZQ
There are 6 occurrences of the cipher
letter D and 4 occurrences of the cipher
letter W.
Replace the cipher letter D first with
popular clear text letters including E, T,
and finally A.
Trying A would reveal the shift pattern of 3.

Defining Cryptology
Cryptology
+
202020 © 2009 Cisco Learning Institute.
Cryptography
+
Cryptanalysis

Cryptanalysis
212121 © 2009 Cisco Learning Institute.

Cryptographic Hashes, Protocols, and Algorithm Examples
Integrity Integrity Authentication Authentication Confidentiality Confidentiality
MD5
SHA
HMAC-MD5
HMAC-SHA-1
RSA and DSA
DES
3DES
AES
SEAL
222222 © 2009 Cisco Learning Institute.
RSA and DSA
SEAL
RC (RC2, RC4, RC5, and RC6)
NIST Rivest
HASHHASH w/Key
Encryption

Hashing Basics
•
Hashes are used for
integrity assurance. •
Hashes are based on
one-way functions.
Data of Arbitrary
Length
232323 © 2009 Cisco Learning Institute.
•
The hash function hashes
arbitrary data into a fixed-
length digest known as
the hash value, message
digest, digest, or
fingerprint.
Fixed-Length
Hash Value
e883aa0b24c09f

Hashing Properties
X Why is x not in
Parens?
H=(x) h
Arbitrary
length text
242424 © 2009 Cisco Learning Institute.
he883aa0b24c09f
(H)
Why is H in
Parens?
Hash
Value
Hash
Function

Hashing in Action
•
Vulnerable to man-in-the-middle attacks
-
Hashing does not provide security to transmission.
•
Well-known hash functions
-
MD5 with 128-bit hashes
-
SHA-1 with 160-bit hashes
I would like to
cash this
check.
252525 © 2009 Cisco Learning Institute.
Pay to Terry Smith
$100.00
One Hundred and xx/100
Dollars
Pay to Alex Jones
$1000.00
One Thousand and
xx/100 Dollars
4ehIDx67NMop9
12ehqPx67NMoX
Match = No changes
No match = Alterations
Internet

MD5
•
MD5 is a ubiquitous hashing
algorithm •
Hashing properties
-
One-way function—easy to compute hash and infeasible to
MD5
262626 © 2009 Cisco Learning Institute.
compute hash and infeasible to compute data given a hash
-
Complex sequence of simple
binary operations (XORs,
rotations,etc.) which finally
produces a 128-bit hash.
MD5

SHA
•
SHA is similar in design to the MD4 and
MD5 family of hash functions
-
Takes an input message of no more than 2
64
bits
-
Produces a 160-bit message digest
SHA
272727 © 2009 Cisco Learning Institute.
•
The algorithm is slightly slower than MD5.
•
SHA-1 is a revision that corrected an
unpublished flaw in the original SHA. •
SHA-224, SHA-256, SHA-384, and SHA-
512 are newer and more secure versions of
SHA and are collectively known as SHA-2.
SHA

Hashing Example
282828 © 2009 Cisco Learning Institute.
In this example the clear text entered is displayin g hashed
results using MD5, SHA-1, and SHA256. Notice the
difference in key lengths between the various algor ithm. The
longer the key, the more secure the hash function.

Features of HMAC
•
Uses an additional secret
key as input to the hash
function
•
The secret key is known to the sender and receiver
+
Secret
Key
Data of Arbitrary
Length
292929 © 2009 Cisco Learning Institute.
to the sender and receiver
-
Adds authentication to
integrity assurance
-
Defeats man-in-the-middle
attacks
•
Based on existing hash
functions, such as MD5
and SHA-1.
The same procedure is used for
generation and verification of
secure fingerprints
Fixed Length
Authenticated
Hash Value
e883aa0b24c09f

HMAC Example Data
Secret
Key
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
Received DataSecret Key Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
303030 © 2009 Cisco Learning Institute.
HMAC
(Authenticated
Fingerprint)
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
4ehIDx67NMop9
4ehIDx67NMop9
HMAC
(Authenticated
Fingerprint)
4ehIDx67NMop9
If the generated HMAC matches the
sent HMAC, then integrity and
authenticity have been verified.
If they don’t match, discard the
message.

Using Hashing
e883aa0b24c09f
Data Integrity Data Authenticity
313131 © 2009 Cisco Learning Institute.
•
Routers use hashing with secret keys
•
Ipsec gateways and clients use hashing algorithms
•
Software images downloaded from the website have checksums
•
Sessions can be encrypted
Fixed-Length Hash
Value
Entity Authentication

Key Management
Key Management
Key Generation
Key Storage
Key Verification
323232 © 2009 Cisco Learning Institute.
Management
Key Storage
Key Exchange
Key Revocation and Destruction

Keyspace
DES Key Keyspace # of Possible Keys
56-bit
2
56
11111111 11111111 11111111
11111111 11111111 11111111 11111111
72,000,000,000,000,000
57-bit
2
57
11111111 11111111 11111111
11111111 11111111 11111111 11111111
1
144,000,000,000,000,000
2
58
Twice as
much time
Four time as
much time
333333 © 2009 Cisco Learning Institute.
58-bit
2
58
11111111 11111111 11111111
11111111 11111111 11111111 11111111
11
288,000,000,000,000,000
59-bit
2
59
11111111 11111111 11111111
11111111 11111111 11111111 11111111
111
576,000,000,000,000,000
60-bit
2
60
11111111 11111111 11111111
11111111 11111111 11111111 11111111
1111
1,152,000,000,000,000,000
CFor each bit added to the DES key, the attacker wou ld require twice the amount of time to
search the keyspace.
CLonger keys are more secure but are also more resource intensive and can affect throughput.
With 60-bit DES
an attacker would
require sixteen
more time than
56-bit DES

Types of Keys
224
224
2432
112
Protection up
to 20 years
192
192
1776
96
Protection up
to 10 years
160
160
1248
80
Protection up
to 3 years
Hash
Digital
Signature
Asymmetric
Key
Symmetric
Key
343434 © 2009 Cisco Learning Institute.
224
224
2432
112
to 20 years
256
256
3248
128
Protection up
to 30 years
512
512
15424
256
Protection against
quantum computers
CCalculations are based on the fact that computing power will continue to
grow at its present rate and the ability to perform b rute-force attacks will
grow at the same rate.
CNote the comparatively short symmetric key lengths illustra ting that
symmetric algorithms are the strongest type of algorithm .

Shorter keys = faster
processing, but less secure
Key Properties
353535 © 2009 Cisco Learning Institute.
Longer keys = slower
processing, but more
secure

Confidentiality and the OSI Model
•
For Data Link Layer confidentiality, use proprietary link -
encrypting devices •
For Network Layer confidentiality, use secure Network
Layer protocols such as the IPsec protocol suite
363636 © 2009 Cisco Learning Institute.
•
For Session Layer confidentiality, use protocols such as
Secure Sockets Layer (SSL) or Transport Layer Security
(TLS)
•
For Application Layer confidentiality, use secure e-mail,
secure database sessions (Oracle SQL*net), and secure
messaging (Lotus Notes sessions)

Symmetric Encryption
Key Key Encrypt
Decrypt
$1000
$1000
$!@#IQ
Pre-shared
key
373737 © 2009 Cisco Learning Institute.
•
Best known as shared-secret key algorithms
•
The usual key length is 80 - 256 bits
•
A sender and receiver must share a secret key
•
Faster processing because they use simple mathematical operations.
•
Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.

Symmetric Encryption and XOR
The XOR operator results in a 1 when the value of
either the first bitor the second bitis a 1
The XOR operator results in a 0 when neitheror both
of the bits is 1
383838 © 2009 Cisco Learning Institute.
Plain Text 1 1 0 1 0 0 1 1
Key (Apply) 0 1 0 1 0 1 0 1
XOR (Cipher Text) 1 0 0 0 0 1 1 0
Key (Re-Apply) 0 1 0 1 0 1 0 1
XOR (Plain Text) 1 1 0 1 0 0 1 1

Asymmetric Encryption
Encryption Key
Decryption Key
Encrypt
Decrypt
$1000
$1000
%3f7&4
Two separate
keys which are
not shared
393939 © 2009 Cisco Learning Institute.
•
Also known as public key algorithms
•
The usual key length is 512–4096 bits
•
A sender and receiver do not share a secret key
•
Relatively slow because they are based on difficult computational
algorithms •
Examples include RSA, ElGamal, elliptic curves, and DH.

Asymmetric Example : Diffie-Hellman
Get Out Your Calculators?
404040 © 2009 Cisco Learning Institute.

Symmetric Algorithms
Symmetric
Encryption
Algorithm
Key length
(in bits)
Description
DES56
Designed at IBM during the 1970s and was the NIST standard until 1997.
Although considered outdated, DES remains widely in use.
Designed to be implemented only in hardware, and is t herefore extremely
slow in software.
Based on using DES three times which means that the input data is
414141 © 2009 Cisco Learning Institute.
3DES112 and 168
Based on using DES three times which means that the input data is encrypted three times and therefore considered much stron ger than DES.
However, it is rather slow compared to some new block ciph ers such as AES.
AES128, 192, and 256
Fast in both software and hardware, is relatively easy to implement, and
requires little memory.
As a new encryption standard, it is currently being depl oyed on a large scale.
Software
Encryption
Algorithm (SEAL)
160
SEAL is an alternative algorithm to DES, 3DES, and A ES.
It uses a 160-bit encryption key and has a lower impact t o the CPU when
compared to other software-based algorithms.
The RC series
RC2 (40 and 64)
RC4 (1 to 256)
RC5 (0 to 2040)
RC6 (128, 192,
and 256)
A set of symmetric-key encryption algorithms invented by Ron Rivest.
RC1 was never published and RC3 was broken before ever being used.
RC4 is the world's most widely used stream cipher.
RC6, a 128-bit block cipher based heavily on RC5, was an AES finalist
developed in 1997.

Symmetric Encryption Techniques
64 bits
64bits
64bits
01010010110010101 01010010110010101
1100101 blank blank
Block Cipher – encryption is completed in 64 bit blocks
424242 © 2009 Cisco Learning Institute.
0101010010101010100001001001001 0101010010101010100001001001001
in 64 bit blocks
Stream Cipher – encryption is one bit
at a time

Selecting an Algorithm
DES 3DES AES
The algorithm is trusted by
the cryptographic
community
Been
replaced by
3DES
Yes
Verdict is
still out
434343 © 2009 Cisco Learning Institute.
The algorithm adequately
protects against brute-force
attacks
No Yes Yes

DES Scorecard
DescriptionData Encryption Standard
TimelineStandardized 1976
Type of AlgorithmSymmetric
444444 © 2009 Cisco Learning Institute.
Key size (in bits)56 bits
SpeedMedium
Time to crack
(Assuming a computer could try
255 keys per second)
Days (6.4 days by the COPACABANA machine, a specialized
cracking device)
Resource
Consumption
Medium

Block Cipher Modes
Initialization
Vector
ECBCBC
Message of Five 64-Bit Blocks Message of Five 64-Bit Blocks
454545 © 2009 Cisco Learning Institute.
DES
DES
DES
DES
DES
DES
DES
DES
DES
DES

Considerations
•
Change keys frequently to help
prevent brute-force attacks. •
Use a secure channel to
communicate the DES key from
the sender to the receiver.
DES
464646 © 2009 Cisco Learning Institute.
•
Consider using DES in CBC
mode. With CBC, the
encryption of each 64-bit block
depends on previous blocks.
•
Test a key to see if it is a weak
key before using it.

3DES Scorecard
DescriptionTriple Data Encryption Standard
TimelineStandardized 1977
Type of AlgorithmSymmetric
474747 © 2009 Cisco Learning Institute.
Key size (in bits)112 and 168 bits
SpeedLow
Time to crack
(Assuming a computer could try
255 keys per second)
4.6 Billion years with current technology
Resource
Consumption
Medium

Encryption Steps
1
The clear text from Alice is
encrypted using Key 1. That
ciphertext is decrypted
using a different key, Key 2.
Finally that ciphertext is
encrypted using another
key, Key 3.
484848 © 2009 Cisco Learning Institute.
When the 3DES ciphered text
is received, the process is
reversed. That is, the
ciphered text must first be
decrypted using Key 3,
encrypted using Key 2, and
finally decrypted using Key 1.
2
key, Key 3.

AES Scorecard
DescriptionAdvanced Encryption Standard
TimelineOfficial Standard since 2001
Type of AlgorithmSymmetric
494949 © 2009 Cisco Learning Institute.
Key size (in bits)128, 192, and 256
SpeedHigh
Time to crack
(Assuming a computer could try
255 keys per second)
149 Trillion years
Resource
Consumption
Low

Advantages of AES
•
The key is much stronger due to the key length
•
AES runs faster than 3DES on comparable hardware
•
AES is more efficient than DES and 3DES on
comparable hardware
505050 © 2009 Cisco Learning Institute.
The plain text is now
encrypted using 128
AES
An attempt at
deciphering the text
using a lowercase,
and incorrect key

SEAL Scorecard
DescriptionSoftware-Optimized Encryption Algorithm
TimelineFirst published in 1994. Current version is 3.0 (1997)
Type of AlgorithmSymmetric
515151 © 2009 Cisco Learning Institute.
Key size (in bits)160
SpeedHigh
Time to crack
(Assuming a computer could try
255 keys per second)
Unknown but considered very safe
Resource
Consumption
Low

Rivest Codes Scorecard
Description RC2 RC4 RC5 RC6
Timeline1987 1987 1994 1998
Type of AlgorithmBlock cipher
Stream
cipher
Block cipher Block cipher
525252 © 2009 Cisco Learning Institute.
Key size (in bits)40 and 64 1 - 256
0 to 2040
bits (128
suggested)
128, 192, or
256

DH Scorecard
DescriptionDiffie-Hellman Algorithm
Timeline1976
Type of AlgorithmAsymmetric
535353 © 2009 Cisco Learning Institute.
Key size (in bits)512, 1024, 2048
SpeedSlow
Time to crack
(Assuming a computer could
try 255 keys per second)
Unknown but considered very safe
Resource
Consumption
Medium

Using Diffie-Hellman
Alice Alice BobBob
CalcCalc
55
66
mod
2323
=
88
55
,,
2323
55
,,
2323
66
SecretShared SharedSecret
1
1
2
3
88
545454 © 2009 Cisco Learning Institute.
1.
Alice and Bob agree to use the same two numbers. For example, the
base number base number
gg
=
55
and
prime number prime number pp
=
2323
2.
Alice now chooses a
secret number secret number xx
=
66
.
3.
Alice performs the DH algorithm:
gg
xx
modulo
pp
= (
55
66
modulo
2323
))
=
8 (Y) 8 (Y)
and
sends the new number
8 (Y) 8 (Y)
to Bob.

Using Diffie-Hellman
Alice Bob
66
SecretCalc Shared Calc
1515
55
66
mod
2323
=
88
55
1515
mod
2323
=
1919
SharedSecret
88 1919
44
55
,,
2323
55
,,
2323
555555 © 2009 Cisco Learning Institute.
4. Meanwhile Bob has also chosen a
secret number secret number xx
=
1515
, performed the DH algorithm:
gg
xx
modulo
pp
= (
55
1515
modulo
2323
) =
19 (Y) 19 (Y)
and sent the new number
19 (Y) 19 (Y)
to
Alice.
5. Alice now computes
YY
xx
modulo
pp
= (
1919
66
modulo
23)23)
=
22
.
6. Bob now computes
YY
xx
modulo
pp
= (
88
66
modulo
23)23)
=
22
.
55
1515
mod
2323
=
1919
1919
66
mod
2323
=
22
88
1515
mod
2323
=
22
The result (
22
) is the same
for both Alice and Bob.
This number can now be
used as a shared secret
key by the encryption
algorithm.
1919
5
6

Asymmetric Key Characteristics
Plain
text
Encrypted
text
Plain
text
Encryption
Decryption
Encryption
Key
Decryption
Key
565656 © 2009 Cisco Learning Institute.
•
Key length ranges from 512–4096 bits
•
Key lengths greater than or equal to 1024 bits can be
trusted
•
Key lengths that are shorter than 1024 bits are
considered unreliable for most algorithms

Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality
Bob’s Public
Key
Can I get your Public Key please?
Here is my Public Key.
1
Bob’s Public
Key
2
Bob’s Private
Key
4
Computer A acquires
Computer B’s public key
Computer A transmits The encrypted message
575757 © 2009 Cisco Learning Institute.
Computer
A
Key
3
2
Encrypted
Text
Key
4
Encryption
Algorithm
Encryption
Algorithm
Encrypted
Text
Computer
B
Computer A uses Computer B’s
public key to encrypt a message
using an agreed-upon algorithm
The encrypted message to Computer B
Computer B uses
its private key to
decrypt and reveal
the message

Private Key (Encrypt) + Public Key (Decrypt) = Authentication
Bob uses the public key to
successfully decrypt the message
and authenticate that the message
did, indeed, come from Alice.
Alice’s Private
Key
1
Encrypted
Text
Encryption
4
Alice’s Public
Key
Alice encrypts a message
with her private key
Alice transmits the
585858 © 2009 Cisco Learning Institute.
Encryption Algorithm
Encrypted
Text
2
Alice’s Public
Key
Can I get your Public Key please?
Here is my Public Key
3
4
Encryption
Algorithm
Encrypted
Text
Key
Computer
A
Computer
B
Alice transmits the encrypted message
to Bob
Bob needs to verify that the message
actually came from Alice. He requests
and acquires Alice’s public key

Asymmetric Key Algorithms
Key
length
(in bits)
Description
DH
512, 1024,
2048
Invented in 1976 by Whitfield Diffie and Martin Hel lman.
Two parties to agree on a key that they can use to encry pt messages
The assumption is that it is easy to raise a number to a certain power, but difficult
to compute which power was used given the number and the outcome.
Digital Signature
Standard (DSS) and
Digital Signature
512
-
1024
Created by NIST and specifies DSA as the algorithm for digital signatures. A public key algorithm based on the ElGamal signature sch eme.
595959 © 2009 Cisco Learning Institute.
Digital Signature Algorithm (DSA)
512
-
1024
A public key algorithm based on the ElGamal signature sch eme. Signature creation speed is similar with RSA, but is slow er for verification.
RSA encryption
algorithms
512 to 2048
Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977
Based on the current difficulty of factoring very large numbers
Suitable for signing as well as encryption
Widely used in electronic commerce protocols
EIGamal512 - 1024
Based on the Diffie-Hellman key agreement.
Described by Taher Elgamal in 1984and is used in GNU Privacy Guard software,
PGP, and other cryptosystems.
The encrypted message becomes about twice the size of the original message
and for this reason it is only used for small messages such a s secret keys
Elliptical curve
techniques
160
Invented by Neil Koblitz in 1987 and by Victor Mille r in 1986.
Can be used to adapt many cryptographic algorithms
Keys can be much smaller

Security Services-Digital Signatures
•
Authenticates a source,
proving a certain party
has seen, and has signed,
the data in question
•
Signing party cannot
606060 © 2009 Cisco Learning Institute.
•
Signing party cannot repudiate that it signed
the data •
Guarantees that the data
has not changed from the
time it was signedAuthenticity
Integrity
Nonrepudiation

Digital Signatures
•
The signature is authentic and
not forgeable:The signature is
proof that the signer, and no one
else, signed the document.
•
The signature is not reusable: The signature is a part of the document and cannot be moved to a
616161 © 2009 Cisco Learning Institute.
The signature is a part of the document and cannot be moved to a different document.
•
The signature is unalterable:After a document is signed, it cannot
be altered. •
The signature cannot be repudiated: For legal purposes, the
signature and the document are considered to be physical things. The
signer cannot claim later that they did not sign it .

The Digital Signature Process
Confirm
OrderData
Signature Verified
0a77b3440…
Signed Data
1
6
Validity of the digital
signature is verified
hash
The sending device creates
a hash of the document
The receiving device
accepts the document
with digital signature
and obtains the public key
626262 © 2009 Cisco Learning Institute.
Encrypted
hash
Confirm
Order
____________
0a77b3440…
Signature
Algorithm
Signature
Key
Verification
Key
0a77b3440…
Signed Data
1
2
3
4
6
hash
5
The sending device
encrypts only the hash
with the private key
of the signer
The signature algorithm
generates a digital signature
and obtains the public key
Signature is
verified with
the verification
key

Code Signing with Digital Signatures
636363 © 2009 Cisco Learning Institute.
•
The publisher of the software attaches a digital si gnature to the
executable, signed with the signature key of the pu blisher. •
The user of the software needs to obtain the public key of the
publisher or the CA certificate of the publisher if PKI is used.

DSA Scorecard
DescriptionDigital Signature Algorithm (DSA)
Timeline1994
Type of AlgorithmProvides digital signatures
646464 © 2009 Cisco Learning Institute.
Advantages:Signature generation is fast
Disadvantages:Signature verification is slow

RSA Scorecard
DescriptionRon Rivest, Adi Shamir, and Len Adleman
Timeline1977
Type of AlgorithmAsymmetric algorithm
656565 © 2009 Cisco Learning Institute.
Key size (in bits)512 - 2048
Advantages:Signature verification is fast
Disadvantages:Signature generation is slow

Properties of RSA
•
One hundred times slower than
DES in hardware •
One thousand times slower
than DES in software •
Used to protect small amounts
666666 © 2009 Cisco Learning Institute.
•
Used to protect small amounts of data
•
Ensures confidentiality of data
thru encryption •
Generates digital signatures for
authentication and
nonrepudiation of data

Public Key Infrastructure
Alice applies for a driver’s license.
She receives her driver’s license
after her identity is proven.
676767 © 2009 Cisco Learning Institute.
Alice attempts to cash a check.
Her identity is accepted after her
driver’s license is checked.

PKI: A service framework (hardware, software, people,
Public Key Infrastructure
PKI terminology to remember:
686868 © 2009 Cisco Learning Institute.
A service framework (hardware, software, people, policies and procedures) needed to support large-
scale public key-based technologies.
Certificate:
A document, which binds together the name of the
entity and its public key and has been signed by the
CA
Certificate authority (CA):
The trusted third party that signs the public keys
of entities in a PKI-based system

CA Vendors and Sample Certificates
http://www.verisign.com
http://www.entrust.com
696969 © 2009 Cisco Learning Institute.
http://www.verizonbusiness.com/
http://www.rsa.com/
http://www.novell.com
http://www.microsoft.com

Usage Keys
•
When an encryption certificate is used much more fr equently than a
signing certificate, the public and private key pai r is more exposed
due to its frequent usage. In this case, it might b e a good idea to
shorten the lifetime of the key pair and change it more often, while
having a separate signing private and public key pa ir with a longer
lifetime.
707070 © 2009 Cisco Learning Institute.
lifetime.
•
When different levels of encryption and digital sig ning are required
because of legal, export, or performance issues, us age keys allow an
administrator to assign different key lengths to th e two pairs.
•
When key recovery is desired, such as when a copy of a user’s
private key is kept in a central repository for var ious backup reasons,
usage keys allow the user to back up only the priva te key of the
encrypting pair. The signing private key remains wi th the user,
enabling true nonrepudiation.

The Current State
X.509
717171 © 2009 Cisco Learning Institute.
•
Many vendors have proposed and implemented
proprietary solutions
•
Progression towards publishing a common set of
standards for PKI protocols and data formats

X.509v3
•
X.509v3 is a standard that
describes the certificate
structure.
•
X.509v3 is used with:
727272 © 2009 Cisco Learning Institute.
-
Secure web servers: SSL
and TLS
-
Web browsers: SSL and
TLS
-
Email programs: S/MIME
-
IPsec VPNs: IKE

X.509v3 Applications
Internet
Enterprise
Network
External
Web Server
Internet
Mail
Server
Cisco
Secure
ACS
CA
Server
SSL
S/MIME
EAP-TLS
737373 © 2009 Cisco Learning Institute.
•
Certificates can be used for various purposes.
•
One CA server can be used for all types of authentication
as long as they support the same PKI procedures.
Server
IPsec
VPN
Concentrator

RSA PKCS Standards
•PKCS #1:RSA Cryptography Standard
•PKCS #3:DH Key Agreement Standard
•
PKCS #5:
Password
-
Based Cryptography Standard
747474 © 2009 Cisco Learning Institute.
•
PKCS #5:
Password
-
Based Cryptography Standard
•PKCS #6:Extended-Certificate Syntax Standard
•PKCS #7:Cryptographic Message Syntax Standard
•PKCS #8:Private-Key Information Syntax Standard
•PKCS #10:Certification Request Syntax Standard
•PKCS #12:Personal Information Exchange Syntax Standard
•PKCS #13:Elliptic Curve Cryptography Standard
•PKCS #15:Cryptographic Token Information Format Standard

Public Key Technology
PKCS#7
PKCS#10
Certificate
Signed
Certificate
CA
757575 © 2009 Cisco Learning Institute.
•
A PKI communication protocol used for VPN PKI
enrollment •
Uses the PKCS#7 and PKCS#10 standards
PKCS#7

Single-Root PKI Topology
•
Certificates issued by one CA
•
Centralized trust decisions
•
Single point of failure
Root CA
767676 © 2009 Cisco Learning Institute.
Root CA

Hierarchical CA Topology
Root CA
Subordinate
CA
777777 © 2009 Cisco Learning Institute.
•
Delegation and distribution of trust
•
Certification paths
CA

Registration Authorities
2
Completed Enrollment
Request Forwarded to
CA
CA
After the Registration
Authority adds specific
information to the
certificate request and
the request is approved
under the organization’s
policy, it is forwarded
797979 © 2009 Cisco Learning Institute.
The CA will sign the certificate
request and send it back to the
host
1
Enrollment
request
3
Certificate Issued
RA
Hosts will submit
certificate requests
to the RA
policy, it is forwarded on to the Certification
Authority

Retrieving the CA Certificates
Alice and Bob telephone the CA
administrator and verify the public key
and serial number of the certificate
CA
Admin
POTS
Out-of-Band
Authentication of
the CA Certificate
POTS
Out-of-Band
Authentication of
the CA Certificate
3
3
808080 © 2009 Cisco Learning Institute.
CA
CA
Certificate
CA
Certificate
Enterprise Network
POTS
1
1
2
2
3
Alice and Bob request the CA certificate
that contains the CA public key
Each system verifies the
validity of the certificate

Submitting Certificate Requests
CA Admin
Out-of-Band
Authentication of
the CA Certificate
POTSOut-of-Band
Authentication of
the CA Certificate
2
The certificate is
retrieved and the
certificate is installed
onto the system
The CA administrator telephones to
confirm their submittal and the public
key and issues the certificate by
adding some additional data to the
request, and digitally signing it all
818181 © 2009 Cisco Learning Institute.
Admin
CA
Enterprise Network
POTS
POTS
1
1
3Certificate
Request
Certificate
Request
3
Both systems forward a certificate request which
includes their public key. All of this information is
encrypted using the public key of the CA

Authenticating
Private Key (Alice)
Private Key (Bob)
Certificate (Alice)
1
2
2
Bob and Alice exchange certificates. The CA is no l onger involved
828282 © 2009 Cisco Learning Institute.
Certificate (Alice) CA Certificate
Certificate (Bob) CA Certificate
Certificate (Bob)
Each party verifies the digital signature on the ce rtificate by hashing the
plaintext portion of the certificate, decrypting th e digital signature using the
CA public key, and comparing the results.

PKI Authentication Characteristics
•
To authenticate each other, users have to obtain
the certificate of the CA and their own certificate .
These steps require the out-of-band verification
of the processes.
•
Public-key systems use asymmetric keys where
one is public and the other one is private.
838383 © 2009 Cisco Learning Institute.
•
Key management is simplified because two
users can freely exchange the certificates. The
validity of the received certificates is verified
using the public key of the CA, which the users
have in their possession.
•
Because of the strength of the algorithms,
administrators can set a very long lifetime for the
certificates.

Chapter 7 - Cryptographic Systems (Crypto).pdf

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Chapter 7 - Cryptographic Systems (Crypto).pdf

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

Slide 73

Slide 74

Slide 75

Slide 76

Slide 77