Chap07_R

Principles of Computer Security:CompTIA Security+® and Beyond, Third Edition

© 2012


Standards and ProtocolsStandards and Protocols

Chapter 7


© 2012


Objectives• Identify the standards involved in establishing

an interoperable Internet PKI.

• Explain interoperability issues with PKI standards.

• Describe how the common Internet protocols implement the PKI standards.


© 2012


Key TermsKey Terms


© 2012


Key Terms Key Terms ((continuedcontinued))

• Transport Layer Security (TLS)

• Wired Equivalent Privacy (WEP)

• Wireless Application Protocol (WAP)

• Wireless Transport Layer Security (WTLS)

• X.509


© 2012


Standards and ProtocolsStandards and Protocols• Commercial use of the Internet has been one of the

biggest growth industries since the 1990s.

• Public key infrastructures (PKI) are implemented to secure transactions online.

• Three categories of standards associated with PKI:– Standards that define the PKI

– Standards that define the interface between applications and the underlying PKI

– Other standards


© 2012


Relationships Between PKI Standards and Protocols


© 2012


PKIX Standard and PKCSPKIX Standard and PKCS

• Two main standards for implementing PKI.

• Both based on X.509 standard.

• PKIX produced by Internet Engineering Task Force (IETF); interactions and operations have four component types:– The user, certificate authority (CA), registration authority

(RA), and the certificate revocation list (CRLs)

• PKCS produced by RSA security.


© 2012


The PKIX ModelThe PKIX Model


© 2012


PKIX StandardPKIX Standard• PKIX working group addresses five major areas:1. Outlines certificate extensions and content not covered by X.509 v3

and the format of version2. Provides certificate management message formats and protocols,

defining the data structures, management messages, and management functions for PKIs

3. Outlines certificate policies and certification practices statements (CPSs), establishing the relationship between policies and CPSs

4. Specifies operational protocols, defining the protocols for certificate handling

5. Includes time-stamping and data certification and validation services


© 2012


Attribute Certificates and Qualified Certificates

• Attribute Certificate (AC) is used to grant permissions using rule-based, role-based, and rank-based access controls.– ACs are used to implement a privilege management

infrastructure (PMI).

• Qualified Certificate (QC) is based on European Commission term used to identify certificates with specific legislative uses. – The PKIX QC profile indicates a certificate used to identify

a specific individual with a high level of assurance in a nonrepudiation service.


© 2012


The PKIX PMI Model


© 2012


Public Key Cryptography Standards (PKCS)

• Public Key Cryptography Standards (PKCS) fills gaps in standards that existed for implementing PKI.

• PKCS is composed of 13 active standards and 2 discontinued standards.


© 2012


15 Public Key Cryptography Standards Standard Title and Description

PKCS #1 RSA Cryptography Standard: Definition of the RSA encryption standard

PKCS #2 Incorporated into PKCS #1, no longer active

PKCS #3 Diffie-Hellman Key Agreement Standard: Definition of the Diffie-Hellman key-agreement protocol

PKCS #4 Incorporated into PKCS #1, no longer active

PKCS #5 Password-Based Cryptography Standard: Definition of a password-based encryption (PBE) method for generating a secret key

PKCS #6 Extended-Certificate Syntax Standard: Definition of an extended certificate syntax that was made obsolete by X.509 v3


© 2012


15 Public Key Cryptography Standards (continued)

Standard Title and Description

PKCS #7 Cryptographic Message Syntax Standard: Definition of the cryptographic message standard for encoded messages, regardless of encryption algorithm

PKCS #8 Private-Key Information Syntax Standard: Definition of a private key information format, used to store private key information

PKCS #9 Selected Attribute Types: Definition of attribute types used in other PKCS standards

PKCS #10 Certification Request Syntax Standard: Definition of a syntax for certification requests

PKCS #11 Cryptographic Token Interface Standard: Definition of a technology-independent programming interface for cryptographic devices


© 2012


15 Public Key Cryptography Standards (continued)

Standard Title and Description

PKCS #12 Personal Information Exchange Syntax Standard: Definition of a format for storage and transport of user privates keys, certificates, and other personal information

PKCS #13 Elliptic Curve Cryptography Standard: Description of methods for encrypting and signing messages using elliptic curve cryptography

PKCS #14 Cryptographic Message Syntax Standard: Definition of the cryptographic message standard for encoded messages, regardless of encryption algorithm

PKCS #15 Cryptographic Token Information Format Standard: Definition of a format for storing cryptographic information in cryptographic tokens


© 2012


X.509• X.509 is the portion of the X.500 standard that

addresses the structure of certificates used for authentication.

• X.509 specifies standard formats for public key certificates, certificate revocation lists, and Attribute Certificates.

• Version 3 is the current version of the X.509 standard.


© 2012


X.509 Certificate ComponentsField Name Field Description

Certificate Signature

X.509 version used for this certificate: Version 1 = 0, Version 2 = 1, Version 3 = 2

Serial Number A nonnegative integer assigned by the certificate issuer that must be unique to the certificate.

Signature Algorithm Algorithm Parameters (optional)

The algorithm identifier for the algorithm used by the CA to sign the certificate. The optional Parameters field is used to provide the cryptographic algorithm parameters used in generating the signature.

Issuer Identification for the entity that signed and issued the certificate. This must be a distinguished name within the hierarchy of CAs.


© 2012


X.509 Certificate Components (continued)

Validity Not valid before time Not valid after time

Validity specifies a period of time during which the certificate is valid, using a “not valid before” time and a “not valid after” time (expressed in UTC or in a generalized time).

Subject The name for the certificate owner.

Subject Public Key Info This field consists of an encryption algorithm identifier followed by a bit string for the public key.

Issuer Unique ID Optional for versions 2 and 3—a unique bit-string identifier for the CA that issued the certificate.

Subject Unique ID Optional for versions 2 and 3—a unique bit-string identifier for the subject of the certificate.


© 2012


X.509 Certificate Components (continued)

Extension ID Critical Extension Value

Optional for version 3—the extension area consists of a sequence of extension fields containing an extension identifier, a Boolean field indicating whether the extension is critical, and an octet string representing the value of the extension. Extensions can be defined in standards or defined and registered by organizations or communities.

Thumbprint AlgorithmParameters (optional)

This field identifies the algorithm used by the CA to sign this certificate. This field must match the algorithm identified in the Signature Algorithm field.

Thumbprint The signature is the bit-string hash value obtained when the CA signed the certificate. The signature certifies the contents of the certificate, binding the public key to the subject.


© 2012


Certificates Authorities (CA)• The root CA issues its own certificate.• Certificates can be traced through a path to the root CA.• Each entity that is issued a certificate must be uniquely

identifiable.• CAs determine what identifier is unique.


© 2012


Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

• Provide secure connections between the client and server for exchanging information

• Provide authentication and confidentiality of information transfers

• Provide data integrity and security over networksby encrypting network connections at the transport layer


© 2012


SSL/TLS• TLS & SSL are not interchangeable; TLS is the more

modern of the two.

• TLS is superior to SSL since SSL’s use of hashing forces a reliance on MD5 rather than SHA1.

• TLS is composed of two parts.– TLS Record Protocol

– TLS Handshake Protocol


© 2012


TLS Record Protocol• TLS Record protocol send data by:

– Fragmenting message data into manageable blocks

– Optionally compressing the data

– Applying a message authentication code (MAC) to the data

– Encrypting the data

– Transmitting the results

• Received data is decrypted, verified, decompressed, and reassembled and sent on to the higher-level client.


© 2012


TLS Handshake Protocol


© 2012


Internet Security Association and Key Management Protocol (ISAKMP)

• Provides a method for implementing a key exchange protocol and for negotiating a security policy

• Defines procedures and packet formats to negotiate, establish, modify, and delete security associates


© 2012


ISAKMP (continued)• ISAKMP supports SAs at all layers of the

network stack.• A Security Association (SA) is a relationship in

which two or more entities define how they will communicate securely through a two step process:– Entities agree on how to secure messages– Entities determine the SAs for protocols to be used

for remainder of communications


© 2012


ISAKMP Header Format


© 2012


Certificate Management Protocol (CMP)

• A protocol to obtain X.509 certificates in a PKI.• Provides the following certificate operations:

– CA establishment, including creation of the initial CRL and export of the public key for the CA

– Certification of an end-entity

• CMP also defines mechanisms for performing these operations, either online or offline using files, e-mail, tokens, or web operations.


© 2012


The XML Key Management Specification XKMS

• Defines services to manage PKI operations within XML

• Used for authentication and verification of electronic signatures

• Allows certificates to be managed, registered, or revoked

• Services accessible via XML protocol, which is often easier to interface with than PKI


© 2012


The XML Key Management Specification XKMS (continued)

• Functions on three tiers of service:– Tier 0 is the retrieval method; provides a means for

retrieving key information by embedding references to the key within the XML signature.

– Tier 1 is called the locate service; XKMS serves as a relay between the client and the PKI.

– Tier 2 is called the validate service; XKMS is actively involved in verifying the relation between the PKI information and the document containing the XML signature.


© 2012


XKMS Tier 0 Retrieval


© 2012


XKMS Tier 1 Retrieval


© 2012


XKMS Tier 2 Locate Service


© 2012


Secure/Multipurpose Internet Mail Extensions (S/MIME)

• Provides a way to send and receive encrypted and signed mime data.

• Undergone several revisions, most recent completed in 2004 by IETF and requires:– Requires the use of Advanced Encryption Standard

(AES)

• Frequent changes have made the standard difficult to implement.


© 2012


IETF S/MIME v3 Specifications

• Includes specifications for all the following:– Cryptographic Message Syntax (CMS)– S/MIME v3 message specification– S/MIME v3 certificate-handling specification– Enhanced security services (ESS) for S/MIME


© 2012


Pretty Good Privacy (PGP)

• Program used to encrypt and decrypt e-mails and files

• Provides the ability to digitally sign a message• How PGP works

– Creator uses encryption program to create a key pair.• Public key designed to give freely to others• Private key designed to be known only be the creator

– Messages encrypted by the sender using the recipients public key.

– The recipients private key is used to decrypt the message.


© 2012


How PGP Works

• PGP uses a variation of the standard public key encryption process. – An individual (here called the creator) uses the encryption

program to create a pair of keys. – One key is known as the public key and is designed to be given

freely to others.– The other key is called the private key and is designed to be

known only by the creator.– Individuals who want to send a private message to the creator

encrypt the message using the creator’s public key. – The algorithm is designed such that only the private key can

decrypt the message, so only the creator will be able to decrypt it.


© 2012


HTTPS

• Uses SSL to secure Hypertext Transfer Protocol (HTTP) communications

• Uses TCP port 443 • Supports 40-bit RC4 encryption algorithm and

128-bit encryption


© 2012


IPsec

• Collection of IP security features designed to introduce security at the network layer

• Optional in IPv4, required in IPv6• Two types of security service:

– Transport mode can be used to ensure authentication and confidentiality for data alone.

– Tunnel mode can be used to ensure authentication and confidentiality for both data and header.


© 2012


Certificate Enrollment Protocol (CEP)

• Designed to support certificate issuance, distribution, and revocation using existing technologies– Uses PKCS #7 and PKCS #10 to define common

message syntax


© 2012


Federal Information Processing Standards Publications (FIPS)

• Describes various standards for data communication issues.

• Issued through the National Institute of Standards and Technology (NIST).

• Three main categories of FIPS publications:– Hardware and software standards/guidelines

– Data standards/guidelines

– Computer security standards/guidelines

• Products sold to U.S. government must comply to relevant FIPS standards.


© 2012


Wireless Transport Layer Security (WTLS)

• Provides security for Wireless Application Protocol (WAP)

• Implemented due to the limited memory and processing of WAP-enabled phones

• Implemented in one of three classes:– Class 1: anonymous authentication– Class 2: server authentication– Class 3: server and client authentication

• Class 3 the strongest form of WTLS


© 2012


Point-to-Point Tunneling Protocol (PPTP)

• It allows the encapsulation of one packet inside another to hide the original packet.

• Its use is widespread and it’s easy to configure.


© 2012


Wired Equivalent Privacy (WEP)

• Used to protect wireless communications from being intercepted

• Used to prevent unauthorized access to the wireless network

• Part of the original 802.11 standard• WEP 1 supported 64 bit encryption; WEP 2

supports 128 bit encryption• Both WEP 1 and WEP 2 vulnerable to various

attack vectors


© 2012


WEP Security Issues• Wireless networking with 802.11 is common.

• WEP is an optional security protocol with significant issues:– It uses a 24-bit initialization vector as a seed.

– This allows for more than 16 million vectors.

– At modern networks speeds it does not take long for initialization vectors to repeat.

– The secret key is only 40 bits, and is also quickly breakable.

• Some provides use 128-bit WEP but is almost equally vulnerable.


© 2012


ISO/IEC 27002 - Formerly ISO 17799

• Standard designed for creating and implementing security policies

• Contains material on 12 subject areas:– Risk assessment - Determine the impact of risks– Security policy - Guidance and policy provided by management– Organization of information security Governance - Structure to

implement security policy– Asset management - Inventory and classification of assets– Human resources security - Policies and procedures addressing

security for employees including hire, change, departure


© 2012


ISO/IEC 27002 - Formerly ISO 17799 (continued)

– Physical and environmental security– Communications and operations management– Access control – Information systems acquisition, development, and

maintenance– Information security incident management– Business continuity management– Compliance


© 2012


Chapter Summary• Identify the standards involved in establishing

an interoperable Internet PKI.

• Explain interoperability issues with PKI standards.

• Describe how the common Internet protocols implement the PKI standards.

Chap07_R

Documents

pretty good

wired equivalent

secure sockets

explain interoperability

wireless application

key management

interoperable

certificate