Chapter 7 overview

1© 2009 Cisco Learning Institute.

CCNA Security

Chapter Seven

Cryptographic Systems


Lesson Planning

• This lesson should take 3-4 hours to present

• The lesson should include lecture, demonstrations, discussions and assessments

• The lesson can be taught in person or using remote instruction


Major Concepts

• Describe how the types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication

• Describe the mechanisms to ensure data integrity and authentication

• Describe the mechanisms used to ensure data confidentiality

• Describe the mechanisms used to ensure data confidentiality and authentication using a public key


Lesson Objectives

Upon completion of this lesson, the successful participant will be able to:

1. Describe the requirements of secure communications including integrity, authentication, and confidentiality

2. Describe cryptography and provide an example

3. Describe cryptanalysis and provide an example

4. Describe the importance and functions of cryptographic hashes

5. Describe the features and functions of the MD5 algorithm and of the SHA-1 algorithm

6. Explain how we can ensure authenticity using HMAC

7. Describe the components of key management


Lesson Objectives

8. Describe how encryption algorithms provide confidentiality

9. Describe the function of the DES algorithms

10. Describe the function of the 3DES algorithm

11. Describe the function of the AES algorithm

12. Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithm

13. Describe the function of the DH algorithm and its supporting role to DES, 3DES, and AES

14. Explain the differences and their intended applications

15. Explain the functionality of digital signatures

16. Describe the function of the RSA algorithm

17. Describe the principles behind a public key infrastructure (PKI)


Lesson Objectives

18. Describe the various PKI standards

19. Describe the role of CAs and the digital certificates that they issue in a PKI

20. Describe the characteristics of digital certificates and CAs


Secure Communications

• Traffic between sites must be secure

• Measures must be taken to ensure it cannot be altered, forged, or deciphered if intercepted

MARS

Remote BranchVPN

VPN

Iron Port

Firewall

IPS

CSA

Web Server

Email Server DNS

CSACSA CSA

CSA

CSA

CSA

CSA


Authentication

• An ATM Personal Information Number (PIN) is required for authentication.

• The PIN is a shared secret between a bank account holder and the financial institution.


Integrity

• An unbroken wax seal on an envelop ensures integrity.

• The unique unbroken seal ensures no one has read the contents.


Confidentiality

• Julius Caesar would send encrypted messages to his generals in the battlefield.

• Even if intercepted, his enemies usually could not read, let alone decipher, the messages.

I O D Q N H D V W

D W W D F N D W G D Z Q


History

Scytale - (700 BC)

Jefferson encryption device

Vigenère table

German Enigma Machine


Transposition Ciphers

F...K...T...T...A...W..L.N.E.S.A.T.A.K.T.A.N..A...A...T...C...D...

Ciphered Text

3FKTTAW

LNESATAKTANAATCD

The clear text message would be encoded using a key of 3.

1FLANK EAST

ATTACK AT DAWN

Use a rail fence cipher and a key of 3.

2

The clear text message would appear as follows.

Clear Text


Substitution CiphersCaesar Cipher

Cipherered text

3IODQN HDVW

DWWDFN DW GDZQ

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


1FLANK EAST

ATTACK AT DAWN

Shift the top scroll over by three characters (key of 3), an A becomes D, B becomes E, and so on.

2

The clear text message would be encrypted as follows using a key of 3.

Clear text


Cipher Wheel

Cipherered text

3IODQN HDVW

DWWDFN DW GDZQ


1FLANK EAST

ATTACK AT DAWN

Shifting the inner wheel by 3, then the A becomes D, B becomes E, and so on.

2

The clear text message would appear as follows using a key of 3.

Clear text


Vigenѐre Table

a b c d e f g h i j k l m n o p q r s t u v w x y z

A a b c d e f g h i j k l m n o p q r s t u v w x y z

B b c d e f g h i j k l m n o p q r s t u v w x y z a

C c d e f g h i j k l m n o p q r s t u v w x y z a b

D d e f g h i j k l m n o p q r s t u v w x y z a b c

E e f g h i j k l m n o p q r s t u v w x y z a b c d

F f g h i j k l m n o p q r s t u v w x y z a b c d e

G g h i j k l m n o p q r s t u v w x y z a b c d e f

H h i j k l m n o p q r s t u v w x y z a b c d e f g

I i j k l m n o p q r s t u v w x y z a b c d e f g h

J j k l m n o p q r s t u v w x y z a b c d e f g h i

K k l m n o p q r s t u v w x y z a b c d e f g h i j

L l m n o p q r s t u v w x y z a b c d e f g h i j k

M m n o p q r s t u v w x y z a b c d e f g h i j k l

N n o p q r s t u v w x y z a b c d e f g h i j k l m

O o p q r s t u v w x y z a b c d e f g h i j k l m n

P p q r s t u v w x y z a b c d e f g h i j k l m n o

Q q r s t u v w x y z a b c d e f g h i j k l m n o p

R r s t u v w x y z a b c d e f g h i j k l m n o p q

S s t u v w x y z a b c d e f g h i j k l m n o p q r

T t u v w x y z a b c d e f g h i j k l m n o p q r s

U u v w x y z a b c d e f g h i j k l m n o p q r s t

V v w x y z a b c d e f g h i j k l m n o p q r s t u

W w x y z a b c d e f g h i j k l m n o p q r s t u v

X x y z a b c d e f g h i j k l m n o p q r s t u v w

Y y z a b c d e f g h i j k l m n o p q r s t u v w x

Z z a b c d e f g h i j k l m n o p q r s t u v w x y


Stream Ciphers

• Invented by the Norwegian Army Signal Corps in 1950, the ETCRRM machine uses the Vernam stream cipher method.

• It was used by the US and Russian governments to exchange information.

•Plain text message is eXclusively OR'ed with a key tape containing a random stream of data of the same length to generate the ciphertext.

•Once a message was enciphered the key tape was destroyed.

•At the receiving end, the process was reversed using an identical key tape to decode the message.


Defining Cryptanalysis

Cryptanalysis is from the Greek words kryptós (hidden), and analýein (to loosen or to untie). It is the practice and the study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key.

Allies decipher secret NAZI encryption code!


Cryptanalysis Methods

Known Ciphertext

Brute Force Attack

With a Brute Force attack, the attacker has some portion of ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys.

Successfully Unencrypted

Key found


Meet-in-the-Middle Attack

With a Meet-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found.

Known Ciphertext Known PlaintextUse every possible decryption key until a result is found matching the corresponding plaintext.

Use every possible encryption key until a result is found matching the corresponding ciphertext.

MATCH of Ciphertext!

Key found


Choosing a Cryptanalysis Method

Cipherered text

2IODQN HDVW

DWWDFN DW GDZQ

There are 6 occurrences of the cipher letter D and 4 occurrences of the cipher letter W.

Replace the cipher letter D first with popular clear text letters including E, T, and finally A.

Trying A would reveal the shift pattern of 3.

1The graph outlines the frequency of letters in the English language.

For example, the letters E, T and A are the most popular.


Defining Cryptology

Cryptography

Cryptology

+

Cryptanalysis


Cryptanalysis


Cryptographic Hashes, Protocols,and Algorithm Examples

IntegrityIntegrity AuthenticationAuthentication ConfidentialityConfidentiality

MD5

SHA

HMAC-MD5

HMAC-SHA-1

RSA and DSA

DES

3DES

AES

SEALRC (RC2, RC4, RC5, and RC6)

NIST Rivest

HASH HASH w/Key

Encryption


Hashing Basics

• Hashes are used for integrity assurance.

• Hashes are based on one-way functions.

• The hash function hashes arbitrary data into a fixed-length digest known as the hash value, message digest, digest, or fingerprint.

Data of ArbitraryLength

Fixed-LengthHash Value e883aa0b24c09f


Hashing Properties

XWhy is x not inParens?

h e883aa0b24c09f

H

(H)Why is H inParens?

= (x)h

Hash Value

Hash Function

Arbitrary length text


Hashing in Action

• Vulnerable to man-in-the-middle attacks- Hashing does not provide security to transmission.

• Well-known hash functions- MD5 with 128-bit hashes- SHA-1 with 160-bit hashes

Pay to Terry Smith $100.00

One Hundred and xx/100

Dollars

Pay to Alex Jones $1000.00

One Thousand and xx/100 Dollars

4ehIDx67NMop9 12ehqPx67NMoX

Match = No changesNo match = Alterations

Internet

I would like to cash this check.


MD5

• MD5 is a ubiquitous hashing algorithm

• Hashing properties

- One-way function—easy to compute hash and infeasible to compute data given a hash

- Complex sequence of simple binary operations (XORs, rotations, etc.) which finally produces a 128-bit hash.

MD5


SHA

• SHA is similar in design to the MD4 and MD5 family of hash functions

- Takes an input message of no more than 264 bits

- Produces a 160-bit message digest

• The algorithm is slightly slower than MD5.

• SHA-1 is a revision that corrected an unpublished flaw in the original SHA.

• SHA-224, SHA-256, SHA-384, and SHA-512 are newer and more secure versions of SHA and are collectively known as SHA-2.

SHA


Hashing Example

In this example the clear text entered is displaying hashed results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the various algorithm. The longer the key, the more secure the hash function.


Features of HMAC

• Uses an additional secret key as input to the hash function

• The secret key is known to the sender and receiver

- Adds authentication to integrity assurance

- Defeats man-in-the-middle attacks

• Based on existing hash functions, such as MD5 and SHA-1.

The same procedure is used for generation and verification of secure fingerprints

Fixed Length Authenticated Hash Value

+ Secret Key

Data of ArbitraryLength

e883aa0b24c09f


HMAC Example

Data

HMAC(Authenticated

Fingerprint)

SecretKey


One Hundred and xx/100 Dollars

4ehIDx67NMop9



4ehIDx67NMop9

Received Data

HMAC(Authenticated

Fingerprint)

Secret Key

4ehIDx67NMop9



If the generated HMAC matches the sent HMAC, then integrity and authenticity have been verified.

If they don’t match, discard the message.


Using Hashing

• Routers use hashing with secret keys

• Ipsec gateways and clients use hashing algorithms

• Software images downloaded from the website have checksums

• Sessions can be encrypted

Fixed-Length Hash Value

e883aa0b24c09f

Data Integrity

Entity Authentication

Data Authenticity


Key Management

Key Management

Key Generation

Key Storage

Key Verification

Key Exchange

Key Revocation and Destruction


Keyspace

DES Key Keyspace # of Possible Keys

56-bit256

11111111 11111111 11111111

11111111 11111111 11111111 11111111

72,000,000,000,000,000

57-bit

257

11111111 11111111 11111111

11111111 11111111 11111111 11111111 1

144,000,000,000,000,000

58-bit

258

11111111 11111111 11111111

11111111 11111111 11111111 11111111 11

288,000,000,000,000,000

59-bit

259

11111111 11111111 11111111

11111111 11111111 11111111 11111111 111

576,000,000,000,000,000

60-bit

260

11111111 11111111 11111111

11111111 11111111 11111111 11111111 1111

1,152,000,000,000,000,000For each bit added to the DES key, the attacker would require twice the amount of time to search the keyspace.

Longer keys are more secure but are also more resource intensive and can affect throughput.

With 60-bit DES an attacker would

require sixteen more time than

56-bit DES

Twice asmuch time

Four time asmuch time


Types of Keys

2242242432112Protection up to 20 years



HashDigital Signature

Asymmetric Key

Symmetric Key


51251215424256Protection against quantum computers

Calculations are based on the fact that computing power will continue to grow at its present rate and the ability to perform brute-force attacks will grow at the same rate.

Note the comparatively short symmetric key lengths illustrating that symmetric algorithms are the strongest type of algorithm.


Shorter keys = faster processing, but less secure

Longer keys = slower processing, but more secure

Key Properties


Confidentiality and the OSI Model

• For Data Link Layer confidentiality, use proprietary link-encrypting devices

• For Network Layer confidentiality, use secure Network Layer protocols such as the IPsec protocol suite

• For Session Layer confidentiality, use protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

• For Application Layer confidentiality, use secure e-mail, secure database sessions (Oracle SQL*net), and secure messaging (Lotus Notes sessions)


Symmetric Encryption

• Best known as shared-secret key algorithms

• The usual key length is 80 - 256 bits

• A sender and receiver must share a secret key

• Faster processing because they use simple mathematical operations.

• Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.

Key Key

Encrypt Decrypt$1000 $1000$!@#IQ

Pre-shared key


Symmetric Encryption and XOR

Plain Text 1 1 0 1 0 0 1 1

Key (Apply) 0 1 0 1 0 1 0 1

XOR (Cipher Text) 1 0 0 0 0 1 1 0

Key (Re-Apply) 0 1 0 1 0 1 0 1

XOR (Plain Text) 1 1 0 1 0 0 1 1

The XOR operator results in a 1 when the value of either the first bit or the second bit is a 1

The XOR operator results in a 0 when neither or both of the bits is 1


Asymmetric Encryption

• Also known as public key algorithms

• The usual key length is 512–4096 bits

• A sender and receiver do not share a secret key

• Relatively slow because they are based on difficult computational algorithms

• Examples include RSA, ElGamal, elliptic curves, and DH.

Encryption Key Decryption Key

Encrypt Decrypt$1000 $1000%3f7&4

Two separate keys which are

not shared


Asymmetric Example : Diffie-Hellman

Get Out Your Calculators?


Symmetric Algorithms

Symmetric Encryption Algorithm

Key length

(in bits)Description

DES 56

Designed at IBM during the 1970s and was the NIST standard until 1997.

Although considered outdated, DES remains widely in use.

Designed to be implemented only in hardware, and is therefore extremely slow in software.

3DES 112 and 168

Based on using DES three times which means that the input data is encrypted three times and therefore considered much stronger than DES.

However, it is rather slow compared to some new block ciphers such as AES.

AES 128, 192, and 256

Fast in both software and hardware, is relatively easy to implement, and requires little memory.

As a new encryption standard, it is currently being deployed on a large scale.

Software Encryption

Algorithm (SEAL)160

SEAL is an alternative algorithm to DES, 3DES, and AES.

It uses a 160-bit encryption key and has a lower impact to the CPU when compared to other software-based algorithms.

The RC series

RC2 (40 and 64)

RC4 (1 to 256)

RC5 (0 to 2040)

RC6 (128, 192, and 256)

A set of symmetric-key encryption algorithms invented by Ron Rivest.

RC1 was never published and RC3 was broken before ever being used.

RC4 is the world's most widely used stream cipher.

RC6, a 128-bit block cipher based heavily on RC5, was an AES finalist developed in 1997.


Symmetric Encryption Techniques

64 bits 64bits 64bits01010010110010101010100101100101011100101blank blank

0101010010101010100001001001001 0101010010101010100001001001001

Block Cipher – encryption is completed in 64 bit blocks

Stream Cipher – encryption is one bit at a time

Encrypted Message

Encrypted Message


Selecting an Algorithm

DES 3DES AES

The algorithm is trusted by the cryptographic community

Been replaced by

3DESYes

Verdict is still out

The algorithm adequately protects against brute-force attacks

No Yes Yes


DES Scorecard

Description Data Encryption Standard

Timeline Standardized 1976

Type of Algorithm Symmetric

Key size (in bits) 56 bits

Speed Medium

Time to crack(Assuming a computer could try

255 keys per second)

Days (6.4 days by the COPACABANA machine, a specialized cracking device)

Resource Consumption

Medium


Block Cipher Modes

DE

S

DE

S

DE

S

DE

S

DE

S

DE

S

DE

S

DE

S

DE

S

DE

S

Initialization Vector

ECB CBC

Message of Five 64-Bit BlocksMessage of Five 64-Bit Blocks


Considerations

• Change keys frequently to help prevent brute-force attacks.

• Use a secure channel to communicate the DES key from the sender to the receiver.

• Consider using DES in CBC mode. With CBC, the encryption of each 64-bit block depends on previous blocks.

• Test a key to see if it is a weak key before using it.

DES


3DES Scorecard

Description Triple Data Encryption Standard

Timeline Standardized 1977


Key size (in bits) 112 and 168 bits

Speed Low



4.6 Billion years with current technology


Medium


Encryption Steps

When the 3DES ciphered text is received, the process is reversed. That is, the ciphered text must first be decrypted using Key 3, encrypted using Key 2, and finally decrypted using Key 1.

1

2

The clear text from Alice is encrypted using Key 1. That ciphertext is decrypted using a different key, Key 2. Finally that ciphertext is encrypted using another key, Key 3.


AES Scorecard

Description Advanced Encryption Standard

Timeline Official Standard since 2001


Key size (in bits) 128, 192, and 256

Speed High



149 Trillion years


Low


Advantages of AES

• The key is much stronger due to the key length

• AES runs faster than 3DES on comparable hardware

• AES is more efficient than DES and 3DES on comparable hardware

The plain text is now encrypted using 128 AES

An attempt at deciphering the text using a lowercase, and incorrect key


SEAL Scorecard

Description Software-Optimized Encryption Algorithm

Timeline First published in 1994. Current version is 3.0 (1997)


Key size (in bits) 160

Speed High



Unknown but considered very safe


Low


Rivest Codes Scorecard

Description RC2 RC4 RC5 RC6

Timeline 1987 1987 1994 1998

Type of Algorithm Block cipherStream cipher

Block cipher Block cipher

Key size (in bits) 40 and 64 1 - 2560 to 2040 bits (128

suggested)

128, 192, or 256


DH Scorecard

Description Diffie-Hellman Algorithm

Timeline 1976

Type of Algorithm Asymmetric

Key size (in bits) 512, 1024, 2048

Speed Slow

Time to crack(Assuming a computer could

try 255 keys per second)

Unknown but considered very safe


Medium


Using Diffie-Hellman

AliceAlice BobBob

Calc Calc

5566mod 2323 = 88

1. Alice and Bob agree to use the same two numbers. For example, the base numberbase number

gg=55 and prime numberprime number pp=2323

2. Alice now chooses a secret numbersecret number xx=66.

3. Alice performs the DH algorithm: ggxx modulo pp = (5566 modulo 2323)) = 8 (Y)8 (Y) and

sends the new number 8 (Y) 8 (Y) to Bob.

55,, 2323 55,, 2323

66

Secret SharedShared Secret

1 1

2

3

88


Using Diffie-Hellman

Alice Bob

66

Secret Calc Shared Calc

15155566mod 2323 = 88

4. Meanwhile Bob has also chosen a secret numbersecret number xx=1515, performed the DH algorithm:

ggxx modulo pp = (551515 modulo 2323) = 19 (Y) 19 (Y) and sent the new number 19 (Y)19 (Y) to

Alice.

5. Alice now computes YYxx modulo pp = (191966 modulo 23)23) = 22.

6. Bob now computes YYxx modulo pp = (8866 modulo 23)23) = 22.

551515mod 2323 = 1919

191966mod 2323 = 22 881515mod 2323 = 22

The result (22) is the same for both Alice and Bob.This number can now be used as a shared secret key by the encryption algorithm.

The result (22) is the same for both Alice and Bob.This number can now be used as a shared secret key by the encryption algorithm.

Shared Secret

881919

44

56

55,, 2323 55,, 2323


Asymmetric Key Characteristics

• Key length ranges from 512–4096 bits• Key lengths greater than or equal to 1024 bits can be

trusted• Key lengths that are shorter than 1024 bits are

considered unreliable for most algorithms

Plaintext

Encryptedtext

Plaintext

Encryption Decryption

EncryptionKey

DecryptionKey


Public Key (Encrypt) + Private Key(Decrypt) = Confidentiality

Computer A

Bob’s Public Key

Can I get your Public Key please?

Here is my Public Key.1

Bob’s Public Key

3

2

Encrypted Text

Bob’s Private Key4

Encryption

Algorithm

Encryption

Algorithm

Encrypted Text

Computer B

Computer A acquires Computer B’s public key

Computer A uses Computer B’spublic key to encrypt a messageusing an agreed-upon algorithm

Computer A transmits The encrypted messageto Computer B

Computer B usesits private key todecrypt and revealthe message


Private Key (Encrypt) + Public Key(Decrypt) = Authentication

Bob uses the public key to successfully decrypt the message and authenticate that the message did, indeed, come from Alice.

Alice’s Private Key

1 Encrypted Text

Encryption

Algorithm

Encrypted Text

2

Alice’s Public Key

Can I get your Public Key please?

Here is my Public Key

3

4

Encryption

Algorithm

Encrypted Text

Alice’s Public Key

Computer A

Computer B

Alice encrypts a messagewith her private key

Alice transmits theencrypted messageto Bob

Bob needs to verify that the messageactually came from Alice. He requestsand acquires Alice’s public key


Asymmetric Key Algorithms

Key length

(in bits)Description

DH512, 1024,

2048

Invented in 1976 by Whitfield Diffie and Martin Hellman.

Two parties to agree on a key that they can use to encrypt messages

The assumption is that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome.

Digital Signature Standard (DSS) and

Digital Signature Algorithm (DSA)

512 - 1024

Created by NIST and specifies DSA as the algorithm for digital signatures.

A public key algorithm based on the ElGamal signature scheme.

Signature creation speed is similar with RSA, but is slower for verification.

RSA encryption algorithms

512 to 2048

Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977

Based on the current difficulty of factoring very large numbers

Suitable for signing as well as encryption

Widely used in electronic commerce protocols

EIGamal 512 - 1024

Based on the Diffie-Hellman key agreement.

Described by Taher Elgamal in 1984and is used in GNU Privacy Guard software, PGP, and other cryptosystems.

The encrypted message becomes about twice the size of the original message and for this reason it is only used for small messages such as secret keys

Elliptical curve techniques

160

Invented by Neil Koblitz in 1987 and by Victor Miller in 1986.

Can be used to adapt many cryptographic algorithms

Keys can be much smaller


Security Services- Digital Signatures

• Authenticates a source, proving a certain party has seen, and has signed, the data in question

• Signing party cannot repudiate that it signed the data

• Guarantees that the data has not changed from the time it was signed Authenticity Integrity

Nonrepudiation


Digital Signatures

• The signature is authentic and not forgeable: The signature is proof that the signer, and no one else, signed the document.

• The signature is not reusable: The signature is a part of the document and cannot be moved to a different document.

• The signature is unalterable: After a document is signed, it cannot be altered.

• The signature cannot be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer cannot claim later that they did not sign it.


The Digital Signature Process

Confirm Order

Encrypted hash

ConfirmOrder

____________0a77b3440…

SignatureAlgorithm

SignatureKey

Data

Signature Verified

0a77b3440…

VerificationKey

0a77b3440…

Signed Data1

2

3

4

6

Validity of the digital signature is verified

hash

5

The sending device createsa hash of the document

The sending device encrypts only the hash with the private key of the signer The signature algorithm

generates a digital signature and obtains the public key

The receiving device accepts the document with digital signatureand obtains the public key

Signature is verified with the verificationkey


Code Signing with Digital Signatures

• The publisher of the software attaches a digital signature to the executable, signed with the signature key of the publisher.

• The user of the software needs to obtain the public key of the publisher or the CA certificate of the publisher if PKI is used.


DSA Scorecard

Description Digital Signature Algorithm (DSA)

Timeline 1994

Type of Algorithm Provides digital signatures

Advantages: Signature generation is fast

Disadvantages: Signature verification is slow


RSA Scorecard

Description Ron Rivest, Adi Shamir, and Len Adleman

Timeline 1977

Type of Algorithm Asymmetric algorithm

Key size (in bits) 512 - 2048

Advantages: Signature verification is fast

Disadvantages: Signature generation is slow


Properties of RSA

• One hundred times slower than DES in hardware

• One thousand times slower than DES in software

• Used to protect small amounts of data

• Ensures confidentiality of data thru encryption

• Generates digital signatures for authentication and nonrepudiation of data


Public Key Infrastructure

Alice applies for a driver’s license.

She receives her driver’s license

after her identity is proven.

Alice attempts to cash a check.

Her identity is accepted after her driver’s license is checked.


PKI:

A service framework (hardware, software, people, policies and procedures) needed to support large-scale public key-based technologies.

Certificate:

A document, which binds together the name of the entity and its public key and has been signed by the CA

Certificate authority (CA):

The trusted third party that signs the public keys of entities in a PKI-based system

Public Key Infrastructure

PKI terminology to remember:


CA Vendors and Sample Certificates

http://www.verizonbusiness.com/

http://www.verisign.com

http://www.rsa.com/

http://www.entrust.com

http://www.novell.com

http://www.microsoft.com


Usage Keys

• When an encryption certificate is used much more frequently than a signing certificate, the public and private key pair is more exposed due to its frequent usage. In this case, it might be a good idea to shorten the lifetime of the key pair and change it more often, while having a separate signing private and public key pair with a longer lifetime.

• When different levels of encryption and digital signing are required because of legal, export, or performance issues, usage keys allow an administrator to assign different key lengths to the two pairs.

• When key recovery is desired, such as when a copy of a user’s private key is kept in a central repository for various backup reasons, usage keys allow the user to back up only the private key of the encrypting pair. The signing private key remains with the user, enabling true nonrepudiation.


The Current State

• Many vendors have proposed and implemented proprietary solutions

• Progression towards publishing a common set of standards for PKI protocols and data formats

X.509


X.509v3

• X.509v3 is a standard that describes the certificate structure.

• X.509v3 is used with:

- Secure web servers: SSL and TLS

- Web browsers: SSL and TLS

- Email programs: S/MIME

- IPsec VPNs: IKE


X.509v3 Applications

• Certificates can be used for various purposes.

• One CA server can be used for all types of authentication as long as they support the same PKI procedures.

Internet EnterpriseNetwork

ExternalWeb Server

InternetMailServer

CiscoSecureACS

CAServer

SSL S/MIME

EAP-TLS

IPsecVPNConcentrator


RSA PKCS Standards

•PKCS #1: RSA Cryptography Standard•PKCS #3: DH Key Agreement Standard•PKCS #5: Password-Based Cryptography Standard•PKCS #6: Extended-Certificate Syntax Standard•PKCS #7: Cryptographic Message Syntax Standard•PKCS #8: Private-Key Information Syntax Standard•PKCS #10: Certification Request Syntax Standard•PKCS #12: Personal Information Exchange Syntax Standard•PKCS #13: Elliptic Curve Cryptography Standard•PKCS #15: Cryptographic Token Information Format Standard


Public Key Technology

• A PKI communication protocol used for VPN PKI enrollment

• Uses the PKCS #7 and PKCS #10 standards

PKCS#7

PKCS#10

Certificate

SignedCertificate

PKCS#7

CA


Single-Root PKI Topology

• Certificates issued by one CA

• Centralized trust decisions

• Single point of failure

Root CA


Hierarchical CA Topology

• Delegation and distribution of trust

• Certification paths

Root CA

SubordinateCA


Cross-Certified CAs

• Mutual cross-signing of CA certificates

CA2CA1

CA3


Registration Authorities

The CA will sign the certificate request and send it back to the host

1Enrollment request

2

Completed Enrollment Request Forwarded to CA

3

Certificate Issued

RA

CA

Hosts will submitcertificate requeststo the RA

After the RegistrationAuthority adds specificinformation to thecertificate request andthe request is approvedunder the organization’spolicy, it is forwardedon to the CertificationAuthority


Retrieving the CA Certificates

Alice and Bob telephone the CA administrator and verify the public key and serial number of the certificate

CA Admin

CA

CA Certificate

CA Certificate

Enterprise Network

POTS

Out-of-Band Authentication of the CA Certificate

POTS


1

1

2 2

33

Alice and Bob request the CA certificatethat contains the CA public key

Each system verifies the validity of the certificate


Submitting Certificate Requests

CA Admin

CA

Enterprise Network

POTS


POTS


1

1

2

3 Certificate Request

Certificate Request 3

Both systems forward a certificate request which includes their public key. All of this information is encrypted using the public key of the CA

The certificate is retrieved and the certificate is installed onto the system

The CA administrator telephones to confirm their submittal and the public key and issues the certificate by adding some additional data to the request, and digitally signing it all


Authenticating

Private Key (Alice)

Certificate (Alice)

CA Certificate

Private Key (Bob)

Certificate (Bob)

CA Certificate

Certificate (Bob)

Certificate (Alice)

Each party verifies the digital signature on the certificate by hashing the plaintext portion of the certificate, decrypting the digital signature using the CA public key, and comparing the results.

1

2 2

Bob and Alice exchange certificates. The CA is no longer involved


PKI Authentication Characteristics

• To authenticate each other, users have to obtain the certificate of the CA and their own certificate. These steps require the out-of-band verification of the processes.

• Public-key systems use asymmetric keys where one is public and the other one is private.

• Key management is simplified because two users can freely exchange the certificates. The validity of the received certificates is verified using the public key of the CA, which the users have in their possession.

• Because of the strength of the algorithms, administrators can set a very long lifetime for the certificates.


Chapter 7 overview

Education

xor operator results

ca certificate pots

usual key length

clear text message

ca public key

shared secret key

secret key

digital signatures