CIST 1601 Information Security Fundamentals Chapter 7 Cryptography Basics, Methods, and Standards Collected and Compiled By JD Willard MCSE, MCSA, Network+,

CIST 1601 Information Security FundamentalsChapter 7 Cryptography Basics, Methods, and Standards

Collected and CompiledBy JD WillardMCSE, MCSA, Network+, Microsoft IT Academy AdministratorComputer Information Systems InstructorAlbany Technical College

An Overview of Cryptography

Cryptography has become increasingly important because of concerns over the security of data and because attacks have become more sophisticated.

There has been growing concern over the security of data, which continues to rapidly grow across information systems and reside in many different locations.

Combining this with more sophisticated attacks and a growing economy around computer related fraud and data theft, make the need to protect the data itself even more important than in the past. Those that develop or make codes are known as Cryptographers. Cryptanalysts are individuals who specialize in the breaking of codes.

Cryptography Overview (8:35)

Understanding Physical Cryptography

Physical cryptography includes several different approaches. The more common methods involve transposition or substitution of characters or words. Physical methods also include a method of encryption called steganography, which is the science of hiding information within other information, such as within a picture, so that unintended recipients aren’t even aware of any message. In general, physical cryptography refers to any method that doesn’t alter a value using a mathematical process. A cipher is a method used to encode characters to hide their value. Ciphering is the process of using a cipher to encode a message. The three primary types of cryptography, or ciphering methods are:

SubstitutionTranspositionSteganography

Cryptography is always changing in an effort to make algorithms that are more difficult to crack.

Substitution Ciphers A substitution cipher works by substituting character-for-character from a list so that every “A” becomes a “T” for example.

Character substitution can be a relatively easy method of encrypting information. You may see this method used in a childhood toy such as a decoder ring.

One of the oldest known encoding algorithms is rot13. This simple algorithm rotates every letter 13 places in the alphabet. Thus an A becomes an N, a B becomes an O, and so forth. The same rotation of 13 letters that is used to encrypt the message is also used to decrypt the message.

See if you can solve this encryption:

Ze. Jvyyneq Vf Na Rkpryyrag Vafgehpgbe.

One of the easiest ways to solve rot13 text messages is to take a sheet of paper and write the letters from A to M in one column and from N to Z in a second. To decipher, replace the letter in the encrypted message with the one that appears beside it in the other column.

Transposition CiphersA transposition cipher (also referred to as a transposition code) involves transposing or scrambling the letters in a certain manner.

Typically, a message is broken into blocks of equal size, and each block is then scrambled.

In the figure below, the characters are transposed by changing the order of the group. In this case, the letters are rotated three places in the message. You could change the way Block 1 is transposed from Block 2 and make it a little more difficult, but it would still be relatively easy to decrypt.

A simple transposition code in action

Steganography

Steganography is the process of hiding one message in another. In theory, doing this prevents analysts from detecting the real message.

You could encode your message in another file or message and use that file to hide your message. This type of encryption can be somewhat harder to detect, but it’s still breakable.

Consider the following message: “Meet the mini me that ate later.” The real message is every third word: “Meet me later.”

Steganography may also be referred to as electronic watermarking. A watermark is a commercial application of steganography and is used to identify images and their authenticity. Watermarks can appear as a pattern embedded on a sheet of paper during the manufacturing process, or it can be embedded in an audio file as implanted code. A watermark is used to verify the authenticity of an object, either on paper or on digital media by ensuring that no illegal copies of the images are displayed in violation of copyright laws. You can detect copyright violations by using watermark detection software. This software searches the World Wide Web to ensure that an image with a watermark is not displayed if copyright laws are violated. A watermark can be removed. Cryptographic research has identified techniques to remove watermarks.

Steganography (4:23)

Understanding Mathematical Cryptography Mathematical cryptography deals with using mathematical processes on characters or messages. The most common is a function called hashing. Hashing refers to performing a calculation on a message and converting it into a numeric hash value.

The hash value is transmitted with the message to the receiver, and the receiving end uses the same hash function to determine that the message is authentic. If the hash value is different, the message has been altered in some way. This process is also known as performing a checksum.

This type of hashing is called a one-way process. There is no way to reverse the hash and turn the number back into the original message. It is used primarily to verify the integrity of the message.

A Trusted Platform Module (TPM) can be used to assist with hash key generation. At the most basic level, TPM provides for the secure storage of keys, passwords, and digital certificates, and is hardware based, typically attached to the circuit board of the system.

The hash value is computed by multiplying each character by 2, adding those results together, and then dividing the sum by 10.

A simple hashing process

Hashing (4:27)

Working with PasswordsMany password-generation systems are based on a one-way hashing approach. You can’t take the hash value and reverse it to guess the password. In theory, this makes it harder to guess or decrypt a password. Passwords should be as long and as complicated as possible. Most security experts believe a password of 10 characters is the minimum to be used. Lowercase letters of the alphabet = 26 characters. Uppercase letters of the alphabet = 26 characters.Numeric values 0 through 9 = 10 characters. You’ll then have a total of 62 characters with which to work to construct a password.A 4-character password would be 62 × 62 × 62 × 62, or approximately 14 million password possibilities. A 5 character password would be 62 to the fifth power, or approximately 920 million password possibilities. A 10-character password would be 62 to the tenth power possibilities. Gazillions of password possibilities A password cracker could probably break the 4-digit password in a fraction of a day. The 10-digit password would take considerably longer and much more processing power.

Account Policy Enforcement (5:13)

Windows Password PoliciesA Policy Setting Object has attributes for all the settings that can be defined in the Default Domain Policy Group Policy Object. These settings include attributes for the following password settings:

Enforce password history The number of unique new passwords a user must use before an old password can be reused. The value can be between 0 and 24; 0 = enforce password history is disabled. For most organizations, set this value to 24 passwords.

Maximum password age How many days a password can be used before the user is required to change it. The value of this between 0 and 999; if it is set to 0, passwords never expire. For most organizations, set this value to 42 days.

Minimum password age How many days a user must keep new passwords before they can change them. This setting is designed to work with the Enforce password history setting so that users cannot quickly reset their passwords the required number of times and then change back to their old passwords. The value of this setting can be between 0 and 999; if it is set to 0, users can immediately change new passwords. It is recommended that you set this value to 2 days.

Minimum password length How short passwords can be. Windows XP and Windows Server 200X support passwords up to 28 characters. You should not use a value of 0. It is recommended that you set this value to 8 characters.

Windows Password PoliciesPasswords must meet complexity requirements determines whether password complexity is enforced. If this setting is enabled, user passwords meet the following requirements:

The password is at least six characters long.The password contains characters from at least three of the following five categories:

English uppercase characters (A - Z)English lowercase characters (a - z)Base 10 digits (0 - 9)Non-alphanumeric (For example: !, $, #, or %)Unicode characters

The password does not contain three or more characters from the user's account name.

Store passwords using reversible encryption

Windows Password PoliciesThese settings also include attributes for the following account lockout settings:

Account lockout duration The Account lockout duration policy setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 1 through 99,999 minutes. A value of 0 specifies that the account will be locked out until an administrator explicitly unlocks it. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

Account lockout threshold The Account lockout threshold policy setting determines the number of failed logon attempts that will cause a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the number of minutes specified by Account lockout duration expires. You can set a value from 1 through 999 failed logon attempts, or you can specify that the account will never be locked out by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

Reset account lockout after The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0 bad logon attempts. If Account lockout threshold is set to a number greater than zero, this reset time must be less than or equal to the value of Account lockout duration.

Understanding Quantum Cryptography

In quantum cryptography, a message is sent using a series of photons. If the receiver knows the sequence and polarity of the photons, they can decode the message. Otherwise, the photons look like random noise. If someone intercepts the photons, some of the photon positions will change polarity and the message will be altered. This will inform the receiver that someone is listening in on the message. The sender, when informed, can change the pattern and resend the message with a new photon position key. Intercepting the data alters the data and ruins the message.

As you can see in this example, the message has been altered as a result of the interception. Each bar in the message is part of the message: The interception changes the polarity of some of the photons (represented by the bars), making the message unreadable.

Uncovering the Myth of Unbreakable CodesThe following list includes some common code-breaking techniques:

Frequency analysis involves looking at blocks of an encrypted message to determine if any common patterns exist. Initially, the analyst does not try to break the code, but looks at the patterns in the message. The letters E and T are very common. Single letters are usually limited to a and I. A determined cryptanalyst looks for these types of patterns and, over time, may be able to deduce the method used to encrypt the data.

An algorithm is a mathematical formula that is used in cryptography to encrypt data by transforming plaintext into ciphertext.

Plaintext, sometimes referred to as clear text, is information in its pre-encrypted form. Ciphertext is data in its post-encrypted form.

Encryption takes plaintext data and converts it into an unreadable format (ciphertext) by using an algorithm (cipher).A key is information that can be plugged into an encryption algorithm to either encrypt plaintext or decrypt ciphertext.Sometimes complex algorithms produce unpredictable results; when discovered, the results can cause the entire encryption algorithm to be compromised.

Brute force methods simply try many different combinations of alphanumeric characters in an attempt to simply stumble upon the correct combination. Although it may take a long time to find the key, the key can be found.

Human error is one of the major causes of encryption vulnerabilities. If an e mail is sent using an encryption ‑scheme, someone else may send it in the clear (unencrypted). If a cryptanalyst gets hold of both messages, the process of decoding future messages will be considerably easier. Many systems have been broken as a result of these types of accidents.

Understanding Cryptographic Algorithms

An algorithm is the mathematical procedure or sequence of steps taken to perform encryption and decryption. A cryptography key describes a string of bits, which are used for encrypting and decrypting data. These keys can also be thought of as a password or table. The Science of Hashing Hashing algorithms are not encryption methods but a generated summary from a mathematical rule or algorithm, and is used commonly as a “digital fingerprint” or “signature,” to verify the integrity of files and messages as well as to ensure message integrity and provide authentication verification.

Hash functions work by taking a string (for example, a password or email) of any length, and producing a fixed-length string for output.

A one-way hash doesn’t allow a message to be decoded back to the original value. Most hashing functions are one way.A two-way hash allows a message to be reconstructed from the hash.

Message Digest 5 (MD5) hashing is the most commonly used, and SHA1 is also commonly used. Hashing is used to ensure the integrity of transmitted data.

Cryptographic Hash Functions (6:56)

The Science of HashingSecure Hash Algorithm

Secure Hash Algorithm (SHA, SHA-1) are hash algorithms pioneered by the National Security Agency and widely used in the U.S. government.

SHA was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. The SHA algorithm produces a 160-bit hash value.

SHA1 can generate a 160 bit hash from any variable length string of data, making it very secure but also resource intensive. Because of the higher bit strength of the SHA1 algorithm, it will be in the range of 20% to 30% slower than the MD family of algorithms.

The Science of HashingMessage Digest Algorithm

Message Digest Series Algorithms MD2, MD4, and MD5 are a series of encryption algorithms that are designed to be fast, simple, and secure.

MDA uses a one-way hash. The hash value is used to help maintain integrity. MDA generates a hash of up to a 128 bit strength out of any length of data.

MD5 is the newest version of the algorithm. MD5 is a symmetric encryption scheme. MD5 produces a 128-bit hash, but the algorithm is more complex than its predecessors and it offers greater security. The MD5 algorithm verifies integrity of data from a remote user.

MD5 derives the hashing function for the challenge response of the Challenge Handshake Authentication Protocol (CHAP).

When you are given the MD5 hash for a file, you can verify that the file has not been tampered with. If the MD5 hash values of a file do not match, the file has been compromised. You should discard the compromised file.

When using SSL to download a file for which you have the MD5 hash, you cannot verify the MD5 hash until after the file is downloaded.

LAN Manager (LANMan) is the oldest authentication protocol listed. LANMan uses a hash and two Digital Encryption Standard (DES) keys.

NT LAN Manager version 1 (NTLMv1) and NTLMv2 replaced LANMan and use the MD4/MD5 hashing algorithm, and is used on more recent versions of the Windows operating system.

Kerberos is the preferred authentication protocol for Windows 2000 Server, Windows Server 2003, and Windows Server 2008. It uses DES for encryption.

While LANMAN and NTLM both employ hashing, they are/were used primarily for the purpose of authentication.

The Science of HashingLANMAN

CHAP, PAP, and NTLM (7:17)

Working with Symmetric AlgorithmsThere are two fundamental types of encryption algorithms:

Symmetric key Asymmetric key

Symmetric cryptography uses either symmetric or secret keys to encrypt or decrypt messages. In Symmetric cryptography, the same key that encrypts the data is used to decrypt the data.

Symmetric keys do not ensure security and scalability for key management because the same key is used for encryption and decryption. Therefore, symmetric cryptography requires a secure mechanism to deliver keys among the communicating hosts.Out-of-band transmittal of a key is used to avoid sending a key through the encrypted channel. This process might be used in the situation where a private key must be sent to use a symmetric system.

Symmetric vs. Asymmetric Encryption (4:20)

Symmetric key algorithms are often referred to as secret key algorithms, private key algorithms, and shared secret algorithms. Symmetric algorithms can be classified into either being a block cipher or a stream cipher:

A stream cipher encrypts the message bit by bit, one at a timeA block cipher encrypts the message in chunks

Symmetric cryptography is 1000 to 10,000 times faster than asymmetric cryptography and uses far less resources than asymmetric algorithms. Symmetric cryptography may be less secure than asymmetric cryptography because of the same keys being used for encryption and decryption. If a key is lost or stolen, the entire process is breached.

Working with Symmetric Algorithms

Block and Stream Ciphers (3:15)

Working with Symmetric Algorithms

The Data Encryption Standard (DES) has been used since the ‘70s. This standard was the primary standard used in government and industry until superseded by 3DES and AES. It is a strong and efficient algorithm. Strong refers to the fact that it is hard to break. DES has several modes that offer security and integrity. DES is a block cipher encryption standard that uses a single 56-bit encryption key and 8 bits of parity to encrypt 64-bit blocks of data. It is a symmetric or private key encryption algorithm. DES is now considered to be insecure for many applications. Triple Data Encryption Standard (3DES), also known as Triple-DES, dramatically improves upon the DES by using the DES algorithm three times with three distinct keys. This provides a total effective key length of 168 bits. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems.

Symmetric Encryption Ciphers (5:02)

The Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm.

Similar to DES, the data is passed through three layers, each with a specific task, such as generating random keys based on the data and the bit strength being used.AES uses 128-bit, 192-bit, and 256-bit encryption keys.

AES256 (also often written as AES-256) uses 256 bits instead of 128. This qualifies for U.S. government classification as Top Secret, and makes it the current product used by U.S. governmental agencies.

Working with Symmetric Algorithms

CAST uses 40 to 128-bit encryption keys and is used on many products from Microsoft and IBM. CAST is very fast and efficient. Rivest's Cipher (RC ) is an encryption family produced by RSA laboratories. The current levels are RC5 and RC6. RC5 uses a key size of up to 2,048 bits. It is considered to be a strong system. Blowfish is a private key symmetric encryption algorithm, optimized for use on 32-bit processors, which supports encryption keys with a maximum length of 448 bits, making it both flexible and secure. Blowfish performs a 64-bit block cipher at very fast speeds and can support variable length keys. The next generation product Twofish was a finalist in the AES selection process. International Data Encryption Algorithm (IDEA) uses a 128-bit encryption key to encrypt 64-bit blocks of data.This product is similar in speed and capability to DES, but it is more secure. IDEA is used in PGP. Pretty Good Privacy (PGP) is a public domain encryption system used by many for e-mail.

Working with Symmetric Algorithms

Working with Asymmetric AlgorithmsAsymmetric key cryptography, often referred to as public key algorithms, is an encryption system where each user has two keys:

A public keyMade available to whoever is going to encrypt the data sent to the holder of the private key.The key is made available in a number of fashions, such as email or centralized servers that host a pseudo address book of published public encryption keys.

A private keyIs maintained on the host system or application.

The two keys are mathematical reciprocals of each other.

Another user can use the distributed public key to encrypt a file before sending that file to the owner of the private key. The owner then uses the private key to decrypt the received file.

Some general rules for asymmetric algorithms include the following: The public key can never decrypt a message that it was used to encrypt with.Private keys should never be able to be determined through the public key (if it is designed properly).Each key should be able to decrypt a message made with the other.

If a hacker wants to decrypt a file that was encrypted with a user’s public key, then the hacker must gain access to or fabricate a replacement for the private key.

RSA is named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman. RSA is an early public key encryption system that supports encryption and decryption and secures data with an algorithm that is based on the difficulty of factoring large numbers. It works for both encryption and digital signatures. RSA is widely implemented, and it has become a de facto standard. It is used in many environments, including SSL. It is considered by many to be the standard for encryption and core technology that secures most business conducted on the Internet. Diffie-Hellman is one of the first implementations of a public/private key system.The Diffie-Hellman key exchange was conceptualized by Dr. W. Diffie and Dr. M. E. Hellman. They are considered the founders of the public/private key concept. This algorithm is used primarily to send keys across public networks. The process is not used to encrypt or decrypt messages; it used merely for the transmission of keys in a secure manner.

Working with Asymmetric Algorithms

Elliptic Curve Cryptography (ECC) is a method used to implement public key cryptography. ECC serves as an alternative to the RSA algorithm and provides similar functionalities. The functions of ECC are as follows:

Digital signature generationSecure key distributionEncryption and decryption of data

ECC techniques utilize a method (points on a curve) in which elliptic curves could be used to calculate simple, but very difficult to break, encryption keys to use in general purpose encryption. To ensure efficient use of resources, ECC provides encryption by using shorter key lengths. Shorter key lengths do not imply less secure systems. Therefore, ECC provides the same level of security as RSA by using a shorter key that enables easier processing by the resource-constrained devices. This is an obvious advantage when the future lies in smaller devices and increased security.Wireless devices, handheld computers, smart cards, and cellular telephones have limited processing power, storage, power, memory, and bandwidth compared to other systems.  The El Gamal algorithm, also called DSA, was first published in 1985, and is an asymmetric public key encryption algorithm based on the Diffie-Hellman key agreement. The process used is similar to the Diffie-Hellman key exchange and is based on the characteristics of logarithmic numbers and calculations. It is used for:

Digital signaturesEncryption of dataKey exchange

Working with Asymmetric AlgorithmsElliptic Curve and Quantum Cryptography (2:30)

Using Cryptographic SystemsCryptographic systems exist for the same reasons that security exists: to provide confidentiality, integrity, authentication, nonrepudiation, and access control.

Confidentiality  Confidentiality identifies sensitive data and ensures that unauthorized entities cannot access it. A major reason to implement a cryptographic system is to ensure the confidentiality of the information being used. This confidentiality may be intended to prevent the unauthorized disclosure of information in a local network or to prevent the unauthorized disclosure of information across a network. The strength of encryption and the method used to deliver keys securely to their intended recipient helps to ensure confidentiality. Strong encryption is hard to break. If the delivery technique is flawed and a key is captured, then the key is compromised. Asymmetric encryption provides confidentiality because encryption protects the contents of a file from being viewed by unauthorized users.

When considering confidentiality in the private sector, information that is considered highly confidential should be available to anyone whose job requires access to the confidential data. Authorization to access highly confidential data should be required each time the data is accessed.

Integrity  Integrity pertains to preventing unauthorized modification of information or systems. Integrity is the assurance that data and information can only be modified by those authorized to do so. A major goal of a cryptographic system involves providing assurance that a message was not modified during transmission. This modification may render a message unintelligible or, even worse, inaccurate. If a message is tampered with, the encryption system should have a mechanism to indicate that the message has been corrupted or altered.

A packet checksum provides data integrity. It is an error-control technique that ensures that files have not been changed. An initial packet checksum is calculated. Future packet checksums can be compared to the initial checksum to ensure integrity.

Using Cryptographic Systems

Integrity  Message authentication code (MAC), which is also referred to as message integrity code (MIC), ensures the integrity of messages. MAC adds authentication capability to a one-way hashing function. A one-way hashing function does not use any key and only ensures that the message that is transferred is not tampered with by calculating a checksum value. Messages with one-way hashing can be intercepted and hashing can be reproduced. MAC can be thought of as an encrypted hash, combining an encryption key and a hashing algorithm. The MAC is a small piece of data known as an authentication tag, which is derived by applying a message or file combined with a secret key to a cryptographic algorithm. The resulting MAC value can ensure the integrity of the data as well as its authenticity as one in possession of the secret key can subsequently detect if there are any changes from the original. The recipient knows that the message is authentic and that the sender is who they say they are. MAC was developed to prevent fraud in electronic fund transfers involved in online transactions. MAC is able to resist forgery and is not open to man in the middle attacks.

Using Cryptographic Systems

MAC applies a secret key to the message that is known to the authorized recipient only.

Digital SignaturesDigital signatures attempt to guarantee the identity of the person sending the data from one point to another. They provide integrity, authentication, and nonrepudiation in electronic mail. A digital signature is a hash value that is encrypted with the sender’s private key.The public key of the signer is used to verify a digital signature.The receiver compares the signature area referred to as a message digest in the message with the calculated value. If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. Microsoft uses digital signing to ensure the integrity of driver files.For example, a file on Windows 98 that has been digitally signed indicates that the file has passed quality testing by Microsoft. The message is digitally signed. Therefore, it provides authentication, nonrepudiation, and integrity. A digital signature cannot be spoofed. Therefore, attacks such as man-in-the-middle attacks, cannot harm the integrity of the message.

The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.

Using Cryptographic Systems

AuthenticationAuthentication is the process of verifying that the sender is who they say they are. This is very critical in many applications. A valid message from an invalid source is not authentic.

Authentication provides accountability by establishing an individual’s identity and defining that individual’s access to resources.

One of the more common methods of verifying authenticity is the addition of a digital signature. Authenticity can be established using secret words that have been mutually agreed upon in advance.

Using Cryptographic Systems

The military has used a series of one-time pads that each radio or communications operator could use to verify the authenticity of the sender. These pads were changed either daily or weekly depending on the circumstances. Although it wasn’t foolproof, the system was effective and easy to use.

NonrepudiationNonrepudiation is intended to provide, through encryption, a method of accountability in which there is no refute from where data has been sourced (or arrived from). The four key elements that nonrepudiation services provide are:

Proof of originProof of submissionProof of deliveryProof of receipt

This can be achieved in a two-key system. If for example, you encrypted the message with a private key, the only way the message can decrypted properly is with the public key. Nonrepudiation is a requirement for many cryptographic applications. The sender or receiver, using an electronic signature, can’t repudiate a message. This process has one serious problem; anybody can claim to be the legitimate receiver, and if they have access to this type of system, they can send you a public key.

Using Cryptographic SystemsNon-repudiation (5:34)

Access ControlAccess control refers to the methods, processes, and mechanisms of preventing unauthorized access to the systems that do the cryptography. Keys are very vulnerable to theft, loss, and human security failings. Access control ensures that sensitive keys aren’t divulged to unauthorized personnel. A key component of access control involves both physical and operational security of these resources. Key management presents a major challenge with large encryption systems. Keeping the keys in secured areas with limited access by unauthorized personnel is important. If the keys become compromised, the entire system breaks down, no matter how good it is. Make sure the keys are kept in the highest security areas available to you. Physical keys, such as smart cards, should be immediately erased when they are retired; these keys should also be kept in a secured area for storage. Make sure all your security devices are kept under tight physical control when they aren’t in use.

Using Cryptographic Systems

Using Public Key InfrastructureA public key infrastructure is a vast collection of varying technologies and policies for the creation and use of digital certificates. PKI is a widely implemented cryptographic system. Corporations, government, and individuals use PKI extensively. The need for universal systems to support e-commerce, secure transactions, and information privacy is one aspect of the issues being addressed with PKI.

PKI is a two-key asymmetric system with four key components: Certificate Authority (CA)Registration Authority (RA)RSADigital certificates

Messages are encrypted with a public key and decrypted with a private key. The main goal of PKI is to define an infrastructure that should work across multiple vendors, systems, and networks. Implementations of PKI are dependent on the perspective of the software manufacturers that implement it. This has been one of the major difficulties with PKI: Each vendor can interpret the documents about this infrastructure and implement it however they choose. For this reason, many of the existing PKI implementations aren’t compatible with each other.

A certificate authority (CA) is an organization responsible for maintaining certificates in the public key infrastructure (PKI) environment. CAs are trusted entities and an important concept within PKI. CAs can be either private or public. Many OS providers allow their systems to be configured as CAs. These CAs can be used to generate internal certificates used within a business.

The CA’s job is to issue certificates, as well as to verify the holder of a digital certificate, and ensure that the holder of the certificate is who they claim to be.This includes:

Issuing certificates Revoking certificates Distributing certificates

A certificate is really nothing more than a mechanism that associates the public key with an individual. A certificate contains a great deal of information about the user. A root certificate authority differs from subordinate CAs in that the root CA is taken offline to reduce the risk of key compromise, and the root CA should be made available only to create and revoke certificates for subordinate CAs. If the root CA is compromised, then the entire architecture is compromised. If a subordinate CA is compromised, however, the root CA can revoke the subordinate CA.

Using a Certificate Authority

In a certificate trust model, everybody’s certificate is issued by a third party called certificate authority (CA). If one trusts the CA, he automatically trusts the certificates that CA issues.

Certificate Authorities (5:37)

Implementing Certificate Authorities (3:16)

Working with Registration Authorities andLocal Registration Authorities

A registration authority (RA) can offload some of the work from a CA. RAs don’t issue certificates, but they can serve as intermediaries in the process by authenticating requests.An RA provides authentication to the CA as to the validity of a client’s certificate request; In addition, the RA serves as an aggregator of information.It can:

Distribute keysAccept registrations for the CAValidate identities.

The RA doesn’t issue certificates; that responsibility remains with the CA. A local registration authority (LRA) can establish an applicant’s identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate.

An RA offloading work from a CA

The LRA verifying identity for the CA

Implementing CertificatesCertificates provide the primary method of identifying that a given user is valid. Certificates can also be used to store authorization information.Key certification is a system that enables the receivers of a key to certify the identity of a key sender. Encryption systems typically provide password protection to protect private keys.

X.509 The most popular certificate used is the X.509 version 3. Adopting a standard certificate format is important for systems to be assured interoperability in a certificate-oriented environment. Always remember that the purpose of the certificate is to basically bind the public key to the user’s identity. When authenticating, certificates can be used to authenticate only the client (single sided) or both parties (dual sided), the client and server.

A certificate illustrating some of the information stored

Notice that the certificate contains identifiers of two different algorithms used in the process. In this case, the signature algorithm is Md2RSA, and the digital signature algorithm is sha1. This certificate also has a unique serial number issued by the CA.

Digital Certificates (3:04)

Implementing Digital Certificates (2:57)

The certificate life cycle is typically based on two documents: the certificate policy and the certificate practice statement (CPS).

Certificate policies affect how a certificate is issued and how it is used.A certificate policy indicates specific uses applied to a digital certificate, as well as other technical details. Thus, the certificate policy provides the rules that indicate the purpose and use of an assigned digital certificate.A CA can potentially issue a number of different types of certificates:

One for e-mailOne for e-commerceOne for financial transactions

The policy might indicate that it is not to be used for signing contracts or for purchasing equipment. A CA would have policies regarding the interoperability or certification of another CA site; the process of requiring interoperability is called cross certification.  A certificate practice statement (CPS) is a statement that the CA uses to issue certificates and implement the policies of the CA. This is a detailed document that is used to enforce policy at the CA. These statements should discuss how certificates are issued, what measures are taken to protect certificates, and the rules that CA users must follow in order to maintain their certificate eligibility. These policies should be readily available to CA users.

Implementing Certificates

Understanding Certificate Revocation Certificate revocation is the process of revoking a certificate before it expires. A CRL is created and distributed to all CAs to revoke a certificate or key.

Revoking a certificate is just not enough. The community that trusts these certificates must be notified that the certificates are no longer valid. This is accomplished via a certificate revocation list (CRL) or the Online Certificate Status Protocol (OCSP). The CRL is published on a regular basis, but it isn’t current once it’s published.

A CRL contains a list of serial numbers for digital certificates that have not expired, but that a CA has specified to be invalid. Typically, the serial number of a digital certificate is placed in a CRL because the digital certificate has been compromised in some way. A certificate is revoked either when the information contained in the certificate is supposedly compromised or when the certificate expires. The revocation request can be initiated by the following entities:

The certificate holderThe CA itselfAnother CA that issued certificatesAn associated RA

During the process of revocation, the requesting entity should be duly authenticated as with a regular transaction. The procedure used to authenticate the entity during revocation remains the same as that used to issue the certificate. The revocation request carries a digital signature with a valid digital certificate. The CA that entertains the revocation request placed by an entity decides the amount of time necessary to process the request. This is referred to as the revocation request grace period.

Online Certificate Status Protocol (OCSP) is the mechanism used to immediately verify whether a certificate is valid.

OCSP solves the latency problem: If the recipient or relying party uses OCSP for verification, the answer is available immediately.

Certificate suspension occurs when a certificate is under investigation to determine if it should be revoked. This mechanism allows a certificate to stay in place, but it is not valid for any type of use during the suspension. Like the status checking that occurs with revoked certificates, users and systems are notified of suspended certificates in the same way. The primary difference is that new credentials will not need to be retrieved; it is only necessary to be notified that current credentials have had a change in status and are temporarily not valid for use.

Understanding Certificate Revocation

Implementing Trust ModelsIn the single certificate authority (CA) model, only one CA exists to issue and revoke certificates. Although this model may be beneficial to smaller organizations because of its administrative simplicity, it has the potential to present problems. If the private key of the CA becomes compromised, all the issued certificates from that CA would then be invalid. Cross certification is primarily used to establish trust between different PKIs and build an overall PKI hierarchy. The process implies the establishment of a trust relationship between two CAs through the signing of another CA’s public key in a certificate referred to as a cross certificate.Cross certification allows users to build a trust relationship between different certification hierarchies, when users are required to communicate, and might require authentication for legitimate connections. CAs are organized in a trust hierarchy or trust mesh.

In a hierarchy model, a root CA is at the top of a CA trust hierarchy and contains a root certificate, which is used to sign certificates for CAs in the level immediately below the root CA. In a mesh model, CAs may certify other CAs, provided no naming constraints are applied.

Trust Models (3:41)

Hierarchical Trust ModelsA Hierarchical trust model, also known as a tree, (hierarchy of certificate servers) is the most common model.

In a hierarchical trust model, the intermediate CAs only trust information that is provided from the root CA. Additionally, the root CA will also trust intermediate CAs that are in their hierarchy.

This might be the most common implementation in a large organization that wants to extend its certificate processing capabilities. Hierarchical models allow tight control over certificate-based activities at all levels of the hierarchical tree.

In this situation, the intermediate CAs trust only the CAs directly above them or below them.

Bridge Trust ModelsIn a bridge trust model, a peer-to-peer relationship exists between the root CAs. Each of the root CAs can communicate with each other, allowing cross certification. It is possible to have a single CA, known as the bridge CA, be the central point of trust.This allows a certification process to be established between organizations or departments. Each of the intermediate CAs trusts only the CAs above and below it, but the CA structure can now be expanded without creating additional layers of CAs. Additional flexibility and interoperability between organizations are the primary advantages of a bridge model. Lack of trustworthiness of the root CAs can be a major disadvantage. If one of the root CAs doesn’t maintain tight internal security an illegitimate certificate could become available to all the users in the bridge structure and its subordinate or intermediate CAs. This model may be useful if you’re dealing with a large, geographically dispersed organization or you have two organizations that are working together.

The intermediate CAs communicate only with their respective root CA. All cross certification is handled between the two root CA systems.

Mesh Trust ModelsAn alternative to the hierarchical model is the mesh trust model, often referred to as the cross-certification model or Web of Trust. The mesh model expands the concepts of the bridge model by supporting multiple paths and multiple root CAs. Certificate authorities are considered peers to one another. It also has the ability to cross certify with the other root CAs in the mesh. This may also be referred to as a web structure. This structure may be useful in a situation where several organizations must cross-certify certificates. The advantage is that you have more flexibility when you configure the CA structures. The major disadvantage of a mesh is that each root CA must be trustworthy in order to maintain security.

Each of the root CAs can cross-certify with the other root CAs in the mesh.

Hybrid Trust ModelA hybrid trust model can use the capabilities of any or all of the structures that have been discussed in the previous sections. You can be extremely flexible when you build a hybrid trust structure. The major difficulty with hybrid models is that they can become complicated and confusing. A user can unintentionally acquire trusts that they shouldn’t have obtained. In addition, relationships between CAs can continue long past their usefulness, even after the parent organizations have terminated their relationships.

Notice the single intermediate CA server on the right side is the only server that is known by the CA below it. The subordinates of the middle-left CA are linked to the two CAs on its sides. These two CAs don’t know about the other CAs, because they are linked only to the CA that provides them a connection. The two intermediate servers in the middle of the illustration and their subordinates trust each other; they don’t trust others that aren’t in the link.

Preparing for Cryptographic AttacksSpecific attacks on cryptographic systems can be divided into three types:

Attacking the key    Key attacks are typically launched to discover the value of a key by attacking the key directly. The keys can be passwords, encrypted messages, or other key-based encryption information. An attacker might try to apply a series of words, commonly used passwords, and other randomly selected combinations to crack a password. The anticipated amount of time it takes to break a password depends on the length of the password and the characters used in the password. Making keys longer and more complicated tends to make key attacks more difficult.

Attacking the algorithm    The programming instructions and algorithms used to encrypt information are as much at risk as the keys. Many algorithms have well-publicized back doors. If a weakness in the programming or model used to develop an algorithm is discovered, a significant security exposure may exist.

Intercepting the transmission    The process of intercepting a transmission may, over time, allow attackers to inadvertently gain information about the encryption systems used and then use frequency analysis to break an algorithm. Human error is also a problem in security situations, and it’s likely that someone will unintentionally release information that can be used to undermine a security system.

You should also be aware of the following three types of attacks: Birthday attack   

A birthday attack is an example of an attack targeted at the key. It isn’t an attack on the algorithm itself, just on the results. If your key is hashed, the possibility is that given enough time, another value can be created that will give the same hash value. Birthday attacks are based on the statistical likelihood of a match. As the key length grows, the probability of a match decreases.

Weak key attack    Weak key attacks are based on the premise that many common passwords are used by lots of people. If the key length is short, the resulting hash value will be easier to guess. Make sure your users use passwords and encryption keys that are hard to guess. The longer and more complicated a password is, the more difficult it is to successfully launch a weak key attack against it. Enforcing strict password guidelines can minimize this vulnerability.

Mathematical attack    Mathematical attacks can be focused on the encryption algorithm itself, the key mechanism, or any potential area of weakness in the algorithm. These attacks use mathematical modeling and statistical analysis to determine how the system operates. These types of attacks depend on intercepting large amounts of data and methodically attempting to decrypt the messages using one of the methods previously described.

Preparing for Cryptographic Attacks

Understanding Cryptography Standards and Protocols

Several U.S. government agencies are involved in the creation of standards for secure systems. They either directly control specific sectors of government or provide validation, approval, and support to government agencies.

National Security Agency The National Security Agency (NSA) is responsible for creating codes, breaking codes, and coding systems for the U.S. government. For many years, the government didn’t publicly acknowledge its existence. The NSA is responsible for obtaining foreign intelligence and supplying it to the various U.S. government agencies that need it. The NSA’s missions are extremely classified, but its finger is in everything involving cryptography and cryptographic systems for the U.S. government, government contractors, and the military.

National Security Agency/Central Security ServiceThe National Security Agency/Central Security Service (NSA/CSS) is an independently functioning part of the NSA. It was created in the early 1970s to help standardize and support Department of Defense (DoD) activities. The NSA/CSS supports all branches of the military.

National Institute of Standards and TechnologyThe National Institute of Standards and Technology (NIST) develops general-purpose encryption standards for the U.S. government. One of the many things they do is publish lists of known vulnerabilities in software and operating systems.NIST was formerly known as the National Bureau of Standards (NBS). NIST has become very involved in cryptography standards, systems, and technology in a variety of areas.

Industry Associations and the Developmental Process

The need for security in specific industries, such as the banking industry, has driven the development of standards. Standards frequently begin as voluntary or proprietary efforts. The Request for Comments (RFC) is essentially a proposed standard document that is requesting people review it and make comments on the proposed standard for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process. The RFC is then thrown open to the computer-user community for comments and critique. This process ensures that all interested parties have the opportunity to comment on an RFC.

Industry Associations and the Developmental Process

American Bankers Association The American Bankers Association (ABA) has been very involved in the security issues facing the banking and financial industries. Banks need to communicate with each other in a secure manner. The ABA sponsors and supports several key initiatives regarding financial transactions.

Internet Engineering Task ForceThe Internet Engineering Task Force (IETF) is an international community of computer professionals, which includes network engineers, vendors, administrators, and researchers. The IETF is mainly interested in improving the Internet. It is also very interested in computer security issues. The IETF uses working groups to develop and propose standards.

Internet SocietyThe Internet Society (ISOC) is a professional group that is comprised primarily of Internet experts. The ISOC oversees a number of committees and groups, including the IETF.

World Wide Web ConsortiumThe World Wide Web Consortium (W3C) is a standards body that is primarily interested in developing standards (like XML) for the web as well as the interoperability, growth, and standardization of the World Wide Web.

International Telecommunications UnionThe International Telecommunications Union (ITU) is responsible for virtually all aspects of telecommunications and radio communications standards worldwide. The ITU is broken into three main groups that are targeted at specific areas of concern:

ITU-R is concerned with radio communication and spectrum management. ITU-T is concerned with telecommunication standards.ITU-D is concerned with expanding telecommunications throughout undeveloped countries.

Institute of Electrical and Electronics EngineersThe Institute for Electrical and Electronics Engineers (IEEE) is primarily concerned with standards for both electrical and electronic items. IEEE is an international organization focused on technology and related standards. IEEE is organized into several working groups and standards committees. IEEE is very actively involved in the development of PKC, wireless, and networking protocols standards.Ethernet is an IEEE standard.

Industry Associations and the Developmental Process

Public Domain CryptographyPublic domain cryptography refers to the standards and protocols that emerge from individual or corporate efforts and are released to the general public for use. PGP and RSA are two common public cryptographic initiatives:

Pretty Good Privacy    Pretty Good Privacy (PGP) was developed by Phil Zimmerman for humanitarian reasons. In 1991, he published the encryption system on the Internet. His stated objective was to preserve privacy and protect citizens from oppressive governments. PGP is used for signing, encrypting, and decrypting email messages. PGP is used to send and receive emails in a confidential, secure fashion.Since its release, PGP has become a de facto standard for e mail encryption. PGP uses both ‑symmetrical and asymmetrical encryption.

RSA    RSA provides cryptographic systems to both private businesses and the government. The name RSA comes from the initials of its three founders (Rivest, Shamir, and Adleman). RSA has been very involved in developing Public-Key Cryptography Standards (PKCS), and it maintains a list of standards for PKCS.RSA is used for the SSL/TLS key exchange. After the key exchange, the Web client uses a Web server’s key information to authenticate the Web server. Finally, the Web client and the Web server establish an encrypted connection and exchange data on an SSL-encrypted connection.

Public-Key Infrastructure X.509/Public-KeyCryptography Standards

The Public-Key Infrastructure X.509 (PKIX), a working group formed by the IETF, develops standards and models for the PKI environment. The PKIX working group is responsible for the X.509 standard. The Public-Key Cryptography Standards (PKCS) is a set of voluntary standards created by RSA and security leaders. Early members of this group included Apple, Microsoft, DEC (now HP), Lotus, Sun, and MIT. Currently, there are 15 published PKCS standards:

PKCS #1: RSA Cryptography Standard PKCS #2: Incorporated in PKCS #1PKCS #3: Diffie-Hellman Key Agreement Standard PKCS #4: Incorporated in PKCS #1PKCS #5: Password-Based Cryptography Standard PKCS #6: Extended-Certificate Syntax Standard PKCS #7: Cryptographic Message Syntax StandardPKCS #8: Private-Key Information Syntax Standard PKCS #9: Selected Attribute TypesPKCS #10: Certification Request Syntax Standard PKCS #11: Cryptographic Token Interface StandardPKCS #12: Personal Information Exchange Syntax Standard PKCS #13: Elliptic Curve Cryptography StandardPKCS #14: Pseudorandom Number GeneratorsPKCS #15: Cryptographic Token Information Format Standard

X.509The X.509 standard defines a framework for authentication services by a directory and the format of required data for digital certificates. The X.509 standard is the accepted standard for certificate formats and public key fields for use in PKI. It also defines the procedures that should be used to distribute public keys. The X.509 version 2 certificates are still used as the primary method of issuing CRL certificates. An X.509 Certificate Revocation List (CRL) contains a list of serial numbers of unexpired or revoked digital certificates that should be considered invalid. CRLs are created by certification authorities (CAs).

All X.509 certificates have the following:Signature, which is the primary purpose for the certificate VersionSerial numberSignature algorithm ID Issuer nameValidity period Subject nameSubject public key informationIssuer unique identifier (relevant for versions 2 and 3 only) Subject unique identifier (relevant for versions 2 and 3 only) Extensions (in version 3 only)

Information about the signature algorithm identifier, user’s public key information, and serial number of the issuing certificate authority (CA) is all included within a digital certificate. The validity period identifies the time frame for which the private key is valid, if the private key has not been compromised. This period is indicated with both a start and an end time, and may be of any duration, but it is often set to one year. The X.509v3 certificate is the most commonly used certificate in the PKI environment.

SSL and TLSSecure Sockets Layer (SSL) and Transport Layer Security (TLS) are the most widely used cryptographic protocols for managing secure communication between a client and server over the Web. Both essentially serve the same purpose with TLS being the successor of SSL. SSL is used to establish a secure communication connection between two TCP-based machines.

When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key.

SSL supports an encryption key length of 40 bits or 128 bits. SSL uses public key or symmetric encryption, and provides data encryption and server authentication. SSL version 2 provides client-side authentication. To enable SSL to operated, the server and the client browser must have SSL enabled. The main advantage of SSL is that SSL supports additional application layer protocols, such as FTP and NNTP. HTTP does not. SSL is used to protect Internet transactions. It works in conjunction with HTTP to provide secure HTTP connections (HTTPS). When SSL is used, the browser address will have the https:// prefix, instead of the http:// prefix. A common implementation of SSL is wireless transport layer security (WTLS) for wireless networks. WTLS transmission is required to traverse both wired and wireless networks. Therefore, the packets that are decrypted at the gateway are required to be re-encrypted with SSL for use over wired networks. This is a security loophole referred to as the Wap Gap security issue. The main vulnerabilities of SSL are small key sizes and outdated CRLs.

The SSL connection process

HTTPS and TLS/SSL (2:25)

Transport Layer Security (TLS) is a security protocol that combines SSL and other security protocols. SSL/TLS serves as the security layer in a TCP session. Many industry analysts predict that TLS will replace SSL in the near future. TLS consist of two additional protocols:

TLS record protocol The record protocol provides connection security.

TLS handshake protocol The handshake protocol allows the client and sever to authenticate to one another.

  SSL with TLS supports both server and client authentication. In most cases, the use of SSL and TLS is single sided. Only the server is being authenticated as valid with a verifiable certificate. For example, when conducting an online banking transaction, one can be assured they are at the legitimate site by verifying the server side certificate, whereas the client is verified by a means other than a certificate, such as a username and password.

SSL and TLS

The TLS connection process

Transport Encryption Algorithms (9:13)

Certificate Management Protocols

Certificate Management Protocol (CMP) is a messaging protocol used between PKI entities. This protocol isn’t yet widely used, but you may encounter it in some PKI environments.

XML Key Management Specification (XKMS) is a standard of the World Wide Web Consortium (W3C). XKMS is designed to allow XML-based programs access to PKI services.

Secure Multipurpose Internet Mail Extensions

Secure/Multipurpose Internet Mail Extensions (S/MIME) provides email privacy using encryption and authentication via digital signatures. It uses the PKCS #7 standard (Cryptographic Message Syntax Standard) and is the most widely supported standard used to secure e mail communications. ‑ MIME is the de facto standard for e mail messages. S/MIME, which ‑is a secure version of MIME, was originally published to the Internet as a standard by RSA. It provides asymmetric encryption, integrity, and authentication when used in conjunction with PKI. S/MIME version 3, the current version, is supported by IETF, and is defined in Request for Comments (RFC) 2633. S/MIME 3 provides non-repudiation, authentication, and integrity for e-mail messages.

Secure Electronic TransactionSecure Electronic Transaction (SET) provides encryption for credit card numbers that can be transmitted over the Internet. It was developed by Visa and MasterCard and is becoming an accepted standard by many companies. SET is most suited for transmitting small amounts of data. SET works in conjunction with an electronic wallet that must be set up in advance of the transaction. An electronic wallet is a device that identifies you electronically in the same way as the cards you carry in your wallet.

The consumer must establish an electronic wallet that is issued by the consumer/issuing bank. When the consumer wants to make a purchase, they communicate with the merchant. The wallet is accessed to provide credit/payment information. The merchant then contacts the credit processor to complete the transaction. The credit processor interfaces with the existing credit network.

In this situation, the transactions between the issuing bank, the consumer, the merchant, and the credit processor all use SET.

The SET transaction in process

Secure ShellSecure Shell (SSH) is a tunneling protocol originally used on Unix systems, and is now available for Windows environments. SSH is primarily intended for interactive terminal sessions. SSH utilizes the asymmetric (public key) RSA cryptography method to provide an authenticated and encrypted data stream, as opposed to the cleartext communications of a Telnet session. The handshake process between the client and server is similar to the process described in SSL.SSH connections are established in two phases:

The first phase is a secure channel to negotiate the channel connection The second phase is a secure channel used to establish the connection

Data encryption with SSH is accomplished using one of the following algorithms: IDEA, Blowfish, or DES.

The SSH connection-establishment process

SSH and Encrypted File Transfer (2:55)

Pretty Good Privacy

Pretty Good Privacy (PGP) is a computer program used for signing, encrypting, and decrypting email messages. PGP is used to send and receive emails in a confidential, secure fashion. PGP uses symmetric and asymmetric schemes to encrypt data. It follows the OpenPGP format using a combination of public key and private key encryption

With PGP, a document is encoded using a public key and a session key, which is a one-use random number, to create the ciphertext. The session key is encrypted into the public key and sent with the ciphertext.

On the receiving end, the private key is used to weed out the session key. The session key and the private key are then used to decrypt the ciphertext back into the original document. .

The PGP encryption system

Asymmetric Encryption with PGP and GPG (12:36)

HTTP Secure and Secure HTTPHypertext Transfer Protocol Secure (HTTPS) securely transmits Web pages over Secure Sockets Layer (SSL). The connection is protected, and all traffic between the two computers is encrypted. HTTPS uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS). It uses private key encryption to encrypt the entire channel.

HTTPS employs X.509 digital certificates and operates over port 443. An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP), which was developed to support connectivity for banking transactions and other secure web communications S-HTTP allows computers to negotiate an encryption connection and is not as secure as HTTPS. It uses document encryption to protect the HTTP document’s contents only.

S-HTTP also uses port 443 by default.

IP SecurityInternet Protocol Security (IPSec) is a dual mode end-to-end security scheme that operates at the Network Layer of the OSI model, also known as the Internet Layer within the IP Suite. For IPSec to work, the sending and receiving devices must share a public key. IPSec is often used with L2TP to create virtual private networks (VPNs). A virtual private network (VPN) is used to encrypt data over an unsecure public network such as the Internet. IPSec supports two encryption modes:

Transport In transport mode, only the message part of a packet (the payload) is encrypted by Encapsulating Security Payload (ESP).

TunnelIn IPSec tunnel mode, the entire packet including the packet header and the routing information is encrypted.

Either of the two modes can be used to secure either gateway-to-gateway or host-to-gateway communication. If used in gateway-to-host communication, the gateway must act as the host. IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols. AH provides the authentication mechanism, and ESP provides encryption, confidentiality, and message integrity. Both can operate in Transport mode or Tunnel mode. Cisco routers have support for IPSec built into the product. IPSec provides security by protecting against traffic analysis and replay attacks.The most effective attack against an IPSec-based VPN is a man in the middle attack.

IPsec (1:47)

Tunneling ProtocolsTunneling protocols add the capability to create tunnels between networks that can be more secure, support additional protocols, and provide virtual paths between systems.

The most common protocols used for tunneling are as follows: Point-to-Point Tunneling Protocol    

Point-to-Point Tunneling Protocol (PPTP) enables the secure transfer of data from a remote client to a private server by creating a VPN across a TCP/IP network. PPTP supports on-demand, multiprotocol, and virtual private networking over public networks, such as the Internet. The negotiation between the two ends of a PPTP connection is done in the clear. Then the channel is encrypted. This is one of the major weaknesses. A sniffer, can captures the negotiation process and determine the connection type and information about how the tunnel works. PPTP uses port 1723 and TCP for connections.

Layer 2 Forwarding     Layer 2 Forwarding (L2F) creates tunnels primarily for dial-up connections. It’s similar in capability to PPP and shouldn’t be used over WANs. L2F provides authentication, but not encryption. L2F uses port 1701 and TCP for connections.

Layer 2 Tunneling Protocol     Layer 2 Tunneling Protocol (L2TP), a hybrid of PPTP and L2F, is an encapsulated tunneling protocol often used to support the creation of VPNs. It’s primarily a point-to-point protocol. L2TP supports multiple network protocols such as IPX, SNA, and IP, so it can be used as a bridge across many types of systems. The major problem is that it doesn’t provide data security. The information isn’t encrypted. Security can be provided by protocols such as IPSec. L2TP uses port 1701 and UDP for connections.

Wireless EncryptionWireless Transport Layer Security Wireless Transport Layer Security (WTLS) provides an encrypted and authenticated connection between a wireless client and a server. WTLS, similar in function to TLS, is used to support wireless devices, which don’t yet have extremely powerful processors. Wired Equivalent Privacy Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP uses the RC4 cipher for confidentiality; however, the WEP algorithm, although widely used, is no longer considered secure and has been replaced, largely by WPA.To make the encryption stronger, Temporal Key Integrity Protocol (TKIP) can also be employed. TKIP uses the RC4 algorithm, and does not require an upgrade to existing hardware. The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) technologies were designed to address the core problems with WEP. The WPA2 standard implements the 802.11i-2004 protocols, and is currently the highest standard for Wi-Fi communication security.

WEP vs. WPA (4:18)

Understanding Key Management and the Key Life Cycle

Key management includes the following stages/areas:Centralized versus decentralized key generation Key storage and distributionKey escrow Key expiration Key revocation Key suspensionKey recovery and archival Key renewalKey destruction Key usage

The certificate key life cycle refers to those events required to create, use, and destroy public keys and the digital certificates with which they are associated. The certificate life cycle is typically based on two documents: the certificate policy and the certification practice statement (CPS). Three basic status levels exist in most public key infrastructure (PKI) solutions: Valid, Suspended, and Revoked.

Public Key Infrastructure (3:33)

Comparing Centralized and Decentralized Key Generation

Key generation (creating the key) is an important first step in the process of working with keys and certificates. Certificates are one of the primary methods used to deliver keys to end entities. Key length and the method used to create the key also affect the security of the system in use. Centralized Key GenerationAlthough the benefit of central control may be seen as an advantage, a centralized system also has other disadvantages:

Additional required infrastructureA need to positively authenticate the end entity prior to transmitting the private keyKey archival and storage process may be vulnerable to an attack against a single pointThe need for a secure channel to transmit the private key.

Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security.

A centralized key-generating facility

Decentralized Key GenerationIn a decentralized key generation system, the end user generates his or her own key pair. One of the primary advantages of using decentralized/distributed key generation is that the key distribution isn’t vulnerable to a single point of failure or attack.Decentralized generation addresses the distribution issue, but it creates a storage and management issue. Split-System Key Generation Many systems, including the PKI system, require the use of a split system. In a split system, the central server generates encryption keys. Digital signature keys are created at the client or in a smart card.

Comparing Centralized and Decentralized Key Generation

In this situation, the loss of any single key-generating system doesn’t disrupt the entire network. The RA in the figure refers to a registration authority, and the CA refers to a certificate authority.

A distributed key-generating system

Storing and Distributing KeysProper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls. Where and how keys are stored affects how they are distributed. Distributing keys is usually accomplished using a Key Distribution Center (KDC), as used in Kerberos, or by using a Key Exchange Algorithm (KEA), as in the case of PKI.

Kerberos uses a KDC to store, distribute and maintain cryptographic session keys and secret keys, and keep a list of revoked keys.The master key is used to exchange the session keys. The keys are automatically distributed to the communicating client and the server. The KDC also provides the authentication services for the users.The client requests resource access through the KDC. As a response to the request, the KDC generates a session key that is a combination of the secret keys of the client and the server. The session key is decrypted by both the client and the server to successfully authenticate to each other and to initiate communication.

Storing and Distributing KeysThe KEA process is slightly different from the KDC process. KEA is used to create a temporary session to exchange key information. This session creates a secret key. The KEA session terminates once the key has been successfully transmitted, and the regular session begins.

The KEA process

Using Key EscrowA key escrow system stores keys for the purpose of law enforcement access. If a criminal investigation is underway, law enforcement agents, with a search warrant, have the right to access and search records within the scope of the warrant.

Key escrow occurs when a CA or other entity maintains a copy of the private key associated with the public key signed by the CA. It allows the CA or escrow agent to have access to all the information that is encrypted using the public key from a user’s certificate, as well as create digital signatures on behalf of the users. Key escrow can also allow access to information in a PKI system if the client’s private key becomes unavailable for some reason.It also enables an organization to overcome the large problem of forgotten passwords. Rather than revoke and reissue now keys, an organization can generate a new certificate using the private key stored in escrow.

Key Escrow (2:47)

Identifying Key ExpirationA key expiration date identifies when a key is no longer valid. Normally, a key is date stamped. This means that it becomes unusable after a specified date. A new key or certificate is normally issued before the expiration date. Keys with expiration dates work similarly to credit cards that expire.So long as the certificate holder’s needs or identity information has not changed, the process is relatively simple. After the issuing CA validates the entity’s identity, a new certificate can be generated based on the current public key.

Revoking Keys

Keys are revoked when they are compromised, the authentication process has malfunctioned, when people are transferred, and when many other security risks occur.

Revoking a key keeps it from being misused. A revoked key must be assumed to be invalid or possibly compromised. A component of public key infrastructure (PKI) includes a mechanism for distributing certificate revocation information, called certificate revocation lists (CRLs).

A CRL is used when verification of digital certificate takes place to ensure the validity of a digital certificate. Systems such as PKI use a CRL to perform a check on the status of revoked keys.

Revocations are permanent. Once a certificate is revoked, it can’t be used again; a new key must be generated and issued.

Key Revocation (2:54)Implementing Key Revocation (2:19)

Suspending Keys Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person returns. If an employee were to take a leave of absence, the employee's key could be suspended until they came back to work. This temporary suspension would ensure that the key would not be usable during their absence. A suspension might also occur if a high number of failed authentications or other unusual activities were occurring.  Checking the status of suspended keys is accomplished by checking with the certificate server or by using other mechanisms. In a PKI system, a CRL would be checked to determine the status of a certificate.

Recovering and Archiving KeysKey recovery is the process of restoring a key pair from a backup and recreating a digital certificate using the recovered keys.A key recovery process must be able to recover a previous key. If not recovered, then all the information for which the key was used will be irrecoverably lost. One of the problems with a key-based system is that older information, unless processed with a new key, may become inaccessible. If for example, you have a two-year-old file on your system and it is still encrypted, will you remember which key was used to encrypt it two years ago? If you are like most people, you won't. If you can't decrypt the data, it is useless.

To deal with this problem, archiving old keys is essential. Any time a user or key generator creates and issues a key, the key must also be sent to the key archive system. This is most easily done on a server that offers secure storage. Older keys can be stored and retrieved when necessary.

Many recovery and archive systems use the M of N Control method of access. Simply stated, in order to access the key server if n number of administrators have the ability to perform a process, m number of those administrators must authenticate for access to occur. M of N control as it relates to PKI refers to the concept of backing up the public and private key across multiple systems. This multiple backup provides a protective measure to ensure that no one individual can re-create his or her key pair from the backup.

The key archival system

Key Recovery (3:10)

Implementing Key Recovery (2:30)

Renewing KeysKey renewal defines the process of enabling a key for use after its scheduled expiration date. A key would be reissued for a certain time in this situation. This process is called a key rollover. In most cases, the rollover of keys is something that occurs for a given time frame. In general, key renewals are a bad practice and should not be performed except in the direst of situations. The longer a key is used, the more likely it is to be compromised. It is always better to renew keys than to do a key rollover. Many systems provide a way to renew existing keys, rather than a rollover.

Destroying Keys Key destruction is the process of destroying keys that have become invalid. For example, an electronic key can be erased from a smart card.

Many symmetrically based encryption systems use a dedicated device to carry the key for the encryption. This key would be physically delivered to the site using the encryption system. Old keys would be recovered and destroyed. If the key pair to be destroyed is used for digital signatures, the private key portion should be destroyed first, to prevent future signing activities with the key.

In addition, a digital certificate associated with a key that is no longer valid should be added to the CRL regardless of whether the key is actually destroyed or archived. Whether you’re using physical keys or software-oriented key systems, old keys must be destroyed in a manner that ensures they don’t fall into unauthorized hands.

Identifying Key Usage

During the time when the key is not being revoked, suspended, renewed, or destroyed, it is being used.

Key usage is simply the use (and management) of public and private keys for encryption.

There is nothing additional to know here, thank goodness!

The End