Cryptography Best Practices and Resource Portfolio Part B Phreaking

By: Desiree Carter

11/25/2012

Page |1

Secure Sockets Layer

SSL (Secure Sockets Layer) is a protocol that provides secure communication between client and server. The client is your browser and the server is the website youre communicating with. When it comes to smart phones they have an internet app that facilitates the access to the browser. The purpose of secure communication is to provide privacy, message integrity, and authentication. Here is an example Laura wants to check her Facebook on her GalaxyS III. In order to do this shell need to send the sensitive information of her email address and password. Laura wants to make sure that the information she sends is kept private. She also wants to make sure that the data she sends is not altered along the way which would be message integrity. She also wants to make sure that shes really sending her information to the real Facebook and not a hacker which would be authentication. The sensitive information Laura sends to Facebook is kept private by cryptography. A plaintext message like a post is encrypted into ciphertext. To hackers who might eavesdrop and intercept the message, the ciphertext is meaningless. Its estimated that trying to crack the ciphertext by brute force alone (trying every possible combination) would take millions of years even if all the computers in the world were linked together to solve the puzzle. (GeoCerts, 2012) The information that is required to turn a plaintext message into an encrypted ciphertext message is a key. Public key cryptography makes use of a pair of keys, one is public, and the other is private. Laura wants to send Facebook private information, so Facebook says Here Laura, use this public key to encrypt your message before sending it to me. When I receive your encrypted message I will use my private key to decrypt your message. Its okay for anyone to have a copy of the public key, but only Facebook should have a copy of their private key. A plaintext message encrypted with the public key can only be decrypted with the private key. When Laura sends a message to Facebook, someone could intercept that message, alter it and send it on its way. Laura

Page |2

could end up giving her information to an imposter. Message integrity is achieved by sending a message digest along with the encrypted message. A message digest is a fixed-length representation of a message. Think of it as a fingerprint of the original message. (GeoCerts, 2012) Laura says to Facebook, "I'm going to send you an encrypted message. So that you know my message to you hasn't been intercepted and altered along the way, I'm also sending a fingerprint of my original message. Please check the fingerprint to see if it matches when you receive my message." (GeoCerts, 2012) Lauras message to Facebook is encrypted for privacy, and fingerprinted for message integrity, but how does Laura know that she is really sending the message to Facebook? Laura needs to authenticate Facebook, to make sure they're really Facebook and not someone else. Authentication is achieved by digital certificates. When Laura and Facebook first negotiate their SSL session, Facebook sends Laura a copy of their digital certificate. A digital certificate is an electronic document. Inside that certificate is a copy of Facebook's public key and information about its owner (domain name, organization name, location). Because the SSL certificate is verified or "signed" by a trusted third party Certificate Authority, such as McAfee. The trusted Certificate Authority's job is to verify Facebooks application for a digital SSL certificate. The authentication process can range from verifying that Facebook has authoritative control of his domain to requiring Facebook to submit legal documents that verify Facebook's business or organization is real. Once Facebook's identity has been verified he will be issued a digital SSL certificate. All of these concepts- privacy by encryption, integrity by message digests (fingerprinting), and authentication by digital SSL certificates- are integrated into the SSL protocol to allow Laura and Facebook to communicate securely.

Page |3

Internet Protocol Security and Architecture

The security concerns of the Internet--confidentiality and authentication--led to the establishment of a protocol, Internet protocol security, IPSec, to implement these concerns in all computer networks.(Paull) Internet address protocol was the starting point. It provides the authentication and encryption architecture required to protect networks from attacks, penetration or other security abuses. The 6th version of IPSec replaced the 4th version. The 6th version extended the Internet Protocol addresses to 340 billion addresses. In 1994 Internet security lapses were reported by the Internet Architecture Board (IAB) and they also warranted the attention in 1998 by the Computer Emergency Response Team (CERT). IP spoofing the creation of false IP addresses was recognized as a major challenge. It led to the design of IPSec which included authentication and encryption as two of its major security features. By November of 1998, IPSec specification were covered in many Requests for Comments (RFC) They were implemented in Internet Protocol Security version 6 and extended to include more IP addresses than what was in Internet Protocol Security version 4. Internet Protocol addresses serve to identify computer systems or hosts on the Internet. The word host can be defined as a server router, hub or terminal that communicates with other devices on the network. IP addresses fall into 5 classes (A, B, C, D, and E). Each has a limit of possible IP addresses. (Paull) The maximum limit of IP addressing in version 4 was 32 bits. Since the Internet kept growing a larger addressing scheme was needed because of this Internet Protocol version 6 was created which then used a 128 bit addressing scheme which accommodates the Internet today. Internet Protocol version 4 was established in 1986 and is capable of 4 billion Internet addresses, these were projected to be exhausted by June 2010. The 6th version of Internet Protocol which replaced version 4 has the capacity of 340 billion x 10 to the 27th power. It has improved security and better quality of service and can be configured automatically by the computer. Internet Protocol Security finds applications in email, network management and web access. The security software

Page |4

for email includes Pretty Good Privacy (PGP) and Privacy Enhanced Mail. Software that is used to manage network are Simple Network Management Protocol version 4 (SNMPv3) and for web access we have secure HTTP and Secure Sockets Layer. An application of Internet Security version 4 enhances security in electronic commerce applications and its use in intranets and extranets to secure communications within and with other organizations. The benefits of Internet Protocol are strong security features that can be implemented in a firewall and transparency to applications and end-users as well as security for intranets and offline applications.

Internet Key Exchange

Internet Key Exchange is a standard protocol of Internet Protocol Security it is used to ensure security for virtual private networks (VPN) negotiation and remote host or network access. This is specified in the Internet Engineering Task Force (IETF) in Request for Comments (RFC) 2409; IKE defines an automatic means of negotiation and authentication for IPSec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key. (Rouse, 2009) The Internet Key Exchange protocol ensures that security for security associations communication without the prior configuration that would otherwise be required. There is a hybrid protocol associated with Internet Key Exchange that implements two earlier security protocols Oakley and SKEME, within an Internet Security Association and Key Management Protocol (ISAKMP) It is based on Transmission Control Protocol/ Internet Protocol(TCP/IP) based framework. Internet Security Association and Key Management Protocol specify the framework for key exchange and authentication. The Oakley protocol specifies a sequence of key exchanges and describes their services (such as identity protection and authentication) (Rouse, 2009) SKEME specifies the actual method of key exchange (Rouse, 2009) Internet Key Exchange is not required for Internet Protocol Security configuration.

Page |5

However, it offers a number of benefits, which include: automatic negotiation and authentication and anti-replay services. It also offers certification authority (CA) support as well as the ability to change encryption keys during an IPsec session.

Secure Electronic Transaction (SET)

Smart phones are used for just about everything today including shopping online. Secure Electronic Transaction (SET) is required to make this possible. It is a system for ensuring the security of financial transactions on the Internet. It was originally supported by MasterCard, Visa, Microsoft as well as Netscape. When using Secure Electronic Transaction a user is given an electronic wallet through a digital certificate. The transaction is conducted and verified using a combination of digital certificates and digital signatures among the person using their smart phone using their phone to shop, the merchant they are shopping with and the smart phone users bank keeping privacy and confidentiality. When working with Netscape it uses a Secure Sockets Layer (SSL). When working with Microsoft it uses Secure Transaction Technology (STT) as well as Terisa Systems Secure Hypertext Transfer Protocol (S-HTTP). Secure Transaction Protocol uses a few of the aspects of public key infrastructure (PKI). When using a Secure Electronic Transaction enabled browser the following steps are taken: 1. The user of a smart phone opens a MasterCard or Visa bank account. All credit card issuers are a type of bank. 2. First the customer receives a digital certificate. The digital certificate serves as a credit card for online purchases and other transactions. It includes a public key that expires. It also has been through a digital switch to the bank in order to make sure it is valid. 3. Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key. (Rouse, 2008)

Page |6

4. The smart phone user would place an order over a Web page by phone or by an online service. 5. The smart phones browser receives and confirms from the merchants certificate that the merchant is valid 6. When the browser sends the order information the message is encrypted with the merchants public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order. 7. The merchant then verifies the smart phones user by checking the digital signature on their certificate. This can be done by referring the certificate to the band or to a third-party verifier. 8. Then merchant sends the order message to the bank. This includes the banks public key and the customers payment information which the merchant cant decode as well as the merchants certificate. 9. The bank then verifies the merchant and the message. The bank then uses the digital signature on the certificate with the message and verifies the payment part of the message. 10. Then the bank digitally signs and sends the authorization to the merchant who then can fill the order.

Page |7

Cryptographic Accelerators
In computer security, a cryptographic accelerator is a form of a co-processor that performs computationally intensive encoding and decoding of information while freeing the host Computer Processor Unit to perform other tasks. When there is a large proportion of the system load of either encryption or decryption of data the overall system performance can be improved when a cryptographic accelerator is used. They are typically available as an expansion card on the system motherboard. Several operating systems provide some support for cryptographic hardware. The BSD family of systems has the OpenBSD Cryptographic Framework (OCF), and Linux systems have the Crypto API. Microsoft Windows has the Microsoft CryptoAPI. (Wikipedia, 2012)

Public Key Infrastructures

A public key infrastructure (PKI) enables users of an unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The PKI provides for a digital certificate that can identify an individual or organization and its directory services that can store and revoke the certificates. The components of a public key infrastructure are generally understood but a number of different vendor approaches and services are emerging because of this an Internet standard for public key infrastructure is in the works. Public key cryptography as well as the public key infrastructure is the preferred approach on the Internet. The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography. (Rouse, 2006)

Page |8

A public key infrastructure consists of: A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor One or more directories where the certificates (with their public keys) are held A certificate management system (Rouse, 2006)

Public key cryptography works using a public and private key and is created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority (CA). The private key is only provided by the sender to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never used by anyone except the requesting party. It is used to decrypt text that has been encrypted with the public key by someone else who is able to find your public key in a public directory. Due to this if Laura sends Facebook a message I can find out your public key but not your private key from the central administrator and encrypt a message to you using your public key.

When it is received it is decrypted using your private key. Your private key also allows you to authenticate yourself to the one sending the message so they know its really you who sent the message. Since a private key is used to encrypt a digital

Page |9

certificate. When it is received, I can use your public key to decrypt it. Here's a table that restates it:

(Rouse, 2006)

Several products are offered that enable a company or group of companies to use Public Key Infrastructure. Due to the acceleration of e-commerce and business-to-business commerce over the Internet has increased the demand for Public Key Infrastructure solutions.

Related ideas are the virtual private network (VPN) and the IP Security (IPsec) standard. Among PKI leaders are: RSA, which has developed the main algorithms used by PKI vendors Verisign, which acts as a certificate authority and sells software that allows a company to create its own certificate authorities

P a g e | 10

GTE CyberTrust, which provides a PKI implementation methodology and consultation service that it plans to vend to other companies for a fixed price Xcert, whose Web Sentry product that checks the revocation status of certificates on a server, using the Online Certificate Status Protocol (OCSP) Netscape, whose Directory Server product is said to support 50 million objects and process 5,000 queries a second; Secure ECommerce, which allows a company or extranet manager to manage digital certificates; and Meta-Directory, which can connect all corporate directories into a single directory for security management (Rouse, 2006)

When using e-mail the Pretty Good Privacy (PGP) product allows you to encrypt a message to anyone who has a public key. It is encrypted with your private key and they decrypt it with their public key. Users of Pretty Good Privacy users share a directory of public keys that is called a key ring. Unless you are sending a message to someone who has access to the key ring they cant receive an encrypted message. If you dont like the first option Pretty Good Privacy lets you sign your note with a digital signature using your private key. However, the recipient still needs access to your public key on the key ring and decrypt your signature to see whether it was really you who sent the message.

P a g e | 11

Security Associations and Databases

In order for IPSec to handle Security Policies, Security Associations and Databases it is equipped with a flexible, powerful way of specifying how different types of datagrams should be handled. In order to understand how this works, two logical concepts must be defined. First is Security Policies, a security policy can be defined as a rule that is programmed into the IPSec implementation that tells it how to process different datagrams received by the device. An example of this is security policies that are used to decide if a particular packet needs to be processed by IPSec or not; those that do not bypass AH and ESP entirely. If security is required, the security policy provides general guidelines for how it should be provided, and if necessary, links to more specific detail. The security policies for a device are stored in the devices security policy database (SPD). Security Associations also abbreviated as (SA) is a Set of security information that describes a particular kind of secure connection between one device and another. It can be considered a "contract", that specifies the particular security mechanisms that are used for secure communications between the two. The devices security associations are contained in its Security Association Database (SAD). It is usually hard to distinguish the security policy database and the security association database since they have similar concepts.

The main difference between security policy database and Security Association Database is that security policies are general while security associations are more specific. In order to determine what to do with a particular datagram, the device

P a g e | 12

first checks the security policy database. The security policies in the security policy database reference particular security associations in the security association database. Therefore if the device looks up that security association it will use it for processing the datagram.

One thing that needs to be explained is how a device determines what policies or security associations to use for a specific datagram. Internet Protocol Security defines a very flexible system that lets each security association define a set of rules for choosing datagrams that the security association applies to. Each rule in this system is called a selector. One example is a selector might be defined that says that a particular range of values in the Source Address of a datagram, combined with another value in the Destination Address, means a specific security association must be used for the datagram. Security Associations are very important in Internet Protocol Security.

Each of the secure communications that a device makes to another requires that the security association be established. Security associations are one-directional each one only handles either inbound or outbound traffic for a particular device. It allows different levels of security to be implemented in flow from device A to device B, then traffic that arrives from device B to device A. With two-directional communications of this nature, both A and B would have two security associations. A would have two security associations for this example we will call them "SAdeviceBin" and "SAdeviceBout". Device B would have two security associations "SAdeviceAin" and "SAdeviceAout".

P a g e | 13

Security associations dont have names however they are defined by a set of three parameters called a triple. The security parameter index is a 32-bit number that is chosen to uniquely identify a particular security association for any connected device. The security perimeter index is placed in AH or ESP datagrams and thus links each secure datagram to the security association. It is used by the recipient of a transmission so it knows what security association governs the datagram. Internet Protocol Destination Address is the address of the device for who the security association is established. The Security Protocol Identifier specifies whether or not this association is for AH or ESP.

The two security protocols AH and ESP are dependent on their security associations and policies as well as the various databases that control their operation. The up keep of these databases are important. Security associations can either be set up manually which means extra work or they can be set up with an automated system which can be deployed using a protocol like IKE.

P a g e | 14

Integrity Check Value Calculation

The data fields for authentication in the AH and ESP headers are fields with variable-lengths, each of these contains an Integrity Check Value (ICV). The field varies in length to accommodate variations from the Integrity Check Value algorithms, and the length is specified by the selected function. This field is optional and it is only included when an authentication service is being used for the security association that corresponds to the header, and information about the integrity check value function in use is maintained along with the rest of the security association data. The integrity check value calculation is tricky because some of the data being authenticated may be modified in route, one example is the Internet Protocol header hop counts. According to RFC 2402 the AH ICV is computed on the IP header fields that either don't change in transit or whose values on arrival can be predicted, the AH header itself (though the Authentication Data field is set to zero for the calculation), and the upper-level protocol data that is being authenticated (this is assumed to be unchanged in transit). The ESP ICV, according to RFC 2406, is computed on the entire ESP packet, excluding the Authentication Data field. This includes the SPI, Sequence Number, Payload Data, Padding (if present), Pad Length, and Next Header; the last four fields will be in ciphertext form, since encryption is performed prior to authentication. (daddy, 2012)

P a g e | 15

These are the suggested algorithms for ICV:

Message Authentication Codes (MACs), the results of which are then encrypted with an appropriate symmetric encryption algorithm (for example, AES)

Secure hash functions, such as MD5 or SHA-1 (an updated version of SHA)

To comply with the standard, implementations must support MD5 and SHA-1 keyed hashing, at least. (daddy, 2012)

P a g e | 16

References GeoCerts. (2012). How ssl works. Retrieved from http://www.geocerts.com/ssl/how_ssl_works Paull, O. (n.d.). What is internet protocol security. Retrieved from http://www.ehow.com/about_6571067_internet-protocolsecurity_.html Rouse, M. (2009, March). Internet key exchange. Retrieved from http://searchsecurity.techtarget.com/definition/Interne t-Key-Exchange Rouse, M. (2008, January). Secure electronic transaction (set). Retrieved from http://searchfinancialsecurity.techtarget.com/definitio n/Secure-Electronic-Transaction Wikipedia. (2012, June 10 ). Cryptographic accelerator. Retrieved from http://en.wikipedia.org/wiki/Cryptographic_accelerator Rouse, M. (2006, October). Pki (public key infrastructure). Retrieved from http://searchsecurity.techtarget.com/definition/PKI Kozierok, C. (2005, September 20). Ipsec and security associations. Retrieved from http://www.tcpipguide.com daddy, S. (2012). Calculating the integrity check value (icv). Retrieved from http://sourcedaddy.com/networking/calculating-theintegrity-check-value-icv.html

P a g e | 17