Professional Documents
Culture Documents
Objectives
Demystify commonly used terminology
Explain how PKI works
Get you playing with PKI in the lab
Make some simple recommendations
Agenda
Foundational Concept (level 200)
PKI and Signatures (level 330)
Recommendations (level 310)
Reference material
Common Algorithms (level 360)
Foundational Concepts
Assets
What we are securing?
Data
Services (i.e. business etc. applications or their
individually accessible parts)
Weak Physical
Security of KA
Strong Physical
Security of KA
Strong Digital
Security
Strong Digital
Security
Weak Digital
Security
Good Security
Everywhere
Insecure
Environment
Insecure
Environment
Cipher-text
Plain-text output
AxCv;5bmEseTfid3)f
GsmWe#4^,sdgfMwir
3:dkJeTsY8R\s@!
q3%
The quick
brown fox
jumps over
the lazy
dog
Encryption
Decryption
Same key
(shared secret)
Weakness:
Must agree the key beforehand
Securely pass the key to the other party
Cipher-text
Clear-text Output
Py75c%bn&*)9|
fDe^bDFaq#xzjFr@g
5=&nmdFg$5knvMdr
kvegMs
The quick
brown fox
jumps over
the lazy
dog
Encryption
public
Recipients
public key
Decryption
Different keys
privat
e
Recipients
private key
Strength
Solves problem of passing the key
Allows establishment of trust context between
parties
Symmetric
encryption
(e.g. DES)
Users
public key
(in certificate)
RandomlyGenerated
symmetric
session key
RNG
*#$fjda^j
u539!3t
t389E *&\@
5e%32\^kd
Symmetric key
encrypted asymmetrically
(e.g., RSA)
Digital
Envelope
As above, repeated
for other recipients
or recovery agents
Digital
Envelope
Other recipients or
agents public key
(in certificate)
in recovery policy
Hybrid Decryption
*#$fjda^j
u539!3t
t389E *&\@
5e%32\^kd
Launch key
for nuclear
missile
RedHeat
is...
Symmetric
decryption
(e.g. DES)
Symmetric
session key
Recipients
private key
Asymmetric
decryption of
session key (e.g. RSA)
Digital envelope
contains session
key encrypted
using recipients
public key
Digital
Envelope
RSA Key
Time to
Break
Machines
Memory
56
112
420
< 5 mins
10000
Trivial
80
160
760
600
months
4300
4GB
96
192
1020
3 million
years
114
170GB
128
256
1620
10E16
years
0.16
120TB
Eureka!
We need PKI to solve that problem
And a few others
Trust Models
Web-of-Trust (PGP)
Peer-to-peer model
Individuals digitally sign each other keys
You would implicitly trust keys signed by some of your friends
Combination strategy?
Lets trust a CA that verifies keys by traditional strong methods
and peer-to-peer recommendations
128 bits
Message Digest
This is a
really long
message
about
Bills
Digital Signature
Jrf843kjfgf*
$&Hdif*7oU
sd*&@:<CH
DFHSD(**
Py75c%bn&*)9|
fDe^bDFaq#xzjFr@g
5=&nmdFg$5knvMdr
kvegMs
Hash
Function
(SHA, MD5)
Calculate a short
message digest from
even a long input
using a one-way
message digest
function (hash)
Asymmetric
Encryption
privat
e
Signatorys
private key
Asymmetric
decryption
(e.g. RSA)
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMdrkvegMs
? == ?
Signatorys
public key
Everyone has
access to trusted
public key of the
signatory
This is a
really long
message
about Bills
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMdrkvegMs
Original Message
HMAC
Digest + shared-secret encryption for up to 160 bit results
MACTripleDES
Encryption using 8, 16 or 24 bytes of TripleDES key on top of
a hash
64 bit result (ouch!)
Certificates
The simplest certificate just contains:
Information about the entity that is being certified to
own a public key
That public key
X.509 Certificate
Certificate Authority Digital Signature
of All Components Together:
Serial Number
Issuer X.500
Distinguished Name
Validity Period
Subject X.500
Distinguished Name
Subject Public Key
Information
Key/Certificate Usage
Extensions
OU=Contoso
The Key or Info About It
2.
3.
Melinda challenges Bill to encrypt for her a phrase etc. she just made
up (I really need more shoes)
4.
Bill has, of course, the private key that matches the certificate, so he
responds (*&$^%$&fhsdf*&EHFDhd62^&)
5.
Melinda decrypts this with the public key she has in the certificate
(which she trusts) and if it matches the phrase she challenged Bill
with then it must really be Bill himself!
Private keys (and certs that include them) that match the
public key are extremely vulnerable
It is a Key Asset
You must protect them well
Store in Protected Storage on your OS or a smart
smartcard that will have crypto functionality on board
Axaltos .NET-enabled smart cards for instance
Certification Hierarchy
Most organisations do not use just one root key for
signing certificates
Dangerous, if that one key is compromised
Does not scale to large organisations
Difficulty in managing responsibility
Certificate Hierarchies
Start with CA root cert
Create more levels in your organisation (for departments etc.)
Certificate Validation
Essentially, this is just checking the digital signature
But
You may have to walk the path of all subordinate
authorities until you reach the root
Unless you explicitly trust a subordinate CA
In Xanadu We Trust
(installed root CA
certificate)
Check DS of
OCG CA
I: PB CA
S: Rafal
Check DS of
Xanadu
I: Xanadu Root
S: PB CA
I: Xanadu Root
S: Xanadu Root
Recommendations
Dont be scared of PKI!
Set up a test environment to enable hyou to
play
Minimise the scope of your first implementation
Read up on CP & CPS
Document the purpose and operating
procedures of your PKI
Summary
Cryptography is a rich and amazingly mature
field
We all rely on it, everyday, with our lives
Know the basics and make good choices
avoiding common pitfalls
Plan your PKI early
Avoid very new and unknown solutions
References
Visit www.microsoft.com/security
Read sci.crypt (incl. archives)
Attend SEC499 for Encryption in Detail on Friday at 14.45
in Room 1
For more detail, read:
Cryptography: An Introduction, N. Smart, McGraw-Hill, ISBN 0-07-709987-7
Practical Cryptography, N. Ferguson & B. Schneier, Wiley, ISBN 0-471-22357-3
Contemporary Cryptography, R. Oppliger, Artech House, ISBN 1-58053-642-5 (to be
published May 2005, see http://www.esecurity.ch/Books/cryptography.html )
Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9
Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-8493-85237, www.cacr.math.uwaterloo.ca/hac (free PDF)
PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3
Foundations of Cryptography, O. Goldereich,
www.eccc.uni-trier.de/eccc-local/ECCC-Books/oded_book_readme.html
Cryptography in C and C++, M. Welschenbach, Apress,
ISBN 1-893115-95-X (includes code samples CD)
Demonstrations
Secure Email sign and/or encrypt messages
Secure browsing SSL auth and encryption
Secure code authenticode - sigcheck
Secure wireless PEAP & EAP-TLS
Secure documents Rights Management
Secure networks segmentation via IPsec
Secure files Encrypted File System(EFS)
Copyright 2004 Project Botticelli Ltd & Microsoft Corp. E&OE. For informational purposes only. No warranties of
any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long
as you read, agree, and follow the guidelines described in the Comments field in File/Properties.
Common Algorithms
Blowfish, Twofish
B. Schneiers replacement for DES, followed by Twofish, one of the
NIST competition finalists
Rijndael (AES)
Standard replacement for DES for US government, and,
probably for all of us as a result
Winner of the AES (Advanced Encryption Standard)
competition run by NIST (National Institute of Standards and
Technology in US) in 1997-2000
Comes from Europe (Belgium) by Joan Daemen and Vincent
Rijmen. X-files stories less likely (unlike DES).
GOST
Soviet Unions version of DES but with a clearer design and many
more repetitions of the process
256 bit key but really 610 bits of secret, so pretty much tank quality
Backdoor? Who knows
RC4
Symmetric
Fast, streaming encryption
R. Rivest in 1994
Originally secret, but published on sci.crypt
ElGamal
Relies on complexity of discrete logarithms
Quantum Cryptography
Method for generating and passing a secret key or a random stream
Not for passing the actual data, but thats irrelevant
MD5, SHA
Hash functions not encryption at all!
Goals:
Not reversible: cant obtain the message from its hash
Hash much shorter than original
Two messages wont have the same hash
Cryptanalysis
Brute force
Good for guessing passwords, and some 40-bit symmetric keys (in
some cases needed only 27 attempts)
Frequency analysis
For very simple methods only (US mobiles)
Linear cryptanalysis
For stronger DES-like, needs 243 plain-cipher pairs
Differential cryptanalysis
Weaker DES-like, needs from 214 pairs
Strong Systems
It is always a mixture! Changes all the time
Symmetric:
AES, min. 128 bits for RC2 & RC5, 3DES, IDEA, carefully
analysed RC4, 256 bit better
Asymmetric:
RSA, ElGamal, Diffie-Hellman (for keys) with minimum 1024
bits (go for the maximum, typically 4096, if you can afford it)
Hash:
Either MD5 or SHA but with at least 128 bit results, 256 better
Weak Systems
Anything with 40-bits (including 128 and 56 bit versions
with the remainder fixed)
Most consider DES as fairly weak algorithm
CLIPPER
A5 (GSM mobile phones outside US)
Vigenre (US mobile phones)
Dates from 1585!