Beruflich Dokumente
Kultur Dokumente
Version 1.5
October 1999
1
Course Map Day One
◆ Introduction
◆ Key Terms
◆ Cryptosystems
◆ Services, Mechanisms, Algorithms
◆ Cryptography in History
◆ Cryptanalysis
◆ Secret-Key Cryptography
◆ AES
◆ Lab exercise 1
◆ Public-Key Cryptography
◆ RSA
◆ Diffie-Hellman
◆ Message Digests
◆ Lab exercise 2
◆ Random Numbers
◆ Key Length
◆ Lab exercise 3
◆ File encryption
2
Course Map Day One
◆ PKCS Standard
◆ Smart Card
◆ Lab exercise 5
◆ SSH
◆ SSH Tunneling
◆ End of day one
3
Course Map Day Two
◆ Questions to day one ?
◆ Revision quiz !
◆ PKI introduction
◆ Digital certificates
◆ X.509 certificates (Demo)
◆ Certificate Revocation (Demo)
◆ Certification Authorities
◆ RA, LRA
◆ Data Repositories (LDAP)
◆ S/MIME: How it works ?
◆ Lab exercise 6
◆ S/MIME and LDAP
◆ SSL: How it works ?
◆ Lab exercise 7
◆ Web server SSL
◆ Lab exercise 8
◆ Client SSL authentication
◆ End of day two
4
Course Map Day Three
◆ Lab exercise 12
◆ IPSEC (SecuRemote Checkpoint)
◆ Demo
◆ IPSEC Cisco with CEP
◆ Cases study
◆ VPN RadGuard
◆ Secure Gate
◆ Encryption references sites
◆ Open discussion
◆ End of day three
5
Course Objectives
Cerbere: CA
Cerbere: CA
LDAP,
LDAP,Mail
Mail
Router IPsec
Londron
Londron Rome
Rome Paris
Paris Madrid
Madrid Geneve
Geneve Berlin
Berlin Newton:
Newton:DNS,
DNS,SSH
SSH
6
Lab Topology
Lab applications
◆ E-mail
◆ Netscape (example labs)
◆ Outlook 98
◆ Lotus notes
◆ Internet browsers
◆ Netscape fortified (domestic)
◆ Microsoft Internet Explorer 5.0 export
◆ SSH Client
◆ Ldap Browser
◆ etc.
7
PKI, WHY?
8
About needs...
9
Key Terms
Key Terms
10
Cryptosystems
Security Services
11
Security Mechanisms
Cryptography Algorithms
12
Services, Mechanisms, Algorithms
Application
S/MIME, PGP Application
Presentation Presentation
Session Session
SSL, TLS, SSH
Transport Transport
IPSEC
Network Network
DataLink
Hardware link encryption
DataLink
Physical Physical
13
Cryptography in History
◆ Ancient Chinese
◆ First to transform messages in Ideographs for privacy
◆ India
◆ First “Networks spies” using phonetics encryption
(Javanese or reverse speaking)
◆ Mesopotamia
◆ Numbers associate to letters (cuneiform table)
Cryptography in History
14
Cryptography in History
Cryptography in History
◆ 1970-today:
◆ New ciphers: based on numbers properties issued from
Mathematical theories
◆ RSA: Prime numbers factorization
◆ Diffie-Hellman: discrete logarithm
◆ ECDSA: Elliptic curve cryptography
15
Cryptanalysis
◆ Ciphertext only
◆ Brute force attack and dictionary attacks on keys
◆ Chosen ciphertext
◆ Start from a known ciphertext and try to appear as
someone else to get information from others
behavior
◆ Known Plain ciphertext
◆ Derive the key from knowledge of both plain and
ciphertext
16
Secret-Key Cryptography
Secret-Key Cryptography
Plaintext
Plaintext Ciphertext
Ciphertext Plaintext
Plaintext
Secret-Key
Secret-Key
17
Secret-Key Cryptography
Secret-Key Cryptography
◆ The Advantages
◆ Implementation is efficient to encrypt large volume
of data (100 to 1’000 faster than Public-Key
Cryptography)
◆ Simple to implement in either software or hardware
◆ Most of the algorithms are well know and secure
◆ Seem to be safe to brute force attack
◆ Widely used
18
Secret-Key Cryptography
◆ The Disadvantages
◆ Hard to share Secret-Keys
◆ Large number of keys
◆ No non-repudiation (Signature)
◆ Subject to interception (Secret-Key)
Secret-Key Cryptography
19
Secret-Key Cryptography
Secret-Key Cryptography
20
Secret-Key Cryptography
Secret-Key Cryptography
21
Secret-Key Cryptography
◆ DES
◆ Data Encryption Standard (1973) by IBM
◆ World Standard for 20 years
◆ DES was broken in 22 hours (DES challenge III,
January 18th, 1999)
◆ Key size = 56 bits
◆ Block cipher
◆ Recommendation: should be replaced by
3DES for high confidentiality requirements !
http://www.rsa.com/rsalabs/challenges/
Secret-Key Cryptography
22
Secret-Key Cryptography
◆ RC2
◆ Designed by Ron Rivest from RSA
◆ Block cipher
◆ Key size = up to 2048
◆ Encryption speed: independent from the key size
◆ Trade secret from RSA, posted on the net in 1996
◆ Designed as a DES’ replacement
◆ Faster than DES
◆ Recommendation: like DES but faster!
Secret-Key Cryptography
◆ CAST-128
◆ Designed by C.Adams and S. Tavares (1993)
◆ Block cipher
◆ Key size = 128 bits
◆ Used in PGP 5.x
◆ Recommendation: unknown
23
Secret-Key Cryptography
◆ IDEA
◆ International Data Encryption Algorithm
◆ Designed by X.Lai and J. Massey (ETH Zurich) in
1990
◆ Block cipher
◆ Key size = 128 bits
◆ More efficient than DES for software
implementation
◆ Used in PGP
◆ Recommendation: Better than DES
Secret-Key Cryptography
◆ Blowfish
◆ Designed by B. Schneier in 1993
◆ Optimized for high-speed execution on 32-bit
processors
◆ Block cipher
◆ Key size = up to 448 bits key
24
Secret-Key Cryptography
◆ Skipjack
◆ Designed by NSA (National Security Agency)
◆ Block cipher
◆ Key size = 80 bits
Secret-Key Cryptography
◆ GOST
◆ Acronym for “GOsudarstvennyi STandard”
◆ Russian answer to DES
◆ Key size = 256 bits
25
Secret-Key Cryptography
◆ RC4
◆ Designed by Ron Rivest from RSA
◆ Stream cipher
◆ Key size = up to 2048 bits
◆ Optimized for fast software implementation
◆ Trade secret from RSA, posted on the net in 1994
◆ Very fast
◆ Used in SSL, Lotus Note, Windows password
encryption, Oracle etc.
◆ Recommendation: Highly recommended for long
keys (>40 bits)
Secret-Key Cryptography
26
Secret-Key Relative Performance
FAST
RC4
Blowfish, CAST-128
Skipjack
DES, IDEA, RC2
3DES, GOST
SLOW
AES
27
AES candidates
◆ MARS (IBM)
◆ RC6 (RSA Laboratories)
◆ Rijndael (J. Daemen, V. Rijmen)
◆ Serpent (R. Anderson, E. Biham, L. Knudsen)
◆ Twofish (B. Schneier - Counterpane)
AES requirements
Http://www.counterpane.com/aes-comparison.html
28
Secret-Key Cryptography
◆ Time: 15 minutes
◆ P.27
Public-Key Cryptography
29
Public-Key Cryptography
Public-Key Cryptography
Plaintext
Plaintext Ciphertext
Ciphertext Plaintext
Plaintext
Bob’s Bob’s
Bob’sprivate
privatekey
Bob’spublic
publickey
key key
30
Public-Key Cryptography
Public-Key Cryptography
◆ Advantages
◆ No secret sharing
◆ Fewer keys
◆ No prior relationship needed
◆ Easier to administrate
◆ Offers useful mechanisms like digital signature
(offering non repudiation)
31
Public-Key Cryptography
◆ Disadvantages
◆ Not efficient (slow) to encrypt large volume of data
◆ Keys need to be much longer than with secret-key
encryption
◆ Impossible to encrypt a plaintext with size > key
32
RSA
RSA
33
Diffie-Hellman
Share
ShareSecret
SecretKey
Key
= Share
ShareSecret
SecretKey
Key
34
DSA
Algorithm Type
RSA Confidentiality
Digital Signature
Key exchange
Diffie-Hellman Key exchange
35
Message-Digest Algorithms
Message-Digest Algorithms
Input
Input
Message
Message
Hash Function
Fixed-length
Fixed-lengthDigest
Digest
36
Message-Digest Algorithms
Message-Digest Algorithms
37
Message-Digest Algorithms
◆ Message-Digest at work
◆ Creation of digital signatures
◆ Creation of MAC, HMAC
◆ Creation of secret-key with a passphrase
◆ File checksum (FTP server, Patches, etc.)
◆ FIA (File Integrity Assessment like Tripwire)
Message-Digest Algorithms
◆ Time: 15 minutes
◆ p.31
38
Random Numbers
Random Numbers
39
Keys Length
40
RSA’s Challenge on DES (III)
41
Keys’ time of life
Public-Key vs Secret-key
42
Blowfish Advanced CS: How it works ?
Blowfish Advanced CS
43
Blowfish Advanced CS
File Encryption
◆ Time: 20 min
◆ p.38
44
Message Authentication Code
Input
Input
Message
Message +
Secret-Key
Hash Function
HMAC
HMAC
45
Digital Signature
Digital Signature
46
Digital Signature: Basics
Ciphertext
Ciphertext
Plaintext
Plaintext Plaintext
Plaintext
(Signature)
(Signature)
Alice’s Alice’s
Alice’spublic
publickey
Alice’sprivate
privatekey
key key
Plaintext
Plaintext Plaintext
Plaintext
Alice’s
private key Digest MD1
MD1==MD2
MD2???
???
Digest
Alice’s
Public key
Signature
Signature Signature
Signature
47
Digital Signature
◆ RSA
◆ Well known
◆ Export limitation
◆ DSA
◆ Similar to RSA (algebraic properties of numbers)
◆ Non-reversible algorithm, suitable for digital
signature only
◆ ElGamal
◆ Another cipher for digital signature only
48
Hybrid Cryptosystems
Asymmetric
Share
ShareSecret
SecretKey
Key
= Share
ShareSecret
SecretKey
Key
Symmetric
Plaintext
Plaintext Ciphertext
Ciphertext Plaintext
Plaintext
49
RSA Key wrapping encryption
◆ How it works ?
◆ Alice creates a session key, which is a one-time-
only secret-key
◆ Alice encrypts the data with the session key
◆ Alice encrypts the session key with Bob’s public-
key
◆ Alice sends the ciphertext + the encrypted session
key to Bob
50
RSA Key wrapping encryption
◆ How it works ?
◆ Bob receives the message from Alice
◆ Bob uses his private-key to recover the temporary
session key
◆ Bob uses the session key to decrypt the ciphertext
51
RSA Key wrapping decryption
52
Man in the Middle Attack!
53
PGP: introduction
PGP Introduction
54
Original PGP signature
Quiz!
55
Original PGP encryption
56
Quiz!
PGP today
57
PGP Trust model
◆ PGP Phone
◆ to transform a desktop into a secure phone via
real-time encryption
◆ PGP disk
◆ offering privacy to file system
◆ PGP SDK
◆ development kit
58
PGP
59
SSH
Http://www.cs.hut.fi/ssh
SSH
60
SSH: Why ?
Unix
UnixHost
Host
Login: rome
Password: abc123
Network
Attacker with sniffer
Original TCP Packet
Telnet
Telnetto
toUnix
UnixHost
Host
SSH
S Client verify host key and generate a secret key
S Handshake that is used for bulk encryption then encrypt this
Session Public Key secret key twice with Host and Server public keys
and send it to the server SSH
SSH
Server decrypt the session key with the two
DATA private keys. Begin bulk encrypted data exchange.
Client encrypts
Symmetric Encrypted
Server decrypts request, encrypts and sends
data response
61
SSH Ciphers
◆ SSH v1
◆ RSA
◆ DES, 3DES, Blowfish, IDEA
◆ SSH v2
◆ Diffie-Hellman for key exchange algorithm
◆ DSA, RSA
◆ 3DES, Blowfish, IDEA, Twofish, Arcfour, Cast-128
SSH Authentication
* http://www.bg.kernel.org/pub/linux/libs/pam/index.html
62
SSH Authentication (RSA/DSA)
SSH
SSH
Client
Client
Corporate Net
HTTP
HTTP127.0.0.1
127.0.0.11999
1999
Web
Webserver
server
SSH
SSH
Server
Server
DMZ
63
SSH
PKCS
64
PKCS list
Smart Card
65
Smart Card and PKI
66
Smart Card Reader
◆ Keyboard
◆ USB
◆ Serial
◆ PCMCIA
◆ Diskette reader
◆ SCSI
◆ Hardware...
◆ Multi-Services rarely used
◆ Users leave Smart Card on the reader
67
End Day One
68
Quiz!
◆ Describe Secret-Key ?
◆ Advantages / Disadvantages
◆ Describe Public-Key ?
◆ Advantages / Disadvantages
◆ Describe Messages Digest ?
◆ Describe Digital Signature and verification ?
◆ Differences between MAC and signature?
◆ Describe two Hybrid Cryptosystems ?
◆ Describe a challenge response based
authentication?
PKI introduction
69
PKI basis function
So What ?
70
Third Trusted Party
Trusted Authority
No more
Charly
Implicit Trust
Digital Certificates
71
Digital Certificates
Digital Certificates
72
How to obtain a certificate
Digital Certificates
73
Demo: certificate view
74
X.509 Basic Certificate Fields
75
SSL X.509 example
76
How to build a Certificate
CA
X.509
Fields
CA’s
Signature
Subject Name
AUTHORIZED
Andrew K Nash Public Key
SIGNATURE
77
How to verify a certificate ?
Verifying a certificate?
X.509
Fields
Public key
Identity
etc.
CA’s MD1
MD1==MD2
MD2???
???
Signature
CA’s
CA’spublic
publickey
key
78
A few words about CAs
◆ Entities that issue and manage digital
certificates including
◆ maintaining
◆ revoking
◆ publishing status information
◆ CAs’ security policy defined in CPS
(Certification Practice Statement)
◆ Security measures to guarantee CA’s integrity
◆ Security measures to check enrollment’s identity
◆ Trust level relies upon CPS and not
technology
79
Type of CAs
◆ Private CAs:
◆ Hold by a private entity (Company, Administration,
the Military)
◆ Public CAs:
◆ Verisign, Swisskey, GTE, Thawte, Global-sign,
Certplus, etc.
80
(L)RA Front End
LDAP
81
LDAP
http://www.iit.edu/~gawojar/ldap/
82
Certificate Revocation
◆ Certificate Revocation:
◆ Mechanism used by the CA to publish and
disseminate revoked certificates
◆ Revocation is triggered in the following cases:
◆ Key compromise
◆ CA compromise
◆ Cessation of operation
◆ Affiliation change
◆ etc...
Certificate Revocation
83
CRL’s publication and retrieval
84
CRL Version 1 view (text)
85
Demo: get a CRL
OSCP
Pushing Revocation
CA
LDAP
OCSP
OCSP over
http FTP, http
PKI enable Backend
Applications OCSP
others
Responder
86
Distinguish Names
Distinguish Names
87
Single CA
X509
X509
X509
X509
X509
X509
Root CA
X509
Trust relation
Subordinate CAs X509
X509
Subordinate CAs
X509 X509
Certificates
X509 X509 X509
X509 X509
88
Trust
89
Demo: Bootstrap Swisskey
Trust architecture
Assume Alice, Bob and Charly are exchanging e-mails
Root CA
X509
CA3 CA1
X509
X509
CA2
X509 X509
A B C
90
Simple Case
CA3 2
X509
Bob
More complicated...
Root
X509 4
X509
CA1
CA2
X509 3
Charly
2
1
91
Cross certification
X509 X509
Let’s be practical!
User enrolls for
certificate
Admin mailed
http://www...
http://www... notification
User mailed
acknowledgement
RA
Security
User mailed Officer
retrieval PIN
User
Admin Approves request
User retrieves
http://www...
http://www...
certificate
http://www...
http://www...
CA
Certificate installed
LDAP
92
Some X.509 certificate types
◆ CA certificate (Root)
◆ S/MIME
◆ SSL server/client
◆ IPSec gateway/client
◆ Object signing certificates
◆ Java script
◆ Image signature for copyright
◆ File detection intrusion (binary certifications)
◆ etc.
PKI Standards
93
PKI Vendors
Some Public CA
94
PKI Summary
95
S/MIME
S/MIME
96
S/MIME Ciphers
◆ Symmetric encryption
◆ 3DES 168 bit
◆ DES 56 bit
◆ RC2 128, 64 and 40 bit
◆ Public-Key
◆ RSA 512 to 1024 bit
S/MIME Signature
Alice’s Private
Mime Key
format
MIME
Digest encoded
format
97
S/MIME Encryption
Bob’s Public
Key
Random
Session Key
Ciphertext
MIME
Mime encoded
Format Encoding
format
Plaintext
98
S/MIME
◆ Time: 45 min
◆ p.77
99
SSL
SSL History
100
SSL Protocol
101
SSL Ciphers
SSL Handshake
102
SSL Handshake
Client performs TCP handshake with the server at
port 443 for HTTPS which is HTTP in SSL
Start Cipher negotiation. Client sends SSL HELLO
Client Server containing ciphers supported by the client and a
TCP random number.
443 The server responds with a HELLO containing the
ciphers to use and a random number. Note the
Hello server selects the ciphers to be used. RSA, RC4
and MD5 are most common.
103
Demo: Wrong URL !
104
SSL Tunneling
http://www.openssl.org/related/apps.html
XX
Corporate Net
pop3
pop3127.0.0.1
127.0.0.11234
1234
ZZ
POP3
POP3server
server
YY
DMZ
105
SSL Hardware accelerator
SGC
106
SGC
TLS
107
Installing a SSL Web Server
108
Setup a SSL web server
◆ Time: 1 hour
◆ p.100
◆ Time: 1 hour
◆ p.121
109
PKCS#11 Smartcard installation
◆ Time: 15 min.
◆ p.136
◆ Time: 30 min.
◆ p.138
110
Revocation with client SSL authentication
◆ Time: 30 min.
◆ p.141
111
IPSec
Remember!
Application
S/MIME, PGP Application
Presentation Presentation
Transport Transport
IPSEC
Network Network
DataLink
Hardware link encryption
DataLink
Physical Physical
IPSec introduction
112
IPSec: two main ”Blocks”
113
IPSec Tunnel mode
IPSec
Hosts
gateway
Application Application
Protected Protected
TCP UDP TCP UDP
Data Data
IP IP
Protected Traffic
AH/ESP AH/ESP
IP IP
114
IPSec Transport mode
Transport mode
Application Application
115
Security Associations (SA)
SPI:
0x1234567
SA
SPI: 0x1234567
Encryption (ESP): DES
Authentication (AH): SHA-1
DES Key: 0x1615613651365365326536
SHA-1: 0x32676362736347672672644
116
IPSec Key management
◆ In order to create the SA, the two parties need to
exchange all the security parameters, as well as
the keys.
◆ Several methods of key management:
◆ Manual keying or manual IPSec (statically defining SPI
and SA).
◆ SKIP (Simple Key Interchange Protocol by SUN
Microsystems)
◆ ISAKMP/OAKLEY or IKE: automatic key management
using DH
◆ Photuris alternative to IKE using DH
Practically IKE and manual
IPSec is prevalent
Manual IPSec
117
Manual IPSec
SPI SPI
S S
A A
118
IKE Key management using PKI
Negotiation with
Automatic
Key Management
SPI SPI
X509
X509
SA SA
Hardware implementation...
119
Demo IPSEC with SecuRemote
Checkpoint architecture
Account Management
e GUI
rat VPN-1
o rpo ork
C et w
N
SecuRemote
client
Certificate VPN-1 /
Authority FireWall-1
ISP ISP
LDAP-based
Internet
Directory
Server
CRL X.509
Certificates
VPN-1 /
FireWall-1
120
Creation of the CA Certificate
121
Creation of Certificate for Firewall-1
122
Using Certificates with SecureRemote
◆ IKE Authentication.
◆ Specify a profile file (.EPF file)
or select a hardware token from
the drop-down list.
◆ Enter password for accessing
the profile.
123
IPSEC
◆ Time: 1h30
◆ p. 155
124
CEP
CEP
125
CEP, cont.
DEMO: CEP
126
Cases Studies !
◆ SSL
◆ http://www.openssl.org/
◆ http://developer.netscape.com/docs/manuals/security/sslin/
index.htm
◆ http://www.ultranet.com/~fhirsch/Papers/wwwj/article.html
◆ SSH
◆ http://www.ssh.org/
◆ http://www.Datafellows.com/
◆ http://wwwfg.rz.uni-karlsruhe.de/~ig25/ssh-faq/
127
Encryption references sites
◆ IPSEC
◆ http://web.mit.edu/network/isakmp/
◆ http://www.data.com/tutorials/bullet_online.html
◆ PGP
◆ http://www.pgp.com
◆ http://web.mit.edu/network/pgp.html
◆ S/MIME
◆ http://www.rsasecurity.com/standards/smime
◆ Miscellaneous
◆ Crypto-Gram:
◆ http://www.counterpane.com/crypto-gram.html
◆ CryptoBytes:
◆ http://www.rsasecurity.com/rsalabs/cryptobytes/
◆ http://www.datelec.com/~maret
128
Open discussion...
129