Chapter 10
Secure HTTP (S-HTTP)
§Secure HTTP (S-HTTP) is the second major protocol used to provide security on the World Wide Web -S-HTTP is not nearly as popular as SSL §It has two major differences with respect to SSL -S-HTTP secures individual messages between a client and server rather than creating a secure communications channel -S-HTTP supports two-way authentication between a client and a server rather than the server-only authentication supported by SSL
Secure Hash Algorithm (SHA) (2/3)
§The SHA-1 algorithm processes a message in 512-bit blocks -If the message length is not a multiple of 512, the SHA algorithm pads the message with additional data until the length reaches the next multiple of 512 §Recent cryptanalytic attacks demonstrated that there are weaknesses in the SHA-1 algorithm -This led to the creation of SHA-2, which has four variants: •SHA-224 produces a 224-bit message digest using a 512-bit block size •SHA-256 produces a 256-bit message digest using a 512-bit block size •SHA-512 produces a 512-bit message digest using a 1,024-bit block size •SHA-384 uses a truncated version of the SHA-512 hash to produce a 384-bit digest using a 1,024-bit block size
Basic Requirements for Hash Functions
§According to RSA Security, there are five basic requirements for a cryptographic hash function 1.The input can be of any length 2.The output has a fixed length 3.The hash function is relatively easy to compute for any input 4.The hash function is one-way •It is extremely hard (ideally, impossible) to determine the input when provided with the output 5.The hash function is collision free •It is extremely hard to find two messages that produce the same hash value §Common hashing algorithms include -SHA, MD2, MD4, and MD5
Cryptographic Attacks
§Analytic attack -An algebraic manipulation that attempts to focus on the logic of the algorithm itself §Implementation attack -Exploits weaknesses in the implementation of a cryptography system §Statistical attack -Exploits statistical weaknesses in a cryptosystem, such as inability to produce random numbers and floating-point errors §Brute force -Attempts every possible valid combination for a key or password §Frequency analysis -Counting the number of times each letter appears in the cipher text, and using knowledge about letters frequency in English
Certificate Authorities
§Certificate authorities (CAs) are neutral organizations offering notarization services for digital certificates -To obtain a digital certificate from a reputable CA, you must prove your identity to the satisfaction of the CA -Some of the major CAs are •VeriSign, Thawte, GoDaddy, and Network Solutions, LLC §The certificates issued by a CA are only as good as the trust placed in the organization that issued them -If you don't recognize and trust the name of the CA that issued the certificate, you shouldn't place any trust in the certificate §PKI relies upon a hierarchy of trust relationships -If you configure your browser to trust a CA, it will automatically trust all digital certificates issued by that CA §Browsers are preconfigured to trust the major CAs
Certificates (2/2)
§Certificates that conform to X.509 contain the following data -Version of X.509 to which the certificate conforms -Serial number -Signature algorithm identifier •Specifies the technique used by the certificate authority to digitally sign the contents of the certificate -Issuer name •Identification of the certificate authority that issued the certificate -Validity period -Subject's name •The distinguished name (DN) of the entity that owns the public key contained in the certificate -Subject's public key §Both Microsoft and Mozilla have adopted X.509 as their standard for Secure Sockets Layer (SSL) communication between their web clients and servers
Certificates (1/2)
§Digital certificates provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be -Digital certificates are essentially endorsed copies of an individual's public key -When users verify that a certificate was signed by a trusted Certificate Authority, they know that the public key is legitimate §Digital certificates contain specific identifying information, and they aregoverned by an international standard -X.509
§End-to-end encryption
-Protects communications between two parties (for example, a client and a server) and is performed independently of link encryption •An example of end-to-end encryption would be the use of Privacy Enhanced Mail to pass a message between a sender and a receiver •This protects against an intruder who might be monitoring traffic on one side of an encrypted link or traffic sent over an unencrypted link The critical difference is that in link encryption, all the data, including the header, trailer, address, and routing data, is also encrypted
§Link encryption
-Protects entire communications circuits by creating a secure tunnel between two points using hardware/software solutions that encrypt all traffic entering one end of the tunnel and decrypts all traffic exiting the other end of the tunnel •For example, a company with two offices connected via a data circuit might use link encryption to protect against attackers monitoring at a point in between the two offices
The RSA Algorithm 3
§Alice wants to send an encrypted message to Bob -She generates the cipher text (C) from the plain text (P) using the following formula C = Pe mod n -where e is Bob's public key and n is the product of p and q created during the key generation process - §Bob receives the message -He performs the following calculation to retrieve the plain- text message P = Cd mod n
Web
§Although secure electronic mail is still in its early days, secure web browsing has achieved widespread acceptance in recent years -This is mainly because of the strong movement toward electronic commerce •Both e-commerce vendors and consumers desire to securely exchange financial information (such as credit card information) over the Web §Two technologies are used to secure communications over the Web (they are responsible for the small lock icon at the bottom of web browsers) -Secure Sockets Layer (SSL) and -Secure HTTP (S-HTTP) -
Merkle-Hellmen Knapsack
§Another early asymmetric algorithm §Was developed the year after RSA was publicized §Like RSA, it's also based upon the difficulty of performing factoring operations -It relies upon a component of set theory known as super-increasing sets rather than on large prime numbers -A sequence of positive real numbers is called super-increasing if every element of the sequence is greater than the sum of all previous elements in the sequence •For example, (1,3,6,13,27,52) is a super-increasing sequence §Merkle-Hellman algorithm was proven ineffective when it was broken in 1984
Digital Signature Algorithms
§Digital signature algorithms rely upon a combination of public key cryptography and hashing functions -When Alice wants to digitally sign a message she's sending to Bob, she •Generates a message digest of the original plain-text message using one of the cryptographically sound hashing algorithms, such as SHA-512 •Encrypts only the message digest using her private key -This encrypted message digest is the digital signature •Appends the signed message digest to the plain-text message •Transmits the appended message to Bob -When Bob receives the digitally signed message, he •Decrypts the digital signature using Alice's public key •Uses the same hashing function to create a digest of the full plain-text message •Compares the decrypted message digest he received from Alice with the message digest he computed
The RSA Algorithm 2
§Each user of the cryptosystem generates a pair of public and private keys using the following steps 1.Choose two large prime numbers (approximately 200 digits each), labeled p and q 2.Compute the product of those two numbers, n = p ´ q 3.Select a number e that satisfies the following two requirements a)e < n b)e and (p - 1)(q - 1) are relatively prime (or co-prime) -the two numbers have no common factors other than 1 4.Find a number d such that (e ´ d - 1) mod (p - 1)(q - 1) = 0 5.Distribute e and n as the public key to all cryptosystem users, but keep d secret as the private key ● ●
Certificate Generation & Destruction (1/3)
§Enrollment -Before obtaining a digital certificate, you must first prove your identity to the CA •This sometimes involves physically appearing before an agent of the certification authority •Some certificate authorities provide other means of verification, including the use of credit report data -Then, you provide them with your public key -The CA next creates an X.509 digital certificate containing •Your identifying information and a copy of your public key -The CA then digitally signs the certificate using the CA's private key and provides you with a copy of your signed digital certificate •You may then safely distribute this certificate § §
Purpose of Hash Functions
§Hash functions take a potentially long message and generate a unique output value derived from the content of the message -This value is commonly referred to as the message digest, hash, hash value, hash total, CRC, fingerprint, checksum, or digital ID §Message digests are generated by the sender of a message and transmitted to the recipient along with the full message -First, the recipient can use the same hash function to recompute the message digest from the full message and compare the 2 digests •If the 2 digests do not match, the message was modified while in transit -Second, the message digest can be used to implement a digital signature algorithm §In most cases, a message digest is 128 bits or larger -A single-digit value can be used to implement a parity function
IPSec (3/3)
§IPSec provides for two modes of operation -Transport mode •Only the packet payload is encrypted -Tunnel mode •The entire packet, including the header, is encrypted §An IPSec session is set up by creating a security association (SA) -The SA represents the communication session and records any configuration and status information about the connection -The SA represents a simplex connection •If you want a two-way channel, you need two SAs, one for each direction §Some of IPSec's greatest strengths come from being able to filter or manage communications on a per-SA basis -Without a valid security association, pairs of users or gateways cannot establish IPSec links
Elliptic Curve Cryptography (1/3)
§In 1985, two mathematicians, Neil Koblitz from the University of Washington and Victor Miller from IBM, independently proposed the application elliptic curve cryptography (ECC) theory to develop secure cryptographic systems §Any elliptic curve can be defined by the following equation y2 = x3 + a×x + b -In this equation, x, y, a, and b are all real numbers §Each elliptic curve has a corresponding elliptic curve group -The elliptic curve group includes •the points on the elliptic curve •the point O, located at infinity §
Cryptographic Attacks (2/2)
§Known plain text -The attacker has a copy of the encrypted message along with the plain-text message §Chosen cipher text -The attacker has the ability to decrypt chosen portions of the cipher-text and use them to discover the key §Chosen plain text -The attacker has the ability to encrypt plain-text messages of their choosing and can then analyze the output of the encryption algorithm §Meet in the middle -Used to defeat encryption algorithms that use two rounds of encryption §Birthday -Exploits flaws in the nature of hashing functions §Man in the middle & Replay
Digital Signature Standard
§NIST specifies the digital signature algorithms acceptable for federal government use -Federal Information Processing Standard (FIPS) 186-4, also known as the Digital Signature Standard (DSS) •This document specifies that all federally approved digital signature algorithms must use the SHA-1 or SHA-2 hashing functions §DSS also specifies the encryption algorithms that can be used to support a digital signature infrastructure -There are three currently approved standard encryption algorithms •The Digital Signature Algorithm (DSA) as specified in FIPS 186-4 •The Rivest, Shamir, Adleman (RSA) algorithm as specified in ANSI X9.31 •The Elliptic Curve DSA (ECDSA) as specified in ANSI X9.62
Goals of Digital Signatures
§Once you have chosen a cryptographically sound hashing algorithm, you can use it to implement digital signature systems §Digital signature infrastructures have two distinct goals -Digitally signed messages assure the recipient that the message truly came from the claimed sender, and they enforce nonrepudiation •They preclude the sender from later claiming that the message is a forgery -Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient •This protects against both -malicious modification »a third party wanting to alter the meaning of the message -unintentional modification »faults in the communications process, such as electrical interference
Public and Private Keys
§Public key cryptosystems rely on pairs of keys assigned to each user of the cryptosystem -Public keys are freely shared/distributed -Private keys are kept secure §The mere possession of the public key by third parties does not introduce any weaknesses into the cryptosystem §If a message is encrypted with a user's public key, then only the corresponding private key can decrypt it, and vice versa §Public key cryptography entails a higher degree of computational complexity -Keys used within public key systems must be longer than those used in private key systems to produce cryptosystems of equivalent strength
The RSA Algorithm (1/3)
§RSA, named after its creators, is the most famous public key cryptosystem, that remains a worldwide standard today -In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman proposed the RSA public key algorithm §Rivest, Shamir, and Adleman patented their algorithm and formed a commercial venture known as RSA Security to develop implementations of their security technology -Today, the RSA algorithm forms the backbone of a large number of well-known security infrastructures produced by companies like Microsoft, Nokia, and Cisco §The RSA algorithm depends upon the computational complexity inherent in factoring large integer numbers
Registration Authorities & CPV
§Registration authorities (RAs) assist CAs with the burden of verifying users' identities prior to issuing digital certificates -They do not directly issue certificates themselves, but they play an important role in the certification process •They allows CAs to remotely validate user identities §Certificate Path Validation (CPV) means that each certificate in a certificate path from the root of the trust hierarchy down to the server or client in question is valid and legitimate -This issue arises when intermediary systems' certificates expire or are replaced •This can break the chain of trust or the verification path •By forcing a re-verification of all stages of trust, you can reestablish all trust links and prove that the assumed trust remains assured
Certificate Generation & Destruction (3/3)
§Revocation -Occasionally, a certificate authority needs to revoke a certificate •The certificate was compromised -For example, the certificate owner accidentally gave away the private key •The certificate was erroneously issued - For example, the CA mistakenly issued a certificate without proper verification •The details of the certificate changed •The security association changed -For example, the subject is no longer employed by the organization sponsoring the certificate -Two techniques can be used to identify revoked certificates •Certificate Revocation Lists (CRLs) -CRLs are maintained by the various CAs and contain the serial numbers of revoked certificates along with the date and time the revocation went into effect -CRLs must be downloaded and cross-referenced periodically, introducing a latency •Online Certificate Status Protocol (OCSP) -OCSP provides a means for real-time certificate verification »When a client receives a certificate, it sends an OCSP request to the CA
Secure Sockets Layer (SSL)
§SSL was developed by Netscape to provide encryption for web traffic -Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) uses port 443 to negotiate encrypted communications sessions between web servers and browser clients §Microsoft also adopted SSL for its popular Internet Explorer browser -The use of SSL into both of these products made it a de facto Internet standard §SSL's goal is to create secure communications channels that remain open for an entire web browsing session §SSL relies upon a combination of symmetric and asymmetric cryptography -When a user accesses a website, •The browser retrieves the web server's certificate and extracts its public key •The browser creates a random symmetric key, encrypts it with the server's public key, and then sends the encrypted key to the server •The server decrypts the symmetric key using its own private key •The two systems exchange all future messages using the symmetric key -This allows SSL to leverage the asymmetric cryptography while encrypting and decrypting the vast majority of the data using the faster symmetric algorithm
Electronic Mail
§Some simple rules about encrypting email -If you need confidentiality when sending an email message, then encrypt the message -If your message must maintain integrity, then you must hash the message -If your message needs authentication, integrity and/or nonrepudiation, then you should digitally sign the message -If your message requires confidentiality, integrity, authentication, and nonrepudiation, then you should encrypt and digitally sign the message §It is the sender's responsibility to ensure that proper mechanisms are in place to guarantee the security and privacy of a message or transmission §One of the most demanded applications of cryptography is encrypting and signing electronic mail messages -Until recently, encrypted email required the use of complex software -An increased emphasis on security in recent years resulted in the implementation of strong encryption technology in mainstream electronic mail packages
Steganography
§Steganography is the art of using cryptographic techniques to hide messages in plain sight, such as embedding a secret message within a picture or a web page -For example, steganographic algorithms may work by making alterations to the least significant bits of the many bits that make up image files •The changes are so minor that there is no appreciable effect on the viewed image §Steganography techniques are often used for illegal or questionable activities §However, they can also be used for legitimate purposes, such as adding digital watermarks to documents to protect intellectual property -The process of digital watermarking hides information within a file -If someone later creates an unauthorized copy of the content, the watermark can be used to detect the copy •If uniquely watermarked files are provided to each original recipient, the offending copy can be traced back to the source
IPSec (1/3)
§The Internet Protocol Security (IPSec) standard is a standard architecture set forth by the Internet Engineering Task Force (IETF) for setting up a secure channel between two entities -The two entities could be two systems, two routers, two gateways, or any combination of them •Although generally used to connect two networks, IPSec can be used to connect individual computers, such as a server and a workstation §IPSec does not dictate all implementation details but is an open, modular framework -It allows many manufacturers and software developers to develop IPSec solutions that work well with products from other vendors §IPSec uses public key cryptography to provide encryption, access control, nonrepudiation, and authentication, all using IP protocols
E-commerce - SET
§The Secure Electronic Transaction (SET) standard was developed jointly by Visa and MasterCard as a means for securing e-commerce transactions §The two vendors identified the following requirements -Provide confidentiality of payment and order information -Ensure the integrity of all transmitted data -Provide authentication that a cardholder is a legitimate user of a payment card -Provide authentication that a merchant can accept branded payment card transactions through its relationship with a financial institution -Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction -Create a protocol that neither depends on transport security mechanisms nor prevents their use -Facilitate and encourage interoperability among software and network providers §SET utilizes a combination of RSA public key cryptography, DES private key cryptography, and digital certificates to secure electronic transactions
Secure Hash Algorithm (SHA) (1/3)
§The Secure Hash Algorithm (SHA) and its successor, SHA-1, are government standard hash functions -Developed by the National Institute of Standards and Technology (NIST) -Specified in an official government publication •The Secure Hash Standard (SHS), also known as Federal Information Processing Standard (FIPS) 180 (latest revised in March 2012) §SHA-1 -Takes an input of virtually any length •In reality, there is an upper bound of approximately 2,097,152 terabytes on the algorithm -Produces a 160-bit message digest (http://caligatio.github.io/jsSHA/)
S/MIME
§The Secure Multipurpose Internet Mail Extensions (S/MIME) protocol has emerged as a likely standard for encrypted electronic mail §S/MIME utilizes the RSA encryption algorithm and has received the backing of major industry players, including RSA Security -The strong industry support makes it likely that S/MIME will be widely adopted as an Internet standard by the Internet Engineering Task Force (IETF) §S/MIME has already been incorporated in many commercial products -Netscape Communicator, VeriSign Digital ID, and Microsoft Outlook §S/MIME relies upon the use of X.509 certificates for exchanging cryptographic keys §RSA is the only public key cryptographic algorithm supported by S/MIME §The protocol supports the following symmetric encryption algorithms -DES, 3DES, RC2
Secure Hash Algorithm (SHA) (3/3)
§The cryptographic community generally considers the SHA-2 algorithms secure -However, they theoretically suffer from the same weaknesses as SHA-1 §In 2007, the federal government announced a competition to create SHA-3 -"While NIST continues to recommend a transition from SHA-1 to the approved SHA-2 family of hash functions (SHA-224, SHA-256, SHA-384, and SHA-512), NIST has also decided that it would be prudent in the long-term to develop one or more hash functions through a public competition, similar to the development process for the Advanced Encryption Standard (AES)" •http://csrc.nist.gov/groups/ST/hash/timeline.html -The winner was announced on October 2nd, 2012 •http://www.nist.gov/itl/csd/sha-100212.cfm •
Elliptic Curve Cryptography (3/3)
§The difficult problem of finding x, given P and Q, is known as the elliptic curve discrete logarithm problem -This problem forms the basis of elliptic curve cryptography §It is widely believed that the elliptic curve discrete logarithm problem is harder to solve than both -the prime factorization problem that the RSA cryptosystem is based upon, and -the standard discrete logarithm problem utilized by Diffie-Hellman and El Gamal §This is confirmed by the following fact -A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem
Importance of Key Length (1/2)
§The length of the cryptographic key is perhaps the most important security parameter §It's important to choose a key length that provides an appropriate level of protection -This judgment can be made by weighing the difficulty of defeating a given key length (measured as the amount of processing time required to defeat the cryptosystem) against the importance of the data §The strengths of various key lengths also vary greatly based on the specific cryptosystem -According to a white paper by Certicom, a provider of wireless security solutions, these key lengths for three asymmetric cryptosystems all provide equal protection §
IPSec (2/3)
§The primary use of IPSec is for virtual private networks (VPNs) -IPSec is commonly paired with the Layer 2 Tunneling Protocol (L2TP) as L2TP/IPSec (RFC 3193) §The IP Security (IPSec) protocol provides a complete infrastructure for secured network communications -IPSec has gained widespread acceptance and is now offered in a number of commercial operating systems §IPSec has two main components -The Authentication Header (AH) provides assurances of message integrity and nonrepudiation •AH also provides authentication and access control and prevents replay attacks -The Encapsulating Security Payload (ESP) provides confidentiality and integrity of packet contents •It provides encryption and limited authentication and prevents replay attacks
Elliptic Curve Cryptography (2/3)
§The security of ECC depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original point and the product §Two points within the same elliptic curve group (P and Q) can be added together with an elliptic curve addition algorithm -This operation is expressed as P + Q §This problem can be extended to involve multiplication by assuming that Q is a multiple of P, meaning that -Q = x×P §Computer scientists and mathematicians believe that it is extremely hard to find x, even if P and Q are known
Portable Devices
§The ubiquitous nature of notebook computers, PDAs, and other small portable computing devices brings new risks to the world of computing -These devices often contain highly sensitive information that, if lost or stolen, could cause serious harm to an organization -Many organizations turn to encryption to protect the data on these devices in the event they are misplaced §Current versions of popular operating systems now include disk encryption capabilities that make it easy to apply and manage encryption on portable devices -For example •Microsoft Windows includes the BitLocker and Encrypting File System (EFS) technologies •Mac OS X includes FileVault encryption •The TrueCrypt open-source package allows the encryption of disks on Linux, Windows, and Mac systems §There is also a wide variety of commercial tools available that provide added features and management capability
Importance of Key Length (2/2)
§Timeliness of the data is also an important consideration §The rapid growth of computing power must be taken into account -The famous Moore's law states that computing power doubles approximately every 18 months -If it takes current computers 1 year of processing time to break a code,it will take only 3 months if the attempt is made 3 years laterwith contemporary technology -If you expect your data to still be sensitive at that time, you should choose a much longer cryptographic key §
Certificate Generation & Destruction (2/3)
§Verification -When you receive a digital certificate from someone, you verify the certificate by checking the CA's digital signature using the CA's public key •You may assume that the public key listed in the certificate is authentic, provided that the following requirements are satisfied -The digital signature of the CA is authentic -You trust the CA -The certificate is not listed on a Certificate Revocation List (CRL) -The certificate actually contains the data you are trusting -Before you trust an identifying piece of information about someone, be sure that it is actually contained within the certificate •If a certificate contains the email address [email protected] but not the individual's name, you can be certain only that the public key is associated with that email address -Digital certificate verification algorithms are built into a number of popular web browsing and email clients
Key Management
§When working within the public key infrastructure, it is important to comply with several best practices to maintain the security of communications -First, choose your encryption system wisely •Choose an encryption system with an algorithm in the public domain that has been thoroughly vetted by industry experts -Second, select your keys appropriately •Use a key length that balances security requirements with performance •Also, ensure that your keys are truly random -Any patterns within the key increase the likelihood that an attacker will be able to break your encryption and degrade the security of your cryptosystem -Keep private keys secret -Retire/destroy keys at the end of their lifetime •Change your key pair every few months, if practical -Backup or escrow keys, especially those used for storage encryption
Wireless Networking
§Wired Equivalent Privacy (WEP) -WEP provides 40, 64, and 128-bit encryption options to protect communications within wireless LANs -WEP is described in IEEE 802.11 as an optional component of the wireless networking standard -Recent cryptanalysis attacks have demonstrated that significant flaws exist in the WEP algorithm §Wifi Protected Access (WPA) -WPA improves upon WEP encryption •The Temporal Key Integrity Protocol (TKIP) eliminates the cryptographic weaknesses that undermined WEP -A further improvement to the technique, WPA-2, replaces TKIP with AES cryptography -WPA does not provide an end-to-end security solution •It only encrypts traffic between a mobile device and the nearest wireless access point