the iso/osi security...
TRANSCRIPT
CITS3002NetworksandSecurity
1 next→ CITS3002 help3002 CITS3002schedule
TheISO/OSISecurityArchitecture
Aswellasdefiningtheirseven-layeredmodel,theISO/OSIgroupalsodefinedarangeofterminologiesformingtheirISO/OSISecurityArchitecture.Itincludestherequirements:
dataconfidentiality-protectsdataasittraversesthenetworkfrombeingdisclosedtoincorrectparties.Eventhepresenceofparticularcommunicationsequencesbetweenpartiesshouldnotbeidentified.
dataintegrity-protectsthedatafrommodificationorremovalwhileinthenetwork,
dataoriginauthentication -validatesthesenderofthedata,
datareceiverauthentication-validatesthereceiverofthedata,
peer-entityauthentication-validatesallnetworkcomponents,suchashardwareroutersandpeersoftwarecomponentsthroughwhichadatastreammusttravel,and
non-repudiation-createsandverifiesevidencethattheclaimedsendersentthedata,thattheintendedreceiverdidreceiveit,andthatneithercandenythatthisoccurred.
NOTE:thecoreTCP/IPinternetworkingsuitemeetsnoneoftherequirementsoftheISO/OSISecurityArchitecture.Supportforadditionalservicesisevolving,primarilyattheApplicationLayer,butchangescannotbeeasilymadetolowerlayers.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p1,16thMay2018.
"Remoteexploit+localrootexploit⇒remoterootexploit."
— Oldesayinghandeddownthroughtheages.“
CITS3002NetworksandSecurity
←prev 2 next→ CITS3002 help3002 CITS3002schedule
Cryptography'sRoleinNetworking
Theneedforcryptographytoprovidesecurityariseswiththepossibilityofstolenhardware,wiretapping,thebroadcastmechanismsofLANsandWLANs,andnetworktrafficpassingthroughforeignnetworks.
Weassumethatanadversaryisableto:
Copydatafromdiskstorageforremoteanalysis,
Passivelylisten(only)onbroadcastchannels(suchaswired-EthernetandWiFi),
Aggressivelymonitortrafficthoughintermediateroutersorworkstations(situatedanywhereonamessage'spath),
Activelyreplay,modifyorinserttheirownmessagesintothemessagestream.
Cryptographyprovidessolutionstomostoftheseproblems.
Sowhereshouldtheencryptionbeperformed?
Usersencryptingindividualfilesstoredinastandardfile-system,
File-systemsencryptingalldatabeforewritingittodisk,
DatalinkandNetworklayers:inswitchesandrouters(e.g.VPNs),
SessionLayer:withend-to-enddataconversion(e.g.SSL),
ApplicationLayer:inprogramssuchasemailagents(e.g.PGP).
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p2,16thMay2018.
"Cryptographyisthescienceofmakingthecostofimproperlyacquiring
oralteringdatagreaterthanthepotentialvaluegained.Thevalueof
informationusuallydropswithtime,andcryptographymakesthetime
requiredtoobtaindatainunauthorizedwayslongenoughtodecreaseits
valuewellbelowthemoneyspentonobtainingit."
— JalahFeghhi,DigitalCertificates
“
CITS3002NetworksandSecurity
←prev 3 next→ CITS3002 help3002 CITS3002schedule
BasicCryptographicTerminology
Weuseanencryptionfunctionandakeytoconverttheplaintext(theinput)intotheciphertext(theoutput).
Theintendedreceiverhopestoquicklyandcorrectlyreversetheprocess-somethingthatadversariesshouldbeunabletodo.
Weassumethattheadversaryknowstheencryptionfunction(process)beingused,andthatthekeyissecretandchangedfrequently.Thekeylengthisexpressedinbits:
Technology Keylengths Possiblekeys Keylength
ATMPIN 4decimaldigits 10,000 14bits
old-styleUnixpasswords 8characters 1268=6.3x1016 56bits
UnixpasswordswithMD5anynumberofcharacters
unlimited,thoughduplicates
128bits
Thefollowingattacksagainstcryptographyarecommon.Eachhasthegoalofdeterminingthecryptographickey(s),sothatexistingdatamaybeexposed,orfuturemessagesdecryptedwithouttherepeatedeffort:
Knownplaintextattack-thecryptanalyst(fancynameforanadversarywithaMathsdegree)has(ordetermines)ablockofplaintextanditscorrespondingblockofciphertext.Thismayseemunlikely,butregularlyexchangedencryptedmessageshavefixedorpredictablepayloads(e.g.emailheaders,VPN-sessionestablishment).
Chosenplaintextattack-thecryptanalystcanhavetheirintendedvictimunknowinglyencryptfixed,knownblocksofdata.
Differentialanalysis-akindofplaintextattackinvolvingmanyverysimilarplaintextsbeingencrypted,andtheirresultingciphertextsbeingcompared.
Ifthereisnoseparateintegritycheckontheencrypteddata-anattackermaybeabletoalteritsothatitdecryptstodataoftheattacker'schoice.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p3,16thMay2018.
CITS3002NetworksandSecurity
←prev 4 next→ CITS3002 help3002 CITS3002schedule
SimpleSubstitution:
CaesarCipher:ch = (char)((ch + K) % 26);
PT : abcdefghijklmnopqrstuvwxyz CT : DEFGHIJKLMNOPQRSTUVWXYZABC
HereK = 3.
MonoalphabeticSubstitution:
Eachsymbolmapstosomeothersymbol.Thekeyissimplya26letterstringfromthealphabet.
PT : abcdefghijklmnopqrstuvwxyz CT : QWERTYUIOPASDFGHJKLZXCVBNM
Herethereare26!=4x1026possiblekeys.
At1msecpersolution,abruteforceapproachwouldtake1013years.
However,inEnglishandmanyothernaturallanguages,textstatisticsareavailableonthemostfrequentlyusedletters,(262)digraphs,(263)trigraphsandwords.Tobreaksimplecodeswe:
countfrequenciesofeachletterandmatche's,t's,etc.
countdigraphs(th,er,on,an,re,he,in,ed,nd,ha,at,en,es,of,or...)andtrigraphs(he,and,tha,ent,ion,tio,for,nde,has,nce...)
matchth,the,in,and,...
ThemovieWindtalkersfocusesontheuseofthenaturallanguageofNavajoIndiansasacodeinWWII.SpeakersofKlingonclaimthattheirlanguageis,forotherreasons,indecipherable(inpractice).
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p4,16thMay2018.
CITS3002NetworksandSecurity
←prev 5 next→ CITS3002 help3002 CITS3002schedule
TheInfluenceofComputersonCryptography
Thefirstroleofcomputerswastogatherstatisticsandperform'brute-force'searchesofciphertextusingsomeheuristics.
Traditionally,convoluted,obscure,andundisclosedalgorithmsrequiringlongkeyswereusedtoencrypttext.Morerecentlythefocushaschangedtosupportsimple,openalgorithms,butwithcomplex'solutions'.
Thealgorithmicinversesthemselvesareintendedtobesocomplexthatbrute-forcetechniquestakemillionsofyearstosucceed.
Analgorithm'sstrengthisnotsimplyderivedfromitskeys'length,butfromitspeerevaluationandpublicreview.
Aweakalgorithmisonewhosealgorithmandimplementationarenotavailable,andwhosestrengthwouldbecompromisediftheseweremadepublic.
In1883AugusteKerckhoffstatedasoneofhissixaxiomsofcryptography:
"Ifthemethodofenciphermentbecomesknowntoone'sadversary,thisshouldnotpreventonefromcontinuingtousethecipheraslongasthekeyremainsunknown."
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p5,16thMay2018.
CITS3002NetworksandSecurity
←prev 6 next→ CITS3002 help3002 CITS3002schedule
SymmetricCiphers
TheDataEncryptionStandard(DES,1976)isknownasasymmetriccipher,oftenaprivatekeyalgorithm-inwhichthesenderandreceiverusethesamekeythatmustbekeptprivate.
Ingeneral,longerkeysprovidestrongerencryption,butitisamistaketoimplythestrengthofanencryptionalgorithmintermsofbitsalone.Bruteforceattacksarethemostsuccessful.
Somepopularexamplesofsymmetricciphers:
DES:ablockbasedcipherof64bitblocksin,64bitblocksout,56bitkeyfilledto64bits(8odd-paritybits).
Triple-DES:encryptsthesameplaintextwithDESthreetimes.Threeortwokeysareprovided,theplaintextisencryptedwiththe1stkey,decryptedwiththesecond,andfinallyencryptedwiththethird(or1stagain).
Adouble-DESscheme(withonly2keys)doesnotrequire22nbrute-forcetestsbut2n+1testswithameet-in-the-middleattack.
RonRivest'sRC2blockcipheremployskeysupto1024bits,andexecutesataspeedindependentofkeylength.
RonRivest'sRC4streamcipher(asusedinWiFi'sWEPencryption)employskeysof40to256bits,buthasthepropertythatiftwomessagesareencryptedwiththesameRC4key,theirencryptionsarerelatedinaknownway.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p6,16thMay2018.
CITS3002NetworksandSecurity
←prev 7 next→ CITS3002 help3002 CITS3002schedule
TheDESAlgorithm
Asanexampleofthefirstofficialdeploymentofencryption,we'llconsidertheDataEncryptionStandard,DES.
In1977theUSGovernmentadoptedaproductcipherfromIBMandlaterthatyearwasdefinedasastheofficialencryptionstandardbytheUSStandardsBureau.
DESsoftwareispubliclyavailable(seeDES-crypt.c),butismoreefficientlyimplementedinhardware.Usersareconfidentofitssecurity(theywillopenlysaywhenitisinuse-forexample,Unixpasswords).
Dataisencryptedin64bitblocks.
Ciphertextisoutputin64bitblocks.
A56bitkeyisused.
Thesamekeyisusedforbothencryptionanddecryption.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p7,16thMay2018.
CITS3002NetworksandSecurity
←prev 8 next→ CITS3002 help3002 CITS3002schedule
ProductandSubstitutionCipherBoxes
Each'box'isparameterizedbythepairingsofinput->outputwires,andeachinput->outputmappingininvertible.Analgorithmis,then,furtherparameterizedbythearrangementofP-andS-boxes,andisalsoinvertible.
TheSubstitutionStages
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p8,16thMay2018.
CITS3002NetworksandSecurity
←prev 9 next→ CITS3002 help3002 CITS3002schedule
TheStepsoftheDESAlgorithm
Thealgorithmhas19stepsforencryption;decryptionsimplyperformsthestepsinthereverseorder.
Step1.Transpositionofplaintext,independentofkey.
Step19.InverseofStep1.
Step18.Exchangeleft32bitswithright32bits.
Steps2-17.Useafunctionofthekeyforeachstage,whichweshallcallKi.
Left out := Right inRight out := XOR(left in, f(Right in, Ki))
where f is a 4 step function.
Whatarethestepsofthismagicfunctionf?
1. E:=R1(whichis32bits)expandedto48bits.
2. D:=XOR(E,Ki).
3. DivideDinto8x6bits;feedeachofthese6bitsintoadifferentSboxeachproducing4bits.
4. Feedthese8x4bits(=32bits)throughaPbox.
HowistheDESkeyused?K0:=56transpositioncipherofK.
DivideK0into2x28bits.
ROLefteachpart.
Ki:=56bittransitionofthenumberformed.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p9,16thMay2018.
CITS3002NetworksandSecurity
←prev 10 next→ CITS3002 help3002 CITS3002schedule
TripleDES
DESisstillinusetoday,inanextendedformcalledtriple-DES,or3DES.WhereastheoriginalDESusedonlyone56-bitkey,3DESusesuptothree56bitkeys(plusoneparitybyte)inordertoincreasethedifficultyofbreakingthecipher:
3DES_encrypt(key1, key2, key3, message) =
DES_encrypt(key1, DES_decrypt(key2, DES_encrypt(key3, message)))
Theencrypt-decrypt-encryptapproachisusedtomakethealgorithmcompatiblewithsingleDES,inthespecialcasewhenkey1 = key2 = key3.
DESunderUnixinsoftware
Anumberofroutinesareprovidedwhicharetypicallyusedforencryptingpasswordsandfiles.
char *crypt(char *key, char *salt);
setkey(char *key);
encrypt(char *buf, int edflag);
ImplementationsofUnixsupportingremotefile-systemsandremote-loginsoftensupportDESencryptionoftransfers(suchaswithRPC/XDRauthentication)usingtheuser'sloginpasswordasthekeyfortheencryption.
AttheCrypto'94conference,M.MatsuipresentedaDES-breakingtechniquetermed'linear-cryptanalysis'.Using243known
ciphertexts,hewasabletodetermineasingleDESkeyin50daysona100MHzdesktopmachine.
Asthecrackingprocessislinear,comparabletimesoncontemporarymachinesaremeasuredinhours.
In1998EFF's(then)US$250,000DEScrackingmachinecontained1,856customchipsandcouldbruteforceall256DES
keysin9days.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p10,16thMay2018.
CITS3002NetworksandSecurity
←prev 11 next→ CITS3002 help3002 CITS3002schedule
DESModes-ElectronicCodeBook(ECB)
Traditionally,eachblockofciphertextisindependentofotherblocksandismostfrequentlyusedforthecodingofdataonsomestoragemedium(suchasadiskortransmittedviaanetwork).
DESModes-CipherBlockChaining(CBC)
Thenotionofchainingensuresthateachblockisdependentonearlierblocks:
Now,anintrudercanneitherinsertnordeleteanyblockwithoutdetection.Cipherblockchainingishencetypicallyusedinnetworkingapplications.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p11,16thMay2018.
CITS3002NetworksandSecurity
←prev 12 next→ CITS3002 help3002 CITS3002schedule
ExchangingEncryptionKeys
Despitecenturiesofevolutionofsymmetrickeycryptography,thefundamentalproblemofsecurekeydistributionremains:
"Howcantwopeople(ormachines)encryptanddecryptmessagesusingakeyiftheyarenotsurethatthekeyitselfissecure?"
Diffie-Merkle-HellmanKeyexchange
In1976DiffieandHellman,fromStanfordUniversity,wrotethepaperMulti-UserCryptographicTechniques,proposingamethodofexchangingkeys.
TheDiffie-Hellmankeyexchangetechniqueenablestwoactiveparticipants(whomayneverhavemet)toagreeonanew,temporary,sessionkeywithwhichtheywillexchangeamessage.
Moreover,anyoneeavesdroppingontheiragreementdiscussion,willnotbeabletofurthereavesdroponthemessageexchange.
Asimple(physical)analogyofhowkeyscanbeexchanged:
AwantstosendakeytoB.
AputsthekeyinasecureboxandlocksitwithA'spadlock.
BdoesnothavethekeytoA'spadlock,soinstead,
BreceivestheboxandaddsB'sownpadlocktotheboxandreturnsittoA.
AremovesA'spadlockwithA'sownkeyandsendstheboxbacktoB.
BcannowremoveB'sownpadlockandremovethekeywhichisnowsharedbyAandB.
TheworkofDiffieandHellmanwasrevolutionaryinthewaywethinkaboutcryptography.Previouslyitwas'intuitivelyobvious'thatthekeyneededtoencodeanddecodeamessageneededtobethesame(ortriviallyrelated).
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p12,16thMay2018.
CITS3002NetworksandSecurity
←prev 13 next→ CITS3002 help3002 CITS3002schedule
PublicKeyCryptography
Usingpublickeyencryptionweusetwokeysratherthanjustone.
Thepublickey,E,maybeopenlypublished.
Theprivatekey,D,isknownonlybytheintendedrecipient.
Theplanistochoosekeyssuchthatevenknowingthepublickeydoesnotrevealtheprivatekey:
AandBopenlypublishtheirpublickeys(viewedasalgorithms)EAandEB.
AsendsEB(Plaintextmessage)toB.
BcalculatesDB(EB(Plaintextmessage))=Plaintextmessage.
BcanthenreplywithEA(Plaintextreply)forAtoread.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p13,16thMay2018.
CITS3002NetworksandSecurity
←prev 14 next→ CITS3002 help3002 CITS3002schedule
TheMIT/RSAAlgorithm
In1978,RonRivest,AdiShamir,andLeonardAdleman,allofMIT,publishedtheimaginativelynamedRSAalgorithmforthegenerationofencryption/decryptionfunctionsfromnumbertheory.
ThedifficultyariseswhenchosingthealgorithmsEAandDAsuchthattheyareinversesofoneanotherandyetdifficulttocrack.
Keylength Factorizationtimes With107x1GHzmachines
429-bits(RSA-129) 4,600MIPS-years 14.5secs
512-bits 420,000MIPS-years 22minutes
700-bits 4.2x109MIPS-years 153days
1024-bits 2.8x1015MIPS-years 280,000years
Wechoosetwoverylargeprimenumbers,pandq,eachover100digits.
WedefineEAtobethepair(e,n)wheren=pxq
(forp,qbeing100digitprimes,nwilltypicallyatleast200decimaldigits).
WedefineDAtobethepair(d,n)
where(exd)mod((p-1)x(q-1))=1
Wethenuse:
Encryptionfunction:C:=Pemodn
Decryptionfunction:P:=Cdmodn
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p14,16thMay2018.
CITS3002NetworksandSecurity
←prev 15 next→ CITS3002 help3002 CITS3002schedule
Asymmetricciphers
RSAisanexampleofanasymmetriccipher,employingdifferentkeysforencryptionanddecryption.Therelationshipbetweenkeyssimplifiesanattack.
RSAhasbecomeubiquitous.ItiscommonlyusedinapplicationssuchasMicrosoftInternetExplorerandFirefoxforimplementingsecurity(SSL),withinmailclientsforsigningandencryptingemails(S/MIME),withinpaymentsystems,andforencryptingtrafficbetweenVPNgateways.
Keysforasymmetricciphersneedtobelongerthankeysforsymmetriccipherstoachievesimilarresistancetobrute-forceattacks:
SymmetricKeyLength AsymmetricKeyLength
56bits 384bits
64bits 512bits
80bits 768bits
112bits 1792bits
128bits 2304bits
The17-yearpatentonRSAwasduetoexpireonSeptember20,2000,butwasreleasedintothepublicdomaintwoweeksearlyonSeptember6,2000.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p15,16thMay2018.
"BecausetheRSAalgorithmremainsoneofthemostwidelyusedmethods
ofimplementingpublickeycryptography,theexpirationoftheRSA
patentisgoodnewsforsoftwarecompanies,e-commerce,andusersof
privateorsecurecommunications.Thefundamentalpatentsonpublickey
cryptographyhaveallnowexpired,andweshouldexpectanexplosionof
newandpowerfulimplementationsofthistechnology.Iexpecttherewill
beexpirationpartiesfromPaloAltotoPerthastechnologycompaniesroll
outnewapplicationsofthisimportanttechnology!"
— PatFinn,"HandbookofIntellectualPropertyClaimsandRemedies"
“
CITS3002NetworksandSecurity
←prev 16 next→ CITS3002 help3002 CITS3002schedule
StrongEncryptionisnotenough-theneedforDigitalSignatures
ThepushforeCommercehasdemonstratedtheneed,notforgreaterbandwidth,nor(strictly)forgreaterend-to-endsecurity,butforauthenticationandauthorizationoftheendplayers.
DigitalsignatureswerefirstdiscussedbyDiffieandHellmanintheir1976'NewDirectionsinCryptography',buteCommerceisonlyrecentlydemonstratingtheirworthtoawideraudience(andtheirpatenthasexpired!).
Unliketraditionalsignatures,adigitalsignaturecannotbeaconstant;itmustbeafunctionofthedocumentthatitsigns.
Adigitalsignaturepreventstwotypesoffraud-
theforgingofasignaturebythereceiver(oranythirdparty),and
therepudiationofthetransmissionofamessagebythesender.
Twocategoriesofdigitalsignatureareidentified:
Truesignatures,signedbythesender,verifiedbythereceiver.
Arbitratedsignaturemayonlybesentandverifiedthroughatrustedthirdparty.Therecipientisunabletoverifythesender'ssignaturedirectly,butisassuredofitsvaliditythroughthemediationofthearbitrator.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p16,16thMay2018.
CITS3002NetworksandSecurity
←prev 17 next→ CITS3002 help3002 CITS3002schedule
MessageDigests-basicbuildingblocks
Amessagedigestisa16-,20-,32-byte'fingerprint'ofamessage.
Messagedigestsarecentraltodigitalsignatures.Whenamessageissigned,itscontentsarefirsthashedtogiveamessagedigest.Thedigestisthenencryptedwiththesender'ssecretkey,givingaproofofthesender'sidentity.
Agooddigestmusthavetheproperties:
Anabsenceofcollisions.Unlikesimplerfilechecksums,whichquicklydemonstratefileordataintegrity,itmustbehardtofindtwomessageswiththesamedigest.
Mustnotbeinvertible.Digestsaredeterministicmany-to-onefunctions.
Auniformdistributionofresults.Achangeinjustoneinputbitshouldaffectatleasthalftheoutputbits.
Simplechangestoevenasinglebyte(evenasinglebit)shouldresultindramaticchangestothedigest:
ThewinnerisSydney 2f8eff80630eb401b0038d8df420719b
ThewinnerisSydeyf2b91cf6f8ad805a127182e8a46d450f
Somepopularmessagedigests:
MD2andMD5:developedbyRSA,producing16-bytehashes.Researchin1994foundweaknessesincollisionfrequencies.
RIPEMD-160:TheEuropeanstandardproducing20-bytehashes.
SHA-1,SHA-2andSHA-256arespecifiedbytheUSgovernmentfortheirDSA,outputting20-bytehashes.
From2004:MD5ToBeConsideredHarmfulSomeday.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p17,16thMay2018.
CITS3002NetworksandSecurity
←prev 18 next→ CITS3002 help3002 CITS3002schedule
(Old)performanceofthebasicbuildingblocks
Messagedigestalgorithms(on233MHzPentium-II,butspeedscaleslinearly):
AlgorithmsCalculation(KB/sec)
MD5 36,250
SHA-1 20,428
Symmetrickeyalgorithms(233MHzPentium-II):
Algorithms Setup(ms)Encryption(KB/sec)
Decryption(KB/sec)
DES(56bit) 6.3 4,386 4,557
Triple-DES(112bit) 22 1,596 1,620
RC4(128bits) 29.8 27,325 28,132
RC5(128bit) 352 4,576 4,691
Asymmetrickeyalgorithms(233MHzPentium-II):
512bits(KB/s) 1024bits(KB/s) 2048bits(KB/s)
RSAencryption 10.5 4.23 0.436
RSAdecryption 5.28 2.87 1.4
Thecommand-lineopensslprogramprovidesspeedsoncontemporarymachines:
linux> openssl OpenSSL> speed md5 To get the most accurate results, try to run this program when this computer is idle. Doing md5 for 3s on 16 size blocks: 1722968 md5's in 2.80s Doing md5 for 3s on 64 size blocks: 1469874 md5's in 2.80s .... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 9833.40k 33603.65k 92756.49k 167532.74k 217651.97k
Forlargeamountsofdata,wefirstencryptthedatawithasymmetricalgorithmandthenencryptthesymmetrickeywithanasymmetricalgorithm.Hybridprotocolsareusedinmostcurrentcryptographicarchitectures,suchasSSL.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p18,16thMay2018.
CITS3002NetworksandSecurity
←prev 19 next→ CITS3002 help3002 CITS3002schedule
Digitalsignaturegeneration
Digitalcertificatesareoftenconfusedwithdigitalsignatures.
Likeamessagedigest,adigitalsignatureisa'summary'oftheoriginalmessage,butalsoprovidesanassurancethattheoriginalcreatorofthesignaturehastheprivatekeymatchingthepublickeyusedtogeneratethesignature.
Butwhoholdsthepublicandprivatekeys?
Whatifthepublickeyhadbeenreplacedwithanother?
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p19,16thMay2018.
CITS3002NetworksandSecurity
←prev 20 next→ CITS3002 help3002 CITS3002schedule
Digitalcertificates
Digitalcertificateshavebeenlooselydescribedasthedriver'slicensefortheInternet.
Adigitalcertificateprovidesabindingbetweenanentity'spublickey,andoneormoreattributestoitsidentity.
Anentitymaybeaperson,aexecutingpieceofsoftware,oradevicesuchasarouterorasmart-card.
Acertificationauthority(CA)atteststotheauthenticityoftheentity'spublickeybydigitallysigningamessagewithitsownprivatekey.
The'quality'ofthecertificatedependsonthedetailofinformationprovidedtotheCA(morelater).
Either,publicandprivatekeysmaybeissuedbytheCA,ortheCAmaychallengetheentity'spublickey.
Thesuccessfuluseofdigitalcertificatesappearswithinalargecommunity-littleisgainedbyissuingone'sown.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p20,16thMay2018.
CITS3002NetworksandSecurity
←prev 21 next→ CITS3002 help3002 CITS3002schedule
Digitalcertificateencoding
Today,certificatesaredefinedbytheISOX.509protocolandappearsasanapplication/x-x509-user-certMIMEtype.
ThedataisencodedusingAbstractSyntaxNotation(ASN.1),encodingandtransmittedinASCIIusingbase64encoding.
(18bitdata->24bitrepresentation).
Earlydebatecentredonwhetherthecertificateitselfneededtobeencrypted(nownot).
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p21,16thMay2018.
CITS3002NetworksandSecurity
←prev 22 next→ CITS3002 help3002 CITS3002schedule
Browsersupportfordigitalcertificates
Digitalcertificatesaremanagedbyallcommonbrowsers:Firefox,Safari,Opera,NetscapeNavigator,MicrosoftInternetExplorer...
IfvisitingasitewiththesecureHypertextTransportProtocol,aswithhttps://secure.csse.uwa.edu.au/wecanviewdigitalcertificateinformationviathe'padlocked'icon.
Unfortunately,thereareoftenfewCAsfromAustraliainmostcommonbrowsers.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p22,16thMay2018.
CITS3002NetworksandSecurity
←prev 23 next→ CITS3002 help3002 CITS3002schedule
Browsersupportfordigitalcertificates
Thebrowserwilldisplaythedigitalcertificatefromthecurrentpage-hereshowing:
Thesubjectofthecertificate,
Theissuer(CA)ofthecertificate,
Theserialnumberofthecertificate,
Theperiodofvalidityofthecertificate,and
Themessagedigestofcertificate.
Iftheissuerofasite'sdigitalcertificateisalreadyknownbythebrowser(either'hard-wired'ormanuallyadded),theissuer'scertificatemaybeviewedandverified.
Version3ofX.509introducedextensionfields-theassociationofadditionalinformationwithacertificate.Eachextensionhas:
anextensiontypeprovidingsemanticsandtypingoftheextension(e.g.astring),
anextensionvalue",suchasanemailorIPaddress,and
acriticalityindicatorindicatingifthewholecertificateshouldbeignoredifanextensionisnotrecognized.
Standardextensions(?)nowdescribethe'strength'andpurposeofthecertificate-digitalsignature,non-repudiation,keyencipherment,dataencipherment,certificatesigning,etc.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p23,16thMay2018.
CITS3002NetworksandSecurity
←prev 24 next→ CITS3002 help3002 CITS3002schedule
CertificatePathvalidation
CAsareorganizedinhierarchies-eachparentCAsignsacertificatevouchingforasubordinateCA'spublickey.
Whenvalidatingachainofcertificates,thecertificatepath,thepathisfolloweduntilthetopofthechainisreached(when?).
Thereisnoautomatedwayofverifyingthetopofacertificatechainotherthanverifyingthatitisoneofalistofdirectlyknown(andimplicitlytrusted)certificates(suchasinabrowser).
Severalcompanies,suchasVeriSign,Thwaite,Baltimore,AT&T,andagrowingbandofgovernmentdepartmentshavepositionedthemselves'atthetop'.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p24,16thMay2018.
CITS3002NetworksandSecurity
←prev 25 CITS3002 help3002 CITS3002schedule
CertificateRevocationLists
Acertificaterevocationlist(CRL)allowsclientsandserverstocheckwhethertheentitytheyaredealingwithhasavalidcertificate.
Trustbreaksdown,andCRLsarerequired,when:
asubject'sprivatekeyisexposed,
aCA'sprivatekeyisexposed,and
therelationshipbetweenthesubjectandCAchanges(e.g.thesubjectisnolongeremployedbytheCA,orstopspayingmoneytotheCA).
Certificaterevocationplaysacrucialpartintheauthenticationprocess:
Obtainthesubject'sdigitalcertificateandverifyitsvalidity.
Extracttheserialnumberofthecertificate.
FetchthecurrentCRLfromtheCA.
VerifytheCRL'sdigitalsignature,andrecorditspublicationtimeandwhenthenextCRListobepublished.
ExaminetheCRLtodetermineiftheintendedcertificatebeenrevokedorsuspended(basedonthecertificateserialnumber).
Alerttheuserifthecertificateisrevoked.
LimitationsofCertificateRevocation
Inalargepublickeyinfrastructurecommunity,CRLsarebothlargeandmustbedownloadedfrequently.
ApplicationscanbesignificantlyslowedbytheneedtoretrievethelatestCRLfromaheavilytaxeddirectoryserver(orotherdistributionpoint).
Thereexistsacompromisebetweenalwaysbeingup-to-date,versustheriskoffalsecertificateacceptance.
CITS3002NetworksandSecurity,Week11:Cryptography'sroleinnetworking,p25,16thMay2018.