• No results found

T Cryptography and Data Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "T Cryptography and Data Security"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

1

T-79.159

Cryptography and Data Security

Lecture 11:

Security systems using public keys

11.1 PGP

11.2 SSL/TLS

11.3 IPSEC

Kaufman et al: Ch 17, 18, 19

Stallings: Ch 16,17

2

Pretty Good Privacy

• Email encryption program

• Bottom–up approach to the distribution of trust

• Each user acts as his/her own CA and signs the public keys of other users

• User can accept authenticity of a public key based on recommendation by a third trusted user

• RSA public key encryption used for distribution of session keys *) • Digital signatures produced by RSA or DSA signature algorithms • Hash functions are MD5 and SHA-1

• Symmetric encryption performed using IDEA in CFB mode (self-synchronising stream cipher)

• Public keys held in ”Key-ring”

• Revocation of public keys is a problem

*) A data encryption protocol, where the data is encrypted using symmetric encryption and the symmetric encryption key is encrypted using public key encryption is called as ”hybrid encryption”

(2)

3

Secure Sockets Layer /Transport Layer Security

• SSL (by Netscape) adds security to the TCP level of the Internet Protocol stack

• Reliable end-to-end service.

• TLS developed by IETF is basically equivalent to SSL v 3.1 Structure:

• Hypertext Transfer Protocol (Web client/server interaction) an operate on top of SSL

SSL Alert Protocol

SSL Record Protocol TCP

IP

SSL Change Cipher Spec Protocol

HTTP SSL

Handshake Protocol

SSL Record Protocol

Application data

fragment

compressed fragment

MAC added

encrypted

(3)

5

SSL Record Protocol Crypto

• The MAC is similar to HMAC (indeed, an early version of HMAC) with the difference that OPAD and IPAD fields are concatenated to the data (not xored as in HMAC) based on MD5 or SHA-1 • Block Cipher Algorithms available (key size in bits):

– IDEA (128) – RC2-40 (40) – DES-40 (40) – DES (56) – 3DES (112-168) – Fortezza (Skipjack) (80)

• Stream Cipher Algorithms available (key size) – RC4-40 (40)

– RC4-128 (128)

6

FORTEZZA

• FORTEZZA is a registered trademark of the U.S.

National Security Agency (NSA)

– Defense Message System

– Encrypted voice communications over secure telephones.

• FORTEZZA cards

– cryptographic "co-processors"

– provide authentication (DSA), data integrity (SHA-1), and confidentiality (KEA and Skipjack).

• FORTEZZA-enabled devices

– PCMCIA-based crypto cards

– serial port devices, Ethernet cards, and modems.

– Cellular telephones, pagers, PDAs, and other mobile devices.

• Microsoft supports FORTEZZA in its products.

(4)

7

SSL Handshake Protocol

Phase 1: Establishing Security Capabilities

– Nonces

– Session ID – Cipher Suite

1. Key Exchange method: RSA, Fixed, ephemeral, or anonymous Diffie-Hellman, Fortezza

2. Cipher Algorithm: Any of the ones mentined above; Cipher type: Stream or Block; Exportability: Yes or No;

3. Hash algorithm: MD5 or SHA-1; Hash size: 0, 16 (MD5), or 20 (SHA-1)

4. Key Material (session key data) and IV size (for CBC mode) – Compression method

Phase 2: Server Authentication and Key Exchange

Phase 3: Client Authentication and Key Exchange

Phase 4: Finish

– Explicit verification that the authentication and key exchange was successful

IPSec

The toolbox for building Virtual Private Networks

(VPN)

– Secure branch office connectivity over Internet – Secure Remote Access over Internet

– Extranet and Intranet connectivity with partners – Enhanced electronic commerce security

Efficient protection if IPSec implemented in firewall

IPSec is below transport layer and so is transparent

to applications

IPSec is typically transparent to end users

IPSec can be used to provide secure remote login for

individual users

.

(5)

9

Network A

SEGA

NEA

Network B

SEGB

NEB

10

IP Security Architecture

Specifications:

RFC 2401 Architecture

RFC 2402 Packet Authentication extension RFC 2406 Packet Encryption Extension RFC 2408 Key Management Capabilities Other documents in the following areas:

1. Architecture: general concepts, security requirements, definitions and mechanisms

2. Encapsulating Security Payload (ESP) 3. Authentication Header (AH)

4. Encryption Algorithms 5. Authentication Algorithms 6. Key Management Scemes 7. Domain of Interpretation (DoI)

(6)

11

End-to-End Security

(Transport Mode)

B

A A B A B

A

B

1 2

data data

data

VPN Security

(Tunnel Mode)

B

A 1 2 A B

B A

2 1

A B data

(7)

13

IP HDR TCP HDR PAYLOAD

IP HDR ESP HDR TCP HDR PAYLOAD padding MAC

Transport mode:

encrypted integrity protected

TCP HDR PAYLOAD

IP HDR ESP HDR TCP HDR PAYLOAD padding MAC

Tunnel mode:

encrypted integrity protected

IP HDR IP HDR

14

IKEv2

Initiator (i) Responder (r) HDR, SAi1, KEi, Ni

HDR, SAr1, KEr, Nr, [CERTREQ]

HDR,SK{IDi,[CERT,][CERTREQ,][IDr,]AUTH,SAi2,TSi,TSr}

HDR, SK{IDr, [CERT,] AUTH, SAr2, TSi, TSr}

(8)

15

IKEv2

Initiator (i) Responder (r) HDR, SAi1, KEi, Ni

HDR, SAr1, KEr, Nr, [CERTREQ]

HDR, SK {IDi, [CERTREQ,] [IDr,] SAi2, TSi, TSr}

HDR, SK {IDr, [CERT,] AUTH, EAP }

HDR, SK {EAP, [AUTH] }

HDR, SK {EAP, [AUTH], SAr2, TSi, TSr }

Secure Legacy Authentication (SLA)

Cryptographic binding

Legacy Protocols - EAP

• IETF PPPEXT working group:

RFC 2284 Extensible Authentication Protocol (EAP)

• EAP is not an authentication protocol in itself, but a standard way of encapsulating an authentication protocol.

• Composed of message pairs: EAP_Request - EAP_Response; final pair: EAP_Success/EAP_Failure

• EAP types have been standardised (”legacy” protocols): RFC2716: PPP EAP TLS Authentication Protocol

– Internet Drafts: EAP SIM Authentication EAP AKA Authentication Protected EAP Protocol (PEAP)

EAP-SKE authentication and key exchange protocol Microsoft EAP CHAP Extensions

References

Download now ( PDF - 8 Page - 67.24 KB )

Related documents

Liquid crystal hyperspectral imager

7.10 (a) True color image of a city scene with krypton lamp embedded within the scene (b) Multichannel image of a city scene with buildings, sky, snow and a krypton lamp, at

Seroprevalence of human brucellosis in Erbil city

These results agree with those reported by Mubarak 10 who showed that the incidence of brucellosis among populations of rural area was significantly higher than among

Virtual network security: threats, countermeasures, and challenges

Fernandes and Duarte [26,31] present an architecture that aims to provide efficient routing, proper resource isolation and a secure communication channel between routers and the

Research on Algorithm of Sage Filtering Considering the Model Systematic Errors

This new algorithm of Sage filtering considering the model systematic errors adopts Sage filtering established to estimate the kinematic model systematic error as well as the

Department of Dermatology, University of Würzburg, D Würzburg, Germany

Plaque psoriasis is the most frequent type, also in children, but lesions are often smaller, thinner, and less scaly than in adults.. Treatment can be a challenge because

Optimal learning under robustness and time-consistency

Key words : ambiguity, robust decisions, learning, partial information, optimal stopping, sequential testing of simple hypotheses, Ellsberg Paradox, recursive utility,

Phenomenological investigation into the decentralisation of primary health care services in Bophirima District, Northwest Province

Most importantly, the research revealed that the interest of leadership across three spheres of government played a key role in the decentralisation of PHCs and

Skills Competition as Perceived by the Tourism and Hospitality Management Students

Specifically, the study aimed to identify the different skills that have been joined by the CITHM students; to determine the implications of skills competition