Upload File

cissp week 20

Download CISSP Week 20

If you can't read please download the document

Upload: jemtallon

Post on 16-Apr-2017

869 views

Category:

Education


1 download

Report

TRANSCRIPT

Asymmetric Cryptography
Domain 5Pages 822-861Official CISSP CBK Third Edition





Tim Jensen & Jem Jensen
StaridLabs

Symmetric Vs Asymmetric

In the Beginning...

Asymmetric cryptography is very new.

Largely attributed to Dr Whit Diffie and Dr Martin Hellman (Diffie-Hellman)

Diffie-Hellman released a paper in 1976 called New Directions in Cryptography which brought asymmetric cryptography mainstream

Basics of Asymmetric

A keypair is generatedgenerally by the application to ensure the strength of key generation (keygen)

One key is designated the private key and is kept secret by the user.

The other key is designated the public key and is freely given to anyone

Algorithms use one way functions to encrypt data with a key that can only be decrypted by the other key in a keypair. Not even the key used to encrypt can decrypt

Private to Public

When the private key is used to encrypt a message, the message can be ready by anyone who possesses the corresponding public key.

This provides non-repudiation since the receiver can have reasonable assurance that the message came from the intended sender. This is only applicable if the private key is properly secured.

RSA

Developed in 1978 by Ron Rivest, Adi Shamir, and Len Adleman

Based on the mathematical challenge of factoring the product of two large prime numbers

RSA Factoring Attacks

512 bit factoring attacks have been successful.Took 8000 MIPS years. 1 MIPS is 1 million instructions per second. MIPS year is 31.5 trillion instructions per year. An i7 processor does 147,600 MIPS or 12.7 quadrillion instructions per year(if my calculation is correct)

1024 bit factoring attacks are quickly becoming economically feasible. NIST recommended moving away from 1024 by the end of 2010. Users weren't listening so the Certificate Authority Forum mandated that CA's stop issuing 1024 bit web certificates by Oct 1, 2014

Attacking RSA

Brute force: Trying all possible private keys

Mathematical attacks: Factoring the product of two prime numbers

Timing attacks: Measuring the running time of the decryption algorithm

Diffie-Hellmann Algorithm

Algorithm for key exchange. Uses discrete logarithms

Allows two users to exchange or negotiate a secret symmetric key

Diffie-Hellman does not provide message confidentiality

Diffie in a GIF

El Gamal

Based on Diffie-Hellmann but included the ability to provide message confidentiality and digital signature service

Elliptical Curve Cryptography (ECC)

Uses discrete logarithmic algorithms based on the complex mathematics of elliptic curves.

Fast and high strength

Highest strength per bit of key length of any asymmetric algorithm.

Shorter keys allow computational power savings.

Beneficial in smart cards, wireless, etc

Provides confidentiality, digital signatures, and message authentication

Asymmetric advantages

Ability to send a message across an untrusted medium in a secure manner without prior key exchange

Non-repudiation of origin

Access control

Data integrity

Non-repudiation of delivery

Asymmetric Disadvantages

Extremely slow compared to symmetric

Impractical for large amounts of data and frequent transactions

Ciphertext output from asymmetric may be much larger than the plaintext making storage and transmission costly

Hybrid Cryptography

Symmetric can be used for encrypting large files and handling encryption/decryption without impacting delivery time or performance

Asymmetric crypto can handle the initial setup of the communications session through the exchange and negotiation of the symmetric keys

Message Digests

A message digest is a small representation of a larger message. Message digests are used to ensure the authentication and integrity of information and not confidentiality

Example MD5

Message Authentication Code

MAC, also known as a cryptographic checksum, is a small block of data that is generated using a secret key and then appended to the message.

When message is received, the recipient generates their own MAC using the secret key and can validate that the message has not changed during transit

MAC Characteristics

A MAC is much smaller than the message generating it

Given a MAC, it is impractical to compute the message that generated it

Given a MAC and the message that generated it, it is impractical to find another message generating the same MAC

MAC Example

If a sending is using DES-CBC and generates a MAC during the transaction, the MAC is the last block of ciphertext generated by the algorithm.

This block of data is transmitted to the recipient. If the recipient runs the decrypt operation and receives the same last block of ciphertext then the checksum is valid and can prove authentication since only someone with the secret key could generate the message.

HMAC

A hash MAC operation uses a hash function to verify message integrity.

HMAC's are calculated by taking a secret key balue to a hash input function along witht he source message.

HMAC's are more efficient than MAC's

Used often with SSL/TLS, IPSEC, etc

Hashing

A hash function accepts an input message of any length and generates, through a one-way operation, a fixed-length output.

It does not use a secret key. The only input is the input message.

Key properties of a hash function

Uniformly distributed The hash output value should not be predictable

Weak collision resistance - Difficult to find a second input value that hashes to the same value as another input

Difficult to invert Should be one way, should not be able to derive hash input x by reversing the hash function on output y

Strong collision Resistance Difficult to find any two inputs that hash to the same value

Deterministic Given an input x, it must always generate the same hash value y

MD5 Message Digest Algorithm

Developed by Ron Rivest at MIT in 1992

Generates a 128 bit digest from a message of any length

Processes the message in 512 bit blocks and does 4 rounds of processing. Each round contains 16 steps

Hash/message collision odds are 264

Odds of reversing a message from a hash are 2128

Commonly used in forensic investigations to ensure that the original media has not been altered since seizure

Recently there have been several attacks developed against MD5 where it is now possible to find collisions. MD5 should be phased out.

MD4 is weaker than MD5 and should not be used

SHA/SHA-1

The Secure Hash Algorithm was developed by NIST in 1993 and issued as FIPS 180

A revised version (FIPS 180-1) was issued in 1995 for SHA-1

SHA was based on the MD4 algorithm whereas SHA-1 uses MD5

SHA-1 operates on 512 bit blocks and can handle any message up to 264 bits in length. The output hash is 160 bits

Processing includes 4 rounds of operations of 20 steps each

Recently there have been several attacks descripbed against SHA-1 despite it being considerably stronger than MD5

NIST issued FIPS 180-3 which recognizes SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 as part of the secure hash standard. Output varies from 160 to 512 bits

SHA-3

NIST is currently evaluating hash algorithms to choose SHA-3.

(Update: Keccak has tentatively been chosen, but there is some controversy)

HAVAL

HAVAL was developed at the University of Wollongong in Australia

It combines a variable length output with a variable number of rounds of operation on 1024 bit input blocks.

The output can be 128, 160, 192, 224, or 256 bit and the number of rounds may vary from 3 to 5

HAVAL operates 60% faster than MD5 when only 3 rounds are used and just as fast when 5 rounds are used

Not to be confused with HALAL

RIPEMD-160

Developed by the European RACE Integrity Primitives Evaluation project

In response to vulnerabilities found in MD4 and MD5

The original algorithm RIPEMD-128 had the same vulnerabilities as MD4/MD5.

Output for RIPEMD-160 is 160 bits and operates on 512 bit blocks.

Performs 5 paired rounds of 16 steps each for 160 operations

Hash/MAC attacks

Primary attack methods:Brute forceMust find a weakness in the hashing algorithm that would allow an attack to reconstruct the original message from the hash value, find another message with the same hash value, or find any pair of messages with the same hash value

Oorschot and Weiner developed a machine that could find a collision on a 128 bit hash in about 24 days

CryptanalysisSide channel attack Attack implementation of algorithm rather than the algorithm directly

Rainbow tables pre-computed lists of hashes. Can be defeated by salting

Birthday Paradox

Describes the probability of finding two people with the same birthday from a group of people

In a room of 23 people there's more than a 50% chance of two of them sharing the same birth day

Same principal can theoretically be used in hashing to find a collision

Attacker wants to 1: Change the message contents to what he wants or 2: cast some doubt on the authenticity of the original message

Key Management

Auguste Kerchhoff's law:A cryptosystem should be secure even if everything about the system, except the key, is public knowledge

Claude Shannon:The enemy knows the system

Key Management

Loss of a key is the same as loss of the data itself protect it!

Control issuance, revocation, recovery, and distribution of keys

XKMS

Why is this here? Seems tangential

XML Key Management SpecificationSpec defines protocols for distributing and registering public keys (W3C)

Consists of 2 parts:XML Key Information Sercive Spec (X-KISS)

XML Key Registration Service Spec (X-KRSS)

XKMS

X-KISSClient delegates tasks to a trust server

X-KRSSRegisters public keys

Creating & Distributing Keys

Automated key generationHopefully quicker and more random than manual

Keys must take a sufficient amount of time and effort for an attacker to break them

The two main factors in a strong key are:Randomness

Key length/size

Randomness

If an attacker can easily guess at a key or find patterns in the key, it takes less effort to break

Computers are designed for
predictability and order so
creating pseudo randomness
can be troublesome

Cupcakes Sausage

If we generate randomness with an algorithm, it isn't really random since it follows the formula

The solution? SEEDS!...

Not those kinds of seeds!

Randomness

An initialization vector (IV) or seed is:A value fed into a randomness algorithm to produce apparently random results

Common seeds are mouse movements or time between keyboard inputs

Could also be manually input like with WEP/WPAAs we've shown in previous classes, wireless keys are rarely random... ex: password123

Random Example!

Key Length

Cryptographic security is a logarithmic measure of the fastest known computational attack on the algorithm

Key length is distinct from cryptographic security, meaning a longer key doesn't necessarily mean more securityEx: 3DES with a key length of 168 (3x 56 bit keys) only has an effective security of 112 (2x 56) due to the meet in the middle attack

Key Length

The longer the key, the more expensive to encrypt/decrypt

The goal should be a key of just enough length to protect the information

Depends on the worth of the informationMany websites use HTTP for much of their site because it's public and of low worth to protect

When they use HTTPS, they may use the lowest level they can so that the site is fast and doesn't tax their server

Asymmetric Key Length

Asymmetric cryptography relies on the difficulty of solving certain mathematical problems

That means it's easier to brute-force answers than to run the computationsTherefore asymmetric keys must be longer than symmetric to resist these attacks

RSA (asymmetric) key lengthEquivalent to symmetric key length

1024-bit80-bit

2048-bit112-bit

3072-bit128-bit

15,360256-bit

Key Distribution

Exchanging keys is dangerous if anyone intercepts the key, they can decrypt messages

One solution is a Key Encrypting Key (KEK)Process of using a KEK called Key Wrapping

Protocols which use KEK: SSL, PGP, S/MIME

Key Distribution

Methods:Out-of-band exchange (CD, Fax, Phone call)

PKI key serverCentral repository of public keys

Key distribution center (KDC)Each user has a master (secret) key to talk to KDC

KDC sets up session keys to talk to other users

Key Storage

Often buried within equipment, inaccessible to the usersStored in protected smart cards (KEK cards)

Keys must have expiration dates to prevent long-term cryptanalytic attacks

NIST Guidelines

Keys should be signed with a MAC and encrypted

Make backup copies of central/root keys

Provide key recovery capabilities

Archive user keys for the period of time where a key can be used to protect information

Risk Factors (NIST)

Strength of cryptographic mechanisms

The implementation of the mechanism

The operating environment

The volume of information/# of transactions

The security life of the data

The security function (encryption, signing)

The re-keying method

The key update process

The number of nodes with shared keys

The number of copies of shared keys

The threat to the information (who might be attacking)

Key Destruction

Generally, shorter key periods enhance security

Once deleted, the key could still reside in memory or on disk until sufficiently overwrittenActually erasing can take multiple passes of overwriting the memory

Sometimes a key will reside in memory for so long that it gets burned inCan be mitigated by splitting the key in memory

Key Destruction

Manual keysHigher risk to update and distribute sometimes more secure to update less frequently and control keys more closely with compensating controls

Different key lifetimes depending on user rolesKey to use the printer could last much longer than key to open the datacenter due to lower risk

Key Destruction

Balancing actReissuing too often can become excessively burdensome

Still has to happen enough to minimize loss

Handle lost/compromised keysData signed before compromise should still be good

Should just prevent use of the key after the date it was compromised

Cost of Certificate Replacement

Re-keying a large database or replacing a large number of keys is very expensiveMight justify expensive security measures to offset longer key lifecycle

Conversely, you might justify shorter periodsExample: Employee keys expires more often so they must continually prove they are still authorized to have access. If they quit/change jobs, the shorter lifecycle will ensure they lose access

Key Recovery

Methods:Common trusted directory

Policy requiring all keys be registered with security department

Stenography? (bury key in an image)

Password wallet

Key Recovery

Multiparty key recoveryDivide the key into multiple parts

Pass out to multiple parties

Key escrowEnsure third-party retains a copy
of the key or their own key

Must be explicit trust between
company and the third-party


CISSP Week 5

Windows 2008 Active Directory Configuration – Week 3 of 6 Microsoft Test: 70-640 Mark McCoy MCSE, CNE, CISSP

CS390S, Week 5: Buffer Overflows Pascal Meunier, Ph.D., M.Sc., CISSP September 20, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS

CISSP 8ドメインガイドブック - ISC2 Japan · 2019-01-09 · cissp 8ドメインガイドブック cissp cbkの8ドメイン | (isc)2 copyright 2009-2018 3 cissp cbk の8ドメイン

CISSP Study Group - Greater Minneapolis · CISSP Study Group Communications and Network Security Presented by Duane Harrington CISSP #27890

CISSP Week 22

[eBook][Computer][Security][CISSP]CISSP Telecom and Network

Baseline Exam Questions - OpenSecurityTrainingopensecuritytraining.info/CISSP-Main_files/CISSP_Baseline_Exam_V5...CISSP CBK Review Baseline Exam CISSP CBK Review Page 2 C ... Company

CISSP® TRAINING SEMINAR - AKATIakati.com/cissp/2017-APRIL-CISSP-REG-FORM.pdf · ACL/CISSP/01701/REGFORM Page 1 of 2 April 2017, CISSP Kuala Lumpur CISSP® TRAINING SEMINAR

CISSP Week 14

CISSP Week 9

Eleventh Hour CISSP® - Integrasi Konfigurasi Implementasiebook.konfigurasi.net/CISSP/CISSP 11 Hours.pdf · Eleventh Hour CISSP® Study Guide ISBN: 978-1-59749 ... GIAC GSE, GPEN,

CISSP Planning Kit - [SAFEWAY]safewayconsultoria.com/wp-content/uploads/2017/06/global-cissp... · CISSP ® Planning Kit. Have questions? ... CISSP Study Guide, 7th Edition CISSP

CISSP CurriculumCurriculum CISSP 2018 CISSP Certified Information Systems Security Professional Version 1.0

CISSP: Certified Information Systems Security Professional ... Materials/CISSP/cissp Examnotes.pdf · Study guide by ExamNotes.net CISSP: Certified Information Systems Security Professional

CISSP Week 16

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP

CISSP Overview

CISSP Week 12

CISSP Week 7

CISSP Process Guide - thorteaches.com · Title. CISSP Process Guide Version. 20 Release. 2018 2 To benefit others with the knowledge and experienced I gained during my study term,

Pass4sure CISSP

CISSP week 25

Information Technology Management (ITM101) Week 02: IT Standards & Governance Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP

CISSP Week 18

ISC2 CISSP Practice Test Questions-CISSP Exam Dumps | Exam4Help.com

Windows 2008 Active Directory Configuration – Week 4 of 6 Microsoft Test: 70-640 Mark McCoy MCSE, CNE, CISSP

CISSP MindMap

cissp شهادة

Mastering Network Security (MNS101) Week 01: Introduction & Survivability Discussion Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP

CISSP Study Notes from CISSP Prep Guide - Edy Susanto

Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS

CISSP week 26

Cissp Cram

Cissp Week