Skip to content

Latest commit

 

History

History
556 lines (548 loc) · 29.4 KB

6.md

File metadata and controls

556 lines (548 loc) · 29.4 KB

6.0 Cryptography and PKI

6.1 Compare and contrast basic concepts of cryptography. (James Messer, Jason Dion 1, Jason Dion 2, Mike Meyers 1, Mike Meyers 2, Mike Meyers 3)

  • Symmetric algorithms (James Messer, Jason Dion)
    • Single, shared key. Encrypt and decrypt with same key.
    • "Doesn't scale very well. Can be challenging to distribute." (Messer)
    • Fast
  • Modes of operation
  • Asymmetric algorithms (James Messer, Jason Dion)
    • AKA "Public key cryptography"
  • Hashing (James Messer, Jason Dion)
    • Hash AKA "message digest"
    • "Impossible to recover the original message from the digest. Used to store passwords / confidentiality." (Messer)
    • Intent: Two messages won't have same hash, otherwise there is a collision.
    • SHA256
  • Salt, IV, nonce
    • Nonce
      • A number used once, arbitrarily chosen
      • Could be counter
      • When used as salt, prevents replays
    • IV: Initialization vector
    • Salt: nonce used to randomize hashes
  • Elliptic curve
    • "Uses smaller keys than non-ECC asymmetric encryption. Smaller storage and transmission requirement. Perfect for mobile devices." (Messer)
  • Weak/deprecated algorithms (James Messer)
    • "Strong algorithms have been around for a while." (Messer)
    • Weak: WEP, DES (56-bit keys)
    • Strong: PGP, AES
  • Key exchange (James Messer)
    • Out-of-band key exchange. Not over the 'net. Not practical.
    • Common to do in-band key exchange with additional encryption. "Use asymmetric encryption to deliver a symmetric key." (Messer)
  • Digital signatures
    • Sign with private key, verify with public key
    • Useful for proving integrity of message and for authenticating the source
    • Non-repudiation
  • Diffusion
    • "Change on character of the input, and many characters change of the output." (Messer)
  • Confusion
    • "Drastically different from plaintext... No discernible patterns." (Messer)
  • Collision
    • When two inputs create the same hash.
  • Obfuscation
    • "Process of making something unclear." (Messer)
    • Difficult but not impossible to understand
  • Steganography (James Messer, Mike Meyers)
    • Form of obfuscation
    • Images: Hiding, embedding information in picture
    • Network: Embed messages in TCP packets
    • Printers: Watermarks. Yellow dots.
  • Stream vs. block (James Messer)
    • Stream ciphers:
      • "One bit or byte at a time. High speed, low hardware complexity." (Messer)
      • "Used with symmetric encryption. Not used in asymmetric encryption." (Messer)
      • "Key is often combined with an initialization vector." (Messer)
    • Block ciphers:
      • "Fixed-length groups. Often 64-bit or 128-bit blocks." (Messer)
      • "Pad added to short blocks. Each block is encrypted or decrypted independently." (Messer)
  • Key strength (Jason Dion)
    • "Large keys tend to be more secure." (Messer)
    • "128-bit or larger symmetric keys are common." (Messer)
    • Asymmetric encryption: "Complex calculations of prime numbers. Larger keys than symmetric encryption. Common to see key lengths of 3,072 bits or larger." (Messer)
  • Session keys
    • "A session key is a symmetric key used for encrypting messages during a communication session. It is generated from random seeds and is used for the duration of a communication session." (Conklin)
  • Ephemeral key
    • "Implement session keys carefully. Need to change often. Need to be unpredictable." (Messer)
    • Not incremented by one, etc.
  • Secret algorithm
    • "Secrecy in how to apply secu- rity elements can assist in thwarting reverse engineering." (Conklin)
    • "The drawback of keeping a cryptographic algorithm secret is that it reduces the test- ing of the algorithm by cryptographers." (Conklin)
  • States of data (James Messer)
    • Data-in-transit
      • "Transmitted over the network." (Messer)
      • Transport encryption: TLS (Transport Layer Security). IPSec (Internet Protocol Security).
    • Data-at-rest
      • On storage device.
      • Options: Whole disk encryption. Database encryption. File- or folder-level encryption. (Messer)
      • Apply ACL
    • Data-in-use
      • "System RAM, CPU registers and cache." (Messer)
      • "Almost always decrypted." (Messer)
  • Random/pseudo-random number generation (James Messer)
    • "True random numbers are virtually impossible to generate from physical or algorithmic processes because of the influences associated with the underlying process. This leads to the field of pseudo-random numbers, a set of numbers that while statistically appearing to be random with respect to frequency distribution, because they are algorithmically generated, if one knows the algorithm and the seeds, one can predict future values." (Conklin)
  • Key stretching
    • i.e. "key strengthening"
    • "Hash a password. Hash the hash of the password." (Messer)
    • Multiplies time required to brute force
  • Implementation vs. algorithm selection
    • Crypto service provider
    • Crypto modules
  • Perfect forward secrecy (James Messer)
    • Doesn't use server's private RSA key.
    • Creates keys on the fly. Temporary.
    • "Might use elliptic curve of Diffie-Hellman ephemeral." (Messer)
    • Uses more computing power.
  • Security through obscurity
    • Design not necessarily secret
    • Encryption key the only unknown
  • Common use cases (James Messer)
    • Low power devices
      • Mobile. Portable. Smaller symmetric key sizes. Use elliptic curve cryptography (ECC) for asymmetric encryption.
    • Low latency
      • Fast. Symmetric encryption. Smaller key sizes.
    • High resiliency
      • Larger key sizes. Hashing provides integrity.
    • Supporting confidentiality
      • Secret and private
    • Supporting integrity
      • Prevent modification of data
      • Validate the contents with hashes
      • File downloads, passwords storage
    • Supporting obfuscation
      • Hide data
      • Encrypted data hides the active malware code
      • Decryption occurs during execution
    • Supporting authentication
      • Password hashing
      • Protect the original password
      • Add salts to randomize the stored hash
    • Supporting non-repudiation
      • Confirm the authenticity of data
      • Digital signature provides both integrity and non-repudiation
      • "You said it. You can't deny it."
    • Resource vs. security constraints
      • An ongoing battle
      • Browser support vs. supporte encryption
      • VPN software support vs. supported algorithms

6.2 Explain cryptography algorithms and their basic characteristics. (Mike Meyers 1, Mike Meyers 2)

  • Symmetric algorithms (James Messer, Mike Meyers)
    • DES
      • Block cipher
      • Block size: 64-bit
      • Key size: 56-bit
      • Rounds: 16
      • Easy to brute-force
    • 3DES: Triple DES
      • "A Triple DES (3DES) algorithm uses 48 rounds of computation. It offers high resistance to differential cryptanalysis because it uses so many rounds." (uCertify)
        • Is it 48 or 16?
      • Extends use of the DES cipher
      • Use DES encryption/decryption three times
        • Encrypt with the first key
        • Decrypt with the second key
        • Encrypt with the third key
      • Block cipher
      • Block size: 64-bit
      • Key size: 56-bit x 3 -> 158 bit
      • Rounds: 16
      • Superseded by AES
    • RC4
      • Streaming cipher
      • 1 bit at a time
      • 1 round
      • Key size: 40-bit -> 2048-bit
      • Part of the WEP standard
      • Alart part of SSL, but removed from SSL
      • Has a "biased output"
    • AES
      • Early 2000's
      • Block cipher
      • Block size: 128-bit
      • Key size: 128, 192, 256-bit
      • Rounds: 10, 12, 14
      • Standard of the US federal government
      • Took five years to standardize
      • Used in WPA2
    • Blowfish
      • Block cipher
      • Block size: 64-bit
      • Rounds: 16
      • Key size: varied (32-bit -> 448-bit)
      • Created to remove limitation of patents
    • Twofish
      • Doubles the block size
      • Block size: 128-bit
      • Key size: varied (256-bit)
    • GOST
      • "Russian private key encryption standard that uses a 256-bit encryption key. GOST was developed as a counter to the Data Encryption Standard (DES)." (uCertify)
    • CAST-128
      • "A private key encryption standard that is used in Pretty Good Privacy (PGP)." (uCertify)
    • IDEA
      • "International Data Encryption Algorithm (IDEA) is a private key encryption standard that was developed in Switzerland. IDEA is used in PGP, and uses 128-bit encryption keys." (uCertify)
    • RC5
      • "RC5 is a private key encryption standard that was developed at the Massachusetts Institute of Technology. RC5 supports variable length encryption keys." (uCertify)
    • Others: IDEA, RC5, RC6
  • Block Cipher Modes (James Messer)
    • Stream vs. block
      • Block size is a fixed size
    • ECB: Electronic Codebook
      • Not commonly used
      • Each block encrypted with same key
    • CBC: Cipher Block Chainings
      • Adds randomization to the process
      • Each plaintext block is XORed with previous ciphertext block
        • Adds additional randomization
        • Uses an initialization vector for the first block
    • CTR: Counter
      • Block cipher mode / acts like stream cipher
        • Encrypts successive values of a "counter"
    • GCM: Galois/Counter Mode
      • Combines counter mode with Galois authentication
      • Authentication is part of the block mode
      • Minimum latency, minimum operation overhead
        • Very efficient encryption and authentication
      • Commonly used in packetized data
        • Network traffic security (wireless, IPsec)
        • SSH TLS
  • Asymmetric algorithms (James Messer)
    • Diffie-Hellman (Mike Meyers)
      • Allows for exchange of key over an insecure communications channel
      • Does not itself encrypt or authenticate
        • It's an anonymous key-agreement protocol
      • Allows both sides to decide on common symmetric key
      • Symmetric key derived from combination of one's own private key and another's public key
        • On each side
      • Groups
      • DHE (or EDH): Ephemeral Diffie-Hellman
      • ECDHE: Combined with elliptic curve cryptography
    • RSA: Ron Rivest, Adi Sharmi, and Leonard Adelman
      • Based on the product of two large prime numbers
      • In the public domain
      • Used extensively for web site encryption and digital rights management
    • DSA: Digital Signature Algorithm
      • Modifies Diffie-Hellman for use in digital signatures
      • Combine with elliptic curve cryptography
      • A Federal Information Processing Standard for digital signatures
      • ECDSA - Elliptic Curve Digital Signature Algorithm
    • ECC: Elliptic curve cryptography
      • More efficient; requires less resources
      • Suitable for mobile devices
    • PGP/GPG: Pretty Good Privacy (Jason Dion, Mike Meyers)
      • Owned by Symantec
      • Open standard - OpenPGP (RFC 4880)
        • GNU Privacy Guard
  • Hashing algorithms (James Messer, Mike Meyers)
    • MD5
      • Don't use. Collision found in 1996.
    • SHA
      • Developed by the NSA.
      • SHA-1
        • 160-bit digest
        • Collisions found
      • SHA-2
        • Preferred SHA variant
        • Up to 512-bit digests
    • HMAC: Hash-based Message Authentication Code (Mike Meyers)
      • Combined a hash with a secret key
      • e.g. HMAC-MD5, HMAC-SHA1
      • Verify data integrity and authenticity
        • No fancy asymmetric encryption required
      • Used in network encryption protocols
        • IPsec TLS
    • RIPEMD: RACE Integrity Primitives Evaluation Message Digest
      • RACE: Research and Development in Advanced Communications Technologies in Europe
      • Collisions found in 2004
      • Effectively replaced with RIPEMD-160 (no known collision issues)
      • Based upon MD4 design but performs similar to SHA-1
      • RIPEMD-128, RIPEMD-256, RIPEMD-320
  • Key stretching algorithms (James Messer)
    • Make a weak key stronger by performing multiple processes
      • Hash a password. Hash the hash of the password...
      • Key stretching, key strengthing
      • Bruce force attacks would require reversing each of those hashes
    • Key stretching libraries
      • bcrypt
        • Generates hashes from passwords
        • Extends UNIX crypt library
        • Uses Blowfish cipher to perform multiple rounds of hashing
      • PBKDF2: Password-Based Key Derivation Function 2 (PBKDF2)
        • Part of RSA public key cryptography standards (PKCS #5, RFC 2898)
  • Obfuscation (James Messer)
    • not impossible to understand, but made unclear
    • Make source code difficult to read
      • But doesn't change functionality of the code
    • Steganography
    • XOR (Exclusive OR) ciper
      • Same? 0. Different? 1.
      • Used extensively in cryptography
      • Theoretically unbreakable method of obfuscating data
    • Substitution ciphers
      • e.g. A -> Z, B -> E
      • e.g. Caesar cipher
      • Easy to brute force
    • ROT13
      • Rotate by 13 places and substitute one letter with another

6.3 Given a scenario, install and configure wireless security settings. (Mike Meyers)

  • Cryptographic protocols (James Messer)
    • Don't use WEP
    • WPA
      • RC4 with TKIP
        • Initialization Vector (IV) is larger and an encrypted hash
        • Every packet gets a unique 128-bit encryption key
    • CCMP
    • TKIP: Temporal Key Integrity Protocol
      • Combines the secret root key with the IV
      • Adds sequence counter
        • Prevents replay attacks
      • Has its own set of vulnerabilities
        • Deprecated in the 802.11-2012 standard
    • WPA2
      • AES (Advanced Encryption Standard) replaced RC4
      • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) replaced TKIP
    • CCMP block cipher mode
      • Uses AES for data confidentiality
      • 128-bit key and a 128-bit block size
      • Requires additional computing resources
      • Data confidentiality (AES), authentication, and access control
  • Wireless authentication protocols (James Messer, Mike Meyers, Jason Dion)
    • EAP: Extensible authentication protocol
      • Authentication framework
      • WPA and WPA2 use five EAP types as authentication mechanisms
      • EAP-FAST: EAP Flexible Authentication via Secure Tunneling
        • Cisco's proposal to replace LEAP (Lightweight EAP - previously used with WEP)
        • Lightweight and secure
      • EAP-TLS: EAP Transport Layer Security
        • Strong security, wide adoption
        • Support from most of the country
      • EAP-TTLS: EAP Tunnel Transport Layer Security
        • Support other authentication protocols in a TLS tunnel
        • Use any authentication you can support, maintain security with TLS
      • PEAP: Protected Extensible Authentication Protocol
        • Protected EAP
        • Created [by?] Cisco, Microsoft, and RSA Security
        • "PEAP (Protected Extensible Authentication Protocol) creates a TLS (Transport Layer Security) tunnel by acquiring a PKI certificate from a CA." (uCertify)
        • Encapsulates EAP in a TLS tunnel, one certificate on the server
          • Combined a secure tunnel and EAP
        • Commonly implemented as PEAPv0/EAP-MSCHAPv2
          • Authenticates to Microsoft's MS-CHAPv2 databases
    • IEEE 802.1x
      • Port based Network Access Control (NAC)
        • You don't get access until you authenticate
      • Used in conjunction with an access database
        • RADIUS
        • LDAP
        • TACACS+
      • Devices
        • Supplicant (workstation)
        • Authenticator (switch)
        • Authentication server
    • RADIUS Federation
      • Members of one organization can authenticate to the network of another organization
      • Use their normal credentials
      • Driven by eduroam (education roaming)
        • Educators can use their normal authentication when visiting a different campus
        • eduroam.org
  • Methods (James Messer)
    • PSK vs. Enterprise vs. Open
      • Open
        • No authentication needed
      • WPA-Personal / WPA-PSK
        • PSK: Preshared Key
        • WPA2 with a preshared key
        • Everyone uses the same 256-bit key
      • WPA-Enterprise / WPA-802.1X
        • Authenticates user individually with an authentication server (i.e. RADIUS)
        • "WPA-Enterprise offers a decent level of encryption (WPA) as well as a powerful means of authorization (Enterprise)." (uCertify)
    • Captive portals
      • Access table recognizes lack of authentication
        • Redirect your web access to a captive portal page
      • Once authenticated, the web session continues
    • WPS
      • Wi-Fi Protected Setup
        • Designed for easy setup without long passphrase
        • e.g. pin, button, NFC
        • Flaw found in 2011, part of original design

6.4 Given a scenario, implement public key infrastructure. (Jason Dion 1, Jason Dion 2, Mike Meyers 1, Mike Meyer 2)

  • Components (James Messer, Jason Dion)
    • Key management lifecycle
      • Key generation
      • Certificate generation
        • Allocate a key to a user
      • Distribution
        • Make the key available to the user
      • Storage
        • Securely store and protect against unauthorized use
      • Revocation
        • Manage keys that have been compromised
      • Expiration
        • A certificate may only have a certain "shelf life"
    • Certificate
      • Public key certificate
        • Binds a public key with a digital signature
        • And other details about the key holder
      • Digital signature adds trust
        • PKI uses Certificate Authority (CA) for additional trust
        • Web of Trust adds other usrs for additional trust
      • Certificate creation can be built into the OS
    • Digital certificate format
      • Version: The X.509 version supported (V1, V2, V3)
      • Serial number
      • Signature algorithm
      • Issuer
        • Name of the CA, expressed as a Distinguished Name (DN)
      • Valid From / Validi To
      • Subject
        • Name of certifiate holder, expressed as a distinguished name (DN)
      • Public Key
      • Extensions
        • Extended attributes e.g. friendly subject, issuer names, contact email addresses, intended key usage
    • CA: Certificate Authority
      • RA: Registration Authority
        • Forwards certificate request to CA
      • Root CA
        • e.g. Verisign, Digisign
      • Commercial
        • Purchase your web site certificate
          • It will be trusted by everyone's browser
        • Create the key pair, send the public key to the CA to be signed
          • A certificate signing request (CSR)
      • Private certificate authorities
        • Your devices must trust the internal CA
        • Needed for medium-to-large organizations
          • Many web servers and privacy requirements
    • PKI trust relationships
      • Single CA
        • Everyone receives their certificates from one authority
        • Hierarchical
          • Single CA issues certs to intermediate CAs
          • Distriibutes the certificate management load
          • Easier to deal with the revocation off an intermediate CA than the root CA
    • Intermediate CA
    • Key revocation
      • CRL: Certificate Revocation List (CRL)
        • Maintained by the Certificate Authority (CA)
    • OCSP: Online Certificate Status Protocol
      • The browser can check certificate revocation
      • Using serial number
      • Doesn't use encryption
      • Doesn't scale well
    • Public key
      • "Public keys are the key from the key pair that are intended to be freely shared with the message—to everyone, hence the term public." (Conklin)
    • Private key
      • "The private key is the key from the key pair that is to be protected from all outside actors." (Conklin)
    • Object identifiers (OID)
      • "Each extension, or optional field, to a certificate has its own ID, expressed as an object identifier (OID), which is a set of values, together with either a critical or noncritical indication." (Conklin)
  • Concepts (James Messer)
    • Online vs. offline CA
      • Root CA can be taken offline when load is distributed to intermediate CAs
    • OCSP Stapling
      • Device that holds the certificate (CA) verifies their own status
        • Status information is stored on the certificate holder's server
      • Allows the certificate holder to get the OCSP record from the server at regular intervals and include it as a part of the SSL or TSL handshake
      • OCSP status is "stapled" into the SSL/TLS handshake
        • Digitally signed by the CA
    • Pinning
      • Allows an HTTPS website to resist impersonation attacks by presenting a sest of trusted public keys to the user's web browser as a part of the HTTP header
      • Application has hardcoded the server's certificate into the application itself
    • Trust model
      • "Automatically updates browsers with a list of certificates for applications." (Dion)
      • "Defines how various certificate authorities (CAs) trust each other." (uCertify)
      • Single CA
        • Everyone receives their certificates from one authortiy
      • Hierarchical
        • Single CA issues certs to intermediate CAs
      • Mesh
        • Cross-certifying CAs
        • Doesn't scale well
      • Web-of-trust
        • Alternative to traditional PKI
      • Mutual authentication
        • Server authenticates to the client and the client authenticates to the server
    • Key escrow
      • Third party holds decryption keys
      • Occurs when a secure copy of a user's private key is held in case the user accidentally loses their key.
      • Can help "ensure that the organization continues to have access to the [terminated] employee's private keys." (uCertify)
      • Key Recovery Agent
        • A specialized type of software that allows the restoration of a lost of corrupted key to be performed
    • Certificate chaining
      • Connection between all CAs
      • Starts with SSL certificate
        • And ends with the Root CA certificate
      • Chain certificates, intermediate certificates
      • Web server needs to be configured with the proper chain
  • Types of certificates (James Messer, Jason Dion)
    • Root certificate
      • Everything starts here
      • Issues intermediate CA certificates
    • Web server SSL certifficates
      • DV: Domain validation certificate
        • Owner of the certificate has some control over a DNS domain
      • Extended validation certificate (EV)
        • Additional checks have verified the certificate owner's identity
        • Green name on the address bar
      • SAN: Subject Alternative Name
        • Extension to an X.509 certificate
        • Lists additional identification information
        • Allows a certifficate to support many different domains
      • Wildcard
        • Certificates are based on the name of the server
        • A wildcard domain wil apply to all server names in a domain
        • *.domain.com
      • Self-signed
        • Don't need to be signed by a public CA
        • Your company is the only one going to use it
        • No need to purchase trust for devices that already trust you
        • Build your own CA
        • Install internal CA chain on all device
    • Machine/computer certificates
      • Put signed certificate on device to authenticate
      • Other business processes rely on the certifficate
        • Access to the remote access VPN from authorized devices
      • Management software can validate end device
    • User certificates
      • ID "card"
      • Commonly in smart cards or mobile device
    • Email certificates
      • Needs public key
      • Digital signature
    • Code signing certificate
      • Applications can be signed by the developer
  • Certificate formats (James Messer)
    • X.509 digital certificates
      • The structure of the certification is standardized
    • DER: Distinguished Encoding Rules
      • Designed to transfer syntax for data structures
        • Very specific encoding format
        • Perfect for an x.509 certificate
      • Binary format
      • "By default, Windows exports certificate files as Distinguished Encoding Rules (DER) encoded files." (uCertify)
    • PEM: Privacy-Enhanced Mail
      • Common format
      • ASCII format
    • P12
      • PKCS #12: Publc Key Cryptography Standard #12
      • Store many X.509 certificates in a single .p12 ffile
      • Often used to transfer a private and public key pair
      • Container can be password protected
    • PFX
      • "Used by Microsoft and contains both the public and private keys." (uCertify)
      • Extended from Microsoft's .pfx format
      • Similar to PKCS #12
    • "PFX and P12 are the most common file types for exporting the private key." (uCertify)
    • CER: Certificate
      • "It does not support storage of the private key or certification path." (uCertify)
      • Primarily a Windows X.509 file extension
        • Can be encoded as binary DER format or aas the ASCII PEM format
      • Usually contains a public key
        • Private keys would be transferred in the .pfx file format
      • Common format for Windows certificates
        • Look for the .cer extension
    • P7B
      • PKCS #7: Public Key Cryptography Standard #7
      • Cryptographic Message Syntax Standard
        • Associated with the .p7b file
      • Stored in ASII format
        • Human-readable
      • Contains certificates and chain certificates
        • Private keys are not included in a .p7b file
      • Wide platfor support
        • Microsoft Windows
        • Java Tomcat