The CISSP Prep Guide Chapter 4

1
The CISSP Prep GuideChapter 4

• Cryptography
• The CISSP Prep Guide Mastering the Ten Domains
  of Computer Security by Ronald L. Krutz, Russell
  Dean Vines (August 24, 2001), John Wiley Sons.
  ISBN 0471413569

2
Goals

• Definitions
• History
• Cryptology Fundamentals
• Symmetric Key Cryptosystem Fundamentals
• Asymmetric Key Cryptosystem Fundamentals
• Key Distribution and Management Issues
• Public Key Infrastructure Definitions and
  Concepts

3
Definitions

• Cipher Block Cipher
• Ciphertext or Cryptogram
• Clustering (the same coded messages)
• Codes
• Cryptographic Algorithm
• Cryptology
• Cryptography Crypoanalysis

4
Definitions

• Cryptosystem
• M plaintext
• C Ciphertext
• E The Encryption Transformation
• D The Decryption Transformation
• E(M) C
• DE(M) M
• E(M, K) C
• D(C, K) DE(M, K), K M

5
Defintions

• Encipher, Decipher
• End-to-End Encryption (from send to receiver)
• Exclusive Or (XOR)
• Key or Cryptovariable
• Link Encryption
• One Time Pad
• Stenanography (secret message hidden)
• Work Function (Factor) - difficulty

6
History

• 3000 B.C. by Egyptians, Hieroglyphics
• 400 B.C., Scytale, Military Cryptography by the
  Startans in form of a strip of papyrus or
  parchment wrapped around a wooden rod
• 50 B.C., Substitution, Julius Caesar
• Monoalphabetic substitution
• Zi Cn(Pi)
• A.D. 815, the Caliph al-Mamun establishes the
  House of Wisdom in Bagdad, on Language
  Translation,
• A Manuscript on Deciphering Cryptographic
  Messages, a treatise by al-Kindi in 9th Century

7
History

• 1790 Thomas Jefferson, using a stack of 26 disks
• Disk System during Civil War
• Patent by Federal Signal Officer
• Similar to the one invented by Leon Battista
  Alterti in Italy
• UNIX System ROT 13 (shifting 13 places)
• 1920 The Hagelian Machine by Boris Hagelin in
  Stockholm, Sweden, known as MI-8
• In 1920s, Herbert O. Yardley in charge of the
  secret U.S. MI-8 organization known as Black
  Chamber
• Cracking Japanese Negotiations to U.S. Secretary
  of State, during 1921-1922 Washington Naval
  Conference
• Herbert O. Yardley, Father of American
  Cryptology

8
History

• The Japanese Purple Machine
• The German Enigma Machine
• 1919 Hugo Koch, Dutch, Inventor
• 1923 by Arthur Scherbius, Market US Patent
• 1928-1938 by Polish Cryptanalyst Marian Rejewski
  to decipher three-rotor system,
• 6-rotor System by German
• 1938 The Bombe by Poles and French to decipher
• Then by British at Bletchley Park in England
• Allen Turing, First Computer in 1940, and in 1943

9
Cryptographic Technologies

• Private Key Cryptography
• Public Key Cryptography
• Private Key Cryptography on the order of 1000
  times faster than Public Key

10
Classical Ciphers

• Substitution
• Transposition (Permutation)
• Vernam Cipher (One-Time Pad)
• Book or Running Key Cipher
• Code
• Steganography

11
Secret Key CryptographySymmetric Key

• To make the secret key available
• to both the sender and the receiver
• without compromising it
• IBM Lucifer Cryptographic System
• DES (Data Encryption System) in 1972
• Claude Shannon, Father of Information Theory
• Confusion and Diffusion
• AES (Advanced Encryption System)

12
Data Encryption Standard - DES

• DES Symmetric Key cryptosystem
• In 1972, from Lucifer Algorithm,
• by Horst Feistel at IBM
• For commercial and non-classified purposes
• Replaced by AES
• 64-bit block size key (56-bit from 64-bit)
• 16-round of transposition and substitution
• 4 Modes
• Cipher Block Chaining (CBC)
• Electronic Code Book (ECB)
• Cipher Feedback (CFB)
• Output Feedback (OFB)

13
DES

• 1. Cipher Block Chaining (CBC)
• 64-bit block to be XOR and feed into the next
  64-bit block to be XOR
• 2. Electronic Code Book (ECB)
• 64-bit block into Two 32-bit blocks, then into
  48-bit blocks to be XOR with 48-bit cipher key
• 3. Cipher Feedback Mode (CFB)
• Feedback and Stream to form next key stream
• 4. Output Feedback Mode (OFB)
• Stream cipher, XOR with cipher key

14
Triple DES

• A brute force attack
• Merkle and Hellman
• Meet-in-the-Middle attack
• Triple DES
• to encrypt the message three times

15
Advanced Encryption Standard AES

• NIST for new standard, 1999 2000.
• MARS, RC6, Rijndael, Serpent, Twofish
• Rijndael Block Cipher (October 2, 2000)
• Dr. Joan Daemen, Dr. Vincent Rijmen

16
Rijndael Block Cipher

• Dr. Joan Daemen, Dr. Vincent Rijmen
• Strengths
• Resistance against all known attacks
• Design Simplicity
• Code Compactness and Speed
• 128-bit, 192-bit, 256-bit
• 3 Layers
• The non-linear layer
• The linear mixing layer
• The key addition layer

17
The Twofish Algorithm

• Symmetric block cipher
• 128-bit block, 16 rounds
• Up 256-bit key
• F-box, S-box,
• then Pseudo-Hadamard Transform (PHT)
• D (2 b1 b2) mod 256
• MDS Matrix, PHT, Key additions for diffusion

18
The IDEA Cipher

• International Data Encryption Algorithm
• James Massey and Xuejia Lai, 1992
• 64-bit plaintext blocks, 128-bit key
• Confusion and Diffusion
• Pretty Good Privacy (PGP)
• email encryption by Phil Zimmerman

19
RC5

• Ronald Rivest in 1994
• Block cipher of variable block length
• Encrypt through integer addition
• A bit-wise Exclusive OR (XOR)
• Typical Block size of 32, 64, or 128 bits
• Key size and Rounds are from 0 to 255
• Key size from 0 to 2048 bits
• Patent by RSA Data Security in 1997

20
Public (Asymmetric) Key Cryptosystems

• Public (versus Private or Secret Key)
• No need to Exchange Secret key
• The Public Key cannot decrypt the message that it
  encrypted
• Ideally, the private key cannot be derived from
  the public key.
• A Message that is encrypted by one of the keys
  can be decrypted with the other key.
• The Private key is kept private.

21
Public Key

• C is the cipher text, P is the plaintext
• Kp is the Public Key, and
• Ks is the Private key
• C Kp( P ) and P Ks( C )
• C Ks( P ) and P Kp( C )
• One-way function
• Easy to compute in one direction but difficult to
  compute in the reverse direction.

22
Public Key Algorithms

• 100-1000 slower than secret key cryptography
• Diffie-Hellman key exchange protocol
• RAS
• El Gamal
• Knapsack
• Elliptic Curve

23
RSA

• Rivest, Shamir, and Addleman
• A Method for Obtaining Digital Signatures and
  Public-Key Cryptosystems, Communications of the
  ACM, 2/78.

24
RSA

• Choose 2 large prime numbers, p and q, of equal
  length, compute p x q n, which is the public
  modulus,
• Choose a random public key, e, so that e and
  (p-1)(q-1) are relatively prime.
• Compute e x d 1 mod (p - 1)(q - 1) are
  relatively prime.
• Thus, d e-1 mod (p 1)(q 1)
• Thus C Pe mod n, P Cd mod n
• where P is the plaintext and C is the cipher text.

25
Diffe-Hellman Key Exchange

• To Exchange secret keys over a nonsecure medium
  without exposing the keys.
• W. Diffie and Dr. M. E. Hellman in 1976
• New Directions in Cryptography
• Alice Ya ga mod p
• Bob Yb gb mod p
• Then exchange Ya and Yb, and further
• Alice and Bob to get (Ya)b (Yb)a

26
El Gamal

• Dr. T. El Gamal, extending Diffie-Hellman
• Given the prime number, p, and the integer, g,
• Alice uses her private key, a, to compute her
  public key as y ga mod p.
• For Bob to send message M to Alice
• Bob generates random b lt p
• Bob computes yb gb mod p and ym M XOR yb M
  XOR gab mod p.
• Therefore, M yba XOR ym gab mod p XOR M XOR
  gab mod p.

27
Merkle-Hellman Knapsack

• R. C. Merkle and M. Hellman
• Hiding Information and Signatures in Trapdoor
  Knapsacks, 1978
• The set 2,3,6,12,27,52 to 69 is 52, 12,3,2
• In bit string of 110101 gt 2,3,0,12,0,52

28
Elliptic Curve (EC)

• Neal Koblitz
• Elliptic Curve Cryptosystems, 1987
• V. S. Miller, 1985 1986
• Elliptic Curve y2 x3 ax b
• Addition is the counterpart of modular
  multiplication, and Multiplication is the
  counterpart of modular exponentiation.
• Two points, P and R, on the elliptic curve where
  P KR, and Finding K is hard problem as for
  discrete logarithm problem.
• 160-bits is equivalent to 1024-bit RSA key.

29
Public Key Cryptosystems Algorithm Categories

• Factoring the product of large prime numbers
• RSA
• Finding the discrete logarithm in a finite field
• El Gamal
• Diffie-Hellman
• Schnorrs signature algorithm
• Elliptic Curve
• Nybergrueppels signature algorithm

30
Asymmetric and Symmetric Key Length Strength
Comparison

• Asymmetric key size
• 512, 1792, 2304 bits
• Symmetric Key Size
• 64, 112, 128 bits, respectively

31
Digital Signatures

• NIST Digital Signature Standard (DSS)
• One way Hash function (for an input file)
• Output of hash function message digest
• With the characteristics of
• The hash function is considered one-way because
  the original file cannot be created from the
  message digest.
• Two files should not have the same message
  digest.
• Given a file and its corresponding message
  digest, it should not be feasible to find another
  file with the same message digest.
• The message digest should be calculated using all
  of the original files data.

32
Digital Signature Standard (DSS) and Secure Hash
Standard (SHS)

• DSS using RAS digital signature algorithm or the
  Digital Signature Algorithm (DSA).
• DSA is modification of El Gamal signature
  methodology by Clause Schnorr, 1989.
• Both methods use the Secure Hash Algorithm
  (SHA-1)
• SHA-1 computes a fixed length message digest from
  a variable length input message.
• Blocks of 512-bit

33
MD5

• Message Digest Algorithm
• Ronald Rivest in 1991
• To take a message of an arbitrary length and
  generate a 128-bit message digest
• Processed in 512-bit blocks in 4 distinct rounds

34
Hashed Message Authentication Code (HMAC)

• Hash algorithm that uses a key to generate
  Message Authentication.
• MAC is a type of check sum
• MAC is generated, appended to the message and
  then to be sent.
• The receiving side does the reverse.
• Hash Function Characteristics

35
Cryptographic Attacks

• Brute Force
• Known Plaintext
• Chosen Plaintext
• Adaptive Chosen Plaintext
• Ciphertext Only
• Chosen Ciphertext
• Adaptive Chosen Ciphertext

36
Cryptographic Attacks

• 8. Birthday Attack
• 9. Meet-in-the-Middle
• 10. Man-in-the-Middle
• 11. Differential Cryptoanalysis
• 12. Linear Cryptoanalysis
• 13. Differential Linear Cryptoanalysis
• 14. Factoring
• 15. Statistical

37
Public Key Certification System

• Digital Certificates, Process and Components
• Certificate Authority (CA)
• Subscribing Entity
• Repository
• Party Transacting with Subscriber
• Digital Certificates Application
• Signal Digital Certificate
• Certificate Transaction
• Signed
• Query to Verify Subscribers Public Key
• Respond to Verification Request

38
Public Key Infrastructure (PKI)

• Digital certificates
• Certificate Authority (CA)
• Registration authorities
• Policies and procedures
• Certificate revocation
• Non-repudiation support
• Timestamping
• Lightweight Directory Access Protocol (LDAP)
• Security-enabled applications
• Cross certification

39
LDAP

• Provides a standard format to access the
  certificate directories.
• The directories are stored on LDAP servers on
  network, to provide public keys and X.509
  certificates for the enterprise.
• Directory containing individuals name, address,
  phone number, public key certificate, etc..
• For availability and integrity

40
Approaches to Escrowed Encryption

• Escrowed Encryption Standard, NIST 1994
• To divide the key into two parts,
• And to escrow two portions of the key with two
  separate trusted organizations.
• Then law enforcement officers, after obtaining a
  court order, can retrieve the two pieces of the
  key from the organizations and decrypt the
  message.
• U.S. Governments Clipper Chip in Tamper-proof
  hardware
• The Skipjack Secret Key algorithm for encryption

41
Clipper Chip

• Each Clipper Chip has a unique serial number and
  an 80-bit unique unit or secret key.
• The unique key is divided into two parts and is
  stored at two separate organizations with the
  serial number that uniquely identifies that
  particular Clipper Chip

42
Clipper Chip

• Serial
• 80-bit unit key
• Escrow 1
• Escrow 2
• 80-bit family key
• Common to all Clipper Chips
• Skipjack Algorithm
• Such as Diffie-Hellman or RSA key exchange

43
Key Escrow Approaches Using Public Key
Cryptography

• Fair Cryptosystems
• Introduced by Sylvio Micali, in 1992.
• The private key of a public/private key pair is
  divided into multiple parts and distributed to
  different trustees.
• Be able to recover the whole secret key from the
  partial key (as required or needed).

44
Key Management Issues

• Key Control Measures
• Key Recovery
• Key Storage
• Key Retirement/Destruction
• Key Change
• Key Generation
• Key Theft
• Frequency of Key Use

45
Email Security - Objectives

• Non-repudiation
• Messages are read only by their intended
  recipients
• Integrity of the message
• Authentication of the source
• Verification of delivery
• Labeling of sensitive material
• Control of access

46
Secure Multipurpose Internet Mail Extensions
(S/MIME)

• To add secure services to email in a MIME format
• To provide authentication through digital
  signatures and the confidentiality of encryption
• Follows the Public Key Cryptography Standards
  (PKCS)
• Uses X.509 standard for its digital certificates

47
Email Security

• S/MIME
• MIME Object Security Services (MOSS)
• Provides flexible email security services by
  supporting different trust models
• In 1995, MOSS provides authentication, integrity,
  confidentiality, and non-repudiation to email
• It uses MD2/MD5, RSA Public Key, and DES
• Also it permits user identification outside of
  the X.509 Standard

48
Email Security

• Privacy Enhanced Mail (PEM)
• Proposed by IETF to be compliant with the Public
  Key Cryptography Standards (PKCS)
• Consortium including Microsoft, Novell, SUN
• For encryption and authentication
• Triple DES-EDE using a pair of symmetric keys
• RSA Hash Algorithm MD2 or MD5 to generate message
  digest
• RSA public key encryption implements digital
  signatures and secure key distribution
• Certificates, based on the X.509 standards

49
Email Security

• Pretty Good Privacy (PGP)
• Phil Zimmerman
• Symmetric cipher IDEA to encipher
• RSA for symmetric key exchange and for digital
  signatures
• Instead of using Certificate Authority, PGP uses
  a Web of Trust
• Users can certify each other in a mesh model

50
Internet Security Applications

• Message Authentication Code (MAC) or the
  Financial Institution Message Authentication
  Standard (FIMAS)
• In order to protect against fraud in electronic
  fund transfers, MAC (ANSI X9.9) was developed
• Using Cyclic Redundancy Check (CRC)

51
Secure Electronic Transaction (SET)

• Visa MasterCard developed SET in 1997
• As a means of preventing fraud, during electronic
  payments
• Provides Confidentiality for purchases by
  encrypting the payment information
• Uses DES symmetric key system for encryption of
  the payment information
• Uses RSA for the symmetric key exchange and
  digital signatures
• Covers the end-to-end transactions from the
  cardholder to the financial institution.

52
Secure Sockets Layer (SSL)

• Transaction Layer Security (TLS)
• SSL protocol developed by Netscape in 1994
• To secure Internet client-server transactions
• Authenticates the server to the client using
  public key cryptography and digital certicates
• Supports RSA public key algorithms, IDEA, DES and
  3DES private key algorithms, and the MD5 hash
  function

53
SSL

• HTTPs
• SSL 3.0 and its successor Transport Layer
  Security (TLS) 1.0 protocol
• Defacto standard
• Implements Confidentiality, Integrity,
  Authentication above the Transport Layer
• Between the application and TCP layer
• TLS, as with SSL, used with Telnet, FTP, HTTP,
  email protocols
• User Certificates for Public Key verification
  based on X.509 standard.

54
Internet Open Trading Protocol (IOTP)

• Consumer to Business transactions
• To provide a buyer an option to choose their
  method of the payment
• Supports public and private encryption key
  algorithms and can use digital certificates
• Designed to be flexible and to accommodate other
  payment models in future.

55
MONDEX

• MONDEX International Corporation
• MONDEX payment system
• Smart cash application
• If lost, a finder can use it as cash

56
IPSec

• A Standard to provide
• Encryption, access control, non-repudiation, and
  authentication of messages over an IP
• Designed to be functionally compatible with IPv6
• Two main protocols are
• (1) Authentication Header (AH) for integrity,
  authentication, and non-repudiation,
• (2) Encapsulating Security Payload (ESP) for
  encryption and limited authentication

57
IPSec

• Security Association (SA)
• The heart of IPSec
• One SA needed to communicate between two entities
• for one-way (simplex) connection
• Provides one-way (simplex) connection
• SA is comprised of
• a Security Parameter Index (SPI)
• Destination IP address
• The Identity of the security protocol (AH or ESP)
• 32-bit number

58
IPSec Security Association (SA)

• One SAs for simplex communication between two
  entities
• Two SAs for bi-directional between two entities,
  if AH protocol is used.
• Four SAs for bi-directional between two
  entities, if both AH and ESP protocols are to be
  employed

59
IPSec in VPN

• In Transport or Tunnel mode
• In Transport mode,
• The data in the packet is encrypted, but the
  header is not encrypted
• In Tunnel mode,
• The original IP header is encrypted and a new IP
  header is added to the beginning of the packet.
• This additional IP header has the address of the
  VPN gateway, and the encrypted IP header points
  to the final destination on the internal network
  behind the gateway.

60
IPSec Hashing Algorithm

• HMAC-MD5 and HMAC-SHA-1 used for authentication
  and integrity
• IPSec standard enables for the use of a variety
  of symmetric key systems.

61
IPSec Security Association (SA)

• SA bundle to provide authentication and
  confidentiality, and layered communication.
• SA bundle, using
• transport adjacency or
• Uses the transport mode for communication
• iterated tunneling
• Provides for the multiple levels of encapsulation
  as the protocol stack is being traversed.

62
IPSec Security Association

• To Set up and Manage SAs on Internet,
• Need to establish a standard format called the
  Internet Security Association and Key Management
  Protocol (ISAKMP)
• ISAKMP provides for secure key exchange and data
  authentication
• ISAKMP is independent of the authentication
  protocols, security protocols, and encryption
  algorithm.

63
IPSec SA and ISAKMP

• Key Management, by combination of three protocols
• Internet Security Association and Key Management
  Protocol (ISAKMP), To define the phases for
  establishing a secure relationship,
• Secure Key Exchange Mechanism (SKEME), to
  describe a secure exchange mechanism,
• Oakley, to define the modes of operation needed
  to establish a secure connection.

64
IPSec IKE, S/WAN

• Combination of ISAKMP, SKEME, Ockley
• When combined and applied to IPSec, these
  protocols are called the Internet Key Exchange
  (IKE) protocol
• S/WAN Secure Wide Area Network
• Initiative to specify a standard IPSEC
  implementation for VPN on the internet
• By defining a common set of IPSEC algorithms and
  modes of operation

65
Secure Hypertext Transfer Protocol (S-HTTP)

• An alternative to SSL
• For providing security for WWW transactions
• S-HTTP can be used to protect individual WWW
  documents, while SSL is for an entire session
• Provides authentication, confidentiality,
  integrity, and non-repudiation
• Supports a variety of encryption algorithms

66
Secure Shell (SSH-2)

• A set of protocols, primarily used for remote
  access over a network
• By establishing an encrypted tunnel between an
  SSH client and an SSH server.
• Can be used to authenticate the client to the
  sever, and also to provide confidentiality and
  integrity
• Comprised of
• a Transport Layer protocol,
• a User Authentication protocol, and
• a Connection protocol.

67
Wireless Security

• Popular and Increasing Use of Personal Digital
  Assistants (PDA) and Cellular telephones, and
  increasing trend of Mobile Commerce
• Broadcast like radio transmission
• Serious need in Wireless security

68
Wireless Security

• Physical security of wireless devices
• Proliferation of many different platforms
• Protection of sensitive financial transactions
• Limitations of processing power and memory due to
  space and weight considerations
• No standard method for securing wireless
  transactions
• Public Key Infrastructure (PKI)

69
Wireless Application Protocol (WAP)

• Widely used by mobile devices to access the
  Internet
• Aimed at small displays and systems with limited
  bandwidth, not designed for large volume of data
• Also applied for network browsing through TV and
  automotive displays
• Like TCP/IP and HTML, it covers layer 7 to layer
  3 of OSI model
• Has less overhead than TCP/IP

70
WAP

• Wireless Markup Language (WML) and Script
• Wireless Application Environment (WAE)
• Wireless Session Protocol (WAP)
• Wireless Transaction Protocol (WTP)
• Wireless Transport Layer SecurityProtocol
• Wireless Datagram Protocol (WDP)

71
Wireless Security

• Class 1 (Anonymous Authentication)
• The client logs on to the server, but in this
  mode, neither the client nor the server can be
  certain of the identity of the other.
• Class 2 (Server Authentication)
• The server is authenticated to the client, but
  the client is not authenticated to the server.
• Class 3 (Two-Way Client and Server
  Authentication) the server is authenticated to
  the client and the client is authenticated to the
  server.

72
Wireless Security WAP GAP

• WAP GAP resulted from the requirement to change
  security protocols at the carriers WAP gateway
  from the wireless WTLS to SSL for use over the
  wired network.
• At the WAP gateway, the transmission, with is
  protected by WTLS, is decrypted and then
  re-encrypted for transmission using SSL.
• Thus the data is temporarily in the clear on the
  gateway and can be compromised if the gateway is
  not adequately protected.

73
Wireless Security

• WAP GAP
• Alternatively encrypt the data at the application
  layer
• Handheld Device Markup Language (HDML)
• With minimal security features
• Compact HTML (C-HTML)
• Direct competitor to WAP
• Primarily in Japan, through NTT DoCoMos I-mode
• Wireless Markup Language (WML)
• Public Key Infrastructure for Mobile applications
• Time lapse and Expiration of key, and thus Dead
  time versus One-time key

74
IEEE 802.11 Wireless Standard

• 802.11 Layers
• Physical (PHY)
• Medium Access Control (MAC)
• Direct Sequence (DS) spread spectrum,
• Frequency-hopping (FH) spread spectrum,
• Infrared (IR) pulse position modulation
• MAC
• Data transfer, Association, Reassociation,
  Authentication, Privacy, Power Management
• CSMA/CA protocol