Introduction to PKI Technology

Size: px
Start display at page:

Download "Introduction to PKI Technology"

Transcription

1 Introduction to PKI Technology Version 1.5 Elaborated by Sylvain Maret & Cédric Enzler October 1999 Rev. 1.5: August

2 Course Map Day One Introduction Key Terms Cryptosystems Services, Mechanisms, Algorithms Cryptography in History Cryptanalysis Secret-Key Cryptography AES Lab exercise 1 Course Map Day One Public-Key Cryptography RSA Diffie-Hellman Message Digests Lab exercise 2 Random Numbers Key Length Lab exercise 3 File encryption 2

3 Course Map Day One Message Authentication Code (MAC, HMAC) Digital Signature RSA, DSS / DSA, ElGamal Hybrid Cryptosystems RSA Key Wrapping Diffie-Hellman Lab exercise 4 PGP (encryption and signature) Course Map Day One PKCS Standard Smart Card Lab exercise 5 SSH SSH Tunneling End of day one 3

4 Course Map Day Two Questions to day one? Revision quiz! PKI introduction Digital certificates X.509 certificates (Demo) Certificate Revocation (Demo) Certification Authorities RA, LRA Data Repositories (LDAP) S/MIME: How it works? Course Map Day two Lab exercise 6 S/MIME and LDAP SSL: How it works? Lab exercise 7 Web server SSL Lab exercise 8 Client SSL authentication End of day two 4

5 Course Map Day Three Questions to day two? Lab exercise 9 Smart Card installation (PKCS #11) Lab exercise 10 Playing the security officer with Keon Certificate Server Lab exercise 11 Revocation with client SSL authentication IPSEC: How it works? Course Map Day Three Lab exercise 12 IPSEC (SecuRemote Checkpoint) Demo IPSEC Cisco with CEP Cases study VPN RadGuard Secure Gate Encryption references sites Open discussion End of day three 5

6 Course Objectives Understand cryptographic fundamentals and how cryptographic technology is applied in a Public Key Infrastructure Know the elements of Public Key Infrastructure and how they interact with each other Understand and be able to describe some of the practical applications of PKI Understand why PKI is an attractive technology to enable e-commerce and enhance security Lab Topology Ayrton: Ayrton: SSL SSL Cerbere: CA Cerbere: CA LDAP, Mail LDAP, Mail Router IPsec Router IPsec Checkpoint Checkpoint fw1 fw1 Londron Londron Rome Rome Paris Paris Madrid Madrid Geneve Geneve Berlin Berlin Newton: Newton: DNS, DNS, SSH SSH 6

7 Lab Topology Domain name: pki.datelec.com Password: abc123 for all applications Be careful! You are an administrator Do not forget to change name site for labs! For Labs, you will work together with a partner (London and Rome for instance) Lab applications Netscape (example labs) Outlook 98 Lotus notes Internet browsers Netscape fortified (domestic) Microsoft Internet Explorer 5.0 export SSH Client Ldap Browser etc. 7

8 PKI, WHY? The rise of public data networks. Internet is a new platform for business relationships: E-business Business rules need to be translated into this new language. Hope behind PKI: to preserve classical business rules in this new virtual world. Drawbacks for E-E business Let s say you have an electronic contract which you need to distribute to another party over the Internet With existing Internet tools like www and you lose a lot compared to paper No assurance that the contract has been signed No guarantee that the contract is authentic No assurance of the contract s source Basically, it is worth than the paper where everything is printed on! 8

9 About needs... You need to know who you are dealing with (Authentication) You need to keep private things private (Confidentiality) You need to make sure that people do not cheat (Non-Repudiation) You need to be sure that information has not been altered (Integrity) If PKI is the answer then What is the question? On the Internet no one knows you're a dog! 9

10 Key Terms A message will be defined as plaintext or cleartext The process of disguising a message to hide its substance is encryption The encrypted message is referred to as ciphertext Decryption is the process turning ciphertext back into plaintext Key Terms Cryptography is the science allowing messages to be kept secure Cryptoanalysis is the art and science of breaking ciphertext Cryptology is the mathematics field Cryptologist are theoretical mathematicians 10

11 Cryptosystems A cryptosystem is a collection of cryptographic algorithms, cryptographic keys, and all possible plaintexts and theirs corresponding ciphertexts. Security Services Authentication: Provides the assurance of someone s identity Confidentiality: Protects against disclosure to unauthorized identities Non-Repudiation: Protects against communications originator to later deny it Integrity: Protects from unauthorized data alteration 11

12 Security Mechanisms Three basic building blocks are used: Encryption is used to provide confidentiality and integrity protection Digital Signatures are used to provide authentication, integrity protection and nonrepudiation Checksums / hash algorithms are used to provide integrity protection and can provide authentication One or more security mechanisms are combined to provide a security service Cryptography Algorithms All Cryptosystems are based on only three algorithms: 1 - Secret-Key algorithms 2 - Public-Key algorithms 3 - Message-Digest algorithms 12

13 Services, Mechanisms, Algorithms A typical security protocol provides one or more services SSL, IPSEC, TLS, SSH, etc... Services Signatures Encryption Hashing Mechanisms DSA RSA RSA DES SHA MD5 Algorithms Services are built from Mechanisms Mechanisms are implemented using Algorithms Security Protocol Layers Application Presentation Session Transport Network DataLink Physical S/MIME, PGP SSL, TLS, SSH IPSEC Hardware link encryption Application Presentation Session Transport Network DataLink Physical The further down you go, the more transparent it is The further up you go, the easier it is to deploy 13

14 Cryptography in History 2000 B.C. Hieroglyphics Cryptography as an Art Ancient Chinese First to transform messages in Ideographs for privacy India First Networks spies using phonetics encryption (Javanese or reverse speaking) Mesopotamia Numbers associate to letters (cuneiform table) Cryptography in History ATBASH cipher: In the Bible ABCDEFGH (clear) ZYXWVU (encrypted) Skytale Cipher (Greek) key: stick papyrus enrolled Polybius square (Greek) 14

15 Cryptography in History Runiques Stones by Vikings (Arts) Cryptography in History World War II: Electromechanical cryptography Rotor based machine transforming plaintext into ciphertext, using electrical signals as encryption key Example: Enigma machine used by Germans Ciphers were not new, but their processing was 1970-today: New ciphers: based on numbers properties issued from Mathematical theories RSA: Prime numbers factorization Diffie-Hellman: discrete logarithm ECDSA: Elliptic curve cryptography 15

16 Cryptanalysis Two categories of security levels Computationally secure: Question of time and money (Brute force attack) (Most of the cryptosystems: DES, 3DES, IDEA, RSA, DH etc.) Unconditionally secure: Can never be broken independently of the resources One-time pads Several Cryptanalytic Attacks Ciphertext only Brute force attack and dictionary attacks on keys Chosen ciphertext Start from a known ciphertext and try to appear as someone else to get information from others behavior Known Plain ciphertext Derive the key from knowledge of both plain and ciphertext 16

17 Secret-Key Cryptography Use a secret key to encrypt a message into a ciphertext Use the same key to decrypt the ciphertext into the original message Secret-key cryptography is referred also as symmetric cryptography or conventional cryptography The secret key is also known as session key or bulk encryption key Secret-Key Cryptography Let us imagine Alice and Bob who use Secret-Key to protect their messages Plaintext Plaintext Ciphertext Ciphertext Plaintext Plaintext Secret-Key Secret-Key 17

18 Secret-Key Cryptography How to share the Secret-Key? Alice and Bob can use the phone, fax, a meeting point, etc. But!?: Could someone steal the key? How to proceed without partner knowledge? Secret-Key Cryptography The Advantages Implementation is efficient to encrypt large volume of data (100 to faster than Public-Key Cryptography) Simple to implement in either software or hardware Most of the algorithms are well know and secure Seem to be safe to brute force attack Widely used 18

19 Secret-Key Cryptography The Disadvantages Hard to share Secret-Keys Large number of keys No non-repudiation (Signature) Subject to interception (Secret-Key) Secret-Key Cryptography Number of needed keys Suppose Alice, Bob and Chris want to use Secret- Key Cryptography! They need only 3 keys 19

20 Secret-Key Cryptography Increase of keys number Suppose they want to add Dawn and Eric Now they need ten keys Secret-Key Cryptography If n persons want to communicates we have this formula: Key s number = ((n)*(n-1)) / 2 As example: A company of people = keys! 20

21 Secret-Key Cryptography Block cipher: Encrypts data in predefined block size Most well-known ciphers are block ciphers Stream cipher: Encrypts data stream, one-bit at the time Only few algorithms use it Secret-Key Cryptography Common Secret-Key Ciphers DES Triple DES (3DES) RC2 IDEA Blowfish CAST-128 Skipjack RC4 (Stream cipher) etc. 21

22 Secret-Key Cryptography DES Data Encryption Standard (1973) by IBM World Standard for 20 years DES was broken in 22 hours (DES challenge III, January 18th, 1999) Key size = 56 bits Block cipher Recommendation: should be replaced by 3DES for high confidentiality requirements! Secret-Key Cryptography Triple DES (3DES) Block cipher Encrypt + decrypt + encrypt with 2 (112 bits) or 3 (168 bits) DES keys DES s replacement for Banking (1998) Recommendation: Use it for high confidentiality! 22

23 Secret-Key Cryptography RC2 Designed by Ron Rivest from RSA Block cipher Key size = up to 2048 Encryption speed: independent from the key size Trade secret from RSA, posted on the net in 1996 Designed as a DES replacement Faster than DES Recommendation: like DES but faster! Secret-Key Cryptography CAST-128 Designed by C.Adams and S. Tavares (1993) Block cipher Key size = 128 bits Used in PGP 5.x Recommendation: unknown 23

24 Secret-Key Cryptography IDEA International Data Encryption Algorithm Designed by X.Lai and J. Massey (ETH Zurich) in 1990 Block cipher Key size = 128 bits More efficient than DES for software implementation Used in PGP Recommendation: Better than DES Secret-Key Cryptography Blowfish Designed by B. Schneier in 1993 Optimized for high-speed execution on 32-bit processors Block cipher Key size = up to 448 bits key Recommendation: Use for fast performances and with a maximum key size 24

25 Secret-Key Cryptography Skipjack Designed by NSA (National Security Agency) Block cipher Key size = 80 bits Recommendation: Inadequate for long term security (key size too short) Secret-Key Cryptography GOST Acronym for GOsudarstvennyi STandard Russian answer to DES Key size = 256 bits Recommendation: Incompletely specified to give an answer... 25

26 Secret-Key Cryptography RC4 Designed by Ron Rivest from RSA Stream cipher Key size = up to 2048 bits Optimized for fast software implementation Trade secret from RSA, posted on the net in 1994 Very fast Used in SSL, Lotus Note, Windows password encryption, Oracle etc. Recommendation: Highly recommended for long keys (>40 bits) Secret-Key Cryptography Many, many others There is no good reason not to use one of above proven algorithms! 26

27 Secret-Key Relative Performance FAST RC4 Blowfish, CAST-128 Skipjack DES, IDEA, RC2 3DES, GOST SLOW AES National Institute of Standard and Technology expressed a formal call for algorithm on The aim is to define the next century s symmetric encryption standard or Advanced Encryption Standard AES1 conf. (08.98): 15 potential candidates AES2 conf. (03.99): 5 retained candidates Final choice expected for summer

28 AES candidates MARS (IBM) RC6 (RSA Laboratories) Rijndael (J. Daemen, V. Rijmen) Serpent (R. Anderson, E. Biham, L. Knudsen) Twofish (B. Schneier - Counterpane) AES requirements Block cipher of minimum 128 bits Must implement symmetric keys of 128, 192, 256 bits Must be efficient on software and hardware basis (high speed encryption) 28

29 Secret-Key Cryptography Use a symmetric encryption to encrypt a text file (DES and IDEA) Time: 15 minutes P.27 Public-Key Cryptography Use two distinct keys, one public and one private The private is kept secret The public can be freely shared Referred as asymmetric cryptography A public-key and its corresponding key are mathematically related A public-key and its associated private-key are called a key-pair 29

30 Public-Key Cryptography A message encrypted with a public-key can be only decrypted by the private-key A message encrypted with a private-key can be only decrypted by the public-key (Signature) Public-Key Cryptography Suppose Alice wants to send a message to Bob using Public-Key Cryptography Plaintext Plaintext Ciphertext Ciphertext Plaintext Plaintext Bob s Bob s public public key key Bob s Bob s private private key key 30

31 Public-Key Cryptography How to obtain the public-key? Any publishing way can be used to get the publickey (Directory servers, Phone, Web server, Newspapers etc.) No more confidentiality issues in key distribution Public-Key Cryptography Advantages No secret sharing Fewer keys No prior relationship needed Easier to administrate Offers useful mechanisms like digital signature (offering non repudiation) 31

32 Public-Key Cryptography Disadvantages Not efficient (slow) to encrypt large volume of data Keys need to be much longer than with secret-key encryption Impossible to encrypt a plaintext with size > key Types of public-key algorithm A public-key algorithm is reversible if encryption and decryption can be processed with either a private or a public-key A public-key algorithm is irreversible if a privatekey is mandatory for encryption Key exchange algorithm: neither used for encryption nor decryption (Diffie-Hellman) 32

33 RSA Inventors: Rivest, Shamir, Adleman in 1977 Most popular Provide confidentiality, digital signature and key exchange Key length up to 4096 Plaintext length < Key length Ciphertext size = Key size RSA RSA is protected by a patent. Patent expires on 20th September 2000 Relies on irreversible mathematics functions (Prime numbers) PDAs, WAPs: RSA Multi-Prime 33

34 Diffie-Hellman Published in 1976 by W. Diffie and M. Hellman Oldest known public-key cryptosystem Key agreement algorithm Enables secret-key exchange without prior knowledge Agrees on shared secret used in conjunction with a secret-key Cryptosystem (DES, 3DES, IDEA, etc.) Diffie-Hellman Hellman: : How it works? Alice s private key Bob s public key Alice s public key Bob s private key Share Share Secret Secret Key Key = Share Share Secret Secret Key Key 34

35 DSA Compliant to Digital Signature Standard (DSS) Published in 1994 Irreversible algorithm (encryption with private key only) Used in Digital signature only Performance tuned for smart cards Comparative Public-Key table Algorithm DSA Type Digital Signature El-Gamal Digital Signature RSA Diffie-Hellman Confidentiality Digital Signature Key exchange Key exchange 35

36 Message-Digest Algorithms Take a variable-length message and produce a fixed-length digest as output The fixed-length output is called the message digest, a digest or a hash A message-digest algorithm is also called a one-way hash algorithm or a hash algorithm Message-Digest Algorithms Input Message Hash Function Fixed-length Digest 36

37 Message-Digest Algorithms Message-Digest Algorithms properties required to be cryptographically secure It must not be feasible to determine the input message based on its digest It must not be possible to find an arbitrary message that has a particular, desired digest It should be impossible to find two messages that have the same digest (collision) It should be very sensitive to input message changes Message-Digest Algorithms Some Common Message-Digest Algorithms MD2: 128-bit-output, deprecated, by Ronald Rivest MD4: 128-bit-output, broken, by Ronald Rivest MD5: 128-bit-output, weaknesses, by Ronald Rivest SHA-1: 160-bit-output, NSA-Designed RIPEMD-160: 160-bit-output Haval: 128 to 256 bit-output (3 to 5 Passes) CRC-32: 32-bit-output Recommendation: Use SHA-1 37

38 Message-Digest Algorithms Message-Digest at work Creation of digital signatures Creation of MAC, HMAC Creation of secret-key with a passphrase File checksum (FTP server, Patches, etc.) FIA (File Integrity Assessment like Tripwire) Powerful tool to detect small changes Message-Digest Algorithms Use Message-Digest Algorithms to compute a file s digest (MD5 and SHA-1) Time: 15 minutes p.31 38

39 Random Numbers Random numbers are usually required to generate cryptographic keys or challenge. Two main categories (PRNG) Pseudo Random Number Generator uses a deterministic algorithm to generate a pseudo random number based on a seed (mouse, keyboard, etc..) A random number generator generates truly unpredictable numbers. Based generally on special hardware (white noise, radioactive-decay, etc ) Random Numbers A very secure cryptosystem can be broken if it relies on random numbers that can be guessed Netscape browser using SSL broken! Some PRNG Yarrow from B. Schneier CryptPack etc. 39

40 Keys Length To break a secret-key cryptosystem with no weakness, an attacker must try each possible key. This is called a brute force attack To break a public-key cryptosystem an attacker should use smarter brute force attack based on mathematics Key space dimension = 2n (n:keylength) What is the right key size? The goals of cryptography are to make the value of encrypted information less than the money spent to decrypt it! the value of information usually decreases over time 40

41 RSA s Challenge on DES (III) Method: splitting the Key space for distributed Brute Force Attack (space dimension = 2n, where n is the key-length) Starting date: Ending: 22h15 min. later Brute Force Attack frequency: 245 Billions keys/sec. Platforms: Cray/Sun/SGI/Pentium etc.. RSA s Challenge on RSA-155 Key-length: 512 bits = 155 digits Method: Prime number factorization Starting Date: August 99. Ending: 5 months later Time: 35.7 CPU years Platforms: SGI/Sun/Pentium etc. 292 computers 41

42 Keys time of life Most of the time, session keys are changing (IPSec, etc.) to enforce security Can be triggered by time or by encrypted data quantity Public-Key vs Secret-key Secret-key (bits) Public-Key (bits)

43 Blowfish Advanced CS: How it works? Blowfish Advanced CS File encryption software using symmetric encryption Used secret-key from a password or a keydisk Support key splitting Wipes sensitive information Used secret-key ciphers like: Blowfish 3DES Twofish 43

44 Blowfish Advanced CS Use SHA-1 to generate secret-key from a password Use random (PRNG) to create the key file and to overwrite (wiping) data File Encryption Setup a file s encryption software to protect sensitive information Time: 20 min p.38 44

45 Message Authentication Code MAC is a fixed-length data item that is send together with a message to prove integrity and origin Provide authentication and integrity without confidentiality Also referred as message integrity code (MIC) Most common form is HMAC ( Hashed Mac) Example: HMAC-MD5 Message Authentication Code Input Message + Secret-Key Hash Function HMAC HMAC 45

46 Digital Signature Digital signature is a data item that guarantees the origin and integrity of a message The signer of the message uses a signing key The recipient uses a verification key to verify the origin and integrity Signing key = private-key Verification key = public-key Digital Signature By using his own private key, the signer can not repudiate the fact he has signed the message This mechanism provide non-repudiation Think about the difference with MAC 46

47 Digital Signature: Basics Simple signature using PRIVATE-key Plaintext Plaintext Ciphertext Ciphertext (Signature) (Signature) Plaintext Plaintext Alice s Alice s private private key key Alice s Alice s public public key key Digital Signature: How it works? Plaintext Plaintext Plaintext Plaintext Alice s private key Digest Digest MD1 MD1 = MD2 MD2?????? Alice s Public key Signature Signature Signature Signature 47

48 Digital Signature Why signing a message involves Hashing? Signature (data item) is too big Performance (public-key is very slow) Possible attack (known plaintext attack) Common Signature Algorithms RSA Well known Export limitation DSA Similar to RSA (algebraic properties of numbers) Non-reversible algorithm, suitable for digital signature only ElGamal Another cipher for digital signature only 48

49 Hybrid Cryptosystems A Hybrid Cryptosystem combines the best features of both Secret-Key and Public-Key cryptography Used to exchange session key to initiate a symmetric encryption Example: PGP, SSL, IPSEC using Diffie-Hellman or RSA Example: Diffie-Hellman and Secret-Key cryptosystem Asymmetric Symmetric Share Share Secret Secret Key Key = Share Share Secret Secret Key Key Plaintext Plaintext Ciphertext Ciphertext Plaintext Plaintext 49

50 RSA Key wrapping encryption Suppose Alice wants to send an encrypted text to Bob across the Internet, using RSA key wrapping RSA Key wrapping encryption How it works? Alice creates a session key, which is a one-timeonly secret-key Alice encrypts the data with the session key Alice encrypts the session key with Bob s publickey Alice sends the ciphertext + the encrypted session key to Bob 50

51 RSA Key wrapping encryption RSA Key wrapping decryption How it works? Bob receives the message from Alice Bob uses his private-key to recover the temporary session key Bob uses the session key to decrypt the ciphertext 51

52 RSA Key wrapping decryption RSA Key wrapping question? How sure can Alice be about Bob s presumed public-key? 52

53 Man in the Middle Attack! PGP: How it works? 53

54 PGP: introduction Stands for Pretty Good Privacy By Phil Zimmerman (1991) Worldwide distributed in 1991 Provides mail and file encryption/signature Today: PGP Available on many platforms like: Unix Windows Linux Atari, Macintosh, OS/2 etc. PGP Introduction Contains a set of algorithms for Message digest: MD5, SHA1 and RIPEMD Public-key: RSA, DSA Secret-key: DES, 3DES, CAST-128 and IDEA Data compression: LZH 54

55 Original PGP signature Using RSA and MD5 for example Quiz! 55

56 Original PGP encryption Encryption based on RSA key wrapping Original PGP decryption Decryption based on RSA key wrapping 56

57 Quiz! PGP today To enforce security, PGP offers today DSS and DH key exchange Support for x.509 certificate as well 57

58 PGP Trust model Originally, PGP trust models were: Direct trust (hosts mutually and directly trusted) Web-of-Trust If Alice trusts Bob and Bob trusts Charlie, then Alice will trust Charlie In other words friends of my friends are my friends Today, hierarchical trust is also possible Other PGP products PGP Phone to transform a desktop into a secure phone via real-time encryption PGP disk offering privacy to file system PGP SDK development kit 58

59 PGP Use PGP for sending a signed and encrypted Time: 40 min P.49 SSH: How it works? 59

60 SSH SSH = Secure Shell Originally developed in 1995 as a secure replacement for rsh, rlogin,rcp, ftp, telnet Originally implemented in Finland Available worldwide About users around the world SSH Also allows port forwarding (tunneling over SSH) X11 connection forwarding SSH v2 submitted to IETF Can be run and used in a short space of time Many SSH clients available Secure CRT F-Secure Java Client etc. 60

61 SSH: Why? Unix Unix Host Host Login: rome Password: abc123 Network Attacker with sniffer Original TCP Packet Telnet Telnet to to Unix Unix Host Host SSH-1 1 Protocol (Hybrid Crypto) Client Server TCP 22 Auth request S S Session SSH DATA SSH Handshake Public Key Symmetric Encrypted data Client performs TCP handshake with the server at port 22 for SSH standard port Start authentication process. Client send authentication request The server responds with two keys. Host key 1024 bit RSA and a Server key 768 bit RSA (Generated hourly) Client verify host key and generate a secret key that is used for bulk encryption then encrypt this secret key twice with Host and Server public keys and send it to the server SSH Server decrypt the session key with the two private keys. Begin bulk encrypted data exchange. Client encrypts Server decrypts request, encrypts and sends response 61

62 SSH Ciphers SSH v1 RSA DES, 3DES, Blowfish, IDEA SSH v2 Diffie-Hellman for key exchange algorithm DSA, RSA 3DES, Blowfish, IDEA, Twofish, Arcfour, Cast-128 SSH Authentication Multiple Authentication mechanisms Static password (protected by SSH encryption) RSA or DSA authentication (client decrypts challenge from server) Plug-in authentication (Securid, Radius, ldap, PAM *).rhosts or /etc/hosts.equiv (Based on IP address) * 62

63 SSH Authentication (RSA/DSA) Client decrypts challenge from server Provides strong authentication (client uses his private-key plus a PIN code) Server sends encrypted challenge with client s public key Client decrypts challenge and sends it to the server The challenge is chosen randomly SSH Tunneling mode HTTP HTTP SSH SSH Client Client Corporate Net Web Web server server Encrypted SSH tunnel Clear text SSH SSH Server Server DMZ 63

64 SSH Setup a SSH client to replace Telnet. Use two authentication mechanisms. Setup a SSH tunnel Time: 60 min p. 64 PKCS Public Key Cryptographic Standard (PKCS) Standardization of public-key algorithmic, in order to maintain interoperability Developed by RSA Laboratories, a consortium of information technology vendors and academic institutions. Apple Microsoft Compaq Lotus Sun MIT etc. 64

65 PKCS list #1: Encrypting and signing using RSA public key cryptosystem #3: Key agreement with Diffie-Hellman key exchange #5: Encrypting with a secret key derived from a password #7: Syntax for message with digital signature #8: Format for private key information #9: Attribute type for use in other PKCS standard #10: Syntax for certification request #11: Define a cryptoki programming interface (API for smart cards) #12: Portable format for storing and transporting private keys #13: Encrypting and signing data using elliptic curves cryptography #14: Standard for pseudo number generation #15: Standard to store credentials on tokens Smart Card Smart Cards consist of a chip (processor or/and memory), a contact plate and a piece of plastic (ISO x85x0.8 mm) Smart Cards are used for multi-applications GSM, Banking, Medical, E-Commerce, Pay TV, etc 65

66 Smart Card and PKI Storing the private-key and/or X.509 certificate on the Smart Card Provide Strong Authentication Something you have, Something you know Access protected by a PIN (like credit card) Types of Smart Card Memory Cards PKI smart cards using Crypto-processor (RSA, etc.) Some Smart Card are brute force protected Smart Card Standard (interface) PKCS #11 also call Cryptoki Interface for the communication to Smart Card Netscape, RSA PC/SC and their Crypto API Bull, Gemplus, HP, Intel, Microsoft, Schlumberger Siemens, SUN, Toshiba 66

67 Smart Card Reader Keyboard USB Serial PCMCIA Diskette reader SCSI Today s s Smart Card Drawbacks Hardware... Multi-Services rarely used Users leave Smart Card on the reader 67

68 End Day One Questions Day One? 68

69 Quiz! Describe Secret-Key? Advantages / Disadvantages Describe Public-Key? Advantages / Disadvantages Describe Messages Digest? Describe Digital Signature and verification? Differences between MAC and signature? Describe two Hybrid Cryptosystems? Describe a challenge response based authentication? PKI introduction The aim of PKI is to integrate all the previous mechanisms and algorithms into a coherent and efficient structure. It will answer the following fundamental security needs: Authentication Confidentiality Non-Repudiation Integrity The basis of PKI relies on the concept of certificates 69

70 PKI basis function PKI will include at least: One Certificate Authority who delivers certificates One Directory who stores active Certificates and/or Revoked Certificates One Registration Authority who allows certificates enrollment One centralized Management Remember Alice, Bob and Charlie... Bob has no proof of the link between Alice s public-keys and her identities So What? 70

71 Third Trusted Party Trusted Authority Direct Trust Direct Trust No more Charly Implicit Trust Digital Certificates A public-key certificate is a bond between an entity s public-key and one entity The entity can be: A person A role (Manager Director) An organization A piece of hardware (Router, Server, IPSEC, SSL, etc.) A software process (JAVA Applet) A file (Image, Databases, etc.) etc. 71

72 Digital Certificates A Public-key certificate provides assurance that the public-key belongs to the identified entity A Public-key certificate is also called a digital certificate, digital ID or certificate The entity identified is referred to as the certificate subject If the certificate subject is a person, it is referred to as a subscriber Digital Certificates A certificate is like a passport... 72

73 How to obtain a certificate As with passports, you give proof of your identity to an official (or trusted) authority. The authority checks this proof. The authority delivers a signed passport. This procedure is defined as an enrollment Instead of enrolling for a passport we ll enroll for digital certificate. Digital Certificates Graphical representation of a certificate 73

74 Demo: certificate view X.509 Certificate Standard X.509 is a standard for digital certificate by International Telecommunications Union (ITU) First published in 1988 (V1.0) Version 2.0 (1993) adds two new fields Current version is v3.0 (1996) and allows additional extension fields 74

75 X.509 Basic Certificate Fields Version: X509 version 1,2 and 3 Certificate serial number: Integer assigned by the CA (unique) Signature algorithm identifier: RSA/MD5 etc. Issuer name: name of CA having signed and issued the certificate Validity period: time interval Subject name: the entity name (this name must be unique = distinguished name (DN) ) X.509 Basic Certificate Fields Subject public-key information: contains the public-key plus the parameters Issuer unique identifier: optional field Subject unique identifier: optional field Extensions: may provide additional data for specific applications. And the Certification Authority's Digital Signature 75

76 SSL X.509 example Data and Signature section in human-readable format! SSL X.509 example Here is the same certificate in the 64-byte-encoded format interpreted by a software 76

77 How to build a Certificate X.509 Certificate X.509 Fields Public key Identity etc. Digital Signature Process CA CA s Signature Think of it like a credit card Digital Credit Union DCU GOOD THRU LAST DAY OF 06/98 Andrew Nash Validity Period Signature Issuer Name Subject Name AUTHORIZED SIGNATURE Andrew K Nash Public Key 77

78 How to verify a certificate? Obtain the Signer s (CA) public-key Pass the X.509 fields into the message digest algorithm and keep the digest (= your digest 1) Decrypt the Certificate signature with the Signer s (CA) public-key. The decrypting plaintext will be the digest (= your digest 2) Compare the digest 1 with the digest 2 Does this match together? Verifying a certificate? X.509 Fields Public key Identity etc. CA s Signature MD1 MD1 = MD2 MD2?????? CA s CA s public public key key 78

79 A few words about CAs Entities that issue and manage digital certificates including maintaining revoking publishing status information CAs security policy defined in CPS (Certification Practice Statement) Security measures to guarantee CA s integrity Security measures to check enrollment s identity Trust level relies upon CPS and not technology Few words about CAs PKI security relies on CA s private-key secrecy Should never be acceded Should be backed-up Solution: store it inside dedicated tamperproof hardware 79

80 Type of CAs Private CAs: Hold by a private entity (Company, Administration, the Military) Public CAs: Verisign, Swisskey, GTE, Thawte, Global-sign, Certplus, etc. A CA can be hybrid as for instance On-site services of Verisign Registration Authority (RA) A Registration Authority is the entity receiving the certification requests and managing them before sending them to the CA. RA acts as a front end. As in hybrid CAs, the registration authority can be separate from the CA itself. In this case we talk about Local Registration Authority (LRA) Multiple sites for big companies Distributed environment 80

81 (L)RA Front End LDAP X.500 Directories required more effort and complexity than most companies were prepared to invest Lightweight Directory Access Protocol was proposed by the Internet community LDAP uses the X.500 naming conventions but simplifies the way you interact with a directory 81

82 LDAP LDAP is a front end that is used to implement simple directory services An LDAP Server may be implemented over: a full X.500 Directory a database a flat file Most of structured data set CA will use LDAP to publish certificates and CRLs Demo: browsing ldap 82

83 Certificate Revocation Certificate Revocation: Mechanism used by the CA to publish and disseminate revoked certificates Revocation is triggered in the following cases: Key compromise CA compromise Cessation of operation Affiliation change etc... Certificate Revocation Several data structures exist to publish revocation CRL (Certificate Revocation List) ARL (Authority Revocation List) CRT (Certificate Revocation Trees) by Valicert Also Online query mechanisms OCSP (Online Certificate Status Protocol) 83

84 CRL s publication and retrieval Certificate-using applications must be aware of revoked certificates Get CRL via ldap Get CRL via FTP, Http, Https, etc. Check certificate status via OCSP Etc. Problem to solve: Revocation delay! Not yet fully standardized (Delta CRLs, OCSP etc.) CRL Version 2 structure Version Signature algorithm Issuer DN Update Date Next Update Date List of revoked certificates per-certificates extensions Extensions 84

85 CRL Version 1 view (text) CRL Version 1 view (PEM) 85

86 Demo: get a CRL OSCP CA Pushing Revocation LDAP PKI enable Applications OCSP over http OCSP Responder OCSP FTP, http others Backend 86

87 Distinguish Names X.509 certificates bind a Distinguish Name (DN) to a public-key A DN is a set of name-value pairs, such as uid=cenzler, that uniquely identify an entity Example: a typical DN of a Datelec employee: C=CH, O=Datelec, OU=Engineering, L=Geneva, CN=Cedric Enzler, Distinguish Names DNs may include a variety of other name-value pairs (see X.500 standard) Most CAs are LDAP compliant. Thus, DNs will be used as entries in Directories that support LDAP 87

88 Single CA Until now, we assumed the presence of a unique CA certifying all users. Thus, there s a direct relation between users and their CA X509 X509 X509 X509 X509 X509 Multiple CAs top-down Typical CA implementation for large companies Root CA X509 Trust relation Subordinate CAs X509 X509 Subordinate CAs X509 X509 Certificates X509 X509 X509 X509 X509 88

89 Trust Because a CA has a certificate itself and represents the highest possible trust level, the CA has its self-signed certificate A self-signed certificate is a Root Certificate or Meta-Introducer A certificate-using application (any X.509 holders) must trust the Root certificate Importing a Root certificate into such an application is called Bootstrapping a CA Bootstrapping must be considered as a very critical operation! Trusted Root certificates Many applications (as http browsers) have already embedded root certificates 89

90 Demo: Bootstrap Swisskey Trust architecture Assume Alice, Bob and Charly are exchanging s Root CA X509 CA3 X509 X509 CA1 X509 X509 CA2 X509 X509 X509 X509 X509 A B C 90

91 Simple Case Alice receives Bob s and the X.509 certificate How can Alice check Bob s certificate? She looks at Bob s signer Does she know the signer? Yes: Is it a self-signed? No: Is the upper level CA trusted? X509 Root 3 X509 Bob X509 CA3 2 1 More complicated... Alice receives Charly and the X.509 certificate How can Alice check Charly certificate? Charly sent intermediary CAs certificates along with his own certificate. This is the chain of certificates Thus, the validation process will be... X509 Charly 1 X509 CA2 2 X509 CA1 3 X509 Root 4 91

92 Cross certification A typical case: merging of Certification Islands: X509 X509 X509 X509 X509 X509 X509 X509 X509 X509 X509X509 X509 X509 X509 X509X509 X509 X509 X509 Let s s be practical! User enrolls for certificate Admin mailed notification User mailed acknowledgement RA User mailed retrieval PIN Security Officer User Admin Approves request User retrieves certificate CA Certificate installed LDAP 92

93 Some X.509 certificate types CA certificate (Root) S/MIME SSL server/client IPSec gateway/client Object signing certificates Java script Image signature for copyright File detection intrusion (binary certifications) etc. PKI Standards Some standard organizations: IETF PKI Working Group (PKIX) ITU SPKI RSA with PKCS 93

94 PKI Vendors Some Public CA 94

95 PKI Summary Based on Certificates (X.509) Trusted third party (CA) (L)RA CRL Data repositories Mechanisms and protocols between all these elements S/MIME: How it works? 95

96 S/MIME Secure Multipurpose Internet Mail Exchange Developed by RSA, Microsoft, Lotus, Banyan, and Connectsoft in 1995 Implemented at application layer Build on top of PKCS #7 and PKCS #10 Very strong commercial vendor acceptance Netscape, Microsoft, Lotus, etc. IETF developed S/MIME v3 (last version) Use X.509 certificates S/MIME S/MIME provides four services: Security Services Security Mechanism Message origin authentication Digital Signature Message integrity Digital Signature Non-repudiation of origin Digital Signature Message confidentiality Encryption 96

97 S/MIME Ciphers Symmetric encryption 3DES 168 bit DES 56 bit RC2 128, 64 and 40 bit Public-Key RSA 512 to 1024 bit S/MIME Signature Suppose Alice sends a S/MIME signed to Bob Mime format Alice s Private Key Digest MIME encoded format 97

98 S/MIME Encryption Suppose Alice sends a S/MIME encrypted to Bob Random Session Key Bob s Public Key Mime Format Plaintext Encoding Ciphertext MIME encoded format S/MIME dual Key? Dual Key Pair One key pair for encryption One key pair for signature and non repudiation CA must support key backup and recovery Key pair for encryption generated on the CA itself! Draw back: Not all client support Dual Key Pair 98

99 S/MIME The student will setup an system using S/MIME. He will use digital signature and encryption. Certificates retrieval done by ldap. Time: 45 min p.77 SSL: How it works? 99

100 SSL Secure Sockets Layer TCP/IP socket encryption Provides end-to-end protection of communications sections Confidentiality protection via encryption Integrity protection with MAC s Usually authenticates server using a digital signature (option) Can authenticate client (option) SSL History SSL v1 designed by Netscape in 1994 Netscape internal usage SSL v2 shipped with Navigator 1.0 and 2.0 Microsoft proposed PCT (Private Communications Technology), which overcame some SSL v2 shortcomings SSL v3 latest version The progresses of PCT were echoed in SSL v3 TLS v1 developed by IETF 100

101 SSL Protocol The SSL protocol runs above TCP/IP The SSL protocol runs below higher-level protocols such as HTTP or IMAP SSL Ports from IANA nsiiops 261/tcp # IIOP Name Service over TLS/SSL https 443/tcp # http protocol over TLS/SSL smtps 465/tcp # smtp protocol over TLS/SSL (was ssmtp) nntps 563/tcp # nntp protocol over TLS/SSL (was snntp) imap4-ssl 585/tcp # IMAP4+SSL (use 993 instead) sshell 614/tcp # SSLshell ldaps 636/tcp # ldap protocol over TLS/SSL (was sldap) ftps-data 989/tcp # ftp protocol, data, over TLS/SSL ftps 990/tcp # ftp protocol, control, over TLS/SSL telnets 992/tcp # telnet protocol over TLS/SSL imaps 993/tcp # imap4 protocol over TLS/SSL ircs 994/tcp # irc protocol over TLS/SSL pop3s 995/tcp # pop3 protocol over TLS/SSL (was spop3) msft-gc-ssl 3269/tcp # Microsoft Global Catalog with LDAP 101

102 SSL Ciphers The SSL protocol supports the use of a variety of different cryptographic algorithms or ciphers DES (56) 3DES (168) RC4 (40 or 128) RC2 (40) Fortezza (96) IDEA (128) SHA-1, MD5 DSA RSA (Key exchange) SSL Handshake Negotiate the cipher suite Establish a shared session key Authenticate the server (Optional) Authenticate the client (Optional) 102

103 SSL Handshake Client performs TCP handshake with the server at port 443 for HTTPS which is HTTP in SSL Client S TCP Hello Cert GET URL DATA Server 443 S SSL Handshake Asymmetric KB Bulk Encrypted HTTP Protocol Symmetric Start Cipher negotiation. Client sends SSL HELLO containing ciphers supported by the client and a random number. The server responds with a HELLO containing the ciphers to use and a random number. Note the server selects the ciphers to be used. RSA, RC4 and MD5 are most common. Start pass secret. Server sends it s CERTIFICATE. Client uses certificate to encrypt the pre-master Secret and sends to Server. Both compute bulk encryption KEYS from secret and random numbers. Client and Server exchange CHANGE CIPHER SPEC and FINISH messages. Begin bulk encrypted data exchange. Client encrypts and sends HTTP GET. Server decrypts request, encrypts and sends response Server sends FINISH and closes with TCP handshake A SSL connection consists of an SSL handshake followed by bulk encrypted protocol Client authenticate server Is today's date within the validity period? Is the issuing CA a trusted CA? Does the issuing CA's public-key validate the issuer's digital signature? Does the domain name in the server's certificate match the domain name of the server itself? 103

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

More information

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0 Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Standards and Products. Computer Security. Kerberos. Kerberos

Standards and Products. Computer Security. Kerberos. Kerberos 3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

More information

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Configuring Digital Certificates

Configuring Digital Certificates CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

As enterprises conduct more and more

As enterprises conduct more and more Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

mod_ssl Cryptographic Techniques

mod_ssl Cryptographic Techniques mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

Chapter 8 Virtual Private Networking

Chapter 8 Virtual Private Networking Chapter 8 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FWG114P v2 Wireless Firewall/Print Server. VPN tunnels provide secure, encrypted

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Lecture 10: Communications Security

Lecture 10: Communications Security INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Computer System Management: Hosting Servers, Miscellaneous

Computer System Management: Hosting Servers, Miscellaneous Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation

More information

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

CCNA Security 1.1 Instructional Resource

CCNA Security 1.1 Instructional Resource CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7. Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa 7. [N b ] PKb B Here,

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD TCP/IP and Encryption CIT304 University of Sunderland Harry R. Erwin, PhD Resources Garfinkel and Spafford, 1996, Practical UNIX and Internet Security, O Reilly, ISBN: 1-56592-148-8 B. Schneier, 2000,

More information

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS) Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations

More information

Cryptography & Digital Signatures

Cryptography & Digital Signatures Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

Managing SSL certificates in the ServerView Suite

Managing SSL certificates in the ServerView Suite Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition September 2015 Comments Suggestions Corrections

More information

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status 10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary

More information

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:

More information

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback

More information

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol SSL/TLS TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol HTTPS SSH SSH Protocol Architecture SSH Transport Protocol Overview SSH User Authentication Protocol SSH Connection Protocol

More information

Digital Certificates Demystified

Digital Certificates Demystified Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

ERserver. iseries. Securing applications with SSL

ERserver. iseries. Securing applications with SSL ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons

More information

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Secure Socket Layer Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Abstraction: Crypto building blocks NS HS13 2 Abstraction: The secure channel 1., run a key-exchange

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Cryptography and Network Security Chapter 15

Cryptography and Network Security Chapter 15 Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

Network Security Essentials Chapter 7

Network Security Essentials Chapter 7 Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003

INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003 INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003 History of Cryptography The concept of securing messages through cryptography has a long history.

More information

ERserver. iseries. Secure Sockets Layer (SSL)

ERserver. iseries. Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted

More information

A Noval Approach for S/MIME

A Noval Approach for S/MIME Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information