The Design of a Cryptographic Security Architecture



Similar documents
Chapter 1. The Software Architecture. Wherein the cryptlib software architecture is presented.

Secure web transactions system

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Secure Network Communications FIPS Non Proprietary Security Policy

WebSphere DataPower Release FIPS and NIST SP a support.

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Network Security Essentials Chapter 7

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

FIPS Security Policy LogRhythm Log Manager

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Chapter 6 Electronic Mail Security

SecureDoc Disk Encryption Cryptographic Engine

ERserver. iseries. Secure Sockets Layer (SSL)

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

How To Encrypt Data With Encryption

CRYPTOGRAPHY AS A SERVICE

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

Computer System Management: Hosting Servers, Miscellaneous

Cryptography and Network Security Chapter 15

Configuring Secure Socket Layer HTTP

Pulse Secure, LLC. January 9, 2015

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

CCNA Security 1.1 Instructional Resource

The Security Framework 4.1 Programming and Design

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Intel EP80579 Software for Security Applications on Intel QuickAssist Technology Cryptographic API Reference

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

PGP from: Cryptography and Network Security

ISO Information Security Management Systems Professional

Enabling SSL and Client Certificates on the SAP J2EE Engine

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

ERserver. iseries. Securing applications with SSL

Cryptographic Security Architecture: Design and Verification

Savitribai Phule Pune University

Security Policy for Oracle Advanced Security Option Cryptographic Module

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

IBM Client Security Solutions. Client Security User's Guide

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

FIPS Documentation: Security Policy 05/06/ :21 AM. Windows CE and Windows Mobile Operating System. Abstract

Version Highlights. CertainT 100 SSL Accelerator. Version International. New hardware and software version. North America

Configuring and Tuning SSH/SFTP on z/os

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

UM0586 User manual. STM32 Cryptographic Library. Introduction

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.

FIPS Security Policy LogRhythm or Windows System Monitor Agent

Communication Security for Applications

Chapter 8. Network Security

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Security Toolkit. Version Copyright Peter Gutmann July 2013

Creating a More Secure Device with Windows Embedded Compact 7. Douglas Boling Boling Consulting Inc.

Using BroadSAFE TM Technology 07/18/05

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Communication Systems SSL

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

RSA Digital Certificate Solution

Integration Guide. Microsoft Internet Information Services (IIS) 7.0 and ncipher Modules. Windows Server 2008 (32-bit and 64-bit)

A Comparative Study on Vega-HTTP & Popular Open-source Web-servers

Complying with PCI Data Security

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Deploying iphone and ipad Security Overview

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)

IBM Global Security Kit Version Security Target

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)

Configuring Security Features of Session Recording

BlackBerry Enterprise Solution Security Release Technical Overview

ASA 8.x: Renew and Install the SSL Certificate with ASDM

ETSI TS V1.1.1 ( ) Technical Specification

Introducing etoken. What is etoken?

PLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

BlackBerry Enterprise Solution

Key Management Interoperability Protocol (KMIP)

2014 IBM Corporation

Chapter 10. Network Security

Security Digital Certificate Manager

Payment Transactions Security & Enforcement

Security Digital Certificate Manager

CS 758: Cryptography / Network Security

Secure Socket Layer. Security Threat Classifications

Computer Security: Principles and Practice

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Hash Functions. Integrity checks

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Client side. DESlock + Data Encryption

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

DarkFS - An Encrypted File System

Transcription:

The Design of a Cryptographic Security Architecture Peter Gutmann University of Auckland, New Zealand The Problem... design a versatile, multiplatform, crypto architecture Standard environment considerations 16/32/64 bit big/little endian CPU architecture Single vs multithreaded environments Random number generation (see Usenix Security 98) Data remanence problems (see Usenix Security 96) Unusual environment considerations No I/O (IMS) It s I/O Jim, but not as we know it (VM/CMS, MVS, IBM 4758) Very little memory (ATM modules) No memory management (EMS)

Existing Approaches Most existing approaches specify an API, not an architecture design Designs range from very basic libdes, Fortezza cryptologic interface to very complex BSAFE, Cryptoki/PKCS #11, JCE, MS CryptoAPI v1 are often nonportable MS CryptoAPI v2 or specific to a particular type of application GSSAPI, OSF DCE Security API, SESAME or unmanageably large and complex CDSA, the emacs of crypto API s The Solution Architecture is built on two main concepts Objects encapsulate the architecture s functionality A security kernel enforces a consistent security policy Security policy defines all permissible modes of access to objects by subjects Nondiscretionary policy is imposed on all subjects Discretionary policy can be specified by a subject and/or object

The Solution (ctd) Properties of the architecture All objects are contained within the architectures security perimeter Kernel manages access control lists for Each object Each attribute read/written/deleted for each object The Object Model Two object types Container objects store data, keys, certificates Action objects perform an action on data (encrypt, sign, etc) Objects are contained inside the architecture s security perimeter and referenced through abstract handles

Action Objects Encryption contexts encapsulate the functionality of a security algorithm DES object RSA object SHA-1 object HMAC-SHA object Often associated with another object, eg public key context with certificate Data Containers Envelope and session objects modify the data they contain Type of processing is controlled by attributes set by the subject Resulting data format is controlled by attributes set by the subject Usage example create envelope add signature-key attribute push in data pop out signed data destroy envelope Typical envelope object use: S/MIME, PGP Typical session object use: ssh, SSL

Key and Certificate Containers Contain one or more keys, certificates, CRL s, etc Appear as a (often large) collection of encryption contexts or certificate objects Key and Certificate Containers (ctd) Typical keysets Flat files with encrypted private keys PGP keyrings Smart card with public/private keys PKCS #11 device with keys or certificates Fortezza cards Relational database for certificates/crl s LDAP directory HTTP for certificates/crl s published on web pages

Security Attribute Containers Contain attributes attached to other objects Certificates associated with public/private key contexts Certificate chains Signing attributes associated with envelopes Object Security Example use of object security Server thread initialises object, loads keys Sets forwarding count to 1, locks object Forwards object (changes object owner) to worker thread Worker can t forward it further Worker can t reload keys or change other properties Original owner could also restrict usage, eg to decrypt-only

Object Access Mandatory vs discretionary ACL checking ACL is enforced by kernel according to a systemwide policy DACL is enforced on a per-object basis Step 1: ACL check Step 2: DACL check Object Access (ctd) Objects also have object-specific discretionary ACL s Is the access valid for the object in its current state? Example: Adding a subject name attribute to a certificate object is valid iff Size and type of attribute are valid Attribute is not already present Certificate isn t signed (and therefore immutable) DACL checking is performed by object-specific code

Object Attribute Security Object attributes have their own ACL s Example attribute: Triple DES key attribute label = CRYPT_CTXINFO_KEY type = octet string permissions = write-once size = 192 bits min 192 bits max Kernel checks all data passing in and out of the architecture Attribute ACL s allow a system-wide security policy to be set Example: Require that CRYPT_CTXINFO_KEY can never be < 128 bits Even if RC2/40 or DES are present, kernel will never allow them to be used The Object Life Cycle Object state is changed by the kernel when a trigger event is handled Loading keys into an encryption context, envelope, or session object Signing a certificate object

Multilevel Object Security Objects can allow different operations at different security levels Example: Plaintext = TS, ciphertext = U subject1 subject2 subject1 subject2 subject1 create envelope push public key push TS plaintext pop U ciphertext destroy envelope create deenvelope push TS private key push U ciphertext pop TS plaintext destroy envelope Disclaimer: Representative example only Kernel Design All critical security controls are enforced by the kernel Advantage: Security functionality is centralised Disadvantage: Security functionality is centralised Make sure the kernel works as required Build the kernel using good software engineering principles Decompose functionality into single-purpose, easy-tounderstand functions Apply Design by Contract Preconditions: Input conditions, assertions which are true on function entry Postconditions: Output conditions, assertions which are true on function exit

Kernel Design (ctd) C is rather limited in terms of what it can support Use tools like ADL (Assertion Definition Language) to verify code Write formal spec in ADL Mechanical verifier checks ADL specification against implementation Verifier produces test documentation in quantities appropriate for ISO 9000 Kernel Design (ctd) ADL partial example: Create a new object module kernel { int objecttable[]; nld { objecttable = kernel object table } int krnlcreateobject( const OBJECT_TYPE type, const int objectsize ) semantics { exception := cryptstatuserror( return ), normal :=!exception, @memfree() < objectsize <:> return == CRYPT_ERROR_MEMORY, exception --> unchanged( objecttable ), normally { isvalidobject( return ), isinternal( return ) } } }

Interobject Communications Objects communicate via message-passing Example: Load a key msg.source: msg.target: msg.type: msg.data: Subject (thread/process/user) Encryption context object Write attribute Attribute, type = Key, value = Kernel checks the target object s ACL Kernel checks the attribute s ACL Kernel forwards message to target object Interobject Communications (ctd) Messages can also act as general event notifications Example: Encryption context created from a key on a smart card Smart card is removed from reader, sends notification to all objects

Message Routing Kernel routes messages to the appropriate target based on message type Example: Message sent to certificate+context pair Read validity period attribute is forwarded to certificate Read key size attribute is forwarded to context Message Routing (ctd) Message routing leads to a very natural interface Caller need never be aware of the existence of multiple internal objects An object will appear to Do The Right Thing in response to a message Downside: You need to re-educate users who are used to more primitive interfaces How do I convert a certificate into a key? How do I find the key size used to secure an S/MIME message (processed via an envelope)? How do I encrypt a message using someone s certificate?

Object Internals Architecture design allows various levels of functionality to be encapsulated in separate modules and/or hardware Crypto accelerator encryption contexts Crypto device (eg PKCS #11) basic sign/encrypt level Secure coprocessor (eg IBM 4758) certificate/envelope/ session object Object Internal Details Each object consists of three main parts Object state information Message handler Function pointers for object methods Example: Software DES Hardware RSA

Data Formats Container object methods are set to format-specific functions on object creation To the user, the interface is identical for different output types an enveloped message can be switched from PGP to S/MIME just by setting the envelope type on creation Conclusion

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information