CISSP101

Get Prepared And Pass The CISSP Exam

Cryptography

Cryptography is the basis for most of the security mechanisms. It involves scrambling some kind of useful information, in its original form called plaintext, into a garbled form, called ciphertext. One of the fundamentals objectives of cryptography is to provide confidentiality by implementing encryption methods. In addition to confidentiality cryptography is also used to provide data integrity, authentication, and non-repudiation.

1. Confidentiality/secrecy - cryptographic algorithms that are used for plain text encryption should guarantee secrecy. Unauthorized subjects should not be able to derive any information about the plaintext from the observed cipher text.

2. Data integrity - no one should be able to substitute any part of a message or the whole message, either accidentally or deliberately without being detected.

3. Authentication - the receiver of a message should be able to verify its origin. No one should be able to send a message on behalf of someone else. When a communication is initiated each entity should be able to identify each other.

4. Non-repudiation - the sender of a message should be able to later deny that she/he sent the message or participated in a transaction.

History of Cryptography

The word “cryptography” originates from the Greek words kryptos, and graphein, which mean hidden, secret and writing, respectively. Cryptography has been used for centuries to hide messages when they are submitted through means where they might be intercepted.

The history of cryptography can be broadly divided into three phases:

1. From ancient civilizations to the nineteenth century and the first part of the twentieth century, with relatively simple algorithms that were designed and implemented by hand.

2. Extensive use of encrypting electro-mechanical machines, around the period of the Second World War.

3. Ever more pervasive use of computers, about in the last fifty years, supported by solid mathematical basis.

In ancient times the cryptography was used within the following three contexts: private communications, art and religion, and military and diplomatic use.

There are multiple examples from ancient Egypt of funeral engravings in which the transformation of words gave a sense of mystery, occult, magic, and gave dignity and honor to the dead person.

The antique cipher of the Greek historian Polibio used a table, with rows and columns, to associate a letter to a pair of numbers.

One of the earliest known cipher systems was used by Julius Caesar to communicate with Cicero in Rome while he was conquering Europe. Caesar knew that there were several risks when sending messages—one of the messengers might be an enemy spy or might be ambushed while en route to the deployed forces. For that reason, Caesar developed a cryptographic system now known as the Caesar cipher. This was an extremely simple cryptographic system. To encrypt a message, you had to simply shift each letter of the alphabet three places to the right. The Caesar cipher is a substitution cipher.

Note: history of crypto part is not yet completed

Basic Cryptographic Terminology

Cipher Cipher is an algorithm for converting plain text into unreadable format/ ciphertext (encryption) and converting back the ciphertext to a plain text (decryption). A cipher is defined over a pair of efficient algorithms - encryption algorithm and a decryption algorithm and a cryptographic key.

Depending on the type of key used ciphers are divided into:

      • Symmetric key - the same key is used for encryption and decryption. Examples - AES, DES, 3DES, Blowfish.
      • Asymmetric key - public key is used for encryption and private key is used for decryption. Examples - Elliptic Curve, ElGamal, Diffie-Helman, and RSA.

Depending on the type of input data:

      • Block ciphers - a block of data with fixed size is encrypted. Examples - AES, Rijndael, DES, 3DES, IDEA, RC5, Blowfish, etc.
      • Sream ciphers - continuous stream of data is encrypted. Examples - RC4, CSS, Salsa 20, A5/1, A5/2, Chameleon, FISH, Helix, Sosemanuk, etc.

Cryptographic Key Key in cryptography is a sequence of symbols that controls the encryption and decryption operations in a cryptographic algorithm. The key should be the only part of a cryptographic algorithm that is kept secret.

Ciphertext Ciphertext is the encoded version of a message or other plaintext. Ciphertext is a result of encryption.

Plaintext Plaintext is what you have before encryption.

Cryptanalisys Cryptanalysis is the science of cracking codes, decoding secrets, and finding weaknesses in cryptographic algorithms and their implementations.

Symmetric Key Algorithms

Symmetric-key cryptography refers to encryption methods where both senders and receivers of data share the same key and the data is encrypted and decrypted with algorithms based on this key. The same key on both ends of the communication is used to encrypt and decrypt messages. The main purpose of the symmetric key encryption is to provide confidentiality. Other popular names for symmetric key cryptography are:secret key, private key, single key, session key, and shared key cryptography.

The main weaknesses of the symmetric key cryptography are:

      • Key Distribution - preexisting communication links need to exist for key distribution. Symmetric key cryptography does not provide a secure method for exchanging shared keys must be implemented.
      • Symmetric key cryptography does not provide integrity, non-repudiation, and authentication.
      • Scalability - it is extremely difficult for large groups to communicate using symmetric key cryptography.
      • Size and life time of the key - each time a participant leaves the group, all keys that involved that participant must be discarded. The key has to be large in size to prevent bruteforce attacks.

The major strength of the symmetric key cryptography is its speed. Symmetric keys are very fast - 1,000 to 10,000 times faster than asymmetric. Due to this factor symmetric key cryptography is widely used in hardware implementations.

Based on the type of input data the symmetric ciphers are divided into two types:

      • Block ciphers - a block of data with fixed size is encrypted. Examples - AES, Rijndael, DES, 3DES, IDEA, RC5, Blowfish, etc.
      • Sream ciphers - continuous stream of data is encrypted. Examples - RC4, CSS, Salsa 20, A5/1, A5/2, Chameleon, FISH, Helix, Sosemanuk, etc.

Stream Ciphers

Stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cyphertext stream. It is also called a state cipher, as the encryption of each digit is dependent on the current state.

One-time pad

One-time pad is an example of a secure cipher, originally designed by Vernam in 1917. In this algorithm the message length is equal to the key length and the cipher text length. The cipher text is this algorithm is simply the result of XOR of the plain text with the key and the plain text is the XOR result of the cipher text with the key.

The one-time pad can be secured only for one time use, because it is easy to compute the key using the cipher text and the corresponding plain text message.

This is a really fast cipher, however it is very difficult to use in practice. The reason why it is difficult to use in practice is because the keys are as long as the messages, and if there is a way to securely transport each one time key, this method can be then used to transport the actual message.

RC4

RC4 is one of the most commonly implemented stream ciphers. It was developed in 1987 by Ron Rivest and was considered a trade secret of RSA. This cipher is broken and should not be used. RC4 is widely used in SSL (Google uses it for HTTPS). It has also been incorrectly implemented in the WEP protocol. It has a variable key size. The algorithm of this protocol is very simple, fast, and efficient, which is why it became so popular. It is however, vulnerable to related key attacks and bias in initial output.

CSS

Content Scrambling System is a hardware stream cipher, used for encrypting DVDs It is based on the LFSR - linear feedback shift register. DVD encryption uses two LSFRs (CSS). GSM encryption uses 3 LSFRs(A5/1,2), Bluetooth encryption uses 4 LFSRs (E0). All of these cipher are implemented in hardware.

Fish

Fish is a stream cipher which was published by Siemens in 1993. Fish is a fast, software based cipher using Lagged Fibonacci generators and a concept from the shrinking generator cipher. Fish has a huge key length and it is extremely fast, unfortunately it can be broken with just a few thousand bits of known plaintext.

Salsa 20

Salsa 20 is an eStream type cipher that can be easily used for software and hardware implementations. Salsa 20 can take as input 128 or 256 bit keys. The 128 bit implementation generates in addition to the key a 64 bit nonce. Given the key and the nonce this algorithm generates a very long sequence, that is generated by using the key, the nonce and a counter that gets incremented step-by-step. This algorithm has no significant attacks on it and it is a fast and secure cipher.

Block Ciphers

Block cipher is a deterministic algorithm operating on fixed-length chunks of data, called blocks. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data.

DES

The Data Encryption Standard was developed in the early 1970s at IBM and based on an earlier design by Horst Feistel. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976.

DES is now considered to be insecure for many applications, as it is vulnerable to brute-force attacks because of the relatively small, 56-bit size of its key. In 1999, a DES-encrypted message was cracked in just 22 hours using a distributed network of 100,000 PCs. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks.

DES has five modes of operation: Electronic Codebook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, and Counter (CTR) mode.

All of the DES modes operate on 64 bits of plain text at a time to generate 64-bit blocks of cipher text. The key used by DES is 56 bits long.

Electronic Codebook Mode ECB mode is the simplest, but the most insecure mode if the DES algorithm. Each time when a 64-bit block is processes by the algorithm, it is simply encrypted by using the chosen secret key. This means that if the algorithm is used on the same block multiple times, it will produce the same encrypted block. In practice, ECB is used only for exchanging small amounts of data, such as keys and parameters used to initiate other DES modes as well as the cells in a database.

Cipher Block Chaining Mode CBC mode each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm. A random IV (initialization vector) is used to encrypt the first block of the message. In the decryption process the XOR operation is reversed and the decryption algorithm is applied.

Cipher Feedback Mode CFB mode is the streaming version of CBC. It uses an IV and chaining just like CBC with the only difference that CFB operates against data produced in real time by using memory buffers of the same block size instead of breaking a message into blocks. When the memory buffer fills up it gets encrypted and then sent to the recipient.

Output Feedback Mode The only difference between CFB and OFM modes is that, instead of XORing an encrypted version of the previous preceding block of cipher text, OFM XORs the plain text with a seed value. An IV is used to create the seed value for the first encrypted block.

Counter Mode CTR mode uses a stream cipher similar to CBF and OFB modes. The difference is that CTR uses counter value instead of seed. This method is well suited for parallel computing, as it allows you to break an encryption or decryption operation into multiple independent steps.

Triple DES

The Triple Data Encryption Algorithm (TDEA or Triple DEA) block cipher applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. Triple DES was designed to provide a relatively simple method of increasing the key size of DES to protect against such attacks, without designing a completely new block cipher algorithm.

Triple-DES uses 64 bits input, 168 bit key and outputs 64 bit output. It is used is the banking industry and more specifically by the mechanisms used by the banks to clear checks between one another. 3DES uses the Feistel Network as its main mechanism.

The Feistel Network uses a number of arbitrary functions (that does not have to be invertible), which are used to build invertible functions, which map 2n input to 2n bit output. DES uses 16 rounds of the Feistel Network mechanism. 3DES is an expansion of the DES algorithm. The DES algorithm uses 56 bit key, and the key size for 3DES is 3x56 = 168 bit. Due to the size of the key DES is vulnerable to exhaustive search attack. 3DES uses the same mechanism as the DES, however the key which is three times larger gets divided into three keys. 3DES is implemented by encrypting the plaintext using K3 and DES then decrypting the result by using K2 and then encrypting the result from step 2 using K1. Basically 2DES strengthens DES against exhaustive search attack. 3DES is three times slower that DES.

IDEA

The International Data Encryption Algorithm (IDEA) block cipher was developed in response to complaints about the insufficient key length of the DES algorithm. Like DES, IDEA operates on 64-bit blocks of plain/cipher text. However, it begins its operation with a 128-bit key. A popular implementation of IDEA is found in Phil Zimmerman’s popular Pretty Good Privacy (PGP) secure email package.

Blowfish

Blowfish block cipher is another alternative to DES and IDEA and it was designed by Bruce Schneier. Like its predecessors, Blowfish operates on 64-bit blocks of text. However, it extends IDEA’s key strength even further by allowing the use of variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits. Blowfish is a much faster algorithm than IDEA or DES and s built into a number of commercial software products and operating systems. There are also a number of Blowfish libraries available for software developers.

AES

Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process.

Each of the AES ciphers have a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The larger the key size, the more secure is the block cipher, however it also becomes slower with increasing the key size. AES is build on the Substitution Permutation Network. While in the Feistel network, half of the bits remain unchanged from round to round, in the Substitution-Perm network all the bits are changes in every round. The substitutions implemented in each round are based on substitution tables which are completely reversible, unlike in DES. The wound function is applied 10 times in AES.

Asymmetric Key Algorithms

Asymmetric key algorithms, also known as public key algorithms, provide solution to the weaknesses of the symmetric key encryption. A set of two keys is used in these type of systems: a public and a private key. The public key can be shared with all users and the private key is kept private and is known only to the user.

The major strengths of the asymmetric key encryption are:

      • Asymmetric key cryptography provides integrity, authentication, and nonrepudiation.
      • Removing users from a system is easy and it requires only that their key is cancelled.
      • Scalability - only one pair of keys is generated in order to add users to the system.
      • Key regeneration is required only when a user’s private key is compromised.
      • Key distribution is very simple, because the public key can be shared with anyone and can be made publicly available.

The major weakness of the public key cryptography is its slow speed. This is the reason many applications that require the secure transmission of large amounts of data use public key cryptography to establish a connection and then exchange a symmetric secret key and symmetric encryption is used for the remainder of the session.

RSA

RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm. RSA was first published in Scientific American, August 1977. This algorithm is widely used in SSL/TLS certificates and SSL/TLS key-exchange, in secure email and file systems, e-commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. A typical RSA key uses a large prime number of a 1024 bit keys ~ 300 digits long.

Here are is an example of how RSA works:

      • 1. To generate the public and private key pair, we select two prime numbers p & q:
        • p=29
        • q=31
      • 2. From the selected prime numbers we calculate n, n = p * q = 29 * 31 = 899
      • 3. Then we calculate t, t=(p-1)*(q-1)=840
      • 4. The next step is to choose a number e, which is relatively prime to t (t cannot be divisible by e)
        • e=11
      • 5. Now we need to find d, such as d*e=1 mod t. This means that d*e/t will give us a remainder 1.
      • We will have to compute the inverse of e mod t. The results will be:
        • p — 29
        • q — 31
        • n — 899
        • t — 840
        • e — 11
        • d — 611
      • 6 The public key consists of n and e.
      • 7. The public key consists of n and d.
      • 8. Messages are getting encrypted with the public key, using the following formula: C=m^e mod n
      • 9. In order to decrypt the message n and d are used(the private key). M=C^d mod n.

Diffie-Hellman

Diffie-Hellman protocol is a method for exchanging private keys. It was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. This is one of the earliest practical examples of Key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. It is a type of key exchange.

Here is an example of how Diffie-Hellman protocol works:

      • 1. Define parameters of the Diffie-Hellman protocol p and g, they are chosen once and they are fixed forever:
        • 1. Define a large prime p (“large” - about 600 digits)
        • 2. Define an integer g in {1, …, p}
      • 3. Alice and Bob will the parties of the communication in this example. Alice chooses a random number “a” in {1, …, p-1} and computes g^a(mod p) and then sends the result “A” to Bob.
      • 4. Bob chooses a random value “b” in {1, …, p-1} and computes b^b(mod p) and then sends the result “B” to Alice.
      • 5. Now Alice and Bob can generate a shared secret key, K=g^a.b
      • 6. Alice computes this by taking the value B and raising it to the power of a mod p.
      • 7. Bob also computes the secret key, K=A^b (mod p). Even is the attacker sees p, g, A and B, she/he cannot compute the secret key g^a.b.

El Gamal

The ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange. It was described by Taher Elgamal in 1984. ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption. El Gamal, however is not used much in practice as it has a major disadvantage — the algorithm doubles the length of any message it encrypts. This presents a major hardship when encrypting long messages or data that will be transmitted over a narrow bandwidth communications circuit.

Elliptic Curve

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz from the University of Washington and Victor S. Miller from International Business Machines (IBM) in 1985.

Hashing Algorithms

Hashing algorithm is a cryptographic algorithm that takes a large input and returns a fixed-length size string called a message digest or a hash value.

Hash functions have to be able to take an input of any length and return an output of a fixed size. The hash functions are said to be one-way functions, which means that it is computationally infeasible to revert this function or to find collisions.

Hash functions are typically derived from block ciphers.

The Merkle-Damgard function is a method for constructing collision resistant compression functions for long messages from collision resistant hash functions for short messages.

The Davies-Meyer compression function is a method that implements a block cipher by using a message block as the key and the chaining variable as the input to the function.

For a hash function to be secure, it must be resistant to existential forgery attacks:
1. it should be computationally impossible to find message that corresponds to a given message digest.
2. it should be computationally impossible to find two different messages that produce the same message digest.

SHA

SHA is a secure hash algorithm that consists of five functions designed by the NSA and published by NIST. SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 are the five algorithms.

SHA-1 is the most commonly used and it has been broken in theory but not in practice. It takes an input of virtually any length, the upper bound of approximately 2,097,152 terabytes on the algorithm, and produces a 160-bit message digest. The SHA-1 algorithm processes a message in 512-bit blocks. The total length of the message has to be a multiple of 512 bits. The message get padded even if it turns out to be be exactly a multiple of 512 bits. This is implemented to prevent existential forgery attacks.

Due to the fact that SHA-1 got broken in theory, SHA-2 got created. SHA-2 has four variants:

      • SHA-224 - uses 512-bit message blocks and outputs 224-bit message digest.
      • SHA-256 - uses 512-bit message blocks and outputs 256-bit message digest.
      • SHA-512 - uses 1024-bit message blocks and outputs 512-bit message digest.
      • SHA-384 - truncates the output of SHA-512 to produce a 384-bit message digest.

MD2

MD2 stand for Message Digest version 2, and it was invented by Rivest in 1989. This algorithm is both slow and insecure and must not be used in new designs. MD2 is specified in RFC1319 and it produces the 128 bit digest of a message. It processes the message in chuncks of 16 bytes. A 16-byte checksum is appended to the message. A 128-bit message digest is then generated by using the entire original message along with the appended checksum. It was proven by Frederic Mueller that MD2 is not a one-way hash and this is the reason it should not be any longer used.

MD4

MD4 stand for Message Digest version 4, and it was invented by Rivest in 1990. MD4 is an enhanced version of MD2 with increased level of security. MD4 is specified in RFC1320 and produces the 128 bit message digest. MD4 first pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits. For example, a 16-bit message would be padded with 432 additional bits of data to make it 448 bits, which is 64 bits smaller than a 512-bit message. The 512-bit blocks of the message are then processed to return a final output of 128-bit message digest.

MD4 is also a broken hash algorithm and it should not be used. A modern PC could be used to find collisions for MD4 message digests in less than one minute.

MD5

MD5 stand for Message Digest version 5, and it was invented by Rivest in 1991. This algorithm is also insecure and should not be used in new implementations. MD5 is specified in RFC1321 and produces the 128 bit digest of a message. It also processes 512-bit blocks of the message, but it uses four distinct rounds of computation to produce a digest of 128 bits. MD5 has the same padding requirements as MD4. Even though this algorithms implements additional security feature, it is broken and should not be used. Arjen Lenstra and others demonstrated in 2005 that it is possible to create two digital certificates from different public keys that have the same MD5 hash.

Message Authentication Code

MAC is a Message Authentication Code and it is used to provide message integrity. This is actually the basic mechanism in providing message integrity.

MAC consists of two parts:

      • 1. A Signing algorithm.
      • 2. A Verification algorithm.

When a message is send the signing algorithm which takes as an input the message and a secret key produces a tag, which is much shorter than the messages. The generated tag gets appended to the message. The receiving party, then uses the MAC verification algorithm which takes the tag, the message, and the key as an input and outputs a “yes” or “no”, depending on the fact if the message is valid or compromised.

HMAC

HMAC is a specific type of MAC function. HMAC is used in SSL, IPsec, SSH, and many other protocols. HMAC is a standardized method to convert collision resistant hash function into a MAC. HMAC works by using an underlying hash function over a message and a key. It is typically used in a combination with a block cipher and it is currently one of the predominant mean to ensure that secure data is not corrupted in transit over secure channels.

HMAC generates a Message Authentication Code by using the following formula:
HMAC(M) = H[(K XOR opad)||H[(k XOR ipad)||M]]
Where:
M = Message
H[] = Underlying Hash function
K = Shared Secret Key
opad = outer padding, repeated as needed
ipad = inner padding, repeated as needed
|| = concatenation operation
XOR = XOR operation
The HMAC is then sent over secure channel as any other MAC.

ECBC MAC

Encrypted CBC MAC is mainly used in banking for check clearings. A message is taken and broken into blocks, each as long as the output of the underlying function and then the message is run through the CBC chain without outputting intermediate values. In each step of the chain the result/output is being fed as the input to the next step. The final output is then run through the same function, using another independent key and the final output is the tag of the message. In some cases the tag can be truncated to a smaller value. Commonly used as an AES-based MAC.

Public Key Infrastructure

Public Key Infrastructure is a framework that enables trust on the Internet. PKI consists of protocols, services, and standards supporting applications of public-key cryptography.

PKI binds public keys with respective user by using entities called certificate authorities (CA). PKI has the following main components:

Certificate Authority (CA) is an entity that issues digital certificates

Validation Authority (VA) is an entity that checks the validity of a electronic certificate by referring to a list of invalid certificates, and it confirms whether the electronic certificate was issued by a sufficiently trustworthy Certification Authority.

Registration Authority (RA) is an entity that ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation.

Certificate Signing Request (CSR) is a message that is generated from an applicant and provided to a certificate authority in order to apply for a digital identity certificate.

Digital Certificates

Digital Certificates represents a digital passport and can be used instead of passwords for authentications. To obtain a digital certificate you have to provide information about yourself to a trusted public body called a certification authority, such as VeriSign, Inc. or Thawte Consulting. The certification authority validates your information and then issues your digital certificate. The digital certificates follow the international standard - X.509 and contains the following information:

      • Verision of X.509 which the certificate follows
      • Serial number (from the certificate creator)
      • Signature algorithm - specifies the algorithm used by the certificate authority to sign the message
      • Issuer name - name of the certificate authority
      • Validity period - specifies the start and the end date of the certificate validity
      • Subject’s name - contains the distinguished name of the entity that owns the certificate
      • Subject’s pubic key - the public key used to set up secure communication

A digital certificate consists of a private and a public key. The private key is secret and available only to the person that posses it. The public key can be made available to anyone without compromising the associated private key. The digital signature uses the private key to sign/encrypt a hashed value of a message and the public key is used to decrypt this hashed value.

Certificate Authority

Certificate Authority (CA) are neutral organizations that offer notarization services for digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. Certificate authorities usually have some kind of agreement with a financial institution that provides the information used to confirm an individual’s identity.

Some of the most popular certificate authorities are:

      • VeriSign
      • Comodo
      • Thawte
      • Geotrust
      • Starfield Technologies
      • GoDaddy
      • Network Solutions

The certificates issued by a CA are only as good as the trust placed in the organization that issued them. This is an important item to consider when receiving a digital certificate from a third party. If you don’t recognize and trust the name of the CA that issued the certificate, you shouldn’t place any trust in the certificate at all. PKI relies upon a hierarchy of trust relationships. If you configure your browser to trust a CA, it will automatically trust all of the digital certificates issued by that CA. Browser developers preconfigure browsers to trust the major CAs to avoid placing this burden on users.

Registration Authority

A registration authority (RA) is an authority that verifies user’s identities to process requests for a digital certificate and tells the certificate authority (CA) whether to issue the certificate or not to issue it. A RA is an optional component that can be used to “offload” many of the administrative functions that CA would have to assume in case RA is missing.

Repositories

In PKI a repository is a generic term used to denote any method for storing and retrieving PKI-related information such as public key certificates and CRLs. A repository can be an X.500-based directory with client access via the Lightweight Directory Access Protocol (LDAP), or it may be something much simpler such as retrieval of a flat file on a remote server via the File Transfer Protocol (FTP) or the Hyper Text Transfer Protocol (HTTP).

PKI Management Funcitons

Enrollment

Registration

The registration is the first step from the enrollment process. In order to take advantage of the PKI, all subjects must be enrolled into the PKI. Registration is the first step of the enrollment process. This step is usually associated with the initial verification of the subject’s identity. Once the subject’s identity is verified in accordance with the applicable policies, the subject is typically issued one or more shared secret(s) and other identifying information that will then be used for subsequent authentication as the enrollment process continues. The distribution of the shared secret(s) is typically performed out-of-band and may in fact be based on pre-existing shared secret(s).

Initialization

A successful registration is followed by initialization. This step requires the initialization of the associated trust anchor with the subject. Key pair generation is performed in this step, which involves the creation of the public/private key pair associated with the end subject.

Certification

The certification is the last part of the enrollment process. If the key pair is generated external to the CA, the public key component must be conveyed to the CA in a secure manner. Once generated, the certificate is returned to the End Entity and/or published to a certificate repository.

Key Pair Recovery

Key pair recovery allows subjects to restore their lost encryption/decryption key pair from an authorized key backup facility. Access to the keying material may be required if a subject association with an organization changes(for example, in the case of employee resignation, dismissal, or personal injury) or in association with legitimate law enforcement requirements. Key pair recovery can be used to support both of these requirements as well.

Key Pair Update

Certificates are issued with validity periods. Key pair update involves generation of a new key pair, and the issuance of a new public key certificate. Key pair update can be updated in advance of a given key pair’s expiration.

Revocation Request

The circumstances that existed when the certificate was issued can change before the certificate naturally expires. This is when a certificate might have to get revoked. Reasons for revocation include private key compromise, change in affiliation, name change, etc. The Revocation Request allows an subject (or RA) to request revocation of a given certificate. Of course, out-of-band mechanisms may also be supported/required, and the subject may not be involved with the revocation process at all.

Cross-Certification

A cross-certificate is a public key certificate that is issued by one CA to another CA. In other words, a cross-certificate is a public key certificate that contains the public key of a CA that has been digitally signed by another CA.

Cryptographic Protocols

SSL

Secure Sockets Layer is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.

SSL protocol consists of two main parts:

1. Handshake Protocol: In this part public key cryptography is used to establish a shared secret key.

      • 1.1 The client sends to the server the client’s SSL version number, cipher settings, randomly generated data, and other information the server needs to communicate with the client using SSL.
      • 1.2 The server also sends the client the server’s SSL version number, cipher settings, randomly generated data, and other information the client needs to communicate with the server over SSL. In addition to that the server sends its digital certificate. If the client is requesting a server resource that requires client authentication, requests the client’s digital certificate.
      • 1.3 The client authenticates the server, using the information provided. If the server cannot be authenticated, the user is warned of the problem. If the server gets successfully authenticated the client proceeds to the the next step.
      • 1.4 The client generates a premaster key, encrypts it with the server’s public key and send the encrypted key to the server.
      • 1.5 (Optional steps, in case the server requests authentication from the client). The client signs another piece of data that is unique to the handshake, sends the encrypted data to the server, along with its digital signature and along with the encrypted premaster key.
      • 1.6 The server attempts to authenticate the client. If the authentication is successful the server decrypts the premaster key with its private key and using the premaster key, generates the master key.
      • 1.7 Both the client and the server use the master secret to generate session keys which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session.
      • 1.8 The client informs the server that future messages from the client will be encrypted with the session key. It then sends a separate encrypted message indicating that the client portion of the handshake is finished.
      • 1.9 The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate encrypted message indicating that the server portion of the handshake is finished.

2. Record layer: Data is transmitted using symmetric stream cipher and the private key that was established in part 1.

IPSec

IPsec protocol is used to encrypt IP packed between a sender and a recipient. The sender and the recipient have a secret key, which is used to encrypt the IP packets that are sent between the sender and the recipient.

IPSec’s operation can be broken in 5 steps:

      • 1. The IPSec process is initiated by so called “Interesting Traffic”.
      • 2. IKE phase 1. In this phase the IPSec peers get authenticated and their identities are protected.
        • The IKE SA policies are negotiated and matched between the peers to protect the IKE exchange.
        • A Deffie-Hellman exchange is used to establish a shared secret key and to pass nonces.
        • A secure tunnel is setup to negotiate IKE phase 2 parameters.
      • 3. IKE Phase 2.
        • IPSec SA parameters are negotiated protected by an existing IKE SA.
        • IPSec SAs are periodically renegotiated to ensure security
        • An additional Diffie-Hellman negotiation is performed (optional)
      • 4. Packets are encrypted and decrypted using the encryption specified in the IPSec SA.
      • 5. Tunnel termination - IPSec SAs terminate through deletion or by timing out.

Attacks on Cryptography

Cryptanalytic Attacks

The science of cracking codes and decoding secrets is called cryptanalysis. Cryptanalysis also finds weaknesses in cryptographic algorithms and their implementations. The cryptographic algorithms should not be secret and should be available to the public. Only the key needs to be kept secret in a cryptographic algorithm. This concept is also known as the Kerchoff principle (also known as Kerchoff’s assumption)

The cryptanalytic attacks can be classified into six categories:

1. Cipertext-only attack a cryptanalyst is able to uncover any information about the plaintext, given only the ciphertext.

2. Known-plaintext attack a cryptanalyst is able to find the private key by knowing the plaintext and the corresponding ciphertext.

3. Chosen-plaintext attack a cryptanalyst is able to choose multiple plaintext messages that get encrypted and then he receives the corresponding ciphertext messages and is able to recover the key.

4. Adaptive-plaintext attack a cryptanalyst is able to choose multiple subsequent plaintexts based on the information from the previous encryptions.

5. Chosen-ciphertext attack a cryptanalyst selects the ciphertext and is able to obtain the corresponding plaintext in order to try an recover the key.

6. Adaptive-chosen-ciphertext attack a cryptanalyst is able to choose multiple subsequent ciphertexts based on the information received from the previous decryptions.

Brute-Force Attacks

Brute-force crypto attacks, also referred to as exhaustive search attacks are attacks where each possibility is tried until the secret key is uncovered. Typically, a cipher-text is deciphered under different keys until plaintext is recognized. Advances in technology and computing performance have made brute-force attacks increasingly practical against keys of a fixed length.

Birthday Attack

A birthday attack is implemented to find collisions. The name of this attack is based on the fact that the probability of two or more people in a group of 23 sharing the same birthday is greater than 1/2. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations.

Man-in-the-Middle Attack

This attack is relevant for cryptographic communication and key exchange protocols. The idea is that when two parties, A and B, are exchanging keys for secure communication (e.g., using Diffie-Hellman), an adversary positions himself between A and B on the communication line. The adversary then intercepts the signals that A and B send to each other, and performs a key exchange with A and B separately. A and B will end up using a different key, each of which is known to the adversary. The adversary can then decrypt any communication from A with the key he shares with A, and then resends the communication to B by encrypting it again with the key he shares with B. Both A and B will think that they are communicating securely, but in fact the adversary is hearing everything. The usual way to prevent the man-in-the-middle attack is to use a public key crypto system capable of providing digital signatures. The parties must know each others public keys in advance. After the shared secret has been generated, the parties send digital signatures of it to each other. The man-in-the-middle can attempt to forge these signatures, but fails because he cannot fake the signatures.

Hardware Attacks on Cryptographic Devices

Hardware attacks on cryptographic systems can be divided into three categories: side-channel attacks, fault attacks, and physical tampering.

Side-channel attacks Side-channel attacks are non-invasive cryptographic attacks and no hardware modifications are required. A side-channel refers to information that is leaked by the implementation of cryptographic hardware. Examples of side-channels are sound, infrared radiation, time delays, power consumption, and electromagnetic radiation. This “leaked information” may be statistically related to the underlying computations or keys, giving clues that are useful to a cryptanalyst. Some of the most popular side-channel attacks include - timing attacks, power analysis, and electromagnetic analysis.

Fault Attacks Fault attacks are semi-invasive hardware cryptographic attacks. Hardware fault (an unexpected condition or defect) can lead to a processing mistake that could be beneficial to a cryptanalyst. Fault attacks might overlap with physical tampering. Methods of inducing faults include: supplying noisy power or clock signals, incorrect voltage, excessive temperature, radiation or high energy beams such as UV or laser.

Physical Tampering Physical tampering is an invasive low level cryptographic hardware attack. It is hard to implement and generally it requires specialized equipment to carry out. Part of the difficulty with any physical attack is determining the precise location of important units such as memory, registers, etc.

Crypto Attacks on Implementation

Attacks on Crypto Trust models