Public and Private Keys

7/21/2019 Public and Private Keys

http://slidepdf.com/reader/full/public-and-private-keys 1/116





In this module we will cover some basic definitions of cryptographic systems and

encryption.

Then we will delve a little deeper and discuss symmetric and asymmetric keys as wellas the use of message digests and digital signatures.

Finally, we will look into various controls used to protect data and data

communications to include Public Key Infrastructures, IPSec and VPN technologies



By the end of this module you should be able to recognize and discuss the basics of

encryption and cryptographic systems.

You should also be familiar with the difference between symmetric and asymmetrickeys as well as what a Public Key Infrastructure is.

Moreover, you should understand the applicability of message digests and hashes.

Finally, you should be familiar with the various ways encryption is used to help

protect data and data communications.





Cryptographic systems are those that use hardware and/or software to encrypt and

decrypt data.

Relating to Information Assurance, cryptographic systems provide assurance andprotection in a variety of ways to data and data communications.

Overall, however, encryption addresses the confidentiality factor of Information

Assurance.

Encryption attempts to protects data against eavesdroppers being able to understand

an intercepted message or a file’s contents.

Cryptography can also be used to assure that originators of messages are who they

claim to be (thus addressing the authentication aspect of Information Assurance).

This is typically accomplished through message digests and digital signatures.

Assurance of integrity that a message or file has not been changed can also be

accomplished through various encryption mechanisms like message digests or hash



functions.

Finally, cryptographic systems can also offer assurance that if an attacker interrupts a

message and transmits it again later, the receiver will not accept the message.

This is known as an anti-reply protection feature.



Encryption is the process of converting some message from its original state to a

state that cannot be understood by unauthorized viewers.



Cryptology is the science of encryption.

Within the science is cryptography, or the encoding and decoding of messages, text,

files, etc. and Cryptanalysis which is the process of deciphering an original messagefrom an encrypted message without prior knowledge of the algorithm or the keys

involved.



Cryptographic systems use cipher algorithms to convert unencrypted messages (or

plain text) into an encrypted message (or cipher text).

The target of the encryption does not have to be “text.” The term plain text is a“hold-over” term from early days of encryption.

Cipher algorithms are mathematical formulas or methods used to convert the

unencrypted message into an encrypted message.

Some examples of cipher algorithms are DES, 3DES, AES, Blowfish, etc.

The Cipher is the actual transformation of individual components (characters, bytes,etc) of unencrypted messages into encrypted messages.

The Cipher text is the unintelligible encrypted or encoded message resulting from an

encryption

Thus, a Cryptosystem is a set of transformations necessary to encipher and decipher

a message.





Any given cipher algorithm or individual encryption is only as strong as the available

key space.

A Key is the information used in conjunction with the algorithm to create the Ciphertext from the plaintext.

Stated a slightly different way, a key is a series of bits used in a mathematical

algorithm or knowledge of how to manipulate the plaintext

The Key Space is the entire range of values that can possibly be used to construct an

individual key



Cryptography and encryption is only as good as the key space.

The larger the key space (or the possible key combinations), the more difficult the

cipher is to break.

For example, the AES encryption algorithm uses up to 256 bits for a key. It’s key

space is 1.1579 x 10 to the 77th. Extremely large.

DES, on the other hand, is older than AES and has a maximum applicable key size of

56-bits.

This gives it a key space of only 2 to the 56th

power.

While the DES key spaces appear large to us, innovations of faster computers are

able to overcome the key space in far less time than that of AES.



Here is a chart listing the number of possible key combinations available with a

particular key size.

Note that key sizes under 100 bits are considered weak by today's standards.

In some cases, depending on the application, a 512-bit key is also considered weak

and it is advisable to move to a 1,024-bit key.



With any encryption algorithm, given enough compute time, any cipher can be

broken.

As the speed of technology increases, ciphers must adapt and change.

The larger the key space the more time to encrypt and decrypt a message.

If a document was encrypted and stored, chances are the key used for the encryption

will weaken over time.

Especially if it sits, unnoticed and available for someone to simply begin and continue

the process of cracking the cipher.

It is strongly advisable that encryption keys used to encrypt files be changed

periodically and that old files be decrypted and re-encrypted.

As we saw in the key length and combination chart, large keys require many

combinational tries.

Often, with communication networks involved, these kinds of attempts are difficult.



But with encrypted storage, and sufficient time, breaking a cipher might be possible.



The term adversarial difficulty applies to the breaking of encryptions.

It relates to the work factor (or the amount of effort in hours) necessary to perform

cryptanalysis on an encrypted message.

The larger the frustration factor or difficulty, the less likely someone will try to break

the encryption.

Every additional bit added to a key's length doubles the amount of exhaustive search

time to discover a key.





Most modern forms of cryptography make use of one or more of these techniques.

We will investigate some of these later in this module.











Symmetric key encryption is also known as private key encryption. Basically, the key

you use to encrypt a message or file is the same key used to de-crypt the message or

file.

Symmetric key encryption is very fast and preferred over most other encryption

methods.

The problem, obviously, is the sharing or communication of, the encryption key with

individuals that must use it to decrypt a message.

This should be conducted off the network since the key could be intercepted if

distributed in plain text.

Asymmetric key methods are really just methods of getting a symmetric key to those

who need it.

We will look at asymmetric key encryption later in this section.



Here is a simple example of symmetric encryption. Here, Jane composes a message

to Phil.

Jane then uses her secret key to encrypt the document. When the document isreceived by Phil, he uses Jane's secret key to decrypt the message.

How does Phil get Jane's secret key? She has to give it to him.

Perhaps by phone or in person.



DES is a block cipher which was commonly used for symmetric encryption.

The reason I say it was used is because, now-a-days, a 56-bit encryption key limit is

considered weak.

However, be mindful that just because an encryption technique is weak (or has been

cracked as DES was in 1997) does not mean it will not work for casual or somewhat

sensitive information.

Some encryption is better than no encryption. Many times, it is not the algorithm

itself but the choice of key or secret phrase that weakens the encryption.

Like passwords, the less complex and ordinary a password, the weaker the

authentication mechanism is overall.

DES was federally approved for non-classified data. It’s successor, 3DES, uses three

keys to encrypt a message in succession.

3DES can also work with standard DES encryption.



DES divides a message up into 64-bit block sizes and applies the 56-bit encryption key

to each block by passing it through the encryption algorithm.



Cryptanalysis often attempts to find patterns, where possible, in cipher text in order

to begin cracking encryption.

With large amounts of text or data, it is possible for patterns to begin showingthemselves to the trained eye.

Even though DES is considered a weaker algorithm, DES has 5 different modes of

performing an encryption. Let’s briefly touch on three of these.

The Electronic Code Book mode uses a standard code-book approach to ensure the

encryption is the same across blocks of plaintext. To someone analyzing the

encryption, the patterns in this type of encryption mode would be easier to discover.

The Cipher block Chaining mode uses an initial “initiation vector” (or IV) which is a

random sequence of characters and numbers to encrypt the first block of plaintext.

Then, each subsequent block of plaintext is encrypted with an IV that consists of the

previous encrypted block content. The figure at the right depicts this type of

encryption pattern.



The Cipher Feedback mode uses a combination of block and stream cipher encoding

with 8-bit units of data. The key and an Initialization Vector are used to create the key

stream. This is a useful technique for encrypting a steady stream of data across a

communication line.

The two remaining modes of DES encryption are the Output Feedback mode and the

Counter mode.

So, as you can see, although DES is considered weaker, it is still very reliable for

standard and common encryption needs.



AES stands for Advanced Encryption Standard.

It is very common and seen as a very secure block encryption algorithm.

AES uses variable block sizes (not a fixed block size) and applies the encryption key to

each block.

The size of the encryption key depends on the choice of the user. It can be 128-bit,

192-bit, or 256-bit length key.

Granted, since 1998, systems have become much faster. However, relatively

speaking, the same system that cracked the DES standard IN 1997 would take andincredibly large number of years to crack AES.

Perhaps in the future this will narrow down significantly, but for now,

AES is here to stay for a while and is a highly recommended encryption algorithm.





Asymmetric encryption is commonly referred to as Public Key Encryption.

This is because it relies on others having your public key to decrypt things you send to

them.

For any given individual, encrypting using an asymmetric system requires that the

individual have two keys.

The individual keeps on key as a private key and distributes the other key as a public

key.

Either key can be used to encrypt or decrypt.

However, if the private key is used to encrypt a document, the public key must be

used to decrypt the document.

The reverse is also the same.



Between any two individuals, asymmetric key encryption requires four total keys.

Each individual must have a private and public key.



Here are some examples of public and private key usage.

Having been given Jane's public key, Maria composes a message to Jane and encrypts

the message using Jane's public key.

Jane then uses her own private key to decrypt the message.

In the second example, John uses Phil's public key to encrypt a message for Phil.

Phil must use his own private key to decrypt the message.

The opposite is true.

If Phil encrypts a message using his private key for John, John must use Phil's public

key to decrypt the message.

Public and Private key exchanges are used as the basis for Public Key Infrastructure

systems.



We will discuss PKI further in the module.


http://slidepdf.com/reader/full/public-and-private-keys 36/116 3



Fingerprints have long been a unique way of specifically identifying an individual.

No two people have the same fingerprint. In the electronic world, files and messages

can produce fingerprints in similar fashion.

While possible, it is unlikely that two different messages or files will have the same

fingerprint.

3



Electronic fingerprints are commonly produced by hashing techniques or message

digest techniques.

The slightest change in a message or file will produce a different hash value (orfingerprint).

Message digest functions are hash functions that take the text, message, or file and

produces a unique number based on the size and content of the item.

When the phrase, “My dog has flees” is run through a message digest function, it

produces the number you see off to the right of the phrase.

The value will always stay the same for a given message digest function.

You can feed “My dog has flees” through the function over and over again and get the

same number.

Now let’s change the word “flees” to “flies” (the change of one letter).

3



The message digest function now produces a different number although the message

was minimally changed.

The same can be seen for the phrases “My dog has ticks” and “My dog has tick”.

Thus, we see that the state of a message or file can be uniquely fingerprinted at any

given point in time.

3



So what happens if you take the phrase “My dog has flees” and encrypt the phrase

using DES encryption?

That's correct!

It changes the signature (or fingerprint) of the phrase because the cipher text is

actually different than the original text.

The phrase has changed.

Once decrypted, however, you should get the original fingerprint on the decrypted

phrase.

3



Hashing is a function that takes input of arbitrary length and produces a fingerprint

(or message digest) of the input.

The MD5 (or Message Digest 5) function, for example, will take an arbitrary lengthmessage (which could be a file or file system by the way) and produce a 128-bit

fingerprint for the input.

Performing a hash on a document produces a “signature” for the document at the

time of the hash.

Note that if the document subsequently changes (for whatever reason) the old

signature is no longer valid.

It is IMPORTANT to note that hashing does not encrypt a document.

It only produces a unique numeric signature for the document.

Some hashing mechanisms include MD5, SHA, and HMAC.

3



SHA was designed by NIST and the National Security Agency for use with the Digital

Signature Standard (DSS).

If a value is fed into the hash function, it is converted to a numeric value and that

seed value is applied to produce the hash value.

Of course, this is very simplistic indeed.

Hashing functions can be very complex and must be in order to ensure that two

documents or values that are different do not produce the same hash value (or

fingerprint).

3



Hashing is very different than encryption.

Hashing takes input and produces a signature.

For example, if you provide a hashing function with a 12-page document as input you

will get a 128-bit signature (typically a number and assuming MD5 is used).

Encryption, on the other hand, produces cipher text.

If you encrypt a 12 page document you get 12 pages of cipher text.

Remember that you cannot reproduce a document or text from a hash value (it isonly a fingerprint in time).

You can reproduce a document once it is encrypted by decrypting it with the proper

key.

3



Hashing functions, such as MD5 and others, are able to take numerous things as

input.

Input can be a zip file, a document, a program, an email message, a graphic file, or, insome cases an entire file system.

3



Hashes, or message digests, are instruments that assist in validating and

authenticating messages.

It is also useful in proving whether something has changed from its original state.

Message digests are used in conjunction with public key technology to create a digital

signature to validate and authenticate messages.

Message digests are also used as document signing mechanisms to ensure document

integrity.

Message digests have been used for many years with electronic software downloads.

If you were downloading a Linux distribution from a mirror download site and the

message digest for the compressed distribution file was different than that posted by

the maker of the software – you SHOULD TAKE CAUTION.

It’s possible that the distribution was corrupted in transit or that it was corrupted on

the mirror site somehow.

3



It is also possible that something malicious was placed in the software distribution

that would open up an exploit on the systems you install it on.

Integrity of software distributions is critical.

Message digests are the mechanism of choice.

3



Two widely used Message Digest utilities are the MD5 and SHA-1.

MD5 is a 128-bit signature and is faster.

SHA-1 (or Secure Hash Algorithm) is a 160-bit signature developed by NIST and the

National Security Agency.

It is slower than MD5 but provides better security with larger digest number space.

SHA has sense been released in larger digest outputs of 256, 384, and 512-bit

signatures.

3



Another Message Digest function is the Hashed Message Authentication Code (or

HMAC) function.

It is very secure but requires more compute power.

It has found use in internet communications and in the TLS and IPSec

communications protocols.

It can use either MD5 or SHA-1 as hash components and generates a message digest

for each block of transmitted data.

HMAC make use of a secret key exchange between the communicating end-points.

The key is necessary to decrypt the digest and perform further integrity checking.

3





Digital Signature methods use the concept of public and private keys (or asymmetric

key encryption).

The assumption, when using Digital Signatures is that the exchanging parties haveexchanged keys.

As we will see later, a Message Digest is used to further ensure the integrity of the

signature and message.

Note that digital signatures accomplish validation of a message (or help reduce

repudiation).

Digital signatures also ensure integrity of the message by allowing the sender to

produce a “signature” hash of the message and allowing the receiver to verify, on the

receiver end, that the “signature” hash is the same.

This would indicate that the message was not tampered with between send and

receive times.

4



As we will see, the actual signature is an encrypted component of a message.

However, digital signatures do not encrypt the actual message itself.

If increased confidentiality is needed, both the message text and the digital signaturecan be encrypted together and sent.

The receiving end must have the proper mechanisms in place to decrypt the message

before reading.

4



Two common digital signature technologies are the RSA digital signature process and

the Digital Signature Algorithm which follows the NSA Digital Signature Standard.

Both produce a digital signature based on an encryption key (or private key) and amessage digest hash.

4



Secure Mime (or Multipurpose Internet Mail Extension) is also used for digital

signature purposes.

However, the use of S/MIME requires a certificate authority (CA) structure be setupand managed for key management and distribution.

4



Let’s look at how digital signatures are created and used.

Here we have an originator composing a message.

Prior to sending, the sender’s message will be processed by a message digest

function (MD5 or SHA1) which produces a digest (or a hashed number that

represents the size/signature of the message).

The digest itself is encrypted using the sender’s private key.

This produces what is known as the digital signature.

The digital signature is added to the message and the message is sent to the

recipient.

On the recipient’s side, the text of the message is run through a similar (must be

similar) digest function to produce a results.

4



Then the sender’s signature is decrypted using the sender’s public key (which the

recipient already has).

The decrypted digest and the actual digest are compared.

If they are the same, the message is verified and has not been altered.

4



Effective Digital Signatures are encrypted messages that are maintained and verified

by a central registry for authenticity. Anyone can purchase a digital signature from

the number of certificate authority entities.

Digital certificates are similar to digital signatures. They are attached to the message

or file to certify that it is from the organization (or individual) it claims to come from

and that it has not been altered.

4





While steganography is not a traditional cryptographic system, it is a concealment

method widely used and worth mentioning here.

The Greek origins of the word steganography means “concealed writing.”

While steganography is typically associated with images, it is also used on computer

files, text files, audio files and many other file formats.

There are basically two types of steganography: physical and digital.

Physical steganography has been used for centuries by individuals and governments

to conceal messages on common physical objects. Here are a couple of examples.

Digital steganography embeds and conceals messages in electronic devices (pictures,

video, sound files and others).

Let's take a brief look at steganography as it relates to images.

4



One form of digital steganography is the process of hiding messages within the

digital encoding of a picture or graphic.

Provided the text, or item, being hidden does not exceed the excess uncompressedbits in an image, such hiding becomes difficult to detect with the human eye.

There are some technologies that attempt to find digital steganography

concealments.

Their accuracy varies depending on the embedded message and the amount of

change that actually occurs to the image.

If an original image is producible, the changes of the new image, from the old, can

expose the hidden messages.

4



Steganography used to embed messages in pictures takes advantage of color

saturation levels and the pixilation of the image.

Each pixel of a 24-bit bitmap image has 24 bits. These are divided into three groupsof 8-bits which represent the Red, Green, and Blue of RGB coloring.

Let's suppose we chose one pixel from the image and that it was from a blue area of

the image.

The pixel would likely hold a binary value of 00000000 00000000 11111111.

If we change the last bit in this entire string, the color quality change of the blueimage would probably not be visible by the human eye.

Therefore, we can use many pixels in an image and hide a message in the image by

manipulating the least-significant bits of each pixel.

Let's look closer at this.

4





Let's insert the letter "A" into a part of an image to show how this process can work.

Assume we choose three pixels in a 24-bit mask image, all are currently set to the

binary value of the color blue (or 00000000 00000000 11111111).

If the least-significant bit is changed in any of the Red, Blue, or Green 8-bit fields, the

result of the color change (to the human eye) are negligible.

CLICK

For example, if we change the value for blue (11111111) to 11111110, the human

eye will not pick up the slight variation in the color of blue.

CLICK

Since an ASCII character is 8-bits in length, we can take the three pixels and use the

least-significant bits of Red, Green, and Blue in each pixel.

CLICK

5



This would give us a 9-bit total. We will only use the last 8-bits to form the letter A in

binary.

Of course, not all steganography programs are a alike with regards to how theymanipulate the bits inside images.

So it is important to use the same program to encode as you use to decode.

If you wanted to encode the message “my dog has flees” you would need

approximately 48 pixels of the image.

Note that the more lossy an image (that is, the less compression) the more extra bitsthere are to play with.

Compression reduces the amount of data available to hide the payload of the

message in it.

5



Let’s pause for a few review questions!

5







E-commerce, automated business transactions and other complex business systems

require robust security measures to protect clientele. Communication and

transactions over the internet are visible by knowledgeable onlookers unless proper

measures are taken to disallow this eavesdropping.

5



Consider the postcard example. If you write a postcard and place it in the mail

system, the postcard content can be read by anyone and potentially altered without

your knowledge. This is similar to working on the internet in a non-secure mode. If

you are not using a form of encryption (SSL, VPN or other mechanism) you are

essentially offering your interaction on the internet (or local area network) in

postcard form.

5



In the postcard example, to protect the postcard content, you would place it in a

special mailing envelope. Further, if you wanted to verify that it was delivered to the

intended recipient and received, you could request signatures. The post office

essentially guarantees the integrity of the envelope in transit and the authentication

or verification when delivered. Through the post office, the receiver can verify that it

was you who sent envelope – thus – creating a non-repudiation assurance.

5



Public Key Infrastructure (or PKI) is similar to placing the post card in the envelope.

PKI is the framework and services that provide for the generation, production,

distribution, control, accounting and destruction of public key certificates.

Public Key Infrastructures are perhaps one of the best over-arching controls for

maintaining secure authentication, integrity and non-repudiation.

A PKI system is a good example of a cryptographic system in that it incorporates

encryption techniques in accomplishing a variety of functions.

5



Public Key Infrastructures have several important technology components.

First you have systems. This includes user systems as well as servers which handle

keys, act as certificate authorities, and a variety of other functions.

Then you have the actual PKI Software. Most PKI software is proprietary although

several Open Source PKI Projects are available.

Other software used with the Public Key Infrastructure must also be PKI aware and be

able to work with PKI and the PKI system selected.

Next you need tokens, which could include one or more of tokens (smart cards) orlogin/passwords credentials.

The certificate component is generally handled by a certificate authority (like VeriSign

or an in-house certificate granting authority).

The certificate is responsible for verifying public keys.

5



Finally, you need a key component.

Each individual involved in a Public Key Infrastructure must have a public/private key

pair.

An individual's personal information is contained in the token, certificate and key

components of PKI.

Public Key Infrastructures binds public keys with respective user identities by means

of a certificate authority (CA).

Each user identity must be unique for each certificate authority holding a certificate

for the individual.

5



Most PKI implementations depend on a chain of trust.

This chain is typically composed of a Certificate Management component, a

Registration component, and an Application component.

The certificate management component is the function or entity responsible for

issuing, maintaining and revoking PKI certificates.

It should also be capable of providing any individual in the PKI with a Certificate

Revocation List (or CRL) when an individual's certificate is no longer valid.

Note that certificate management is typically done by either a commercial certificateauthority (VeriSign) or internally (private CA server).

The registration component is a process that must verify an individual's identity

before granting a certificate and keys within the PKI.

And finally, the application component are those pieces of software used which must

be able to function with the particular PKI in use at the organization.

5





PKI is not necessarily a particular business function.

PKI provides a foundation for other security services.

It's primary function is to allow the distribution and use of public keys and certificates

with security and integrity.

A PKI is the foundation on which other network and security applications are built.

Typical PKI security based implementations are email, chip card applications, debit

and credit card exchanges, web-based banking and electronic postal systems.

PKI enables basic security services for systems as: SSL, IPsec, HTTPS, S/MIME, and

PGP (or pretty good privacy).



When successfully implemented, a public key infrastructure provides excellent

authentication services and is capable of ensuring the confidentiality, integrity,

authentication, and non-repudiation of an internet transaction.

It also eases the burden of authorization, in many cases, because there are less

authentication processes involved.

PKI keeps information confident by ensuring it is not intercepted during transmission

over the internet.

This preserves the confidentiality of the transmission.

It also serves to verify that the content of the transmission has not been alteredduring transmission.

PKI also permits servers to securely identify and authenticate parties involved in an

internet transaction.

The digital certificates used in PKI can be used to replace user IDs and passwords thus

enhancing security and reducing the levels of authentication overhead.



Finally, through the use of digital certificates, the transactions are digitally signed and

thus enhance the non-repudiation aspects of a transaction.



For example, if an individual, within a PKI uses a smart card (or login/password), the

identification and authentication is verified.

If the individual digitally signs an email or document, the PKI provides integrity (inother words, the recipient can verify if it has changed since it was composed and

sent) and non-repudiation by providing proof that an individual initiated the

transmission or transaction.

If, for example, the email or document is encrypted using the PKI, it is also provided

confidentiality.



Here is a general and simple example of PKI.

Fred, applies for a certificate and key with the PKI.

Once the registration process is complete and the certificate authority is satisfied that

Fred is really who he claims, a digital certificate with the public key and a private key

is sent to Fred.

Now assume Tom (who is already in the PKI) would like to communicate with Fred

and requests (via software) the certificate for Fred so that an encryption can take

place.

The certificate authority provides Tom with the certificate.

Further assume that Fred sends something to Frank (who is already in the PKI), Frank

(again through software) requests validation from the Certificate Authority PKI server

by checking to see if Fred's certificate is valid and is not on the certificate revocation

list.



The PKI server sends the CRL back to Frank.



While PKI can greatly benefit an organization and reduce its overall risk, there are a

few challenges with PKI.

1. PKI is complex.

2. Pieces must work together. PKI manages certificates and keys. You need otherpieces to authenticate, audit, etc.

3. Most PKI software is proprietary

4. PKI is only effective if you have critical mass using it in the organization

5. Since the Certificate Authority is critical, trusting a certificate authority is always

an issue. This is why some organizations (including the Department of Defense)

create and use their own certificate authorities.



We've talked about Public Key Infrastructure and how it is used as a foundation for

certificate and key management.

Let's look at a few other systems that are used in conjunction with security basedsoftware solutions.

It's interesting to note that pure asymmetric key encryption is typically not used

unless it is part of a cryptographic system of some type.

However, you will begin to notice how asymmetric encryption is employed to

transmit and share symmetric keys (public keys) through certificates.

These types of asymmetric systems that are used to basically provide symmetric key

exchange are typically known as hybrid systems.



Since we've referenced Certificate Authorities frequently in this module. Let's look

briefly at a typical role of Certificate Authorities (or CAs).

Most of us see certificate authorities come into play when we use a web browser andconnect to a secure site (like online banking).

Two indications of this is the usage of “https” (or the secure version of the http

protocol) and the lock somewhere on the web browser indicating that the connection

is secure (or encrypted).

If you look further into the actual certificate you can get more information on the

authority or CA root. Many web browsers will already contain a variety of “known”Certificate Authority roots (like VeriSign).

Others are added as you connect and accept the connection.

Anyone can setup and be a certificate authority.

There are standards but are no regulations.



There are many certificate authorities who offer certificate validation services.

Organizations can create certificate authority servers which do basically the same

thing as those maintained by larger commercial CAs.



As previously mentioned, web browsers use Certificate Authorities to verify and

secure site connections.

The Secure Socket Layer protocol (or SSL) is used mostly for establishing secure webconnections using certificates, although it is used for other functions like virtual

private networks.

When you connect to a secure web site (or use https) you are using SSL. SSL is a PKI

type of mechanism which uses a Certificate Authority (or CA).

A company presents credentials (and other details) to a CA and obtains an electronic

certificate.

The CA provides the company with a public key encrypted with a private key which is

generated by the CA. The company then installs the certificate on their web server.

When a customer connects to the company's web server using the SSL protocol, the

certificate is used to validate the company's authenticity and establish a secure

connection with the customer.



If the web server does not have a validated certificate or it has an expired certificate,

the web browser will notify you and ask you if you want to continue.



Here is an example of the certificate issued by a certificate authority. It contains

several components.

It contains information on the company as well as information regarding thecertificate authority (CA).

The CA uses a private key and a message digest function (hash) to generate a unique

CA digital signature which is also contained in the certificate.

The certificate contains the public key of the owner (the company who purchased

the certificate from the CA). This will be used with the certificate to encrypt

connections with customers.

The company places the certificate on the web server and it is distributed to the

various individuals who connect to the web server desiring a secure/validated link.

Then, based on the CA’s signature, the web browser can exchange symmetric keys

and secure the connection.



Note that CAs also maintain certificate revocation lists (CRL). If you connect to a web

site that has a revoked certificate, you will receive a notification.



So, let's trace the web connection with a company (say a bank), the client opens a

connection to the company's web site using the https protocol (e.g., it connects to

port 443 on the web server).

The web server sends the public key back to the customer's browser.

The browser verifies the CA who issued the certificate to the company.

If the certificate is valid and trusted, the customer's browser sends a public key back

to the web server.

The web server then creates a hash value encrypted with the customer's public keyand the web servers private key and sends it back to the customer's browser.

The customer's browser then decrypts the hash.

If it is successful, the web server and the customer's browser now communicate

securely (encrypted).



All this takes place fairly quickly if you think about how long it took you to connect

and login to your bank's online services.



Many cryptographic controls are sold with systems but many of the organizations that

purchase these controls lack the proper training and expertise to effectively deploy

and manage them.

Cryptographic controls are used for email messages and their attachments, e-

commerce transactions, VPN connections and also supplement other access control

systems (like the PKI discussed earlier).

7



Here are several controls used for email encryption.

Note that you cannot simply encrypt an email, send it and then expect another to be

able to decrypt it and read it unless you have previously provided the recipient withthe encryption key.

The software (and other subsystems like a PKI or a certificate authority) must be in

place for this to happen.

Even PGP (or Pretty Good Privacy), which allows for public key exchange requires that

others be using PGP to work with you.

7



Here are two web-based security mechanisms.

The Secure Electronic Transactions control is typically used in the encryption of

electronic transactions with credit cards.

SET uses the DES block cipher for its encryption and the RSA exchange mechanism to

handle the transfer of keys between the source and target.

Secure Socket Layer was originally developed by Netscape. It mainly uses RSA for its

key exchange and can provide various encryption algorithms. RSA is a internet

encryption and authentication system that uses an algorithm developed by Rivest,

Shamir, and Adleman). Microsoft and Netscape web browsers use RSA.

7



Other examples are s-http which is a little-used alternative to the https protocol we

discussed earlier. Both the https and s-http standards were defined in the mid 1990s.

Netscape and Microsoft supported the https standard rather than the s-http

standard. You probably won't hear much about s-http but you should know that it isout there.

SSH stands for "secure shell" and is a network protocol that allows data to be

exchanged using a secure channel between two network devices. It sees the most

use on Linux and Unix bases systems and is used to access shell accounts (character-

based terminal access). It is also useful when performing secure file transfers

between two hosts.

For example, if I were a Unix system administrator and I needed to create a character-

based terminal session with my remote Unix machine, I would use SSH to create that

connection.

SSH has also been known as "secure socket host" in some early circles.

7





You have probably heard about IPSec in one forum or another.

IPSec stands for IP Security.

It is probably the most accepted and used secure tunneling protocol.

It is often used with wireless connections and Virtual Private Networks (or VPNs).

We will talk about VPNs later.

Not only is it used in a client/server fashion with connections, IPSec is also used to

secure connections between two non-user devices.

For example, Microsoft servers have the capability to create secure communication

channels between themselves using IPSec as the mechanism.

7



IPSec has two basic modes of deployment: Transport and Tunnel.

In transport mode, only the IP packet data (or payload) is encrypted. You might recall

the discussion on IP packet and payloads from the network security module of thiscourse.

No IP packet header information is encrypted in transport mode.

This allows for intermediate nodes (those the data pass through on the network) to

read the source and destination addresses in the IP packet.

In tunnel mode, the entire IP packet (header and payload) are encrypted. The actualIP packet payload is inserted into an additional IP packet and sent. In Tunnel mode,

the IP source and destination is typically between two known devices so the source

and destination addresses are provided by IPSec.

7



In IPSec Transport mode, a secure connection is made between two IPSec enabled

end units. This provides end-to-end encryption tunneling.

Here the original IP header (and the source and destination IP addresses) areencapsulated (or enveloped into the packet) and not encrypted so that they can be

accessed and read.

7



IPSec Tunnel mode is typically used between two IPSec capable gateway devices.

These could be network switches or routers or they could be two servers.

While the original network packet (containing original source and destination

addresses and payload) is preserved and encapsulated in the IPSec packet, the outer

packet actually has the IP addresses of the IPSec gateway devices as its sources and

destinations.

Once the packet passed out of the IPSec tunnel, the IPSec gateway addresses and

headers are stripped and the packet continues on its route in the network without

the protection of the IPSec tunnel.

In this example, there is no IPSec security extended into the site network once traffic

passes from the tunnel and into the site network.

This is different than IPSec transport mode which provides end-to-end security.

7



Before any two nodes or IPSec gateways can establish an encrypted tunnel, they must

create a security association (or SA).

Establishing an SA is the most fundamental part of IPSec protection yet it is complexand confusing.

A security association is essentially an agreement between two hosts regarding how

IPSec will provide security.

If two hosts are to connect via IPSec, two security associations must exist. One in

each direction.

Note that these could also be IPSec gateway devices. If host X wants to connect with

host Y, X must have an SA for Y and Y must have an SA for X.

The security associations do not have to be identical (for example, how much security

to enforce) but they do have to exist.

Some organizations will dedicate a separate IPSec policy server to govern security

7



associations and their characteristics for nodes in a network.

IPSec relies heavily on the Internet Key Exchange (or IKE) standard for exchange of

keys and typically uses, what is called, the Diffie-Hellman Key Agreement as the

default algorithm.

IKE is not only handles the exchange of encryption keys but also handles the

negotiation of the security authority relationship.

Note that while IPSec is extremely secure, it can be quite intense on CPU and

network interfaces of the connecting devices.

Care should be taken when contemplating IPSec connections, between manyMicrosoft server nodes, to ensure that IPSec is actually needed and that the nodes

have sufficient resources to handle the IPSec processing.

7



A Virtual Private Network (or VPN) is typically a hardware and software mechanism

which uses the internet and adds security to the communications.

There two basic types of VPN implementations:

Site-to-Site and Remote Access.

Site-to-Site VPNs are similar to IPSec Tunnel mode discussed earlier.

They require the existence of VPN appliances on either end of the network that

communicate and form an encrypted or secure tunnel for network traffic.

Remote Access VPN are implemented in a variety of ways.

They will typically require software on the remote machine which is used to establish

the secure tunnel connection a particular VPN server.

SSL / TLS VPN implementations allow the remote site to initiate a tunnel connection

with a VPN server via a web browser.

7



In most cases, VPN access requires (or it should) authentication in order to establish

an encrypted tunnel.

7



While there are numerous tools and protocols that exist to create tunnels and

authentication mechanisms, many of the earlier methods were weak in terms of

security and some where really only tunnel systems without the encryption overlay.

Secure Virtual Private Networks today will typically consist of one of the those listed

in this table.

8



IPSec, as well as many other mechanisms, are also used for Virtual Private Networks.

Even the Secure Socket Layer (SSL) web-based VPN appliance has become popular.

A virtual private network (or VPN) is a network that is implemented as an additional

software layer on top of an existing network.

It’s purpose is to create a private and encrypted network link (or tunnel) between two

devices.

Essentially, the link layer protocols (from the OSI model) are tunneled through the

underlying transport layer.

Note, however, that the strength of a VPN is only as good as its setup.

That is, the authentication and encryption mechanisms chosen will provide either a

strong or weak VPN.

Placement of the VPN is also critical.

8



The goal is to have the vpn tunnel end as close to the target machines or network as

possible.

However, establishing a VPN inside a network and through routers and intrusiondetection/prevention systems will essentially circumvent other security safeguards.

For example, if you establish a VPN tunnel to a VPN appliance located behind an

intrusion prevention system, the intrusion prevention system will not be able to

detect malicious actions (which might be on your computer without you knowing it)

and prevent them before entering the network.

This is because the traffic is encrypted.

8



As a matter of awareness, VPN users should understand that VPN tunnel encryption

is established between two devices.

The encryption tunnel extends only to the device supporting the VPN connection intothe network.

Past that point no VPN encryption exists.

There may be other encryption mechanisms in place but not the VPN at that point.

This could potentially leave your network traffic exposed inside a corporate network

(for example).

However, if you established a secure SSL connection to a web server within the

corporate network using a VPN, then, in this case, while the VPN tunnel ends at the

VPN device, the communication with the web server is still encrypted using Secure

Socket Layer encryption.

Also in this case, the encryption is layered. Inside the VPN tunnel you have SSL

8



encryption as well as that provided by the VPN.

8



Kerberos is yet another popular encryption control system.

Kerberos is a client-server authentication mechanism.

While its primary purpose is authentication, it is worth noting because of its

authentication and connection encryption function.

Basically, an applicant (or client) submits an encrypted ticket request for services

offered on a particular node (or verifier).

If authenticated, a connection “ticket” is granted containing the a symmetric session

key for communicating with the service node.

8



The applicant then request a connection with the service node. Once established

(and authenticated) the ongoing connection uses the symmetric session key for

encryption.

8



In brief, Kerberos uses symmetric key encryption to validate and individual user's

access to various network resources.

It also keeps a database of private keys of the various clients and servers in itspurview of authentication.

Kerberos keeps track of private keys and can authenticate one network node to

another.

This makes it good for single sign on applications. Finally, Kerberos generates

temporary session keys (symmetric keys) for client-server communication.

8



Kerberos, while widely used, is not without problems.

It is a symmetric key system and is quite complex.

It is often used as a single-sign-on mechanism however all applications using the

systems must be written to interact with Kerberos.

There are also several versions of Kerberos available (like one from Microsoft) which

are not necessarily the same so they have compatibility problems.

8



Here is a list of practical suggestions relating to encryption and cryptosystems.

For most of us, it is important to not loose encryption keys.

If you encrypt a document and forget the key – forget the document. Consider it lost

for all practical purposes.

Also be mindful of the encryption techniques used outside the United States and be

aware of who you are communicating with when exchanging keys.

Every cryptosystem has weaknesses. Be vigilant and never get too complacent. Only

give access to those who need access.

Security protocols and cryptosystems are only as good as their installers. Complex

systems in the hands of a novice result in weak and vulnerable systems.

VPNs are vulnerable to direct attacks and especially Denial-of-Service attacks.

With all cryptosystems, organizations need well constructed policies for setup and

8



usage.

8



This completes the control section of this module. Let’s pause and take some review

questions!

8



Documents

Public and Private Keys