Chapter 7 - PKI Flashcards
RSA Equation
• Depends on difficulty of factoring the product of prime numbers.
1. Choose 2 large prime numbers (200+ digits), labeled p and q.
2. Computer product of numbers: n=p*q
3. Select a number, e, that satisfies two requirements:
a. E is less than n
b. E and (n-1)(q-1) are relatively prime
c. Find a number,d, such that (ed-1) mod (p-1)(q-1) = 0
Distribute e and n as the public key to all cryptosystem users
Merkle-Hellman Knapsack
- Like RSA, based on difficulty of performing factoring operations, but relies on component of set theory known as super-increasing sets rather than on large prime numbers.
- Broken in 1984.
El Gamal
- Math principles behind Diffie-Hellman could be extended to support an entire public key cryptosystem used for encrypting and decrypting messages.
- Depends on modular arithmetic.
- Advantage over RSA - released to public domain
- Disadvantage - doubles the length of any message it encrypts - difficult over narrow bandwidth
Elliptic Curve
- Any elliptic curve can be defined by: y2 = x3 + ax + b
- Harder to solve than RSA.
- Depends on elliptic curve algorithm problem and provides more security algorithms when both are used with keys of same length.
- 1024-bit RSA key is same strength as ECC 160-bit key.
5 Hash Requirements
Five requirements:
1. Input can be any length 2. Output has fixed length 3. Hash function relatively easy to compute for any input 4. Hash function is one way 5. Hash function is collision free
SHA-1
- Takes input and produces 160-bit message digest.
* Processes a message in 512-bit blocks. Pads message if it doesn’t fit in increments of 512.
SHA-2
- SHA-256 produces 256 bit message digest using a 512-bit block size.
- SHA-224 uses truncated version of the SHA-256 has to produce a 224-bit message digest using a 512-bit block size.
- SHA-512 produces a 512-bit message digest using a 1024 bit block size.
- SHA-384 uses a truncated version of SHA-512 hash to produce a 384-bit digest using a 1024-bit block size.
MD2
• Developed in 1989 to provide a secure hash function for 8-bit processors.
• Pads length for multiple of 16 bytes.
• Computes 16-byte checksum and appends to end of message.
• 128-bit message digest is then generated using entire original message along with the appended checksum.
• If checksum is not appended to message before digest computation, collisions may occur.
Proved not a one way function.
MD4
• Enhanced to support 32-bit processors.
• Padded to ensure that the message length is 64 bits smaller than a multiple of 512 bits.
• Processes 512-bit blocks in three rounds of computation
Final output is 128-bit digest.
MD5
Processes 512 bit blocks of the message, but uses 4 rounds of computation to produce digest of 128 bits.
HMAC
• Hashed Message Authentication Code - implements partial digital signature.
• Guarantees integrity but not nonrepudiation.
Can be used with any message digest algorithm, by using shared key.
DSS Digital Signature Standard
• 3 approved standard encryption algorithms
○ Digital Signature Algorithm (DSA) as specified in FIPS 186-4
○ RSA as specified in ANSI X9.31
Elliptic Curve DSA (ECDSA) as specified in ANSI X9.62
X.509 Certs Contain
○ Version of X.509 to which certificate conforms
○ Serial number (from certificate creator)
○ Signature algorithm identifier (specifies the technique used by the certificate authority to digitally sign the contents of the certificate)
○ Issuer name (CA that issued cert)
○ Validity period (starting and ending dates and times)
○ Subject’s name (DN, distinguished name of entity that owns public key)
Subject’s public key (meat of cert - actual public key used to set up secure communications)
Email Encryption - PGP
• Phil Zimmerman - 1991.
• Web of trust concept - must be trusted by a user to use the system.
• Initially couldn’t be exported outside the country.
• Two versions:
○ Commericial uses RSA for key exchange, IDEA for encryption, MD5 for message digest production.
○ Freeware uses Diffie Hellman key exchange, Carlisle Adams/Stafford Tavares (CAST) 128-bit encryption, and SHA-1 hasing.
Email Encryption - SMIME
- Standard for email encryption
- Uses RSA
- Incorporated in outlook, thunderbird, mac os x mail
- Relies on x.509 certs for exchanging cryptographic keys
- Supports AES, 3DES
- Technical limitations - doesn’t work with web based email (must have browser extension)
Circuit Encryption
- Link Encryption - protects entire circuit by creating secure tunnel between two points using hardware or software. (usually lower level OSI)
- End-to-End Encryption - protects comms between 2 parties (i.e. server and client). Protects against intruder on the secure side of encrypted link or traffic sent over unencrypted link. (higher level OSI - SSH)
IPsec
• Set forth by Internet Engineering Task Force (IETF)
• Does not dictate implementation of all details, open/modular framework.
• Uses public key cryptography
• Primary use for VPN, can operate in transport or tunnel mode.
• Commonly paired with Layer 2 Tunneling Protocol (L2TP) as L@TP/IPsec
• Relies of security associations:
○ Authentication Header (AH) - assures message integrity and non-repudiation. Provides authentication and access control. Prevents replay attacks.
○ Encapsulating Security Payload (ESP) - provides confidentiality and integrity of packet contents. Provides encryption and limited authentication. Prevents replay attacks.
• Two modes:
○ Transport - only packet payload is encrypted (best for peer to peer)
○ Tunnel - entire packet encrypted (best for gateway to gateway)
• Set up session by creating security associations (SA).
ISAKMP
• Internet Security Association and Key Management Protocol
• Provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations.
• Four requirements from RFC 2408:
○ Authenticate communicating peers
○ Create and manage security associations
○ Provide key generation mechanisms
○ Protect against threats (replay and DoS)
WEP
○ Provides 64 and 128-bit encryption options
○ Optional in IEEE 802.11
○ Broken in 2007 - TJX breach
WPA
○ Implements Temporal Key Integrity Protocol (TKIP)
WPA2
adds AES cryptography (appropriate for use)
Only encrypts from machine to WAP.
Analytic Attack
algebraic manipulation to reduce complexity of algorithm. Focuses on logic of algorithm.
Implementation Attack
exploits weaknesses in implementation of crypto system. Focuses on exploiting software code, not just errors and flaws but methodology employed to program system.
Statistical Attack
exploits statistical weaknesses such as floating-point errors and inability to produce truly random numbers. Attempts to find vulns in hardware or OS hosting the crypto.
Frequency Analysis and the Ciphertext Only Attack
count the number of times each letter appears in ciphertext.
Chosen Ciphertext
attacker can decrypt chosen portions of ciphertext message and use decrypted portion to discover the key.
Chosen Plaintext
attacker can encrypt plaintext and then analyze ciphertext output.
Meet in the Middle
Attacker uses known plaintext. Plaintext encrypted using every possible key. Ciphertext then decrypted with every key. When match is found, pair represents both portions of double encryption.
Birthday
(aka collision attack or reverse hash matching) - seeks to find flaws in one to one nature of hashing. Substitute in digitally signed communication a different message that produces same message digest.
