Please enable JavaScript.
Coggle requires JavaScript to display documents.
PKI and Cryptographic Applications - Coggle Diagram
PKI and Cryptographic Applications
Public Key Cryptosystems
RSA
computational difficulty inherent in factoring large prime numbers.
Timeliness of the data is also an important consideration for keylength, more critical your data, the stronger the key you use to protect it should be
RSA 1024, DSA 1024, ECC 160 bit equal protection
El Gamal
major disadvantage—the algorithm doubles the length of any message it encrypts
mathematical principles behind the Diffie–Hellman key exchange algorithm extended to support an entire public key cryptosystem used for encrypting and decrypting messages.
major hardship when encrypting long messages or data that will be transmitted over a narrow bandwidth communications circuit.
standard discrete logarithm problem utilized by El Gamal
ECC
Elliptic curve discrete logarithm problem, forms the basis of elliptic curve cryptography. Problem is harder to solve than both the prime factorization problem that the RSA cryptosystem is based on and the standard discrete logarithm problem utilized by Diffie–Hellman and El Gamal
Merkle-Hellman Knapsack algorithm
relies on a component of set theory known as super-increasing sets rather than on large prime numbers.
Merkle-Hellman was proven ineffective when it was broken in 1984
Hashing
message digest is used interchangeably with a wide variety of synonyms, including hash, hash value, hash total, CRC, fingerprint, checksum, and digital ID
digital signatures to provide proof that a message originated from a particular user of the cryptosystem and to ensure that the message was not modified while in transit between the two parties
message digest is 128 bits or larger, longer the message digest, the more reliable its verification of integrity.
The input can be of any length, output has a fixed length, hash function is relatively easy to compute for any input and is one-way, the function is collision-free
Hash of Variable Length (HAVAL)—an MD5 variant 128, 160, 192, 224, and 256 bits
Hash Message Authenticating Code (HMAC) Variable
Message Digest 2 (MD2) Hash Value Length:128
Message Digest 4 (MD4) Hash Value Length:128
Message Digest 5 (MD5) Hash Value Length:128
Secure Hash Algorithm (SHA-1) Hash Value Length:160
SHA2-224/SHA3-224 Hash Value Length:224
SHA2-256/SHA3-256 Hash Value Length: 256
SHA2-384/SHA3-384 Hash Value Length: 384
SHA2-512/SHA3-512 Hash Value Length: 512
HAVAL. Hash of Variable Length (HAVAL) is a modification of MD5. HAVAL uses 1,024-bit blocks and produces hash values of 128, 160, 192, 224, and 256 bits.
MD2
Provide a secure hash function for 8-bit processors. MD2 pads the message so that its length is a multiple of 16 bytes.
Computes a 16-byte checksum and appends it to the end of the message. A 128-bit message digest is then generated by using the entire original message along with the appended checksum.
Cryptanalytic attacks exist against the MD2 algorithm
if the checksum is not appended to the message before digest computation, collisions may occur.
MD2 is not a one-way function. Therefore, it should no longer be used.
SHA
SHA-1, SHA-2, and SHA-3, are government standard hash functions promoted by the NIST and known as SHS/FIPS-180
The SHA-1 algorithm processes a message in 512-bit blocks. Therefore, if the message length is not a multiple of 512, the SHA algorithm pads the message with additional data until the length reaches the next highest multiple of 512.
Cryptanalytic attacks demonstrated that there are weaknesses in the SHA-1 algorithm. This led to the creation of SHA-2, which has four variants:
SHA-224 uses a truncated version of the SHA-256 hash to produce a 224-bit message digest using a 512-bit block size.
SHA-512 produces a 512-bit message digest using a 1,024-bit block size.
SHA-256 produces a 256-bit message digest using a 512-bit block size.
SHA-384 uses a truncated version of the SHA-512 hash to produce a 384-bit digest using a 1,024-bit block size.
The cryptographic community generally considers the SHA-2 algorithms secure, but they theoretically suffer from the same weakness as the SHA-1 algorithm.
release of the Keccak algorithm as the SHA-3 standard. The SHA-3 suite was developed to serve as drop-in replacement for the SHA-2 hash functions, offering the same variants and hash lengths using a more secure algorithm
MD4
Enhanced his message digest algorithm to support 32-bit processors and increase the level of security.
This enhanced algorithm is known as MD4. It first pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits.
For example, a 16-bit message would be padded with 432 additional bits of data to make it 448 bits, which is 64 bits smaller than a 512-bit message.
The MD4 algorithm then processes 512-bit blocks of the message in three rounds of computation. The final output is a 128-bit message digest.
Found collisions for MD4 message digests in less than one minute. For this reason, MD4 is no longer considered to be a secure hashing algorithm, and its use should be avoided if at all possible.
MD5
Processes 512-bit blocks of the message, but it uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits)
MD5 has the same padding requirements as MD4—the message length must be 64 bits less than a multiple of 512 bits
MD5 implements additional security features that reduce the speed of message digest production significantly.
cryptanalytic attacks demonstrated that the MD5 protocol is subject to collisions, preventing its use for ensuring message integrity.
possible to create two digital certificates from different public keys that have the same MD5 hash
Cryptographic Attacks
Analytic Attack
algebraic/logic manipulation that attempts to reduce the complexity of the algorithm
Implementatio Attack
exploiting the software code, not just errors and flaws but the methodology employed to program the encryption system.
exploits weaknesses in the implementation of a cryptography system
Statistical Attack
exploits statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers.
attacks attempt to find a vulnerability in the hardware or operating system hosting the cryptography application.
Bruteforce
attack attempts every possible valid combination for a key or password
time required to discover the key through a brute-force attack is directly proportional to the length of the key
Every additional bit of key length doubles the time to perform a brute-force attack because the number of potential keys doubles.
Rainbow tables provide precomputed values for cryptographic hashes. These are commonly used for cracking passwords stored on a system in hashed form.
scalable computing hardware designed specifically for the conduct of brute-force attacks may greatly increase the efficiency of this approach.
Frequency Analysis and Ciphertext only attack
Frequency analysis—counting the number of times each letter appears in the ciphertext. Using your knowledge that the letters E, T, A, O, I, N are the most common in the English language, you can then test several hypotheses
If these letters are also the most common in the ciphertext, the cipher was likely a transposition cipher, which rearranged the characters of the plain text without altering them.
If other letters are the most common in the ciphertext, the cipher is probably some form of substitution cipher that replaced the plaintext characters.
Ciphertext only attack: In many cases, the only information you have at your disposal is the encrypted ciphertext message, a scenario known as the ciphertext only attack
Known Plaintext
known plaintext attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy).
knowledge greatly assists the attacker in breaking weaker codes
Chosen Ciphertext
attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.
Chosen Plaintext
attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm
Meet in the Middle
Attackers might use a meet-in-the-middle attack to defeat encryption algorithms that use two rounds of encryption. This attack is the reason that Double DES (2DES) was quickly discarded as a viable enhancement to the DES encryption (it was replaced by Triple DES, or 3DES)
This type of attack generally takes only double the time necessary to break a single round of encryption (or 2n rather than the anticipated 2n * 2n), offering minimal added protection.
Main in the Middle
In the man-in-the-middle attack, a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session).
The attacker responds to the originator’s initialization requests and sets up a secure session with the originator. The attacker then establishes a second secure session with the intended recipient using a different key and posing as the originator
The attacker can then “sit in the middle” of the communication and read all traffic as it passes between the two parties
Birthday/ Collision attack/ Reverse hash matching
malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.
seeks to find flaws in the one-to-one nature of hashing functions
Replay
used against cryptographic algorithms that don’t incorporate temporal protections
intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session
attack can be defeated by incorporating a time stamp and expiration period into each message.
Social Engineering
Salting
To help combat the use of brute-force attacks, including those aided by dictionaries and rainbow tables, cryptographers make use of a technology known as cryptographic salt
cryptographic salt is a random value that is added to the end of the password before the operating system hashes the password. The salt is then stored in the password file along with the hash.
When the operating system wishes to compare a user’s proffered password to the password file, it first retrieves the salt and appends it to the password. It feeds the concatenated value to the hash function and compares the resulting hash with the one stored in the password file.
Specialized password hashing functions, such as PBKDF2, bcrypt, and scrypt, allow for the creation of hashes using salts and also incorporate a technique known as key stretching that makes it more computationally difficult to perform a single password guess.
Use of salting, especially when combined with key stretching, dramatically increases the difficulty of brute-force attacks.
Anyone attempting to build a rainbow table must build a separate table for each possible value of the cryptographic salt.
Certificate Generation and Destruction
Enrollment
Prove your identity to the CA in some manner; this process is called enrollment
Once you’ve satisfied the certificate authority regarding your identity, you provide them with your public key
CA then digitally signs the certificate using the CA’s private key and provides you with a copy of your signed digital certificate
You may then safely distribute this certificate to anyone with whom you want to communicate securely.
Physical appearance before agent of CA with ID documents 2.Use of credit report data and identity verification by trusted community leaders
Verification
When you receive a digital certificate from someone with whom you want to communicate, you verify the certificate by checking the CA’s digital signature using the CA’s public key
You must check and ensure that the certificate was not revoked using a certificate revocation list (CRL) or the Online Certificate Status Protocol (OCSP)
Public key listed in the certificate is authentic, provided that it satisfies the following requirements
digital signature of the CA is authentic
You trust the CA
certificate is not listed on a CRL
certificate actually contains the data you are trusting
Revocation
certificate was compromised (for example, the certificate owner accidentally gave away the private key)
certificate was erroneously issued (for example, the CA mistakenly issued a certificate without proper verification)
details of the certificate changed (for example, the subject’s name changed).
security association changed (for example, the subject is no longer employed by the organization sponsoring the certificate)
Certificate Revocation Lists(CRLs)
Maintained by the various certificate authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect
Major disadvantage to certificate revocation lists is that they must be downloaded and cross-referenced periodically, introducing a period of latency between the time a certificate is revoked and the time end users are notified of the revocation.
CRLs remain the most common method of checking certificate status in use today.
verify the authenticity of certificates and identify revoked certificates
Online Certificate Status Protocol (OCSP)
Eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification
When a client receives a certificate, it sends an OCSP request to the CA’s OCSP server. The server then responds with a status of valid, invalid, or unknown.
verify the authenticity of certificates and identify revoked certificates
Certificate Authorities (Symantec, IdenTrust, Amazon Web Services, GlobalSign, Comodo, Certum, GoDaddy, DigiCert, Secom, Entrust, Actalis, Trustwave)
Digital Certificates
Digital Certificates are Endorsed copies of an individual’s public key, when users users verify that a certificate was signed by a trusted certificate authority (CA), they know that the public key is legitimate
X.509. Certificates data
Version
Serial number (from the certificate creator)
Signature algorithm identifier (specifies the technique used by the certificate authority to digitally sign the contents of the certificate)
Issuer name (identification of the certificate authority that issued the certificate)
Validity Period
Subjects name (distinguished name, or DN, of the entity that owns the public key contained in the certificate)
Subjects Public Key (actual public key the certificate owner used to set up secure communications)
Registration authorities (RAs) assist CAs with the burden of verifying users’ identities prior to issuing digital certificates, do not directly issue certificates themselves, but they play an important role in the certification process, allowing CAs to remotely validate user identities.
Certificate path validation (CPV) : each certificate in a certificate path from the original start or root of trust down to the server or client in question is valid and legitimate. verify that every link between “trusted” endpoints remains current, valid, and trustworthy.
Issue arises from time to time when intermediary systems’ certificates expire or are replaced; this can break the chain of trust or the verification path
Forcing a reverification of all stages of trust, you can reestablish all trust links and prove that the assumed trust remains assured.
Public key infrastructure to distribute identity credentials using digital certificates
Asymmetric Key Management
Key is truly random and of sufficient length, keep private key secret
Once leaked private key permanently compromises all communications that take place (past, present, or future)
Chose encryption scheme wisely
Retire keys when they’ve served a useful life, mandatory key rotation policy helps
Backup your key with own backup or key escrow service which maintains backup
hardware devices store and manage encryption keys, YubiKey, that store encrypted keys on a USB drive for personal use to more complex enterprise products that reside in a data center
Cloud providers, such as Amazon and Microsoft, also offer cloud-based HSMs that provide secure key management for IaaS services
Applied Cryptography (use of cryptography to secure data at rest, such as that stored on portable devices, as well as data in transit, using techniques that include secure email, encrypted web communications, and networking)
Portable devices
operating systems include disk encryption capabilities that make it easy to apply and manage encryption on portable devices
Microsoft Windows includes the BitLocker and Encrypting File System (EFS) technologies, Mac OS X includes FileVault encryption, and the VeraCrypt open-source package allows the encryption of disks on Linux, Windows, and Mac systems.
TPM used for storage and management of keys used for full disk encryption (FDE) solutions. TPM provides the operating system with access to the keys, preventing someone from removing the drive from one device and inserting it into another device to access the drive’s data.
EMAIL
If you need confidentiality when sending an email message, encrypt the message.
If your message must maintain integrity, you must hash the message.
If your message needs authentication, integrity and/or nonrepudiation, you should digitally sign the message.
If your message requires confidentiality, integrity, authentication, and nonrepudiation, you should encrypt and digitally sign the message.
It is always the responsibility of the sender to put proper mechanisms in place to ensure that the security (that is, confidentiality, integrity, authenticity, and nonrepudiation) of a message or transmission is maintained.
One of the most in-demand applications of cryptography is encrypting and signing email messages
Pretty Good Privacy
Pretty Good Privacy (PGP) secure email system appeared on the computer security scene in 1991.
It combines the CA hierarchy with the “web of trust” concept—that is, you must become trusted by one or more PGP users to begin using the system.
PGP is available in two versions. The commercial version uses RSA for key exchange, IDEA for encryption/decryption, and MD5 for message digest production.
The freeware version (based on the extremely similar OpenPGP standard) uses Diffie-Hellman key exchange, the Carlisle Adams/Stafford Tavares (CAST) 128-bit encryption/decryption algorithm, and the SHA-1 hashing function
commercial providers also offer PGP-based email services as web-based cloud email offerings, mobile device applications, or webmail plug-ins. eg, StartMail, Mailvelope, SafeGmail, and Hushmail.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME has already been incorporated in a large number of commercial product Outlook, Office 365, Thunderbird, MacOSX Mail, GSuite Enterprise edition
S/MIME protocol has emerged as a de facto standard for encrypted email. S/MIME uses the RSA encryption algorithm
S/MIME relies on the use of X.509 certificates for exchanging cryptographic keys. The public keys contained in these certificates are used for digital signatures and for the exchange of symmetric keys used for longer communications sessions.
RSA is the only public key cryptographic protocol supported by S/MIME. The protocol supports the AES and 3DES symmetric encryption algorithms.
Although major desktop mail applications support S/MIME email, mainstream web-based email systems do not support it out of the box (the use of browser extensions is required).
Web Applications
SSL was developed by Netscape to provide client/server encryption for web traffic
Hypertext Transfer Protocol Secure (HTTPS) uses port 443 to negotiate encrypted communications sessions between web servers and browser clients
SSL relies on the exchange of server digital certificates to negotiate encryption/decryption parameters between the browser and the web server.
SSL’s goal is to create secure communications channels that remain open for an entire web browsing session. It depends on a combination of symmetric and asymmetric cryptography.
When a user accesses a website, the browser retrieves the web server’s certificate and extracts the server’s public key from it.
2.The browser then creates a random symmetric key, uses the server’s public key to encrypt it, and then sends the encrypted symmetric key to the server.
3.The server then decrypts the symmetric key using its own private key, and the two systems exchange all future messages using the symmetric encryption key.
TLS supported downgrading communications to SSL v3.0 when both parties did not support TLS. However, in 2011, TLS v1.2 dropped this backward compatibility.
Even though TLS has been in existence for more than a decade, many people still mistakenly call it SSL. For this reason, TLS has gained the nickname SSL 3.1.
In 2014, an attack known as the Padding Oracle On Downgraded Legacy Encryption (POODLE) demonstrated a significant flaw in the SSL 3.0 fallback mechanism of TLS. In an effort to remediate this vulnerability, many organizations completely dropped SSL support and now rely solely on TLS security.
Steganography and Watermarking
Steganography is the art of using cryptographic techniques to embed secret messages within another message
Steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files
Steganographers often embed their secret messages within images or WAV files because these files are often so large that the secret message would easily be missed by even the most observant inspector
Steganography techniques are often used for illegal or questionable activities, such as espionage and child pornography.
Adding digital watermarks to documents to protect intellectual property is accomplished by means of steganography. The hidden information is known only to the file’s creator. If someone later creates an unauthorized copy of the content, the watermark can be used to detect the copy and (if uniquely watermarked files are provided to each original recipient) trace the offending copy back to the source.
Networking
Circuit Encryption
Link Encryption (secure tunnel between two points using either a hardware solution or a software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the other end of the tunnel.)eg; a company with two offices connected via a data circuit might use link encryption to protect against attackers monitoring at a point in between the two offices.
End to End Encryption (protects communications between two parties (for example, a client and a server) and is performed independently of link encryption. )
When encryption happens at the higher OSI layers, it is usually end-to-end encryption, and if encryption is done at the lower layers of the OSI model, it is usually link encryption
Secure Shell (SSH) is a good example of an end-to-end encryption technique
SSH1 (which is now considered insecure) supports the Data Encryption Standard (DES), Triple DES (3DES), and International Data Encryption Algorithm (IDEA), and Blowfish algorithms. SSH2 drops support for DES and IDEA but adds support for several other algorithms.
IPSec
Setting up a secure channel to exchange information between two entities eg systems, routers, gateways, networks
IPsec uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IP-based protocols.
The primary use of IPsec is for virtual private networks (VPNs), so IPsec can operate in either transport or tunnel mode. IPsec is commonly paired with the Layer 2 Tunneling Protocol (L2TP) as L2TP/IPsec
if you want to support a bidirectional channel using both AH and ESP, you will need to set up four SAs
ESP also provides some limited authentication, but not to the degree of the AH. Though ESP is sometimes used without AH, it’s rare to see AH used without ESP.
IPsec relies on security associations, and there are two main components: (1) The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks. (2) The Encapsulating Security Payload (ESP) provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks.
IPsec provides for two discrete modes of operation. When IPsec is used in transport mode, only the packet payload is encrypted. This mode is designed for peer-to-peer communication. When it’s used in tunnel mode, the entire packet, including the header, is encrypted. This mode is designed for gateway-to-gateway communication.
Internet Security Association and Key Management Protocol (ISAKMP)
Provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations
IPsec relies on a system of security associations (SAs). These SAs are managed through the use of ISAKMP
4 basic requirements for ISAKMP, as set forth in Internet RFC 2408
Create and manage security associations
Provide key generation mechanisms
Authenticate communicating peers
Protect against threats (for example, replay and denial-of-service attacks)
WEP
Wired Equivalent Privacy (WEP) provides 64- and 128-bit encryption options to protect communications within the wireless LAN
never use WEP encryption on a wireless network due to flaws in algorithm
TJX security breach in 2007
WPA
Improves on WEP encryption by implementing the Temporal Key Integrity Protocol (TKIP), eliminating the cryptographic weaknesses that undermined WEP.
WPA does not provide an end-to-end security solution
It encrypts traffic only between a mobile computer and the nearest wireless access point. Once the traffic hits the wired network, it’s in the clear again.
WPA2
WPA2, adds AES cryptography
Digital rights management (DRM)
Music DRM
Apple rolled back their use of FairPlay DRM for music sold through the iTunes Store
Currently, the major use of DRM technology in music is for subscription-based services such as Napster and Kazaa, which use DRM to revoke a user’s access to downloaded music when their subscription period ends.
Manufacturers typically do not disclose the details of their DRM functionality due to fears that pirates will use that information to defeat the DRM scheme.
Video DRM
DRM technology that depends on consoles using an active internet connection to verify the game license with a cloud-based service
technologies, such as Ubisoft’s Uplay, once typically required a constant internet connection to facilitate gameplay.
Movie DRM
High-Bandwidth Digital Content Protection (HDCP) Provides DRM protection for content sent over digital connections including HDMI, DisplayPort, and DVI interfaces. While this technology is still found in many implementations, hackers released an HDCP master key in 2010, rendering the protection completely ineffective.
Advanced Access Content System (AACS) Protects the content stored on Blu-Ray and HD DVD media. Hackers have demonstrated attacks that retrieved AACS encryption keys and posted them on the internet.
Ebook DRM/Document DRM
All DRM schemes in use today share a fatal flaw: the device used to access the content must have access to the decryption key. If the decryption key is stored on a device possessed by the end user, there is always a chance that the user will manipulate the device to gain access to the key.
Adobe Systems offers the Adobe Digital Experience Protection Technology (ADEPT) to provide DRM technology for e-books sold in a variety of formats.
Amazon’s Kindle e-readers use a variety of formats for book distribution, and each contains its own encryption technology.
ADEPT uses a combination of AES technology to encrypt the media content and RSA encryption to protect the AES key.
use DRM to protect the security of sensitive information stored in PDF files, office productivity documents, and other formats. Commercial DRM products, such as Vitrium and FileOpen, use encryption to protect source content and then enable organizations to carefully control document rights.
Reading a file, Modifying the contents of a file, Removing watermarks from a file, Downloading/saving a file, Printing a file, Taking screenshots of file content
As you will read in this section, many commercial attempts to deploy DRM on a widespread basis failed when users rejected the technology as intrusive and/or obstructive.
Digital Signature Standard
NIST specifies the digital signature algorithms acceptable for federal government use in Federal Information Processing Standard (FIPS) 186-4, also known as the Digital Signature Standard (DSS)
Federally approved digital signature algorithms must use the SHA-3 hashing functions
DSS also specifies the encryption algorithms that can be used to support a digital signature infrastructure
Standard Encryption Algorithms
Rivest–Shamir–Adleman (RSA) algorithm as specified in ANSI X9.31
Elliptic Curve DSA (ECDSA) as specified in ANSI X9.62
Digital Signature Algorithm (DSA) as specified in FIPS 186-4
Schnorr’s signature algorithm
Nyberg-Rueppel’s signature algorithm