CISSP Course

Cryptography

Presented By:

Iris Levari
GSECTRA

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Agenda

Foundational pieces of Cryptography

History of cryptography

Symmetric and Asymmetric Algorithms

Public Key Infrastructure

Internet and E-Mail Security (the use of

encryption)

Attacks on Cryptography

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Cryptography Services

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Definitions
And
Principles

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 What is Cryptology

Cipher – cryptographic transformation operating with bits or

characters.
Cryptosystem – hardware and/or software implementation of
cryptography.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Cryptography Terms
• Key – for cryptography, a secret value in
the form of a sequence of characters
used to encrypt and decrypt data.
• Key clustering – instance where 2 keys
generate the same cipher-text from the
same plaintext.
• Key space – all possible values used to
construct keys. The larger key space the
better.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Cryptography Terms
• Algorithm – the “magic” formula for hiding
data. It is a precise set of instructions that
tells programs how to scramble and
unscramble data.
• Work Factor – time, effort, and resources
necessary to break a cryptosystem.
• Plaintext/Clear-text– the natural or
human-readable form of a message.
• Cipher-text/Cryptogram– the enciphered,
encrypted, or scrambled for of a
message. CopyrightAll©Rights
2009 by GSECTRA Ltd.
Reserved
 Cryptosystem Strength
• It comes from :
– The algorithm
– Secrecy of the key
– Length of the key
– Initialization vectors
– And how they all work together
• Strength = refers to how hard is to figure out the
Algorithm or a Key (whichever is not made public) used
in the Cryptosystem.
– The goal of the Cryptosystem is to make compromising it too
expensive or time consuming to justify the effort.
• Strength = Work Factor

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Services Provided
• Confidentiality
– Means that the information contained in the message is kept private and only the
sender and the intended recipient will be able to read it
– Denies unauthorized parties access to information.
• Integrity
– Verification that the information contained in the message is not tampered with,
accidentally or deliberately, during transmission
• Authenticity
– Verification that the people with whom we are corresponding actually are who
they claim to be
– Data origin authentication: allowing the receiver to verify the origin of a
received message.
– Entity authentication: allowing the entities of a communication to authenticate
each other.
• Non-repudiation
– There can be no denial on the part of the sender of having sent a message that
is digitally signed

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Cryptography Principles

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Types of Ciphers

1. Substitution Cipher
2. Transposition Cipher
3. Running Cipher
4. Concealment Cipher

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Classical Ciphers

•Rearrange bits or characters in the data,

•e.g., using some geometric pattern.

•Replace bits characters, or blocks of data by

substitutes ,
•e.g., letters are replaced by different letters in the
alphabet.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Substitution Cipher
• A substitution cipher substitutes one piece of information for
another. Rather than just shifting the alphabet an arbitrary
substitution of a cipher letter for each plain letter can be made
• This is most frequently done by offsetting letters of the alphabet.
• Referred to as a “Shift Alphabet”
• Example:
• Caesar cipher
• The algorithm is to offset the alphabet
• The key is the number of characters to offset it.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
The key is sliding everything up by 3,and you get the second row.
Using this LOGICAL SECURITY would be encrypted as:
Plain: LOGICAL SECURITY
Cipher: ORJLFDO VHFXULWB
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Transposition Cipher
• Instead of replacing the characters with other characters, this cipher
type simply changes the order of the characters.

• The key determines the positions that the characters are moved to.

• The key for this cipher is not standard.

• Instead of a list of alphabetic substitutions, it is a mapping order.

• Such as (1,2,3,4,5)=(3,4,5,2,1).

• For example:
• “DAVID”  “VIDAD”
D A V I D
1 2 3 4 5
3 4 5 2 1
Copyright © 2009 by GSECTRA Ltd.
V All RightsIReserved D A D
Transposition Cipher

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Transposition Cipher
• Frequency Analysis – frequency of letters
per language in the English language, the
most commonly used letter is E.
• Today’s symmetric algorithms use substitution
and transposition methods in their encryption
processes. the mathematics used are complex
so simplistic frequency-analysis attacks are not
successful.
• Simple substitution and transposition ciphers
are vulnerable to attacks that perform
Frequency Analysis
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
Frequency attack

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
XOR Operation

Message 01011010 ASCII = Z

Key stream 01100011 ASCII = C
Cipher text 00111001 ASCII = 9

Message 00111001 ASCII = 9

Key stream 01100011 ASCII = C

Cipher text 01011010
Copyright © 2009 by GSECTRA Ltd.
ASCII = Z
All Rights Reserved
Encipherment Modes

•Message broken into blocks, each block encrypted

separately
•Blocks of identical plaintext have identical cipher-text
•Replay and substitution attacks easier

•Stream Ciphers - Message broken into characters or

bits and enciphered with a “key stream”
•Key stream - should be random and generated
independently of the message stream
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
Block Cipher

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Stream Cipher
• Bits generated by
the keystream
generator are
XORed with the
bits of the
plaintext
message.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Stream Cipher
• The sender and receiver must have the same key to
generate the same keystream.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Initialization Vector
• Initialization vectors (IVs) are random values that are used with
algorithms to ensure patterns are not created during the encryption
process
• None secret binary value used for initializing input for the
encryption of plain text block sequence to increase security by
introducing additional randomness into the process.
• If IVs are not used, then two identical plaintext values that are
encrypted with the same key will create the same ciphertext
• IV and key are both used by the algorithm to provide more
randomness to the encryption process
• Stream ciphers require a lot of randomness and encrypt individual
bits at a time. requires more processing power than block ciphers
require, which is why stream ciphers are better suited to HW
implementation

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Initialization Vector

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Key Terms
Block Ciphers use Confusion and
Diffusion in their methods.

• By substitution, accomplished by the complexity

of the algorithm and not knowing the Key Value.

•By transposition, is accomplished by putting bits

within the plaintext through many different functions
so that they are dispersed throughout the algorithm.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Running Cipher
• Is a type of polyalphabetic substitution cipher in
which a text, typically a pre-selected book or
newspaper, is used and:
– The secrecy Key indicates the source, page
number(s), line number(s), and word number(s).
• Example:
– I’m running late 4 work 2 night too
• I- first shelf
• Running – the name of the book
• 4 – page number
• 2 – line number
• Too (2) – word number

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Concealment Cipher
• It hides a message in a longer message.
• A paragraph is sent to you containing an
embedded secret message
• Example: agreed upon key is to use every third
letter.
• In order to decrypt the messages, you’ll need to
select every third letter.
• Cipher text: ”The time is right’ is not cow language, so
is now a dead subject.”
• Clear text: “The right cow is dead.”

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Steganography
• A method of hiding data in another media so that the
data’s very existence is concealed.
– How does it works?
• Computer files (jpegs, MP3, mpegs etc) contain unused or
insignificant areas of data…
• Steganography takes advantage of these areas, replacing
them with information.
• The files can then be exchanged without anyone knowing
what really lies inside them
– Web Bugs – malicious version of Steganography

• Can be used to insert concealed digital watermarks

• Steganography does not use algorithms or keys to
encrypt data…it hides data within another object.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Steganography

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Steganography
• Pictures appear the same
• Picture on right has text of 5 Shakespeare
plays
– encrypted, inserted into low order bits of color values

Hamlet, Macbeth, Julius Caesar

Zebras
Merchant of Venice, King Lear

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Modern
Cryptography
1. Symmetric
2. Asymmetric

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
DES 3DES AES RC4

Symmetric
Cryptography

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Key Algorithm
Alice Bob

Private (Secret) Key Private (Secret) Key

• Also known as “Secret key” or “Private key”
• It involves a single secret (Symmetric) key
• Both the sender and the recipient must have this
secret key
• It is used by the sender to encrypt the message
and by the recipient to decrypt it. •Symmetric Key
•Shared Secret Key
Copyright © 2009 by GSECTRA Ltd. •Session Key
All Rights Reserved
 Symmetric Encryption
Clear-text input Cipher-text Clear-text output
“An intro to “AxCvGsmWe#4^,s
“AxCvGsmWe#4 “An intro to
PKI and few dgfMwir3
dgfMwir3:dkJeTsY8
:dkJeTsY8 PKI and few
deploy hints” R\s@!q3
s@!q3%” deploy hints”

DES DES
Encryption Decryption

Same key
(shared secret)

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Key
• Very Fast
Advantages
– Are mathematically fast
• Large amounts of data can be encrypted in very little time
• Relative to math intensive asymmetric cryptosystems
– Able to implement in hardware rather then software
• Strength
– Providing sufficiently large keys, very difficult to
break
• Many algorithms to use
– Many of them are freely available

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Key Disadvantages
• Key Management Issues (Negotiation, Exchange, Distribution)
– The same secret key has to be possessed by both parties
• Requires a secure mechanism to deliver keys
• Poor Scalability
– If all end users need to talk to every other user then the number of
keys becomes large
– N(n-1)/2
• For 50 users = 1255 key pairs
• For 100 users = 4950 pairs
• Limited Security
– Provides confidentiality and some integrity
– Does not provide non repudiation services
– When combined with a Message Authentication Code – Message
Integrity and sender Authentication are provided

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Encryption Algorithms

DES
•Developed by IBM in 1972
•Never approved for national security applications

• Single chip (hardware) implementation

• Most implementations now software
• 16 rounds of transpositions & substitutions
• Standard for unclassified government data
• Symmetric, private key
• Encrypts and decrypts blocks of 64 bits under
a 56-bit key
– The other 8 bits, which are not used by the
algorithm, are used for error detection
• Single DES encryption is no longer considered
secure.
• Triple DES(3DES) encryption is
recommended.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Encryption Algorithms

DES Operating Modes

DES has 5 operating modes:
• ECB – Electronic Code Book mode
• CBC – Cipher Block Chaining mode
• CFB – Cipher Feedback mode
• OFB – Output Feedback mode
• CTR – Counter mode

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Encryption Algorithms

3DES
• Is an interim solution from NIST to provide a stronger
solution than DES…while a stronger, more efficient
algorithm was approved

• 2DES was evaluated and dismissed due to inherent

vulnerabilities that made its work Factor about the same
as DES
• 3DES uses 48 rounds of transposition and substitution
functions in its computation
– This makes it highly resistant to differential cryptanalysis
• Is approximately 256 times stronger than DES

• Downside: 3DES is more processor intensive then DES

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Encryption Algorithms

3DES
3DES works in 4 different modes:
• DES-EEE3
– Uses 3 different keys for encryption
• DES-EDE3
– Uses 3 different keys and it encrypts:
decrypts:encrypts
• DES-EEE2
– Uses 2 different keys and the first and last encryption
use the same key
• DES-EDE2
– Uses 2 different keys and the first and last encryption
use the same key
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
DEMO-DES

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Encryption Algorithms

AES
Advanced Encryption Standard = Rijndeal
Specified in FIPS 197 (Federal Information Processing
AES - Standard),2001
Symmetric block-cipher (128, 192 or 256 bits) with
variable keys (128, 192 or 256 bits, too)

Depending on the key size 10,12 or 14 rounds of

encryption are used.
It can be implemented very effectively in both
hardware and software
Supports multiple block sizes between 128 and 256
bits, although only uses the 128 bit block size.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
DEMO-AES

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Algorithms
Block Ciphers Algorithms
•RC 5 = Designed by Ron Rivest in 1994.
•It supports block sizes of 32, 64 and 128 bits and key sizes up to 2040 bits

•RC 6 = Also designed by Ron Rivest , and similar to RC5.

•It was a finalist for AES but lost to Rijandael. Also patented by RSA.

•Blowfish = designed by Bruce Schneier in 1993.

•It supports block sizes of 64 bits and key sizes between 32 and 448 bits
•It is considered one of the fastest block cipher algorithms, but it requires more
memory than others, making it less suitable for constrained devices.
•It was never patented: Shneier put it into the public.
•Twofish = designed by a large team, including Schneier.
•Related to Blowfish but uses a larger 128 bit block size and key size upt to
256 bits.
•It is comparable to Rijandael in speed although it is a little slower when using
Copyright © 2009 by GSECTRA Ltd.
128 bit keys. All Rights Reserved
 Symmetric Algorithms
Block Ciphers Algorithms
•CAST = patented by Entrust, but available for commercial and non-commercial use.
•CAST-128 uses a 64-bit block size and a 128-bit key size.
•CAST-256 was a candidate for AES and uses a 128-bit block size and a 128 to 256-bit
key size
•SAFER = Secure And Fast Encryption Routine
•A family of block ciphers designed by James Massey (who co-created IDEA).
•It was a finalist for AES but lost to Rijandael. Also patented by RSA. Uses 64 and 128-
bit block size
•IDEA= International Data Encryption Algorithm . (intended as a replacement for
DES)
•It supports block sizes of 64 bits and key sizes between 128 bits
•Was used in PGV v2, and is an option in Open PGP.
•SERPENT= designed by Ross Anderson, Eli Biham and Lars Knudson as a candidate
for AES. (was 2th place)
•It supports block sizes of 128 bits and key sizes of 128, 192 and 256 bits

•Skipjack = developed by the U.S. National

Copyright Security
© 2009 (initially classified)
Agency. Ltd.
by GSECTRA
•It supports block sizes of 64 bits and key
All sizes
RightsofReserved
80 bits
 Symmetric Algorithms
Stream Ciphers Algorithms
•RC4 = Was created by Ron Rivest of RSA security in 1987..
•One of the most common stream-based ciphers used today including in applications such as:
•TLS (Transport Layer Security)
•WEP (Wired Equivalent Privacy)
•WPA (WiFi Protected Access)
•TKIP (Temporal Key Integrity Protocol)
•Microsoft XBOX
•Oracle, SQL,
•Microsoft PPTP, Microsoft Office
•Adobe Acrobat
•Unfortunately, it is often implemented incorrectly (as in WEP), and even when implemented
correctly is still subject to modification attacks. This is part of the reason why is not accepted by
NIST

•Rabbit = high-speed stream cipher first presented in February 2003

•uses a 128-bit key and a 64-bit initialization vector
•The cipher was designed with high performance in software in mind
•However, the cipher also turns out to be very fast and compact in hardware

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Public Key Cryptography

•Asymmetric Basics
•RSA
•Diffie-Hellman
•ElGamal

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Key Issues
How to distribute the keys
securely?

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Key
Message Common key
Message

Encrypted Message
A Encrypt Decrypt
B
Eavesdropper

• Problems:
– Alice and Bob must agree on the secret key without anyone else
finding out
– Anyone who intercepts the key in transit can later read, modify,
and forge all messages encrypted using that key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Asymmetric Key Cryptography
Alice Bob
Public Key Public Key
Private Key Private Key

• It involves 2 mathematically related keys known as a key-pair

– A key-pair consists of a private key and public key
– Only the owner knows/have the private key
• MUST be kept confidential
• Typically kept in a secure store (smart card)
• Anyone can know the public key
• The public key is derived from the private key
– One way mathematical link
– The private key cannot be deduced by analyzing the public key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Asymmetric Key Advantages
• Key management is simplified
– Only one party need to know the private key
– Knowledge of the public key does not compromise
the security of message transmission
– Better key distribution mechanism
– Better scalability than symmetric key
– Can provide:
• Confidentiality (though not feasible for large amount of data)
• Authentication
• Non-repudiation
• Identification
• Key Exchange
• Digital Signature

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Asymmetric Key services
Confidentiality: To send private data, encrypt it with the recipient’s
public key
@#$%%^^@@#$$%^
Encrypt PP(%@$)C$WEQ%# Decrypt
(%*^&#$$%@$@#($$

Bob Alice

Alice Public Key Alice Private Key

Authentication & None Repudiation: To authenticate, encrypt

private data with sender’s private key
@#$%%^^@@#$$%^
Encrypt PP(%@$)C$WEQ%# Decrypt
(%*^&#$$%@$@#($$

Bob Alice

Bob’s Private Key Bob Public Key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Key Distribution

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Asymmetric Key Disadvantages

• Slower…than symmetric
– 100 to 1000 times slower
– Due to the mathematical complexity
associated with asymmetric cryptography
• Key sizes must be relatively large

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Asymmetric Encryption Algorithms
•Invented by Rivest, Shamir & Adleman of MIT in 1977
•Best known & widely used public-key scheme

RSA •Security due to cost of factoring large numbers

•RSA is much slower than AES and other symmetric key algorithms

•RSA is much slower than AES and other symmetric key algorithms
•It has an unlimited adjustable key size
•1024-bit are considered baseline for security, although larger key sizes
(2048-bit and 4096-bit) are recommended.
•As key size increases, computing cost increases.

•Provides the following services:

•Encryption
•Digital Signatures
•Key Distribution
•Can be implemented in both software and hardware.
•Hardware:
1. Cryptoprocessors for smartcards
Copyright © 2009 by GSECTRA Ltd.
2. Hardware acceleratorsAll Rights Reserved
 Key Exchange Protocol
•Diffie-Hellman = Key Exchange Protocol
•The first public-key cryptosystem
• key exchange method allows two parties that have no prior knowledge of each other to
jointly establish a shared secret key over an insecure communications channel. This key
can then be used to encrypt subsequent communications using a symmetric key cipher
•Implementations: IKE IPSEC VPN

Preventive – Administrative

Preventive – Technical

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Alice Bob

Calculat
Calculat Sends Public Secret
Secret Public es
es

a b
p, g p,g

a p, g, A ga mod p, g b
A
p=A

gb mod p, g, A,
a p, g, A B b
p=B B

p, g, A, Ba mod Ab mod p, g, A,
a, s B p=s p=s B b, s

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Key Exchange Protocol
1. Alice and Bob agree to use a prime number p=23 and base g=5.
2. Alice chooses a secret integer a=6, then sends Bob A = ga mod p
1. A = 56 mod 23
2. A = 15,625 mod 23
3. A=8
3. Bob chooses a secret integer b=15, then sends Alice B = gb mod p
1. B = 515 mod 23
2. B = 30,517,578,125 mod 23
3. B = 19
4. Alice computes s = B a mod p
1. s = 196 mod 23
2. s = 47,045,881 mod 23
3. s=2
5. Bob computes s = A b mod p
1. s = 815 mod 23
2. s = 35,184,372,088,832 mod 23
3. s=2
6. Alice and Bob now share a secret: s = 2. This is because 6*15 is the same as 15*6. So somebody
who had known both these private integers might also have calculated s as follows:
1. s = 56*15 mod 23
2. s = 515*6 mod 23
3. s = 590 mod 23
4. s = 807,793,566,946,316,088,741,610,050,849,573,099,185,363,389,551,639,556,884,765,625 mod 23
5. s=2
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Asymmetric Encryption Algorithms
•EL GAMAL
•Based con calculating discrete logarithms in finite field.
•Big advantage = It has not been patented yet, therefore, can be freely used.
•Its big disadvantage is that the ciphertext created using ELGAMAL is twice the size of
the original plaintext.Used in the latest version of PGP.

•ECC = Elliptic Curve Cryptography

Preventive
•Uses an algebraic system defined on points – Administrative
of an elliptic curve to provide public-key
algorithms.
•It can be used for key negotiation, data encryption, and digital signatures.
•It is very fast and efficient and has small key sizes.
•ECC smaller key sizes offer roughly the equivalent strength to larger RSA keys (such as
1024-bit RSA = 160-bit ECC).
•It is very suitable for resource-constrained applications, wireless device encyption

•Merkle-Hellman Knapsack
•Was one of the earliest public key cryptosystems invented by Ralph Merkle and Martin
Hellman in 1978.
Preventive – Technical
•Simpler than RSA but has been broken.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Digital Signature Algorithm
• Is a United States Federal Government standard or FIPS for digital
signatures.
• It was proposed by the National Institute of Standards and Technology
(NIST) in August 1991 for use in their Digital Signature Standard (DSS),
specified in FIPS 186 adopted in 1993

Digital Signature Standard (DSS)

1. Uses one-way Secure Hash Algorithm (SHA-1) producing a digest
2. Digest in “encrypted” with sender’s private key and attached to file
3. Receiver “decrypts” digest with senders public key
4. Receiver recalculates a digest from transmitted message
5. Message integrity is demonstrated when the 2 values match
• Uses secure hash algorithm
• Condenses message to 160 bits
• Key size 512 - 1024 bits
• Proposed by NIST in 1991
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Asymmetric – Key Size, Usage
Security (Bits) Encryption Algorithm Usage

768,1024 RSA Encrypt, Digital Signing,

Key Exchange
768, 1024 EL GAMAL Encrypt, Digital Signing
Key Exchange
512-1024 DSA Digital Signing

768, 1024 Diffie-Hellman Key Agreement Protocol

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Digital Envelope

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Hybrid Use
• Also called “Digital Envelope”
– It uses both Symmetric and Asymmetric encryption

• Public/Private (asymmetric) key is used for

keys distribution and protection of symmetric
encryption keys

• Secret (symmetric) key used for message or

communication path (bulk) encryption

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Public Key Encryption
Symmetric keys encrypt data; = Private Key
Public keys encrypt symmetric keys = Public Key

= Symmetric Key
Alice

Bob
Generate
Encrypt Encrypted
Sym Key
Message Message

Encrypt Encrypted
Sym Key Sym Key

Encrypt with Bob’s Public Key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Public Key Decryption
= Private Key

= Public Key

Bob = Symmetric Key

Encrypted Decrypt
Message Message

Encrypted Decrypt
Sym Key Sym Key

Decrypt with Bob’s Private Key

Public key and symmetric key cryptography

are complementary technologies
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Question
• When using public key encryption to secure
data being transmitted across the network:
a. Both the key used to encrypt and decrypt the
data are public
b. The key used to encrypt is private, but the key
used to decrypt the data is public
c. The key used to encrypt is public, but the key
used to decrypt the data is private
d. Both the key used to encrypt and decrypt the
data are private

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Hashing

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Message Digests
• A fingerprint or message
digest of a message or
file, can be made, by
means of a hash function.
• Hash functions are public,
standardized functions.
• Provides Integrity: to
determine whether a
message has changed in
transit.
• 1 bit change in source
message results with
more than 1 bit change
in fingerprint
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Hash Functions
It was the best of times, It was the best of thymes,
it was the worst of times it was the worst of times

Small Difference

Hash Function Hash Function

Large Difference

3au8 e43j jm8x g84w b6hy 8dhy w72k 5pqd

A small modification in a message, leads to a completely different

message digest.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Common Hash Functions
•Message Digest = MD2, MD4, MD5
•A family of hash functions developed by Ron Rivest
•MD2 = is the slowest (still used in RSA and in Certificates but not in OpenSSL& GNUTLS)
•MD4 = broken
•MD5 = broken
•128-bit hash value. All of above functions accept a message of arbitrary length and
compute a fixed-length 128-bit hash value.

•Secure Hash Algorithm (SHA)

•SHA-1 (1994) = 160 bit hash value
•SHA-256 = suitable for the same kinds of messages as SHA-1 but are less likely to
have a collision with other documents.
•SHA-384 and SHA-512 – designed for much larger messages
•FIPS standards require SHA-512
•The number indicates the size of the resulting hash.
•HAVAL
•Created in 1992. Preventive – Administrative
•It differs from most widely accepted hash algorithms in that it can produce a variety of
hash output lengths (128 bits, 160 bits, 192 bits, 224 bits, 256 bits)
•Some vulnerabilities (collisions) have been found in the 128-bit version

Preventive
•RIPED – Race Integrity Primitives Evaluation Message– Digest
Technical
•Developed in Belgium in 1990’s.
•Like HAVAL, it’s available in a variety of hash lengths (128 bits, 160 bits, 256 bits, 320
bits) Copyright © 2009 by GSECTRA Ltd.
•Still not widely used like SHA. All Rights Reserved
 MIC & MAC
Integrity Control
•Message Integrity Controls (MIC):
•Detect alterations (whether intentional or unintentional) to a message during
transmission.
•MIC = special value that is calculated based on the message contents and added to
the message to be sent.
Integrity & Data Origin Or System Authentication

•Message Authentication Code (MAC)

•Used to authenticate a message by using a secret key as an input with which
to produce a tag.
•The tag can be verified by users (who also possess the secret key), thereby
providing both the authenticity and the integrity of the message.
•MAC is different from MIC in that the MIC does not use a secret key and can,
therefore, only verify integrity.
•MAC can detect unauthorized modification of the message, whereas, MIC
cannot. Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 MIC
Integrity Control

Message Integrity Controls (MIC) Creation

Sender:
•Message put into hashing algorithm
•Result message digest value (MD)
•MD added to the message and sent to the receiver
Receiver:
Message is put through the same hash algorithm
Result is independent message digest value
Receiver compares the 2 MD values
If they are the same receiver is assured that message has not been modified

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 MIC

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Non-Keyed
Message Integrity Controls
• Encryption alone does not provide message integrity.
• Condenses a variable length message into a fixed length
message digest
• Digest is a uniquely derived and should have these
characteristics
– One-way – original file cannot be derived from digest
– Digest is calculated using all of the original file
– 2 files should not have the same digest
– Message digest uniquely represents original message
• No other file should generate the same digest

• Called Non-Keyed message digest

– Message Integrity Codes (MICs) and does not use share secret key to
encode.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Weakness In Using Only
Hashing
Man in the middle attack
Algorithms
• Bob send Alice a message with an attached MD
• Mike intercept the message, modifies it and calculate a new MD
attach it to the message and sends it to Alice
• Alice receives the message, creates a MD, and then compare it to
the value that was added to the message
• Alice has no idea that Mike modified the message

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Keyed Hashing (MAC) for
Authentication and Integrity
• More authentication then “Secret
MIC Key”
• Secret key and message
are hashed together
• Recomputation of digest Hash
Function
verifies that the message
originated with the peer
and that the message was
not altered in transit
983lna
983 lna9458
9458hk
hk7436
7436gq
gq

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Keyed
Message Authentication Controls

• Message Authentication Code (MAC) is a Keyed Message Digest

(checksum)
• Hash algorithm + key to make hash value dependant on the key
• Naming: hash + key = HMAC-hash
– MD5 1 HMAC-MD5
– SHA-1 1 HMAC-SHA (recommended)

• Combines a message digest with a secret (symmetric) key and

provides Message Integrity and Sender Authentication
– Requires the sender and receiver to share a secret key
– The message is not signed (asymmetric crypto), it is concatenated (to
arrange strings of characters into a chained list) with a secret key
(symmetric crypto)
– The receiver already knows the secret key, so the message can be
authenticated with the other secret key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Keyed
Message Authentication
Controls

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 MAC
Integrity & Source Authentication Data Origin Or
System Authentication
Message Integrity Controls (MIC) Creation
Sender:
•Message & Secret key are put into hashing algorithm
•Result message digest value (MAC)
•MAC added to the message and sent to the receiver
Receiver:
Message & Secret key are put through the same hash algorithm
Result is independent message digest value (MAC)
Receiver compares the 2 MAC values
If they are the same receiver knows that s that message has not been modified
and knows what system it came from

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Digital Signatures
Providing Data Authenticity and Non repudiation
• After a message was out through hashing algorithm the
MD is encrypted with the sender private key.
• Receiver validates the digital signature by decrypting it
with the sender’s public key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Public Key Infrastructure

•PKI Components
•Digital Certificate
•Digital Signatures
•PKI Implementations
•ECC

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 PKI
Public Key Infrastructure = PKI
• The architecture, organization, techniques, practices, and
procedures that collectively support the implementation
and operation of a certificate-based public key
cryptographic system

• The PKI consists of systems which collaborate to provide

and implement the certification system and possibly other
related services.

• Establishes and enforces a “Trust Model” where you trust

the issuing certificate authority

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 PKI
• Is a system of
– Digital Certificates
Third Party Trust
– Certificate Authorities (CA) Model
– Registration Authorities (RA)
– Certificate Repositories
– Asymmetric, Symmetric cryptosystems
– Other Hardware and Software

• PKI supplies the following services:

– Confidentiality
– Access Control
– Integrity
– Authentication
– Non-Repudiation
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 PKI Main Components
• Certification Authority (CA)
– An entity that issues and revokes public key
certificates
– Establishes a digital “Trust Model”
• Registration Authority (RA)
– Registers users and authenticates users to
a CA
– Authorized to act as an “Agent” of the CA
to offload burden of issuing certificates
• Public Key Certificate (Certificate)
– Binds an “identity” to a public key-pair
– Mechanism for describing trust
relationships in a PKI
– Signed by the issuing CA
X.509
Copyright © 2009 by GSECTRA Ltd. certificate
All Rights Reserved
 PKI Main Components

Digital Certificate
• A digital form of identification
• Similar to a passport or driver’s
licence
• Binds subject’s public key (a
mathematical value) to one or
more attributes relating to their
identity
• A certificate is valid for a period of
time, (often one, three or ten years)
• Certificates can do different things.
• For example:
• Encrypt a document
• Sign a document – for non-
repudiation
• Secure a WWW server
• Provide authentication - Enable the
holder to access a corporate
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Public-Key Certification
User Certificate

Serial No.
Certificate
User
User Name Database
Name &
other
credentials User’s Email
Signed Address
by using
Certificate CA’s
License issued
User’s Publis by CCA
Request private
Public Key h
User’s key User 1 certificate
Public CA’s Name
key User 2 certificate
Certificate .
Class
Public
Public
Private Validity Web site of CA
Digital
Signature
Key pair of CA
Generation

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Certification Process
The Private key & certificate
Generate Key Pair are placed on a SmartCard

Dr. Jane

User’s Name
Issuer’s Name
Serial Number
Validity Dates
Extensions

CA’s digital
signature

Generate Certificate Directory (User data, Certificate, CRLs)

Apply policies & Dr. Jane

procedures Verify Identity & Application for a digital ID
Approve request
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Digital Certificate Issues
• Certificate issue
• Certificate revocation
• Certificate renewal
• Certificate expiration
• To manage the certificate lifecycle, a public key
infrastructure must provide mechanisms to support the
following management activities:
– Enroll users and computers for certificates.
– Distribute certificates for public use.
– Publish certificate revocation lists (CRLs).
– Renew certificates.
– Maintain a certificate audit trail.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Types of Certificates
• Root or Authority certificates
These are self signed by the CA that created them
• Institutional authority certificates
Also called as “campus certificates”
• Client certificates
These are also known as end-entity
certificates, identity certificates, or personal
certificates.
• Web server certificates
used for secure communications to and from
Web servers

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Why do we need a CA?
• A digital signature ensures that the document originated
with the person signing it and that it was not tampered
with after the signature was applied.

• However, the sender could still be an impersonator and

not the person he or she claims to be.

• To verify that the message was indeed sent by the person

claiming to send it requires a digital certificate (digital ID)
which is issued by a trusted third party known as the
Certification Authority (CA).

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Public Key Encryption

Alice

Bob

Generate Encrypt Encrypted

Sym Key Message Message

Encrypt Encrypted
Sym Key Sym Key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 PKI Main Components
• Certificate Repository (Directory)
– Maintains certificates and certificates revocation lists (CRL)
• X.500,LDAP,

• Clients
– Software that includes the mechanisms necessary to:
– Properly enforce the trust model of the CA or
– Negotiate a session key
• Certificate Revocation Lists (CRL)
– Certificates revoked by issuing CA are placed into a CRL
– Revoked for several reasons
• Private key lost or compromised
• Certificate owner leaves organization or changes name
• Certificate owner information changes
– CRL is in the open so it can be checked when certificates need to
be validated
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 ‫‪Certificate Policy Statement‬‬
‫מדיניות הנפקת תעודות‬
‫• מסמך עקרונות המתאר את מדיניות אבטחת המידע‬
‫הנהוגה בתהליך הנפקת התעודות ותחזוקת המידע‬
‫על מצב התעודות‪.‬‬
‫• מתארת את תחומי פעילות ה‪.CA -‬‬
‫• מגדירה את אחריות המשתמשים לבקשה‪ ,‬שימוש‬
‫ואחזקה של תעודות ומפתחות‪.‬‬

‫‪Copyright © 2009 by GSECTRA Ltd.‬‬

‫‪All Rights Reserved‬‬
 ‫‪Certification Practice Statement‬‬
‫הצהרת פעילות ההנפקה )‪(CPS‬‬
‫• מסמך מפורט המגדיר את השימוש במדיניות‬
‫ההנפקה )‪ (CP‬ע"י ה‪.CA -‬‬
‫• מגדירה את המנגנונים והתהליכים המופעלים כדי‬
‫לקיים את מדיניות אבטחת המידע‪.‬‬
‫• המסמך מהווה למעשה את מדריך המשתמש של‬
‫ה‪.CA -‬‬

‫‪Copyright © 2009 by GSECTRA Ltd.‬‬

‫‪All Rights Reserved‬‬
 CA Models
• Hierarchical Model
– Root Structure
• Root – CA initiates all trust paths, basis of trust,
principle CA for hierarchical domain
• Subordinate – CA receives certification from superior
CA
– Does not initiate trust paths
– May have down-level subordinate CA’s to which it issues
certificates

• Peer Model – CA’s in mesh domain

– Peers cross-certify with each other within a
domain
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 PGP’s Web of Trust
• Public / private keys with an attached
name, email address, and optional photo.

• No centralized CA to sign keys.

– PGP users sign keys when they’ve verified the
owner’s identity, so in essence each PGP user
is acting as a CA.
– Your trust of a public key is related to how many
signing “hops” you are away from that key and
how much you trust each signer along the
route.

• Decentralized key distribution – users send

keys.
– Key servers have popped up to fill the role of
the CA in key distribution.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Key Management Issues
• Key Generation
– Proper generation of crypto keys
• Key Distribution
– Once key-pairs are generated, how to get to user/owner securely
– Registration process – how to register key pair owners and ensure
intended owners gets intended key pair
• Key Use/Storage
– Private keys need special physical protection; tamper proof
envelopes
• Key Revocation
– If a key is compromised or owner status changes, a mechanism is
needed to revoke keys
– Verification process to ensure owners key hasn’t been revoked (is
still valid)
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Key Management Issues
• Key Recovery
– Avoids encrypted data being rendered irretrievable by lost/corrupted
keys
– Backup copies of central/root keys
– All key components available to organization
• Key Escrow
– Commercial Key recovery application using 3rd party agent
• Key Archiving
– Save keys, for long period – the timeframe when the key can be used
for signature, signature verification, encryption, or decryption
• Key Destruction
– Different users and applications warrant different key lifetimes
– Balance destruction/reissue cycles with burden against key
compromise
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Digital Signature

Digital Signature

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 What is Digital Signature?
• Hash value of a message when encrypted with the
private key of a person is his digital signature on that e-
Document
– Digital Signature of a person therefore varies from
document to document thus ensuring authenticity of
each word of that document.
– As the public key of the signer is known, anybody can
verify the message and the digital signature

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Digital Signature
It’s purpose is to:
•Authenticate identity of sender
Original Message •Assure integrity of message
•Provides non-repudiation

Signed Message

Hash Algorithm
Makes “Digest”

DIGEST Encrypt PIFERQ

PP(%@$)C$WEQ%# (%*#%(^%&#*($%
(%*^&#$$%@$@#($$ “”:EJD*^%()#&#($$

Private Key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Verifying Digital Signature

Signed Message Signature

PIFERQ DIGEST
(%*#%(^%&#*($% Decrypt PP(%@$)C$WEQ%#
“”:EJD*^%()#&#($$ (%*^&#$$%@$@#($$

Make
Public Key
New “Digest”

DIGEST
PP(%@$)C$WEQ%#
=?
(%*^&#$$%@$@#($$

Only the sender’s private key

can encrypt a digest that will match
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Complete Signed Document

Document

PIFERQ
(%*#%(^%&#*($%
“”:EJD*^%()#&#($$
Encrypted Digest

Sender’s Certificate

Document can be verified with

certificate and CA’s public key
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Digital Signature
Verification of
Signed
certificates & signatures
document

Compare

Institution (Server side)

Signed
document
Unique digest

Dr. Jane
Encrypted Digest

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Paper signatures
VS
Digital Signatures
Parameter Paper Electronic

Authenticity May be forged Can not be copied

Integrity Signature Signature depends

VS independent of the on the contents of
document the document

Non- a. Handwriting a. Any computer

expert needed user
repudiation b. Error prone b. Error free

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Private key protection

• The Private key generated

is to be protected and kept
secret. The responsibility
of the secrecy of the key
lies with the owner.

• The key is secured using

– PIN Protected soft token

– Smart Cards
– Hardware Tokens

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
PIN protected Soft Tokens

• The Private key is encrypted

and kept on the Hard Disk in
a file, this file is password
protected.
• This forms the lowest level
of security in protecting the
key, as
– The key is highly reachable.
– PIN can be easily known or
cracked.
• Soft tokens are also not
preferred because
– The key becomes static and
machine dependent.
– The key is in known file
format.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Smart Cards
• The Private key is generated in
the crypto module residing in the
smart card.

• The key is kept in the memory of

the smart card.

• The key is highly secured as it

doesn’t leave the card, the
message digest is sent inside the 1000 '‫מס‬
card for signing, and the ‫ ישראל‬:‫שם משפחה‬
signatures leave the card. ‫ ישראלי‬:‫שם פרטי‬
‫ משה‬:‫שם האב‬
‫ רחל‬:‫שם האם‬
• The card gives mobility to the
19.04.1931 :‫תאריך הלידה‬
key and signing can be done on 1234567 :‫מספר זהות‬
any system. (Having smart card ‫ ישראל‬:‫מקום הלידה‬
reader) ‫ יהודי‬:‫הלאום‬ ‫ זכר‬:‫המין‬
10.02.2010 ‫ קומסיין‬:‫ניתנה ב‬

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Applications That Use a PKI

Digital Smart Card

Signatures Logon
Encrypting
File System

Internet Secure
Authentication E-mail
Certificate Services

Software
Software Code Signing
Restriction Policy

… IP Security

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Question
• The feature of a digital signature that
ensures the sender cannot later deny
generating and sending the message is
called:
a. Data integrity
b. Authentication
c. Non-repudiation
d. Replay protection

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Question
• Which of the following are required by
digital signatures?
a. Signer to have a public key and the receiver
to have a private key
b. Signer to have a private key and the
receiver to have a public key
c. Signer and receiver to have a public key
d. Signer and receiver to have a private key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Question
• In a PKI environment, which of the
following manages the digital
certificate life cycle to ensure
adequate security and control exist in
digital signature applications related to
e-commerce?
a. Registration Authority (RA)
b. Certificate Authority (CA)
c. Certification Relocation List (CRL)
d. Certification Practice Statements
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Question
• During an audit of an enterprise that is dedicated to e-commerce,
the IS manager states that digital signatures are used when
receiving communications from customers. To substantiate this, an
IS auditor must prove that which of the following is used?
a. A biometric, digitalized and encrypted parameter with the
customer’s public key
b. A hash of the data that is transmitted and encrypted with the
customer’s private key
c. A hash of the data that is transmitted and encrypted with the
customer’s public key
d. The customer’s scanned signature encrypted with the customer’s
public key

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Question
• Which of the following encrypt/decrypt steps provides
the greatest assurance of achieving confidentiality,
message integrity and non-repudiation by either sender
or recipient?
a. Recipients use their private keys to decrypt the secret
keys
b. The encrypted prehash code and the message are
encrypted using a secret key
c. The ecnrypted prehash code is derived
mathematically from the message to be sent
d. Recipients use sender’s public keys, verified with a
certificate authority, to decrypt the prehash code

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Question
• Use of asymmetric encryption in an Internet e-
commerce site, where there is one private key for the
host server and the public key is widely distributed to
the customers, is most likely to provide comfort to the:
a. Customer over the authenticity of the hosting
organization
b. Hosting organization over the authenticity of the
customer
c. Customer over the confidentiality of messages from
the hosting organization
d. Hosting organization over the confidentiality of
messages passed to the customer

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Question
• Email message authenticity and confidentiality
is best achieved by signing the message using
the:
a. Sender’s private key and encrypting the
message using the receiver’s public key
b. Sender’s public key and encrypting the
message using the receiver’s private key
c. Receiver’s private key and encrypting the
message using the sender’s public key
d. Receiver’s public key and encrypting the
message using the sender’s private key
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Question
• Applying a digital signature to data
traveling in a network provides:
a. Confidentiality and integrity
b. Security and non-repudiation
c. Integrity and non-repudiation
d. Confidentiality and non-repudiation

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Internet Security using
Encryption

•HTTPS
•S-HTTP
•SSL/TLS
•IPSEC
•S/MIME
•PGP
•SSH

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Internet Security
• HTTPS – Hypertext Transfer Protocol Secure
– Variation of HTTP providing encryption through a secure port using
SSL
– Protects the communication channel between 2 computers
– Connection oriented using TCP, not UDP
– Supports persistent connection to save bandwidth and CPU time
– Supports pipelining so browsers can queue requests for images

• S-HTTP – Secure Hypertext Transfer Protocol

– Message oriented protocol – protects the message
– Supports encryption of Web documents employing RSA public key
technology
– Provides confidentiality, integrity, non-repudiation, and authentication
for electronic payments. Alternative for SSL.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 SSL Cipher Suites
• SSL_RSA_WITH_NULL_MD5
– RSA (asymmetric) is used for key exchange
– nothing is used to encrypt data
– MD5 is used for Message Authentication
codes
• SSL_RSA_WITH_RC4_40_SHA
– RSA used for key exchange
– RC4 (40 bits) is used to encrypt data
– SHA used for Message Authentication Codes

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 SSL Connection Steps
• When you hit an SSL encrypted page here is what usually
happens:
1. Server sends certificate to client
2. Client check to see if signing CA is in trusted list in browser
3. Client computes hash of certificate & compares message digest of certificate
by decrypting using CA’s public key (CA signed certificate)
4. Client checks validity dates of certificate
5. Client checks URL in certificate to an verifies it matches the current URL
6. Client extracts server’s public key from certificate
7. Client creates a session key (symmetric)
8. Client encrypts session key with server’s public key and sends it over
9. Server decrypts using private key
10. Now they can talk securely.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Transport Layer Security
• Based on SSL and is IETF standard
– Proposed successor to SSL
• Provides Privacy and Data Integrity to two communicating
applications
• Composed of 2 layers:
– TLS Record Protocol – ensures that the connection is private and
that it is reliable
• use the Secret key established in the handshake protocol to protect
communication between the client and the server
– TLS Handshake Protocol – Key Negotiation for session key
• Use public key crypto. To establish a shared secret key between the client and
the server

• Application independent
• TLS goals are cryptographic security, interoperability, and
extensibility via future security features
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 IPSEC
• A “complex” protocol suite used to set-up a
secure channel between 2 devices
• IPSEC uses 2 basic security protocols:
– AH – Authentication Header
• Authentication protocol
• Protects against malicious modification without protecting
privacy
• Provides integrity and data origin authentication
– ESP – Encapsulating Security Payload
• Authentication and Encryption protocol
• Provides integrity and data origin authentication
• Provides confidentiality using encryption

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 IPSEC
IPSEC operates in one of 2 modes:
• Transport Mode
– AH or ESP is added to packet after IP header
– Limited to host-host communication
– Each host provides its own IPSEC
– Payload is protected
• Tunnel Mode
– Additional IP header is inserted into packet
– Secure gateway provides IPSEC for nodes behind
gateway
– Payload as well as Routing & Header information is
protected.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Services Provide by IPSEC
• Authentication
– Ensure the identity of an entity

• Confidentiality
– Protection of data from unauthorized
disclosure

• Key Management
– Generation, exchange, storage,
safeguarding, etc. of keys in a public key
cryptosystem.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Internet Security
• SSH – Secure Shell
– Is a protocol that’s currently being standardized by the
IETF
– Allows secure remote access over a network
– A variety of methods can be used to authenticate the
client and server and to establish an encrypted
communication channel between SSH enabled systems
– Connection can then be used to, for example, create a
secure remote login on a server to replace the likes of
Telnet, rlogin, or rsh.
– SSH provides mutual authentication through the use of
public key certificate exchange. (Digital certificate exchange
using RSA)
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Internet Security
• SET – Secure Electronic Transmission
– Security technology proposed by VISA and MasterCard
for secure credit card transactions
– SET is a cryptographic protocol and infrastructure
developed to send encrypted credit card numbers over
the internet
– Involves the Issuer (cardholder bank), Cardholder,
Merchant (providing goods), Acquirer, and Payment
Gateway
– All entities involved would have to upgrade
hardware/software infrastructure

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 E-mail Standards
• S-MIME – Secure/Multipurpose Internet Mail Extension
– Standard for encrypting and digitally signing email
– RFC 2311
– Extension of MIME that supports encryption of e-mail and
attachments
– Encryption and hashing algorithms can be defined by the user
– Provides confidentiality, integrity, authentication, and non-
repudiation
– X.509 Certificate format is used
• True authentication and validation mechanisms are an issue
• User defined

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 E-Mail Security
PGP – Pretty Good Privacy
• Web of Trust
• Users self-certify in a mesh model
• Trust model is left to the User
• Each user creates his/her own key-pair
• Uses a variety of Asymmetric and
Symmetric algorithms
• Key management is a big issue
• Scalability is a big issue
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Email Standards
Pretty Good Privacy (PGP)
• Free email client that provides security
• Developed by Phil Zimmerman
• Uses passphrases instead of passwords
– Key generation and private key protection
• Web of trust instead of hierarchy of CA’s
– Users decide how much they will trust
each other

For the exam:

•PGP is a cryptosystem (all the components)
•Web of trust
•Uses passphrases
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Question
• Which of the following implementation
mode would provide the greatest amount of
security for outbound data connection to
the Internet?
a. Transport mode with authentication
header (AH) plus encapsulating security
payload (ESP)
b. Secure sockets layer (SSL)
c. Tunnel mode with AH plus ESP
d. Triple-DES encryption mode
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Question
• The Secure Sockets Layer (SSL) protocol
addresses the confidentiality of a
message through:
a. Symmetric encryption
b. Message authentication code
c. Hash function
d. Digital signature certificates

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Wireless
Encryption

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 ‫שירותי אבטחה ב‪802.11-‬‬
‫• אבטחת המידע ברשתות אלחוטיות כוללת את פרוטוקול‬
‫ההצפנה ‪(Wired Equivalent Privacy) WEP‬‬

‫• תפקידו הוא‪:‬‬
‫– שמירה על סודיות ההודעות‬
‫– שמירה על שלמות ההודעות‬
‫– לשמש בקרת גישה )אימות משתמש( – לא לאפשר לתוקף‬
‫להשתמש ברשת תוך התחזות למשתמש מורשה‬
‫• בפועל‪ – WEP ,‬אינו ממלא אף אחד מתפקידיו !!!‬

‫• ‪WEP uses the RC4 stream cipher to encrypt a‬‬

‫‪TCP/IP packet by xor-ing it with keystream‬‬
‫‪Copyright © 2009 by GSECTRA Ltd.‬‬
‫‪All Rights Reserved‬‬
 ‫ניהול המפתחות ב‪WEP-‬‬
‫ניהול המפתחות ב‪WEP-‬הוא סטאטי‬ ‫•‬
‫לכל רשת ישנו מפתח )‪ (K‬משלה‬ ‫•‬
‫בכל תחנה נייחת מוגדר מפתח לכל רשת שמעוניינים‬ ‫•‬
‫להתחבר אליה ב‪WEP-‬‬
‫כל המשתמשים הניידים המנסים להתחבר לנקודת הגישה‬ ‫•‬
‫)‪ (Access Point‬חייבים לדעת את המפתח )‪ .(K‬כלומר‪,‬‬
‫כל המשתמשים מקבלים ממנהל המערכת את אותו מפתח‬
‫משותף )‪(K‬‬
‫המפתח ‪ K‬הוא קבוע – התקן אינו מגדיר מנגנון לשינוי‬ ‫•‬
‫והפצת המפתחות‪ .‬לכן המפתחות מתחלפים לעיתים‬
‫רחוקות‪ ,‬אם בכלל‪.‬‬
‫‪Copyright © 2009 by GSECTRA Ltd.‬‬
‫‪All Rights Reserved‬‬
 ‫אז מה עושים?‬
‫• כאשר ישנה בעיית אבטחה בסטנדרט קיים יש ‪ 2‬דרכי פעולה‬
‫אפשריות‪:‬‬
‫• החלפת הסטנדרט – הגדרת סטנדרט חדש‪ .‬שיטה זו‬
‫דורשת זמן רב ובנוסף יוצרת בעיית תאימות אחורה‬
‫)‪ (Backward compatibility‬עם מערכות ישנות‬
‫• "טיפול" בסטנדרט הקיים – לדוגמה‪ ,‬הארכת אורך המפתח‬
‫ב‪ WEP-‬מ‪ 40-‬סיביות ל‪ 104-‬סיביות‪ ,‬בסטנדרט ה"מטופל"‪,‬‬
‫הימנעות משימוש במפתחות חלשים‪.‬‬
‫– הבעיה היא שישנם מוצרים שתומכים בסטנדרט ה"מטופל"‪ ,‬אך יש‬
‫כאלה שלא‪.‬‬
‫– כמו כן‪ ,‬במקרה שלנו רוב הבעיות לא יפתרו כתוצאה מהמעבר‬
‫למפתח ארוך יותר‪.‬‬
‫‪Copyright © 2009 by GSECTRA Ltd.‬‬
‫‪All Rights Reserved‬‬
 ‫אבטחה אלחוטית כיום )‪(802.11i‬‬
‫ב‪ EEE-‬נעשה מאמץ לתיקון בעיות האבטחה ב‪.802.11-‬‬ ‫•‬
‫לשם כך הוגדר תקן חדש‪ 802.11i ,‬שמגדיר פרוטוקולי אימות‬ ‫•‬
‫משתמש‪ ,‬ניהול מפתחות ואבטחת תעבורה חדשים‬
‫הפרוטוקול הפך לסטנדרט בשנת ‪2004‬‬ ‫•‬
‫הסטנדרט ‪ 802.11i‬מגדיר ‪ 2‬פרוטוקולים לאבטחת שכבת ה‪:MAC-‬‬ ‫•‬
‫‪Temporal Key Integrity Protocol – TKIP‬‬ ‫•‬
‫– מוגדר בתקן ‪ ,WPA‬שמבוסס על ‪.WEP‬‬
‫– מוסיף ניהול מפתחות‪ ,‬מחליף את ה‪ CRC‬ב‪Message Integrity ) MIC-‬‬
‫‪ (Code‬ועוד‬
‫• ‪CTR with CBC-MAC Protocol – CCMP‬‬
‫– מוגדר בתקן ‪WPA2‬‬
‫– מבוסס על ‪AES‬‬

‫‪Copyright © 2009 by GSECTRA Ltd.‬‬

‫‪All Rights Reserved‬‬
 Attack
Types

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Secure Communication

Encryption Key Decryption Key

plaintext ciphertext
Alice Encrypt Decrypt Bob

Mallory Enemy or
Oscar
Eve Adversary

Basic Communication Scenario

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Attack Types
• Chosen Ciphertext Attack
– The cryptanalyst gathers info, at least in part, by choosing a ciphertext and
obtaining its decryption under an unknown key.
• Ciphertext Only Attack
– The attacker is assumed to have access only to a set of ciphertext
• Eavesdropping

• Known Plaintext Attack

– Attacker has samples of both the plaintext and its encrypted version
– The goal is to find the “key”
• Chosen Plaintext Attack
– Presumes that the attacker has the capability to choose arbitrary
plaintexts to be encrypted and obtain the coresponding ciphertext.
– The goal is to find the “key”
• Example: have access to the encrypted machine- Enigma

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 CipherText Only attack
•The attacker gets only a set of ciphertexts

•Works on primitive ciphers (Caesar’s cipher, mono-

alphabetic substitution cipher)

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Known-Plaintext Attack
•Attacker has access to plaintext/ciphertext pairs.
•In practice, attacker may have some hint on some
plaintexts.
•Used during WW2 to break Enigma cipher.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Chosen-plaintext Attack
•Attacker can obtain encryption of plaintext of his
choice.
•For PK encryption, equivalent to PK only attack.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Chosen-Ciphertext Attack
•Most powerful attack.
•The attacker can obtain decryption of messages of his choice.
•May be realistic in practice
•Attacker gets access to a decryption machine
•Encryption algorithm used in a more complex protocol in which
users can obtain decryption of chosen ciphertext.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 DEMO
Brute Force

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Note::
Note

More Reading:
History of Cryptography
David Kahn, “The Codebreakers”
The Science of Secrecy from Ancient Egypt to Quantum
Simon Singh, “The Code Book”

Practical Cryptography Modern Cryptography

Niels Ferguson & Bruce Bruce Schneier, Applied Cryptography
Schneier
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
Questions…

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 ‫שקפי‬
‫מגירה‬

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Initialization Vector (IV)
• Is a block of bits that is combined with the
first block of data in any of several modes of
a block cipher.
• In some cryptosystems it is random and
its sent with the cipher-text
• In others, it is based on some
information that does not have to be put
in the cipher-text.
• In order to prevent frequency attacks, it is
very important to use IV’s whenever
different files are encrypted using the same
key.
• The IV’s then changes the resulting cipher-
text by including the additional, typically
random data.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric Encryption Algorithms

Standard Symmetric Algorithms

Algorithm Type Key Strength DBMS

DES Block 56 Weak Oracle, MS SQL
(Oracle 8,9)
3DES Block 128 Acceptable Oracle, MS SQL
(Oracle 10)
AES-192 Block 192 Strong Oracle DBMS Crypto,
(Oracle 11) MS SQL
AES-256 Block 256 Strong Oracle DBMS Crypto,
MS SQL
RC4 Stream 1-256 Strong Oracle DBMS Crypto,
MS SQL
RC2 Block 128 Acceptable MS SQL

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 DES Operating Modes Electronic Code Book mode

ECB
• The regular DES algorithm
Plaintext Plaintext Plaintext
• Simply encrypts each block of plaintext…one after Plaintext
Block 1 Block 2 Block 3 Block 4
another under the same key
• Message is broken into independent blocks which
are encrypted (64-bit blocks and each block is encrypted one
at a time)
• Each block is a value which is substituted , like a
code-book, hence the name.
• Each block is encoded independently of the other
blocks Ciphertext Ciphertext Ciphertext Ciphertext
Block 2 Block 3 Block 4
• Main use: sending a few blocks of data (terminal) Block 1
• Implementation: ATM PIN encryption & Challenge

•Advantages: •Disadvantages:
•Fast •Repetitions in message may show in ciphertext
•Easy to implement •Weakness due to encrypted message block is
•Each operation can independent
be run in parallel •Identical plaintext blocks result in identical ciphertext
with the same key.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 DES Operating Modes Cipher Block Chaining mode

CBC
•It XORs each plaintext block with the previous cipher-text block, and then the result is
encrypted with the DES key.
•The first block to be encrypted has no previous ciphertext, so the plaintext is XORed
with a 64-bit Initialization Vector
Plaintext Plaintext Plaintext Plaintext
• This makes all the blocks dependent on all Block 2 Block 3 Block 4
Block 1
the previous blocks
– …though does not reveal a pattern as ECB
does IV
– In order to find the plaintext of a particular
block, you need to know:
• The ciphertext, the key, and the ciphertext for
the previous block
Ciphertext Ciphertext Ciphertext Ciphertext
• More secure than ECB because the extra Block 2 Block 3 Block 4
Block 1
XOR step adds one more layer to the
encryption process.
•Advantages: •Disadvantages:
•Suitable for long messages with •Can only operate on full-sized blocks
many blocks •Each operation must be run in serial
•Identical plaintexts result in different
Copyright © 2009 by GSECTRA Ltd.
ciphertexts All Rights Reserved
 DES Operating Modes Cipher Feedback mode

CFB
• Similar to CBC
• IV is encrypted and then XOR’ed with the first plaintext block
• Blocks of plaintext that are less than 64 bit long can be encrypted
• Similar to CBC and is very secure, but it is slower than ECB due to the
added complexity
Plaintext Plaintext Plaintext Plaintext
• CFB mode emulates a Stream Cipher
Block 1 Block 2 Block 3 Block 4

IV
•Advantages:
•Because it is a stream
mode, it can operate on
smaller blocks

•Disadvantages:
Ciphertext Ciphertext Ciphertext Ciphertext
•Each operation must be run Block 1 Block 2 Block 3 Block 4
in serial.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 DES Operating Modes Output Feedback mode

OFB
• Similar to CFB mode, except that result of encrypting the IV is fed back to the next
operation
– Does not chain the ciphertext
• It means that OFB is operating like a Stream cipher.
• Less secure than CFB mode because only the real ciphertext and DES ciphertext
output is needed to find the plaintext of the most recent block
– Knowledge of the key is not required.
Plaintext Plaintext Plaintext Plaintext
Block 1 Block 2 Block 3 Block 4
2 3 4

1
IV 1 2 3

Ciphertext Ciphertext Ciphertext Ciphertext

Block 1 Block 2 Block 3 Block 4

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 DES Operating Modes Counter mode

CTR
• Similar to OFB mode, except a counter value is used instead of an IV
• Like OFB, CTR is operating like a Stream Cipher.
• To allow random access to encrypted data
– The IV plus a constant is encrypted, and the resulting cipher-text XOR’ed with
the plaintext.
– By stepping the IV by 1 for each new block, it is easy to decrypt a block
anywhere in the file without first having to decrypt all of its predecessors.
Plaintext Plaintext Plaintext Plaintext
Block 1 Block 2 Block 3 Block 4

CTR + 1 CTR + 2 CTR + 3

CTR

Ciphertext Ciphertext Ciphertext Ciphertext

Block 1 Block 2 Block 3 Block 4

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Symmetric vs. Asymmetric

Attribute Symmetric Asymmetric

Key One shared secret key Public/Private key pair
Key Exchange Needs secure key exchange Public key exchanged in
clear
Speed Less complex & faster More complex & much
slower
Key Length (Bits) Smaller <256+ Much larger (1024 to 2048+)
ECC (160 to 512+)
Use Bulk encryption Key encryption, key
distribution, email
message…
Security Services Confidentiality, Integrity, Confidentiality, Integrity,
Authentication (weak) Authentication, Non-
Repudiation

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Hash Functions Characteristics
Good hash functions have a number of important features:

•Produce a “condensed representation” of the original message

•The has created from a message is specific to that message and can be used to
detect any changes to the message.
•A good hash will resist birthday attacks
•Should be a one-way function
•Is relatively simple to calculate from the original message, but is computationally infeasible to
derive the original message from its hash.
•Non-Linear relationship between hashes
•The combined hash values of 2 independent
messages would not be equal to the Hash value of the
combined message.

•Should derive the hash using the whole, original

message
•The hash must be calculated on the entire message
so that any changes in the original message would
have a noticeable impact on the output hash.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Integrity Methods
1. Parity bits or cyclical redundancy checking (CRC) functions:
– CRC functions work well for unintentional modifications, such as wire interference,
but they can be circumvented
by a clever attacker.
2. One-way hash:
– A one-way hash creates a fixed-length value, called the hash value or message
digest for a message of any length.
– A hash is like a unique fingerprint.
– With a hash attached to the original message, a recipient can determine if the
message was altered by recomputing the hash and comparing his or her answer to
the attached hash.
– Adobe has adopted the SHA-1 and SHA-256 algorithms because of their wide
acceptance as a security standard.
3. Message Authentication Codes (MAC)---
– A MAC prevents an attacker from obtaining the original message, modifying it, and
attaching a new hash.
– In this case, a symmetric key is connected to the MAC and then hashed (HMAC).
– Without the key, an attacker cannot forge a new message. Adobe uses HMACs
where appropriate.
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Route Update Authentication
& Integrity

IP HDR Key Route Update Data

Assemble the Packet

with the Key Hash
Function

Signature
To the Wire
Reassemble the
Packet with the Signature

Signature
IP HDR Route Update Data

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 HMAC
• A message authentication function for Internet communications described in RFC 2104 of the Network
Working Group of the Internet Engineering Task Force (IETF).
• Uses standard message digest functions, such as MD5 and SHA-1.
• In general, HMAC MD5 provides better performance for secure communications, while HMAC SHA-1
provides stronger cryptographic security.
• Is widely used by Internet security technologies, such as the TLS and IPSec protocols, to verify the
integrity of transmitted data during secure communications.
• HMAC generates a message digest for each block of transmitted data and uses a random secret
symmetric key to encrypt the message digests.
• The secret key is securely shared between the parties involved in the secure communications. (Secure
secret key exchange is done with key exchange algorithms, which are described later in this chapter.)
• When data is received, the secret key is necessary to decrypt the message digest and perform the
data integrity check.
• The cryptographic strength of the HMAC depends on the underlying strength of the message digest
used and how securely the secret key is exchanged.
• An intruder does not know the secret key and cannot tamper with the data en route or counterfeit the
message digest.
• HMAC provides data integrity and protection against tampering in a manner similar to digital
signatures, but it does not require communicating parties to have public and private keys.
• HMACs also provide better performance for bulk online communications than public key digital signing
technologies.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Vista Security Algorithms
Algorithm Class Hash or Key length
[min-max (increment)]
RC2, RC4 Encrypt 40-128 (+8)
DES Encrypt 56
DESX Encrypt 120
3DES Encrypt 112, 168 (EDE)
AES Encrypt 128, 192, 256
HMAC Hash Variable key length
MD2, MD4, MD5 Hash 128
SHA1, SHA2 Hash 160, 256, 384, 512
RSA Exchange/Signature/Encrypt 512-16384 (+64)
DH Exchange 512- 4096 (+64)
DSA Signature 512 – 1024 (+64)
ECDSA (SMIME) Signature P-256, P-384, P-521
ECDH (IPSec) Agreement P-256, P-384, P-521

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 PKI Other Components
• Certificate Policy (CP) Statements
– Defines (creates) “value” of certificates based on
confidence (trust) in issuing CA

• Certification Practice Statements (CPS)

– Detail operational rules/features of the specific PK
system (PKI)

• The CP and CPS are used to determine and

define “Trust” in a CA…and used for cross-
certification decisions.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 CPS
• A CPS can include the following types of information:
• Positive identification of the CA (including CA name, server name, and DNS
address).
• Certificate policies that are implemented by the CA and the certificate types that are
issued.
• Policies, procedures, and processes for issuing and renewing certificates.
• Cryptography algorithms and key length used for the CA certificate.
• Lifetime of the CA certificate.
• Physical, network, and procedural security of the CA.
• The certificate lifetime of each certificate issued by the CA.
• Policies for revoking certificates, including conditions for certificate revocation such
as employee termination and misuse of security privileges.
• Policies for certificate revocation lists (CRLs), including CRL distribution points and
publishing intervals.
• Policies for certificate revocation lists (CRLs), including CRL distribution points and
publishing intervals.
• Policy for renewing the CA's certificate before its expiration.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Digital Signature
Security Standard
• Technology for creating digital signatures
– was developed by the National Security Agency and adopted by the United States government as its digital-signature
standard.
• DSS defines the Digital Signature Algorithm (DSA), which functions in a manner similar to RSA.
• Although similar to RSA, DSA does not encrypt message digests with the private key or decrypt the
message digest with the public key. Instead, DSA uses special mathematical functions to generate a
digital signature composed of two 160-bit numbers that are derived from the message digest and the
private key.
• DSA uses the public key to verify the signature, but the verification process is more complex than RSA.
• The digital signature processes for DSA and RSA are generally considered to be of equal strength.
• However, DSA requires the use of the SHA-1 message digest function to ensure strong digital
signatures. RSA can be used with other message digest functions (besides SHA-1) that might produce
weaker digital signatures.
• Because the DSA signature verification process increases computer processor load significantly,
relative to the verification process for RSA (all other conditions being equal), the RSA digital signature
process generally provides better overall performance.
• Because DSA is used only for digital signatures and makes no provisions for data encryption (for
example, to provide secure secret key exchange), DSA is usually not subject to the export or import
restrictions commonly imposed on RSA cryptography technology.
– Therefore, DSS digital signature technology can often be used when RSA digital signature technology cannot be used
because of government-imposed export or import restrictions.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Digital Signatures
Each individual generates his own key pair
[Public key known to everyone & Private key only to the owner]
Private Key – Used for making digital signature
Public Key – Used to verify the digital signature
Message hash algorithm: perform a mathematical calculation on the document
and generate a hash value unique to the message
Encryption algorithm: accept the private key and a hash value to generate a
DES digital signature or accept a public key and a digital signature to generate a
hash value

A document can be
digitally signed by
encrypting the hash
value of this
document with a
private key. Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Common PKI Applications
• Secure E-mail:
– Usage of PKI in e-mail transactions protects the message against someone attempting to read
or change the content of the message.
– With a PKI application, your e-mail is digitally signed by your 'private key' and will be
guaranteed to be unchanged at the recipient side.
• Secure Data Transaction:
– Many companies need a secure way of transferring confidential data. With PKI architecture, the
data is digitally signed and encrypted so that it can be securely transferred via Internet or any
other digital communication platform.
• Secure Web Applications:
– Secure web transaction is a must for companies using Internet or Intranet to distribute data or
services.
– Web services are highly used for communicating with employees, vendors or customers and
security of these transactions has become an important aspect.
– PKI applications provide employees a security ID for getting or sending data via Web.
• Secure Logging On Computer:
– In some cases default user name/password can be non-satisfying and user may need a more
secure way to log on his computer.
– PKI applications enable users to log on their computers with their digital ID's in order to
decrease the risk of attacks.

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 SSL: Handshake Protocol

Used for Authentication and Key exchange

SSL Handshake Protocol Summary

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 SSL
Secure Sockets Layer (SSL)
• Developed by Netscape
• De facto Internet security standard
• Handshake protocol developed to provide privacy and
authentication for the communication channel
• Uses encryption, authentication and MAC’s
• Optimized for HTTP…though can be used for FTP and other
relevant protocols
• Operates above the Network layer and below the Application
layer…and is application independent
• SSL – operates at Transport Layer (ISC2)
• Digital Certificates an PKI may be used with SSL
• Supports client and server authentication and encryption
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 IPSEC
• IPSEC is a “framework” and does not dictate which
hashing, encryption, or key exchange algorithm are used.
• Key management can be handled manually or by a key
management protocol
– IKE – Internet Key Exchange
• The de facto standard for IPSEC
• Is a combination of ISAKMP and OQKLEY protocols
– ISAKMP – Internet Security Association and Key Management
Protocol
» Is a framework authentication and key exchange protocol
» Provides the parameters (framework) of what “can be” set up
– OAKLEY –
» Works within the boundaries defined by ISAKMP and carries out
the negotiation process

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
IPSEC Key Exchange

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Authentication Header
• Provides support for data integrity &
authentication of IP packets
• End system/router can authenticate
user/app
• Prevents address spoofing attacks by
tracking sequence numbers
• Based on use of a MAC
• HMAC-MD5-95 or HMAC-SHA-1-96
• Parties must share a secret key
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
 Encapsulating Security Payload
• Provides message content confidentiality
& limited traffic flow confidentiality
• Can optionally provide the same
authentication services as AH
• Supports many ciphers, modes, padding
– DES, 3DES, RC5, IDEA, CAST, others

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Planning for IPSec
When to Use AH

• When a secure connection is needed

• Must establish authentication of source
• Data itself is not sensitive
• Risk of packet capturing compromising
data is low

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Planning for IPSec
When to Use ESP

• When the data itself must be protected

1.Financial information
2.Proprietary information
3.Sensitive information
• Use only when data protection is justified

174
Copyright © 2009 by GSECTRA Ltd.
All Rights Reserved
Transport Mode

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
Tunnel Mode

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
AH in Transport and
Tunnel Mode

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
ESP in Transport and
Tunnel Mode

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 Transport Mode
vs. Tunnel Mode
• Transport mode: host -> host
• Tunnel mode: host->gateway or gateway->gateway

Encrypted Tunnel

Gateway 1 Gateway 2

Encrypted
A B

New IP AH or ESP Orig IP TCP Data

Header Header Header

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 IPSEC
• SKIP – Simple Key Mgmt. Protocol for IP
– Another Key Exchange protocol that provides
the same basic functionality as IKE

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
 IPSEC - SA
Security Association (SA)
• Fundamentals of IPSEC:
– A contract established between 2 IPSec endpoints
– Automatic negotiation of parameters
– Separate SA required for each subnet or single host
– Separate SA required for inbound and outbound
connections
• SA include:
– Key establishment method
– Authentication

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
PGP Encryption

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved
PGP Decryption

Copyright © 2009 by GSECTRA Ltd.

All Rights Reserved