Network Security Fundamentals [Electronic resources] نسخه متنی

Modern-Day Techniques

Before examining modern-day techniques, you need to understand what algorithms and ciphers are. Generally, an algorithm is a systematic list of instructions for accomplishing a task. The task can be anything that has a recognizable result. Often, some of the instructions are to be repeated, and different algorithms can sometimes produce the same result. You can think of an algorithm as a procedure made up of a finite number of steps that are used to solve a mathematical problem. For example, if you have an equation such as 2

x + 3 = 7 2

x , you can use the algorithm in Table 4-1 to calculate

x .

A cipher is another word for a coded message. It is the end result of transforming an original message using a mathematical function.

Modern encryption algorithms rely on encryption keys to ensure the confidentiality of encrypted data. There are two different methods of encryption keys: symmetric and asymmetric. They both have benefits and limitations, which are discussed in the following sections.

Symmetric Key Algorithms

As shown in Figure 4-1, a symmetric key algorithm is an algorithm used for cryptography using the same cryptographic key to encrypt and decrypt the message.

The sender and the receiver must therefore share the same secret key before they can communicate securely. The security of a symmetric algorithm rests in the secrecy of the key. Anybody who has the key can encrypt and decrypt messages.

There are two different techniques in symmetric encryption cryptography: stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits and encrypt them as a single unit. Blocks of 64 bits are commonly used. The Advanced Encryption Standard (AES), which is discussed in more detail in subsequent sections, uses block sizes with a multiple of 32 bits.

Symmetric key algorithms are generally much faster to execute than asymmetric key algorithms. The disadvantage to symmetric key algorithms is the requirement of using a shared secret key. Another problem that you encounter with this kind of encryption is key management. The secret key must be exchanged between parties via a secure channel before any encryption can occur.

Data Encryption Standard

The Data Encryption Standard (DES) has been the worldwide encryption standard for a long time. IBM developed DES in 1975, and it has held up remarkably well against years of cryptanalysis. DES is a symmetric encryption algorithm with a fixed key length of 56 bits. The algorithm is still good, but because of the short key length, it is susceptible to brute-force attacks that have sufficient resources.

DES usually operates in block mode, whereby it encrypts data in 64-bit blocks. The same algorithm and key are used for both encryption and decryption.

Because DES is based on simple mathematical functions, it can be easily implemented and accelerated in hardware. The mathematical functions of DES are outside the scope of this book, so they are not explained here.

Triple Data Encryption Standard

With advances in computer processing power, the original 56-bit DES key became too short to withstand an attacker with even a limited budget. One way of increasing the effective key length of DES without changing the well-analyzed algorithm itself is to use the same algorithm with different keys several times in a row.

The technique of applying DES three times in a row to a plain text block is called Triple DES (3DES). The 3DES technique is shown in Figure 4-2. Brute-force attacks on 3DES are considered unfeasible today. Because the basic algorithm has been tested in the field for more than 25 years, it is considered to be highly trustworthy.

When a message is to be encrypted with 3DES, a method called EDE (encryptdecryptencrypt) is used. The EDE method is described in the following list:

The EDE procedure provides encryption with an effective key length of 168 bits. If keys K1 and K3 are equal (as in some implementations), a less secure encryption of 112 bits is achieved.

To decrypt the message, you must use the following procedure, which is the opposite of the EDE method:

Encrypting the data three times with three different keys does not significantly increase security. The EDE method has to be used. Encrypting three times in a row with different 56-bit keys equals an effective 58-bit key length and not the full 128-bit, as expected.

NOTE

Compare the relative strength of DES, 2-key DES, and 3-key DES.

DES :
256 keys = 7.2 x 1016 key combinations

2-key DES :
2112 keys = 5.2 x 1033 key combinations

3-key DES :
2168 keys = 3.7 x 1050 key combinations

AES

For a number of years, specialists have recognized that DES would eventually reach the end of its useful life. In 1997, the AES initiative was announced, and the public was invited to propose candidate encryption schemes, one of which could be chosen as the encryption standard to replace DES.

On October 2, 2000, The U.S. National Institute of Standards and Technology (NIST) announced the selection of the Rijndael cipher as the AES algorithm. This cipher, developed by Joan Daemen and Vincent Rijmen, has a variable block length and key length. The algorithm currently specifies how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128, 192, or 256 bits (all nine combinations of key length and block length are possible). Both block and key length can be extended easily to multiples of 32 bits.

NOTE

For more information on AES, visit its official website at http://www.nist.gov/aes or visit its author's website at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/.

AES was chosen to replace DES and 3DES because they are either too weak (DES, in terms of key length) or too slow (3DES) to run on modern, efficient hardware. AES is more efficient and much faster, usually by a factor of 5 compared to DES on the same hardware. AES is also more suitable for high throughput, especially if pure software encryption is used. However, AES is a relatively young algorithm, and as the golden rule of cryptography states, "A more mature algorithm is always more trusted."

Asymmetric Key Algorithms

An asymmetric key algorithm uses a pair of different cryptographic keys to encrypt and decrypt the plain text, as shown in Figure 4-3. The two keys are related mathematically. A message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other. In a sense, one key locks a lock (encrypts), and a different key is required to unlock it (decrypts).

To understand the advantages of an asymmetric system, imagine two people, Alice and Bob, sending a secret message through the public mail.

In a symmetric key system, Alice first puts the secret message in a box and then padlocks the box using a lock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice's key (which he has obtained previously) to open the box and read the message.

In an asymmetric key system, instead of opening the box when he receives it, Bob simply adds his own personal lock to the box and returns the box through public mail to Alice. Alice uses her key to remove her lock and returns the box to Bob, with Bob's lock still in place. Finally, Bob uses his key to remove his lock and reads the message from Alice.

The critical advantage in an asymmetric system is that Alice never needs to send a copy of her key to Bob. This reduces the possibility that a third party (for example, an unscrupulous postmaster) can copy the key while it is in transit to Bob, allowing that third party to spy on all future messages sent by Alice. In addition, if Bob is careless and allows someone else to copy

his key, Alice's messages to Bob are compromised, but Alice's messages to other people remain secret.

Not all asymmetric algorithms operate in precisely this fashion. With the most common asymmetric algorithms, Alice and Bob each own

two keys; one key cannot (as far as is known) be deduced from the other. These are called public key/private key algorithms because one key of the pair can be published without affecting the security of messages. In the preceding analogy, Bob might publish instructions on how to make a lock (a public key). But even if people followed the instructions and created a lock, it would be difficult for them to deduce from those instructions how to make a key that would open that lock (private key). To send a message to Bob, you have to use Bob's public key to encrypt the message, and Bob uses his private key to decrypt the message.

Asymmetric algorithms are designed so that the key for encryption is different from the key for decryption. The decryption key cannot be calculated from the encryption key (at least not in any reasonable amount of time) and vice versa. The usual key length for asymmetric algorithms ranges from 512 to 2048 bits.

Asymmetric algorithms are relatively slow (up to 1000 times slower than symmetric algorithms). Their design is based on computational problems such as factoring extremely large numbers or computing discrete logarithms of extremely large numbers.

Diffie-Hellman

Whitfield Diffie and Martin Hellman developed the Diffie-Hellman algorithm in 1976. Its security stems from the difficulty of calculating the discrete logarithms of huge numbers. The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.

The protocol has two system parameters,

p and

g . They are both public and may be used by everybody. Parameter

p is a prime number, and parameter

g (usually called a generator) is an integer that is smaller than

p , but with the following property: For every number

n between

1 and

p

1 inclusive, there is a power

k of g such that

n =

g^k mod

p .

The following steps describe the Diffie-Hellman exchange:

Alice and Bob now have a shared secret (

k =

k ' ), and even if people have listened on the untrusted channel, there is no way they could compute the secret from the captured information (assuming that computing a discrete logarithm of

A or

B is practically unfeasible).

Rivest, Shamir, Adelman

Rivest, Shamir, Adelman (RSA) was a patented public key algorithm invented by Ron Rivest, Adi Shamir, and Len Adelman in 1977. The patent expired in September 2000, and the algorithm is now in the public domain. Compared to other algorithms, RSA is by far the easiest to understand and implement.

The RSA algorithm is very flexible and has a variable key length where, if necessary, speed can be traded for the level of security of the algorithm. The RSA keys are usually 512 to 2048 bits long. RSA has withstood years of extensive cryptanalysis. Although those years neither proved nor disproved RSA's security, they attest to a confidence level in the algorithm. RSA security is based on the difficulty of factoring very large numbers. If an easy method of factoring these large numbers were discovered, the effectiveness of RSA would be destroyed.

To generate an entity's RSA keys, you would follow these steps:

The numbers

d and

n are also relatively prime. The numbers

e and

n are the public key. The number

d is the private key. The numbers

p and

q are no longer needed. They were used only to calculate the other values and can be discarded but never revealed.

Pretty Good Privacy

Pretty Good Privacy (PGP) is a software package originally developed by Philip R. Zimmermann that provides cryptographic routines for e-mail and file storage applications. It is based on existing cryptographic protocols, and it can run on multiple platforms. PGP provides message encryption, data compression, and digital signatures.

Hashing Algorithms

Hashing is one of the mechanisms used for data integrity assurance. Hashing is based on a one-way mathematical function, which is relatively easy to compute but significantly harder to reverse. Breaking a glass is a good example of a one-way function. It is easy to smash a glass into thousands of pieces, but almost impossible to put all the tiny pieces back together to rebuild the original piece.

The hashing process shown in Figure 4-4 uses a hash function, which is a one-way function to input data to produce a fixed-length digest (fingerprint) of output data. The digest is cryptographically strong; that is, it is impossible to recover input data from its digest. If the input data changes just a little, the digest (fingerprint) changes substantially in what is called an avalanche effect.

The figure illustrates how hashing is performed. Data of arbitrary length is input to the hash function, and the result of the hash function is the fixed-length hash (for example, a digest or fingerprint).

Hashing only prevents the message from being changed accidentally (that is, by a communication error). There is nothing unique to the sender in the hashing procedure; therefore, anyone can compute a hash for any data, as long as she has the correct hash function.

Thus, hash functions are helpful to ensure that data was not changed accidentally, but they cannot ensure that data was not deliberately changed.

Some well-known hash functions are listed here and are discussed in the following section:

• Message Digest 5 (MD5) with 128-bit digest

• Secure Hash Algorithm 1 (SHA-1) with 160-bit digest

Message Digest 5

The Message Digest 5 (MD5) algorithm is a ubiquitous algorithm developed by Ron Rivest. It is used in a variety of Internet applications today.

As the name suggests, MD5 is a one-way function with which it is easy to compute the hash from the given input data, but it is unfeasible to compute input data given only a hash. MD5 is also collision resistant, which means that two messages with the same hash are very unlikely to occur.

MD5 is considered less secure than SHA-1 because MD5 has some weaknesses, the explanation of which is beyond the scope of this book. SHA-1 also uses a stronger, 160-bit digest, which makes MD5 the second choice as hash methods are concerned.

SHA-1

The NIST developed the Secure Hash Algorithm (SHA). SHA-1 is a revision to the SHA that was published in 1994. Its design is similar to MD5. The algorithm takes a message of less than 2⁶⁴ bits in length and produces a 160-bit message digest. This algorithm is slightly slower than MD5.

NOTE

More information on SHA-1 can be found at the following URL: http://csrc.nist.gov/publications/fips/fips180-2/fips1802.pd.

Secure Socket Layer and Transport Layer Security

Netscape originally developed Secure Socket Layer (SSL), but it is now accepted by the World Wide Web as the standard for authenticated and encrypted communication between clients and servers. The SSL protocol is application independent, allowing protocols such as HTTP, FTP, and Telnet to be layered on top of it transparently.

The SSL protocol is able to negotiate encryption keys and authenticate the server before data is exchanged by the higher-level application. The SSL protocol maintains the security and integrity of the transmission channel by using encryption, authentication, and message authentication codes.

The SSL Handshake Protocol consists of two phases: server authentication and optional client authentication. In the first phase, the server, in response to a client's request, sends its certificate and its cipher preferences. The client then generates a master key, which it encrypts with the server's public key, and transmits the encrypted master key to the server. The server recovers the master key and authenticates itself to the client by returning a message authenticated with the master key. Subsequent data is encrypted and authenticated with keys derived from this master key. In the optional second phase, the server sends a challenge to the client. On the challenge, the client authenticates itself to the server by returning the client's digital signature and its public-key certificate.

The Transport Layer Security (TLS) is based on SSL. It is an improved version of SSL, but the industry has not made the shift to this new standard yet. SSL is still the method supported by all web servers and web browsers.

NOTE

For more information about TLS, you can read the RFC at the following URL: http://www.faqs.org/rfcs/rfc2246l.

NOTE

For more information on SSL and TLS, check these URLs:

http://home.netscape.com/eng/ssl3/169

ftp://ftp.isi.edu/in-notes/rfc2246.txt

Digital Certificates

Key management is often considered the most difficult task in designing and implementing cryptographic systems. Businesses can simplify some of the deployment and management issues that are encountered with secured data communications by employing a Public Key Infrastructure (PKI). Because corporations often move security-sensitive communications across the Internet, an effective mechanism must be implemented to protect sensitive information from the threats presented on the Internet.

The three primary security vulnerabilities associated with communicating over a publicly accessible network are as follows:

• Identity theft
  Intruder gains illegitimate access by posing as an individual who actually can access secured resources.

• Eavesdropping
  Intruder "sniffs" the data transmission between two parties during communications over a public medium.

• Man-in-the-middle
  Intruder interrupts a dialogue and modifies the data between the two parties. In an extreme case, the intruder takes over the entire session.

Characteristics of Digital Certificates

PKI provides a hierarchical framework for managing the digital security attributes. Each PKI participant holds a digital certificate that has been issued by a CA. The certificate contains a number of attributes that are used when parties negotiate a secure connection. These attributes must include the certificate validity period, end-host identity information, encryption keys that will be used for secure communications, and the signature of the issuing CA. Optional attributes may be included, depending on the requirements and capability of the PKI.

A CA can be a trusted third party, such as VeriSign or Entrust, or a private (in-house) CA that you establish within your organization.

Digital signatures, enabled by public key cryptography, provide a means to digitally authenticate devices and individual users. In public key cryptography, such as the RSA encryption system, each user has a key-pair containing both a public key and a private key. The keys act as complements, and anything encrypted with one of the keys can be decrypted with the other. In simple terms, a signature is formed when data is encrypted with a user's private key. The receiver verifies the signature by decrypting the message with the sender's public key.

The fact that the message could be decrypted using the sender's public key means that the holder of the private key created the message. This process relies on the receiver having a copy of the sender's public key and knowing with a high degree of certainty that it really does belong to the sender and not to someone pretending to be the sender.

To validate the CA's signature, the receiver must know the CA's public key. Normally, this is handled out-of-band or through an operation performed during installation of the certificate. For instance, most web browsers are configured with the root certificates of several CAs by default.

Enrolling in a CA

The enrollment process of obtaining a certificate is shown in Figure 4-5. Enrollment is enacted between the end host desiring the certificate and the authority in the PKI that is responsible for providing certificates. The hosts that participate in a PKI must obtain a certificate, which they present to the parties with whom they communicate when they need a secured communications channel.

The enrollment process is illustrated in Figure 4-5 and described in the following list:

1. The end host generates a private-public key pair.

2. The end host generates a certificate request, which it forwards to the CA.

3. Manual human intervention is required to approve the enrollment request, which is received by the CA.

4. After the CA operator approves the request, the CA signs the certificate request with its private key and returns the completed certificate to the end host.

5. The end host writes the certificate into a nonvolatile storage area (PC hard disk or NVRAM on Cisco routers).