Exam Essentials: Chapter 7

Chapter 7: PKI & Cryptographic Applications

Understand the key types used in asymmetric cryptography

• Public keys are freely shared, private keys are kept secret.
• Encrypt with recipient’s public key, decrypt with your own private key.
• Sign a message with your own private key. Validate a signature using the sender’s public key.

Know the fundamental requirements of a hash function

• Allow input of any length.
• Provide fixed-length output.
• Make it relatively easy to compute the hash function for any input.
• Be a one-way function.
• Be collision free.

Be familiar with major hashing algorithms

• Government standard message digest functions:
  • SHA-1: 160-bit hash.
  • SHA-2: Variable up to 512-bits (SHA-224, SHA-256, SHA-384, SHA-512)
  • SHA-3 (based on Keccak algorithm) improves upon security of SHA-2 and support same hash lengths (SHA3-256 etc)
• Others:
  • MD2/MD4/MD5 – considered insecure
  • HMAC: implements a partial digital signature to guarantee integrity but not non-repudiation, using a shared secret – halfway point between unencrypted message digests and computationally-expensive digital signatures based on public-key cryptography. Can be combined with any standard message digest algorithm such as SHA-3.
  • HAVAL (Hash Of Variable Length): modification of MD5 which uses 1,024-bit blocks and produces hash lengths of 128, 160, 192, 224 & 256 bits.

Name	Hash value length
Hash of Variable Length (HAVAL)	128, 160, 192, 224 & 256 bits
Hash Message Authentication Code (HMAC)	Variable
Message Digest 2 (MD2)	128
Message Digest 4 (MD4)	128
Message Digest 5 (MD5)	128
Secure Hash Algorithm (SHA-1)	160
SHA2-224/SHA3-224	224
SHA2-256/SHA3-256	256
SHA2-384/SHA3-384	384
SHA2-512/SHA3-512	512

Know how cryptographic salts improve the security of password hashing

• Reduces effectiveness of rainbow table attacks.
• Common password hashing algorithms that use key stretching to further increase the difficulty of attack include PBKDF2, bcrypt & scrypt.

Understand how digital signatures are generated & verified

• To digitally sign a message, use a hashing function to generate a message digest, then encrypt the digest with your private key.
• To verify a digital signature on a message, decrypt the signature with the sender’s public key and then compare the message digest to one you generate yourself. If they match, the message is authentic.

Know the components of the Digital Signature Standard (DSS)

• DSS uses the SHA-3 message digest functions along with one of three encryption algorithms:
  • Digital Signature Algorithm (DSA)
  • RSA (Rivest, Shamir & Adleman)
  • Elliptic Curve DSA (ECDSA)

Understand the public key infrastructure (PKI)

• Certification authorities (CAs) generate digital certs containing the public keys of system users.
• Users then distribute these certs to people with whom they want to communicate.
• Certificate recipients verify a cert using the CA’s public key.
• Registration authorities (RAs) assist CAs with the verification of users’ identities prior to issuing certs, but do not issue certificates themselves.
• CRLs and OCSP are two techniques to verify the authenticity of certificates and identify revoked certs.

Know the common applications of cryptography to secure email

• The emerging standard for encrypted messages is S/MIME.
  • Relies on the use of X.509 certs.
  • Supports AES and 3DES for symmetric encryption, and RSA for asymmetric.
• Another popular email security tool is PGP.
  • Based on the “web of trust” concept.
  • Commercial version uses RSA for key exchange, IDEA for encryption/decryption and MD5 for message digest production.
  • Free version (based on OpenPGP) uses Diffie-Hellman key exchange, CAST (Carlisle Adams/Stafford Tavares) 128-bit encryption and SHA-1 hashing.
• Most users of email encryption rely on having this technology built into their email client or webmail service.

Know the common applications of cryptography to secure web activity

• Standard for secure web traffic is HTTP over TLS or SSL.
• Many web browsers support both, but many websites are dropping SSL due to security concerns
  • POODLE attack on SSL 3.0 fallback capability in TLS

Know the common applications of cryptography to secure networking

• IPsec provides a common framework for encrypting network traffic and is built into a number of common OSes.
• In transport mode, packet contents are encrypted for peer-to-peer communication: end-to-end encryption
• In tunnel mode, the entire packet (including header information) is encrypted for gateway-to-gateway communications: link encryption
• TLS provides end-to-end encryption between a user and a Web server; SSH is another end-to-end encryption protocol (SSH1 supports DES, 3DES, IDEA and Blowfish; the more secure SSH2 drops DES & IDEA but adds support for some other algorithms).
• End-to-end encryption usually takes place at the higher layers of the OSI model, and link encryption at the lower layers.
• WPA wireless encryption uses TKIP, and WPA2 uses AES. Remember that WPA/WPA2 do not provide end-to-end security; they encrypt traffic only between the device and the access point. Once the traffic hits the wired network, it’s in the clear again.

Be able to describe IPsec

• IPsec is a security architecture framework that supports secure communication over IP through the use of public key cryptography.
• It establishes a secure channel in either transport or tunnel mode.
• Can be used to establish direct communication between computers, or to set up VPN between networks (in which case it’s commonly paired with L2TP which doesn’t provide any encryption of its own).
• Uses two protocols:
  • Authentication Header (AH) provides integrity & non-repudiation. Also provides authentication & access control, and prevents replay attacks.
  • Encapsulating Security Payload (ESP) provides confidentiality & integrity of packet contents through encryption. It provides limited authentication, and also prevents replay attacks.
  • Though ESP is sometimes used alone, it’s rare to see AH used without ESP.
• Uses simplex SAs (Security Associations) – you need one at each end of the link, or two at each end (total of four) for bi-directional communications.
• ISAKMP (Internet Security Association & Key Management Protocol) handles the creation & management of SAs. It also authenticates communicating peers, provides key generation mechanisms, and protects against threats such as replay and DoS attacks.

Be able to explain common cryptographic attacks

• Analytic attacks focus on the logic on the algorithm itself in an attempt to reduce its complexity using algebra.
• Implementation attacks exploit weaknesses in the implementation (software code) of a cryptosystem
• Statistical attacks exploit statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers. These attempt to find a vulnerability in the hardware or OS hosting the cryptography application.
• Brute-force attacks are attempts to randomly or methodically find the correct cryptographic key. Every additional bit of key length doubles the time to perform a brute-force attack, because the number of potential keys doubles.
• Frequency analysis is a ciphertext-only attack: simply counting the number of times each letter appears in the ciphertext vs the most common letters in the English language.
  • If these letters are also the most common in the ciphertext, it’s most likely a transposition cipher was used.
  • If different letters are the most common, it’s most likely a substitution cipher.
• Known plaintext, chosen ciphertext and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext.
  • In the known plaintext attack, the attacker has a copy of the plaintext as well as the ciphertext, which greatly assists in breaking weaker codes (consider the Caesar cipher example)
  • In the chosen ciphertext attack, the attacker has the ability to decrypt chosen portions of the ciphertext and use the decrypted portion to discover the key.
  • In the chosen plaintext attack, the attacker has the ability to encrypt plaintext messages of their choosing and can then analyse the resulting ciphertext.
• The meet-in-the-middle attack exploits protocols that use two rounds of encryption (and is why 2DES was soon replaced with 3DES!)
• The man-in-the-middle attack fools both parties into communicating with the attacker instead of directly with each other.
• The birthday attack is an attempt to find collisions in hash functions.
• The replay attack is an attempt to reuse authentication requests.

Understand uses of digital rights management (DRM)

• DRM solutions allow content owners to enforce restrictions on the use of their content by others.
• They commonly protect entertainment content such as music, movies & e-books, but are occasionally found in the enterprise, protecting sensitive documents.

Notes on asymmetric algorithms

• RSA (Rivest, Shamir, Adleman) is based on factoring large prime numbers; patented in 1977 and released into the public domain in 2000
• Merkle-Hellman Knapsack is based on set theory but was broken in 1984
• El Gamal extends the mathematic principles of Diffie-Hellman to support an entire public key cryptosystem
  • Was immediately released into the public domain, giving it a major advantage over the then-patented RSA.
  • Major disadvantage is that it doubles the length of any message it encrypts.
• Elliptic curve cryptography (ECC) can provide equivalent encryption to 1,024-bit RSA/DSA keys using a 160-bit key; smaller key means easier to work with so ideal for low power/mobile devices
• Digital signature algorithms to know by name: Schnorr’s signature algorithm and Nyberg-Rueppel’s signature algorithm.

Key lengths

• Moore’s law suggests that computing power doubles approximately every two years; therefore if it takes current computers a year to break your code, it will take only three months if the attempt is made in four years’ time with the latest computers.
• The length of your key should therefore be based on how long you expect your data to remain sensitive.

Asymmetric key management

• Keys should be retired when they’ve served a useful life; many organisations have mandatory key rotation requirements to guard against undetected key compromise
• Good idea to change your key pair every few months, if practical.
• Back up your private key and make sure the backup is handled in a secure manner!