Presentation is loading. Please wait.

Presentation is loading. Please wait.

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

Published byBilly Sandland Modified over 9 years ago

Similar presentations

Presentation on theme: "GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |"— Presentation transcript:

1 GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |
MCM: Directory Services | MVP: Enterprise Security | | | PKI Design

2 PKI Design Algorithms

3 Cryptographic Algorithms
Hash algorithms no keys MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512 Symmetric key algorithms secret key RC4, DES, 3-DES, AES Asymmetric key algorithms public and private key RSA, DH, EC

4 PKI Design Thoughts ON Hashing

5 Hash example (not good)
Sum alphabet letter positions HELLO = = 52 Can obtain arbitrary clear-text (collision) without brute-forcing Several similar clear-texts lead to similar output

6 Hash collisions Pure arithmetic collisions Post-signing collisions
limited exploitability Post-signing collisions Chosen-prefix collisions

7 Post-signing collision
Name: Ondrej Name: Ondrej Owes: 100 $ Owes: $ To: Kamil To: Kamil Hash: 14EEDA49C1B7 Trash: Signature: 3911BA85 Hash: 14EEDA49C1B7 Signature: 3911BA85

8 Chosen-prefix collision
Serial #: 325 Serial #: 325 CN: CN: Valid: 2010 Valid: 2010 Public: 35B87AA11... Public: 4E9618C9D... Hash: 24ECDA49C1B7 Hash: 24ECDA49C1B7 Signature: 5919BA85 Signature: 5919BA85

9 MD5 problems Pure arithmetic in 2^112 evaluations
Post-signing collisions suspected Chosen-prefix collisions Practically proved for certificates with predictable serial numbers 2^50

10 SHA-1 problems General brute-force attack at 2^80
as about 12 characters complex password Some collisions found at 2^63 pure arithmetic collisions, no exploitation proved

11 Algorithm Combinations
PKI Design Algorithm Combinations

12 Performance considerations
Asymmetric algorithms use large keys EC is about 10 times smaller Encryption/decryption time about 100x longer symmetric is faster

13 Digital Signature (not good)
Document Private key Document

14 Digital Signature Document Private key Hash

15 Storage Encryption (slow)
Public key Document

16 Symmetric encryption key (random)
Storage Encryption Symmetric encryption key (random) Document Public key (User A) Symmetric key

17 Symmetric encryption key (random)
Storage Encryption Symmetric encryption key (random) Document Public key (User A) Public key (User B) Symmetric key Symmetric key

18 Transport encryption Public key Server Client Symmetric Key Public key
Data

19 Fun With Random Numbers
PKI Design Fun With Random Numbers

20 Random Number Generators
Deterministic RNG use cryptographic algorithms and keys to generate random bits attack on randomly generated symmetric keys DNS cache poisoning Nondeterministic RNG (true RNG) use physical source that is outside human control smart cards, tokens HSM – hardware security modules

21 Random Number Generators
CryptGenRandom() hashed Vista+ AES (NIST ) 2003- DSS (FIPS 186-2) Entropy from system time, process id, thread id, tick counter, virtual/physical memory performance counters of the process and system, free disk clusters, user environment, context switches, exception count, …

22 PKI Design Standards

23 US standards FIPS – Federal Information Processing Standards
provides standard algorithms NIST – National Institute for Standards and Technology approves the algorithms for US government non-classified but sensitive use latest NIST SP800-57, March 2007 NSA – National Security Agency Suite-B for Secure and Top Secure (2005)

24 Cryptoperiods (SP800-57) Key Cryptoperiod Private signature
1 – 3 years Public signature verification >3 years Symmetric authentication <= 5 years Private authentication 1-2 years Symmetric data encryption Public key transport key Private/public key agreement key

25 Comparable Algorithm Strengths (SP800-57)
Symetric RSA ECDSA SHA 80 bit 2TDEA RSA 1024 ECDSA 160 SHA-1 112 bit 3TDEA RSA 2048 ECDSA 224 SHA-224 128 bit AES-128 RSA 3072 ECDSA 256 SHA-256 192 bit AES-192 RSA 7680 ECDSA 384 SHA-384 256 bit AES-256 RSA 15360 ECDSA 512 SHA-512

26 Security lifetimes (SP800-57 and Suite-B)
Strength Level 2010 80 bit US Confidential 2030 112 bit 128 bit US Secure 192 bit US Top-Secure Beyond 2030

27 NSA Suite-B Algorithms
NSA publicly published algorithms (2005) as against Suite-A which is private AES-128, ECDH-256, ECDSA-256, SHA-256 Secret AES-256, ECDH-384, ECDSA-384, SHA-384 Top Secret

28 OperatinG System Support
PKI Design OperatinG System Support

29 Cryptographic Providers
Cryptographic Service Provider – CSP Windows 2000+ can use only V1 and V2 templates Cryptography Next Generation – CNG Windows Vista+ require V3 templates enables use of ECC CERTUTIL -CSPLIST

30 Cryptographic Providers
Type Operating System Algos Template CSP Windows 2000 Windows 2003 AES, SHA-1, RSA v1, v2 Windows XP SP3 Windows 2003 KB938397 AES, SHA-1, RSA, SHA-2 CNG Windows Vista AES, SHA-1, RSA, SHA-2, EC v3

31 SHA-2 Support Windows XP Windows 2003 + KB 938397 Windows Phone 7
AD CS on Windows 2008+ Autoenrollment on XP with KB TMG 2010 with KB in the future 

32 Cryptography support System DES 3DES RC2 RC4 AES 128 AES 192 AES 256
MD2 MD5 HMAC SHA-1 SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows 2000 yes no Windows XP Windows 2003 non-public update yes Windows Vista/2008 Windows 7/2008 R2

33 Cryptography support System DES 3DES RC2 RC4 AES 128 AES 192 AES 256
MD2 MD5 HMAC SHA-1 SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows Mobile 6.5 yes no Windows Mobile 7 TMG 2010 SCCM 2007 SCOM 2007

34 Encryption EFS BitLocker IPSec Kerberos NTLM RDP DES 3DES RC4 AES DH
2000 + LM password hash, NTLM 3DES RC4 AES 2003 + Vista + DH RSA Seven + ECC

35 Hashing MD4 MD5 SHA-1 SHA-2 NT password hash Digest password hash
2003 + IPSec 2000 + Seven + NTLM NTLMv2 MS-CHAP MS-CHAPv2

36 CNG (v3) Not Supported EFS VPN/WiFi Client (EAPTLS, PEAP Client)
Windows 2008/Vista- VPN/WiFi Client (EAPTLS, PEAP Client) Windows 2008/7- user or computer certificate authentication TMG 2010 server certificates on web listeners Outlook 2003 user certificates for signatures or encryption Kerberos Windows 2008/Vista- DC certificates System Center Operations Manager 2007 R2 System Center Configuration Manager 2007 R2 SQL Server 2008 R2- Forefront Identity Manager 2010 (Certificate Management)

37 PKI Design CA Hierarchy

38 CA Hierarchy IDTT Root CA IDTT Roma CA IDTT London CA IDTT Paris CA
Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate

39 Offline Root Root CA cannot be revoked if compromised
Making new RootCA trusted may be difficult Delegation of administration Must issue CRLs the more frequent the more secure, but more “costly”

40 Active Directory Group Policy Trusted Root CAs Untrusted CAs
every 120 minutes by default Trusted Root CAs Untrusted CAs NTAuth CA issues logon certificates

41

42 PKI Design AD CS Features

43 SKU Features Windows Server Certificate Templates
Autoenrollment Key Archival SMTP Exit Module Role Separation Cross-forest Enrollment 2008 R2 Standard V1, V2, V3 Yes No 2008 R2 Enterprise 2008 Standard V1 2008 Enterprise 2003 Standard 2003 Enterprise V1, V2

44 Enrollment Web Services
SKU Features Windows Server Web Enrollment Enrollment Web Services OCSP Responder SCEP Enrollment 2008 R2 Standard yes no 2008 R2 Enterprise 2008 Standard 2008 Enterprise 2003 Standard 2003 Enterprise

45 Role Separation Enrollment Agent = Registration Authority
sign cert request Certificate Managers approve cert requests Different groups of EA/CM approve requests for different groups of Enrollees

46 PKI Design Public Certificates

47 SSL Certificate prices
Verisign – 1999 300$ year Thawte – 2003 150$ year Go Daddy – 2005 60$ year GlobalSign – 2006 250$ year StartCom – 2009 free

48 EV Certificate prices Verisign – 1999 Thawte – 2003 Go Daddy – 2005
1500$ year Thawte – 2003 600$ year Go Daddy – 2005 100$ year GlobalSign – 2006 900$ year StartCom – 2009 50$ year

49 Support for SAN and wildcards
Application Supports * Supports SAN Internet Explorer 4.0 and older no Internet Explorer 5.0 and newer yes Internet Explorer 7.0 yes, if SAN present Subject is ignored Windows Pocket PC 3.0 a 4.0 Windows Mobile 5.0 Windows Mobile 6.0 and newer Outlook 2003 and newer RDP/TS proxy ISA Server firewall certificate ISA Server 2000 and 2004 published server certificate ISA Server 2006 published server certificate yes, only the first SAN name

50 OCSP and Delta CRL System Checks OCSP Delta CRL Windows 2000 and older
no Windows XP and older yes Windows Vista and newer yes, preffered Windows Pocket PC 4.0 and older Windows Mobile 5.0 Windows Mobile 6.0 Windows Mobile 6.1 and newer ISA Server 2006 and older TMG 2010 and newer

51 CRL checks in Internet Explorer
Version CRL and OSCP checking 4.0 and older no checks 5.0 and newer can check CRL, disabled by default 7.0 and newer can check OCSP (if supported by OS) and CRL, enabled by default

52 Windows Mobile 2003 and 5.0 trusted CAs
Company Certificate Name Windows Mobile Cybertrust GlobalSign Root CA 2003 and 5.0 GTE CyberTrust Global Root GTE CyberTrust Root Verisign Class 2 Public Primary Certification Authority Thawte Premium Server CA Thawte Server CA Secure Server Certification Authority Class 3 Public Primary Certification Authority Entrust Entrust.net Certification Authority (2048) Entrust.net Secure Server Certification Authority Geotrust Equifax Secure Certificate Authority Godaddy 5.0

53 Windows Mobile 6.0 trusted CAs
Comodo AAA Certificate Services AddTrust External CA Root Cybertrust Baltimore CyberTrust Root GlobalSign Root CA GTE CyberTrust Global Root Verisign Class 2 Public Primary Certification Authority Thawte Premium Server CA Thawte Server CA Secure Server Certification Authority Class 3 Public Primary Certification Authority Entrust Entrust.net Certification Authority (2048) Entrust.net Secure Server Certification Authority Geotrust Equifax Secure Certificate Authority GeoTrust Global CA Godaddy Go Daddy Class 2 Certification Authority Starfield Class 2 Certification Authority

54 RSA 2048 browser support Browser First Version Internet Explorer 5.01
Mozila Firefox 1.0 Opera 6.1 Apple Safari Google Chrome AOL 5 Netscape Communicator 4.51 Rad Hat Linux Konqueror Apple iPhone Windows Mobile 2003 Windows CE 4.0 RIM Blackberry 4.3.0 PalmOS Sony Playstation Portable Sony Playstation 3 Nintendo Wii

55 Extended Validation browsers
First Version Internet Explorer 7.0 Opera 9.5 Firefox 3 Google Chrome - Apple Safari 3.2 Apple iPhone 3.0

56 S/MIME RSA 2048 client support
Browser First Version Microsoft Outlook 99 Mozila Thunderbird 1.0 Qualcomm Eudora 6.2 Lotus Notes 6 Netscape Communicator 4.51 Mulberry Mail Apple Mail Windows Mail The Bat

57 Dotazník www.teched.cz gopas TechEd

58 GOPAS TechEd 2012 Thank you! Ing. Ondřej Ševeček | GOPAS a.s. |
MCM: Directory Services | MVP: Enterprise Security | | | Thank you!

Download ppt "GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.

DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Cryptographic Technologies

Cryptographic Technologies
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Similar presentations

Ads by Google