Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Similar presentations

Presentation on theme: "Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems."— Presentation transcript:

1 Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems

2 Cryptographic Security CS5204 – Operating Systems Overview What is cryptographic security? Uses Main Points What is a “Key/Certificate”? Implementations CAC based PKI Demonstration References 2

3 Cryptographic Security What is it? Cryptographic Security: Leveraging a standardized system that uses a set of operations that are publicly available in order to authenticate identities, securely share data, or irrefutably sign data. def Cryptography: cryp∙tog ∙ra ∙phy [3] :the enciphering and deciphering of messages in secret code or cipher; also : the computerized encoding and decoding of information CS5204 – Operating Systems3

4 Cryptographic Security Uses Establishing Transport Layer Security (TLS/SSL)  HTTPS  SFTP Data Encryption / Decryption Digital Signature Login / Authentication Protocols  Relies on digital signature CS5204 – Operating Systems4

5 Cryptographic Security Main Points Use of a publicly formalized system Centers around a third party “Certificate Authority”  Certify Identities  Manage (create, distribute, revoke) Keys Eliminates many security vulnerabilities Can be used to enforce least privilege, separation of duties, economy of mechanism, and complete mediation while being an open design. Heavy use of hashing algorithms (sha1, MD5,…) CS5204 – Operating Systems5

6 Cryptographic Security What is a “Key”? Cryptographic Key: A set of 2 integers that can be used with a cryptographic algorithm in order to encrypt or decrypt data. Two types of cryptographic systems:  Private Key – using only one secret key (symmetric)  Public Key – using two keys, a secret key and a shared key (asymmetric) RSA and NIST recommend using at least:  112 bit symmetric keys (harder to break, efficient)  2048 bit asymmetric keys CS5204 – Operating Systems6

7 Cryptographic Security What is a “Certificate”? Cryptographic Certificate: The combination of identity information with cryptographic information. Identity of the certificate owner Identity of the certificate authority (issuer) Dates that the certificate is valid for Which cryptographic algorithms are used Key information One owner may have multiple certificates for various uses: authentication, encryption, signature CS5204 – Operating Systems7

8 Cryptographic Security TLS / SSL Used for transporting data securely over non- secure channels, most namely the internet. Uses Handshaking:  Employs both Symmetric and Asymmetric keys  Symmetric keys are smaller than asymmetric keys and provide improved performance  A secure channel must be established using asymmetric keys in order to transmit the shared secret symmetric key  “Nonces” are used to defend against replay attacks CS5204 – Operating Systems8

9 Cryptographic Security TLS / SSL CS5204 – Operating Systems9 source: [9]

10 Cryptographic Security Encryption / Decryption Private Key Encryption (symmetric):  Encrypting local files  Must share the key in order to share the data  Cannot use private key from PKI  Group Authentication  Cipher: stream/block  AES 128 bit block CS5204 – Operating Systems10 Source:[7]

11 Cryptographic Security Encryption / Decryption Provides confidentiality but not authentication Public Key Encryption (asymmetric): CS5204 – Operating Systems11 source:[8]

12 Cryptographic Security Encryption / Decryption The RSA Cryptosystem:  Developed by Rivest, Shamir, and Adleman in 1977  The de facto standard for PKI  The encryption key is public (E)  The decryption key is private (D)  The Message M can be calculated by: M = D(E(M)) M = E(D(M)) CS5204 – Operating Systems12

13 Cryptographic Security Encryption / Decryption RSA Algorithm details (generate keys)  1. Find 2 unique large prime numbers  2. Calculate n n = p ∙ q  3. Pick a large random integer d that is relatively prime to (p-1)∙(q-1) such that gcd(d, (p-1)∙(q-1)) = 1  4. Calculate e e ∙ d = 1∙(mod (p­1)∙(q­1)) CS5204 – Operating Systems13

14 Cryptographic Security Encryption / Decryption RSA Algorithm details (encrypt/decrypt)  Encryption: Given message M create ciphertext C C = E(M) = M e (mod n)  Decryption: Given ciphertext C create message M M = D(C) = C d (mod n)  Can be calculated quickly using modular exponentiation (repeated squaring) CS5204 – Operating Systems14

15 Cryptographic Security Digital Signature Not “electronic signature” which is typically implemented with a digital representation of a hand signature or acknowledgment gesture. Provides non-repudiation, irrefutably evidence that the signature was created by the identified party. Provides data integrity validation Provides authentication but not confidentiality CS5204 – Operating Systems15

16 Cryptographic Security Digital Signature CS5204 – Operating Systems16 source:[8]

17 Cryptographic Security Digital Signature RSA Digital Signature details:  A message M is signed using the private key S = D(M)  A digital signature is validated using the public key M = E(S) Decryption of the message can be used to prove the identity of a user, authentication Validating a digital signature also validates the data by comparing the hash values CS5204 – Operating Systems17

18 Cryptographic Security CAC PKI Common Access Card (CAC) aka Smart Card Utilized extensively by the DoD Enforces two factor authentication  Something you have – CAC  Something you know – PIN Can be used for three factor authentication with addition of finger print reader (something you are) Newer generation cards can also be used with proximity based passive RFID readers Great for enforcing separation of duties and least privilege CS5204 – Operating Systems18

19 Cryptographic Security CAC PKI Demo One last note, using an in house certificate authority (CA) and a smart card enabled PKI cryptosystem throughout an organization can enable greater PII (Personally Identifiable Information) security by replacing things like SSNs with othewise meaningless unique identifiers like the DoD EDIPI (Electronic Data Interchange Personal Identifier). CS5204 – Operating Systems19

20 Cryptographic Security References 1. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Rivest et al 2. “Introduction to Algorithms, Second Edition”, Cormen et al 3. Merriam-Webster dictionary, term: cryptography, ( 4. National Institute for Standards and Technology, ( RSA Laboratories, ( CS5204 – Operating Systems20

Download ppt "Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems."

Similar presentations

Ads by Google