GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Public Key Infrastructure and Applications

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

Web Security for Network and System Administrators1 Chapter 4 Encryption.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Cryptographic Technologies

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

ASYMMETRIC CIPHERS.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Bob can sign a message using a digital signature generation algorithm

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

Sagar Joshi Senior Security Consultant | ACE Team, Microsoft Information Security

Crypto Bro Rigby. History

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

IS 302: Information Security and Trust Week 5: Integrity 2012.

Chapter 21 Public-Key Cryptography and Message Authentication.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.

What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |

Cryptographic Hash Functions and Protocol Analysis

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC

Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Web Applications Security Cryptography 1

Secure Sockets Layer (SSL)

CompTIA Security+ Study Guide (SY0-501)

Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure

ICS 454 Principles of Cryptography

ICS 454 Principles of Cryptography

Presentation transcript:

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | PKI Design

PKI Design Algorithms

Cryptographic Algorithms Hash algorithms no keys MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512 Symmetric key algorithms secret key RC4, DES, 3-DES, AES Asymmetric key algorithms public and private key RSA, DH, EC

PKI Design Thoughts ON Hashing

Hash example (not good) Sum alphabet letter positions HELLO = 8 + 5 + 12 + 12 + 15 = 52 Can obtain arbitrary clear-text (collision) without brute-forcing Several similar clear-texts lead to similar output

Hash collisions Pure arithmetic collisions Post-signing collisions limited exploitability Post-signing collisions Chosen-prefix collisions

Post-signing collision Name: Ondrej Name: Ondrej Owes: 100 $ Owes: 1 000 000 $ To: Kamil To: Kamil Hash: 14EEDA49C1B7 Trash: XX349%$@#BB... Signature: 3911BA85 Hash: 14EEDA49C1B7 Signature: 3911BA85

Chosen-prefix collision Serial #: 325 Serial #: 325 CN: www.idtt.com CN: www.microsoft.com Valid: 2010 Valid: 2010 Public: 35B87AA11... Public: 4E9618C9D... Hash: 24ECDA49C1B7 Hash: 24ECDA49C1B7 Signature: 5919BA85 Signature: 5919BA85

MD5 problems Pure arithmetic in 2^112 evaluations Post-signing collisions suspected Chosen-prefix collisions Practically proved for certificates with predictable serial numbers 2^50

SHA-1 problems General brute-force attack at 2^80 as about 12 characters complex password Some collisions found at 2^63 pure arithmetic collisions, no exploitation proved

Algorithm Combinations PKI Design Algorithm Combinations

Performance considerations Asymmetric algorithms use large keys EC is about 10 times smaller Encryption/decryption time about 100x longer symmetric is faster

Digital Signature (not good) Document Private key Document

Digital Signature Document Private key Hash

Storage Encryption (slow) Public key Document

Symmetric encryption key (random) Storage Encryption Symmetric encryption key (random) Document Public key (User A) Symmetric key

Symmetric encryption key (random) Storage Encryption Symmetric encryption key (random) Document Public key (User A) Public key (User B) Symmetric key Symmetric key

Transport encryption Public key Server Client Symmetric Key Public key Data

Fun With Random Numbers PKI Design Fun With Random Numbers

Random Number Generators Deterministic RNG use cryptographic algorithms and keys to generate random bits attack on randomly generated symmetric keys DNS cache poisoning Nondeterministic RNG (true RNG) use physical source that is outside human control smart cards, tokens HSM – hardware security modules

Random Number Generators CryptGenRandom() hashed Vista+ AES (NIST 800-900) 2003- DSS (FIPS 186-2) Entropy from system time, process id, thread id, tick counter, virtual/physical memory performance counters of the process and system, free disk clusters, user environment, context switches, exception count, …

PKI Design Standards

US standards FIPS – Federal Information Processing Standards provides standard algorithms NIST – National Institute for Standards and Technology approves the algorithms for US government non-classified but sensitive use latest NIST SP800-57, March 2007 NSA – National Security Agency Suite-B for Secure and Top Secure (2005)

Cryptoperiods (SP800-57) Key Cryptoperiod Private signature 1 – 3 years Public signature verification >3 years Symmetric authentication <= 5 years Private authentication 1-2 years Symmetric data encryption Public key transport key Private/public key agreement key

Comparable Algorithm Strengths (SP800-57) Symetric RSA ECDSA SHA 80 bit 2TDEA RSA 1024 ECDSA 160 SHA-1 112 bit 3TDEA RSA 2048 ECDSA 224 SHA-224 128 bit AES-128 RSA 3072 ECDSA 256 SHA-256 192 bit AES-192 RSA 7680 ECDSA 384 SHA-384 256 bit AES-256 RSA 15360 ECDSA 512 SHA-512

Security lifetimes (SP800-57 and Suite-B) Strength Level 2010 80 bit US Confidential 2030 112 bit 128 bit US Secure 192 bit US Top-Secure Beyond 2030

NSA Suite-B Algorithms NSA publicly published algorithms (2005) as against Suite-A which is private AES-128, ECDH-256, ECDSA-256, SHA-256 Secret AES-256, ECDH-384, ECDSA-384, SHA-384 Top Secret

OperatinG System Support PKI Design OperatinG System Support

Cryptographic Providers Cryptographic Service Provider – CSP Windows 2000+ can use only V1 and V2 templates Cryptography Next Generation – CNG Windows Vista+ require V3 templates enables use of ECC CERTUTIL -CSPLIST

Cryptographic Providers Type Operating System Algos Template CSP Windows 2000 Windows 2003 AES, SHA-1, RSA v1, v2 Windows XP SP3 Windows 2003 KB938397 AES, SHA-1, RSA, SHA-2 CNG Windows Vista AES, SHA-1, RSA, SHA-2, EC v3

SHA-2 Support Windows XP Windows 2003 + KB 938397 Windows Phone 7 AD CS on Windows 2008+ Autoenrollment on XP with KB TMG 2010 with KB in the future 

Cryptography support System DES 3DES RC2 RC4 AES 128 AES 192 AES 256 MD2 MD5 HMAC SHA-1 SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows 2000 yes no Windows XP Windows 2003 non-public update yes Windows Vista/2008 Windows 7/2008 R2

Cryptography support System DES 3DES RC2 RC4 AES 128 AES 192 AES 256 MD2 MD5 HMAC SHA-1 SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows Mobile 6.5 yes no Windows Mobile 7 TMG 2010 SCCM 2007 SCOM 2007

Encryption EFS BitLocker IPSec Kerberos NTLM RDP DES 3DES RC4 AES DH 2000 + LM password hash, NTLM 3DES RC4 AES 2003 + Vista + DH RSA Seven + ECC

Hashing MD4 MD5 SHA-1 SHA-2 NT password hash Digest password hash 2003 + IPSec 2000 + Seven + NTLM NTLMv2 MS-CHAP MS-CHAPv2

CNG (v3) Not Supported EFS VPN/WiFi Client (EAPTLS, PEAP Client) Windows 2008/Vista- VPN/WiFi Client (EAPTLS, PEAP Client) Windows 2008/7- user or computer certificate authentication TMG 2010 server certificates on web listeners Outlook 2003 user email certificates for signatures or encryption Kerberos Windows 2008/Vista- DC certificates System Center Operations Manager 2007 R2 System Center Configuration Manager 2007 R2 SQL Server 2008 R2- Forefront Identity Manager 2010 (Certificate Management)

PKI Design CA Hierarchy

CA Hierarchy IDTT Root CA IDTT Roma CA IDTT London CA IDTT Paris CA Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate

Offline Root Root CA cannot be revoked if compromised Making new RootCA trusted may be difficult Delegation of administration Must issue CRLs the more frequent the more secure, but more “costly”

Active Directory Group Policy Trusted Root CAs Untrusted CAs every 120 minutes by default Trusted Root CAs Untrusted CAs NTAuth CA issues logon certificates

PKI Design AD CS Features

SKU Features Windows Server Certificate Templates Autoenrollment Key Archival SMTP Exit Module Role Separation Cross-forest Enrollment 2008 R2 Standard V1, V2, V3 Yes No 2008 R2 Enterprise 2008 Standard V1 2008 Enterprise 2003 Standard 2003 Enterprise V1, V2

Enrollment Web Services SKU Features Windows Server Web Enrollment Enrollment Web Services OCSP Responder SCEP Enrollment 2008 R2 Standard yes no 2008 R2 Enterprise 2008 Standard 2008 Enterprise 2003 Standard 2003 Enterprise

Role Separation Enrollment Agent = Registration Authority sign cert request Certificate Managers approve cert requests Different groups of EA/CM approve requests for different groups of Enrollees

PKI Design Public Certificates

SSL Certificate prices Verisign – 1999 300$ year Thawte – 2003 150$ year Go Daddy – 2005 60$ year GlobalSign – 2006 250$ year StartCom – 2009 free

EV Certificate prices Verisign – 1999 Thawte – 2003 Go Daddy – 2005 1500$ year Thawte – 2003 600$ year Go Daddy – 2005 100$ year GlobalSign – 2006 900$ year StartCom – 2009 50$ year

Support for SAN and wildcards Application Supports * Supports SAN Internet Explorer 4.0 and older no Internet Explorer 5.0 and newer yes Internet Explorer 7.0 yes, if SAN present Subject is ignored Windows Pocket PC 3.0 a 4.0 Windows Mobile 5.0 Windows Mobile 6.0 and newer Outlook 2003 and newer RDP/TS proxy ISA Server firewall certificate ISA Server 2000 and 2004 published server certificate ISA Server 2006 published server certificate yes, only the first SAN name

OCSP and Delta CRL System Checks OCSP Delta CRL Windows 2000 and older no Windows XP and older yes Windows Vista and newer yes, preffered Windows Pocket PC 4.0 and older Windows Mobile 5.0 Windows Mobile 6.0 Windows Mobile 6.1 and newer ISA Server 2006 and older TMG 2010 and newer

CRL checks in Internet Explorer Version CRL and OSCP checking 4.0 and older no checks 5.0 and newer can check CRL, disabled by default 7.0 and newer can check OCSP (if supported by OS) and CRL, enabled by default

Windows Mobile 2003 and 5.0 trusted CAs Company Certificate Name Windows Mobile Cybertrust GlobalSign Root CA 2003 and 5.0 GTE CyberTrust Global Root GTE CyberTrust Root Verisign Class 2 Public Primary Certification Authority Thawte Premium Server CA Thawte Server CA Secure Server Certification Authority Class 3 Public Primary Certification Authority Entrust Entrust.net Certification Authority (2048) Entrust.net Secure Server Certification Authority Geotrust Equifax Secure Certificate Authority Godaddy http://www.valicert.com/ 5.0

Windows Mobile 6.0 trusted CAs Comodo AAA Certificate Services AddTrust External CA Root Cybertrust Baltimore CyberTrust Root GlobalSign Root CA GTE CyberTrust Global Root Verisign Class 2 Public Primary Certification Authority Thawte Premium Server CA Thawte Server CA Secure Server Certification Authority Class 3 Public Primary Certification Authority Entrust Entrust.net Certification Authority (2048) Entrust.net Secure Server Certification Authority Geotrust Equifax Secure Certificate Authority GeoTrust Global CA Godaddy Go Daddy Class 2 Certification Authority http://www.valicert.com/ Starfield Class 2 Certification Authority

RSA 2048 browser support Browser First Version Internet Explorer 5.01 Mozila Firefox 1.0 Opera 6.1 Apple Safari Google Chrome AOL 5 Netscape Communicator 4.51 Rad Hat Linux Konqueror Apple iPhone Windows Mobile 2003 Windows CE 4.0 RIM Blackberry 4.3.0 PalmOS Sony Playstation Portable Sony Playstation 3 Nintendo Wii

Extended Validation browsers First Version Internet Explorer 7.0 Opera 9.5 Firefox 3 Google Chrome - Apple Safari 3.2 Apple iPhone 3.0

S/MIME RSA 2048 client support Browser First Version Microsoft Outlook 99 Mozila Thunderbird 1.0 Qualcomm Eudora 6.2 Lotus Notes 6 Netscape Communicator 4.51 Mulberry Mail Apple Mail Windows Mail The Bat

Dotazník www.teched.cz gopas TechEd

GOPAS TechEd 2012 Thank you! Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | Thank you!