Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Similar presentations

Presentation on theme: "Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |"— Presentation transcript:

1 Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com |

2 Outline  Hash algorithms  Symmetric algorithms  Asymmetric algorithms  Current algorithms in use  Cryptographic standards  Operating system support 2

3 Security Services  Confidentiality  Data Integrity  accidental vs. deliberate modification  Authentication  plus role-based authentication when more individuals share authentication information  Authorization  Non-repudiation  key establishment and random number

4 Cryptographic Algorithms  Hash algorithms  no keys  Symmetric key algorithms  secret key  Asymmetric key algorithms  public and private key

5 5 Cryptography

6 Hashing 6 Clear-text hash Hash

7  Data authentication and integrity  in conjunction with keys  HMAC – Hashed Message Authentication Code  Compression of messages for digital signatures  Deriving keys  Generation of deterministic random numbers

8 Incorrect hash example  Sum alphabet letter positions HELLO = 8 + 5 + 12 + 12 + 15 = 52  Can obtain arbitrary clear-text (collision) without brute-forcing  Two similar clear-texts lead to similar output 8

9 Hash collisions  Pure arithmetic collisions  limited exploitability  Post-signing collisions  Chosen-prefix collisions 9

10 Post-signing collision 10 Name: Ondrej Owes: 100 $ Hash: 14EEDA49C1B7 To: Kamil Signature: 3911BA85 Name: Ondrej Owes: 1 000 000 $ Hash: 14EEDA49C1B7 To: Kamil Signature: 3911BA85 Trash: XX349%$@#BB...

11 Chosen-prefix collision 11 CN: www.idtt.com Valid: 2010 Hash: 24ECDA49C1B7 Serial #: 325 Signature: 5919BA85 Public: 35B87AA11... CN: www.microsoft.com Valid: 2010 Hash: 24ECDA49C1B7 Serial #: 325 Signature: 5919BA85 Public: 4B3318C9D...

12 MD5 problems  Pure arithmetic in 2^112 evaluations  Post-signing collisions suspected  Chosen-prefix collisions  Practically proved for certificates with predictable serial numbers  2^50 12

13 SHA-1 problems  General brute-force attack at 2^80  as about 12 characters complex password  Some collisions found at 2^63  pure arithmetic collisions, no exploitation proved 13

14 14 Cryptography

15 Symmetric key  Data confidentiality  Authentication and integrity  MAC – Message Authentication Code, single key to generate, the same to validate  Key establishment  Generation of deterministic random numbers

16 Cipher-text Password and key 16 Password Key Clear-text Cipher Hash

17 Clear-text Encryption key 17 Key Cipher Cipher-text Key

18 18 Cryptography

19 Asymmetric keys  Digital signatures  Key establishment  Generation of random numbers

20 Clear-text Encryption and decryption keys 20 Encryption key Cipher Cipher-text Decryption key

21 Private and public key 21 Signing Private key Signature validation Public key

22 Private and public key 22 Decryption Private key Signature validation Encryption Public key

23 Performance considerations  Asymmetric algorithms use large keys  EC is about 10 times smaller  Encryption/decryption time about 100x longer  symmetric is faster

24 Document Private key Digital Signature (incorect) Document

25 Private key Digital Signature Document Hash

26 Storage Encryption (slow) Public key Document

27 Public key (User A) Storage Encryption Symmetric encryption key (random) Symmetric key Document Public key (User B) Symmetric key

28 Transport encryption Public key Symmetric Key Public key Symmetric Key Data Client Server

29 Diffie-Hellman Key Exchange  Asymmetric algorithm for key exchange  most commonly used for key exchange  Automatically generates the same encryption key for symmetric encryption on both sides

30 Private key Digital Signature and time stamping (incorrect) Document HashTimestamp

31 TA private keyPrivate key Time authority (incorrect) Document HashTimestamp

32 TA private keyPrivate key Time authority (correct) Document HashTimestampHash

33 TA private keyPrivate key Time authority (correct) Document HashTimestampHash Public key

34 Random Number Generators  Deterministic RNG use cryptographic algorithms and keys to generate random bits  attack on randomly generated symmetric keys  DNS cache poisoning  Nondeterministic RNG (true RNG) use physical source that is outside human control  smart cards, tokens  HSM – hardware security modules

35 Random Number Generators  CryptGenRandom()  hashed  Vista+ AES (NIST 800-900)  2003- DSS (FIPS 186-2)  Entropy from  system time, process id, thread id, tick counter, virtual/physical memory performance counters of the process and system, free disk clusters, user environment, context switches, exception count, …

36 Random Number Generators  new Random()  just a time seed  several instances created simultaneously may have the same seed

37 37 Cryptography

38 Symmetric algorithm history  DES (1976, 56 bit)  3DES, TDEA (1998, 168/112 bit)  RC4 (1987, 128 bit)  AES-128, AES-192, AES-256 (2001) 38

39 Hash algorithm history  MD4 (1990, 128 bit)  MD5 (1991, 128 bit)  SHA-1 (1995, 160 bit)  SHA-224, SHA-256, SHA-384, SHA-512 (2001) 39

40 Asymmetric algorithm history  RSA (1973)  DSA (1991)  ECDSA (2000)  ECDH (2000) 40

41 41 Cryptography

42 US standards  FIPS – Federal Information Processing Standards  provides standard algorithms  NIST – National Institute for Standards and Technology  approves the algorithms for US government non- classified but sensitive use  latest NIST SP800-57, March 2007  NSA – National Security Agency  Suite-B for Secure and Top Secure (2005)

43 Hash functions (SP800-57)  SHA-1  hash size output is 160  SHA-2  SHA-224, SHA-256, SHA-384, SHA-512  hash size output is 224, 256, 384, 512

44 Symmetric key (SP800-57)  AES-128, AES-192, AES-256  encrypts data in 128-bit blocks  uses 128, 192, 256-bit keys  Triple DEA (TDEA)  encrypts data in 64-bit blocks  uses three 56-bit keys

45 Digital Signatures (SP800-57)  DSA (Digital Signature Algorithm)  key sizes of 1024, 2048 and 3072-bit  produces 320, 448, 512-bit signatures  RSA (Rivest – Shamir – Adleman)  key sizes according to FIPS186-3  ECDSA (Elliptic Curve DSA)  key sizes of at least 160-bit  produces 2x key length signatures  types of curves specified in FIPS186-3

46 Cryptoperiods (SP800-57) KeyCryptoperiod Private signature1 – 3 years Symmetric authentication<= 5 years Private authentication1-2 years Symmetric data encryption<= 5 years Public key transport key1-2 years

47 Comparable Algorithm Strengths (SP800-57) StrengthSymetricRSAECDSASHA 80 bit2TDEARSA 1024ECDSA 160SHA-1 112 bit3TDEARSA 2048ECDSA 224SHA-224 128 bitAES-128RSA 3072ECDSA 256SHA-256 192 bitAES-192RSA 7680ECDSA 384SHA-384 256 bitAES-256RSA 15360ECDSA 512SHA-512

48 Security lifetimes (SP800-57 and Suite-B) LifetimeStrengthLevel 201080 bitUS Confidential 2030 112 bitUS Confidential 128 bitUS Secure 192 bitUS Top-Secure Beyond 2030128 bitUS Confidential

49 49 Cryptography

50 FIPS Compliant Algorithms

51 Cryptographic Providers  Cryptographic Service Provider – CSP  Windows 2000+  DLL loaded into client processes  can use only V1 and V2 templates  Cryptography Next Generation – CNG  Windows Vista+  different API functions, isolated private keys  use only V3 templates  enables use of ECC  CERTUTIL -CSPLIST 51

52 Cryptography support 52 SystemDES 3DES RC2 RC4 AES 128 AES 192 AES 256 MD2 MD5 HMAC SHA-1SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows 2000yesnoyes no Windows XPyes no Windows 2003yes non-public update yes no Windows Vista/2008 yes Windows 7/2008 R2 yes

53 Cryptography support 53 SystemDES 3DES RC2 RC4 AES 128 AES 192 AES 256 MD2 MD5 HMAC SHA-1SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows Mobile 6.5 yes no Windows Mobile 7 yes TMG 2010yes no SCCM 2007yesno SCOM 2007yes no

54 Encryption EFSBitLockerIPSecKerberosNTLMRDP DES 2000 + LM password hash, NTLM 3DES 2000 + RC4 2000 + AES 2003 +Vista + DH 2000 + RSA 2000 +Seven +2000 + 2003 + ECC Seven +Vista +Seven +

55 Hashing 55 MD4MD5SHA-1SHA-2 NT password hash NT4 + Digest password hash 2003 + IPSec 2000 + Seven + NTLM NTLMv2 MS-CHAP MS-CHAPv2

56 SHA-2 Support  CSPs can store and validate the SHA-2 certificates  Windows XP SP3  Windows Server 2003 – KB 938397  Windows Mobile 7  New SHA-2 certificates can be issued only by Windows 2008+ CA  Autoenrollment client can enroll for SHA-2 certificates only on Windows 2008/Vista+

57 CNG Not Supported  EFS  Windows 2008/Vista-  user encryption certificates  VPN/WiFi Client (EAPTLS, PEAP Client)  Windows 2008/7-  user or computer certificate authentication  TMG 2010  server certificates on web listeners  Outlook 2003  user email certificates for signatures or encryption  Kerberos  Windows 2008/Vista- DC certificates  System Center Operations Manager 2007 R2 System Center Configuration Manager 2007 R2

58 SAN and wildcards * 58 ApplicationSupports *Supports SAN Internet Explorer 4.0 and olderno Internet Explorer 5.0 and neweryes Internet Explorer 7.0yesyes, if SAN present Subject is ignored Windows Pocket PC 3.0 a 4.0no Windows Mobile 5.0noyes Windows Mobile 6.0 and neweryes Outlook 2003 and neweryes RDP/TS proxyyesyes, if SAN present Subject is ignored ISA Server firewall certificateyes ISA Server 2000 and 2004 published server certificate no ISA Server 2006 published server certificate yesyes, only the first SAN name

59 OCSP and Delta CRL 59 SystemChecks OCSPDelta CRL Windows 2000 and olderno Windows XP and oldernoyes Windows Vista and neweryes, prefferedyes Windows Pocket PC 4.0 and olderno Windows Mobile 5.0noyes Windows Mobile 6.0noyes Windows Mobile 6.1 and neweryes, prefferedyes ISA Server 2006 and oldernoyes TMG 2010 and neweryes, prefferedyes

60 CRL checks in Internet Explorer 60 VersionCRL and OSCP checking 4.0 and olderno checks 5.0 and newercan check CRL, disabled by default 7.0 and newercan check OCSP (if supported by OS) and CRL, enabled by default

61 Automatic Root Certificate Update  Windows XP/2003  whole list periodically updated from Windows Update  Windows Vista/2008+  individual CAs updated on demand from Windows Update  Windows Mobile 6.5+  individual CAs updated on demand from Windows Update

62 Windows Mobile 2003/5.0 CAs 62 CompanyCertificate NameWindows Mobile CybertrustGlobalSign Root CA2003 and 5.0 CybertrustGTE CyberTrust Global Root2003 and 5.0 CybertrustGTE CyberTrust Root2003 and 5.0 VerisignClass 2 Public Primary Certification Authority2003 and 5.0 VerisignThawte Premium Server CA2003 and 5.0 VerisignThawte Server CA2003 and 5.0 VerisignSecure Server Certification Authority2003 and 5.0 VerisignClass 3 Public Primary Certification Authority2003 and 5.0 EntrustEntrust.net Certification Authority (2048)2003 and 5.0 EntrustEntrust.net Secure Server Certification Authority2003 and 5.0 GeotrustEquifax Secure Certificate Authority2003 and 5.0 Godaddyhttp://www.valicert.com/5.0

63 Windows Mobile 6.0 CAs 63 ComodoAAA Certificate Services ComodoAddTrust External CA Root CybertrustBaltimore CyberTrust Root CybertrustGlobalSign Root CA CybertrustGTE CyberTrust Global Root VerisignClass 2 Public Primary Certification Authority VerisignThawte Premium Server CA VerisignThawte Server CA VerisignSecure Server Certification Authority VerisignClass 3 Public Primary Certification Authority EntrustEntrust.net Certification Authority (2048) EntrustEntrust.net Secure Server Certification Authority GeotrustEquifax Secure Certificate Authority GeotrustGeoTrust Global CA GodaddyGo Daddy Class 2 Certification Authority Godaddyhttp://www.valicert.com/ GodaddyStarfield Class 2 Certification Authority

64 RSA 2048 browser support 64 BrowserFirst Version Internet Explorer5.01 Mozila Firefox1.0 Opera6.1 Apple Safari1.0 Google Chrome AOL5 Netscape Communicator4.51 Rad Hat Linux Konqueror Apple iPhone Windows Mobile2003 Windows CE4.0 RIM Blackberry4.3.0 PalmOS5 Sony Playstation Portable Sony Playstation3 Nintendo Wii

65 Extended Validation browsers 65 BrowserFirst Version Internet Explorer7.0 Opera9.5 Firefox3 Google Chrome- Apple Safari3.2 Apple iPhone3.0

66 S/MIME RSA 2048 client support 66 BrowserFirst Version Microsoft Outlook99 Mozila Thunderbird1.0 Qualcomm Eudora6.2 Lotus Notes6 Netscape Communicator 4.51 Mulberry Mail Apple Mail Windows Mail The Bat

67 CA Hierarchy IDTT Root CA IDTT London CA IDTT Paris CAIDTT Roma CA Leaf certificate

68 68

69 Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com |

Download ppt "Ondřej Ševeček | PM Windows Server | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |"

Similar presentations

Ads by Google