The "No Network is 100% Secure" series
- Cryptography -
A White Paper
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
What is Cryptography?: Cryptography is the science of writing in secret code.
As applied to computer network security, cryptography protects data from theft or
alteration and can also be used for user
authentication. For the purposes of computer and network security, cryptography and
data encryption must satisfy the following requirements:
Authentication: The process of proving one's identity.
Privacy: Ensuring that no one can read the message except the intended receiver.
Integrity: Assuring that the received message has not been altered from the original.
Non-repudiation: A mechanism to prove that the sender really sent the message.
There are three general types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash functions. These schemes are used to create encrypted data known as ciphertext that is usually much more secure than non-encrypted information. Unencrypted data is referred to as plaintext.
Why is cryptography important to network security?: Rapidly rising cyber crime and the growing prospect of the Internet being used as a medium for terrorist attacks pose a major challenge for IT security. Cryptography is central to this challenge, since it underpins privacy, confidentiality, and identity, which together provide the fundamentals for trusted e-commerce and secure communications.
Crypto keys: A key is a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa. The key must be long enough so that an attacker cannot try all possible combinations to break it, which is known as a brute force attack.. A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are the current standard and are considered very strong.
The key is the only piece of the process that is vitally important to keep secret. In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This principle is known as Kerckhoffs' principle - "only secrecy of the key provides security", or, reformulated as Shannon's maxim, "the enemy knows the system".
The history of cryptography confirms that it can be difficult to keep the details of a widely used algorithm secret. A key is often easier to protect since it's typically a small piece of information and it's easier to change, much like a password, if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.
The other main cryptography component is the Encryption algorithm. There are several types of cryptographic algorithms.
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
In this model, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key. The most common SKC scheme used today is DES. DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. 3DES and DESX are more secure variants of DES.
Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party. It is straight forward to send messages under this scheme. Suppose Jill wants to send Jack a message. Jill encrypts some information using Jack's public key; Jack decrypts the ciphertext using his private key. This method could be also used to prove who sent a message; Jill, for example, could encrypt some plaintext with her private key; when Jack decrypts using Jill's public key, he knows that Jill sent the message and Jill cannot deny having sent the message (non-repudiation).
Public-key cryptography algorithms that are in use today for key exchange or digital signatures include:
RSA encryption: Since the beginning of the Internet, cryptography has been based extensively on the RSA public key system, used for digital signatures and the exchange of private keys that in turn encrypt message content. The RSA cryptosystem, introduced by Rivest, Shamir, and Adlement in 1977, relies for its security on the difficulty of working out the factors dividing large integers (whole numbers). RSA has performed well until recently, but the level of protection it provides has been eroded by constant efforts to develop more efficient methods for breaking it.
Elliptical curve cryptography: A different approach based on the mathematical theory of elliptic curves has emerged as a possible candidate for more efficient cryptography capable of providing an optimum combination of security and processing efficiency. Elliptic curves are equations with two variables that are raised to powers of two or more. The theory of elliptic curves has ironically been exploited for attacks on RSA cryptography. Elliptical curve algorithms have been cracked using brute force methods so even these are not 100% secure.
The advantage of elliptic curve cryptography lies in its immunity to the specialized attacks that have eroded the strength of RSA, with the result that smaller keys can be used to provide a given level of protection. The size of the parameters (the key size) for elliptic curve cryptography (ECC) needed to ensure security is much lower for ECC than for RSA. Keys 160 bits long provide ECC with the same level of security as 1024 bit keys for RSA. The consequence is that even though the algorithms required to implement ECC are more complex than for RSA, ECC is computationally more efficient. Therefore, ECC will make it easier to stay a step ahead of the hackers without undue load on computers.
Diffie-Hellman: After the RSA algorithm was published, Diffie and Hellman came up with their own algorithm. D-H is used for secret-key key exchange only, and not for authentication or digital signatures.
Digital Signature Algorithm (DSA): The algorithm specified in NIST's Digital Signature Standard (DSS), provides digital signature capability for the authentication of messages.
ElGamal: Designed by Taher Elgamal, a PKC system similar to Diffie-Hellman and used for key exchange.
Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
Hash functions, also called message digests and one-way encryption, are algorithms that use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Examples of hash encryption include:
MD5 (aka RFC 1321): Developed by Rivest after limitations and weaknesses were reported in MD2 and MD4. MD5 has been implemented in a large number of products although several weaknesses in the MD5 algorithm also exist.
Secure Hash Algorithm (SHA): Algorithm for NIST's Secure Hash Standard (SHS).
Tiger: Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 provide compatibility with the other hash functions mentioned above.
Hash futures: At this time, there is no obvious successor to MD5 and SHA-1 that could be put into use quickly. There are so many products using these hash functions that it could take many years to flush out all use of 128 and 160-bit hashes. NIST announced their Cryptographic Hash Algorithm Competition in 2007 to find the next generation secure hashing method. Dubbed SHA-3, this new scheme will likely not be available until 2011 or 2012.
Key summary: The keys used in public key cryptography have some mathematical structure. To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. When a password (or passphrase) is used as an encryption key, well-designed cryptosystems first run it through a key derivation function which adds a salt and compresses or expands it to the key length desired, for example by compressing a long phrase into a 128-bit value suitable for use in a block cipher.
Cryptography benefits: The cryptographer has the benefit over the cryptanalyst (the person attacking the cryptosystem) as he or she can select the key size for any desired level of security, provided everyone has the same base of knowledge of the underlying cryptosystem. Crucially, even using the weaker RSA cryptography method, it is still much harder computationally to break the system than to use it. However, the margin of safety is greater for the emerging ECC technology.
The big picture: Secure use of cryptography requires trust. There are a number of trust models employed by various cryptographic schemes. Three of them are:
The web of trust: Employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.
PGP is a widely used private e-mail scheme based on public key methods. A PGP user maintains a local keyring of all their known and trusted public keys. The user makes their own determination about the trustworthiness of a key using what is called a "web of trust."
Kerberos: A secret key distribution scheme using a trusted third party.
Kerberos employs a client/server architecture and provides user-to-server authentication rather than host-to-host authentication. In this model, security and authentication will be based on secret key technology where every host on the network has its own secret key. It would be unmanageable if every host had to know the keys of all other hosts so a secure, trusted host somewhere on the network, known as a Key Distribution Center (KDC), knows the keys for all of the hosts (or at least some of the hosts within a portion of the network, called a realm). In this way, when a new node is brought online, only the KDC and the new node need to be configured with the node's key. Keys can be distributed physically or by some other secure means.
Certificates: Allow a set of trusted third parties to authenticate each other and, by implication, each other's users.
Certificates and Certificate Authorities (CA) are necessary for widespread use of cryptography for e-commerce applications. Crypto alone cannot address the trust issues that must exist between a customer and vendor when performing potentially perilous e-commerce transactions. For purposes of electronic transactions, certificates are digital documents, much like a State issued Drivers license. Typically, a certificate contains a public key, a name, an expiration date, the name of the authority that issued the certificate (and, therefore, is vouching for the identity of the user), a serial number, any pertinent policies describing how the certificate was issued and/or how the certificate may be used, the digital signature of the certificate issuer, and perhaps other information.
The most widely accepted certificate format is the one defined in International Telecommunication Union Telecommunication Standardization Sector (ITU-T) Recommendation X.509. Rec. X.509 is a specification used around the world and any applications complying with X.509 can share certificates. Most certificates today comply with X.509 Version 3.
Public Key Infrastructure: Certificates and the collection of CAs form a Public Key Infrastructure (PKI). In the early days of the Internet, every host had to maintain a list of every other host. The Domain Name System (DNS) introduced the idea of a distributed database for this purpose and DNS is one of the key reasons that the Internet has grown as it has. A PKI will fill a similar void in the e-commerce and PKC realm.
While certificates and the benefits of a PKI are most often associated with electronic commerce, the applications for PKI are much broader and include secure electronic mail, payments and electronic checks, Electronic Data Interchange (EDI), secure transfer of Domain Name System (DNS) and routing information, electronic forms, and digitally signed documents. A single "global PKI" is still years away although that is the ultimate goal as electronic commerce changes the way in which we do business.
Man in the middle attacks against "trusted" web servers: Hackers at the Black Hat and DefCon security conferences in August, 2009 have revealed a serious flaw in the way Web browsers verify trustworthy sites using secure sockets layer (SSL) certificates. If a criminal infiltrates a network, he can set up a secret eavesdropping post known as a "man in the middle attack" which can capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe. In an even more nefarious scenario, an attacker could hijack the auto-update feature on a victim's computer, and trick it into automatically installing malware pulled in from a hacker's Web site. The computer would think it's an update coming from the software manufacturer. Browser makers and the companies that sell SSL certificates say they are working on a fix.
Sites buy SSL certificates to encrypt traffic and assure visitors it's OK to enter confidential information. Companies that sell SSL certificates verify that someone trying to buy a certificate actually owns the site that certificate will be attached to. The presence of an SSL certificate on a site is designated by a padlock in the address bar. But many people don't pay attention to whether a padlock is present or not. Browsers do care, though, which is why this week's talks were significant. Browsers are programmed to block sites that don't have a valid SSL certificate, or have a certificate displaying a Web address that doesn't match the address a Web surfer was trying to reach (which can indicate someone has hijacked a person's Internet session).
The problems outlined by researchers center on a quirk in the way browsers read SSL certificates. Many SSL certificate companies will allow people to attach a programming symbol called a "null character" into the Web address onto the certificates they receive. Web browsers generally ignore that symbol. They stop reading at that symbol when they're checking the Web address on a certificate. The trick in the latest type of attack is that all a criminal would need to do is put the name of a legitimate Web site before that character, and the browser will believe that the site it's visiting (which is under the criminal's control) is legitimate. The criminal could then forward the traffic onto the legitimate site and spy on everything the victim does on that site. It's a complicated attack, but it highlights a significant weakness in the very technology widely used to assure people it's safe to navigate sensitive sites.
WPA hack update: August, 2009. Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. These attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.
The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts. WPA with TKIP was developed as an interim encryption method as Wi-Fi security was evolving. Wi-Fi-certified products have had to support WPA 2 since March 2006. Enterprise Wi-Fi networks typically include security software that would detect man-in-the-middle attacks. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP. It's not as bad as WEP, but it's also certainly bad.
Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.
About the Author
Frank Saxton is a computer network security engineer and Easyrider LAN Pro principle.
Home-based in Portland, Oregon, Frank has been designing remote diagnostic and
network enterprise monitoring centers since the late 1970s. Prior to becoming a
professional systems engineering consultant in 1990, Frank had a 20 year career
in computer systems field engineering and field engineering management. Frank
has a BSEE from Northeastern University and holds several certifications including
Network General's Certified Network Expert (CNX). As a NOC design engineer and
architect, Frank works regularly with enterprise-class monitoring tools such as
HP Openview Operations, BMC Patrol and others. In his enterprise security
audit work, Frank uses sniffers and other professional grade monitoring tools on a
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Phishing White Paper
DNS Poisoning White Paper
Conficker White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Shelfware White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
Last modified May 15, 2009
Copyright 1990-2009 Easyrider LAN Pro