Docstoc

Using Cryptography and TLS with TCPIP for VSE

Document Sample
Using Cryptography and TLS with TCPIP for VSE Powered By Docstoc
					What Mother Never Told You
about Cryptography
  Don Stoever
  Product Development
  CSI International
  WAVV 2007, Green Bay, WI
Cryptography Fundamentals


 Cryptography is the key building
  block for many other security
  services
 Without it:
     No privacy
     No authentication
     No integrity


          WAVV 2007, Green Bay, WI
Cryptography Fundamentals
   Cryptography algorithms used
    to provide:
     Confidentiality
     Authentication
     Integrity




          WAVV 2007, Green Bay, WI
Cryptography Fundamentals
    Symmetric algorithms
        Block ciphers – DES, AES, etc
    Asymmetric algorithms
        RSA, Diffie-Hellman
    Digest algorithms
          SHA-256,    SHA-1, MD5
    Digital Signatures
          MAC,   HMAC



             WAVV 2007, Green Bay, WI
Must Have Crypto Reading
   Applied Cryptography
       Bruce Schneier
       Considered the bible of crypto…
   RSA Security’s             official   Guide   to
    Cryptography
       Steve Burnett + Stephen Pain
   Cracking DES
       Electronic Frontier Foundation
   SSL and TLS Essentials
       Stephen Thomas
   SSL and TLS
       Eric Rescorla Green Bay, WI
             WAVV 2007,
        Symmetric Encryption
   Same key used for:
       Encryption and Decryption
   Decryption is same code same
    keys
       Just different input = encrypted
        data
   What if many parties want to
    securely communicate? How
    many keys do we need? How
          manage these
    do weWAVV 2007, Green Bay, WI keys?
        Symmetric Encryption
   Data encrypted block by block
    according to the algorithm and key
       DES uses a 8 byte(64-bit) block
       AES uses a 16 byte(128-bit) block
   DES key sizes
       Single DES uses a 8 byte key, but
       Only 56-bits of the key are used
            Bits 8, 16, 24, 32, 40, 48, 56, and 64 are
             ignored...
            56-bit effective strength
       Triple DES uses a 24 byte key
            168-bit effective strength

               WAVV 2007, Green Bay, WI
        Symmetric Encryption
   AES uses a 16 byte(128-bit) block
   AES Key sizes
       128, 192, or 256 bit key, and
       All bits used(unlike DES which only used
        7-bits of each byte)
       AES superior to DES
            More efficient
            More secure?




                WAVV 2007, Green Bay, WI
               Block Encryption
   How is encryption is actually performed?
       Block by block. Meaning we take a block of data
        (64-bits for DES, 128-bits for AES) and encrypt
        it using the algorithm and key.
       Repeat that for the full message block by block.
   What are the potential problems of this
    approach?
       1. A given cleartext will create the same
        cyphertext. That means an attacker can
        potentially determine patterns and therefore
        analyze the cryptographic system.
            Solution: Cipher Block Chaining
       2. What if I have a data stream that I want to
        encrypt or less than the block size?
            Solution: Padding in last block


                WAVV 2007, Green Bay, WI
        Cipher Block Chaining
   Problem we are trying to address:
       2 identical Plaintext blocks will result in 2 identical
        Cyphertext. This may allow an attacker to gather
        information on the type of traffic and assist in the
        attack of the key.
       So we want 2 identical plaintext to result in 2 different
        Cyphertext.
   Basic idea: Instead of encrypting the plaintext,
    perform an XOR of the plaintext with the previous
    blocks’ Cyphertext. Then encrypt that result.
   Question what do you do for the message’s first
    block?
       Answer: Use a predetermined data block to XOR the
        first block with it.
       This initial block is known as the “Initialization Vector”
        or “IV”



               WAVV 2007, Green Bay, WI
 Cipher Block Chaining


            Cipher Block Chaining (CBC)
     m1            m2           m3

IV   (+)           (+)            (+)


     E             E              E            Key

     c1            c2             c3
     The 1st 64-bit message segment isXOR'ed
     with an initial vector (I V). Each following
     message segment isXOR'ed with the
     preceding ciphertext segment.                1
           WAVV 2007, Green Bay, WI
WAVV 2007, Green Bay, WI
             TripleDES Encrypt of 1 megabyte

600

      520
500


400
                                                 VSE-VM P390 OS/2

                                                 VSE-VM MP3000
300
                                                 P30(60mips)
                                                 VSE-VM on IBM
200                                              2064(239 mips)



100
            42
                 12
 0                    WAVV 2007, Green Bay, WI
         Triple-DES Encrypt of 16meg 2048 Times

100000

90000             86016

80000

70000
                                                VM-VSE-Z990
60000                                           Assembler Code
                                                VM-VSE-Z990
50000
                                                Crypto-Assist KMC
40000                                           VM-VSE MP3000
                                                Assembler Code
30000

20000

10000
         1036 2
    0                WAVV 2007, Green Bay, WI
      Triple-DES vs. AES128 Encrypt/Decrypt of
                 16meg 1000 Times

300
      275

250         238


200
                                             z990 KMC Triple-
                                             DES-CBC
150
                                             z990 KMC AES128-
                                             CBC
100


50


 0                WAVV 2007, Green Bay, WI
       Triple-DES vs. AES128 Encrypt/Decrypt of
                  16meg 1000 Times

700
                  610
600


500
                                                   z9-109 KMC Triple-
400                                                DES-CBC
                                                   z9-109 KMC AES128-
                                                   CBC
300   275
                                                   z890 KMC Triple-
            238
                                                   DES-CBC
200


100


 0                      WAVV 2007, Green Bay, WI
     Asymmetric Encryption
   Most important breakthrough in
    crypto science in 4000 years…
   Public Key encryption uses 2 keys
    that are linked together by
    mathematical properties
   One key used to encrypt the other
    used to decrypt
   Freely distribute your public key
   Keep private key private

          WAVV 2007, Green Bay, WI
     Asymmetric Encryption
   Misconceptions
       More secure than symetric
            Depends on key length
       Makes conventional obsolete
            Much larger overhead
                 (1000x of DES)
       Key distribution is easy
            Need method to distribute public keys
            Private key must be carefully protected
            Certicate Authorities used, but…
                 Future WAVV session on PKI…




                  WAVV 2007, Green Bay, WI
Asymmetric/Public Key Overview

   Simple concept
    (complicated
    math theory
    behind)
   One key can
    encrypt, the
    other can
    decrypt



          WAVV 2007, Green Bay, WI
    Asymmetric Cryptography
   It’s computationally easy to generate a
    pair of keys
   It’s computationally easy to encrypt
   It’s computationally easy to decrypt
   It is computationally infeasible for an
    opponent to derive the private key from
    the known public key
   It is computationally infeasible for an
    opponent to recover the original message
    from the ciphertext knowing only the
    public key.




           WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm
   RSA key generation based on RSA
    PKCS-1
   Select a positive integer e as its public
    exponent
       3 and 65537 are commonly used…
   Randomly select two distinct odd primes p
    and q
       (p-1) and e have no common divisors
       (q-1) and e have no common divisors.
   public modulus n shall be product of prime
    factors p and q:
       n = pq . 2007, Green Bay, WI
              WAVV
   Private exponent is a positive integer d
Asymmetric RSA Algorithm
   RSA encryption process quite simple
       Data formatted into block size of modulous
            64(512), 128(1024), 256(2048) byte block(bit) sizes
            Specific rules used for padding
       Raise the formatted block to the power of the
        public exponent
       So for RSA with a 128 byte key
            128*8 = 1024 bits
       Use public exponent to raise a 1024-bit
        number to power of 1024 bit exponent
            Public exponent always 3 or 65,537…
            1024 * 1024 = 2048 bit number
            Divide by modulous keep the remainder and
             repeat…
                WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm
   RSA decryption also quite simple
       Raise the encrpyted block to the power of the
        private exponent
       Private exponent true random 1024-bit
        number…
            Much slower(100x) than encrypt because exponent
             is much larger…
       Same process as encrypt
            Raises 1024-bit number to power of 1024-bit
             number
            Divide by modulous keep the remainder and
             repeat…
            Not that bad…
       But remember…
               WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm
   2 to power of 31 VSE addressing
    limit(2gig)
       2,147,483,648
   2 to the power of 64
       18,446,744,073,709,551,616
   Each bit doubles the number space…
   2 to power of 1024
       Number size > number of atoms in know
        universe
   Lots of primes in this size number space
       RSA based on difficulty of factoring primes…
   Very computationally intensive
           WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm
   Can be speeded up using math
    tricks:
     Modular math
     Chinese Remainder Theorem

   But best handled in hardware…




         WAVV 2007, Green Bay, WI
          RSA 1024-bit Encrypt-Decrypt 1000 times

6000


       4966
5000
                                                VSE-VM P390 OS/2

4000

                                                VSE-VM MP3000
                                                P30(60 mips)
3000


                                                VSE-VM on IBM
2000
                                                2064(239 mips) with
                                                PCICA Crypto-
                                                Coprocessor
1000      646

                53
  0                  WAVV 2007, Green Bay, WI
Cryptography Digest Algorithms
   Basically a hash of any amount
    of data
   Also referred to as a
    “fingerprint”
         MD5 creates 16 byte digest
           16*8   = 128 bit number
         SHA-1 creates 20 byte digest
           20*8 = 160 bit number
           No collisions

         SHA-256 creates 32 bytes digest
           32*8 = 256 bit number
              WAVV 2007, Green Bay, WI
          SHA-1 Message Digest of 4k 1000 times

90
     80
80

70

60
                                              VSE-VM P390 OS/2
50
                                              VM-VSE-MP3000
                                              P30(60mips)
40
                                              VSE-VM on IBM
                                              2064(239 mips)
30

20

10         5
               1
0                  WAVV 2007, Green Bay, WI
       SHA-1 Message Digest of 8k 100,000 times

4500
       4074
4000

3500

3000

                                               VM-VSE-Z990
2500
                                               Assembler Code
                                               VM-VSE-Z990 using
2000
                                               KLMD

1500

1000
              454
500

  0                 WAVV 2007, Green Bay, WI
    MD5 Message Digest of 4k 1000 times

0
                37

5
                                           VSE-VM P390 OS/2
0

5                                          VSE-VM MP3000
    22                                     P30(60 mips)
0
                                           VSE-Socket to PC
                                           Crypto Server on
5                                          Intel P3(700mhz)
                                           VSE-VM on IBM
0                                          2064(239 mips)

5
          2
                       0.5
                WAVV 2007, Green Bay, WI
0
        Cryptography MAC
 MAC or HMAC will mix in a
  secret with the hash
 Create a MD5 or SHA hash of
  any amount of data + “secret”
 RFC2104
       HMAC: Keyed-Hashing for Message
        Authentication



            WAVV 2007, Green Bay, WI
Cryptography Digital Signature
     Create a MD5 or SHA-1 hash of any
      amount of data…
         PDF document, etc.
     RSA encrypt the hash with my
      private key
     Now anyone can use my RSA public
      key to
         Verify that I signed it
         Verify it has not be modified


               WAVV 2007, Green Bay, WI
Cryptography Fundamentals
   Algorithms must be:
       Secure and Reliable
   Secret Algorithm’s
       Unknown to attackers
       Only creator and his “friends” know
        weaknesses
       Back door’s possible
   Public Algorithm’s
       Subject to crypto-analysis
       Attacked with “brute force”
       Known published weaknesses

            WAVV 2007, Green Bay, WI
Cryptography Fundamentals
   Secret Algorithm’s
       “Hidden” in hardware or compiled code
               In software could be reverse engineered
               In hardware much harder to analyze but
                secrecy can be compromised by:
                   Disgruntled employee
                   Careless vendor

       If algorithm has a “flaw” data may be
        decryptable without the key
       Not subject to analysis that may identify
        weakness before deployment
       The only method to guarantee a
        algorithm has a weakness is to allow
        cryptographic analysts to study it…
                WAVV 2007, Green Bay, WI
        Secret Algorithms
   Cable/Sat TV Scrambling
     Rely on hardware
      encoding/scrambling
     Many places you can find “cheap”
      descrambler for sale.
     Manufacturer relies on difficulty to
      analyze hardware functions and
      reproduce it.


          WAVV 2007, Green Bay, WI
             Secret Algorithms
   DVD Encoding
       Movie industry spent years developing a
        standard for encryption.
       After development they simply released it. Not
        for review, but the full product (DVD) that relied
        on the standard.
       Encryption keys were assigned to manufacturers
        and decryption keys based on them were
        distributed to all DVD reader manufacturers to
        build in all DVD readers.
       Two “ooppps” happened:
            A DVD software reader improperly protected one
             decryption key and it was made public.
            Several (2 initially I think) “security technologists”
             (“SoupaFr0g” and “Canman”) reversed engineered
             decoded the encryption algorithm used.


                WAVV 2007, Green Bay, WI
           Secret Algorithms
   DVD Encoding
       Soon after a software program (DeCSS)
        was released that allows one to pull the
        decrypted data off the DVD disk and
        play/save it like any other multimedia
        file.
       What was the movie industry reaction:
        Sue them but the damage is done:
        nobody can order or afford the recall of
        all DVD players!
   Lesson learned: Security by Secrecy
    does not work! (Unless you work for
    the NSA)
             WAVV 2007, Green Bay, WI
             Public Algorithms
   The algorithm will be scrutinized by experts and if
    after some time, nobody finds a weakness: chances
    are: there are none!
   So how do you defeat the encryption? The only
    way is by going through and trying all possible
    decryption keys! This is called a “Brute Force”
    attack.
   How many possible keys exist? It depends on the
    length/size of the key.
       40 bits key – 240
       56 bits key – 256
       128 bits key – 2128
       On average you will need to go through ½ the
        possible keys. However here is a fun question: how
        do you know you found the right key? Can you
        identify the plaintext? If it is English (or French for
        that matter) it is easy but what if it is a binary file?


               WAVV 2007, Green Bay, WI
               Public Algorithms
   So how do you protect the secrecy?
        Use a longer key!!!
   However the longer the key, the longer it takes to
    encrypt/decrypt the data.
   So we can establish that it will be possible for anybody to
    decrypt the data: the problem is not IF they can decrypt it but
    HOW LONG will it take to decrypt it!
   Make the “cost” of running a brute force attack longer than the
    value of the data. For example:
        If it takes you 4 years to decode a credit card number that has a 2
         years expiration, is it worth trying?
        If you need to build a $10,000.00 decryption machine to decrypt
         ordering information that will allow you to hijack $2,000,000.00
         worth of data in 3 months, is it worth it?
        Interesting note: It is believed that, using current technology, one
         can build a brute force decoder that is able to decrypt a 56/64 bits
         encrypted DES traffic in near real time for less than $500,000.00.




                 WAVV 2007, Green Bay, WI
    Case Study: Reliable Algorithm
       with long key: is it safe?

   If you use an algorithm that has
    no known weakness (for
    example AES) with a long
    enough key (for example 128
    bits) you are safe from
    eavesdropping. Is that really
    true? What could go wrong?



         WAVV 2007, Green Bay, WI
    Case Study: Reliable Algorithm
       with long key: is it safe?

   Case example: Law enforcement vs.
    child pornographer.
       In 1998, Law enforcement hired a well
        recognized cryptanalyst to apprehend an
        individual suspected of transmitting
        child pornography.
       After getting a court order to sniff the
        traffic, they quickly determined that is
        was strongly encrypted. How did they
        determine that? Encrypted traffic has
        the inherent characteristic of been “very
        blend”: no patterns, no interesting
        characteristics.
       Large size also gave information on the
        type of information transmitted: it was
        large.WAVV 2007, Green Bay, WI
    Case Study: Reliable Algorithm
       with long key: is it safe?

   Case example: Law enforcement vs. child
    pornographer.
       So how do you defeat that? One solution would
        be to bring in the suspect and interrogate him
        hoping he will crack. Or… another way: perform
        a search at the destination of the traffic. That is
        what they did, they found the destination and on
        the computer found the decryption key in plain
        view! Then they could decode the traffic and
        apprehend the suspect.
       What is the lesson? It does not matter how
        large your key is: if it is not protected, it is not
        safe!




              WAVV 2007, Green Bay, WI
         IETF Standards
   RFC1321 The MD5 Message-Digest
    Algorithm
   RFC2104 HMAC: Keyed hashing for
    message authentication
   RFC2202 Test Cases for HMAC-MD5
    and HMAC-SHA-1
   RFC1113 Universal Printable
    Character encoding
   RFC2459 Internet x509v3 PKI
    certificates
   Internet draft HTTP over TLS
         WAVV 2007, Green Bay, WI
          FIPS Standards
   PUB 46-3 Data Encryption Standard
    (DES)
   PUB 81 DES Modes of Operation
   PUB     197       Advanced  Encryption
    Standard(AES)
   PUB 180-1 Secure Hash Standard
    (SHA-1)
   http://www-
    08.nist.gov/cryptval/des.htm
   http://csrc.nist.gov/pki/nist_crypto/
    welcome.htmlGreen Bay, WI
           WAVV 2007,
    Fundamentals Books you
         must have…
   Applied Cryptography
       Bruce Schneier
       Considered the bible or crypto…
   RSA Security’s             official   Guide   to
    Cryptography
       Steve Burnett + Stephen Pain
   Cracking DES
       Electronic Frontier Foundation
   SSL and TLS Essentials
       Stephen Thomas
   SSL and TLS
       Eric Rescorla Green Bay, WI
             WAVV 2007,
WAVV 2007, Green Bay, WI
CSI Cryptography Products
 SSL for VSE
 SecureFTP
 HFS
 Dr. Crypto




       WAVV 2007, Green Bay, WI
CSI Cryptography Products
   SSL for VSE
     Feature of TCP/IP
     Allows secure connections
     Provides API to many crypto
      algorithms
   SecureFTP
       Allows secure FTP sessions



            WAVV 2007, Green Bay, WI
CSI Cryptography Products
   HFS Encrypted file system
       DEFINE
        FILE,DLBL=HFSTST,PUBLIC=HFSTST,
       TYPE=HFS,RECFM=S,LRECL=4096,
       CIPHER=SDESCBC-
        SHA1,CIPHERKEY=SEEDSAMP
       CIPHER=KEYMASTER,CIPHERKEY=CIAL
        HFSK
       CIPHER=TDESCBC-
        SHA1,CIPHERKEY=CIALHFSK
       CIPHER=TDESCBC-
        NULL,CIPHERKEY=CIALHFSK
             WAVV 2007, Green Bay, WI
       CIPHER=SDESCBC-
CSI Cryptography Products
   Dr. Crypto
     Encrypted tape files
     DES, Triple-DES
     AES with z ICF facility
     User definable key stored in Epic
      catalog
     Working on keymaster for non-
      Epic


          WAVV 2007, Green Bay, WI
      Questions




WAVV 2007, Green Bay, WI
             CSI WAVV Sessions
“What is PNET?”
   ─ Ken Meyer, Sunday, 8:00 A.M. (Room B-1/B-2)

   “Entrée ─ Uncut and Unrated (24 x 7 Widescreen Version)”
     ─ Tim Kessler, Sunday, 9:15 A.M. (Room A4)

   “VSAM Performance Part 1”
     ─ John Mycroft, Sunday, 10:30 A.M. (Room B-1/B-2)

   “CSI TCP/IP Update”
     ─ Ed Franks, Sunday, 10:30 A.M. (Room A-1)

   “What’s All the Buzz About Data-Miner”
     ─ John Mycroft, Sunday, 5:30 P.M. (Room A-4)

   “TCP/IP Performance for TCP/IP for VSE”
     ─ John Rankin, Monday, 9:15 A.M. (Room B-1/B-2)

                 WAVV 2007, Green Bay, WI
        CSI WAVV Sessions
   “VSAM Performance Part 2”
     ─ John Mycroft, Monday, 10:30 A.M. (Room A-2)

   “CSI Green Bay (Moderated by Jon Henderson)”
     ─ CSI Management Team, Monday, 3:00 P.M. (Room A4)

   “VSE Internals”
     ─ Ken Meyer, Monday, 3:00 P.M. (Room B-1/B-2)

   “Tuning Myths”
     ─ Ken Meyer, Monday, 4:15 P.M. (Room B-1/B-2)

   “Tuning Myths”
     ─ Ken Meyer, Monday, 5:30 P.M. (Room B-1/B-2)

             WAVV 2007, Green Bay, WI
             Thank you…
   Enjoy the rest of WAVV!




         WAVV 2007, Green Bay, WI

				
DOCUMENT INFO