Aes Template

Document Sample
Aes Template Powered By Docstoc
					Crypto Boot Camp

   Toorcon 2007
Introduction



Crypto Boot Camp - Toorcon 2007   2
 You have to become an
enterprise crypto expert…
 and you only have time for a two
          hour seminar.
             Administrivia
• introductions…
• site info (phones, bathrooms, etc.)
• it‟s a hacker con. turn off your wireless.
  now. regret setting your voice mail to a 4
  character password.
• hunt down your email vendor and kill them
  if they switch on pop3/clear when you‟re
  roaming
              Crypto Boot Camp - Toorcon 2007   4
             Seminar Format
•   Two Hours
•   Four sections
•   Tools Demo/Break at mid-point
•   Reference section in handout
•   Collect pointers, don‟t try to memorize the
    crypto!


                 Crypto Boot Camp - Toorcon 2007   5
                   Agenda
•   Introduction/Crypto Requirements
•   Crypto Technology
•   Crypto Tools and Protocols
•   Deployment and Defense




               Crypto Boot Camp - Toorcon 2007   6
      What‟s Cryptography?
• Mysterious incantations from a distant
  Nerd Planet…
• Mathematical algorithms to protect data
• More overhead for your systems to
  perform
• more overhead for your networks to
  transmit
• “Not Known Not To Work”
              Crypto Boot Camp - Toorcon 2007   7
        #include <buzzwords.h>
•   RSA                              •   SMIME
•   DES                              •   Digital Signature
•   Triple DES                       •   Entropy
•   PKIX                             •   Hash
•   X.509                            •   MAC
•   TLS                              •   MD5
•   SSL                              •   SHA-1
•   SHTTP                            •   SHA-256
•   IPSEC                            •   AES
•   SSH                              •   RC-4
•   Effective Key Length             •   ROT-13
                    Crypto Boot Camp - Toorcon 2007          8
Requirements for Cryptography




         Crypto Boot Camp - Toorcon 2007   9
      High Level Requirements
•   privacy
•   authenticity
•   low overhead
•   simplicity




               Crypto Boot Camp - Toorcon 2007   10
    Network/Internet Requirements
•   secure TCP connections
•   protect payload data
•   signed data
•   authenticated access




               Crypto Boot Camp - Toorcon 2007   11
     Cryptography Requirements
•   algorithms have to be secure
•   has to run at speed
•   acceptable as „best practice‟
•   interoperable
•   as unbreakable as possible




                 Crypto Boot Camp - Toorcon 2007   12
        Business Requirements
•   Internet commerce
•   Digital Signatures
•   Site identification
•   User identification
•   System security
•   Network security
•   Trust delivery

                 Crypto Boot Camp - Toorcon 2007   13
Translation




Crypto Boot Camp - Toorcon 2007   14
     Real world requirements
• use technology that‟s considered
  „mainstream‟
• use algorithms that are „approved‟
• use operating parameters that are
  considered “safe by contemporary
  standards‟



              Crypto Boot Camp - Toorcon 2007   15
              Crypto Choices
•   TLS (SSL) or IPSec or PGP or SMIME
•   RSA public key cryptography
•   AES bulk encryption
•   “SHA-2” class hashes
•   current 21st century key sizes and lifetimes




                 Crypto Boot Camp - Toorcon 2007   16
Basic Crypto Technology




      Crypto Boot Camp - Toorcon 2007   17
  Cryptographic Technologies
• Encryption – ciphers
  – single (shared) key
  – dual (RSA) key
• Hash – one way functions
  – MAC
  – HMAC
  – signatures


                 Crypto Boot Camp - Toorcon 2007   18
     Cryptographic Components
•   Keys
•   Entropy
•   Ciphertext
•   Plaintext
•   Encoding Formats
•   Tokens


               Crypto Boot Camp - Toorcon 2007   19
      Cryptographic Operations
•   Key Generation
•   Encryption
•   Decryption
•   Hashing
•   Entropy Gathering
•   (“Big Number”) Arithmetic


                Crypto Boot Camp - Toorcon 2007   20
                 Algorithms
• Symmetric Encryption
  – DES
  – Triple DES
  – RC-4
  – AES
  – Camelia
  – IDEA


                 Crypto Boot Camp - Toorcon 2007   21
               Algorithms
• Hashes
  – MD-5
  – SHA-1
  – SHA-256, -384, -512
  – RIPEMD-160
  – MD-4
  – HMAC‟s


               Crypto Boot Camp - Toorcon 2007   22
                Algorithms
• Dual-Key Encryption
  – Diffie-Hellman
  – RSA
  – DSA
  – Elliptic Curve




                Crypto Boot Camp - Toorcon 2007   23
            Symmetric Encryption
•   single key shared between two parties
•   one side encrypts with (Ki)
•   the other side decrypts with (Ki)
•   Fast bulk operations
•   Issues
    –   key distribution
    –   algorithm strength
    –   key size
    –   processing speed

                      Crypto Boot Camp - Toorcon 2007   24
  Hitchhiker‟s Guide to Symmetric
  Key Encryption (mid/late 2007)
• Use AES, 128 bit minimum
• Use Triple DES if AES is not available (3-
  key only)
• Use RC-4 (128 bit) if nothing else is
  available
• Never use any other algorithm
• Use approved/best-practice algorithms
• Never ever build your own crypto
               Crypto Boot Camp - Toorcon 2007   25
                  Hashing
• one way function
• given a „message‟ it gives you a number
• different (modified) message gives a
  different number
• if you sign the hash with an (RSA) private
  key it‟s a signature in the cryptographic
  sense

               Crypto Boot Camp - Toorcon 2007   26
Hitchhiker‟s Guide to Cryptographic
     Hashing (mid/late 2007)
•   Use SHA-256 or better
•   Use SHA-1 if nothing better is available
•   Use MD5 if no SHA is available
•   Never use any other algorithm
•   Use approved/best-practice algorithms
•   Never ever build your own crypto
•   Prepare for arguments about hash
    collisions
                 Crypto Boot Camp - Toorcon 2007   27
      Dual-Key a/k/a Public Key
             Algorithms
• two keys, at least
• one key is ok to share (public key)
• one key must be maintained secret (private key)
• proof of posession of the private key proves your
  identity
• used for signing (encrypting hashes)
• used to encrypting some data (like keys)



                 Crypto Boot Camp - Toorcon 2007   28
   Hitchhiker‟s Guide to Dual-Key
             Encryption
• Use RSA
• Don‟t use DSA, EC (not practical in an
  enterprise)
• Use 2048 bit or better, if at all possible
• Get worried all your equipment only does
  1024
• Never ever build your own crypto

               Crypto Boot Camp - Toorcon 2007   29
      Demo




Crypto Boot Camp - Toorcon 2007   30
             Demonstration
•   uses OpenSSL
•   symmetric key encryption
•   hashing
•   RSA key generation
•   CA/Certificate Issuance
•   TLS, SSL 3, and SSL 2
•   OpenPGP

                Crypto Boot Camp - Toorcon 2007   31
Cryptographic Protocols




      Crypto Boot Camp - Toorcon 2007   32
       Cryptographic Protocols
•   Link Encryptors
•   OpenPGP
•   SMIME
•   SSL and TLS
•   IPSec
•   DRM


                Crypto Boot Camp - Toorcon 2007   33
           Link Encryptors
• talk to your grandfather about the KG‟s
  they used in „Nam
• Symmetric key
• Key distribution is manual
• No algorithm agility
• Only encrypts the one hop


               Crypto Boot Camp - Toorcon 2007   34
                OpenPGP
• talk to old geeks about the Cypherpunks
• IETF RFC 2440
• Based on organic crypto developed by P.
  Zimmermann
• OpenPGP standardized by IETF
• PGP, Inc. sells a version, not the only one
• message (email or document) encryption and
  signing
• GnuPG – open source reference
                Crypto Boot Camp - Toorcon 2007   35
                   SMIME
• talk to old Infosec codgers about Verisign
• IETF Standards-track messaging security
• rarely used
• universally available (in Outlook and
  Thunderbird)
• requires a PKI
• email encryption and signing
• Thunderbird - open source reference
               Crypto Boot Camp - Toorcon 2007   36
                    SSL/TLS
•   talk to a Netscape millionaire about browsers
•   IETF RFC 2246 defines TLS
•   SSL was a Netscape invention
•   SSL 1 was broken during construction
•   SSL 2 was broken a few years ago
•   SSL 3 isn‟t perfect but is usable
•   Uses PKI
•   TCP connection encryption
•   Used for ecommerce, tunnels
•   OpenSSL - open source reference

                  Crypto Boot Camp - Toorcon 2007   37
  Hitchhiker‟s Guide to Certificates
• it‟s PKIX, not X.509 (RFC 2459)
• a certificate is a public key and some naming
  “stuff”, digitally signed by someone you trust
• some CA‟s can be trusted some of the time
• just because they‟re a CA doesn‟t mean you
  should trust them
• the critical thing: the name in the cert must
  match the alleged name


                 Crypto Boot Camp - Toorcon 2007   38
                       IPSec
• the last organically developed security protocol
• recreates mid-80‟s military grade network
  encryption
• IP encryption and authentication
• IETF RFC‟s – 2401, etc.
• Uses “pre-shared secrets” a/k/a passwords or
  certificates or more complex authentication
  schemes
• rich key management options
• universally implemented overly complex
                 Crypto Boot Camp - Toorcon 2007     39
                       DRM
• talk to a filesharer next time you visit a
  prison
• digital signatures can be weaponized into
  digital watermarks
• used for data use enforcement
• typically unpublished and sometimes
  dodgy crypto


               Crypto Boot Camp - Toorcon 2007   40
Deployment




Crypto Boot Camp - Toorcon 2007   41
  Hitchhikers Guide to the Crypto
           Marketplace
• there are charlatans out there
• don‟t buy homebrew crypto
• don‟t assume the big names do the good
  implementations
• only buy mainstream, approved, best-
  practice technology
• don‟t assume the vendor turns on the
  crypto
             Crypto Boot Camp - Toorcon 2007   42
           Deployment Issues
•   Performance
•   Set-up (PKI, configuration)
•   Maintenance
•   Keeping up with vulnerabilities




                 Crypto Boot Camp - Toorcon 2007   43
       Crypto Performance
• AES and RSA are no more work than
  other complex tasks performed by modern
  silicon
• scaled, it can be tough (what if all of
  Google were in TLS…)
• encrypt at the endpoints if you can
• don‟t forget infrastructure overhead

             Crypto Boot Camp - Toorcon 2007   44
           Crypto Set-up (1)
• if it‟s symmetric key crypto it should be
  scheduled for replacement
• PKI
  – need a certificate authority
  – need certificate request/fulfillment process
  – need secure storage of private key
  – need certificate infrastructure
  – need certificate maintenance

                Crypto Boot Camp - Toorcon 2007    45
           Crypto Set-up (2)
• select cryto parameters
• don‟t assume the vendor‟s defaults are
  safe
• prepare a troubleshooting plan in case…
  – you need to test something with the crypto
    turned on
  – you need to temporarily turn the crypto off
  – you need to monitor what‟s inside the
    encrypted path

                Crypto Boot Camp - Toorcon 2007   46
     Deployment Complexities
• monitoring TLS connections is rarely completely
  legal
• Key backup – of enterprise keys – is normal
  business, not evil
• key recovery by use of technology is not safe
  and probably evil
• need algorithm agility in case someone breaks
  something (the vulnerability update problem)


                Crypto Boot Camp - Toorcon 2007   47
           Why is Crypto Hard
• the geeks are very good with intimidating buzzwords
• the cryptographers don‟t talk to the engineers
• the engineers can‟t control the marketeers
• the end-users keep switching it off
• different priesthood, different language, different value
  system
• implementors are rarely competent and usually lazy, q-a
  is rarely existant and often lets bad things through
• really about the same difficulty as an OS, a database, a
  large network, or getting your animated icons to work in
  myspace.

                   Crypto Boot Camp - Toorcon 2007        48
Defending Crypto




   Crypto Boot Camp - Toorcon 2007   49
       Crypto Defense Myths
• it was built by <vendor>, it must be safe
• large key sizes will save you
• nobody reads those dialog boxes anyway
• logging? we don‟t need no stinking
  logging!
• it‟s Common Criteria Certified therefore it
  must be safe
• the military uses it, it must be secure
               Crypto Boot Camp - Toorcon 2007   50
Defend your key material!




       Crypto Boot Camp - Toorcon 2007   51
    Crypto Attack Surface (1)
• the algorithms
  – rc-4 is bad
  – des is bad
  – aes is good
  – triple-DES is probably not bad
  – SHA-256 is good
  – SHA-1, MD5, RIPMED-160 are probably ok
    for now but should be avoided

              Crypto Boot Camp - Toorcon 2007   52
    Crypto Attack Surface (2)
• a secure algorithm implemented poorly is
  quite attackable
  – don‟t print passwords in the clear
  – defend your key material
• implementation must be sound
  – and up to date (OpenSSL 0.9.8? is current?)




                Crypto Boot Camp - Toorcon 2007   53
    Crypto Attack Surface (3)
• vendors are lazy
  – home-brew crypto
  – poor password storage/selection
  – poor crypto options (why is ATT running SSL2
    in SeaTac?)
• products offer poor choices
  – self-signed certificates rarely safe, as
    delivered
  – nobody should be shipping DES in 2007

                Crypto Boot Camp - Toorcon 2007   54
          What can you do
• make sure your maintance/update
  program addresses your crypto usage
• make sure your gear is deployed in secure
  configurations
• use the telemetry you have
• don‟t let your users select unsafe
  parameters (1 character password on
  salesforce.com)
              Crypto Boot Camp - Toorcon 2007   55
                              References
•   Handbook of Applied Cryptography            •   OpenPGP RFC 2440
•   Applied Cryptography (Schneier)             •   TLS RFC 2246
•   Viega                                       •   IPSec: RFC 2401, 2411, etc.
•   Rescorla                                    •   PKIX: RFC 2459 etc. and CCITT X.509
•   P. Gutmann X.509 Style Guide                •   RFC 3766 on Public Key Strength
    http://www.cs.auckland.ac.nz/~pgut001/pub
    s/x509guide.txt
•   www.apache-ssl.org
•   www.openssl.org
•   www.gnupg.org




                               Crypto Boot Camp - Toorcon 2007                            56
        Thank you.

      Rodney Thayer
rodney@thesecurityconsortium.net
                 About TSC…
The Security Consortium is a network/product laboratory
  that focuses on thorough testing of security products and
  implementations. We‟re located in San Jose California.
  We test products, do security research, offer training and
  professional services in the security marketplace.

“We let the smoke out so you don‟t have to”


The Security Consortium www.thesecurityconsortium.net


                    Crypto Boot Camp - Toorcon 2007       58

				
DOCUMENT INFO
Description: Aes Template document sample