2-Jun-15Copyright Greg Rose, 2001slide 1 Where has all the Crypto Gone? Long Time Coming. (With...
23
Oct 31, 2022 Copyright Greg Rose, 2001 slide 1 Where has all the Crypto Gone? Long Time Coming. (With apologies to Pete Seeger) Greg Rose [email protected]
-
date post
19-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of 2-Jun-15Copyright Greg Rose, 2001slide 1 Where has all the Crypto Gone? Long Time Coming. (With...
Apr 18, 2023 Copyright Greg Rose, 2001 slide 1
Where has all the Crypto Gone? Long Time Coming.
(With apologies to Pete Seeger)
Greg Rose
Apr 18, 2023 Copyright Greg Rose, 2001 slide 2
Overview
•Five years ago…
•Key management problems
•Public Key Infrastructures
•What crypto is used
• IPsec
•End-to-end
•Conclusions
Apr 18, 2023 Copyright Greg Rose, 2001 slide 3
5 years ago…
•Opening of the USENIX Security Symposium focusing on Applications of Cryptography, San Jose, 1996
•Football teams using encrypted radio
•Airline news had item on IPSec
• “It seems that for every problem, crypto is part of the solution”
• “Clearly we are entering a new era of deployment of Cryptography”
Apr 18, 2023 Copyright Greg Rose, 2001 slide 4
… we were using…
•PGP 2.6
•SSH
•SSL
•VPNs
•SWIPE (prototype IPsec)
•SecurID style tokens, S/Key
Apr 18, 2023 Copyright Greg Rose, 2001 slide 5
… but now we use …
•PGP (multiple versions with interop problems)
•SSH v2
•SSL v3, TLS
•VPNs (but more mobile)
• IPsec (still not by any means ubiquitous)
•SecurID style tokens
• In other words, basically the same stuff, but upgraded a bit.
Apr 18, 2023 Copyright Greg Rose, 2001 slide 6
Also during that period
•EFF’s Deep Crack, DES effectively useless
•MD5 suspect
•RC4 showing its age, broken when used wrong
•Most deployed mobile phone algorithms broken
•SET came and went again
Apr 18, 2023 Copyright Greg Rose, 2001 slide 7
But on the positive side
•AES process completes• (I can say that today…)
•More open deliberations in previously closed standards (eg. telephony, 802.11)
•More open source versions of existing stuff• OpenSSL
• OpenPGP, GPG
• Crypto file systems
• Good random number generation
Apr 18, 2023 Copyright Greg Rose, 2001 slide 8
Cryptosystems, Key Management, and Hard Stuff
•What is a cryptosystem?
•What are keys?
•Why do we have to manage them?
•Why is managing them hard?
•What is a Public Key Infrastructure?
•Why don’t they work?
Apr 18, 2023 Copyright Greg Rose, 2001 slide 9
Cryptosystems
•Nothing to do with SEX!•Everything to do with security.
•A cryptosystem is a cryptographic algorithm,+ the key or password management
+ the environment
+ the network
+ the protocol
+ the people
+everything else
Apr 18, 2023 Copyright Greg Rose, 2001 slide 10
Key (Cryptovariable) Management
•All secrecy should reside in the keys• (Kerckhoff’s Maxim, over 100 years old).
•Many tradeoffs:• long term vs. short term
• communications vs. storage
• secure vs. easy to remember
• personal vs. corporate vs. recoverable
•Keep them secret!
•Remember them!
Apr 18, 2023 Copyright Greg Rose, 2001 slide 11
Entropy
•A mathematical term
•Measures “the actual amount of information”
•English sentences have about 1.5 bits per character• therefore, a passphrase for a 128 bit key would be
about 80 characters long!
•Relates to “predictability” and so is relevant to security• you have no security if your secret can be guessed
Apr 18, 2023 Copyright Greg Rose, 2001 slide 12
Public keys
•Also called “asymmetric”
•Keys come in pairs; keep one half secret• can’t derive the secret one from the public one
•Can do digital signatures
•Algorithms slow, keys large
Apr 18, 2023 Copyright Greg Rose, 2001 slide 13
Strength of Public Keys
•Two classes…
•Elliptic curve / Lucas functions / some others• Best (known) attacks O(sqrt(N))
• so need 256 bit keys to match 128 bit symmetric
•Factoring/Discrete Log• RSA, El Gamal, Diffie-Hellman, DSA
• Best (known): O(exp(log(N)**1/3 * log(log(N))**2/3))
• for 128 bit symmetric equivalent, need maybe 2048 bit keys or longer
Apr 18, 2023 Copyright Greg Rose, 2001 slide 14
Public Key Infrastructures
•Solves the key distribution problem… just publish the public keys
•Replaces it with the authentication problem• How do you know that the key belongs to who you
think it does? Still a research problem.
•Someone checks your identity and issues a “certificate”
•X.509v3 is the most common cert format
Apr 18, 2023 Copyright Greg Rose, 2001 slide 15
Problems with PKI
•Trust the Certificate Authority?• Banks have a problem with this
• $25 in the mail to Verisign
•Revocation is still, truly, unsolved
•X.509 is “people centric”• Authenticates identity, but not authority to perform
action
•X.509 isn’t flexible enough
• (look at SDSI, SPKI)
Apr 18, 2023 Copyright Greg Rose, 2001 slide 16
So, what is used?
•Some quotes from: “Changes in Deployment of Cryptography”, Eric Murray, USENIX 2001 Security Symposium IT
•Eric found secure (https) URLs through search engines, then connected to them
•Categorised them as strong/medium/weak
• 2001 survey:• 71% strong
• 5% medium
• 23% weak
Apr 18, 2023 Copyright Greg Rose, 2001 slide 17
Results: Weak Server Details
Percent of weak servers surveyed:
2000: 2001:Server key <= 512 bits: 81% 72%
weak v3/TLS ciphersuites: 28% 26%
expired cert: 10% 16%
self-signed cert: 3% 8%
only does SSLv2: 1% 6%
But note that your browser might ask it to do SSLv2.
Apr 18, 2023 Copyright Greg Rose, 2001 slide 18
SSLv3 Export Ciphersuites
• Export controls changed two years ago, but still have an effect:
Ciphersuite: 2000 2001
RSA RC4 40 MD5 99% 79%
RSA RC2 40 MD5 73% 87%
RSA DES 40 SHA 56% 44%
DHE RSA DES 40 SHA 24% 30%
Apr 18, 2023 Copyright Greg Rose, 2001 slide 19
IPsec
•Really should be common practice by now•Standards process has been political and
slow•Doesn’t play well with NAT, so might have to
wait for IPv6•Key setup is the overriding performance
factor
•Good: can add security to just about anything•Bad: proper security should probably be
application-specific
Apr 18, 2023 Copyright Greg Rose, 2001 slide 20
SSL / TLS
•Designed to be added to all sorts of things
•For example, “STARTTLS” in SMTP, IMAP
•Still takes a performance hit for initial setup, because of Public-key operations
•User certificates are rarely used -- failure of PKI
•But this is the right model: add the security straight into the application
Apr 18, 2023 Copyright Greg Rose, 2001 slide 21
Other possibilities
•Why shouldn’t the library routine for opening a temporary file automatically encrypt it?
•Why doesn’t every operating system supply high-quality random numbers?
•Why haven’t encrypting file systems become more commonly used? (Note: they exist…)
•Anecdote: stolen backup tape: “Crypto wouldn’t help.” (WSJ a couple of days ago.)• Why wasn’t the backup tape encrypted?
Apr 18, 2023 Copyright Greg Rose, 2001 slide 22
Book plug
•Not my book…
• “Security Engineering”, by Ross Anderson
Apr 18, 2023 Copyright Greg Rose, 2001 slide 23
Conclusion
•Crypto is part of just about every solution
•… but it isn’t the hard part• tools exist for all the basic operations
• cryptographers keep extending the tool kit
•Key management, in whatever form, is one of the hard parts
•Designing the security into the application in the first place is another hard part
•Retaining ease of use is probably the hardest part
