Crypto and PKI

Introducing cryptography and PKI

David Galichet

mercredi 23 novembre 2011

Cryptography challenges


Authentication

• Application authentication

• Single Sign On

• One Time Password

• Remember me

• ...


Integrity

• Data are not corrupted

• Data are not intentionally altered


Privacy

• Protect data transfer

• Protect stored data


Identity

• Authentication (user and server side)

• Signature (document, application packages ...)

• Non repudiation

• Trusted Timestamps

• Anonymity (electronic vote, alternative currency ...)

• ...


Cryptography basis

• Hash functions

• Symmetric ciphering

• Asymmetric ciphering


Hash algorithms

• Generate a constant size fingerprint whatever data in entry

• It’s hard to find the message from the given hash (First Preimage Resistance)

• It’s hard to modify a message without hash being changed (Second Preimage Resistance)

• It’s hard to find two different messages with the same hash (Resistance to Collisions)

• Very fast calculationmercredi 23 novembre 2011

Hash algorithms

• Generate a constant size fingerprint whatever data in entry

• It’s hard to find the message from the given hash (First Preimage Resistance)

• It’s hard to modify a message without hash being changed (Second Preimage Resistance)

• It’s hard to find two different messages with the same hash (Resistance to Collisions)

• Very fast calculation

infeasible

infeasible

infeasible

Cryptographic


Hash functionsIntegrity checking :

File hash()415a15b606eff4d4ba97ef64ecd2e598




Fingerprint or checksum




Fingerprint or checksum

Fast algorithm !

Very low probability of collision !Hard to change file without changing hash !


Hash functions

Password encryption :

passwordhash()

415a15b606eff4d4ba97ef64ecd2e598


Hash functions

Password encryption :

passwordhash()


Hard to calculate password from the hash !


Hash functions

Remember me tokens :

username + expiration date + hash(password)

hash()


Remember me token = hash(...) + username + expiration date


Password hashing leaks

• Brute force

• Dictionary

• Rainbow table


Salted hash functions

Salted hash password :

salt + passwordhash()

hash(salt+password)





hash(salt+password)

secret and / or user dependent





hash(salt+password)

secret and / or user dependent

Prevents from dictionary and rainbow table attacks !


Hash function algorithms

• Message Digest 5

• 128 bits fingerprint size

• Secured Hash Algorithm

• many version (SHA1, SHA256 ...)

• 160 to 512 bits fingerprint size


Hash function algorithms

• Message Digest 5

• 128 bits fingerprint size

• Secured Hash Algorithm

• many version (SHA1, SHA256 ...)

• 160 to 512 bits fingerprint size

@deprecated


Symmetric algorithms

• Shared secret key algorithm

• Same key used to cipher and decipher

• Fast algorithm


Popular symmetric algorithms

• Advanced Encryption Standard

• Blowfish

• Digital Encryption Standard and 3DES


Popular symmetric algorithms

• Advanced Encryption Standard

• Blowfish

• Digital Encryption Standard and 3DES@deprecated


Private message exchange



Shared secret key



Shared secret key

Cipheringwith Ks



Shared secret key

Cipheringwith Ks

Decipheringwith Ks


Secret key exchange problem



High number of secret keys to manage !



High number of secret keys to manage !

How to share the secret key ?mercredi 23 novembre 2011

Asymmetric algorithm

• Key pair based algorithm

• Shared public key

• Protected private key

• Key size :1024 to 4096 bits

• Slow algorithm

• Max encryption size = key size


Popular asymmetric algorithm

• Rivest, Shamir and Adelman (signing and encryption)

• Digital Signature Algorithm (signature only)

• Elliptic Curves Cryptography


Asymmetric ciphering analogy


Asymmetric ciphering analogy

Public key

Private key


Asymmetric ciphering



Cipheringwith Bob Public Key



Decipheringwith Bob Private KeyCiphering

with Bob Public Key


Digital signature


Digital signature

Alice sign withher private keyOnly hash of the

message is signed

dsa(hash(ˮHello.ˮ),PrK.alice


Digital signature


Digital signature

Bob checks signaturewith Alice public key

Unchanged hash means unaltered message

compare hash("hello.")with :

dsa("er2f@!e..", PuK.alice)


Diffie-Hellmankey exchange

algorithm


Public key sharing


Public key management


Public Key Infrastructure !

• Public key certificate

• Certificate management


Public key certificates• Binds public key with Identity

• Can be used to :

• authenticate a user

• cipher data (email, communications ...)

• prove identity (SSL)

• signing a document

• signing a certificate (CA certificate)

• ...


Public key certificate anatomy

(TLS certificate)


Public key certificate anatomy -Issuer



Issuer Distinguished Name



Issuer ≠ Subject :• Not a CA certificate• Not a self signed certificate

Issuer Distinguished Name


Public key certificate anatomy -Subject



Certificate validity



Subject Distinguished Name Certificate validity



Subject Distinguished Name Certificate validity

Certified URL



Subject Distinguished Name

Public key

Certificate validity

Certified URL


Public key certificate anatomy -Extensions



Not a CA certificate




Revocation List




Revocation List

Certificate usage (TLS)




Revocation List

Certificate usage (TLS)

Issuer CA certificate location


Public key certificate anatomy -Certificate signature


Public key certificate anatomy -Certificate signature

The certificate SHA1 fingerprint is signed with Issuer private key


Certificate fingerprint signature

• Self signed or signed by CA

• Prevents certificate corruption

• CA signing proves identity if the CA is trusted


Certification chain of trust(certification path)


Certificate management


Certificate managementCR is signed withCA private key


Certificate managementManage CRL or OCSPCR is signed with

CA private key


Certificate managementManage CRL or OCSP

Check Bob certificatewith CA certificate

CR is signed withCA private key


Certificate managementManage CRL or OCSP

Check Bob certificatewith CA certificate

Check Bob certificate validity

CR is signed withCA private key


Private key storage• Password protected PKCS12 file

• Cryptographic token :

• password protected

• key pair generation (not possible to take the private key out)

• process asymmetric algorithms (RSA, DSA, Diffie-Hellman ...)


Private key storage• Password protected PKCS12 file

• Cryptographic token :

• password protected

• key pair generation (not possible to take the private key out)

• process asymmetric algorithms (RSA, DSA, Diffie-Hellman ...)Two Factors Authentication :

protect with something you know and something you have


Certificate revocation

• Two protocols :

• Certificate Revocation List

• Online Certificate Status Protocol

• CRL provides a full certificates revocation list

• OCSP is request/response protocol


One Time Password

• Token and password (PIN) based authentication system

• Token uses a clock and a secret algorithm to generate a OTP

• OTP server use the same algorithm to validate the OTP


Conclusion

• What’s going on if you loose your ciphering private key (or PKCS12 password) ?

• Are the Registration Authority validation process safe ?


Crypto and PKI

Technology

Transcript of Crypto and PKI