Thursday, April 29, 2010

CCNA Security 10

When it comes to cryptographic systems, there are two words which you will no doubt encounter: Cryptography and Cryptanalysis. Those two words are opposites of each other. Cryptography is the art of code generation, while Cryptanalysis is the art of code breaking. Cryptography and Cryptanalysis makes up Cryptology.
There are many types of methods to break code. Cryptanalysis (remember, code breaking) can be done through the following ways:
-Brute Force
Brute Force is the most basic way to crack a code. It theoretically is able to break any cryptographic system, but here comes the problem of practicality. Modern crytosystems would take anywhere ranging from months to trillions of years to crack through brute force. In cases where brute force is not feasible, other mathematical analytical methods are used.

This method involves statically analyzing a large collection of ciphertext created by the cryptosystem. For example, we know that RSTLNE are the most common letters used in English. It is then likely that the most commonly occurring symbol in the (English-based) ciphertext represents the letter R. This method worked very well when cryptosystems did not use pseudorandom output. Modern cryptosystems use pseudorandom output to resist statistical analysis.

This method is used when you know the plaintext and the ciphertext. A bruteforce algorithm is then used to attempt to deduce the key used for the encryption. Unlike a normal bruteforce attack, this is actually more practical than it seems. This is because Known-plaintext attacks have a much smaller universe of possibilities (you know the character set, key-length, encryption algorithm and so on), so the result can be achieved much quicker than a normal bruteforce attack.

This method is used to break data that are encrypted with two independent keys. If brute-forcing a cipher takes 2^(n) time with a key of n bits, then brute-forcing a double-encrypted cipher would take 2^(2n) time. What Meet-in-the-middle does is that it encrypts the known-plaintext from one side, and decrypt the ciphertext from the other side. All the results are stored in memory for comparison. This effectively reduces the time needed from 2^(2n) to 2^(n+1).

Chosen-plaintext is the method used when attackers can gain access to the cryptosystem. An attacker is then able to specify their own plaintext to analyze the output.

This is similar to chosen-plaintext where an attacker gains access to the cryptosystem. However, it differs from chosen-plaintext as it now deals with the decryption side of things.

The birthday attack makes use of a vulnerability of hashing functions to collisions. Collisions happens when f(x1) = f(x2) where x1 and x2 are different values. In this case, the probability of a collision is 1.2√k where k is the total number of values that causes a collision.

For a cryptosystem to ensure confidentiality, there must be some sort of encryption scheme. Encryption is done using two main types of systems: Symmetrical and Asymmetrical. Symmetrical system involves only one key for encryption and decryption. Symmetrical systems are fast and are strong as long as the key can be safely exchanged between the peer.

One might think that transfer of keys over the internet is insane. Anyone sniffing in transit would be able to nab the keys and begin decrypting and encrypting packets. This was what security experts in the past thought. This is where asymmetrical keys come into play.

Asymmetrical keys involves a key pair. When one encrypts with either of the key, the other key in the pair is used to decrypt it. The key pair is known as a public and private key pair. Like its name, the public key pair can be safely sent out into the internet, but the private key should only be available to the owner of the key pair.

When encrypting a message with the private key, the encrypted message is known as a signed message. Other parties must decrypt the signed message with the user's public key. Such a signed system ensures origin authenticity.

On the other hand, if a message is only meant for a particular person, then the message should be encrypted with his private key. This ensures that only the person with the private key can decrypt and read the message. This accounts for confidentiality.

In this case, the symmetrical key is encrypted with the public key of the receiver before it is sent across the internet. Once both parties have the symmetrical key, they can establish a secure channel in which confidentiality and authenticity are both guaranteed while the key hasn't expired.

There are a variety of symmetrical keys available on a Cisco router. The most basic key is the DES. DES stands for Data Encryption Standard and is based on a fixed 56-bit key. In the past, DES was considered uncrackable. However, DES was cracked by Biham and Shamir in 1992 through differential cryptanalysis.

In 1998, 3DES was created. 3DES is pronounced "triple-DES". In this case, three separate DES keys were used. Since three keys are used, the effective key strength is 168-bits. However, instead of encrypting the data three times, the data is actually encrypted, decrypted, then encrypted. If you actually encrypt a piece of data three times, then the resulting key strength would only be 112-bits.

AES is an encryption standard created during a NIST competition in 2001. AES stands for Advanced Encryption Standard, and is considered to be less computationally complex but stronger than 3DES bit-wise. AES comes in 128, 192 and 256-bit variants. Although theoretically AES beat 3DES hands down, 3DES is still preferred over AES in the industry due to its long trusted history.

RC series is another widely implemented algorithm. It is not a bad algorithm, but the implementation can make it a weak system. An example of a poorly implemented RC scheme is WEP. WEP uses RC4, but due to the poor implementation of the WEP protocol, the RC4 key can be cracked quickly remotely. The standardized RC variants are:
-RC2 - 40 and 64-bits
-RC4 - 1 to 256-bits
-RC5 - 0 to 2040-bits
-RC6 - 128, 192 and 256-bits

Other symmetrical encryption algorithms include 128-bit IDEA (International Data Encryption Algorithm) and 160-bit SEAL (Software Encryption Algorithm).

As previously mentioned, asymmetrical keys allow transfer of data over unsafe territories like the internet. RSA was invented in 1997 by Rivest, Shamir and Adelman (and was thus named RSA). RSA used digital signatures for authentication and non-repudiation. Non-repudiation simply means that the key guarantees origin authentication if all conditions are ideal. RSA is known to be the first asymmetrical key system that allows both signing and encryption. However, since RSA is 100 times slower than DES in hardware, and 1000 slower in software, it is not recommended for large quantities of data.

DH is a key exchange algorithm that describes a method for generating a shared encryption key in a secure fashion over untrusted territories like the internet. DH stands for Diffie-Hellman. DH uses the peer's public and private keys as part of its key exchange algorithm. It is commonly used by IKE Phase 1 during the establishment of IPSec VPNs. DH ranges from 512 to 4096-bits. The common DH variants are:
-DH1 - 768-bits
-DH2 - 1024-bits
-DH5 - 1536-bits

ElGamal is another symmetric encryption algorithm based on DH and is first described by Taher Elgamal in 1984.

Ciphers can be divided into two types, block and stream ciphers. Block ciphers parse data into fixed-length blocks before transforming it into ciphertext of the same length. Because the block sizes have to be uniform, padding is common. The size of the block varies with the cipher (for example, DES uses 64-bit blocks). The resulting ciphertext is usually longer than the plaintext. Stream ciphers on the other hand work on bits and feedback. Since it does not require fixed-length blocks, padding is not required. The size of the message is also not changed after they are transformed.

When we talk about hashing, we talk about data integrity. MD5 and SHA-1 are examples of hashing functions that can generate a fixed-length digest from a variable-length input. This digest is usually appended to a message, and the same algorithm is then run on the other end to check if the output is the same. In this case, we can guarantee that the data hasn't been altered in transit.

However, what exactly is it that stops hackers from simply modifying the data, then recalculating the hash? Well... NOTHING! However, the hash used during VPN connections isn't just any ordinary hash, it's a HMAC. HMAC stands for Hashed Message Authentication Code. HMACs use standard hashing functions like MD5 and SHA-1. The special feature of HMAC is that it hashes the message together with a pre-shared key. The attacker has a 50% chance of guessing the hashing algorithm but it will take them more effort to guess the key hashed with the message.

Public and private keys are difficult to manage, especially for large enterprises. To ensure the proper management of keys, a PKI should be employed. PKI can be employed in a variety of ways. The most common PKI topologies are the central (single-root) and the hierarchical topology.

In the central model, there is only one main CA. This is suitable for small deployments only, because there are certain vulnerabilities and scalability issues with it. In this model, there is only one single point of failure. If the root certificate is compromised, then all certificates issued by the root certificate authority cannot be trusted. Also, because there is one CA, you would need a centralized administration team and delegation to different departments is difficult.

Large enterprises typically implement a hierarchical model. In a hierarchical model, the root CA delegates its authority to subordinate CAs. All subordinate CAs have public keys that are ultimately signed by the root CA. This chain of logic is called the certification path. However, in this case, if a compromise occurs, only the certificates signed by the compromised subordinate needs to be revoked. Also, you can have different administration teams for different departments.

Elements within a PKI need to have a way to communicate with each other. PKCS (also known as the Public Key Cryptography Standards) is a method of encapsulating information exchanged between PKI peers to promote interoperability. The 4 most common PKCS standards are:
PKCS #1 - RSA Cryptography
PKCS #2 - DH Key Agreement
PKCS #7 - Cryptographic Message Syntax
PKCS #10 - Certificate Request Syntax

For example, a certificate request is encapsulated in a PKCS #10 message. This message is then encapsulated inside a PKCS #7 message. When the CA enrolls the certificate, it is encapsulated as the payload of a #7 message and sent back to the requester.

No comments :

Post a Comment