cs 556 – computer security spring 2018
TRANSCRIPT
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 1 / 33
CS 556 – Computer Security
Spring 2018
Dr. Indrajit Ray
Email: [email protected]
Department of Computer Science
Colorado State University
Fort Collins, CO 80523, USA
MESSAGE DIGESTS AND CERTIFICATES
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 2 / 33
Message Digests
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 3 / 33
● Motivation
✦ Public-key technology is very slow
■ Cannot sign big messages
✦ Signed message is at least as long as original message,
often longer
● Message digests are one way hash values of original messages
that represent concisely the message from which it was
computed
Message Digests
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 4 / 33
Easy to Compute
Hard to Compute
Properties of Cryptographic Hash Functions
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 5 / 33
● The hash function H(x) is relatively easy to compute for any
given x
● H(x) is one-way
✦ “hard to invert”, that is given a hash value h, it is
computationally infeasible to find some input x such that
H(x) = h
● H(x) is collision-free
Weakly Collision Free
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 6 / 33
● Given a message M, it is computationally infeasible to find a
message M′ 6= M such that H(M) = H(M′)
✦ Given M, m = H(M) try messages at random to find M′ with
H(M′) = m
✦ 2k trials on an average for messages of size k bits
Strongly Collision Free
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 7 / 33
● It is computationally infeasible to find any two messages M and
M′ such that H(M) = H(M′)
✦ Try pairs of messages at random to find M and M′ such that
H(M′) = H(M)
✦ 2k/2 trials on an average
Current Generation Algorithms
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 8 / 33
● MD5 (Message Digest 5)
✦ 128 bit message digest proposed by Rivest of RSA
✦ simple, compact and fast
● SHA (Secure Hash Algorithm)
✦ 160 bit message digest similar to MD5
✦ slightly slower than MD5 but more secure
Keyed Message Digest
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 9 / 33
● Secret-key technique to provide efficient
✦ Authentication
✦ Integrity
● Does not provide Non-repudiation
● Also known as Message Authentication Codes (MAC)
Message Authentication Code
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 10 / 33
● Its is an authentication tag (also called a checksum) derived by
applying an authentication scheme, together with a secret key, to
a message digest
● MACs are computed and verified with the same key, so that they
can only be verified by the intended recipient
✦ This is unlike digital signatures
● Many different types of MACs – most popular are
✦ hash function-based
✦ block cipher-based
Hash Based MACs
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 11 / 33
● Often called HMAC (example: HMAC-MD5, HMAC-SHA)
● Use a key or keys in conjunction with a hash function to produce
a checksum that is appended to the message
● HMACK(M) = H(K ⊕ opad ‖ H(K ⊕ ipad ‖ M))
✦ H is any message digest function
✦ M message
✦ K secret key
✦ opad, ipad: fixed outer and inner padding
Block Cipher-based MACs
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 12 / 33
● Encrypt the message blocks using a symmetric block cipher in
Cipher Block Chaining mode and output the final block in the
ciphertext as the checksum
● DES based MACs are 64 bit and not considered strong anymore
DIGITAL CERTIFICATES
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 13 / 33
Public-Key Certificates
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 14 / 33
● Reliable distribution of public-keys
● Public-key encryption
✦ Sender needs public key of receiver
● Public-key digital signatures
✦ Receiver needs public key of sender
● Public-key key agreement
✦ Both need each other’s public keys
Public-Key Certificates
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 15 / 33
● Public key should be linked with subject’s ID
✦ Allows verification of the claim that a specific public key does
indeed belong to a specific subject
● Trusted authority must certify the authenticity of public keys
● Achieved by means of certificates
✦ In its simplest form contain a public key and a name
✦ Most widely accepted format defined by the ITU-T X.509
standard
X.509 Certificate
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 16 / 33
Subject Public Key Info
Version
Serial Number
Signature Algorithm
Issuer
Validity
Subject
Signature
X.509 Certificate
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 17 / 33
1
1234567891011121314
RSA + MD5, 512
C=US, S=CO, O=CSU, OU=CS
01/01/2002 - 01/10/2002
C=US, S=CO, O=CSU, OU=CS, CN=Indrajit Ray
RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxxx
yyyyyyyyyyy
X.509 Certificates
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 18 / 33
● X.509v1
✦ Very basic
● X.509v2
✦ Adds unique identifiers to prevent against reuse of X.500
names
● X.509v3
✦ Adds many extensions
✦ Can be further extended
X.509v3 Certificates
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 19 / 33
● Distinguish various certificates
✦ Signature, encryption, key-agreement
● Identification info in addition to X.500 name
✦ Internet names: email addresses, host names, URLs
● Issuer can state policy and usage
✦ Good enough for casual email but not for signing checks
X.509v3 Certificates
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 20 / 33
● Limits on use of signature keys for further certification
✦ Cannot be used for certifying subjects from the .com domain
● Extensible
✦ Proprietary extensions can be defined and registered
● Attribute certificates
✦ Ongoing work
CERTIFICATE MANAGEMENT
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 21 / 33
Certificate Revocation
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 22 / 33
● Certificates may need to be revoked
✦ Key specified in certificate may have been compromised
✦ Subject specified may no longer have the authority to use
the key
✦ Certifying authority’s key is compromised
● Achieved by means of Certificate Revocation Lists (CRLs)
stored at CRL repositories – usually the certifying authority itself
CRL Format
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 23 / 33
Revoked Certificates
Signature Algorithm
Issuer
Last Update
Next Update
Signature
Serial Number
Revocation Date
Serial Number
Revocation Date
CRL Distribution
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 24 / 33
● Pull Model
✦ Verifier downloads the CRL from the certifying authority as
needed
● Push Model
✦ Certifying authority sends the CRL to verifiers at regular
intervals
● Hybrid Model
✦ CRL is “pushed” to several intermediate repositories from
which the verifier “pulls” the CRL as needed
Certificate Trust
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 25 / 33
● How to acquire public key of the issuer to verify signature?
● Whether or not to trust certificates signed by the issuer for this
subject?
PEM Certification Graph (Hierarchical)
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 26 / 33
Authorities (CAs)
Policy CertificationAuthorities (PCAs)
Certification
Subjects
Internet PolicyRegistration Authority
PGP Trust Model
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 27 / 33
● How does Alice get Bob’s public key?
✦ Directly from Bob through some secure channel (e.g., post,
phone, floppy)
✦ from Chuck, who is known to both Alice and Bob and
introduces Bob to Alice
✦ From a trusted certifying authority
What is a PKI?
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 28 / 33
● Protocols, services and standards for managing public keys
✦ Key registration: issuing a new certificate for a public key
✦ Certificate revocation: canceling a previously issued
certificate
✦ Key selection: obtaining a subject’s public key
✦ Trust evaluation: determining whether a certificate is valid
and what operations it authorizes
● Several PKI initiatives underway most based on X.509
certificates
PUBLIC KEY CRYPTOGRAPHY STANDARDS
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 29 / 33
PKCS #1 – #15
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 30 / 33
● Group of “standards” developed by RSA Security Inc. for using
public key cryptographic techniques
● Not necessarily these are recognized as industry standards
although many have been adopted in various protocols
● Some have moved into standards track processes within IETF
PKCS Summary
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 31 / 33
● PKCS #1 – RSA Cryptography Standard. Includes mathematical
properties of key parameters and major algorithms
● PKCS #2 – Withdrawn
● PKCS #3 – Diffie-Hellman Key Agreement Standard
● PKCS #4 – Withdrawn
● PKCS #5 – Password-based Encryption Standard. Defines
protocols for deriving keys
● PKCS #6 – Extended Certificate Syntax Standard defining
extensions to X.509 v1 certificates. Obsolete.
● PKCS #7 – Cryptographic Message Syntax Standard. Signing
and encrypting messages and certificate distribution.
PKCS Summary
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 32 / 33
● PKCS #8 – Private-Key Information Syntax Standard.
● PKCS #9 – Selected Attribute Types for use with PKCS #7, #10,
#12 and #15.
● PKCS #10 – Certification Request Standard. Message standard
for requesting certification of public keys.
● PKCS #11 – Cryptographic Token Interface.
● PKCS #12 – Personal Information Exchange Syntax
● PKCS #13 – Elliptic Curve Cryptography Standard (Under
development)
● PKCS #14 – Pseudorandom Number Generation Standard
(Under development)
● PKCS #15 – Cryptographic Token Information Format Standard.
Public Key Cryptography Summary
MESSAGE DIGESTS
AND CERTIFICATES
DIGITAL CERTIFICATES
CERTIFICATE
MANAGEMENT
PUBLIC KEY
CRYPTOGRAPHY
STANDARDS
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 33 / 33
● Solves the key distribution problem for secret keys
✦ But brings up its own set of problems
● Solves also the key management problem
● Depends on the existence of hard problems
✦ Secure as long as somebody does not come up with an
efficient solution
✦ New hard problems difficult to get