/
Cryptographic Security Cryptographic Security

Cryptographic Security - PowerPoint Presentation

alida-meadow
alida-meadow . @alida-meadow
Follow
396 views
Uploaded On 2017-04-06

Cryptographic Security - PPT Presentation

Presented by Josh Baker October 9 th 2012 1 CS5204 Operating Systems CS5204 Operating Systems Overview What is cryptographic security Uses Main Points What is a KeyCertificate ID: 534251

cs5204 systems key operating systems cs5204 operating key encryption signature cryptographic decryption digital keys rsa data certificate security asymmetric

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Cryptographic Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Cryptographic Security

Presented by:Josh BakerOctober 9th, 2012

1

CS5204

– Operating SystemsSlide2

CS5204 – Operating Systems

Overview

What is cryptographic security?UsesMain Points

What is a

Key/Certificate”?

ImplementationsCAC based PKI DemonstrationReferences

2Slide3

What is it?

Cryptographic Security: Leveraging a standardized system that uses a set of operations that are publicly available in order to authenticate identities, securely share data, or irrefutably sign data

. def

Cryptography:

cryp

∙tog

∙ra ∙

phy

[3]

:the enciphering and deciphering of messages in secret code or cipher; also : the computerized encoding and decoding of information

CS5204 – Operating Systems

3Slide4

Uses

Establishing Transport Layer Security (TLS/SSL)HTTPSSFTPData Encryption / Decryption

Digital SignatureLogin / Authentication ProtocolsRelies on digital signature

CS5204

– Operating Systems

4Slide5

Main Points

Use of a publicly formalized systemCenters around a third party “Certificate Authority”Certify IdentitiesManage (create, distribute, revoke) KeysEliminates many security vulnerabilities

Can be used to enforce least privilege, separation of duties, economy of mechanism, and complete mediation while being an open design.Heavy use of hashing algorithms (sha1, MD5,…)

CS5204

– Operating Systems

5Slide6

What is a “Key

”?Cryptographic Key: A set of 2 integers that can be used with a cryptographic algorithm in order to encrypt or decrypt data.

Two types of cryptographic systems:Private Key – using only one secret key (symmetric)Public Key – using two keys, a secret key and a shared key (asymmetric)

RSA and NIST recommend using at least:

112

bit symmetric

keys (harder to break, efficient)2048 bit asymmetric keys

CS5204

– Operating Systems

6Slide7

What is a “Certificate”?

Cryptographic Certificate: The combination of identity information with cryptographic information. Identity of the certificate ownerIdentity of the certificate authority (issuer)

Dates that the certificate is valid forWhich cryptographic algorithms are usedKey informationOne owner may have multiple certificates for various uses: authentication, encryption, signature

CS5204 – Operating Systems

7Slide8

TLS / SSL

Used for transporting data securely over non-secure channels, most namely the internet.Uses Handshaking:Employs both Symmetric and Asymmetric keys

Symmetric keys are smaller than asymmetric keys and provide improved performanceA secure channel must be established using asymmetric keys in order to transmit the shared secret symmetric key“Nonce

s” are used to defend against replay attacks

CS5204

– Operating Systems

8Slide9

TLS / SSL

CS5204 – Operating Systems

9

source: [9]Slide10

Encryption / Decryption

Private Key Encryption (symmetric):Encrypting local filesMust share the key in order to share the dataCannot use private key from PKIGroup Authentication

Cipher: stream/blockAES 128 bit block

CS5204

– Operating Systems

10

Source:[7]Slide11

Encryption / Decryption

Provides confidentiality but not authenticationPublic Key Encryption (asymmetric):

CS5204

– Operating Systems

11

source:[8]Slide12

Encryption / Decryption

The RSA Cryptosystem:Developed by Rivest, Shamir, and Adleman in 1977The de facto standard for PKIThe encryption key is public (E)The decryption key is private (D)

The Message M can be calculated by:M = D(E(M))

M = E(D(M))

CS5204 – Operating Systems

12Slide13

Encryption / Decryption

RSA Algorithm details (generate keys)1. Find 2 unique large prime numbers2. Calculate nn =

p ∙ q 3. Pick a large random integer d

that is relatively prime to (p-1)∙(q-1) such that

gcd(d, (p-1)∙(q-1)) =

1

4. Calculate e

e ∙ d

=

1∙(mod (p­1

)∙(q­1))

CS5204 – Operating Systems

13Slide14

Encryption / Decryption

RSA Algorithm details (encrypt/decrypt)Encryption:Given message M create ciphertext C

C = E(M) = Me (mod n)

Decryption

:

Given

ciphertext C create message MM

=

D(C)

= Cd (mod n)

Can be calculated quickly using modular exponentiation (repeated squaring)CS5204 – Operating Systems

14Slide15

Digital Signature

Not “electronic signature” which is typically implemented with a digital representation of a hand signature or acknowledgment gesture.Provides non-repudiation, irrefutably evidence that the signature was created by the identified party.Provides data integrity validationProvides authentication but not confidentiality

CS5204

– Operating Systems

15Slide16

Digital Signature

CS5204 – Operating Systems

16

source:[8]Slide17

Digital Signature

RSA Digital Signature details:A message M is signed using the private keyS = D(M)

A digital signature is validated using the public keyM = E(S)Decryption of the message can be used to prove the identity of a user, authentication

Validating a digital signature also validates the data by comparing the hash values

CS5204 – Operating Systems

17Slide18

CAC PKI

Common Access Card (CAC) aka Smart CardUtilized extensively by the DoDEnforces two factor authenticationSomething you have – CAC

Something you know – PINCan be used for three factor authentication with addition of finger print reader (something you are)Newer generation cards can also be used with proximity based passive RFID

readers

Great for enforcing separation of duties and least privilege

CS5204

– Operating Systems

18Slide19

CAC PKI Demo

One last note, using an in house certificate authority (CA) and a smart card enabled PKI cryptosystem throughout an organization can enable greater PII (Personally Identifiable Information) security by replacing things like SSNs with othewise meaningless unique identifiers like the DoD EDIPI (Electronic Data Interchange

Personal Identifier).CS5204

– Operating Systems

19Slide20

References

1. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Rivest et al

2. “Introduction to Algorithms, Second Edition”, Cormen et al3. Merriam-Webster dictionary, term: cryptography, (

www.merriam-webster.com

)

4. National Institute for Standards and Technology, (

www.nist.gov)5. http://blog.securism.com/2009/01/summarizing-pki-certificate-validation

/

6. RSA Laboratories, (

www.rsa.com)7.

http://www.itportal.in/2011/12/encryption-decryption-information.html8.

http://

gdp.globus.org/gt4-tutorial/multiplehtml/ch09s03.html

9. http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx

CS5204

– Operating Systems

20