CS 556 – Computer Security Spring 2018

Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 1 / 33

CS 556 – Computer Security

Spring 2018

Dr. Indrajit Ray

Email: [email protected]

Department of Computer Science

Colorado State University

Fort Collins, CO 80523, USA

MESSAGE DIGESTS AND CERTIFICATES

MESSAGE DIGESTS

AND CERTIFICATES

DIGITAL CERTIFICATES

CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Message Digests

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Motivation

✦ Public-key technology is very slow

■ Cannot sign big messages

✦ Signed message is at least as long as original message,

often longer

● Message digests are one way hash values of original messages

that represent concisely the message from which it was

computed

Message Digests

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Easy to Compute

Hard to Compute

Properties of Cryptographic Hash Functions

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● The hash function H(x) is relatively easy to compute for any

given x

● H(x) is one-way

✦ “hard to invert”, that is given a hash value h, it is

computationally infeasible to find some input x such that

H(x) = h

● H(x) is collision-free

Weakly Collision Free

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Given a message M, it is computationally infeasible to find a

message M′ 6= M such that H(M) = H(M′)

✦ Given M, m = H(M) try messages at random to find M′ with

H(M′) = m

✦ 2k trials on an average for messages of size k bits

Strongly Collision Free

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● It is computationally infeasible to find any two messages M and

M′ such that H(M) = H(M′)

✦ Try pairs of messages at random to find M and M′ such that

H(M′) = H(M)

✦ 2k/2 trials on an average

Current Generation Algorithms

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● MD5 (Message Digest 5)

✦ 128 bit message digest proposed by Rivest of RSA

✦ simple, compact and fast

● SHA (Secure Hash Algorithm)

✦ 160 bit message digest similar to MD5

✦ slightly slower than MD5 but more secure

Keyed Message Digest

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Secret-key technique to provide efficient

✦ Authentication

✦ Integrity

● Does not provide Non-repudiation

● Also known as Message Authentication Codes (MAC)

Message Authentication Code

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Its is an authentication tag (also called a checksum) derived by

applying an authentication scheme, together with a secret key, to

a message digest

● MACs are computed and verified with the same key, so that they

can only be verified by the intended recipient

✦ This is unlike digital signatures

● Many different types of MACs – most popular are

✦ hash function-based

✦ block cipher-based

Hash Based MACs

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Often called HMAC (example: HMAC-MD5, HMAC-SHA)

● Use a key or keys in conjunction with a hash function to produce

a checksum that is appended to the message

● HMACK(M) = H(K ⊕ opad ‖ H(K ⊕ ipad ‖ M))

✦ H is any message digest function

✦ M message

✦ K secret key

✦ opad, ipad: fixed outer and inner padding

Block Cipher-based MACs

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Encrypt the message blocks using a symmetric block cipher in

Cipher Block Chaining mode and output the final block in the

ciphertext as the checksum

● DES based MACs are 64 bit and not considered strong anymore


MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Public-Key Certificates

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Reliable distribution of public-keys

● Public-key encryption

✦ Sender needs public key of receiver

● Public-key digital signatures

✦ Receiver needs public key of sender

● Public-key key agreement

✦ Both need each other’s public keys

Public-Key Certificates

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Public key should be linked with subject’s ID

✦ Allows verification of the claim that a specific public key does

indeed belong to a specific subject

● Trusted authority must certify the authenticity of public keys

● Achieved by means of certificates

✦ In its simplest form contain a public key and a name

✦ Most widely accepted format defined by the ITU-T X.509

standard

X.509 Certificate

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Subject Public Key Info

Version

Serial Number

Signature Algorithm

Issuer

Validity

Subject

Signature

X.509 Certificate

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


1

1234567891011121314

RSA + MD5, 512

C=US, S=CO, O=CSU, OU=CS

01/01/2002 - 01/10/2002

C=US, S=CO, O=CSU, OU=CS, CN=Indrajit Ray

RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxxx

yyyyyyyyyyy

X.509 Certificates

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● X.509v1

✦ Very basic

● X.509v2

✦ Adds unique identifiers to prevent against reuse of X.500

names

● X.509v3

✦ Adds many extensions

✦ Can be further extended

X.509v3 Certificates

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Distinguish various certificates

✦ Signature, encryption, key-agreement

● Identification info in addition to X.500 name

✦ Internet names: email addresses, host names, URLs

● Issuer can state policy and usage

✦ Good enough for casual email but not for signing checks

X.509v3 Certificates

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Limits on use of signature keys for further certification

✦ Cannot be used for certifying subjects from the .com domain

● Extensible

✦ Proprietary extensions can be defined and registered

● Attribute certificates

✦ Ongoing work

CERTIFICATE MANAGEMENT

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Certificate Revocation

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Certificates may need to be revoked

✦ Key specified in certificate may have been compromised

✦ Subject specified may no longer have the authority to use

the key

✦ Certifying authority’s key is compromised

● Achieved by means of Certificate Revocation Lists (CRLs)

stored at CRL repositories – usually the certifying authority itself

CRL Format

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Revoked Certificates

Signature Algorithm

Issuer

Last Update

Next Update

Signature

Serial Number

Revocation Date

Serial Number

Revocation Date

CRL Distribution

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Pull Model

✦ Verifier downloads the CRL from the certifying authority as

needed

● Push Model

✦ Certifying authority sends the CRL to verifiers at regular

intervals

● Hybrid Model

✦ CRL is “pushed” to several intermediate repositories from

which the verifier “pulls” the CRL as needed

Certificate Trust

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● How to acquire public key of the issuer to verify signature?

● Whether or not to trust certificates signed by the issuer for this

subject?

PEM Certification Graph (Hierarchical)

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


Authorities (CAs)

Policy CertificationAuthorities (PCAs)

Certification

Subjects

Internet PolicyRegistration Authority

PGP Trust Model

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● How does Alice get Bob’s public key?

✦ Directly from Bob through some secure channel (e.g., post,

phone, floppy)

✦ from Chuck, who is known to both Alice and Bob and

introduces Bob to Alice

✦ From a trusted certifying authority

What is a PKI?

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Protocols, services and standards for managing public keys

✦ Key registration: issuing a new certificate for a public key

✦ Certificate revocation: canceling a previously issued

certificate

✦ Key selection: obtaining a subject’s public key

✦ Trust evaluation: determining whether a certificate is valid

and what operations it authorizes

● Several PKI initiatives underway most based on X.509

certificates

PUBLIC KEY CRYPTOGRAPHY STANDARDS

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


PKCS #1 – #15

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Group of “standards” developed by RSA Security Inc. for using

public key cryptographic techniques

● Not necessarily these are recognized as industry standards

although many have been adopted in various protocols

● Some have moved into standards track processes within IETF

PKCS Summary

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● PKCS #1 – RSA Cryptography Standard. Includes mathematical

properties of key parameters and major algorithms

● PKCS #2 – Withdrawn

● PKCS #3 – Diffie-Hellman Key Agreement Standard

● PKCS #4 – Withdrawn

● PKCS #5 – Password-based Encryption Standard. Defines

protocols for deriving keys

● PKCS #6 – Extended Certificate Syntax Standard defining

extensions to X.509 v1 certificates. Obsolete.

● PKCS #7 – Cryptographic Message Syntax Standard. Signing

and encrypting messages and certificate distribution.

PKCS Summary

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● PKCS #8 – Private-Key Information Syntax Standard.

● PKCS #9 – Selected Attribute Types for use with PKCS #7, #10,

#12 and #15.

● PKCS #10 – Certification Request Standard. Message standard

for requesting certification of public keys.

● PKCS #11 – Cryptographic Token Interface.

● PKCS #12 – Personal Information Exchange Syntax

● PKCS #13 – Elliptic Curve Cryptography Standard (Under

development)

● PKCS #14 – Pseudorandom Number Generation Standard

(Under development)

● PKCS #15 – Cryptographic Token Information Format Standard.

Public Key Cryptography Summary

MESSAGE DIGESTS

AND CERTIFICATES


CERTIFICATE

MANAGEMENT

PUBLIC KEY

CRYPTOGRAPHY

STANDARDS


● Solves the key distribution problem for secret keys

✦ But brings up its own set of problems

● Solves also the key management problem

● Depends on the existence of hard problems

✦ Secure as long as somebody does not come up with an

efficient solution

✦ New hard problems difficult to get

CS 556 – Computer Security Spring 2018

Documents

Transcript of CS 556 – Computer Security Spring 2018