Public Key Infrastructure
PKI leverages all three forms of encryption to provide and manage digital certificates. Certificates may be server based or client based and used together to provide mutual authentication and encryption. The standard format is X.509.
NIST Special Publication 800-15 decribes the five components of PKI
- Certification Authorities (CA) that issue and revoke certificates
- Organization Registration Authorities (ORAs) that vouch for the binding between public keys and certificate holder identities and other attributes
- Certificate holders that are issued certificates and can sign digital documents
- Clients that validate digital signatures and their certification paths from a known public key of trusted CA
- Repositories that store and make available certificates and certificate revocation lists (CRLs)
Certificate Authorities and Organizational Registration Authorities
CAs issue digital certificates and ORAs authenticates the identity of the certificate holder before issuing one to them. An organization can be both a CA and ORA. CAs can be private or public.
Certificate Revocation Lists
CAs maintain CRLs which contains a list of revoked certificates. It is a flat file which doesn’t scale well. The Online Certificate Status Protocol (OCSP) is a replacement for CRLs.
Key Management Issues
The confidentiality and integrity of the holder’s private key must be assured during the distribution process. The public/private key pairs userd in PKI should be stored securely. Key storage means the organization that issued the keys retains a copy. Key Escrow means a third party organization (often law enforcements) retains a copy.
SSL and TLS
SSL authenticates and provides confidentiality to web traffic. TLS is the successor of SSL. When you visit an HTTPS website, traffic is encrypted using assymetric keys (the public key of the website), which is signed by the CA’s private key (such as Versign). If your browser trusts the CA, then the signature authenticates the site. Then the browser uses the encrypted session to exchange a symmetric key to encrypt the rest of the session. The private key is stored on the webserver which allows it to decrypt anything encrypted with the public key.
Ciphers used could include RSA/DSA for authentication and AES or DES for confidentiality. SSL2.0 was first released then 3.0 improved on security issues and now TLS improves on 3.0.
IPSEC
IPSEC (Internet protocol security) is a suite of protocols to provide cryptographic layer to both IPv4 and IPv6, mainly used in VPN networks. IPSec includes two primary protocols AH and ESP with differing and overlapping functionality. Supporting IPSEC protocols include ISAKMP (Internet Security Association Key Management Protocol) and IKE (Internet Key Exchange).
AH and ESP
- AH – Authentication Header – Provides authentication and integrity but no confidentiality – protects against replay attacks
- ESP – Encapsulating Security Payload – Provides authentication, integrity and confidentiality
Security Association and ISAKMP
- SA – One way connection that may be used to negotiate ESP or AH parameters, if two systems use ESP they use two SAs (one for each direction), if they use AH as well that’s a total of 4. A unique 32bit number called Security Parameter Index identifies each SA
- ISAKMP – manages the SA creation process
Tunnel and Transport Mode
- Tunnel Mode – Used to provide point-to-point IPSEC tunnels, ESP tunnel mode encrypts entire packet including headers, does not need AH
- Transport Mode – Only encrypts the data and not headers, uses both AH and ESP, weaker and arguably AH and Transport mode should be droppped.
IKE
IPSec can use variety of encryption algorithms such as MD5/SHA1 for integrity and AES, 3DES for confidentiality. IKE is responsible for negotiating the algorithm selection process.
PGP
Pretty Good Privacy (PGP) was created by Phil Zimmerman which brought asymetric encryption to the masses. He was investigated for munitions export violations by the US and infringed RSA patents. The case was dropped and Zimmerman agreed to stop publishing PGP (though source code already made freely available).
PGP is used for confidentiality, integrity, authentication and non-repudation. It can be used to encrypt emails, documents, or entire disk drives. PGP uses a web of trust model (if you trust me, you trust everyone I trust).
S/MIME
MIME (Multipuprose Internet Mail Extension) provides a standard way to format email including characters, sets and attachments. S/MIME (Secure/MIME) leverages PKI to encrypt and authenticate MIME-encoded email. The client or client’s email server (S/MIME gateway) may perform the encryption.
Escrowed Encryption
Escrowed encryption means a third party organization holds a copy of the public/private key pair. Divided into two or more parts each with the a different trusted third party which will only release upon authorization. Goal is to ensure balance between privacy and needs of law enforcement or ensure encrypted data is recoverable in the event of key loss or employee termination.
Clipper Chip
Name of the technology used in Escrowed Encryption Standard (EES), an effort by the US to deploy escrowed encryption in telecommunication. It was classified secret but often such ciphers are found to be insecure and was abandoned due to media firestorm.
Steganograhy
Steganography is the science of hidden communication. The communication itself is not hidden, only the meaning is concealed. Modern steganography hides information inside data files such as images and music. Images can be encoded with extra bits of information hidden from the naked eye using a methods called bit substition and injection that changes the integrity of the file. Messages can be first encrypted first before hidden via steganography.
Watemarks
Digital watermarks encode data into a file. The watermark may be hidden using steganography. Watermarks are often used to fingerprint fiels (tying a copy of a file to it’s owner).
