Cryptography

CCNA Security TV

Allow Up to One Minute for Video to Buffer Slides will Be Synchronized at Next Slide Advance Show Airs:

January 20, 2009 - 8:00 am Pacific, 15:00 GMT Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

INTRO v2.1—5-1

CCNA Security TV Site-to-Site VPNs: Cryptography Basics

Host: David Major Guests: John Rupf, Pat Lao and John Rauma

January 20, 2009 - 8:00 am Pacific, 15:00 GMT Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

INTRO v2.1—5-2

Agenda  Site-to-Site VPNs: Cryptography Basics

 Audience Q&A

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Ask a Question (Click the Hand Icon)

User ID Question for ??? Or Subject How does …..?

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Don’t forget to fill out our Survey

Alternatively, if the survey doesn’t popup, click ‘survey button’ located here on this page you have open.

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Download Slide Deck

Download slide deck here. Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Need Help – Problems with Video/Audio or Slides - Click on Support Net link – Bottom of Page

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Need Help – Problems with Video/Audio or Slides Click on red life saver icon

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Site-to-Site VPNs: Cryptography Basics

John Rupf

9 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-9

Outline

• Examining Encryption • Cryptographic Hashes • Digital Signatures

10 © 2006 Cisco Systems, Inc. All rights reserved.

MPLS v2.2—1-10

Examining Cryptographic Services

11 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-11

Cryptology Overview The science of cryptology has two subdisciplines— cryptography and cryptanalysis.  Cryptography is the science of creating secret codes.  Cryptanalysis is involved in the breaking (cracking) of those secret codes.  Like cryptology, cryptography also has two subdisciplines – encryption and hashing.  Usually the objective of encryption is confidentiality.  The primary purpose of hashing is authentication or verification.

12 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-12

Substitution Cipher  Substitution ciphers substitute one character for another, such as a=d, b=e, c=f, and so on to z=c. – Julius Caesar used a substitution cipher that is now called the Caesar cipher. – Substitution ciphers are vulnerable to frequency analysis because they retain the basic organization of the message.  Polyalphabetic ciphers are a more complex substitution cipher. – They counter the early frequency analysis vulnerability. – They are still vulnerable to frequency analysis if the point where the substitution repeats itself can be discovered.

13 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-13

Vigenère Cipher

The Vigenère cipher is a polyalphabetic cipher that uses 26 alphabets. © 2008 Cisco Systems, Inc. All rights reserved.

14 IINS v1.0—4-14

Substitution  Write out the plaintext.  Repeat the key above plaintext as many times as required.  Use the key to select the row and the plaintext to select the column.

CISCOC ATTACK

CBLCQM

(attack encrypted with the key CISCO)

15 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-15

Transposition  Transposition is also known as permutation.  Rather than replacing characters, characters are permuted or rearranged.  Some modern algorithms still use transposition as an element of the algorithm, such as DES and 3DES.

attack

takatc (attack transposed to takatc)

16 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-16

Vernam Ciphers and One-Time Pads  Vernam ciphers XOR the text with a text as long as the message.  If the key is random and is used only it is a one-time pad.  One-time pads are the only cipher that can be proved to be secure and unbreakable, as long as the key is used only once.  One-time pads are awkward to use. – Creation of random data, in order to create the one-time pads, is complicated. – Key distribution is difficult because one copy is distributed to the sender, the other copy retained by the receiver.  Because of these difficulties, true one-time pads are usually limited to super secret communications.

17 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-17

Transforming Plaintext into Ciphertext Plaintext

Plaintext

Cisco IOS Software 12.4 Features

Cisco IOS Software 12.4 Features

8vyaleh31&dk tu.dtrw8743$ Fie*nP093h Encryption Algorithm

Encryption Key

Decryption Algorithm Ciphertext

Decryption Key

Untrusted Network

18 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-18

Cryptanalysis Examples of cryptographic attacks are:  Brute-force  Ciphertext-only  Known-plaintext  Chosen-plaintext  Chosen-ciphertext  Birthday attack  Meet-in-the-middle

19 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-19

Encryption Algorithm Features Desirable features:  Resistance to known cryptanalytic attacks  Variable (long) key lengths and scalability  Avalanche effect—small changes in plaintext cause substantial changes in ciphertext  No export or import restrictions

20 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-20

Encryption Keys  A key is a required parameter for encryption algorithms.  There are two different concepts regarding keys: – Symmetric encryption algorithms—Same key encrypts and decrypts data. – Asymmetric encryption algorithms—Different keys encrypt and decrypt data.

21 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-21

Symmetric Encryption Algorithms Key

Key

Encrypt $1000

Decrypt $!@#IQ

$1000

 A sender and receiver must share a secret key.  They are usually quite fast (wire speed).  These algorithms are based on simple mathematical operations.  Examples of symmetric encryption algorithms are DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. © 2008 Cisco Systems, Inc. All rights reserved.

22 IINS v1.0—4-22

Symmetric Encryption Key Lengths Key

Key

Encrypt $1000

Decrypt $!@#IQ

$1000

 Typical key lengths are 40-256 bits.  Key lengths greater than or equal to 80 bits can be trusted.  Key lengths of less than 80 bits are considered obsolete, regardless of the strength of the algorithm.

23 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-23

DES  DES is an ubiquitous symmetric algorithm developed by IBM in 1975 where it was called Lucifer.  The algorithm is very good, essentially a sequence of permutations and substitutions, but the key length is susceptible to brute-force attacks.  The algorithm has been scrutinized for nearly 35 years with no significant flaws found.  DES is easily implemented in hardware because it uses simple logical operations.  DES has a fixed key length. The key is 64 bits long, but only 56 bits are used for encryption: – Eight bits are used for parity, where the least significant bit of each key byte is odd parity.  40-bit DES is actually a 40-bit key plus 16 known bits.

24 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-24

DES Modes  DES operates in two block cipher modes: – EBC mode - electronic codebook - Each plaintext block always gives the same ciphertext block. – CBC mode – cipher block chaining - Plaintext is XORed with previous ciphertext block and then encrypted.  CBC mode is used by IPsec in most cases.  DES also uses the following two common stream cipher modes : – CFB mode – cipher feedback - Makes a block cipher into a self-synchronizing stream cipher and is very similar to CBC. – OFB mode – output feedback - Generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.

25 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-25

DES ECB vs. CBC Mode ECB

CBC

Message of five 64-Bit Blocks

Message of five 64-Bit Blocks Initialization Vector

DES

DES

DES

DES

DES

DES

DES

DES

DES

DES

26 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-26

DES Usage Guidelines  To better protect the data, follow these guidelines: – Change keys frequently to prevent brute-force attacks. – Communicate DES keys from sender to receiver using a secure channel. – Consider using DES in CBC mode. With CBC, the encryption of each 64-bit block depends on previous blocks.  Because DES is considered obsolete, limit its use to small data volumes or instances where no alternative exists.

27 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-27

Asymmetric Encryption Algorithms Encryption Key

Decryption Key

Encrypt $1000

Decrypt %3f7&4

$1000

 Asymmetric encryption algorithms are best known as public key algorithms.  The usual key length is 512–4096 bits.  These algorithms are relatively slow because they are based on difficult computational algorithms.  Examples of asymmetric encryption algorithms are RSA, ElGamal, elliptic curves, and DH. © 2008 Cisco Systems, Inc. All rights reserved.

28 IINS v1.0—4-28

Public Key Confidentiality Scenario  When the public key is used to encrypt, the corresponding private key is used to decrypt.  Because the private key is only present on one system, confidentiality is achieved in communicating with that system.  Public keys are usually available by asking because no effort is made to keep them secret.  This scenario is often used for key exchange. Public Key (encrypt) + Private Key (decrypt) = Confidentiality

29 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-29

Asymmetric Confidentiality Process Bob

Alice

Clear

Encryption

Bob’s Public Key

Encrypted

Decryption

Clear

Bob’s Private Key

 Alice gets Bob’s public key.  Alice encrypts the message using Bob’s public key.  Bob decrypts the message using his private key.

30 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-30

Public Key Authentication Scenario  When the private key is used to encrypt, the corresponding public key is used to decrypt.  Because the private key is only present on one system, authentication is assured when its public key decrypts the message.  Great effort is made to maintain the secrecy of private keys.  This scenario is used for authentication.

Private Key (encrypt) + Public Key (decrypt) = Authentication

31 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-31

Asymmetric Authentication Process Bob

Alice

Clear

Encryption

Alice’s Private Key

Encrypted

Decryption

Clear

Alice’s Public Key

 Alice encrypts the message with her private key.  Bob decrypts the message using Alice’s public key.

32 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-32

The DH Algorithm  Used for secure key exchange over insecure channels  Based on the difficulty of finding discrete logarithms  Used to establish a shared secret between parties, such as the secret keys for symmetric encryption or HMACs

33 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-33

The DH Key Exchange Algorithm Peer A

Peer B

1. Agree with peer on a large prime integer p and a generator g.

1. Agree with peer on a large prime integer p and a generator g.

2. Select a random integer A

2. Select a random integer B..

3. Generate public key YA = gA mod p.

3. Generate public key YB = gB mod p.

4. Send public key YA.

4. Send public key YB.

5. Generate shared-secret number ZZ = gAB mod p.

5. Generate shared-secret number ZZ = gBA mod p.

6. Generate shared-secret key from ZZ (DES, 3DES, or AES).

6. Generate shared-secret key from ZZ (DES, 3DES, or AES).

34 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-34

Choosing an Encryption Algorithm  When choosing algorithms, there are two basic criteria: – The algorithm is trusted by the cryptographic community. – The algorithm provides enough protection against brute-force attacks.  DES, 3DES, IDEA, RC4, and AES are symmetric algorithms that are considered trusted.  RSA and DH are asymmetric algorithms that are considered trusted.  Other algorithms, such as ECC, are generally considered immature in cryptographic terms.

35 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-35

Overview of Cryptographic Hashes

 Hashes are based on oneway functions.  They are used for integrity assurance.  They hash arbitrary data into a fixed-length digest known as a fingerprint.

36 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-36

What is a Hash Function? Basic requirements for a cryptographic hash function:  The input can be any length.  The output has a fixed length.  H(x) is relatively easy to compute for any given x.  H(x) is one-way and not reversible.  H(x) is collision-free.

37 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-37

Hashing in Action  Vulnerable to eavesdroppers: – Hashing does not provide security to transmission.  Well known hash functions: I would like to cash this check.

– MD5 with 128-bit hashes – SHA-1 with 160-bit hashes

Internet

Pay to Terry Smith               Pay to Terry Smith              $100.00 $100.00 One Hundred and xx/100    Dollars One Hundred and xx/100    Dollars

Pay to Alex Jones              $1000.00 Pay to Alex Jones              $1000.00

4ehIDx67NMop9

12ehqPx67NMoX

One Thousand and xx/100   Dollars One Thousand and xx/100   Dollars

Match = No changes No match = Alterations © 2008 Cisco Systems, Inc. All rights reserved.

38 IINS v1.0—4-38

What Is Key Management?  Key management deals with the secure generation, verification, exchange, storage, and destruction of keys.  Key management is often considered the most difficult task of designing cryptographic systems.  It is extremely important to have secure methods of key management.  In practice, most attacks on cryptographic systems will be aimed at the key management level, rather than at the cryptographic algorithm itself.

39 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-39

Keyspaces  The keyspace of an algorithm is the set of all possible key values.  A key that is n bits in size produces a keyspace that has 2n possible key values.  Almost every algorithm has weak keys: – The implementation should prevent the usage of weak keys.  There can be problems when manually defining keys.

40 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-40

Key Length Issues  If the cryptographic system is trusted, it can only be broken using a bruteforce attack: – A brute-force attack searches through the keyspace trying all possible keys and requires a huge amount of time. – On average, half of the keyspace has to be searched to find the correct key.  With modern algorithms, the strength of protection depends solely on the length of the key as long as: – The algorithm is trusted. – The key is generated and maintained securely.  The choice of key length depends on: – The sensitivity of data the key is protecting and the desired period of confidentiality – The performance requirements of a system—longer keys can mean lower performance  The aim is for adequate protection of data.

41 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-41

Summary  Cryptology is the science of cryptanalysis and cryptography.  Symmetric encryption is used for bulk encryption and asymmetric algorithms are used for authentication and key exchange.  Block ciphers encrypt data in fixed-length blocks. Stream ciphers encrypt data in blocks one bit long.  Symmetric algorithms are faster and stronger than asymmetric algorithms.  Cryptographic hashes are designed to be irreversible.  Key management is an essential part of cryptographic security. Usually the easiest way to breach encryption is to compromise the keys.  SSL is an example of a cryptosystem that utilizes symmetric and asymmetric encryption as well as cryptographic hashes to provide a complete cryptographic solution. © 2008 Cisco Systems, Inc. All rights reserved.

42 IINS v1.0—4-42

43 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-43

TechWiseTV Technology you can use, from geeks you can trust.

Register now for the next show: www.cisco.com/go/interact 44 © 2008 Cisco Systems, Inc. All rights reserved.

IINS v1.0—4-44

Open Panel QA

Joining us : Pat Lao – Cisco Technical Consultant John Rauma – Technical Consultant (Ascolta)

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

During Broadcast

Ask a Question (Click the Hand Icon)

User ID Question for ??? Or Subject How does …..?

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

During Broadcast: Phone Q & A

 To ask a question live and on the air, call:  US or Canada: 1 – 408 – 576 – 0014  International: +1 – 408 – 576 – 0014

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

Review and Practice  Shortcut to the Cisco Learning Network:

cisco.com/go/learnnetspace A video of “Site-to-Site VPNs: Cryptography Basics” should be posted in the next two weeks.

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

Thank you! Don’t forget to fill out our Survey

Alternatively, if the survey doesn’t popup, click ‘survey button’ located here on this page you have open.

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

Deploying Unified Wireless— © 2008 Cisco Systems, Inc. All rights reserved.

5