21.0.1 Why Should I Take this module?
What do you know about cryptography? What is it and how can it be implemented? In order to secure data as it travels across links, you need to have an understanding of how to protect that data and maintain its integrity. In this module you will learn about cryptography and its role in digital data communications. Let’s get started!
21.0.2 What Will I Learn in this Module?
Module Title: Public Key Cryptography
Module Objective: Explain how the public key infrastructure (PKI) supports network security.
|Topic Title||Topic Objective|
|Integrity and Authenticity||Explain the role of cryptography in ensuring the integrity and authenticity of data.|
|Confidentiality||Explain how cryptographic approaches enhance data confidentiality.|
|Public Key Cryptography||Explain public key cryptography.|
|Authorities and the PKI Trust System||Explain how the public key infrastructure functions.|
|Applications and Impacts of Cryptography||Explain how the use of cryptography affects cybersecurity operations.|
21.0.3 Class Activity – Creating Codes
Secret codes have been used for thousands of years. Ancient Greeks and Spartans used a scytale (rhymes with Italy) to encode messages. Romans used a Caesar cipher to encrypt messages. A few hundred years ago, the French used the Vigenère cipher to encode messages. Today, there are many ways that messages can be encoded.
In this activity, you will create and encrypt messages using online tools.
21.1 Integrity and Authenticity
21.1.1 Securing Communications
Organizations must provide support to secure the data as it travels across links. This may include internal traffic, but it is even more important to protect the data that travels outside of the organization to branch sites, telecommuter sites, and partner sites.
These are the four elements of secure communications:
- Data Integrity – Guarantees that the message was not altered. Any changes to data in transit will be detected. Integrity is ensured by implementing either of the Secure Hash Algorithms (SHA-2 or SHA-3). The MD5 message digest algorithm is still widely in use, however it is inherently insecure and creates vulnerabilities in a network. The use of MD5 should be avoided.
- Origin Authentication – Guarantees that the message is not a forgery and does actually come from whom it states. Many modern networks ensure authentication with algorithms such as hash-based message authentication code (HMAC).
- Data Confidentiality – Guarantees that only authorized users can read the message. If the message is intercepted, it cannot be deciphered within a reasonable amount of time. Data confidentiality is implemented using symmetric and asymmetric encryption algorithms.
- Data Non-Repudiation – Guarantees that the sender cannot repudiate, or refute, the validity of a message sent. Nonrepudiation relies on the fact that only the sender has the unique characteristics or signature for how that message is treated.
Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.
21.1.2 Cryptographic Hash Functions
Hashes are used to verify and ensure data integrity. Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse. Grinding coffee is a good analogy of a one-way function. It is easy to grind coffee beans, but it is almost impossible to put all of the tiny pieces back together to rebuild the original beans. The cryptographic hashing function can also be used to verify authentication.
Creating a Hash
As shown in the figure, a hash function takes a variable block of binary data, called the message, and produces a fixed-length, condensed representation, called the hash. The resulting hash is also sometimes called the message digest, digest, or digital fingerprint.
With hash functions, it is computationally infeasible for two different sets of data to come up with the same hash output. Every time the data is changed or altered, the hash value also changes. Because of this, cryptographic hash values are often called digital fingerprints. They can be used to detect duplicate data files, file version changes, and similar applications. These values are used to guard against an accidental or intentional change to the data, or accidental data corruption.
The cryptographic hash function is applied in many different situations for entity authentication, data integrity, and data authenticity purposes.
21.1.3 Cryptographic Hash Operation
Mathematically, the equation h= H(x) is used to explain how a hash algorithm operates. As shown in the figure, a hash function H takes an input x and returns a fixed-size string hash value h.
The example in the figure summarizes the mathematical process. A cryptographic hash function should have the following properties:
- The input can be any length.
- The output has a fixed length.
- H(x) is relatively easy to compute for any given x.
- H(x) is one way and not reversible.
- H(x) is collision free, meaning that two different input values will result in different hash values.
If a hash function is hard to invert, it is considered a one-way hash. Hard to invert means that given a hash value of h, it is computationally infeasible to find an input for x such that h=H(x).
21.1.4 MD5 and SHA
Hash functions are used to ensure the integrity of a message. They ensure data has not changed accidentally or intentionally. In the figure, the sender is sending a $100 money transfer to Alex. The sender wants to ensure that the message is not accidentally altered on its way to the receiver. Deliberate changes that are made by a threat actor are still possible.
The sender wants to ensure that the message is not altered on its way to the receiver.
- The sending device inputs the message into a hashing algorithm and computes its fixed-length hash of 4ehiDx67NMop9.
- This hash is then attached to the message and sent to the receiver. Both the message and the hash are in plaintext.
- The receiving device removes the hash from the message and inputs the message into the same hashing algorithm. If the computed hash is equal to the one that is attached to the message, the message has not been altered during transit. If the hashes are not equal, as shown in the figure, then the integrity of the message can no longer be trusted.
There are four well-known hash functions:
- MD5 with 128-bit digest – Developed by Ron Rivest and used in a variety of internet applications, MD5 is a one-way function that produces a 128-bit hashed message. MD5 is considered to be a legacy algorithm and should be avoided and used only when no better alternatives are available. It is recommended that SHA-2 or SHA-3 be used instead.
- SHA-1 – Developed by the U.S. National Security Agency (NSA) in 1995. It is very similar to the MD5 hash functions. Several versions exist. SHA-1 creates a 160-bit hashed message and is slightly slower than MD5. SHA-1 has known flaws and is a legacy algorithm.
- SHA-2 – Developed by the NSA. It includes SHA-224 (224 bit), SHA-256 (256 bit), SHA-384 (384 bit), and SHA-512 (512 bit). If you are using SHA-2, then the SHA-256, SHA-384, and SHA-512 algorithms should be used whenever possible.
- SHA-3 – SHA-3 is the newest hashing algorithm and was introduced by NIST as an alternative and eventual replacement for the SHA-2 family of hashing algorithms. SHA-3 includes SHA3-224 (224 bit), SHA3-256 (256 bit), SHA3-384 (384 bit), and SHA3-512 (512 bit). The SHA-3 family are next-generation algorithms and should be used whenever possible.
While hashing can be used to detect accidental changes, it cannot be used to guard against deliberate changes that are made by a threat actor. There is no unique identifying information from the sender in the hashing procedure. This means that anyone can compute a hash for any data, as long as they have the correct hash function.
For example, when the message traverses the network, a potential attacker could intercept the message, change it, recalculate the hash, and append it to the message. The receiving device will only validate against whatever hash is appended.
Therefore, hashing is vulnerable to man-in-the-middle attacks and does not provide security to transmitted data. To provide integrity and origin authentication, something more is required.
Note: Hashing algorithms only protect against accidental changes and does not protect the data from changes deliberately made by a threat actor.
21.1.5 Origin Authentication
To add origin authentication and integrity assurance, use a keyed-hash message authentication code (HMAC). HMAC uses an additional secret key as input to the hash function.
Note: Other Message Authentication Code (MAC) methods are also used. However, HMAC is used in many systems including SSL, IPsec, and SSH.
Click each button for an illustration and explanation about origin authentication using HMAC.
As shown in the figure, an HMAC is calculated using any cryptographic algorithm that combines a cryptographic hash function with a secret key. Hash functions are the basis of the protection mechanism of HMACs.
Only the sender and the receiver know the secret key, and the output of the hash function now depends on the input data and the secret key. Only parties who have access to that secret key can compute the digest of an HMAC function. This defeats man-in-the-middle attacks and provides authentication of the data origin.
If two parties share a secret key and use HMAC functions for authentication, a properly constructed HMAC digest of a message that a party has received indicates that the other party was the originator of the message. This is because the other party possesses the secret key.
As shown in the figure, the sending device inputs data (such as Terry Smith’s pay of $100 and the secret key) into the hashing algorithm and calculates the fixed-length HMAC digest. This authenticated digest is then attached to the message and sent to the receiver.
In the figure, the receiving device removes the digest from the message and uses the plaintext message with its secret key as input into the same hashing function. If the digest that is calculated by the receiving device is equal to the digest that was sent, the message has not been altered. Additionally, the origin of the message is authenticated because only the sender possesses a copy of the shared secret key. The HMAC function has ensured the authenticity of the message.
The figure shows how HMACs are used by Cisco routers that are configured to use Open Shortest Path First (OSPF) routing authentication.
- R1 is sending a link state update (LSU) regarding a route to network 10.2.0.0/16:
- R1 calculates the hash value using the LSU message and the secret key.
- The resulting hash value is sent with the LSU to R2.
- R2 calculates the hash value using the LSU and its secret key. R2 accepts the update if the hash values match. If they do not match, R2 discards the update.
21.1.6 Lab – Hashing Things Out
In this lab, you will complete the following objectives:
- Creating Hashes with OpenSSL
- Verifying Hashes
21.2.1 Data Confidentiality
There are two classes of encryption used to provide data confidentiality; asymmetric and symmetric. These two classes differ in how they use keys.
Symmetric encryption algorithms such as Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES) are based on the premise that each communicating party knows the pre-shared key. Data confidentiality can also be ensured using asymmetric algorithms, including Rivest, Shamir, and Adleman (RSA) and the public key infrastructure (PKI).
Note: DES is a legacy algorithm and should not be used. 3DES should be avoided if possible.
The figure highlights some differences between symmetric and asymmetric encryption.
21.2.2 Symmetric Encryption
Symmetric algorithms use the same pre-shared key to encrypt and decrypt data. A pre-shared key, also called a secret key, is known by the sender and receiver before any encrypted communications can take place.
To help illustrate how symmetric encryption works, consider an example where Alice and Bob live in different locations and want to exchange secret messages with one another through the mail system. In this example, Alice wants to send a secret message to Bob.
In the figure, Alice and Bob have identical keys to a single padlock. These keys were exchanged prior to sending any secret messages. Alice writes a secret message and puts it in a small box that she locks using the padlock with her key. She mails the box to Bob. The message is safely locked inside the box as the box makes its way through the post office system. When Bob receives the box, he uses his key to unlock the padlock and retrieve the message. Bob can use the same box and padlock to send a secret reply back to Alice.
Symmetric Encryption Example
Today, symmetric encryption algorithms are commonly used with VPN traffic. This is because symmetric algorithms use less CPU resources than asymmetric encryption algorithms. This allows the encryption and decryption of data to be fast when using a VPN. When using symmetric encryption algorithms, like any other type of encryption, the longer the key, the longer it will take for someone to discover the key. Most encryption keys are between 112 and 256 bits. To ensure that the encryption is safe, a minimum key length of 128 bits should be used. Use a longer key for more secure communications.
Symmetric encryption algorithms are sometimes classified as either a block cipher or a stream cipher. Click the buttons to learn about these two cipher modes.
Well-known symmetric encryption algorithms are described in the table.
|Symmetric Encryption Algorithms||Description|
|Data Encryption Standard (DES)||This is a legacy symmetric encryption algorithm. It uses a short key length that makes it insecure for most current uses.|
|3DES (Triple DES)||The is the replacement for DES and repeats the DES algorithm process three times. It should be avoided if possible as it is scheduled to be retired in 2023. If implemented, use very short key lifetimes.|
|Advanced Encryption Standard (AES)||AES is a popular and recommended symmetric encryption algorithm. It offers combinations of 128-, 192-, or 256-bit keys to encrypt 128, 192, or 256 bit-long data blocks.|
|Software-Optimized Encryption Algorithm (SEAL)||SEAL is a faster alternative symmetric encryption algorithm to AES. SEAL is a stream cypher that uses a 160-bit encryption key and has a lower impact on the CPU compared to other software-based algorithms.|
|Rivest ciphers (RC) series algorithms||This algorithm was developed by Ron Rivest. Several variations have been developed, but RC4 was the most prevalent in use. RC4 is a stream cipher that was used to secure web traffic. It has been found to have multiple vulnerabilities which have made it insecure. RC4 should not be used.|
21.2.3 Asymmetric Encryption
Asymmetric algorithms, also called public-key algorithms, are designed so that the key that is used for encryption is different from the key that is used for decryption, as shown in the figure. The decryption key cannot, in any reasonable amount of time, be calculated from the encryption key and vice versa.
Asymmetric Encryption Example
Asymmetric algorithms use a public key and a private key. Both keys are capable of the encryption process, but the complementary paired key is required for decryption. The process is also reversible. Data that is encrypted with the public key requires the private key to decrypt. Asymmetric algorithms achieve confidentiality and authenticity by using this process.
Because neither party has a shared secret, very long key lengths must be used. Asymmetric encryption can use key lengths between 512 to 4,096 bits. Key lengths greater than or equal to 2,048 bits can be trusted, while key lengths of 1,024 or shorter are considered insufficient.
Examples of protocols that use asymmetric key algorithms include:
- Internet Key Exchange (IKE) – This is a fundamental component of IPsec VPNs.
- Secure Socket Layer (SSL) – This is now implemented as IETF standard Transport Layer Security (TLS).
- Secure Shell (SSH) – This protocol provides a secure remote access connection to network devices.
- Pretty Good Privacy (PGP) – This computer program provides cryptographic privacy and authentication. It is often used to increase the security of email communications.
Asymmetric algorithms are substantially slower than symmetric algorithms. Their design is based on computational problems, such as factoring extremely large numbers or computing discrete logarithms of extremely large numbers.
Because they are slow, asymmetric algorithms are typically used in low-volume cryptographic mechanisms, such as digital signatures and key exchange. However, the key management of asymmetric algorithms tends to be simpler than symmetric algorithms, because usually one of the two encryption or decryption keys can be made public.
Common examples of asymmetric encryption algorithms are described in the table.
|Asymmetric Encryption Algorithm||Key Length||Description|
|Diffie-Hellman (DH)||512, 1024, 2048, 3072, 4096||The Diffie-Hellman algorithm allows two parties to agree on a key that they can use to encrypt messages they want to send to each other. The security of this algorithm depends on the assumption that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome.|
|Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)||512 – 1024||DSS specifies DSA as the algorithm for digital signatures. DSA is a public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar to RSA, but is 10 to 40 times slower for verification.|
|Rivest, Shamir, and Adleman encryption algorithms (RSA)||512 to 2048||RSA is for public-key cryptography that is based on the current difficulty of factoring very large numbers. It is the first algorithm known to be suitable for signing, as well as encryption. It is widely used in electronic commerce protocols and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.|
|EIGamal||512 – 1024||An asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie-Hellman key agreement. A disadvantage of the ElGamal system is that the encrypted message becomes very big, about twice the size of the original message and for this reason it is only used for small messages such as secret keys.|
|Elliptic curve techniques||224 or higher||Elliptic curve cryptography can be used to adapt many cryptographic algorithms, such as Diffie-Hellman or ElGamal. The main advantage of elliptic curve cryptography is that the keys can be much smaller.|
21.2.4 Asymmetric Encryption – Confidentiality
Asymmetric algorithms are used to provide confidentiality without pre-sharing a password. The confidentiality objective of asymmetric algorithms is initiated when the encryption process is started with the public key.
The process can be summarized using the formula:
Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality
When the public key is used to encrypt the data, the private key must be used to decrypt the data. Only one host has the private key; therefore, confidentiality is achieved.
If the private key is compromised, another key pair must be generated to replace the compromised key.
Click the buttons to view how the private and public keys can be used to provide confidentiality to the data exchange between Bob and Alice.
21.2.5 Asymmetric Encryption – Authentication
The authentication objective of asymmetric algorithms is initiated when the encryption process is started with the private key.
The process can be summarized using the formula:
Private Key (Encrypt) + Public Key (Decrypt) = Authentication
When the private key is used to encrypt the data, the corresponding public key must be used to decrypt the data. Because only one host has the private key, only that host could have encrypted the message, providing authentication of the sender. Typically, no attempt is made to preserve the secrecy of the public key, so any number of hosts can decrypt the message. When a host successfully decrypts a message using a public key, it is trusted that the private key encrypted the message, which verifies who the sender is. This is a form of authentication.
Click the buttons to view how the private and public keys can be used to provide authentication to the data exchange between Bob and Alice.
21.2.6 Asymmetric Encryption – Integrity
Combining the two asymmetric encryption processes provides message confidentiality, authentication, and integrity.
The following example will be used to illustrate this process. In this example, a message will be ciphered using Bob’s public key and a ciphered hash will be encrypted using Alice’s private key to provide confidentiality, authenticity, and integrity.
- Alice uses Bob’s public key
- Alice encrypts a hash using her private key
- Bob uses Alice’s public key to decrypt the hash
- Bob uses his private key to decrypt the message
Alice wants to send a message to Bob ensuring that only Bob can read the document. In other words, Alice wants to ensure message confidentiality. Alice uses the public key of Bob to cipher the message. Only Bob will be able to decipher it using his private key.
Alice also wants to ensure message authentication and integrity. Authentication ensures Bob that the document was sent by Alice, and integrity ensures that it was not modified Alice uses her private key to cipher a hash of the message. Alice sends the encrypted message with its encrypted hash to Bob.
Bob uses Alice’s public key to verify that the message was not modified. The received hash is equal to the locally determined hash based on Alice’s public key. Additionally, this verifies that Alice is definitely the sender of the message because nobody else has Alice’s private key.
Bob uses his private key to decipher the message.
Diffie-Hellman (DH) is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret without having communicated before. The new shared key is never actually exchanged between the sender and receiver. However, because both parties know it, the key can be used by an encryption algorithm to encrypt traffic between the two systems.
Here are two examples of instances when DH is commonly used:
- Data is exchanged using an IPsec VPN
- SSH data is exchanged
To help illustrate how DH operates, refer to the figure.
The colors in the figure will be used instead of complex long numbers to simplify the DH key agreement process. The DH key exchange begins with Alice and Bob agreeing on an arbitrary common color that does not need to be kept secret. The agreed-on color in our example is yellow.
Next, Alice and Bob will each select a secret color. Alice chose red while Bob chose blue. These secret colors will never be shared with anyone. The secret color represents the chosen secret private key of each party.
Alice and Bob now mix the shared common color (yellow) with their respective secret color to produce a public color. Therefore, Alice will mix the yellow with her red color to produce a public color of orange. Bob will mix the yellow and the blue to produce a public color of green.
Alice sends her public color (orange) to Bob and Bob sends his public color (green) to Alice.
Alice and Bob each mix the color they received with their own, original secret color (Red for Alice and blue for Bob.). The result is a final brown color mixture that is identical to the partner’s final color mixture. The brown color represents the resulting shared secret key between Bob and Alice.
The security of DH is based on the fact that it uses very large numbers in its calculations. For example, a DH 1024-bit number is roughly equal to a decimal number of 309 digits. Considering that a billion is 10 decimal digits (1,000,000,000), one can easily imagine the complexity of working with not one, but multiple 309-digit decimal numbers.
Diffie-Hellman uses different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure, but require additional time to compute the key. The following identifies the DH groups supported by Cisco IOS Software and their associated prime number value:
- DH Group 1: 768 bits
- DH Group 2: 1024 bits
- DH Group 5: 1536 bits
- DH Group 14: 2048 bits
- DH Group 15: 3072 bits
- DH Group 16: 4096 bits
Note: A DH key agreement can also be based on elliptic curve cryptography. DH groups 19, 20, and 24, which are based on elliptic curve cryptography, are also supported by Cisco IOS Software.
Unfortunately, asymmetric key systems are extremely slow for any sort of bulk encryption. This is why it is common to encrypt the bulk of the traffic using a symmetric algorithm, such as 3DES or AES and use the DH algorithm to create keys that will be used by the encryption algorithm.
21.2.8 Video – Cryptography
Watch the video to learn more about Cryptography.
21.2.10 Lab – Encrypting and Decrypting Data Using OpenSSL
In this lab, you will complete the following objectives:
- Encrypting Messages with OpenSSL
- Decrypting Messages with OpenSSL
21.2.11 Lab – Encrypting and Decrypting Data Using a Hacker Tool
In this lab, you will complete the following objectives:
- Setup Scenario
- Create and Encrypt Files
- Recover Encrypted Zip File Passwords
21.2.12 Lab – Examining Telnet and SSH in Wireshark
In this lab, you will complete the following objectives:
- Examine a Telnet Session with Wireshark
- Examine an SSH Session with Wireshark
21.3 Public Key Cryptography
21.3.1 Using Digital Signatures
Digital signatures are a mathematical technique used to provide authenticity, integrity, and nonrepudiation. Digital signatures have specific properties that enable entity authentication and data integrity. In addition, digital signatures provide nonrepudiation of the transaction. In other words, the digital signature serves as legal proof that the data exchange did take place. Digital signatures use asymmetric cryptography.
Click the buttons to explore properties of digital signatures.
Digital signatures are commonly used in the following two situations:
- Code signing – This is used for data integrity and authentication purposes. Code signing is used to verify the integrity of executable files downloaded from a vendor website. It also uses signed digital certificates to authenticate and verify the identity of the site that is the source of the files.
- Digital certificates – These are similar to a virtual ID card and used to authenticate the identity of system with a vendor website and establish an encrypted connection to exchange confidential data.
There are three Digital Signature Standard (DSS) algorithms that are used for generating and verifying digital signatures:
- Digital Signature Algorithm (DSA) – DSA is the original standard for generating public and private key pairs, and for generating and verifying digital signatures.
- Rivest-Shamir Adelman Algorithm (RSA) – RSA is an asymmetric algorithm that is commonly used for generating and verifying digital signatures.
- Elliptic Curve Digital Signature Algorithm (ECDSA) – ECDSA is a newer variant of DSA and provides digital signature authentication and non-repudiation with the added benefits of computational efficiency, small signature sizes, and minimal bandwidth.
In the 1990s, RSE Security Inc. started to publish public-key cryptography standards (PKCS). There were 15 PKCS, although 1 has been withdrawn as of the time of this writing. RSE published these standards because they had the patents to the standards and wished to promote them. PKCS are not industry standards, but are well recognized in the security industry and have recently begun to become relevant to standards organizations such as the IETF and PKIX working-group.
21.3.2 Digital Signatures for Code Signing
Digital signatures are commonly used to provide assurance of the authenticity and integrity of software code. Executable files are wrapped in a digitally signed envelope, which allows the end user to verify the signature before installing the software.
Digitally signing code provides several assurances about the code:
- The code is authentic and is actually sourced by the publisher.
- The code has not been modified since it left the software publisher.
- The publisher undeniably published the code. This provides nonrepudiation of the act of publishing.
The US Government Federal Information Processing Standard (FIPS) Publication 140-3, specifies that software available for download on the internet is to be digitally signed and verified. The purpose of digitally signed software is to ensure that the software has not been tampered with, and that it originated from the trusted source as claimed. Digital signatures serve as verification that the code has not been tampered with by threat actors and malicious code has not been inserted into the file by a third party.
Click the buttons to access the properties of a file that has a digitally signed certificate.
- File Properties
- Digital Signatures
- Digital Signatures Details
- Certificate Information
- Certification Path
21.3.3 Digital Signatures for Digital Certificates
A digital certificate is equivalent to an electronic passport. It enables users, hosts, and organizations to securely exchange information over the Internet. Specifically, a digital certificate is used to authenticate and verify that a user who is sending a message is who they claim to be. Digital certificates can also be used to provide confidentiality for the receiver with the means to encrypt a reply.
Digital certificates are similar to physical certificates. For example, the paper-based Cisco Certified Network Associate Security (CCNA-S) certificate in the figure identifies who the certificate is issued to, who authorized the certificate, and for how long the certificate is valid. Digital certificates also provide similar information.
The digital certificate independently verifies an identity. Digital signatures are used to verify that an artifact, such as a file or message, is sent from the verified individual. In other words, a certificate verifies identity, a signature verifies that something comes from that identity.
This scenario will help you understand how a digital signature is used. Bob is confirming an order with Alice. Alice is ordering from Bob’s website. Alice has connected with Bob’s website, and after the certificate has been verified, the Bob’s certificate is stored on Alice’s website. The certificate contains Bob’s public key. The public key is used to verify the Bob’s digital signature.
Refer to the figure to see how the digital signature is used.
Bob confirms the order and his computer creates a hash of the confirmation. The computer encrypts the hash with Bob’s private key. The encrypted hash, which is the digital signature, is appended to the document. The order confirmation is then sent to Alice over the internet.
When Alice receives the digital signature, the following process occurs.
- Alice’s receiving device accepts the order confirmation with the digital signature and obtains Bob’s public key.
- Alice’s computer then decrypts the signature using Bob’s public key. This step reveals the assumed hash value of the sending device.
- Alice’s computer creates a hash of the received document, without its signature, and compares this hash to the decrypted signature hash. If the hashes match, the document is authentic. This means the confirmation was sent by Bob and that it has not changed since it was signed.
21.4 Authorities and the PKI Trust System
21.4.1 Public Key Management
Internet traffic consists of traffic between two parties. When establishing an asymmetric connection between two hosts, the hosts will exchange their public key information.
An SSL certificate is a digital certificate that confirms the identity of a website domain. To implement SSL on your website, you purchase an SSL certificate for your domain from an SSL Certificate provider. The trusted third party does an in-depth investigation prior to the issuance of credentials. After this in-depth investigation, the third-party issues credentials (i.e. digital certificate) that are difficult to forge. From that point forward, all individuals who trust the third party simply accept the credentials that the third-party issues. When computers attempt to connect to a web site over HTTPS, the web browser checks the website’s security certificate and verifies that it is valid and originated with a reliable CA. This validates that the website identify is true. The certificate is saved locally by the web browser and is then used in subsequent transactions. The website’s public key is included in the certificate and is used to verify future communications between the website and the client.
These trusted third parties provide services similar to governmental licensing bureaus. The figure illustrates how a driver’s license is analogous to a digital certificate.
The Public Key Infrastructure (PKI) consists of specifications, systems, and tools that are used to create, manage, distribute, use, store, and revoke digital certificates. The certificate authority (CA) is an organization that creates digital certificates by tying a public key to a confirmed identify, such as a website or individual. The PKI is an intricate system that is designed to safeguard digital identities from hacking by even the most sophisticated threat actors or nation states.
Some examples of Certificate Authorities are IdenTrust, DigiCert, Sectigo, GlobalSign, and GoDaddy. These CAs charge for their services. Let’s Encrypt is a non-profit CA that offers certificates free of charge.
21.4.2 The Public Key Infrastructure
PKI is needed to support large-scale distribution and identification of public encryption keys. The PKI framework facilitates a highly scalable trust relationship.
It consists of the hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates.
The figure shows the main elements of the PKI.
- PKI certificates contain an entity’s or individual’s public key, its purpose, the certificate authority (CA) that validated and issued the certificate, the date range during which the certificate is valid, and the algorithm used to create the signature.
- The certificate store resides on a local computer and stores issued certificates and private keys.
- The PKI Certificate of Authority (CA) is a trusted third party that issues PKI certificates to entities and individuals after verifying their identity. It signs these certificates using its private key.
- The certificate database stores all certificates approved by the CA.
The next figure shows how the elements of the PKI interoperate:
- In this example, Bob has received his digital certificate from the CA. This certificate is used whenever Bob communicates with other parties.
- Bob communicates with Alice.
- When Alice receives Bob’s digital certificate, she communicates with the trusted CA to validate Bob’s identity.
- Issues PKI Certificate. Bob initially requests a certificate from the CA. The CA authenticates Bob and stores Bob’s PKI certificate in the certificate database.
- Exchanges PKI Certificate. Bob communicates with Alice using his PKI certificate.
- Verifies PKI Certificate. Alice communicates with the trusted CA using the CA’s public key. The CA refers to the certificate database to validate Bob’s PKI certificate.
Note: Not all PKI certificates are directly received from a CA. A registration authority (RA) is a subordinate CA and is certified by a root CA to issue certificates for specific uses.
21.4.3 The PKI Authorities System
Many vendors provide CA servers as a managed service or as an end-user product. Some of these vendors include Symantec Group (VeriSign), Comodo, Go Daddy Group, GlobalSign, and DigiCert among others.
Organizations may also implement private PKIs using Microsoft Server or Open SSL.
CAs, especially those that are outsourced, issue certificates based on classes which determine how trusted a certificate is.
The table provides a description of the classes. The class number is determined by how rigorous the procedure was that verified the identity of the holder when the certificate was issued. The higher the class number, the more trusted the certificate. Therefore, a class 5 certificate is trusted much more than a lower-class certificate.
|0||Used for testing in situations in which no checks have been performed.|
|1||Used by individuals who require verification of email.|
|2||Used by organizations for which proof of identity is required.|
|3||Used for servers and software signing. Independent verification and checking of identity and authority is done by the certificate authority.|
|4||Used for online business transactions between companies.|
|5||Used for private organizations or government security.|
For example, a class 1 certificate might require an email reply from the holder to confirm that they wish to enroll. This kind of confirmation is a weak authentication of the holder. For a class 3 or 4 certificate, the future holder must prove identity and authenticate the public key by showing up in person with at least two official ID documents.
Some CA public keys are preloaded, such as those listed in web browsers. The figure displays various VeriSign certificates contained in the certificate store on the host. Any certificates signed by any of the CAs in the list will be seen by the browser as legitimate and will be trusted automatically.
Note: An enterprise can also implement PKI for internal use. PKI can be used to authenticate employees who are accessing the network. In this case, the enterprise is its own CA.
21.4.4 The PKI Trust System
PKIs can form different topologies of trust. The simplest is the single-root PKI topology.
As shown in the figure below, a single CA, called the root CA, issues all the certificates to the end users, which are usually within the same organization. The benefit to this approach is its simplicity. However, it is difficult to scale to a large environment because it requires a strictly centralized administration, which creates a single point of failure.
Single-Root PKI Topology
On larger networks, PKI CAs may be linked using two basic architectures:
Cross-certified CA topologies – As shown in the figure below, this is a peer-to-peer model in which individual CAs establish trust relationships with other CAs by cross-certifying CA certificates. Users in either CA domain are also assured that they can trust each other. This provides redundancy and eliminates the single-point of failure.
Hierarchical CA topologies – As shown in the figure below, the highest-level CA is called the root CA. It can issue certificates to end users and to a subordinate CA. The sub-CAs could be created to support various business units, domains, or communities of trust. The root CA maintains the established “community of trust” by ensuring that each entity in the hierarchy conforms to a minimum set of practices. The benefits of this topology include increased scalability and manageability. This topology works well in most large organizations. However, it can be difficult to determine the chain of the signing process.
A hierarchical and cross-certification topology can be combined to create a hybrid infrastructure. An example would be when two hierarchical communities want to cross-certify each other in order for members of each community to trust each other.
21.4.5 Interoperability of Different PKI Vendors
Interoperability between a PKI and its supporting services, such as Lightweight Directory Access Protocol (LDAP) and X.500 directories, is a concern because many CA vendors have proposed and implemented proprietary solutions instead of waiting for standards to develop.
Note: LDAP and X.500 are protocols that are used to query a directory service, such as Microsoft Active Directory, to verify a username and password.
To address this interoperability concern, the IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). The X.509 version 3 (X.509 v3) standard defines the format of a digital certificate.
Refer to the figure for more information about X.509 v3 applications. As shown in the figure, the X.509 format is already extensively used in the infrastructure of the internet.
- SSL – Secure web servers user X.509.v3 for website authentication in the SSL and TLS protocols, while web browsers use X.509v3 to implement HTTPS client certificates. SSL is the most widely used certificate-based authentication.
- IPsec – IPsec VPNs use X.509 when certificates can be used as a public key distribution mechanism for internet key exchange (IKE) RSA-based authentication.
- S/MIME – User mail agents that support mail protection with the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol use X.509 certificates.
- EAP-TLS – Cisco switches can use certificates to authenticate end devices that connect to LAN ports using 802.1.x between the adjacent devices. The authentication can be proxied to a central ACS via the Extensible Authentication Protocol with TLS (EAP-TLS).
21.4.6 Certificate Enrollment, Authentication, and Revocation
The first step in the CA authentication procedure is to securely obtain a copy of the CA’s public key. All systems that leverage the PKI must have the CA’s public key, which is called the self-signed certificate. The CA public key verifies all the certificates issued by the CA and is vital for the proper operation of the PKI.
Note: Only a root CA can issue a self-signed certificate that is recognized or verified by other CAs within the PKI.
For many systems such as web browsers, the distribution of CA certificates is handled automatically. The web browser comes pre-installed with a set of public CA root certificates. Organizations and their website domains push their public certificates to website visitors. CAs and certificate domain registrars create and distribute private and public certificates to clients that purchase certificates.
The certificate enrollment process is used by a host system to enroll with a PKI. To do so, CA certificates are retrieved in-band over a network, and the authentication is done out-of-band (OOB) using the telephone. The system enrolling with the PKI contacts a CA to request and obtain a digital identity certificate for itself and to get the CA’s self-signed certificate. The final stage verifies that the CA certificate was authentic and is performed using an out-of-band method such as the Plain Old Telephone System (POTS) to obtain the fingerprint of the valid CA identity certificate.
Authentication no longer requires the presence of the CA server, and each user exchanges their certificates containing public keys.
Certificates must sometimes be revoked. For example, a digital certificate can be revoked if key is compromised or if it is no longer needed.
Here are two of the most common methods of revocation:
- Certificate Revocation List (CRL) – A list of revoked certificate serial numbers that have been invalidated because they expired. PKI entities regularly poll the CRL repository to receive the current CRL.
- Online Certificate Status Protocol (OCSP) – An internet protocol used to query an OCSP server for the revocation status of an X.509 digital certificate. Revocation information is immediately pushed to an online database.
21.4.7 Lab – Certificate Authority Stores
In this lab, you will complete the following objectives:
- Certificates Trusted by Your Browser
- Checking for Man-In-Middle
21.5 Applications and Impacts of Cryptography
21.5.1 PKI Applications
Where can PKI be used by an enterprise? The following provides a short list of common uses of PKIs:
- SSL/TLS certificate-based peer authentication
- Secure network traffic using IPsec VPNs
- HTTPS Web traffic
- Control access to the network using 802.1x authentication
- Secure email using the S/MIME protocol
- Secure instant messaging
- Approve and authorize applications with Code Signing
- Protect user data with the Encryption File System (EFS)
- Implement two-factor authentication with smart cards
- Securing USB storage devices
21.5.2 Encrypted Network Transactions
A security analyst must be able to recognize and solve potential problems related to permitting PKI-related solutions on the enterprise network.
Consider how the increase of SSL/TLS traffic poses a major security risk to enterprises because the traffic is encrypted and cannot be intercepted and monitored by normal means. Users can introduce malware or leak confidential information over an SSL/TLS connection.
Threat actors can use SSL/TLS to introduce regulatory compliance violations, viruses, malware, data loss, and intrusion attempts in a network.
Other SSL/TLS-related issues may be associated with validating the certificate of a web server. When this occurs, web browsers will display a security warning. PKI-related issues that are associated with security warnings include:
- Validity date range – The X.509v3 certificates specify “not before” and “not after” dates. If the current date is outside the range, the web browser displays a message. Expired certificates may simply be the result of administrator oversight, but they may also reflect more serious conditions.
- Signature validation error – If a browser cannot validate the signature on the certificate, there is no assurance that the public key in the certificate is authentic. Signature validation will fail if the root certificate of the CA hierarchy is not available in the browser’s certificate store.
The figure shows an example of a signature validation error with the Cisco AnyConnect Mobility VPN Client.
Signature Validation Error
Some of these issues can be avoided due to the fact that the SSL/TLS protocols are extensible and modular. This is known as a cipher suite. The key components of the cipher suite are the Message Authentication Code Algorithm (MAC), the encryption algorithm, the key exchange algorithm, and the authentication algorithm. These can be changed without replacing the entire protocol. This is very helpful because the different algorithms continue to evolve. As cryptanalysis continues to reveal flaws in these algorithms, the cipher suite can be updated to patch these flaws. When the protocol versions within the cipher suite change, the version number of SSL/TLS changes as well.
21.5.3 Encryption and Security Monitoring
Network monitoring becomes more challenging when packets are encrypted. However, security analysts must be aware of those challenges and address them as best as possible. For instance, when site-to-site VPNs are used, the IPS should be positioned so it can monitor unencrypted traffic.
However, the increased use of HTTPS in the enterprise network introduces new challenges. Since HTTPS introduces end-to-end encrypted HTTP traffic (via TLS/SSL), it is not as easy to peek into user traffic.
Security analysts must know how to circumvent and solve these issues. Here is a list of some of the things that a security analyst could do:
- Configure rules to distinguish between SSL and non-SSL traffic, HTTPS and non-HTTPS SSL traffic.
- Enhance security through server certificate validation using CRLs and OCSP.
- Implement antimalware protection and URL filtering of HTTPS content.
- Deploy a Cisco SSL Appliance to decrypt SSL traffic and send it to intrusion prevention system (IPS) appliances to identify risks normally hidden by SSL.
Cryptography is dynamic and always changing. A security analyst must maintain a good understanding of cryptographic algorithms and operations to be able to investigate cryptography-related security incidents.
There are two main ways in which cryptography impacts security investigations. First, attacks can be directed to specifically target the encryption algorithms themselves. After the algorithm has been cracked and the attacker has obtained the keys, any encrypted data that has been captured can be decrypted by the attacker and read, thus exposing private data. Secondly, the security investigation is also affected because data can be hidden in plain sight by encrypting it. For example, command and control traffic that is encrypted with TLS/SSL most likely cannot be seen by a firewall. The command and control traffic between a command and control server and an infected computer in a secure network cannot be stopped if it cannot be seen and understood. The attacker would be able to continue using encrypted commands to infect more computers and possibly create a botnet. This type of traffic can be detected by decrypting the traffic and comparing it with known attack signatures, or by detecting anomalous TLS/SSL traffic. This is either very difficult and time consuming, or a hit-or-miss process.
21.6 Cryptography Summary
21.6.1 What Did I Learn in this Module?
Organizations must provide support to secure data as it travels across links. There are four elements of secure communications: data integrity, origin authentication, data confidentiality, and data non-repudiation. Cryptography can be used almost anywhere that there is data communication. Hashes are used to verify and ensure data integrity. Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse. The cryptographic hashing function can also be used to verify integrity. A hash function takes a variable block of binary data, called the message, and produces a fixed-length, condensed representation, called the hash. There are four well-known hash functions: MD5 with 128-bit digest, SHA-1, SHA-2, and SHA-3. While hashing can be used to detect accidental changes, it cannot be used to guard against deliberate changes that are made by a threat actor. Hashing is vulnerable to man-in-the-middle attacks. To provide integrity and origin authentication, something more is required. To add authentication to integrity assurance, use a keyed-has message code (HMAC). HMAC uses an additional secret key as input to the hash function.
There are two classes of encryption that are used to provide data confidentiality: asymmetric and symmetric. These two classes differ in how they use keys. Symmetric encryption algorithms, such as DES, 3 DES, and AES are based on the premise that each communicating party knows the pre-shared key. Data confidentiality can also be ensured using asymmetric algorithms, including Rivest, Shamir, and Aldeman (RSA) and PKI. Symmetric algorithms are commonly used with VPN traffic because they use less CPU resources than asymmetric encryption algorithms. Symmetric encryption algorithms are sometimes classified as either block cipher or stream ciphers. Asymmetric algorithms (public key algorithms) are designed so that the key that is used for encryption is different from the key used for encryption. Asymmetric algorithms use a public and private key. Examples of protocols that use asymmetric key algorithms included IKE, SSL, SSH, and PGP. Common examples of asymmetric encryption algorithms include DSS, DSA, RSA, EIGamal, and elliptic curve techniques. Asymmetric algorithms are used to provide confidentiality without pre-sharing a password. The process is summarized using this formula: Public key (Encrypt) + Private Key (Decrypt) = Confidentiality. The authentication objective of an asymmetric algorithm is initiated when the encryption process is started with the private key. The process can be summarized with this formula: Private Key (Encrypt) + Public Key (Decrypt) = Authentication. Combining the two asymmetric encryption processes provides message confidentiality, authentication, and integrity. Diffie-Helllman (DH) is an asymmetric mathematical equation algorithm that allows two computers to generate an identical shared secret key without having communicate before. Two examples of instances when DH is used are when data is exchanges using an IPsec VPN, and when SSH data is exchanged.
Public Key Cryptography
Digital signatures are a mathematical technique used to provide three basic security services: authenticity, integrity, and nonrepudiation. Properties of digital signature are that they are authentic, unalterable, not reusable, and non-repudiated. Digital signatures are commonly used in the following two situations: code signing and digital certificates. There are three Digital Signature Standard (DSS) algorithms that are used for generating and verifying digital signatures: Digital Signature Algorithm (DSA), Rivet-Shamir Adelman Algorithm (RSA) and Elliptical Curve Digital Signature Algorithm (ECDSA). Digitally signing code provides assurances about the software code: the code is authentic and is actually sourced by the publisher, the code has not been modified since it left the software publisher, and the publisher undeniably published the code. A digital certificate is equivalent to an electronic passport. It enables users, hosts, and organizations to securely exchanges information over the internet. Specifically, a digital certificate is used to authenticate and verify that a user who is sending a message is who they claim to be.
Authorities and the PKI Trust System
When establishing secure connection between two hosts, the hosts will exchange their public key information. There are trusted third parties on the internet that validate the authenticity of these public keys using digital certificates. The Public Key Infrastructure (PKI) consists of specifications, systems, and tools that are used to create, manage, distribute, use, store, and revoke digital certificates. PKI is needed to support large-scale distribution of public encryption keys. The PKI framework facilitates a highly scalable trust relationship. Many vendors provide CA servers as a managed service or as an end-user product. Some of these vendors include Symantec Group (VeriSign), Comodo, Go Daddy Group, GlobalSign, and DigiCert among others. The class number (0 thorough 5) is determined by how rigorous the procedure was that verified the identity of the holder when the certificate was issued, with five being the highest. PKIs can form different topologies of trust. The simplest is the single-root PKI topology. Interoperability between PKI and its supporting services is a concern because many CA vendors have proposed and implemented proprietary solution instead of waiting for standards to develop. To address the interoperability concern, the IETF published the Internet X>509 Public Key Infrastructure Certificate Policy and Certification Framework (RFC 2527).
Applications and Impacts of Cryptography
There are many common uses of PKIs including a few listed here: SSL/TLS certificate-based peer authentication, HTTPS Web traffic, secure instant message, and securing USB storage devices. A security analyst must be able to recognize and solve potential problems related to permitting PHI-related solutions on the enterprise network. For example, threat actors can use SSL/TSL to introduce regulatory compliance violations, viruses, malware, data loss, and intrusion attempts in the network. Other SSL/TSL related issues may be associated with validating the certificate of the web server. PKI-related issues that are associated with security warnings include validity date range and signature validation. Some of these issues can be avoided due to the fact that the SSL/TSL protocols are extensible and modular. This is known as the cipher suite. The key components of the cipher suite are the Message Authentication Code Algorithm (MAC), the encryption algorithm, the key exchange algorithm, and the authentication algorithm. Cryptography is dynamic and always changing. You must maintain a good understanding of algorithms and operations to be able to investigate cryptography-related security incidents. Encrypted communications can make network security data payloads unreadable by cybersecurity analysts. Encryption can be used to hide malware command and control traffic between infected hosts and the command and control servers. In addition, malware can be hidden by encryption and data can be encrypted during exfiltration, making it hard to detect.