close

Вход

Забыли?

вход по аккаунту

код для вставкиСкачать
Where has all the Crypto Gone?
Long Time Coming.
(With apologies to Pete Seeger)
Greg Rose
[email protected]
16-Mar-15
Copyright Greg Rose, 2001
slide 1
Overview
• Five years ago…
• Key management problems
• Public Key Infrastructures
• What crypto is used
• IPsec
• End-to-end
• Conclusions
16-Mar-15
Copyright Greg Rose, 2001
slide 2
5 years ago…
• Opening of the USENIX Security Symposium
focusing on Applications of Cryptography,
San Jose, 1996
• Football teams using encrypted radio
• Airline news had item on IPSec
• “It seems that for every problem, crypto is
part of the solution”
• “Clearly we are entering a new era of
deployment of Cryptography”
16-Mar-15
Copyright Greg Rose, 2001
slide 3
… we were using…
• PGP 2.6
• SSH
• SSL
• VPNs
• SWIPE (prototype IPsec)
• SecurID style tokens, S/Key
16-Mar-15
Copyright Greg Rose, 2001
slide 4
… but now we use …
• PGP (multiple versions with interop problems)
• SSH v2
• SSL v3, TLS
• VPNs (but more mobile)
• IPsec (still not by any means ubiquitous)
• SecurID style tokens
• In other words, basically the same stuff, but
upgraded a bit.
16-Mar-15
Copyright Greg Rose, 2001
slide 5
Also during that period
• EFF’s Deep Crack, DES effectively useless
• MD5 suspect
• RC4 showing its age, broken when used
wrong
• Most deployed mobile phone algorithms
broken
• SET came and went again
16-Mar-15
Copyright Greg Rose, 2001
slide 6
But on the positive side
• AES process completes
• (I can say that today…)
• More open deliberations in previously closed
standards (eg. telephony, 802.11)
• More open source versions of existing stuff
•
•
•
•
OpenSSL
OpenPGP, GPG
Crypto file systems
Good random number generation
16-Mar-15
Copyright Greg Rose, 2001
slide 7
Cryptosystems, Key
Management, and Hard Stuff
• What is a cryptosystem?
• What are keys?
• Why do we have to manage them?
• Why is managing them hard?
• What is a Public Key Infrastructure?
• Why don’t they work?
16-Mar-15
Copyright Greg Rose, 2001
slide 8
Cryptosystems
• Nothing to do with SEX!
• Everything to do with security.
• A cryptosystem is a cryptographic algorithm,
+ the key or password management
+ the environment
+ the network
+ the protocol
+ the people
+ everything else
16-Mar-15
Copyright Greg Rose, 2001
slide 9
Key (Cryptovariable)
Management
• All secrecy should reside in the keys
• (Kerckhoff’s Maxim, over 100 years old).
• Many tradeoffs:
•
•
•
•
long term
vs. short term
communications vs. storage
secure
vs. easy to remember
personal
vs. corporate
vs. recoverable
• Keep them secret!
• Remember them!
16-Mar-15
Copyright Greg Rose, 2001
slide 10
Entropy
• A mathematical term
• Measures “the actual amount of information”
• English sentences have about 1.5 bits per
character
• therefore, a passphrase for a 128 bit key would be
about 80 characters long!
• Relates to “predictability” and so is relevant
to security
• you have no security if your secret can be guessed
16-Mar-15
Copyright Greg Rose, 2001
slide 11
Public keys
• Also called “asymmetric”
• Keys come in pairs; keep one half secret
• can’t derive the secret one from the public one
• Can do digital signatures
• Algorithms slow, keys large
16-Mar-15
Copyright Greg Rose, 2001
slide 12
Strength of Public Keys
• Two classes…
• Elliptic curve / Lucas functions / some others
• Best (known) attacks O(sqrt(N))
• so need 256 bit keys to match 128 bit symmetric
• Factoring/Discrete Log
• RSA, El Gamal, Diffie-Hellman, DSA
• Best (known): O(exp(log(N)**1/3 * log(log(N))**2/3))
• for 128 bit symmetric equivalent, need maybe 2048
bit keys or longer
16-Mar-15
Copyright Greg Rose, 2001
slide 13
Public Key Infrastructures
• Solves the key distribution problem… just
publish the public keys
• Replaces it with the authentication problem
• How do you know that the key belongs to who you
think it does? Still a research problem.
• Someone checks your identity and issues a
“certificate”
• X.509v3 is the most common cert format
16-Mar-15
Copyright Greg Rose, 2001
slide 14
Problems with PKI
• Trust the Certificate Authority?
• Banks have a problem with this
• $25 in the mail to Verisign
• Revocation is still, truly, unsolved
• X.509 is “people centric”
• Authenticates identity, but not authority to perform
action
• X.509 isn’t flexible enough
• (look at SDSI, SPKI)
16-Mar-15
Copyright Greg Rose, 2001
slide 15
So, what is used?
• Some quotes from: “Changes in Deployment
of Cryptography”, Eric Murray, USENIX 2001
Security Symposium IT
• Eric found secure (https) URLs through
search engines, then connected to them
• Categorised them as strong/medium/weak
• 2001 survey:
• 71% strong
• 5% medium
• 23% weak
16-Mar-15
Copyright Greg Rose, 2001
slide 16
Results: Weak Server
Details
Percent of weak servers surveyed:
2000: 2001:
Server key <= 512 bits:
81%
weak v3/TLS ciphersuites: 28%
expired cert:
10%
self-signed cert:
3%
only does SSLv2:
1%
72%
26%
16%
8%
6%
But note that your browser might ask it to do
SSLv2.
16-Mar-15
Copyright Greg Rose, 2001
slide 17
SSLv3 Export Ciphersuites
• Export controls changed two years ago, but
still have an effect:
Ciphersuite:
RSA RC4 40 MD5
RSA RC2 40 MD5
RSA DES 40 SHA
DHE RSA DES 40 SHA
16-Mar-15
2000
99%
73%
56%
24%
Copyright Greg Rose, 2001
2001
79%
87%
44%
30%
slide 18
IPsec
• Really should be common practice by now
• Standards process has been political and
slow
• Doesn’t play well with NAT, so might have to
wait for IPv6
• Key setup is the overriding performance
factor
• Good: can add security to just about anything
• Bad: proper security should probably be
application-specific
16-Mar-15
Copyright Greg Rose, 2001
slide 19
SSL / TLS
• Designed to be added to all sorts of things
• For example, “STARTTLS” in SMTP, IMAP
• Still takes a performance hit for initial setup,
because of Public-key operations
• User certificates are rarely used -- failure of
PKI
• But this is the right model: add the security
straight into the application
16-Mar-15
Copyright Greg Rose, 2001
slide 20
Other possibilities
• Why shouldn’t the library routine for opening
a temporary file automatically encrypt it?
• Why doesn’t every operating system supply
high-quality random numbers?
• Why haven’t encrypting file systems become
more commonly used? (Note: they exist…)
• Anecdote: stolen backup tape: “Crypto
wouldn’t help.” (WSJ a couple of days ago.)
• Why wasn’t the backup tape encrypted?
16-Mar-15
Copyright Greg Rose, 2001
slide 21
Book plug
• Not my book…
• “Security Engineering”, by Ross Anderson
16-Mar-15
Copyright Greg Rose, 2001
slide 22
Conclusion
• Crypto is part of just about every solution
• … but it isn’t the hard part
• tools exist for all the basic operations
• cryptographers keep extending the tool kit
• Key management, in whatever form, is one of
the hard parts
• Designing the security into the application in
the first place is another hard part
• Retaining ease of use is probably the hardest
part
16-Mar-15
Copyright Greg Rose, 2001
slide 23
1/--страниц
Пожаловаться на содержимое документа