DOC PREVIEW
MASON ECE 646 - Lecture 12 Security Protocols

This preview shows page 1-2-3 out of 9 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 9 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 9 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 9 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 9 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1Security ProtocolsLecture 12Cryptographic StandardsCompanies DevelopingCryptographic HardwareAlgorithms(e.g., DES, AES, RSA)Security mechanisms(e.g., digital signatures)Security protocols(e.g., S-MIME, SSL, IPSec)Secure Communication Systems(e.g., DMS)CryptographiccomponentNon-cryptographiccomponent(communications,administration,OS security,database security,etc.)100%Cost of cryptographyin the layer model of the InternetApplication layerhttp, ftp, e-mailTransport layertcp, udpInternet protocol layeripNetwork access layerethernet, atmPhysical layerS/MIME, SETSSLIPsecCost of addingcryptographyS/MIME: Secure Electronic E-mail• work on the corresponding Internet standard started by IETF, 1997• multiple products using S/MIME(e.g., Netscape Communicator, Microsoft Outlook, Entrust,and many others)• enables secure communication between e-mail programsfrom various companiesCompetition: PGPCryptographic algorithms:Triple DES, RC2-40, AES / D-H, RSA / DSS / SHA-1, MD5• protocol developed by RSAData Security, Inc. in cooperationwith consortium of several big companies in 1995SSL: Secure WWW• protocol developed by Netscape in 1994• the most widely deployed security protocolSecure browsers, e.g., MS Explorer, Mozilla FirefoxSecure servers, e.g., Microsoft Server, Apache HTTP ServerCompetition: almost none, in the past S-HTTP, PCT• SSL v. 3.0 in use since 1996, SSL v.2.0 withdrawnSecure Sockets Layer• since 1996 work on the equivalent Internet standard IETFTLS - Transport Layer Security, TLS 1.0 = SSL3.1Multiple libraries: e.g., OpenSSL (open source)SSL: Secure WWWCryptographic algorithms:Confidentiality: none, RC4-40, RC2-40, DES-40RC4-128, RC2-128, DES, IDEA, Triple DES,AESDigital signatures: RSA, DSSHash functions: SHA-1, MD5Key agreement: RSA, D-H, Fortezzaclientbrowserserver WWW1. Parameter negotiation2. Server authentication3. Client authentication (only on request)4. Key Exchange5. Confidential and authenticated message exchangeserver2SSL: Encryption AlgorithmsBlock cipher Stream cipherAlgorithm Key sizeAlgorithm Key sizeIDEARC2-40DES-40DES3DESFortezzaAES12840405616880128, 192, 356RC4-40RC4-12840128IPsec: Virtual Private Networks (VPN)LocalnetworkSecuritygatewayInternet• local networks may belong to the same or different organizations• security gateways may come from different vendorsRemote userLocalnetworkLocalnetworkSecuritygatewaySecuritygatewayVPN = Economic alternative to networks based on leased linesCost reductiun up to 70% !IPsec: Virtual Private Networks (VPN)• S/WAN (Secure Wide Area Network) interoperability test for productsdeveloped by various vendors, 1995• development by IETF (Internet Engineering Task Force) startedin 1994, first IPSec version, RFC 1825-29, published in 1995• IPsec required in IPv6, optional w IPv4Algorithms:confidentiality: DES, Triple DES,AES, RC5, IDEA, CAST,Blowfish, Triple IDEAauthentication: HMAC-MD5-96, HMAC-SHA-1-96key agreement: IKECompetition: SSL, PPTP (Microsoft)Follow-up Course:ISA656 Network SecurityCryptographic standardsSecret-key cryptography standardsNISTANSIX3.92 DESX3.106 DES modesof operationX9.52 Modes of operationof Triple DESFederalstandardsBankingstandardsInternationalstandardsISOISO 10116 Modes ofoperationof an n-bitcipherFIPS 46-1 DESFIPS 46-2 DESFIPS 81 Modes ofoperationFIPS 46-3 TripleDESFIPS 197AESISO/IEC 18033-3 –AES, Camellia, SEED,TDEA, MISTY1,CAST-128, MUGI,SNOW3NIST FIPSNational Institute of Standards and TechnologyFederal Information Processing StandardsAmerican Federal StandardsRequired in the government institutionsOriginal algorithms developed in cooperationwith the National SecurityAgency (NSA),and algorithms developed in the open researchadapted and approved by NIST.Public-Key Cryptography StandardsIEEEANSINISTISORSALabsPKCSindustrystandardsbankstandardsfederal standardsinternationalstandardsunofficialindustrystandardsP1363ANSI X9FIPSPKCSISOPKCSPublic-Key Cryptography StandardsInformal Industry Standardsdeveloped by RSA Laboratoriesin cooperation withApple, Digital, Lotus, Microsoft, MIT, NorthernTelecom, Novell, SunFirst, except PGP, formal specification of RSAand formats of messages.IEEE P1363Working group of IEEE including representativesof major cryptographic companiesand university centers from USA, Canadaand other countriesPart of the Microprocessors Standards CommitteeQuarterly meetings + multiple teleconferences ++ discussion list + very informative web pagewith the draft versions of standardsModern, open styleCombined standard including the majority ofmodern public key cryptographySeveral algorithms for implementationof the same functionTool for constructing other, more specific standardsSpecific applications or implementations maydetermine a profile (subset) of the standardIEEE P1363 ANSI X9American National Standards InstituteWork in the subcommittee X9Fdeveloping standards for financial institutionsANSI represents U.S.A. in ISOStandards for the wholesale(e.g., interbank)and retail transactions(np. bank machines, smart card readers)4ISOInternational Organization for StandardizationInternational standardsCommon standards with IEC -International Electrotechnical CommissionISO/IEC JTC1 SC 27Joint Technical Committee 1, Subcommitte 27Australia, Belgium, Brazil, Canada, China, Denmark, Finland,France, Germany, Italy, Japan , Korea, Holland , Norway ,Poland, Russia , Spain, Sweden, Switzerland , UK,USAFull members ( 21):ISO: International Organization for StandardizationLong and laborious process ofthe standard developmentStudy periodNP - New ProposalWD - Working DraftCD - Committee DraftDIS - Draft International StandardIS - International StandardMinimum3 yearsReview of the standard after 5 years= ratification, corrections orrevocationPublic-key Cryptography StandardsIEEEANSINISTISORSALabsPKCSindustrystandardsbankstandardsfederal standardsinternationalstandardsunofficialindustrystandardsP1363ANSI X9FIPSPKCSISOPKCSIEEEISOANSINISTFIPS 186(DSS)FIPS 180(SHA-0)FIPS 180-1(SHA-1)1991 1992 1993FIPS-186-1(DSA&RSA)1994 1995 1996 1997 1998 1999P1363P1363aPKCS #1-10PKCS #13,15PKCS #7,11PKCS #1 v2.0X9.30 (DSA)X9.31 (RSA, R-W)X9.62(EC-DSA)14888(DSA)9796-4(NR)979610118-1,210118-3,411770-3(DH)IEEE P1363factorizationdiscretelogarithmencryptionsignaturekeyagreementRSA with OAEPRSA & R-Wwith ISO-14888or ISO 9796DSA,NR with ISO 9796EC-DSA,EC-NRwith ISO 9796DH1DH2 and MQVEC-DH1,EC-DH2and EC-MQVellipticcurve discretelogarithmEC-DSA,EC-NRwith ISO 9796IEEE


View Full Document

MASON ECE 646 - Lecture 12 Security Protocols

Documents in this Course
Load more
Download Lecture 12 Security Protocols
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 12 Security Protocols and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 12 Security Protocols 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?