DOC PREVIEW
MASON ECE 646 - Lecture 12 Security Protocols

This preview shows page 1-2-3-4-5-6 out of 18 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1Security ProtocolsLecture 12 Cryptographic Standards 2Algorithms(e.g., DES, AES, RSA)Security mechanisms(e.g., digital signatures)Security protocols(e.g., S-MIME, SSL, IPSec)Secure Communication Systems(e.g., DMS)CryptographiccomponentNon-cryptographiccomponent(communications,administration,OS security,database security,etc.)100%3Cost of cryptography in the layer model of the Internet Application layer http, ftp, e-mailTransport layertcp, udpInternet protocol layer ipNetwork access layer ethernet, atmPhysical layerS/MIME, SETSSLIPsecCost of adding cryptography 4S/MIME: Secure Electronic E-mail• work on the corresponding Internet standard started by IETF, 1997• multiple products using S/MIME (e.g., Netscape Communicator, Microsoft Outlook, Entrust, and many others)• enables secure communication between e-mail programs from various companiesCompetition: PGPCryptographic algorithms: Triple DES, RC2-40, AES / D-H, RSA / DSS / SHA-1, MD5• protocol developed by RSA Data Security, Inc. in cooperation with consortium of several big companies in 19955SSL: Secure WWW• protocol developed by Netscape in 1994• the most widely deployed security protocolSecure browsers, e.g., Netscape, MS ExplorerSecure servers, e.g., Netscape, MicrosoftCompetition: almost none, in the past S-HTTP, PCT• SSL v. 3.0 in use since 1996, SSL v.2.0 withdrawnSecure Sockets Layer• since 1996 work on the equivalent Internet standard IETF TLS - Transport Layer Security, TLS 1.0 = SSL 3.1Multiple libraries: SSL Ref (Netscape), OpenSSL (open source), SSL Plus (Consensus Development), SSLeay, SSLJava, etc. 6SSL: Secure WWWCryptographic algorithms:Confidentiality: none, RC4-40, RC2-40, DES-40RC4-128, RC2-128, DES, IDEA, Triple DES, AESDigital signatures: RSA, DSSHash functions: SHA-1, MD5Key agreement: RSA, D-H, Fortezzaclientbrowserserver WWW1. Parameter negotiation2. Server authentication3. Client authentication (only on request)4. Key Exchange5. Confidential and authenticated message exchangeserver7SSL: Encryption AlgorithmsBlock cipher Stream cipherAlgorithm Key sizeAlgorithm Key sizeIDEARC2-40DES-40DES3DESFortezzaAES128 40 40 56168 80128, 192, 356RC4-40RC4-128 40128 8IPsec: Virtual Private Networks (VPN)Local networkSecuritygatewayInternet• local networks may belong to the same or different organizations• security gateways may come from different vendorsRemote userLocal networkLocal networkSecuritygatewaySecuritygateway9VPN = Economic alternative to networks based on leased lines Cost reductiun up to 70% !IPsec: Virtual Private Networks (VPN)• S/WAN (Secure Wide Area Network) interoperability test for products developed by various vendors, 1995• development by IETF (Internet Engineering Task Force) started in 1994, first IPSec version, RFC 1825-29, published in 1995• IPsec required in IPv6, optional w IPv4Algorithms:confidentiality: DES, Triple DESauthentication: HMAC-MD5, HMAC-SHA-1key agreement: IKECompetition: SSL, PPTP (Microsoft) 10Follow-up Course:ISA 666 Internet Security Protocols11Cryptographic standards 12Secret-key cryptography standardsNISTANSIX3.92 DESX3.106 DES modes of operationX9.52 Modes of operation of Triple DESFederalstandardsBankingstandardsInternationalstandardsISOISO 8732 Modes of operation of a 64-bit cipherISO 10116 Modes of operation of an n-bit cipherFIPS 46-1 DESFIPS 46-2 DESFIPS 81 Modes of operationFIPS 46-3 Triple DESFIPS 197 AES13NIST FIPSNational Institute of Standards and TechnologyFederal Information Processing StandardsAmerican Federal StandardsRequired in the government institutionsOriginal algorithms developed in cooperation with the National Security Agency (NSA),and algorithms developed in the open researchadapted and approved by NIST. 14Public-Key Cryptography StandardsIEEEANSINISTISORSA Labs PKCSindustrystandardsbankstandards federal standardsinternationalstandardsunofficialindustrystandardsP1363ANSI X9FIPSPKCSISO15PKCSPublic-Key Cryptography StandardsInformal Industry Standardsdeveloped by RSA Laboratoriesin cooperation withApple, Digital, Lotus, Microsoft, MIT, NorthernTelecom, Novell, SunFirst, except PGP, formal specification of RSA and formats of messages. 16IEEE P1363Working group of IEEE including representativesof major cryptographic companiesand university centers from USA, Canadaand other countriesPart of the Microprocessors Standards CommitteeQuarterly meetings + multiple teleconferences ++ discussion list + very informative web page with the draft versions of standardsModern, open style17Combined standard including the majority ofmodern public key cryptographySeveral algorithms for implementationof the same functionTool for constructing other, more specific standardsSpecific applications or implementations may determine a profile (subset) of the standardIEEE P1363 18ANSI X9American National Standards InstituteWork in the subcommittee X9Fdeveloping standards for financial institutionsANSI represents U.S.A. in ISOStandards for the wholesale (e.g., interbank) and retail transactions(np. bank machines, smart card readers)19ISO International Organization for StandardizationInternational standardsCommon standards with IEC - International Electrotechnical CommissionISO/IEC JTC1 SC 27Joint Technical Committee 1, Subcommitte 27Australia, Belgium, Brazil, Canada, China, Denmark, Finland,France, Germany, Italy, Japan , Korea, Holland , Norway ,Poland, Russia , Spain, Sweden, Switzerland , UK,USAFull members ( 21): 20ISO: International Organization for StandardizationLong and laborious process of the standard development Study periodNP - New ProposalWD - Working DraftCD - Committee DraftDIS - Draft International StandardIS - International StandardMinimum3 yearsReview of the standard after 5 years = ratification, corrections or revocation21Public-key Cryptography StandardsIEEEANSINISTISORSA Labs PKCSindustrystandardsbankstandards federal standardsinternationalstandardsunofficialindustrystandardsP1363ANSI X9FIPSPKCSISO 22PKCSIEEEISOANSINISTFIPS 186(DSS)FIPS 180(SHA-0)FIPS 180-1(SHA-1)1991 1992 1993FIPS-186-1(DSA&RSA)1994 1995 1996 1997 1998 1999P1363P1363aPKCS #1-10PKCS #13,15PKCS #7,11PKCS #1 v2.0X9.30 (DSA)X9.31 (RSA, R-W)X9.62(EC-DSA)14888(DSA) 9796-4(NR)979610118-1,210118-3,411770-3(DH)23IEEE


View Full Document

MASON ECE 646 - Lecture 12 Security Protocols

Documents in this Course
Load more
Download Lecture 12 Security Protocols
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 12 Security Protocols and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 12 Security Protocols 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?