c u s t o m c r y p t o p o l i c i e s b y e x a m p l e
play

C u s t o m c r y p t o p o l i c i e s b y e - PowerPoint PPT Presentation

Feb 07, 2023 •548 likes •963 views

C u s t o m c r y p t o p o l i c i e s b y e x a m p l e s T o m M r z P r i n c i p a l S W E n g i n e e r , R e d H a t 1 A G E N D A W h a t w e l l b

  1. C u s t o m c r y p t o p o l i c i e s b y e x a m p l e s T o m á š M r á z P r i n c i p a l S W E n g i n e e r , R e d H a t 1

  2. A G E N D A W h a t w e ’ l l b e d i s c u s s i n g t o d a y M o t i v a t i o n C r y p t o p o l i c i e s C u s t o m c r y p t o p o l i c i e s E x a m p l e s F u t u r e S u m m a r y 2

  3. M o t i v a t i o n 3

  4. M o t i v a t i o n C r y p t o g r a p h y a n d c r y p t a n a l y s i s g o h a n d i n h a n d a n d t h e e v o l u t i o n o f a l g o r i t h m s a n d p r o t o c o l s i s f a s t e r a n d f a s t e r . Y o u c a n n e v e r t h i n k t h a t a c r y p t o s y s t e m d e p l o y e d i n y e a r X w i l l b e s t i l l g o o d e n o u g h i n y e a r X + 1 . W e n e e d t o g e t u s e d t o c h a n g e s . 4

  5. M o t i v a t i o n 5

  6. M o t i v a t i o n bettercrypto.org 6

  7. M o t i v a t i o n W h a t i f y o u n e e d t o a p p l y t h e c r y p t o - r e l a t e d c o n fi g u r a t i o n c h a n g e s r e g u l a r l y t o h u n d r e d s o f m a c h i n e s p h y s i c a l a n d v i r t u a l i n h e t e r o g e n o u s e n v i r o n m e n t ? 7

  8. M o t i v a t i o n T o c o m p l i c a t e t h i n g s e v e n m o r e – v a r i o u s m a c h i n e s h a v e v a r i o u s l e v e l s o f n e e d t o c o m m u n i c a t e w i t h l e g a c y s y s t e m s a n d d e v i c e s . E v e r y o n e c a n n o t a c c o m o d a t e e v e r y c h a n g e . 8

  9. C r y p t o p o l i c i e s c o m e t o r e s c u e 9

  10. C r y p t o p o l i c i e s S y s t e m - w i d e c r y p t o p o l i c i e s c o m e t o r e s c u e C e n t r a l l y m a n a g e d o n t h e s y s t e m M u l t i p l e p r e - d e s i g n e d p o l i c y l e v e l s F I P S s u p p o r t s i m p l i fi c a t i o n 1 0

  11. C r y p t o p o l i c i e s C e n t r a l l y m a n a g e d o n t h e s y s t e m S i n g l e c o m m a n d : update-crypto-policies --set <LEVEL> 1 1

  12. C r y p t o p o l i c i e s C e n t r a l l y m a n a g e d o n t h e s y s t e m O p e n S S L G n u T L S C o n t r o l s : N S S J a v a K e r b e r o s 5 B i n d O p e n S S H c l i e n t O p e n S S H s e r v e r l i b s s h l i b r e s w a n 1 2

  13. C r y p t o p o l i c i e s W h e n t h e u p d a t e - c r y p t o - p o l i c i e s c o m m a n d i s r u n i t t r a n s f o r m s a s i m p l e p o l i c y d e fi n i t i o n i n t o s e p a r a t e c o n fi g u r a t i o n fi l e s n i p p e t s t h a t a r e l o a d e d o r i n c l u d e d i n t o d e f a u l t c o n fi g u r a t i o n s o f t h e s u p p o r t e d b a c k e n d s . 1 3

  14. C r y p t o p o l i c i e s M u l t i p l e p r e - d e s i g n e d p o l i c y l e v e l s L e g a c y d e v i c e s i n t e r o p e r a b i l i t y , R C 4 , 3 D E S L E G A C Y > = 6 4 b i t s e c u r i t y R e a s o n a b l e b u t i n t e r o p e r a b l e d e f a u l t D E F A U L T > = 8 0 b i t s e c u r i t y F e d o r a o n l y e q u i v a l e n t o f R H E L - 8 D E F A U L T N E X T R e mo v e s T L S - 1 . 0 , 1 . 1 , r e q u i r e s D H > = 2 0 4 8 b i t s C o n s e r v a t i v e l e v e l , n o S H A 1 , 2 5 6 b i t c i p h e r s o n l y F U T U R E > = 1 2 8 b i t s e c u r i t y F I P S a p p r o v e d / a l l o w e d a l g o r i t h ms o n l y F I P S > = 1 1 2 b i t s e c u r i t y 1 4

  15. C r y p t o p o l i c i e s S i m p l e c o m m a n d t o e n a b l e F I P S m o d e J u s t r u n : fips-mode-set --enable reboot 1 5

  16. C r y p t o p o l i c i e s S i m p l e c o m m a n d t o e n a b l e F I P S m o d e R H E L 7 f o r c o m p a r i s o n : yum install dracut-fips dracut -f <your-favourite-command-to-edit-boot-cfg> reboot 1 6

  17. C r y p t o p o l i c i e s S y s t e m - w i d e c r y p t o p o l i c i e s c o m e t o r e s c u e C e n t r a l l y m a n a g e d o n t h e s y s t e m S i n g l e c o m m a n d c o n t r o l s a l l t h e c o r e c r y p t o l i b r a r i e s a n d a p p l i c a t i o n s u s i n g c r y p t o . M u l t i p l e p r e - d e s i g n e d p o l i c y l e v e l s U p - t o - d a t e s e c u r i t y , c o m m u n i c a t i o n w i t h l e g a c y s y s t e m s , p r e p a r a t i o n f o r f u t u r e F I P S s u p p o r t S i m p l i f y F I P S e n a b l e m e n t W h e r e ? C u r r e n t F e d o r a a n d R e d H a t E n t e r p r i s e L i n u x 8 1 7

  18. C r y p t o p o l i c i e s B u t w h a t t o d o i f t h e p r e - d e fi n e d p o l i c y l e v e l s d o n o t m a t c h y o u r r e q u i r e m e n t s ? 1 8

  19. C u s t o m c r y p t o p o l i c i e s c o m e t o r e s c u e 1 9

  20. C u s t o m c r y p t o p o l i c i e s C u s t o m c r y p t o p o l i c i e s D e fi n e y o u r o w n c r y p t o p o l i c y f r o m s c r a t c h O r m o d i f y t h e e x i s t i n g p r e - d e fi n e d p o l i c y l e v e l s 2 0

  21. C u s t o m c r y p t o p o l i c i e s D e fi n i n g f u l l p o l i c y f r o m s c r a t c h P l a c e m e n t o f t h e f u l l p o l i c y d e fi n i t i o n fi l e s : /etc/crypto-policies/policies /usr/share/crypto-policies/policies T h e fi l e n e e d s t o b e n a m e d < P O L I C Y > . p o l ( t h e u p p e r c a s e i n t h e fi l e n a m e i s i m p o r t a n t ) . 2 1

  22. C u s t o m c r y p t o p o l i c i e s S i m p l e p o l i c y d e fi n i t i o n f o r m a t S e e c r y p t o - p o l i c i e s ( 7 ) hash = SHA2-256 SHA2-384 SHA2-512 \ SHA3-256 SHA3-384 SHA3-512 SHA2-224 m a n u a l p a g e f o r a l l t h e group = X25519 X448 SECP256R1 SECP384R1 \ k e y a n d a l g o r i t h m n a m e s : SECP521R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 \ FFDHE-8192 min_tls_version = TLS1.2 min_rsa_size = 3072 e x c e r p t f r o m / u s r / s h a r e / c r y p t o - p o l i c i e s / p o l i c i e s / F U T U R E . p o l 2 2

  23. C u s t o m c r y p t o p o l i c i e s M o d i fi c a t i o n o f e x i s t i n g p o l i c i e s b y p o l i c y m o d i fi e r m o d u l e s P l a c e m e n t o f t h e p o l i c y m o d i fi e r fi l e s : /etc/crypto-policies/policies/modules /usr/share/crypto-policies/policies/modules T h e m o d u l e fi l e n e e d s t o b e n a m e d < M O D U L E > . p m o d ( t h e u p p e r c a s e i n t h e fi l e n a m e i s a g a i n i m p o r t a n t ) . 2 3

  24. C u s t o m c r y p t o p o l i c i e s P o l i c y m o d i fi e r s D i s a b l e S H A 1 h a s h : hash = -SHA1 sign = -RSA-PSS-SHA1 -RSA-SHA1 -ECDSA-SHA1 / u s r / s h a r e / c r y p t o - p o l i c i e s / p o l i c i e s / m o d u l e s / N O - S H A 1 . p m o d T h e h a s h v a l u e a f f e c t s o t h e r u s e t h a n s i g n a t u r e s . 2 4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lattice Cryptography Lecture 24 Lattices Lattices A infinite set of points in R n obtained by

Lattice Cryptography Lecture 24 Lattices Lattices A infinite set of points in R n obtained by

Lattice Cryptography Lecture 24 Lattices Lattices A infinite set of points in R n obtained by tiling with a basis Lattices A infinite set of points in R n obtained by tiling with a basis Lattices A infinite set of points in R n

1.48k views • 118 slides
BoAT: Future Entry of AIoT Leo Lin PlatON Chief Innovation Officer BoAT-Blockchain of AI Things

BoAT: Future Entry of AIoT Leo Lin PlatON Chief Innovation Officer BoAT-Blockchain of AI Things

BoAT: Future Entry of AIoT Leo Lin PlatON Chief Innovation Officer BoAT-Blockchain of AI Things IoT Device Wallet Protect valuable data from the source Blockchain By 2025, thea global data volume will reach 175ZB , among which IoT device data

102 views • 7 slides
White-box Cryptomania Pascal Paillier CryptoExperts ECRYPT NET Workshop on Crypto for the Cloud

White-box Cryptomania Pascal Paillier CryptoExperts ECRYPT NET Workshop on Crypto for the Cloud

White-box Cryptomania Pascal Paillier CryptoExperts ECRYPT NET Workshop on Crypto for the Cloud &amp; Implementation Paris, June 27-28 2017 Overview 1 What is white-box crypto? 2 White-box compilers for signatures 3 White-box

543 views • 29 slides
Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm, Fri 11am and one exercise

239 views • 12 slides
Midterm Recap Misuse of Crypto and Future Work Clipper chip A lesson in poorly

Midterm Recap Misuse of Crypto and Future Work Clipper chip A lesson in poorly

Midterm Recap Misuse of Crypto and Future Work Clipper chip A lesson in poorly designed protocols Clipper Clipper Goal: Support encrypted communication Confidentiality between devices Goal: Permit law enforcement

639 views • 59 slides
PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 27 December 2015 D-Wave quantum computer isnt universal . . .

789 views • 65 slides
Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock

Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock

Cryptography : how to talk in a secret language in public You broke ! my heart Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock box Only Alice Bob slams knows the the door combination

81 views • 7 slides
Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 15 2018 Outline Symmetric lightweight primitives Most used cryptanalysis Impossible

1.31k views • 76 slides
Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c

Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c

Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c o w m o p r u l t d e r WEB3 Not a silver bullet Vitalik Buterin: Cryptoeconomic Protocols In the Context of Wider

1.01k views • 83 slides
HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems Pieter.willems@silexinsight.com December 2019 This is Silex Insight What we do: IP provider for security and video in embedded systems Headquarters in

408 views • 22 slides
From theoretical crypto to practice: gloups an abominable gap Cryptie, Oblazy Cryptie, O. Blazy

From theoretical crypto to practice: gloups an abominable gap Cryptie, Oblazy Cryptie, O. Blazy

From theoretical crypto to practice: gloups an abominable gap Cryptie, Oblazy Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 1 / 35 Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim)

919 views • 52 slides
Security of Bitcoin light wallets (aka SPV) Renaud Lifchitz September 9th, 2017 Speakers bio

Security of Bitcoin light wallets (aka SPV) Renaud Lifchitz September 9th, 2017 Speakers bio

Security of Bitcoin light wallets (aka SPV) Renaud Lifchitz September 9th, 2017 Speakers bio Senior security expert working @ Econocom Digital Security (https://www.digitalsecurity.fr/en/) Main interests: Security of protocols

375 views • 15 slides
Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A

Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A

Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto (pseudo), Oct. 31, 2008 (Halloween) Cryptocurrency and payment system Blockchain is the

551 views • 44 slides
Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending secret messages to Basic Tools and Protocols each other. Eve Frank Beatrous Eve is always listening in (Eavesdropping) on Alices and Bobs

245 views • 7 slides
Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of one character in the plaintext results in several characters changed in the ciphertext Confusion: the key does not relate in a simple way to the

512 views • 6 slides
Tutorial on Public Key Cryptography RSA Eli Biham - May 3, 2005 c 386 Tutorial on Public

Tutorial on Public Key Cryptography RSA Eli Biham - May 3, 2005 c 386 Tutorial on Public

Tutorial on Public Key Cryptography RSA Eli Biham - May 3, 2005 c 386 Tutorial on Public Key Cryptography RSA (14) RSA the Key Generation Example 1. Randomly choose two prime numbers p and q . We choose p = 11 and q = 13. 2.

259 views • 22 slides
Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption principles Encryption quality Cryptography Public key cryptography The art of making Next week: Example algorithms DES, AES, AES

893 views • 78 slides
A First Look at the Crypto-Mining Malware Ecosystem A Decade of Unrestricted Wealth and Profit

A First Look at the Crypto-Mining Malware Ecosystem A Decade of Unrestricted Wealth and Profit

A First Look at the Crypto-Mining Malware Ecosystem A Decade of Unrestricted Wealth and Profit Sergio Pastrana @THANKS: Slides design by Guillermo Suarez-Tangil Universidad Carlos III de Madrid https://arxiv.org/pdf/1901.00846.pdf 2

550 views • 24 slides
Cryptographic Tools for Privacy, Compliance &amp; Efficiency in Blockchain Applications Fernando

Cryptographic Tools for Privacy, Compliance &amp; Efficiency in Blockchain Applications Fernando

Cryptographic Tools for Privacy, Compliance &amp; Efficiency in Blockchain Applications Fernando Krell, PhD Columbia U. Lead Cryptography Engineer, Findora Public-Ledgers/Blockchains R 1:... R 2:... R 3:... R 4:... ... Append only Database

359 views • 34 slides
Quantum Cryptography Mris Ozols University of Cambridge Overview What are quantum

Quantum Cryptography Mris Ozols University of Cambridge Overview What are quantum

Quantum Cryptography Mris Ozols University of Cambridge Overview What are quantum computers? What is quantum cryptography? - Shor's algorithm for factoring - Quantum key distribution - Device-independent quantum cryptography What

630 views • 34 slides
ANTIFUNGAL A GENTS . Presented By Presented By Nikalje 1 * , Dr. Anna Dr. Anna Pratima

ANTIFUNGAL A GENTS . Presented By Presented By Nikalje 1 * , Dr. Anna Dr. Anna Pratima

M OLECULAR SIEVES AND ULTRASOUND ASSISTED SYNTHESIS OF N OVEL 1,3,4- OXADIAZOLE -2- THIONE DERIVATIVES AS POTENTIAL ANTIFUNGAL A GENTS . Presented By Presented By Nikalje 1 * , Dr. Anna Dr. Anna Pratima Pratima G. G. Nikalje Nimbalkar 2

619 views • 28 slides
Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger A

220 views • 20 slides
Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and

Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and

Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and Pr Preliminaries 1 Cryp Cr yptography The word cryptography comes from the Greek words (hidden or secret) and

670 views • 37 slides
Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh,

Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh,

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner,

445 views • 25 slides

More recommend