cryptographic keys cs 136 computer security peter reiher
play

Cryptographic Keys CS 136 Computer Security Peter Reiher October - PowerPoint PPT Presentation

Jan 20, 2024 •332 likes •1.02k views

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1 CS 136, Fall 2014 Outline Properties of keys Key management Key servers Certificates Lecture 5 Page 2 CS 136, Fall 2014

  1. Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1 CS 136, Fall 2014

  2. Outline • Properties of keys • Key management • Key servers • Certificates Lecture 5 Page 2 CS 136, Fall 2014

  3. Introduction • It doesn’t matter how strong your encryption algorithm is • Or how secure your protocol is • If the opponents can get hold of your keys, your security is gone • Proper use of keys is crucial to security in computing systems Lecture 5 Page 3 CS 136, Fall 2014

  4. Properties of Keys • Length • Randomness • Lifetime • Secrecy Lecture 5 Page 4 CS 136, Fall 2014

  5. Key Length • If your cryptographic algorithm is otherwise perfect, its strength depends on key length • Since the only attack is a brute force attempt to discover the key • The longer the key, the more brute force required Lecture 5 Page 5 CS 136, Fall 2014

  6. Are There Real Costs for Key Length? • Generally, more bits is more secure • Why not a whole lot of key bits, then? • Some encryption done in hardware – More bits in hardware costs more • Some software encryption slows down as you add more bits, too – Public key cryptography especially • Some algorithms have defined key lengths only • If the attack isn’t brute force, key length might not help Lecture 5 Page 6 CS 136, Fall 2014

  7. Key Randomness • Brute force attacks assume you chose your key at random • If attacker learns how you chose your key – He can reduce brute force costs • How good is your random number generator? Lecture 5 Page 7 CS 136, Fall 2014

  8. Generating Random Keys • Well, don’t use rand() 1 • The closer the method chosen approaches true randomness, the better • But, generally, don’t want to rely on exotic hardware • True randomness is not essential – Need same statistical properties – And non-reproducibility 1 See http://eprint.iacr.org/2013/338.pdf for details Lecture 5 Page 8 CS 136, Fall 2014

  9. Cryptographic Methods • Start with a random number • Use a cryptographic hash on it • If the cryptographic hash is a good one, the new number looks pretty random • Produce new keys by hashing old ones • Depends on strength of hash algorithm • Falls apart if any key is ever broken – Doesn’t have perfect forward secrecy Lecture 5 Page 9 CS 136, Fall 2014

  10. Perfect Forward Secrecy • A highly desirable property in a cryptosystem • It means that the compromise of any one session key will not compromise any other – E.g., don’t derive one key from another using a repeatable algorithm • Keys do get divulged, so minimize the resulting damage Lecture 5 Page 10 CS 136, Fall 2014

  11. Random Noise • Observe an event that is likely to be random – Physical processes (cosmic rays, etc.) – Real world processes (variations in disk drive delay, keystroke delays, etc.) • Assign bit values to possible outcomes • Record or generate them as needed • More formally described as gathering entropy • Keys derived with proper use of randomness have good perfect forward secrecy Lecture 5 Page 11 CS 136, Fall 2014

  12. On Users and Randomness • Some crypto packages require users to provide entropy – To bootstrap key generation or other uses of randomness • Users do this badly (often very badly) • They usually try to do something simple – And not really random • Better to have crypto package get its own entropy Lecture 5 Page 12 CS 136, Fall 2014

  13. Don’t Go Crazy on Randomness • Make sure it’s non-reproducible – So attackers can’t play it back • Make sure there aren’t obvious patterns • Attacking truly unknown patterns in fairly random numbers is extremely challenging – They’ll probably mug you, instead Lecture 5 Page 13 CS 136, Fall 2014

  14. Key Lifetime • If a good key’s so hard to find, – Why every change it? • How long should one keep using a given key? Lecture 5 Page 14 CS 136, Fall 2014

  15. Why Change Keys? • Long-lived keys more likely to be compromised • The longer a key lives, the more data is exposed if it’s compromised • The longer a key lives, the more resources opponents can (and will) devote to breaking it • The more a key is used, the easier the cryptanalysis on it • A secret that cannot be readily changed should be regarded as a vulnerability Lecture 5 Page 15 CS 136, Fall 2014

  16. Practicalities of Key Lifetimes • In some cases, changing keys is inconvenient – E.g., encryption of data files • Keys used for specific communications sessions should be changed often – E.g., new key for each phone call • Keys used for key distribution can’t be changed too often Lecture 5 Page 16 CS 136, Fall 2014

  17. Destroying Old Keys • Never keep a key around longer than necessary – Gives opponents more opportunities • Destroy keys securely – For computers, remember that information may be in multiple places • Caches, virtual memory pages, freed file blocks, stack frames, etc. – Real modern attacks based on finding old keys in unlikely places Lecture 5 Page 17 CS 136, Fall 2014

  18. Key Storage • The flip side of destroying keys – – You’d better be sure you don’t lose a key while you still need it • Without the key, you can’t read the encrypted data – Kind of a bummer, if you wanted to • Key storage is one approach Lecture 5 Page 18 CS 136, Fall 2014

  19. What Is Key Storage? • Saving a copy of a cryptographic key “somewhere else” • Securely store a key in some safe place • If you lose it accidentally, get it back from storage location • Prevents encrypted data from becoming unreadable Lecture 5 Page 19 CS 136, Fall 2014

  20. Where Should You Store Keys? • Must not be accessible to an attacker – Don’t want him to get hold of all your keys – Don’t want them readily available if your machine is hacked • But relatively accessible when needed • Usually on a separate machine Lecture 5 Page 20 CS 136, Fall 2014

  21. How Do You Get Keys There? • And back • Each new key must be transported to the key server • Not much saved if transport mechanism is compromised • Need carefully designed/implemented mechanism for moving keys Lecture 5 Page 21 CS 136, Fall 2014

  22. Key Secrecy • Seems obvious • Of course you keep your keys secret • However, not always handled well in the real world • Particularly with public key cryptography Lecture 5 Page 22 CS 136, Fall 2014

  23. Some Problems With Key Sharing • Private keys are often shared – Same private key used on multiple machines – For multiple users – Stored in “convenient” places – Perhaps backed up on tapes in plaintext form Lecture 5 Page 23 CS 136, Fall 2014

  24. Why Do People Do This? • For convenience • To share expensive certificates • Because they aren’t thinking clearly • Because they don’t know any better • A recent example: – RuggedCom’s Rugged Operating System for power plant control systems – Private key embedded in executable Lecture 5 Page 24 CS 136, Fall 2014

  25. To Make It Clear, • PRIVATE KEYS ARE PRIVATE! • They are for use by a single user • They should never be shared or given away • They must never be left lying around in insecure places – Widely distributed executables are insecure – Just because it’s tedious to decipher executables doesn’t mean can’t be done • The entire security of PK systems depends on the secrecy of the private key! Lecture 5 Page 25 CS 136, Fall 2014

  26. Key Management • Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back door • Or if you keep a plaintext list of them on a computer on the net whose root password is “root” • Proper key management is crucial Lecture 5 Page 26 CS 136, Fall 2014

  27. Desirable Properties in a Key Management System • Secure • Fast • Low overhead for users • Scaleable • Adaptable – Encryption algorithms – Applications – Key lengths Lecture 5 Page 27 CS 136, Fall 2014

  28. Users and Keys • Where are a user’s keys kept? • Permanently on the user’s machine? – What happens if the machine is cracked? • But people can’t remember random(ish) keys – Hash keys from passwords/passphrases? • Keep keys on smart cards? • Get them from key servers? Lecture 5 Page 28 CS 136, Fall 2014

  29. Key Servers • Special machines whose task is to generate, store and manage keys • Generally for many parties • Possibly Internet-wide • Obviously, key servers are highly trusted Lecture 5 Page 29 CS 136, Fall 2014

  30. Security of Key Servers • The key server is the cracker’s holy grail – If they break the key server, everything else goes with it • What can you do to protect it? Lecture 5 Page 30 CS 136, Fall 2014

  31. Security for Key Servers • Don’t run anything else on the machine • Use extraordinary care in setting it up and administering it • Watch it carefully • Use a key server that stores as few keys permanently as possible – At odds with need for key storage • Use a key server that handles revocation and security problems well Lecture 5 Page 31 CS 136, Fall 2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

797 views • 67 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

599 views • 57 slides
Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.18k views • 72 slides
Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.19k views • 72 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3 Page 1 CS 136, Winter 2017 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

1.16k views • 66 slides
Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

314 views • 28 slides
Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1 CS 236, Spring 2008 Outline Subject of class Class topics and organization Reading material Class web page Grading Projects

838 views • 50 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Security infrastructure, certificates and responsibilities Anand Padmanabhan for the OSG

Security infrastructure, certificates and responsibilities Anand Padmanabhan for the OSG

OSG Summer Workshop Lubbock, 2011 Security infrastructure, certificates and responsibilities Anand Padmanabhan for the OSG Security team Aug 10th, 2011 OSG Security 1 OSG Security OSG Security model A high level overview Aug 10th, 2011

714 views • 37 slides
WHY RECALIBRATE? To ensure you are getting the most accurate and reliable results for your

WHY RECALIBRATE? To ensure you are getting the most accurate and reliable results for your

WHY RECALIBRATE? To ensure you are getting the most accurate and reliable results for your testing/application Quality system compliance Regular check on the health of your load cell WHY DO LOAD CELL OUTPUTS CHANGE?

268 views • 15 slides
Decision Making Beyond Interval . . . Multi-Agent . . . under Beyond Optimization Even Further

Decision Making Beyond Interval . . . Multi-Agent . . . under Beyond Optimization Even Further

Decision Making: . . . The Notion of Utility From Utility to . . . Decision Making Beyond Interval . . . Multi-Agent . . . under Beyond Optimization Even Further Beyond . . . Interval Uncertainty Acknowledgments Home Page Vladik

769 views • 55 slides
Tax Cuts and Growth: Israel in the 2000s Zvi Hercowitz and Avihai Lifschitz Presentation at the

Tax Cuts and Growth: Israel in the 2000s Zvi Hercowitz and Avihai Lifschitz Presentation at the

Tax Cuts and Growth: Israel in the 2000s Zvi Hercowitz and Avihai Lifschitz Presentation at the Forum Sapir Conference December 2013 Zvi Hercowitz and Avihai Lifschitz () Tax Cuts and Growth: Israel in the 2000s December 2013 1 / 23

1.03k views • 67 slides
Payment D39PZ: Procurement and Contracts 2 Lecture Plan 1. Payment principles 2. Payment under

Payment D39PZ: Procurement and Contracts 2 Lecture Plan 1. Payment principles 2. Payment under

...last week (or things you should now understand) the difference between a certificate and an instruction the difference between an instruction and a Variation the role of certificates in controlling money and time the

874 views • 59 slides
Using Hierarchical Change Mining to Manage Network Security Policy Evolution Gabriel A. Weaver,

Using Hierarchical Change Mining to Manage Network Security Policy Evolution Gabriel A. Weaver,

Using Hierarchical Change Mining to Manage Network Security Policy Evolution Gabriel A. Weaver, Nick Foti, Sergey Bratus, Dan Rockmore, and Sean W. Smith Presented by Gabriel A. Weaver Dartmouth College Network services change and evolve.

463 views • 43 slides
EVERY C L O UD HA S A SIL VER L INING A PRIM ER O N S U RPLU S PRO C EED IN G S FO R FO

EVERY C L O UD HA S A SIL VER L INING A PRIM ER O N S U RPLU S PRO C EED IN G S FO R FO

11/7/2018 EVERY C L O UD HA S A SIL VER L INING A PRIM ER O N S U RPLU S PRO C EED IN G S FO R FO REC LO S U RE PREV EN TIO N A D V O C A TES Aya na Robe rtson Me lissa Ysa g uirre Asso c ia te Dire c to r Se nio r Sta ff Atto rne

294 views • 15 slides
First Quarter 2020 Results May 5, 2020 Disclaimer Some of the statements above, including

First Quarter 2020 Results May 5, 2020 Disclaimer Some of the statements above, including

First Quarter 2020 Results May 5, 2020 Disclaimer Some of the statements above, including statements regarding cost savings and other financial or other benefits of the acquisition of Radius, the ability and timing to satisfy the closing

470 views • 30 slides

More recommend