1 / 27

Cryptography and its Assurance

Cryptography and its Assurance. Steve Hallett CFS IA November 2010. Agenda. Cryptography 101, not Why the need for Assurance? Why is Assurance Problematic for Cryptography? Types of Assurance Cryptanalysis and Peer Review Governance Framework Architecture, Design and Implementation

kamal
Download Presentation

Cryptography and its Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography and its Assurance Steve Hallett CFS IA November 2010

  2. Agenda • Cryptography 101, not • Why the need for Assurance? • Why is Assurance Problematic for Cryptography? • Types of Assurance • Cryptanalysis and Peer Review • Governance Framework • Architecture, Design and Implementation • Physical Security • Protocols and Procedures • 3rd Parties • Miscellaneous • Questions

  3. Cryptography 101, not Three may keep a Secret, if two of them are dead. Benjamin Franklin, Poor Richard's Almanack, 1735

  4. Cryptography 101, not - 1 Cryptography (from Greek κρυπτός, kryptos, "hidden, secret"; and γράφ, gráph, "writing”) is the practice and study of hiding information.Source Wikipedia • Historically, emphasis was on encryption, the conversion of information from a readable state to a nonsensical one (and back again via decryption); • Latterly, techniques have been developed and extended to include authentication, integrity checking and non-repudiation; • Keys are critical - ciphers without variable keys can be trivially broken with only the knowledge of the cipher used;

  5. Cryptography 101, not - 2 substitution and transposition; algorithms; cryptographic primitives;plaintext; symmetric and asymmetric; different but mathematically related keys; public key; private key;block ciphers and stream ciphers . . . . modes of operation; The Data Encryption Standard (DES); Advanced Encryption Standard (AES); implement in software; RC4;hardware implementations; hash functions;short, fixed length hash (or digest); collision: one way function (unlike compression); message authentication code (MAC); computationally infeasible,necessarily related . . . . freely distributed, must remain secret; bound to the issuer via digital certificates; trust relationships; digital signatureschemes; signing; verification;RSA and DSA . . . . .

  6. Cryptography 101, not - 3 • Cryptology is a branch of applied mathematics, involving often esoteric concepts; • It can appear monolithic, but there are many choices to be made for a given implementation – • Symmetric v Asymmetric; • Block v Stream; • Algorithm, key length; • Application v network; • Software v hardware; • In practice most cryptosystems are hybrid and utilise more than one method;

  7. Cryptography 101, not – Conclusion • A helpful way to grasp the concept of cryptography is that it consists of tasks that are relatively trivial to complete one way (typically when in possession of the relevant algorithm and, more importantly, the correct key), but decidedly non-trivial to complete in any other way; • This section has covered a lot of ground, in a superficial way; the thing to take away is that there are various flavours of cryptography, each with their own pros and cons under different scenarios; • The first degree of assurance is to have an appreciation of cryptography (or employ someone you trust who has)

  8. Why the Needfor Assurance? Assurance is a jewel worth waiting for Thomas Brooks, Puritan; 1608 - 1680

  9. Why the Need for Assurance? - 1 • Difficult to mange risk in the absence of some degree of assurance; • Payment Industry schemes (BACS, CHAPS, LINK) seek assurance from their members, and expect management to understand the controls they have; • Regulators are more oblique in their expectations, but – “If you think safety is expensive, try having an accident” Stelios Haji-Ioanna (hasn’t set up Easy Crypto yet); (substitute “cryptography” for “safety” and “data loss incident” for “accident”)

  10. Why is Assurance Problematic for Cryptography? The problem of distinguishing prime numbersfrom composite numbers and of resolving thelatter into their prime factors is known to be one of the most important anduseful in arithmetic. Carl Fredrich Gauss, Mathematician; 1777 - 1855

  11. Why is Assurance Problematic for Cryptography? • Cryptography is predicated upon obfuscation and *******; • In theory, one could examine an encrypted file or data stream and confirm that it was, indeed, unintelligible; • In practice, this is likely to be impracticable and/or undesirable; • More to the point, it doesn’t actually prove much; how difficult would it be for an attacker to render it intelligible? Does it meet the formal requirements of any external or internal standards that have to be complied with? • Finally – “In the world of cryptography, we assume something is broken until we have evidence to the contrary." Bruce Schneier, February 2003

  12. Cryptanalysis and Peer review Beware of snake oil Phil Zimmermann, the creator of PGP

  13. Cryptanalysis and Peer review - 1 • Kerckhoffs’ Principle– • It (cipher) must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience; since restated as “The enemy knows the system”; • The practical point arising from the principle is that the algorithm that drives any cryptographic method must be publicly available for (rigorous) peer review, up to and including attempts to break it; • Examples of algorithms found wanting in this way include FEAL-4 (once mooted as a DES replacement), MD4 and SHA-0 • A cipher is considered strong if, after analysis by cryptographers, there is no published, effective cryptanalytic attack against it; i.e., the only feasible attack is a brute force attack on key; • A 128 bit key has 2128 discrete key values, but impact of super computers and Quantum Computing?

  14. Cryptanalysis and Peer review - Conclusion • The next degree of assurance is ensuring that algorithms, key lengths and the software and hardware that implement them have been subject to rigorous objective, assessment; • This doesn’t have to be reading academic papers; commercial laboratories, standards bodies, industry schemes and government agencies test and/or certify cryptographic software and hardware; • Suppliers often have links from their product pages to relevant approved lists or certifications; http://www.itl.nist.gov/fipspubs/ http://csrc.nist.gov/publications/PubsFIPS.html http://www.nist.gov/conformance-testing_pp.cfm http://usa.visa.com/merchants/risk_management/cisp_pin_security.html

  15. Governance Framework Like all fads, corporate governance has its zealots Conrad Black

  16. Governance Framework • Self-explanatory? • In practical terms there should be a cryptographic policy and standards framework covering, inter alia, such topics as – • Approved algorithms and key lengths; • Approved uses for specific algorithms; • The expected lifetime of algorithms and key lengths (map period of data confidentiality onto this, and be prepared to re-encrypt); • Individual key life times; • Standards for key generation and management; • Key escrow, archive and destruction; • The next degree of assurance is a robust governance framework.

  17. Architecture, Design and Implementation . . . the architect raises his structure in imagination before he erects it in reality Karl Marx, Das Kapital (1867)

  18. Architecture, Design and Implementation • Any cryptographic method, no matter how secure and robust conceptually, may be undone by a poor or badly thought through implementation; • This ought to be readily reviewable (if it isn’t, positive assurance in this area may prove illusive) via documents and interviews with SMEs; • Questions to consider include – • Is the design risk-based (e.g. encryption of sensitive data in transit across hostile or untrusted zones or when hosted on mobile devices)? • Are the zones (trusted/untrusted, host/scheme/supplier) clearly defined and understood; are there any gaps in encryption at the interface of zones? Are working/sessionkeys protected in transit and in situ? • Is there demonstrably sufficient capacity/bandwidth? • Is there sufficient resilience and, ultimately, contingency? • The next degree of assurance is a fit for purpose, suitably documented design and implementation.

  19. Physical Security Were beauty under twenty locks kept fast Shakespeare, Venus and Adonis

  20. Physical Security • To date we have been mainly talking about logical security, but physical security is a baseline for cryptography, and ought to be readily available for inspection; • Private and shared (symmetric) keys have to be kept secret and access to production cryptographic components should be strictly controlled, hence – • Are materials associated with key generation (smart cards and their PINs, forms, envelopes) secured under segregated control? • Are HSMs hosted in secure machine rooms, in dedicated cabinets? • Do key ceremonies take place in secure facilities (at the high end this includes Faraday cages and regular bug sweeps) with sufficient privacy for participants? (see also Protocols and Procedures) • Are keying materials securely destroyed once finished with? (see also Protocols and Procedures) • The next degree of assurance is suitable physical security around cryptographic materials, components and processes.

  21. Protocols and Procedures Anyone who considers protocol unimportant has never dealt with a cat. Robert A. Heinlein

  22. Protocols and Procedure - 1 • In practice, any method is only as secure as the protocols around its use; • This is largely a question of managing a secure lifecycle for keys (as defined in the Governance Framework)– • Generation; • Implementation; • Retirement/Archive/Destruction; • Emergency replacement (typically for compromised keys); • Should be feasible to attend a key ceremony as an observer and confirm such controls as – • Keying component segregation and secure storage; • Adherence to published procedures; • Secure delivery of generated key components; • The next degree of assurance is the integrity of the protocols and processes that enable and support cryptographic operations.

  23. 3rd Parties Well, you should of come to the first party. We didn't get home 'til around four in the morning. I was blind for three days! Otis B. Driftwood

  24. 3rd Parties • Theoretically, all the considerations outlined thus far also apply to 3rd parties operating cryptographic services on one’s behalf; • Practically, assurance may be harder to achieve, but the responsibility for data security remains vested in the data owner, not the processor; • If a supplier proves difficult over assurance, have to question relationship; • Assuming reasonable level of cooperation, consider the following actions – • Review the contract for security obligations and cryptographic SLAs; • Obtain any external reviews available, e.g. SAS70, QSA reviews (PCI); • Determining whether the supplier has a Certified Service Bureau status; • Site visits, with particular emphasis on cryptographic components; • Attending key ceremonies as an observer; • The next degree of assurance is over 3rd parties.

  25. Miscellaneous If you think cryptography is the answer to your problem, then you don't know what your problem is. Peter G. Neumann, quoted in the New York Times, February 20 2001

  26. Miscellaneous • There is some value to be had by sitting down with cryptographic system administrators to review system parameters and settings against policy and best practice; also patch levels; • Digital certificates are informative, particularly for key sizes and algorithms (they should also have a valid date and be issued by a recognised authority); • The final degree of assurance is having come at this from all angles. ~~~ Proving that Cryptologists are funnier than particle physicists – Mary had a little key (It's all she could export), and all the email that she sent was opened at the Fort. Ron Rivest Mary had a little key - she kept it in escrow, and every thing that Mary said, the feds were sure to know. Sam Simpson

  27. Questions • Some questions to take away with you – • Are there unknown zones in your network? • Whom do you trust? • How sure are you about their identity?

More Related