Web Appications - TLS/SSL
Web traffic is widely protected by encryption. There are many reasons for it but the main topics are the protection of user privacy, secure logins (username/password), and the exchange of financial information over the web. There ware two technologies responsible for the small lock icon in the web browser. Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
SSL was developed by Netscape to provide encrypted web traffic between client and server. Hypertext Transfer Protocol Secure (HTTPS) is using port 443 to communicate sessions between browser clients and web servers. When Microsoft adopted SSL into its popular Internet Explorer browser in 1995, it became the de facto standard for secure web communication.
SSL depends on the exchange of server digital certificates to negotiate encryption/decryption parameters between the browser and the web server. The goal of the protocol is to create a secure channel that remains open for an entire web browsing session. SSL uses a combination of symmetric and asymmetric cryptography.
1: The browser retrieves the web server certificate and extracts the public key from it.
2: The browser creates a random symmetric key, encrypts it with the servers public key and sends it back to the server.
3: The server decrypts the symmetric key with its own private key and the two systems exchange all future messages using symmetric key encryption.
SSL utilizes the advanced functionality of asymmetric cryptography for the exchange of the secret key while the majority of data is exchanged using the faster symmetric algorithm.
TLS was proposed by security engineers in 1991 as a replacement for the SSL standard. As with SSL, TLS uses TCP port 443 but incorporated many security enhancements. While the early version of TLS supported a downgrade to SSL, this backward compatibility was dropped in 2011 with TLS v1.2.
In 2014, an attack known as POODLE demonstrated a flaw in the SSL 3.0 fallback mechanism of TLS. Many organizations have since completely dropped SSL support and solely rely on TLS now.
TLS is also utilized to encrypt communication between mobile applications and API endpoints. Apple even enforces this since January 2017.
Email - PGP, OpenPGP and S/MIME
Electronic mail (email or e-mail) is a method of exchanging messages between people using electronic devices. It first entered limited use in the 1960s and by the mid-1970s had taken the form now recognized as email. Email may travel and be stored on networks and computers without the sender’s or the recipient’s control. During the transit, it is possible that third parties read or even modify the content.
Email messages not encrypted by default.
Email messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages.
Email messages are stored on servers and can be accessed by IT personnel.
There are solutions to protect emails in transit (e.g. SMTP over TLS) but for sensitive email messages, it is recommended to use end-to-end encryption and not rely on email providers goodwill.
Here are some recommendations for email usage:
Confidentiality can be achieved by message encryption
Integrity and nonrepudiation require to hash the message
Authentication, integrity and non repudiation can be implemented by digitally signing the message
Confidentiality, authentication, integrity, and nonrepudiation requires encrypting and digitally signing the message
PGP - Pretty Good Privacy was invented by Phil Zimmerman in 1991 and made available to the public. It initially encountered a number of hurdles by the U.S. government regarding its distribution (export regulation). Those restrictions have been repealed, and PGP may be freely distributed to most countries.
The commercial version of PGP uses RSA for key exchange, IDEA for encryption/decryption, and MD5 as the hash function for message digest creation.
OpenPGP is the freeware version of PGP and uses Diffie-Hellman for key exchange, CAST 128-bit for encryption/decryption, and the SHA-1 algorithm as the hash function.
S/MIME is the Secure/Multipurpose Internet Mail Extension protocol and has emerged as a de facto standard for encrypted email. It has been incorporated in a large number of commercial products and relies on the usage of X.509 certificates (see my posting about PKI). S/MIME extracts the public key from the certificate (same as TLS) and uses it for digital signing and the exchange of symmetric keys. RSA is the public key cryptographic protocol of S/MIME and AES or 3DES is used for symmetric encryption.
Data Encryption on Portable Devices - Notebooks, Smartphones, and Tablets
The wide usage of portable devices brings new risks to organizations. Notebooks, Smartphones, and Tablets often contain highly sensitive information that could cause serious harm if the device is lost or stolen. Many organizations turn to encryption to protect the data on these devices.
Current versions of all operating systems now include disk encryption capabilities that make it easy to manage encryption on all devices. Microsoft Windows includes BitLocker and Encrypting File System (EFS), MacOSX includes FileVault encryption and the open-source VeraCrypt allows disk encryption on Linux, MacOSX, and Windows.
There is a variety of commercial tools to provide added features and device management capabilities. The differentiators of those tools are how they protect the keys stored in memory, whether they encrypt full disk (FDE) or only volumes, and if they support hardware-based Trusted Platform Modules (TPMs). A TPM is a chip that can often be found in modern computer devices. It provides the operating system with access to the keys and prevents the decryption of a disk device in case the drive is removed from the computer.
Any selection of an encryption software must include an analysis of the capabilities during the due diligence process.
Providing secure networking services is an important application of cryptography. Generally, there are two different concepts at play. Link encryption and End-to-end encryption.
Link encryption is the concept of creating a secure tunnel between two points using either a hardware or software solution. In this concept, all traffic entering one side of the tunnel is encrypted and decrypted on the other side. Link encryption is protocol independent and encrypts all the traffic including data, header, address, or routing information. An example is the VPN connection between two offices. Link encryption usually happens at the lower layers of the OSI model.
End-to-end encryption protects the communication between two parties like a client and a server and is performed independently from the network link. It is found in the higher layers of the OSI model.
SSH - Secure Shell is an example of end-to-end encryption and provides encrypted alternatives to common internet applications such as FTP, Telnet, and rlogin. SSH1 supports DES, 3DES, IDEA, and Blowfish and is considered insecure. SSH2 drops the support of DES and IDEA and adds several other algorithms like Diffie-Hellman for key exchange.
IPSec is a security architecture that supports secure communications and is a standard of the Internet Engineering Task Force (IETF). The Internet Protocol Security (IPSec) secures the communication between two entities. Those entities can be routers, gateways, or any combination of those. Generally, IPSec is used to connect two networks but it can also connect one computer to a network or two computers.
It uses public-key encryption to provide access control, nonrepudiation, and message authenticity. IPSec is primarily used for virtual private networks (VPN) and can operate in either a tunnel or transport mode.
Tunnel mode encrypts the entire packet (including the header) and is designed for securing gateway to gateway communication.
Transport mode encrypts only the payload and is designed for securing peer-to-peer communication.
IPSec is commonly paired with the Layer 2 Tunneling Protocol (L2TP) and then known as L2TP/IPSec. The protocol provides a complete infrastructure to secure network communication and has gained widespread acceptance in all major operating systems. It relies on two components.
The Authentication Header (AH) provides message integrity, nonrepudiation, authentication, and access control.
The Encapsulating Security Payload (ESP) provides confidentiality and integrity of packet content. It has limited authentication features but not to the extent of AH.
IPSec is creating a security association (SA) during runtime. This SA represents a simplex communication session and configuration. Two-way communication requires two SAs and for using both AH and ESP in two-way communication, the requirement is four SAs. The advantage is that each SA can be filtered or managed independently which gives IPSec its flexibility.
ISAKMP provides the background security support services of IPSec by negotiating, establishing, modifying, and deleting security associations. ISKMP is described in detail in RFC 2408.
The widespread adoption of wireless networks creates a tremendous security risk. Traditional wired networks do not implement encryption for routine communication between host because of the assumption that it would be too difficult for an attacker to gain physical access to the network equipment. Wireless networks transmit data through the air, leaving them extremely vulnerable to interception. There are two types of wireless security implementations:
WEP - Wireless Equivalent Privacy provides 64- and 128-bit encryption options to protect wireless communication. WEP is described in IEE 802.11 as an optional component of the wireless networking standard. Cryptanalysis has demonstrated significant flaws in the WEP algorithm. This makes it possible to completely undermine the security features of a WEP protected network.
WPA - WiFi Protected Access improves on WEP encryption by implementing a Temporal Key Integrity Protocol (TKIP). WPA2 is adding AES cryptography to the protocol, improving it even further. WPA2 is the de facto standard for protecting wireless networks.
Cryptography Key Sizes and Recommendations
The Paragon Guide holds some good advice for Cryptographic Key Sizes and Algorithm Recommendations.
|Name||Block Size||Key Size|
|Advanced Encryption Standard (AES)||128||128, 192, 256|
|Rijndael||Variable||128, 192, 256|
|Blowfish||64||32 - 448|
|Data Encryption Standard (DES)||64||56|
|Rivest Cipher 2 (RC2)||64||128|
|Rivest Cipher 5 (RC5)||32, 64, 128||0 - 2,040|
|Triple DES (3DES)||64||112, 168|
|Twofish||128||1 - 256|