ECE 646 Fall 2015 Term Project. Overview, comparison of open crypto libraries for application development. By Ravi Kota

Similar documents
UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

FIPS Security Policy

Juniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013

Samsung FIPS BC for Mobile Phone and Tablet FIPS Security Policy

NIST Cryptographic Toolkit

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

RSA BSAFE Crypto-C Micro Edition Security Policy

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

Elaine Barker and Allen Roginsky NIST June 29, 2010

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

VMware, Inc. VMware Horizon JCE (Java Cryptographic Extension) Module

Symantec Corporation

Silent Circle Mobile Application Cryptographic Module

IOS Common Cryptographic Module (IC2M)

Tabular Presentation of the

FIPS Non-Proprietary Security Policy. Cotap Cryptographic Module. Software Version 1.0. Document Version 1.4.

FIPS Compliance of Industry Protocols in Edward Morris September 25, 2013

Intel R Integrated Performance Primitives. Cryptography Guide. Andrzej Chrzȩszczyk Jakub Chrzȩszczyk

CSE 127: Computer Security Cryptography. Kirill Levchenko

Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications. International Crypto Module Conference May 19, 2017

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

APNIC elearning: Cryptography Basics

FIPS Cryptographic Module Security Policy Entrust Authority Security Toolkit for the Java Platform

Route1 FIPS Cryptographic Module

Cryptographic Algorithm Validation Program:

Computer Security 3/23/18

Acme Packet VME. FIPS Level 1 Validation. Software Version: E-CZ Date: July 20, 2018

Cryptography MIS

SMPTE Standards Transition Issues for NIST/FIPS Requirements

RSA BSAFE Crypto-J JSAFE and JCE Software Module Security Policy Level 2 Roles, Services and Authentication

RSA BSAFE Crypto-J JSAFE and JCE Software Module 5.0 Security Policy Level 1 Roles, Authentication and Services

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

Usage of SP800-56A in Industry Standard Protocols

Apple Inc. Apple OS X CoreCrypto Kernel Module, v5.0 FIPS Non-Proprietary Security Policy

Imprivata FIPS Cryptographic Module Non-Proprietary Security Policy Version: 2.9 Date: August 10, 2016

Symmetric, Asymmetric, and One Way Technologies

CIS 4360 Secure Computer Systems Symmetric Cryptography

RSA BSAFE Crypto-J JSAFE and JCE Software Module 5.0 Security Policy Level 2 Roles, Authentication and Services

FIPS Security Policy UGS Teamcenter Cryptographic Module

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll) Security Policy Document

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Security with VA Smalltalk

FIPS Non-Proprietary Security Policy. Acme Packet FIPS Level 2 Validation. Hardware Version: Firmware Version: E-CZ8.0.

Computer Security: Principles and Practice

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

SUMMARY OF INFORMATION ON EACH COURSE

NIST Post- Quantum Cryptography Standardiza9on

Block Cipher Operation. CS 6313 Fall ASU

Cryptography and the Common Criteria (ISO/IEC 15408) by Kirill Sinitski

Symantec Corporation Symantec Cryptographic Module Software Version: 1.1. FIPS Non-Proprietary Security Policy

ECE 646 Lecture 8. Modes of operation of block ciphers

SUSE Linux Enterprise Server 12 libgcrypt Cryptographic Module version 1.0. FIPS Non-Proprietary Security Policy

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

Extended Package for Secure Shell (SSH) Version: National Information Assurance Partnership

Hydra PC FIPS Sector-based Encryption Module Security Policy

VMware OpenSSL FIPS Object Module

Version 2.0. FIPS Non-Proprietary Security Policy. Certicom Corp. September 27, 2005

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Security Policy. Jan 2012

Analysis, demands, and properties of pseudorandom number generators

BCA III Network security and Cryptography Examination-2016 Model Paper 1

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

Lecture 2 Applied Cryptography (Part 2)

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0

L13. Reviews. Rocky K. C. Chang, April 10, 2015

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Double-DES, Triple-DES & Modes of Operation

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

Chapter 6 Contemporary Symmetric Ciphers

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

1 INTRODUCTION CRYPTOGRAPHIC MODULE SPECIFICATION... 9

Public Key Algorithms

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Internet Engineering Task Force (IETF) Request for Comments: Category: Informational ISSN: January 2010

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

Advanced Security for Systems Engineering VO 09: Applied Cryptography

Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc.

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

OPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTS. RSA BSAFE Crypto Kernel. Solution Brief

Cryptographic Concepts

Cryptography and Network Security

Cryptographic Systems

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

borzoi Manual Dragongate Technologies Ltd.

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Stream Ciphers and Block Ciphers

Building Blocks of the Security and Management Engine

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Study Guide to Mideterm Exam

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Dyadic Security Enterprise Key Management

Transcription:

ECE 646 Fall 2015 Term Project Overview, comparison of open crypto libraries for application development. By Ravi Kota

Goal How to determine which open source crypto library or libraries can be considered for a crypto application development? Reason: When enterprises build software applications, it is desirable to consider: Secure & correct implementation Compliant to standards Long term Supportability

Major Criteria 1. Identify common requirements of crypto applications. (List of Crypto primitives and other features). 2. Study crypto library APIs & analyse how to implement/support the common features of crypto applications. 3. Compile some performance data on open crypto libraries comparison from available papers. 4. Analyse the CVEs of the crypto libraries, how it impacts crypto applications.

Crypto Application Context An Application Context utilizing Crypto Modules Application/System Cryptographic Sub system Cryptographic Algorithms

Cryptographic Requirements Symmetric key ciphers Modes of Operation Asymmetric key ciphers Encryption/Decryption Digital Signature Key Exchange Hash functions Message Authentication Codes (MAC) Random Number generators Key Generation & Management

Other Requirements Attack/Security Level Memory/Speed requirements Support for standards Optimizations (low level optimization) Portability Special instructions available on specific processors Ease of installation Documentation support

Symmetric Ciphers Algorithm Key Length References TDEA 3 key TDES 800-131Ar1, 800-67, 800-197 AES 128, 192 & 256 bits 800-131Ar1 SKIPJACK 80 bit Recently withdrawn Stream Ciphers?

Block cipher mode of operation Electronic Codebook (ECB): Each block of plain text is encoded independently using the same key. Cipher Block Chaining (CBC): The input to the encryption algorithm is the XOR of the next-block of plaintext and the preceding block of ciphertext. Cipher Feedback (CFB): Input is processed s bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext. Output Feedback (OFB): Similar to CFB, except that the input to the encryption algorithm is the preceding encryption output, and full blocks are used. Counter (CTR): Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block. XTS-AES: Encryption for data stored in sector-based devices.

Asymmetric Ciphers Algorithm Application Refs ENC/DEC Digital Signature RSA YES YES YES Key Exchange Elliptic Curve YES YES YES Diffie-Hellman NO NO YES DSS NO YES YES

Key sizes:asymmetric Ciphers Function Digital Signature Generation & verification Key Agreement using DH & MQV using finite fields, EC RSA based Key Agreement& Transport Algorithm & Key Size DSA >= 112 bits of security strength DSA: len(p) >= 2048 AND len(q) >= 224 RSA: len(n) >= 2048 ECDSA: len(n) >= 224 DSA >= 112 bits of security strength DSA: len(p) >= 2048 AND len(q) >= 224 Len(n) >= 2048

HASH Functions NIST, ENISA Recommended Algorithms SHA-224, SHA-256, SHA- 384, SHA-512, SHA- 512/224 and SHA- 512/256. Whirpool SHA-3 Family (SHA3-224, SHA3-256, SHA3-384, SHA3-512) Based on modular arithmetic and logical binary operations Uses AES style methods References SP-800-107 rev- 1 EINSA-2014 report

HASH Algorithm Digest Length Security Strengths (CR, First-Pre-Image, Second-Pre- Image) SHA-1 160 ( <80, 160,105-160) SHA-224 224 (112, 224, 201-224) SHA256 256 (128, 256,201-256) SHA-384 384 (192, 384, 201-256) SHA-512 512 (256, 512, 394-512) SHA- 512/224 SHA- 512/256 512/224 (112, 224, 224) 256 (128, 256, 256)

Message Authentication Code The purpose of a MAC is to authenticate both the source of a message and its integrity without the use of any additional mechanisms. MACs Using Block Cipher Algorithms (SP800-38B) MACs Using Hash Functions (SP800-107) Universal Hash Functions: UMAC, GMAC, Approved algorithm for generating and verifying message/data authentication codes: HMAC (FIPS SUB 198-1) HMACs have two functionally distinct parameters, a message input and a secret key known only to the message originator and intended receiver(s).

MACs Crypto Primitive NIST, ENISA Recommended Algorithms References Message Authentication Code: generation & verification HMAC (>112), CMAC(with AES,3 key TDEA), GMAC (AES) 800-131Ar1

Random Number Generators RNGs HASH_DRBG HMAC_DRBG CTR_DRBG Dual_EC_DRBG NRBG Generators Description uses an approved hash function during the instantiate, reseed and generate functions. HMAC_DRBG uses multiple occurrences of an approved keyed hash function, which is based on an approved hash function. DBRG based on block cipher uses an approved block cipher. CTR_DBRG uses a block cipher (TDEA or AES) in CTR mode. Dual Elliptic Curve random number generator was recently withdrawn. No Approved methods

RBG & Key Agreement Crypto Primitive Random bit Generators Key agreement using Diffie-Hellman (DH) and Menezes- Qu-Vanstone (MQV) schemes using finite fields NIST, ENISA Recommended Algorithms HASH_DRBG, HMAC_DRBG CTR_DRBG >=112 bits of security strength; len(p) >= 2048 and len(q) >= 224 Refs SP 800-90A SP 800-56A

Random Number Generators RNGs HASH_DRBG HMAC_DRBG CTR_DRBG Dual_EC_DRBG NRBG Generators Description uses an approved hash function during the instantiate, reseed and generate functions. HMAC_DRBG uses multiple occurrences of an approved keyed hash function, which is based on an approved hash function. DBRG based on block cipher uses an approved block cipher. CTR_DBRG uses a block cipher (TDEA or AES) in CTR mode. Dual Elliptic Curve random number generator was recently withdrawn. No Approved methods

Study crypto library APIs Following c/c++, java libraries are studied for the above requirements C++ based Libraries 1. Openssl libraries 2. nss (Network Security Services) 3. Crypto++ 5.6.2 4. Botan 5. AWS s2n library for TLS encryption Java Based Libraries 6. GNU Crypto project 7. BouncyCastle Others 9. PyCrypto - Python Cryptography Toolkit 10. Perl Crypto

Openssl:libcrypto The OpenSSL crypto library implements a wide range of cryptographic algorithms discussed in the previous section. Sub libraries of Libcrypto evp: evp - high-level cryptographic functions. The EVP library provides a high-level interface to cryptographic functions. bn: This library performs arithmetic operations on integers of arbitrary size. It was written for use in public key cryptography, such as RSA and Diffie-Hellman. SHA: SHA3 also included buffer: The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs. Others: IO, Error handling, Data encoding, lhash etc. FIPS 140-2 Validated.

Openssl:libcrypto Crypto Primitive Algorithms supported API Symmetric Ciphers Asymmetric Key Ciphers DES, TDEA, AES, other stream ciphers RSA encrypt /decrypt/sign/verify DH - Key Agreement EC - operations on elliptic curves over finite fields. DSA Digital Signature EVP_Encrypt, EVP_Decrypt family of APIs RSA_Family APIs DH_ Failimy APIs EC_ family APIs DSA_ Family APIs

NSS libraries Libnss library implements a wide range of cryptographic algorithms discussed in the previous section NSPR is a platform abstraction library that provides a cross-platform API to common OS services The NSS cryptographic module has two modes of operation: the non-fips (default) mode and FIPS mode. NSS FIPS mode: APIs are very clear well documented. A core element of NSS is FreeBL, a base library providing hash functions, big number calculations, and cryptographic algorithms. Softoken is an NSS module that exposes most FreeBL functionality as a PKCS#11 module.

NSS libraries Crypto Primitive Algorithms supported Symmetric Encryption HASH Functions Digital Signature Key Agreement DRBG References DES, TDES, AES(wECB,CBC modes) RC2, RC4 SHA-1/SHA-256/SHA-384/SHA-512 RSA, DSA, ECDSA RSA, Diffie-Hellman, ECDSA HASH_DRBG http://wwwarchive.mozilla.org/projects/security/pk i/nss/nss-3.11/nss-3.11-algorithms.html http://hg.mozilla.org/projects/nss/file/t ip/lib

Crypto++ Crypto++ implements a wide range of cryptographic algorithms discussed in the previous section The FIPS validated library is only available on Windows as a DLL. Simpler to understand the APIs: Namespaces, Good Documentation: main web page

Crypto++ Primitive Symmetric Ciphers Asymmetric Ciphers HASH Function MAC Key Agreement Supported Algorithms 3DES, AES, Twofish, Serpent, CAST-256 etc RSA, DSA, ElGamal, Nyberg-Rueppel etc SHA-1, SHA-2, Whirlpool etc HMAC, GMAC, CMAC Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH

Botan Botan C++ library implements a wide range of cryptographic algorithms discussed in the previous section Simpler to understand the APIs Good Documentation FIPS140-2 Compliant?

Botan Primitive Symmetric Ciphers Asymmetric Cipher Key Agreement HASH Functions Algorithms supported DES, 3DES, AES and alsa20/xsalsa20, ChaCha20, and RC4 stream ciphers RSA (ENC/DEC), RSA,DSA, ECDSA - Signatures Diffie-Hellman, ECDH SHA-2, SHA-3 & Others

Java Based Crypto Libraries GNU Crypto Library Versatile, high-quality, and provably correct implementations of cryptographic primitives Implemented most of the approved algorithms Bouncy Castle Light weight cryptp APIs JCA compliant Easy installation Adequate documentation Free

PyCrypto Crypto using Python & Perl The Python cryptography toolkit is intended to provide a reliable and stable base for writing Python programs that require cryptographic functions. Provides simple, consistent interface for similar classes of algorithms. PerlCrypto There are many crypto packages are available (search in http://search.cpan.org/) CryptX - Crypto toolkit is a self-contained perl crypto package. License is free. NET::SSLeay module contains perl bindings to openssl.

Performance Average speed measured for each library for AES, 3DES are shown below Library. The buffer size of the data used in this measurement rangers from 16 bytes to 1 MB. Cipher/Lib rary openssl Botan Crypto++ nsslibs Rijndael AES 44,153 KB/sec 21,807 KB/sec 27,155 KB/sec N/A 3DES 12,070 KB/Sec 6,698 KB/Sec 6,744 KB/Sec N/A

Common Vulnerabilities Exposures Library Openssl CVEs 19 CVEs published in 2014, and about 10 during 2015 NSS 6 CVEs published on NSS libraries in 2015 BOTAN 7 CVEs in 2015, 1 in 2014 Crypto++ AWS s2n 1 in 2015 Bouncy Castle 1 CVE in 2015. CVE-2015-2141 1 CVE in 2015. CVE-2015-7940

Conclusion OpenSSL, NSS libraries have been in use since long time and under-go constantly scrutiny by the researchers and users. They are FIPS 140-2 complaint and implements NIST approved algorithms. Despite the CVEs, these libraries are well maintained and supported. Most the CVEs are due to software implementation and might affect a narrow scenario in some cases. All the new applications should use open source libraries that are compliant to NIST recommendations.

End Q & A

Older Slides/backup slides Older Slides/backup slides to follow

Comments The growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be https://www.nsa.gov/ia/programs/suiteb_cry ptography/

NSS API structure FIPS Mode General-purpose functions Encryption functions Decryption functions Message digesting functions Signature and MAC generation functions Signature and MAC verification functions Dual-function cryptographic functions Key management functions Random number generation functions Slot and token management functions Session management functions Object management functions Parallel function management functions Default Mode base, certdb, certhigh, ckfw, crmf, cryptohi, dbm, dev, freebl, jar, libpkix, nss, pk11wrap, pkcs12, pkcs7, pki, smime, softoken, sqlite, ssl, sysinit, util, zlib

Useful Links http://csrc.nist.gov/groups/st/toolkit/exampl es.html http://csrc.nist.gov/groups/stm/cavp/index.h tml http://www.keylength.com./ https://en.wikipedia.org/wiki/comparison_of _TLS_implementations http://nvlpubs.nist.gov/nistpubs/specialpublic ations/nist.sp.800-131ar1.pdf

Key Generation Key Generation( NIST SP 800-57 revison-3) Two types of automated key-establishment schemes are defined: key transport and key agreement. (NIST SP 800-56A, SP 800-56B) Key Agreement: The key-agreement schemes employ publickey techniques utilizing Discrete Logarithm Cryptography (DLC). The security of these DLC-based key-agreement schemes depends upon the intractability of the discrete logarithm problem. Key Transport: Key transport is the distribution of a key (and other keying material) from one entity (the sender) to another entity (the receiver). The keying material is encrypted by the sending entity and decrypted by the receiving entity/entities.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback