- Internet Cryptography
- SSH:
provides server and user authentication, confidentiality and integrity
of messages. SSH is composed of several protocols. The SSH transport
layer protocol typically runs on top of TCP/IP,
it provides encryption, host authentication and integrity protection.
SSH
authentication protocol is a general user authentication protocol that
runs on top of the SSH transport layer protocol. The SSH connection
protocol,
which runs on top of the SSH transport layer and authentication
protocols, provides interactive login sessions, remote execution of
commands, forwarded TCP/IP connections and forwarded X11 connections.
Replaces telnet, ftp, rlogin, rsh, rcp, rdist.
Free implementation: OpenSSH
- SSL v3.0:
two level protocol that is application protocol independent, allows confidentiality
(with e.g. RC4), authentication (with
e.g.
RSA signature challenge) and reliability
(with
e.g. MACs constructed out of MD5, SHA1).
The lowest level, SSL
Record,
is built on top of a reliable transport protocol (e.g. TCP/IP), it is
used
for encapsulation of various higher level protocols (and does the
encryption
for example).
One such encapsulated protocol is the SSL Handshake protocol, which
allows
the server and client to authenticate each other and to negociate an
encryption algorithm and keys before the application protocol transmits
or receives its first byte of data.
Free implementation: Open SSL - TLS (rfc 2246):
the successor of SSL v3.0.
- HTTPS:
Standard
that describes application of TLS to secure HTTP.
- IpSec:
cryptographic security applied directly on IP packets, transparent to
any
application.
- Kerberos:
enables
users and services to authenticate
themselves
to each other (also, a user needs to enter his password only a
single
time per session to authenticate to multiple services).
- S/Key:
one time password authentication scheme.
In
brief, server stores H_i(seed, password), only user
knows
password. To authenticate to server, user provides i-1,
H_{i-1}(seed,
password), server verifies if H_i(seed, password) =
H(H_{i-1}(seed,
password)) and stores H_{i-1}(seed, password) for next time. seed
is there so that user can use the same password for different
systems.
- S/MIME:
provides authentication, message integrity, non-repudation
of origin and privacy to MIME
data. Can be used by any mail user agent
(MUA) supporting
MIME or anything else transporting MIME data (such as HTTP).
Originally developed by RSA Data Security but standardization has now
transitioned into IETF. Popularized by RSA Security and it's used
in Microsoft Outlook.
- PEM:
Privacy Enhanced Email, series of RFCs defining privacy
enhancement mechanisms for electronic mail. Applies only to
7-bit text messages, became less important with the arrival of
MIME which allows to add binary attachements to email.
MOSS was an extension which didn't take off as S/MIME did.
- MOSS:
MIME Object Security Services. Provides services similar to S/MIME, but
never became as popular.
- PGP:
Pretty Good Privacy, software that allows you to encrypt and sign files
and emails, first written by Phil
Zimmerman. You can get a freeware version at the International PGP home page, or a
payed version at PGP Inc. The most
recent versions of PGP follow the OpenPGP standard described in RFC 2440. GnuPG
(GPG) is message formats have been standardized in RFC 2440. The
Gnu Privacy Guard (GPG) is free software (distributed under the GNU
GPL) which is RFC 2440 compliant and acts as a replacement to
PGP. There is certain compatibility between GPG and recent
versions of PGP. For an interesting brief history of PGP see PGP Timeline.
- Cryptography APIs
- Cryptoki:
also knwon as PKCS #11, is a crypto API that provides developpers
abstraction
from the device that implements the cryptography. Mechanisms
are the various cryptographic algorithms, a token is a module
that implements certain
mechanisms and a slot is an abstract adaptor which holds a
token.
To access mechanisms one establishes a session with a token (a logical
connection between an application and token).
Free implementation: IBM's
OpenCryptoki.
Some commercial implementations (ex certain versions of Eracom
ProtectHost Orange Hardware, Entrust Security Kernel, 3S Group
Incorporated T2CSS) are FIPS 140
certified.
- GSS-API:
The Generic Security Service Application Program Interface (version 2
defined in RFC 2078). A cryptographic API for distributed
security services, allowing applications to authenticate each other and
exchange messages security (data integrity and confidentiality).
GSS-API provides abstraction from the underlying mechanisms and
technology allowing for source-level portability of applications to
different environments. Probably one of the oldest standard
cryptographic API (dating back to 1993). Popularized more
recently by Kerberos version 5.0 (Kerberos v5 providing the underlying
security mechanisms, see RFC
1964). There is an RFC for GSS-API C bindings and
one for GSS-API Java
bindings. An extension of GSS-API is IDUP-GSS-AIP
(Independant Data Unit Protection Generic Security Service API) for
"applications requiring protection of generic data unit (such as file
or message) in a way which is independent of the protection of any
other data unit and independent of any concurrent contact with
designated receivers of the data unit", RFC 2479.
- MS
CAPI: Microsoft`s crypto API. A CSP
(cryptographic service provider) implements certain cryptographic
functions, these can be accessed trough MS CAPI. MS CAPI includes
functions that allow you to examine the CSPs that are on your machine.
A CSP also stores key containers which are objects that hold
the value of certain
keys and the specifics of the algorithms they are used for.
Several CSPs comme with Windows 2000. Microsoft has several CSPs that
are FIPS
140 certified.
Don't forget to see Peter Gutmann's attack
on MS CAPI and some other Microsoft products
- CDSA:
Common Data Security Architecture is a very big security middleware
specification developped by Intel, with an open source reference implementation.
The Open Group adopted CDSA as an Open Group technical standard, you
can get informatio about CDSA from them here.
- JCE.
Java Cryptographic Extension, adds encryption, MAC and key exchange
functionality to the
Java Cryptographic Architecture (JCA),
which defines an API for digital signatures, certificates and hash
functions.
- Cryptography standards
- IEEE
P1363:
Standard specifications for public-key cryptography. Covers a
wide range of things including cryptographic parameters and keys, key
agreement, digital signatures and encryption based on discrete
logarithm systems (like DH), elliptic curve discrete logarithm systems
(like ECDH) and integer factorization systems (like RSA).
- PKCS: Public
Key Cryptography Standars published by RSA Security. Includes
standards for RSA encyrption and digital signatures, password-based
cryptography, cryptographic message syntaxes (for messages that may
have cryptography applied to it, for cryptographic keys and
certificates, etc.), Cryptoki, etc.
- NIST FIPS and Special
Publications 800 series: Publications issued by the
National
Institute of Standards and Technology. FIPS describe standards
while SP 800 series describe recommendations. Includes the Data
Encryption Standard (DES) and Triple-DES, Advanced Encryption Standard
(AES), Secure Hash Standard (SHA-1, etc.), Digital Signature Standard
(DSA, etc.), standards and recommendation for symmetric key encryption
modes of encryption, data authentication, entity authentication, key
management, key escrow, security requirements for cryptographic modules
(hardware and software), etc.
- ISO standards:
Includes several
standards for cryptographic mecanisms. Most are catalogued in ICS
field 35.240.40
(IT applications in banking) as well as 35.040
(character sets and information coding). The standards include
mecanisms such as symmetric key encryption and message authentication,
key management, entity authentication, etc. Note, you have to pay
to get a hold of these standards.
- ANSI X9: ANSI standards for the
financial
services industry. Includes standards for symmetric key
encryption and message authentication, key management, digital
signature algorithms, hash functions, etc. You have to pay to get
a hold of these standards.
- IETF RFCs:
There are several RFCs that standardize cryptographic mechanisms.
These include most of the protocols mentioned in the Internet Cryptography section above.
Note:
Many of these standards organization describe similar standards, and
often base their standards on each other.
For example, ANSI X9.30-1 and X9.30-2 describe DSA and SHA as per
FIPS 186 and FIPS 180. ISO 11568 series (key management)
originated from X9.24. A couple of these standards are listed in section
15.3 of the Handbook of applied cryptography.
- Key Agreement protocols (Note:
Key Agreement protocols are different from Key Exchange protocols, In a
key exchange protocol, one side sends a precomputed-key to the other
side,
in a key agreement protocol, the two sides compute a new key. Many
people confuse these terms,
including
OAKLEY`s RFC).
- KEA:
NIST`s key agreement protocol, declassified since june 24th 1998, that
uses Skipjack in it`s key derivation function. It seems that the
test vectors they gave are not good: see Lewis
McCarthy`s page. You can get an HTML version of the spec here.
- IKE
(rfc 2409):
a hybrid between OAKLEY and SKEME, with the ISAKMP framework, used in
IpSec. Sometimes
referred to as
ISAKMP/OAKLEY.
- ISAKMP (rfc 2408):
General framework that defines procedures and packet formats to
establish, negociate, modify and delete Security Associations (SA). Exact
details are left to other protocols.
- OAKLEY (rfc 2412):
slightly similar to STS, providing forward secrecy. It utilizes
cookies
so as to provide a weak form of protection against denial of services
attacks.
Suggest some cool primes in the appendix (primes with lots of 1s at the
beginning and end for some optimizations in computations plus a
multiple
of Pi in the middle to provide kosherazation.
- Photuris
(rfc 2522): Uses cookies.
- SKEME
(postscript):
from Hugo Krawczyk.
- SKIP
Simple Key Management for Internet, designed by Sun, based long term
DH keys.