`
`39
`
`Apple 1122 (Part 2 of 5)
`Apple v. USR
`IPR2018-00813
`
`
`
`IPR2018-00813
`
`CRYPTOGRAPHY
`
`Steve Burnett & Stephen Paine
`Apple 1121 (Part 1 of 2)
`Apple v. USR
`
`POURED
`
`Learn haw secure data-encryption
`techniques work
`
`Protect confidential information
`on your network
`Get official current cryptography
`standards on enciased CD-ROM
`
`Apple 1121 (Part 1 of 2)
`Apple v. USR
`IPR2018-00813
`
`40
`
`
`
`rE
`
`.
`
`aoener
`
`41
`
`41
`
`
`
`aauunM\Nttt
`
`Steve Burnett and Stephen Paine
`
`Osborne/McGraw-Hill
`New York Chicago San Francisco.
`Lisbon London Madrid Mexico City
`Milan New Delhi San Juan
`Seoul Singapore Sydney Toronto
`
`42
`
`42
`
`
`
`‘VKsios
`Sq
`W g 1
`Osborne/McGraw-Hill
`R00 |
`2600 Tenth Street
`Co 2
`Berkeley, California 94710
`Pp
`U.S.A.
`To arrange bulk purchase discounts for sales promotions, premiums,or MRC
`Mm
`
`raisers, please contact Osborne/McGraw-Hill at the above address. For
`information on translations or book distributors outside the U.S.A., please see
`the International Contact Information page immediately following the index of
`this book.
`
`RSASecurity’s Official Guide to Cryptography
`Copyright © 2001 by The McGraw-Hill Companies.All rights reserved. Printed
`in the United States of America. Except as permitted under the Copyright Act of
`1976, no part of this publication may be reproducedordistributed in any form or
`by any means,or stored in a database or retrieval system, without the prior
`written permission of the publisher, with the exception that the program listings
`maybeentered, stored, and executed in a computer system, but they may not be
`reproduced for publication.
`
`1234567890 FGR FGR01987654321
`
`Book p/n 0-07-213138-1 and CD p/n 0-07-213137-3
`parts of
`ISBN 0-07-213139-X
`
`Publisher
`Brandon A. Nordin
`Vice President &
`Associate Publisher
`Scott Rogers
`Executive Editor
`Steven Elliot
`Senior Project Editor
`LeeAnn Pickrell
`
`Acquisitions Coordinator
`Alexander Corona
`
`Technical Editors
`Blake Dournaee
`Jessica Nelson
`Copy Editor
`Betsy Hardinger
`Composition and Indexer
`MacAllister Publishing Services, LLC
`Illustrators
`Michael Mueller
`Beth Young
`\
`Lyssa Sieben-Wald
`
`Information has been obtained by Osborne/McGraw-Hill from sources believed to be reli-
`able. However, because of the possibility of human or mechanical error by our sources,
`Osborne/MeGraw-Hill, or others, Osborne/McGraw-Hill does not guarantee the accuracy,
`adequacy, or completeness of any information and is not responsible for any errors or omis-
`sions or the results obtained from use of such information.
`
`2001210873
`
`
`
`
`
`43
`
`
`
`YOR CON
`
`
`>>
`@nnr
`APR 1 6 2001
`
`)
`
`To Pao-Chi, Gwen, Ray, Satomi, Michelle, Alexander,
`Warren, Maria, Daniel, and Julia
`
`—Steve Burnett
`
`To Danielle, thanks for understanding while I worked on
`this book
`
`To Alexis and Elizabeth, a father could not ask for better
`children
`
`—Stephen Paine
`
`44
`
`44
`
`
`
`45
`
`45
`
`
`
`Contents
`
`Credits
`
`Foreword
`
`Acknowledgments
`Preface
`
`About the Authors
`
`xiii
`
`xvil
`
`XIX
`
`XXil
`
`—S
`
`mOOOeBwnNWN
`
`Chapter 1)=Why Cryptography?
`
`Security Provided by Computer Operating Systems
`How Operating Systems Work
`Default OS Security: Permissions
`Attacks on Passwords
`Attacks That Bypass Operating Systems
`Data Recovery Attack
`Memory Reconstruction Attack
`Added Protection Through Cryptography
`The Role of Cryptographyin Data Security
`
`Some Crypto Jargon
`WhatIs a Key?
`WhyIs a Key Necessary?
`Generating a Key
`A Random Number Generator
`
`A Pseudo-Random Number Generator
`Attacks on Encrypted Data
`Attacking the Key
`Breaking the Algorithm
`Measuring the TimeIt Takes to Break Your Message
`Symmetric Algorithms: The Key Table
`Symmetric Algorithms: Block Versus Stream Ciphers
`Block Ciphers
`Stream Ciphers
`Block Versus Stream: Which Is Better?
`Digital Encryption Standard
`Triple DES
`Commercial DES Replacements
`Advanced Encryption Standard
`
`46
`
`Chapter 2=Symmetric-Key Cryptography
`
`WwmstBPPpSPWWHWwWwwwewerrsrnreownNOWS
`OonmnntooDcaqanw~zNNOC
`
`46
`
`
`
` |
`
`Password-Based Encryption
`Programming Convenience
`Breaking PBE
`Slowing Down an Attack on a Password
`Good Passwords
`
`Password Generators
`
`Harclware-Based Key Storage
`Tokens
`
`Crypto Accelerators
`Hardware Devices and Random Numbers
`
`Biometrics
`
`Summary
`Real-World Examples
`Keon Desktop
`Other Products
`
`54
`
`59
`
`63
`
`64
`
`65
`
`67
`
`69
`
`69
`
`73
`
`75
`
`75
`
`76
`
`76
`
`77
`
`79
`
`Sharing Keys in Advance
`Problems With This Scheme
`Using a Trusted Third Party
`Problems With This Scheme
`Public-Key Cryptography andthe Digital Envelope
`Security Issues
`Breaking a Public-Key Algorithm
`Some History of Public-Key Cryptography
`How Public-Key Cryptography Works
`The RSA Algorithm
`The DH Algorithm
`The ECDH Algorithm
`Comparing the Algorithms
`Security
`Key Sizes
`Performance
`
`Transmission Size
`
`Interoperability
`
`47
`
`83
`
`84
`
`85
`
`86
`
`88
`
`91
`
`92
`
`93
`
`94
`
`98
`
`105
`
`11]
`
`117
`
`117
`
`119
`
`120
`
`122
`
`122
`
`
`
`VI Contents
`
`Summary
`Real-World Example: Oracle Databases
`
`5]
`
`5]
`
`53
`Chapter 3=Symmetric-Key Management
`
`Chapter 4=The Key Distribution Problem and Public-Key Cryptography
`8]
`
`47
`
`
`
`Vil
`Contents
`
`Protecting Private Keys
`Using the Digital Envelope for Key Recovery
`Key Recovery via a Trusted Third Party
`Key Recovery via a Group ofTrustees
`Key Recovery via Threshold Schemes
`How a Threshold Scheme Works
`
`Summary
`Real-World Example
`
`)22
`
`123
`
`124
`
`126
`
`127
`
`130
`
`132
`
`133
`
`137
`Chapter 5=The Digital Signature
`
`The Uniqueness of a Digital Signature
`Message Digests
`Collisions
`
`The Three Important Digest Algorithms
`A Representative of Larger Data
`Data Integrity
`Back to Digital Signatures
`Trying to Cheat
`Implementing Authentication, Data Integrity, and Nonrepudiation
`Understanding the Algorithms
`RSA
`
`‘
`
`DSA -
`
`ECDSA
`
`Comparing the Algorithms
`Security
`Performance
`
`Transmission Size
`
`Interoperability
`Protecting Private Keys
`Introduction to Certificates
`
`Key Recovery
`Summary
`Real-World Example
`
`130
`
`14]
`
`145
`
`148
`
`149
`
`153
`
`154
`
`[56
`
`159
`
`159
`
`160
`
`161
`
`163
`
`163
`
`163
`
`164
`
`165
`
`165
`
`166
`
`166
`
`169
`
`169
`
`170
`
`71
`Chapter 6=PublicKey Infrastructures and the X.509 Standard
`
`Public-Key Certificates
`Unique Identifiers
`Standard Version 3 Certificate Extensions
`
`Entity Names
`
`48
`
`172
`
`174
`
`175
`
`177
`
`48
`
`
`
`Vill
`
`179
`179
`180
`180
`181
`182
`182
`184
`184
`185
`186
`190
`190
`191
`192
`193
`194
`195
`196
`197
`197
`198
`199
`200
`201
`20)
`20!
`203
`204
`206
`206
`207
`207
`
`
`
`Chapter 7=Network andTransport Security Protocols 209
`
`Contents
`
`ASN.1 Notation and Encoding
`The Components of a PKI
`Certification Authority
`Registration Authority
`Certificate Directory
`Key Recovery Server
`ManagementProtocols
`Operational Protocols
`Registering andIssuing Certificates
`Revaking a Certificate
`Certificate Revocation Lists
`Suspending a Certificate
`Authority RevocationLists
`Trust Models
`Certificate Hierarchies
`Cross-Certification
`X.509 Certificate Chain
`The Push Model Versus the Pull Model
`Managing Key Pairs
`Generating Key Pairs
`Protecting Private Keys
`Managing Multiple Key Pairs
`Updating Key Pairs
`Keeping a History of Key Pairs
`Deploying a PKI!
`The Future of PKI
`Roaming Certificates
`Attribute Certificates
`Certificate Policies and Certification Practice Statements
`Summary
`Real-World Examples
`Keon Certificate Server
`Keon Web PassPort
`
`Internet Protocol Security
`IP Security Architecture
`IPSec Services
`The Authentication Header Protocol
`Integrity Check Value Calculation
`
`49
`
`209
`210
`21)
`211
`212
`
`49
`
`
`
`
`
`Contents
`
`IX
`
`Transport and Tunnel Modes
`The Encapsulating Security Payload Protocol
`Encryption Algorithms
`ESP in Transport and Tunnel Modes
`Security Associations
`Combining Security Associations
`Security Databases
`Security Policy Database
`Security Association Database
`Key Management
`Internet Key Exchange
`Secure Sockets Layer
`The History of SSL
`Session and Connection States
`The Record Layer Protocol
`The Change Cipher Spec Protocol
`The Alert Protocol
`The Handshake Protocol
`The Client Hello Message
`The Server Hella Message
`The Server Certificate Message
`The Server Key Exchange Message
`The Certificate Request Message
`The Server Hello Done Message
`The Client Certificate Message
`The Client Key Exchange Message
`The Certificate Verify Message
`The Finished Message
`Ending a Session and Connection
`ResumingSessions
`Cryptographic Computations
`Encryption and Authentication Algorithms
`Summary
`Real-World Examples
`
`213
`215
`216
`217
`218
`219
`220
`222
`222
`223
`224
`227
`227
`228
`230
`231
`232
`253
`234
`235
`236
`236
`237
`237
`237
`238
`238
`239
`239
`240
`240
`240
`24)
`242
`
`
`
`Chapter 8=Application-Layer Security Protocols 243
`
`S/MIME
`Overview
`S/MIME Functionality
`Cryptographic Algorithms
`
`50
`
`744
`244
`245
`245
`
`50
`
`
`
`Contents
`
`S/MIME Messages
`EnhancedSecurity Services
`Interoperability
`Secure Electronic Transaction (SET)
`Business Requirements
`SET Features
`SET Participants
`Dual Signatures
`SET Certificates
`Payment Processing
`Suimmary
`Real-World Examples
`
`247
`252
`253
`253
`254
`255
`256
`257
`258
`260
`264
`265
`
`
`
`Chapter 9=Hardware Solutions: Overcoming Software Limitations 267
`
`Cryptographic Accelerators
`26/7
`Authentication Tokens
`269
`Token Form Factors
`270
`Noncontact Tokens
`270
`Contact Tokens
`275
`Smart Cards
`275
`Smart Card Standards
`276
`Types of Smart Cards.
`276
`Readers and Terminals
`278
`JavaCards
`279
`History and Standards
`279
`JavaCard Operations
`280
`Other Java Tokens
`28]
`Biometrics
`282
`Biometric Systems Overview
`282
`Recognition Methods
`285
`Biometric Accuracy
`288
`Combining Authentication Methods
`289
`Summary
`291
`Vendors
`291
`
`Chapter 10 Digital Signatures: Beyond Security
`Legislative Approaches
`Legal Guidelines from the American Bar Association
`Legal Concepts Related to Digital Signatures
`
`293
`295
`295
`296
`
`51
`
`51
`
`
`
`
`
` Contents Xl
`
`Nonrepudiation
`Authentication
`
`Written Versus Digital Signatures
`Requirements for the Use of Digital Signatures
`Public Key Infrastructures
`Control of Key Revocation
`Time-Stamping
`Current and Pending Legislation
`The E-SIGN Act
`Dealing with Legal Uncertainties
`Summary
`Real-World Examples
`
`Chapter 11 Doing It Wrong: The Break-Ins
`
`Measuring Losses
`,
`Types of Security Threats
`Unauthorized Disclosure of Data
`
`Unauthorized Modification of Data
`
`Unauthorized Access
`
`Disclosure of NetworkTraffic
`Spoofing of Network Traffic
`Identifying Intruders
`Insiders
`
`Hackers
`
`Terrorists
`Foreign Intelligence Services
`Hactivists
`Intruder Knowledge
`Case Studies
`
`Data in Transit
`
`Data at Rest
`
`Authentication
`Implementation
`Information Security; Law Enforcement
`Summary
`
`Chapter 12 Doing It Right: Following Standards
`
`Security Services and Mechanisms
`Authentication
`
`52
`
`296
`298
`
`299
`299
`300
`300
`300
`302
`303
`306
`307
`307
`
`309
`
`309
`310
`31]
`
`31]
`
`312
`
`313
`314
`314
`315
`
`315
`
`315
`316
`316
`317
`317
`
`3)7
`
`318
`
`319
`320
`32]
`322
`
`323
`
`324
`324
`
`52
`
`
`
`
`
`Xil Contents
`
`Confidentiality
`Integrity
`Nonrepudiation
`Standards, Guidelines, and Regulations
`The Internet Engineering Task Force
`ANSI X9
`
`National Institute of Standards and Technology
`Common Criteria
`
`The Health Insurance Portability Act
`Developer Assistance
`Insurance
`
`Security Research
`Case Studies
`
`Implementation
`Authentication
`
`Data at Rest
`
`Data in Transit
`
`Summary
`
`Appendix A Bits, Bytes, Hex, and ASCII
`
`326
`
`326
`
`327
`
`327
`
`327
`
`328
`
`328
`
`330
`
`330
`
`33)
`
`332
`
`332
`
`333
`
`333
`
`334
`
`335
`
`336
`
`336
`
`339
`
`Appendix B A Layman’ Guide to a Subset of ASN.1, BER, and DER
`
`347
`
`Appendix C Further Technical Details
`
`Index
`
`387
`
`40/7
`
`53
`
`
`
`53
`
`
`
`Credits
`
`Oracle is a registered trademark of Oracle Corporation. Various product
`and service names referenced herein may be trademarks of Oracle
`Corporation, All other product and service names mentioned may be
`trademarksof their respective owners.
`
`The ALX 300 is courtesy of Compaq Computer Corporation.
`
`The ikey 2000 and the CryptoSwift accelerator is courtesy of Rainbow
`Technologies, Inc.
`Data Keyis courtesy of Datakey Inc.
`The Java Ring is courtesy of Dallas Semiconductor Corp.
`
`The box blue accelerator and card reader is courtesy of nCipher Inc.
`
`The Luna CA3—Photos courtesy of Chrysalis-ITS®, Inc.
`
`The Smarty Smart Card Readeris courtesy of SmartDisk Corporation.
`
`The RSA SecurID Card and token are courtesy of RSA Security Inc.
`
`The BioMouse Plus is courtesy of American Biometric Company.
`The XyLocproximity card is eourtesy of Ensure Technologies.
`The Trusted Time products are courtesy of Datum.
`
`54
`
`54
`
`
`
`55
`
`55
`
`
`
`Foreword
`
`Welcome to the second book from RSA Press, RSA Security’s Official
`Guide to Cryptography!
`As the Internet becomes a more pervasive part of daily life, the need
`for e-security becomes even morecritical. Any organization engaged in
`online activity must assess and manage the e-security risks associated
`with this activity. Effective use of cryptographic techniquesis at the core
`of many of these risk-managementstrategies. This book provides a prac-
`tical guide for the use of cryptographic ¢-security technologies to provide
`for privacy, security, and integrity of an organization’s most precious
`asset: data.
`It is an exciting time for cryptography, with important technical, busi-
`ness, and legal events occurring in quick succession. This book can help
`the reader better understand the technology behind these events.
`In January 2000, the United States Government announcedasignifi-
`cant relaxation in restrictions on the export of strong cryptography. This
`decision has permitted U.S. companies to now competefor cryptographic
`business on a worldwide basis. Previously, many of the algorithms dis-
`cussed in this book were treated as munitions and were subject to severe
`restrictions on their export from the U.S.
`In September 2000, the patent on the RSA algorithm, arguably the
`most important patent in cryptography, expired. Now anyfirm or indi-
`vidual can create implementations of this algorithm, further increasing
`the pervasiveness of one of the most widespread technologies in the his-
`tory of computing.
`In October 2000, the United States National Institute of Standards and
`Technology announcedits selection of the winnerof the Advanced Encryp-
`tion Standard (AEBS)selection process, an algorithm called Rijndael devel-
`oped by two Belgian researchers. The AES algorithm is intended to
`replace the venerable, and increasingly vulnerable Data Encryption Stan-
`dard (DES)algorithm. AES is expected to become the most widely used
`algorithm of its type in a short time.
`The security technology industry has undergone explosive growth in a
`short period of time, with many new options emergingfor the deployment
`of e-security techniques based on cryptography. Ranging from new devel-
`upments in cryptographic hardware to the use of personal smart cards in
`public key infrastructures, the industry continues to increase the range
`of choices available to address e-security risks. This book provides the
`
`56
`
`56
`
`
`
`
`
`XV[
`
`Foreword
`
`reader with a solid foundation in the core cryptographic techniques of
`e-security—including RSA, AES, and DES mentioned previously, and
`many others—and then builds on this foundation to discuss the use of
`these techniques in practical applications and cutting-edge technologies.
`While this book does discuss the underlying mathematics of cryptog-
`raphy, its primary focus is on the use of these technologies in familiar,
`real-world settings. It takes a systems approach to the problemsof using
`cryptographic techniquesfor e-security, reflecting the fact that the degree
`of protection provided by an e-security deploymentis only as strong as the
`weakest link in the chain of protection.
`We hope that you will enjoy this hook and the othertitles from RSA
`Press. We welcome your comments as well as your suggestions for future
`RSAPress books. For more information on RSA Security, please visit our
`website at www. rsasecurity.com; more information on RSA Press can
`be found at www. rsapress.com.
`
`Burt Kaliski
`Director and Chief Scientist
`RSA Laboratories
`
`bkaliski@rsasecurity.com
`
`57
`
`
`
`57
`
`
`
`Acknowledgments
`
`The first person I'd like to thank is Stephen Paine. He did the work of
`putting together the original proposal and outline. Later on, he reorga-
`nized the structure to make the book better. He planned; I just wrote.
`Betsy Hardinger and LeeAnnPickrell at Osborne/McGrawHill are the
`two editors who made many suggestions (most of which we accepted) to
`improve the language, readability, and flow of the content. Stephen Paine
`and I have our names on the book, but I think they deserve plenty of
`credit for their contributions.
`Blake Dournace of RSA did a great job of reviewing. If it hadn’t been
`for Blake, I would be suffering from great embarrassmentfor a couple of
`mistakes he caught. Of course, anyerrorsstill residing in this book belong
`entirely to Stephen and me.
`We received help from many people for the examples. Mark Tessin of
`Reynolds Data Recovery and: Dennis Vanatta of 4Sites Internet Services
`gave methe information and screen shot for the data recovery discussion
`in Chapter 1. Mary Ann Davidson and Kristy Browderof Oracle helped
`me put together the example in Chapter 2. For the Keon example, Peter
`Rostin and Nino Marino of RSA were mysources.
`The people at Osborne/McGraw Hill said we had complete control over
`the acknowledgments, so I'd like to thank some people who didn’t con-
`tribute to the book so much as contributed to mycareer. If it hadn’t been
`for Dave Neff at Intergraph, I don’t think I would have been much of a
`programmer and hence never could have been successful enough at RSA
`to be chosen to write this book. It was Victor Chang, then the VP of engi-
`neering at RSA, whohired me, let me do all kinds of wonderful things in
`the field and industry of cryptography, and made RSA engineering a great
`place to work. The geniuses of RSA Labs,especially Burt Kaliski and Matt
`Robshaw, taught me most of the crypto I know today, and the engineers
`at RSA, especially Dung Huynh and Pao-Chi Hwang, taught meall about
`the crypto code.
`
`—Steve Burnett
`
`Thefirst person I’d like to thank is Steve Burnett. I am positive that if
`he had not agreed to co-author this book with me, I might have given up
`before I began.
`RSAPress definitely must be thanked for giving Steve Burnett and me
`a chance to write this book. Also, I'd like to thank Steve Elliot, Alex
`Corona, Betsy Hardinger, LeeAnn Pickrell, and all of the other employees
`of Osborne/McGraw Hill who worked to make this book possible.
`
`58
`
`58
`
`
`
`
`
`
`
`XVIII Acknowledgments
`
`Both Jessica Nelson and Blake Dournaee did an excellent job provid-
`ing technical review—thank you. I'd like to offer a special thanks to
`MohanAtreya and Scott Maxwell of RSA Security; both were a sourceof
`excellent ideas and technical input.
`Thanks to my friends at RSA Security for being patient and under-
`standing while I worked long hours on the book.
`I especially want to thank Jerry Mansfield, a great friend who taught
`me to take life as it comes. Finally, I would like to thank my family for
`their support.
`
`—Stenhen Paine
`
`59
`
`
`
`59
`
`
`
`Preface
`
`Application developers never used to add security to their products
`because the buying public didn’t care, To add security meant spending
`money to include features that did not help sales. Today, customers
`demand security for many applications. The Federal Bureau of Investi-
`gation published the following Congressional Statement on February 16,
`2000:
`
`“There were over 100 million Internet users in the United States in 1999.
`That numberis projected to reach 177 million in United States and 502 mil-
`lion worldwide by the end of 2003. Electronic commerce has emerged as a
`new sector of the American economy, accounting for over $100 billion in sales
`during 1999; by 2003 electronic commerceis projected to exceed $1 trillion.”
`
`At the same time, the Computer Security Institute (CSI) reported an
`increase in cybercrime, “55% of the respondents to our survey reported
`malicious activity by insiders.” Knowingthis, you can be sure growingcor-
`porations need security products.
`The most importantsecurity tool is cryptography. Developers and engi-
`neers need to understand crypto in order to effectively build it into their
`products. Sales and marketing people need to understandcrypto in order
`to prove the products they are selling are secure. The customers buying
`those products, whether end users or corporate purchasing agents, need
`to understand crypto in order to make well-informed choices and then to
`use those products correctly. IT professionals need to understand crypto
`in order to deploy it properly in their systems. Even lawyers need to
`understand crypto because governmentsat the local, state, and national
`level are enacting new laws defining the responsibilities of entities hold-
`ing the public’s private information.
`This book is an introduction to crypto. It is not about the history of
`crypto (although you will find somehistorical stories). It is not a guide to
`writing code, nor a math booklisting all the theorems and proofs of the
`underpinningsof crypto. It does not describe everything there is to know
`about crypto; rather, it describes the basic concepts of the most widely
`used crypto in the world today. After reading this book, you will know
`
`60
`
`60
`
`
`
`
`
`XX
`
`Preface
`
`what computer cryptography does and howit’s used today. For example,
`you will
`
`mw Understandthe difference between a block cipher and a stream
`cipher and know whento use each(if someonetries to sell you an
`application that reuses a stream cipher’s key, you will know why you
`shouldn’t buyit).
`m Know why you should not implement key recovery on a signing-only
`key.
`w Understand what SSL does and whyit is not the securily magic
`bullet solving all problems, which sume e-commerce sites seem to
`imply.
`mw Learn how some companies haveeffectively implemented crypto in
`their products.
`m Learn how some companies have used crypto poorly (smart people
`learn from their own mistakes; brilliant people learn from other
`people’s mistakes).
`
`There are, of course, many more things you will learn in this book.
`Chapter 1 delves into why cryptography is needed today; Chapters 2
`through 5 describe the basic building blocks ofcrypto, such as symmetric
`keys and public keys, password-based encryption, and digital signatures.
`In Chapters 6 through 8, you will see how these building blocks are used
`to create an infrastructure throughcertificates and protocols. In Chapter
`9, you will learn how specialized hardware devices can enhance your secu-
`rity. Chapter 10 explores the legal
`issues around digital signatures.
`Finally, Chapters 11 and 12 show you somereal-world examples of com-
`panies doing it wrong and doingit right.
`Throughout this book we use some standard computer hexadecimal
`notation. For instance, we might show a cryptographic key suchasthefol-
`lowing:
`
`.
`
`Ox14C608B9 62AF9086
`
`Many of you probably know what that means, but if you don’t, read
`Appendix A.It’s all about how the computer industry displays bits and
`bytes in hexadecimal. It also describes ASCII, the standard wayletters,
`numerals, and symbols are expressed in computers.
`
`61
`
`
`
`61
`
`
`
`
`
`Preface XX!
`
`In Chapter 6, you'll find a brief description of ASN.1 and BER/DER
`encoding. If you want
`to drill down further into this topic, read
`Appendix B.
`In Appendix C, you will find further detailed information about many
`of the topics discussed in the book. These details are not crucial to under-
`standing the concepts presented in the main body of the book; but for
`those who wish to learn more about the way crypto is used today, this
`appendix will offer interesting reading.
`Finally, the accompanying CD contains the RSA Labs Frequently
`Asked Questions (FAQ) about cryptography. The FAQ contains more
`detailed information about many of the concepts presented in this book.
`For instance, the FAQ describes much of the underlying math of crypto
`and thepolitical issues surrounding export, and it offers a glossary and
`bibliography. Our goal in writing this book wasto explain the crypto that
`the vast majority of you need to know.If you want more detail, start with
`the FAQ.
`
`62
`
`62
`
`
`
`About the Authors
`
`Steve Burnett With degrees in math from Grinnell College in lowa
`and The Claremont Graduate School in California, Steve Burnett has
`spent most of his career converting math into computer programs,first
`at Intergraph Corporation and now with RSA Security. He is currently
`the lead crypto engineer for RSA’s BSAFE Crypto-C and Crypto-J prod-
`ucts, which are general purpose crypto software development kits in C
`and Java. Burnett is also a frequent speaker at industry events andcol-
`lege campuses.
`
`Stephen Paine Stephen Paine has worked in the security field
`throughout most of his career—formerly for the United States Marine
`Corps and SUN Microsystems. He is currently a systems engineer for
`RSA Security, where he explains security concepts to corporations and
`developers worldwide and provides training to customers and RSA
`employees.
`
`About the Reviewers
`
`Blake Dournaee Blake Dournaeejoined RSA Security’s developer sup-
`port team in 1999, specializing in support and training for the BSAFE
`cryptography toolkits. Prior to joining RSA Security, he worked at NASA-
`Ames Research Centerin their security development group. He has a B.S.
`in ComputerScience from California Polytechnic State University in San
`Luis Obispo and is currently a graduate student at the University of
`Massachusetts.
`
`Jessica Nelson Jessica Nelson comes from a strong background in com-
`puter security. As an officer in the United States Air Force, she spear-
`headed the 12 Air Force/Southern Command Defensive Information
`Warfare division. She built programs that integrated computer and com-
`munications security into the DoD’s Information Warfare. She graduated
`from UCSD with a degree in physics and has worked with such astro-
`physicists as Dr. Kim Griest and Dr. Sally Ride, She currently acts as tech-
`nical sales lead in the western division of a European security company.
`
`63
`
`
`
`63
`
`
`
`
`
`“Accordingto the affidavit in supportof the criminal complaint, the Secret
`Service began investigating this matter when it learned that there had
`been unauthorized access to [online brokerage] accounts ofseveral [anony-
`mous company] employees. One [anonymous company] employee told
`authorities that approximately $285,000 had been drained from his
`[online brokerage] account when an unknown person was able to access his
`account by calling the online broker and providing a name andsocial secu-
`rity number. It was later determined that at least eight [anonymous com-
`pany] employees had been victimized this past spring, and that these eight
`had lost a total of$700,000 from their stock accounts .
`.
`. [anonymous com-
`pany] officials revealed that while working in the financial department,
`[the accomplice] had access to confidential employee information such as
`social security numbers and home addresses.”*
`If someonetells you, “I don’t need security. I have no secrets, nothing
`to hide,” respond by saying, “OK, let me see your medicalfiles. How
`about your paycheck, bank statements, investment portfolio, and credit
`card bills? Will you let me write down your Social Security number,
`
`
`
`
`
`*Source: U.S. Departmentof Justice, July 20, 2000
`
`64
`
`64
`
`
`
`2
`
`Chapter 1
`
`credit card numbers, and bank account numbers? What's the PIN for
`your ATM,credit card, or phone card? What’s your passwordto log on to
`the network at work? Where do you keep your spare house key?”
`The point is that we all have information we want kept private. Some-
`times the reason is simply our natural desire for privacy; we would feel
`uncomfortable if the whole world knew our medicalhistory or financial
`details. Another good reason is self-protection—thieves could use some
`kinds of information to rob us. In other words, the motives for keeping a
`secret are not automatically nefarious.
`Corporations also have secrets—strategy reports, sales forecasts, tech-
`nical product details, research results, personnel
`files, and so on.
`Although dishonest companies mighttry to hide villainous activities from
`the public, most firms simply want to hide valuable information from dis-
`honest people. These people may be working for competitors, they might
`be larcenous employees, or they could be hackers andcrackers: people who
`break into computer networks to steal information, commit vandalism,
`disrupt service, or simply to show what they can do.
`
`Security Provided by Computer
`Operating Systems
`
`In the past, security was simply a matter of locking the door or storing
`files in a locked filing cabinet or safe. Today, paper is no longer the only
`medium of choice for housing information. Files are stored in computer
`databasesas well as file cabinets. Hard drives and floppy disks hold many
`of our secrets. How do you lock a hard drive?
`
`How Operating Systems Work
`
`Before we talk about how computer data is protected, let’s take a brief
`look at how computers get and store information. The usual way to access
`data on a computeror networkis to go through the operating system (OS),
`such as DOS, Windows, Windows 95, Windows NT, MacOS, UNIX,Linux,
`Solaris, or HP/UX, The OS workslike an application, taking input, per-
`forming operations based on the input, and returning output. Whereas,for
`
`65
`
`65
`
`
`
`Why Cryptography?
`
`3
`
`example, a spreadsheet application takes the numbers you type into it,
`inserts them into cells, and possibly performs calculations such as adding
`columns, an OS takes your commandsin the form of mouseclicks,joy-
`sticks, touch screens, or keyboard input-commandssuch as “showa listing
`of the files in this directory’—and performs the request, such as printing
`to the screenalist offiles. You can also ask the OSto launch a particular
`application—say, a text editor. You then tell the text editor to openafile.
`Behind the scenes, the editor actually asks the OS to find thefile and
`makeits contents available to the editor.
`Virtually all computers built today include some form of protection
`courtesy of the OS,Let’s take a look at how such protection works.
`
`Default OS Security: Permissions
`
`Virtually all operating systems have some built-in permissions, which
`allow only certain people access to the computer(its hard drive, memory,
`disk space, and network connection), Such access is implemented via a
`login procedure. If the user does not present the appropriate credentials
`(perhaps a user name and password), the OS will not allow that individ-
`ual to use the computer. But even after a user is logged in, certain files
`may still be off-limits. If someone asks to see a file, the OS checks to see
`whetherthat requesteris on thelist of approved users; if not, the OS does
`not disclose the contents (see Figure 1-1).
`Access to most business computers and networksis controlled by some-
`one known as a superuser or system administrator (often shortened to sys
`admin). This system administrator is the person charged with creating
`and closing user accounts and maintaining the systems and network. A
`typical task of this superuser accountis to override protections. Someone
`forgot a password? A file is read-protected (meaning that it cannot be
`opened and read)? The superuser has permission to circumvent the OS
`permissions to respondto these problems. (This is where the name “super-
`user” comes from; this individual can do anything.)
`How does the OS know that the person requesting such system over-
`rides is the superuser? The OS grants this access by user name and pass-
`word. The superuser user nameis usually “su”or “root” or “administrator.”
`Unfortunately, techniques for circumventing these default defenses are
`widely known.
`
`66
`
`66
`
`
`
`A
`
`Chapter1
`
`
`
`Figure 1-1
`(a) In Windows
`NT,a file’s
`permission is
`given in its
`Properties screen.
`(b) In UNIX, you
`type Is -I to see a
`file’s permission
`
`|| oe do we Gs Rrecaten ey
`.
`a
`|
`3 + -G | #
`S| 4
`
`
`ai
`
`|
`
`
`
`Cewerare
`roaf ed
`WrTt Daeae
`tun 35
`
`
`
`Bex) 60 (Gee
`
`canry% Is 1
`total 276
`41 burnetts eng
`-reer=-r-~
`41 burnetts eng
`-rw-r—r--
`1 burnetts eng
`-ruer--r--
`camryt chaod 664 rcé.txt
`camry% 1s -1
`total 216
`reé.txt
`93992 Feb 73 10:48
`-rwerere-=1 burnetts eng
`2500 Feb 12 10:47
`recopt.txt
`-ry-r--r--
`1 sburnetts eng
`42721 Feb 19 10:47
`redpert. tat
`-reer--r-=
`14 burnetts eng
`canrys §
`
`929292 Feb 13 10:48
`2508 Feb 13 18:47
`412721 Feb 13 10:47
`
`re6 KE
`redopt.txt
`refper? .txt
`
`Attacks on Passwords
`
`
`
`Many computers or operating systems come with a preset superuser
`account and password. In manycases, several passwords are used for var-
`ious superuser functions. The superuser may have a password to create
`accounts, a different password to control network functionality, anotherto
`conduct or access nightly backups, and so on,
`
`67
`
`67
`
`
`
`Why Cryptography?
`
`5
`
`For a cracker, logging on to a system as the superuseris possibly the
`best wayto collect data or do damage.If the superuser has not changed an
`operating system’s preprogrammed passwords, the networkis vulnerable
`to attack. Most crackers know these passwords, and their first attempt to
`break into a network is simply to try them.
`If an attacker cannotlog on as th