Skip to Content.
Sympa Menu

edugain-discuss - [eduGAIN-discuss] Cryptographic strength of UK federation eduGAIN upstream

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

[eduGAIN-discuss] Cryptographic strength of UK federation eduGAIN upstream


Chronological Thread 
  • From: Alex Stuart <Alex.Stuart AT jisc.ac.uk>
  • To: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: [eduGAIN-discuss] Cryptographic strength of UK federation eduGAIN upstream
  • Date: Fri, 3 Jun 2022 14:47:54 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jisc.ac.uk; dmarc=pass action=none header.from=jisc.ac.uk; dkim=pass header.d=jisc.ac.uk; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TI31D1OZWzJdiDduJXeC+sNZ27jM5XlHWkZLlqVu/pk=; b=mL1+ncNXNhawcp1JZZbOIf3jIuiBdJD+czXurf6m4SrQ+ovp98EY7aXr4+vlpOUIaJ2uGhikmVzNpWQ+jgIvOw33w81aKmrx9QYDEmHbF9MkQhURbqH6jNj4KCLyJIK4Kcp9mleporIxqV0x1kL2ihOL+DDA99yGFq1nygmagvBEl12q3T1CBMG63IObnA9bH4x/IbyB6M87fJzx01UMduUTYb1aUzj5L8WzpJeGQq57GVS9jobpt3WhiJR7LeVFjzYh+rEIzv2QzNcKeSKrtPfsJ5+sN7qhQ6UXZvnio3ineSWdbGtATfmDA0NHoqsKE7unSsSb+in0jtU9CmHGkA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Gk803TVkYmSZFi44bSuocL5B52JrwHa2Tix0wtF09SBGQNdOD56D2bQ0owUyUW00a3M/L4fNaUKxsOtHDt43DlLM8eSmAxMR1H9C+0GxeO6LhHHGgJq+fovcJRKroEnhQiZVzg6BBrLLla44ruuAZ0oaMexi3yyHAOsS3rBfEWqTCMpFy3PqAtH4p7KbneVXrhpQnoVJXmGuzkK2Fb/AjKVHf/8X0aWlpXUaYadm1hgrWTI5/T/n8zsw3VtZG1b2SMAFGAp7QeUuMqC6pzDyyUX8hs/OzuQCi3WPKLs9Ts7mRygjGFhu/4nGisHHzWaVq2Y4MZqfMG5qWxIz/nOEpA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jisc.ac.uk;

Dear Colleagues,

We in the UK federation team are reviewing the cryptographic strength of our
metadata publication service. Integrity & authenticity of our aggregates
(including our eduGAIN upstream feed) is provided by a 2K RSA key, SHA-256
signature and digest algorithms. We are using a 4K RSA key in our MDQ
service, and considered the questions: should we be migrating to the 4K key,
and by when? TL;DR Yes, by 2030.

I hope our analysis is interesting for the member federations of eduGAIN.

We have taken the eduGAIN upstream feeds from the eduGAIN API [0] and
determined the cryptographic parameters of each. The data below presents the
triples (RSA key size, signature algorithm, digest algorithm) and the number
of eduGAIN upstream feeds which use that triple.

(2048, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'http://www.w3.org/2001/04/xmlenc#sha256'): 34
(3072, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'http://www.w3.org/2001/04/xmlenc#sha256'): 4
(4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'http://www.w3.org/2001/04/xmlenc#sha256'): 32
(4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
'http://www.w3.org/2001/04/xmlenc#sha512'): 1

Given this data, I've collated security strengths as per tables 2 and 3 of
NIST SP 800-57 part 1 rev 5 [1] and the footnotes to table 1 in the
implementation guide for FIPS 140-2 [2] to determine:

- For the first triple, the key size of 2048 is the limiting factor. Strength
112.
- For the second triple, all three quantities have estimated strength 128.
- For the third triple, increasing the key size to 4K (strength 150 according
to the formula in [2]) does not increase the strength above 128 because the
algorithms limit strength to 128
- For the last triple, the algorithms have strength > 256 and it's key size
that's the limiting factor again. Strength 150.

The UK federation feed is one of the 34 federations in the top line of the
data. Is that a bad thing? Not necessarily. We still conform to the eduGAIN
profile [3]. And NIST estimate that this is acceptable through 2030 (Table 4
of [1]).

We have a migration route to higher strength that is available by
transitioning to the 4K MDQ key. We intend to do this in the next couple of
years as we re-engineer our metadata publication toolchain.

We note that the Romanian federation uses SHA-512 algorithms in its eduGAIN
upstream and with its federation members (which include Shibboleth and
simpleSAMLphp entities) so there is a route to higher strength for our
eduGAIN upstream and domestically once we have transitioned to the 4K key.

Any comments, advice or gotchas gratefully received.

Regards,
Alex

[0] Documentation of eduGAIN database access API
https://technical.edugain.org/api

[1] Recommendation for key management
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

[2] Implementation Guidance for FIPS 140-2 and the Cryptographic Module
Validation Program
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf

[3] eduGAIN SAML profile
https://technical.edugain.org/doc/eduGAIN-saml-profile.pdf


Alex Stuart (he/him)
Technical Development Manager (Trust and Identity)
alex.stuart AT jisc.ac.uk









Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under company number. 05747339, VAT
number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol,
BS1 6NB. T 0203 697 5800.


Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited
by guarantee which is registered in England under company number 02881024,
VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane,
Bristol, BS1 6NB. T 0203 697 5800.


Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company
limited by shares which is registered in England under company number
09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall
Lane, Bristol, BS1 6NB. T 0203 697 5800.


For more details on how Jisc handles your data see our privacy notice here:
https://www.jisc.ac.uk/website/privacy-notice



Archive powered by MHonArc 2.6.19.

Top of Page