1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

Slides:



Advertisements
Similar presentations
Cryptography Ch-1 prepared by: Diwan.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Crytography Chapter 8.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Introduction to Cryptography
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.
Cryptography.
Chapter 8 - Cryptography
Web Security for Network and System Administrators1 Chapter 4 Encryption.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Information Systems Security Cryptography Domain #3.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Chapter 8 Network Security 4/17/2017
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
Introduction Cryptography: process of making and using codes to secure transmission of information Encryption: converting original message into a form.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Crypto Bro Rigby. History
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
SEC835 Cryptography Basic. Major Security Services Present in any web application Cryptography, or cryptosystem User’s authentication Access control Audit.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Computer Security Cryptography. Cryptography Now and Before  In the past – mainly used for confidentiality  Today –Still used for confidentiality –Data.
Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Intro to Cryptography Lesson Introduction
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
CISSP Luncheon Series: Cryptography
Chapter 8 Network Security.
CompTIA Security+ Study Guide (SY0-401)
CompTIA Security+ Study Guide (SY0-501)
Chapter 8 Network Security.
Presentation transcript:

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP

Outline  History  Terms & Definitions  Symmetric and Asymmetric Algorithms  Hashing  PKI Concepts  Attacks on Cryptosystems 2

Introduction  “Hidden writing”  Increasingly used to protect information  Can ensure confidentiality Integrity and Authenticity too 3

History – The Manual Era  Dates back to at least 2000 B.C.  Pen and Paper Cryptography  Examples Scytale Atbash Caesar Vigenère 4

History – The Mechanical Era  Invention of cipher machines  Examples Confederate Army’s Cipher Disk Japanese Red and Purple Machines German Enigma 5

History – The Modern Era  Computers!  Examples Lucifer Rijndael RSA ElGamal 6

Speak Like a Crypto Geek Plaintext – A message in its natural format readable by an attacker Ciphertext – Message altered to be unreadable by anyone except the intended recipients Key – Sequence that controls the operation and behavior of the cryptographic algorithm Keyspace – Total number of possible values of keys in a crypto algorithm 7

Speak Like a Crypto Geek (2) Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations 8

Cryptosystem Services  Confidentiality  Integrity  Authenticity  Nonrepudiation  Access Control 9

Types of Cryptography  Stream-based Ciphers One at a time, please Mixes plaintext with key stream Good for real-time services  Block Ciphers Amusement Park Ride Substitution and transposition 10

Encryption Systems  Substitution Cipher Convert one letter to another Cryptoquip  Transposition Cipher Change position of letter in text Word Jumble  Monoalphabetic Cipher Caesar 11

Encryption Systems  Polyalphabetic Cipher Vigenère  Modular Mathematics Running Key Cipher  One-time Pads Randomly generated keys 12

Steganography  Hiding a message within another medium, such as an image  No key is required  Example Modify color map of JPEG image 13

Cryptographic Methods  Symmetric Same key for encryption and decryption Key distribution problem  Asymmetric Mathematically related key pairs for encryption and decryption Public and private keys 14

Cryptographic Methods  Hybrid Combines strengths of both methods Asymmetric distributes symmetric key »Also known as a session key Symmetric provides bulk encryption Example: »SSL negotiates a hybrid method 15

Attributes of Strong Encryption  Confusion Change key values each round Performed through substitution Complicates plaintext/key relationship  Diffusion Change location of plaintext in ciphertext Done through transposition 16

Symmetric Algorithms  DES Modes: ECB, CBC, CFB, OFB, CM  3DES  AES  IDEA  Blowfish 17

Symmetric Algorithms  RC4  RC5  CAST  SAFER  Twofish 18

Asymmetric Algorithms  Diffie-Hellman  RSA  El Gamal  Elliptic Curve Cryptography (ECC) 19

Hashing Algorithms  MD5 Computes 128-bit hash value Widely used for file integrity checking  SHA-1 Computes 160-bit hash value NIST approved message digest algorithm 20

Hashing Algorithms  HAVAL Computes between 128 and 256 bit hash Between 3 and 5 rounds  RIPEMD-160 Developed in Europe published in 1996 Patent-free 21

Birthday Attack  Collisions Two messages with the same hash value  Based on the “birthday paradox”  Hash algorithms should be resistant to this attack 22

Message Authentication Codes  Small block of data generated with a secret key and appended to a message  HMAC (RFC 2104) Uses hash instead of cipher for speed Used in SSL/TLS and IPSec 23

Digital Signatures  Hash of message encrypted with private key  Digital Signature Standard (DSS) DSA/RSA/ECD-SA plus SHA  DSS provides Sender authentication Verification of message integrity Nonrepudiation 24

Encryption Management  Key Distribution Center (KDC) Uses master keys to issue session keys Example: Kerberos  ANSI X9.17 Used by financial institutions Hierarchical set of keys Higher levels used to distribute lower 25

Public Key Infrastructure  All components needed to enable secure communication Policies and Procedures Keys and Algorithms Software and Data Formats  Assures identity to users  Provides key management features 26

PKI Components  Digital Certificates Contains identity and verification info  Certificate Authorities Trusted entity that issues certificates  Registration Authorities Verifies identity for certificate requests  Certificate Revocation List (CRL) 27

PKI Cross Certification  Process to establish a trust relationship between CAs  Allows each CA to validate certificates issued by the other CA  Used in large organizations or business partnerships 28

Cryptanalysis  The study of methods to break cryptosystems  Often targeted at obtaining a key  Attacks may be passive or active 29

Cryptanalysis  Kerckhoff’s Principle The only secrecy involved with a cryptosystem should be the key  Cryptosystem Strength How hard is it to determine the secret associated with the system? 30

Cryptanalysis Attacks  Brute force Trying all key values in the keyspace  Frequency Analysis Guess values based on frequency of occurrence  Dictionary Attack Find plaintext based on common words 31

Cryptanalysis Attacks  Replay Attack Repeating previous known values  Factoring Attacks Find keys through prime factorization  Ciphertext-Only  Known Plaintext Format or content of plaintext available 32

Cryptanalysis Attacks  Chosen Plaintext Attack can encrypt chosen plaintext  Chosen Ciphertext Decrypt known ciphertext to discover key  Differential Power Analysis Side Channel Attack Identify algorithm and key length 33

Cryptanalysis Attacks  Social Engineering Humans are the weakest link  RNG Attack Predict IV used by an algorithm  Temporary Files May contain plaintext 34

Security Protocols  Privacy Enhanced (PEM)  Pretty Good Privacy (PGP) Based on a distributed trust model Each user generates a key pair  S/MIME Requires public key infrastructure Supported by most clients 35

Network Security  Link Encryption Encrypt traffic headers + data Transparent to users  End-to-End Encryption Encrypts application layer data only Network devices need not be aware 36

Network Security  SSL/TLS Supports mutual authentication Secures a number of popular network services  IPSec Security extensions for TCP/IP protocols Supports encryption and authentication Used for VPNs 37

Questions? 38

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.