Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

Published byAubrie Rogers Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP."— Presentation transcript:

1 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP

2 Outline  History  Terms & Definitions  Symmetric and Asymmetric Algorithms  Hashing  PKI Concepts  Attacks on Cryptosystems 2

3 Introduction  “Hidden writing”  Increasingly used to protect information  Can ensure confidentiality Integrity and Authenticity too 3

4 History – The Manual Era  Dates back to at least 2000 B.C.  Pen and Paper Cryptography  Examples Scytale Atbash Caesar Vigenère 4

5 History – The Mechanical Era  Invention of cipher machines  Examples Confederate Army’s Cipher Disk Japanese Red and Purple Machines German Enigma 5

6 History – The Modern Era  Computers!  Examples Lucifer Rijndael RSA ElGamal 6

7 Speak Like a Crypto Geek Plaintext – A message in its natural format readable by an attacker Ciphertext – Message altered to be unreadable by anyone except the intended recipients Key – Sequence that controls the operation and behavior of the cryptographic algorithm Keyspace – Total number of possible values of keys in a crypto algorithm 7

8 Speak Like a Crypto Geek (2) Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations 8

9 Cryptosystem Services  Confidentiality  Integrity  Authenticity  Nonrepudiation  Access Control 9

10 Types of Cryptography  Stream-based Ciphers One at a time, please Mixes plaintext with key stream Good for real-time services  Block Ciphers Amusement Park Ride Substitution and transposition 10

11 Encryption Systems  Substitution Cipher Convert one letter to another Cryptoquip  Transposition Cipher Change position of letter in text Word Jumble  Monoalphabetic Cipher Caesar 11

12 Encryption Systems  Polyalphabetic Cipher Vigenère  Modular Mathematics Running Key Cipher  One-time Pads Randomly generated keys 12

13 Steganography  Hiding a message within another medium, such as an image  No key is required  Example Modify color map of JPEG image 13

14 Cryptographic Methods  Symmetric Same key for encryption and decryption Key distribution problem  Asymmetric Mathematically related key pairs for encryption and decryption Public and private keys 14

15 Cryptographic Methods  Hybrid Combines strengths of both methods Asymmetric distributes symmetric key »Also known as a session key Symmetric provides bulk encryption Example: »SSL negotiates a hybrid method 15

16 Attributes of Strong Encryption  Confusion Change key values each round Performed through substitution Complicates plaintext/key relationship  Diffusion Change location of plaintext in ciphertext Done through transposition 16

17 Symmetric Algorithms  DES Modes: ECB, CBC, CFB, OFB, CM  3DES  AES  IDEA  Blowfish 17

18 Symmetric Algorithms  RC4  RC5  CAST  SAFER  Twofish 18

19 Asymmetric Algorithms  Diffie-Hellman  RSA  El Gamal  Elliptic Curve Cryptography (ECC) 19

20 Hashing Algorithms  MD5 Computes 128-bit hash value Widely used for file integrity checking  SHA-1 Computes 160-bit hash value NIST approved message digest algorithm 20

21 Hashing Algorithms  HAVAL Computes between 128 and 256 bit hash Between 3 and 5 rounds  RIPEMD-160 Developed in Europe published in 1996 Patent-free 21

22 Birthday Attack  Collisions Two messages with the same hash value  Based on the “birthday paradox”  Hash algorithms should be resistant to this attack 22

23 Message Authentication Codes  Small block of data generated with a secret key and appended to a message  HMAC (RFC 2104) Uses hash instead of cipher for speed Used in SSL/TLS and IPSec 23

24 Digital Signatures  Hash of message encrypted with private key  Digital Signature Standard (DSS) DSA/RSA/ECD-SA plus SHA  DSS provides Sender authentication Verification of message integrity Nonrepudiation 24

25 Encryption Management  Key Distribution Center (KDC) Uses master keys to issue session keys Example: Kerberos  ANSI X9.17 Used by financial institutions Hierarchical set of keys Higher levels used to distribute lower 25

26 Public Key Infrastructure  All components needed to enable secure communication Policies and Procedures Keys and Algorithms Software and Data Formats  Assures identity to users  Provides key management features 26

27 PKI Components  Digital Certificates Contains identity and verification info  Certificate Authorities Trusted entity that issues certificates  Registration Authorities Verifies identity for certificate requests  Certificate Revocation List (CRL) 27

28 PKI Cross Certification  Process to establish a trust relationship between CAs  Allows each CA to validate certificates issued by the other CA  Used in large organizations or business partnerships 28

29 Cryptanalysis  The study of methods to break cryptosystems  Often targeted at obtaining a key  Attacks may be passive or active 29

30 Cryptanalysis  Kerckhoff’s Principle The only secrecy involved with a cryptosystem should be the key  Cryptosystem Strength How hard is it to determine the secret associated with the system? 30

31 Cryptanalysis Attacks  Brute force Trying all key values in the keyspace  Frequency Analysis Guess values based on frequency of occurrence  Dictionary Attack Find plaintext based on common words 31

32 Cryptanalysis Attacks  Replay Attack Repeating previous known values  Factoring Attacks Find keys through prime factorization  Ciphertext-Only  Known Plaintext Format or content of plaintext available 32

33 Cryptanalysis Attacks  Chosen Plaintext Attack can encrypt chosen plaintext  Chosen Ciphertext Decrypt known ciphertext to discover key  Differential Power Analysis Side Channel Attack Identify algorithm and key length 33

34 Cryptanalysis Attacks  Social Engineering Humans are the weakest link  RNG Attack Predict IV used by an algorithm  Temporary Files May contain plaintext 34

35 E-mail Security Protocols  Privacy Enhanced Email (PEM)  Pretty Good Privacy (PGP) Based on a distributed trust model Each user generates a key pair  S/MIME Requires public key infrastructure Supported by most e-mail clients 35

36 Network Security  Link Encryption Encrypt traffic headers + data Transparent to users  End-to-End Encryption Encrypts application layer data only Network devices need not be aware 36

37 Network Security  SSL/TLS Supports mutual authentication Secures a number of popular network services  IPSec Security extensions for TCP/IP protocols Supports encryption and authentication Used for VPNs 37

38 Questions? 38

Download ppt "1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP."

Similar presentations

Cryptography Ch-1 prepared by: Diwan.

Cryptography Ch-1 prepared by: Diwan.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Crytography Chapter 8.

Crytography Chapter 8.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Introduction to Cryptography

Introduction to Cryptography
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.

Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptography.

Cryptography.
Chapter 8 - Cryptography

Chapter 8 - Cryptography
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Information Systems Security Cryptography Domain #3.

Information Systems Security Cryptography Domain #3.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Cryptography Basic (cont)

Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google