Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon."— Presentation transcript:

1 Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon. (2003). All-In-One CISSP Certification Exam Guide. New York: McGraw-Hill/Osborne.

2 Security + Exam and Cryptography 4.1 Identify and explain hashing, symmetric, asymmetric (chpt. 5) 4.1 Identify and explain hashing, symmetric, asymmetric (chpt. 5) 4.2 Understand cryptography and confidentiality, integrity (digital signatures), authentication, non-repudiation (digital signatures), access control (Chpt. 5) 4.2 Understand cryptography and confidentiality, integrity (digital signatures), authentication, non-repudiation (digital signatures), access control (Chpt. 5) 4.3 PKI: certificates, certificate policies, revocation, trust models (Chpt. 5) 4.3 PKI: certificates, certificate policies, revocation, trust models (Chpt. 5) 4.4 Crypto standards and protocols (Chpt. 5) 4.4 Crypto standards and protocols (Chpt. 5) 4.5 Key Management and Certificate Lifecycles (centralized v. decentralized, storage, escrow, expiration, revocation, suspension, recovery, renewal, destruction, key usage (Chpt. 6) 4.5 Key Management and Certificate Lifecycles (centralized v. decentralized, storage, escrow, expiration, revocation, suspension, recovery, renewal, destruction, key usage (Chpt. 6)

3 Sources of Lecture Slides are drawn from several sources. Slides are drawn from several sources. Some research from Conklin, W. A., G. White, C. Cothren, D. Williams, R. Davis. (2004). Principles of Computer Security. Boston: McGraw-Hill Technology Education. Some research from Conklin, W. A., G. White, C. Cothren, D. Williams, R. Davis. (2004). Principles of Computer Security. Boston: McGraw-Hill Technology Education. Also material from Schneier, B. (2000, 2004). Secrets & Lies: Digital Security in a Networked World. Indianapolis: Wiley Publishing, Inc. Also material from Schneier, B. (2000, 2004). Secrets & Lies: Digital Security in a Networked World. Indianapolis: Wiley Publishing, Inc. Most of this material from Harris, Shon. (2003). All- In-One CISSP Certification Exam Guide. New York: McGraw-Hill/Osborne. Most of this material from Harris, Shon. (2003). All- In-One CISSP Certification Exam Guide. New York: McGraw-Hill/Osborne.

4 Exam 1 Real exam is 90 minutes for 100 questions, you must get a score of 764, and your points are normalized from 100 to 900 points (i.e., changed in scale Real exam is 90 minutes for 100 questions, you must get a score of 764, and your points are normalized from 100 to 900 points (i.e., changed in scale Our exam 1 will be from real Security + exams, and will cover sections that are matched to the chapters in our text, our lectures and the Schneier book. Our exam 1 will be from real Security + exams, and will cover sections that are matched to the chapters in our text, our lectures and the Schneier book. First exam will have 60 multiple choice questions. First exam will have 60 multiple choice questions.

5 Outline of Crypto Section History of Cryptography History of Cryptography Common elements of all cryptographic systems Common elements of all cryptographic systems Cryptographic systems strength Cryptographic systems strength Types of ciphers Types of ciphers Government involvement Government involvement Symmetric and asymmetric encryption Symmetric and asymmetric encryption Digital signatures and certificate authorities Digital signatures and certificate authorities Cryptography in real networks Cryptography in real networks PKI PKI

6 Outline, cont’d. Key escrow Key escrow Methods of Encryption Methods of Encryption Symmetric cryptography in Networks Symmetric cryptography in Networks Asymmetric cryptography in Networks Asymmetric cryptography in Networks Hybrid systems Hybrid systems PKI PKI CA CA Message Integrity and Hashes Message Integrity and Hashes Digital Signature Digital Signature One time pad One time pad

7 Outline, cont’d Key management Key management Hardware vs. software key management Hardware vs. software key management Email standards, MIME, S/MIME, PEM, MSP Email standards, MIME, S/MIME, PEM, MSP Standard cryptography used in networks of interest Standard cryptography used in networks of interest Attacks on crypto systems Attacks on crypto systems

8 History of Crypto The Code Book The Code Book Substitution cipher Substitution cipher Transposition cipher Transposition cipher Monoalphabetic substitution Monoalphabetic substitution Scytale cipher Scytale cipher Caesar cipher Caesar cipher Mary Queen of Scots Mary Queen of Scots Benedict Arnold Benedict Arnold Enigma and Turing Enigma and Turing Windtalkers Windtalkers Lucifer Lucifer

9 Common Elements of All Crypto Cryptanalysis. Trying to figure out the message without the key. Cryptanalysis. Trying to figure out the message without the key. Algorithm. Set of mathematical rules that dictate enciphering and deciphering. Not part of the encryption process, widely known. Algorithm. Set of mathematical rules that dictate enciphering and deciphering. Not part of the encryption process, widely known. Key. The key is the secret part of the process. An algorithm contains a keyspace, which is a range of values that can be used to construct a key. Key is random values within the keyspace range. The larger the key space, the more values can be used, and some think the safer the key, although Schneier disagrees. Key. The key is the secret part of the process. An algorithm contains a keyspace, which is a range of values that can be used to construct a key. Key is random values within the keyspace range. The larger the key space, the more values can be used, and some think the safer the key, although Schneier disagrees. Keyspace: Possible values to construct keys Keyspace: Possible values to construct keys Plaintext. The original data. Plaintext. The original data. Ciphertext. Message after key is used following the algorithm to the message, transforming it so eavesdroppers cannot figure it out. Ciphertext. Message after key is used following the algorithm to the message, transforming it so eavesdroppers cannot figure it out.

10 Common Elements of All Crypto Encipher: Transform data into unreadable format Encipher: Transform data into unreadable format Decipher: Transform data into readable format Decipher: Transform data into readable format Work factor: Definition of the amount of time, effort and resources necessary to break a crypto system. Work factor: Definition of the amount of time, effort and resources necessary to break a crypto system.

11 Cryptographic Systems Strength Strength of encryption comes from: Algorithm, secrecy of key, length of key, initialization vectors, and how they all work together. Strength of encryption comes from: Algorithm, secrecy of key, length of key, initialization vectors, and how they all work together. Improper protection of the key can seriously weaken crypto. (2600 discussion) Improper protection of the key can seriously weaken crypto. (2600 discussion) Goals of Crypto systems: confidentiality, authenticity, integrity, nonrepudiation Goals of Crypto systems: confidentiality, authenticity, integrity, nonrepudiation Crypto system: The hardware and software that implement the crypto transformations Crypto system: The hardware and software that implement the crypto transformations

12 Types of Ciphers Substitution cipher Substitution cipher Transposition cipher Transposition cipher Running and concealment cipher Running and concealment cipher Stream and Block Ciphers Stream and Block Ciphers A little bit different: Steganography A little bit different: Steganography

13 Government Involvement NSA NSA Clipper Chip Clipper Chip FBI and Wiretapping FBI and Wiretapping

14 Symmetric and Asymmetric Encryption Symmetric: Faster than asymmetric, hard to break with large key, hard to distribute keys, too many keys required, cannot authenticate or provide non-repudiation. Symmetric: Faster than asymmetric, hard to break with large key, hard to distribute keys, too many keys required, cannot authenticate or provide non-repudiation. Includes: DES, Triple DES, Blowfish, IDEA, RC4, RC5, RC6, AES Includes: DES, Triple DES, Blowfish, IDEA, RC4, RC5, RC6, AES

15 Symmetric and Asymmetric Encryption Asymmetric cryptography: Better at key distribution, better scalability for large systems, can provide authentication and non-repudiation, slow, math intensive Asymmetric cryptography: Better at key distribution, better scalability for large systems, can provide authentication and non-repudiation, slow, math intensive Includes: RSA, ECC, Diffie Hellman, El Gamal, DSA, Knapsack, PGP Includes: RSA, ECC, Diffie Hellman, El Gamal, DSA, Knapsack, PGP

16 Hybrid Asymmetric and Symmetric Systems Called Public Key Cryptography Called Public Key Cryptography Use asymmetric algorithm for protecting symmetric encryption keys Use asymmetric algorithm for protecting symmetric encryption keys Use asymmetric for protecting key distribution Use asymmetric for protecting key distribution Use secret key for bulk encryption requirements Use secret key for bulk encryption requirements Just don’t let the secret key travel unless it was asymmetrically encrypted! Just don’t let the secret key travel unless it was asymmetrically encrypted! Uses best advantages of each approach Uses best advantages of each approach

17 Public Key Infrastructure Comprehensive approach to establishing a level of security Comprehensive approach to establishing a level of security PKI as an amalgam of approaches PKI as an amalgam of approaches Infrastructure Infrastructure Provides authentication, confidentiality, nonrepudiation, integrity Provides authentication, confidentiality, nonrepudiation, integrity Specific protocols are not PKI, but an overarching architecture Specific protocols are not PKI, but an overarching architecture

18 Certificate Authority Public Key Certificate Public Key Certificate Registration Authority Registration Authority Structure of Certificates Structure of Certificates Trusted Organization Trusted Organization Can be internal or external to the organization Can be internal or external to the organization Entrust, Verisign Entrust, Verisign Certification Revocation Lists Certification Revocation Lists Can be provided by browser Can be provided by browser

19 Message Integrity and Hashes Has message been altered? Has message been altered? Hash, hash function Hash, hash function One way hash One way hash Message digest Message digest Create a fingerprint of a message Create a fingerprint of a message Message can be altered either intentionally or unintentionally Message can be altered either intentionally or unintentionally

20 Digital Signature Hash value encrypted with the sender’s private key Hash value encrypted with the sender’s private key Act of signing means encrypting message’s hash value with private key Act of signing means encrypting message’s hash value with private key Ensures that message was not altered and also came from Bob Ensures that message was not altered and also came from Bob Ensures integrity, authentication, and non- repudiation Ensures integrity, authentication, and non- repudiation DSS DSS

21 Algorithms Asymmetric Asymmetric RSA RSA ECC ECC Diffie Hellman Diffie Hellman El Gamal El Gamal Digital Signature Digital Signature Symmetric Symmetric DES, 3DES DES, 3DES Blowfish Blowfish IDEA IDEA RC4 RC4 SAFER SAFER

22 Hashing Algorithms MD2 MD2 MD4 MD4 MD5 MD5 SHA SHA HAVAL HAVAL What does a good cryptographic hash function have? What does a good cryptographic hash function have?

23 One Time Pad What is a one time pad? What is a one time pad? Perfect encryption Perfect encryption Random Random Integrated into some applications Integrated into some applications High security High security But, have to distribute pad (like German High Command with submarines and Enigma codes) But, have to distribute pad (like German High Command with submarines and Enigma codes)

24 Issues of Key Management Principles Principles Key length Key length Storage Storage Random Random More used, shorter its lifetime More used, shorter its lifetime Escrow Escrow Destroy at end of lifetime Destroy at end of lifetime

25 Hardware v. Software Software less expensive Software less expensive Hardware more expensive Hardware more expensive Software slower throughput Software slower throughput Hardware faster throughput Hardware faster throughput Software more easily modified Software more easily modified High end solutions will be hardware High end solutions will be hardware

26 Email Standards MIME MIME S/MIME S/MIME PEM PEM MSP MSP

27 What do Networks Use for Real?

28 PGP Phil Zimmerman Phil Zimmerman Free Free Download Download Implement Implement Use on email Use on email Print message encoded and decoded Print message encoded and decoded Web of Trust Web of Trust

29 Internet Security HTTP HTTP S-HTTP S-HTTP HTTPS HTTPS SSL SSL SET SET SSH SSH IPSec IPSec

30 Attacks on Crypto Systems Ciphertext Only Attack Ciphertext Only Attack Know Plaintext Attack Know Plaintext Attack Chosen Plaintext Attack Chosen Plaintext Attack Man In the Middle Attack Man In the Middle Attack Dictionary Attack Dictionary Attack Side Channel Side Channel

Download ppt "Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon."

Similar presentations

Cryptography Ch-1 prepared by: Diwan.

Cryptography Ch-1 prepared by: Diwan.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Crytography Chapter 8.

Crytography Chapter 8.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptography.

Cryptography.
Chapter 8 - Cryptography

Chapter 8 - Cryptography
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies

Similar presentations

Ads by Google