Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byAnastasia Francis Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Standards and Protocols Chapter 7

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Identify the standards involved in establishing an interoperable Internet PKI. Explain interoperability issues with PKI standards. Describe how the common Internet protocols implement the PKI standards.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Certificate Certificate Authority (CA) Certificate Revocation List (CRL) IPsec Secure Sockets Layer (SSL) Public key infrastructure (PKI) Secure/Multipurpose Internet Mail Extensions (S/MIME) Pretty Good Privacy (PGP)

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Transport Layer Security (TLS) Wired Equivalent Privacy (WEP) - compromised Wireless Application Protocol (WAP) Wireless Transport Layer Security (WTLS) X.509

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Standards and Protocols Commercial use of the Internet has been one of the biggest growth industries since the 1990s. Public key infrastructures (PKI) are implemented to secure transactions online. Three categories of standards associated with PKI: –Standards that define the PKI –Standards that define the interface between applications and the underlying PKI –Other standards

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Relationships Between PKI Standards and Protocols

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition PKIX Standard and PKCS Two main standards for implementing PKI. Both based on X.509 standard. PKIX produced by Internet Engineering Task Force (IETF); interactions and operations have four component types: –The user, certificate authority (CA), registration authority (RA), and the certificate revocation list (CRLs) PKCS produced by RSA security.

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition The PKIX Model

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Public Key Cryptography Standards (PKCS) Public Key Cryptography Standards (PKCS) fills gaps in standards that existed for implementing PKI. PKCS is composed of 13 active standards and 2 discontinued standards.

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition 15 Public Key Cryptography Standards StandardTitle and Description PKCS #1RSA Cryptography Standard: Definition of the RSA encryption standard PKCS #2Incorporated into PKCS #1, no longer active PKCS #3Diffie-Hellman Key Agreement Standard: Definition of the Diffie- Hellman key-agreement protocol PKCS #4Incorporated into PKCS #1, no longer active PKCS #5Password-Based Cryptography Standard: Definition of a password- based encryption (PBE) method for generating a secret key PKCS #6Extended-Certificate Syntax Standard: Definition of an extended certificate syntax that was made obsolete by X.509 v3

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition X.509 X.509 is the portion of the X.500 standard that addresses the structure of certificates used for authentication. X.509 specifies standard formats for public key certificates, certificate revocation lists, and Attribute Certificates. Version 3 is the current version of the X.509 standard.

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition X.509 Certificate Components Field NameField Description Certificate Signature X.509 version used for this certificate: Version 1 = 0, Version 2 = 1, Version 3 = 2 Serial NumberA nonnegative integer assigned by the certificate issuer that must be unique to the certificate. Signature Algorithm Algorithm Parameters (optional) The algorithm identifier for the algorithm used by the CA to sign the certificate. The optional Parameters field is used to provide the cryptographic algorithm parameters used in generating the signature. IssuerIdentification for the entity that signed and issued the certificate. This must be a distinguished name within the hierarchy of CAs.

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition X.509 Certificate Components (continued) Validity Not valid before time Not valid after time Validity specifies a period of time during which the certificate is valid, using a “not valid before” time and a “not valid after” time (expressed in UTC or in a generalized time). SubjectThe name for the certificate owner. Subject Public Key InfoThis field consists of an encryption algorithm identifier followed by a bit string for the public key. Issuer Unique IDOptional for versions 2 and 3—a unique bit-string identifier for the CA that issued the certificate. Subject Unique IDOptional for versions 2 and 3—a unique bit-string identifier for the subject of the certificate.

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition X.509 Certificate Components (continued) Extension ID Critical Extension Value Optional for version 3—the extension area consists of a sequence of extension fields containing an extension identifier, a Boolean field indicating whether the extension is critical, and an octet string representing the value of the extension. Extensions can be defined in standards or defined and registered by organizations or communities. Thumbprint Algorithm Parameters (optional) This field identifies the algorithm used by the CA to sign this certificate. This field must match the algorithm identified in the Signature Algorithm field. ThumbprintThe signature is the bit-string hash value obtained when the CA signed the certificate. The signature certifies the contents of the certificate, binding the public key to the subject.

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Provide secure connections between the client and server for exchanging information Provide authentication and confidentiality of information transfers Provide data integrity and security over networks by encrypting network connections at the transport layer

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition SSL/TLS TLS & SSL are not interchangeable; TLS is the more modern of the two. TLS is superior to SSL since SSL’s use of hashing forces a reliance on MD5 rather than SHA1. http://tools.ietf.org/html/rfc5246#page-4 Web Server Software – market share

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition TLS Record Protocol TLS Record protocol send data by: –Fragmenting message data into manageable blocks –Optionally compressing the data –Applying a message authentication code (MAC) to the data –Encrypting the data –Transmitting the results Received data is decrypted, verified, decompressed, and reassembled and sent on to the higher-level client.

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition TLS Handshake Protocol

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Pretty Good Privacy (PGP) Program used to encrypt and decrypt e-mails and files Provides the ability to digitally sign a message How PGP works –Creator uses encryption program to create a key pair. Public key designed to give freely to others Private key designed to be known only be the creator –Messages encrypted by the sender using the recipients public key. –The recipients private key is used to decrypt the message.

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition How PGP Works PGP uses a variation of the standard public key encryption process. –An individual (here called the creator) uses the encryption program to create a pair of keys. –One key is known as the public key and is designed to be given freely to others. –The other key is called the private key and is designed to be known only by the creator. – Individuals who want to send a private message to the creator encrypt the message using the creator’s public key. –The algorithm is designed such that only the private key can decrypt the message, so only the creator will be able to decrypt it.

21 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition HTTPS Uses SSL to secure Hypertext Transfer Protocol (HTTP) communications Uses TCP port 443 Supports 40-bit RC4 encryption algorithm and 128-bit encryption

22 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition IPsec Collection of IP security features designed to introduce security at the network layer Optional in IPv4, required in IPv6 Two types of security service: –Transport mode can be used to ensure authentication and confidentiality for data alone. –Tunnel mode can be used to ensure authentication and confidentiality for both data and header.

23 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Wireless Transport Layer Security (WTLS) Provides security for Wireless Application Protocol (WAP) Implemented due to the limited memory and processing of WAP-enabled phones Implemented in one of three classes: –Class 1: anonymous authentication –Class 2: server authentication –Class 3: server and client authentication Class 3 the strongest form of WTLS

24 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Wired Equivalent Privacy (WEP) Used to protect wireless communications from being intercepted Used to prevent unauthorized access to the wireless network Part of the original 802.11 standard WEP 1 supported 64 bit encryption; WEP 2 supports 128 bit encryption Both WEP 1 and WEP 2 vulnerable to various attack vectors

25 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition WEP Security Issues Wireless networking with 802.11 is common. WEP is an optional security protocol with significant issues: –It uses a 24-bit initialization vector as a seed. –This allows for more than 16 million vectors. –At modern networks speeds it does not take long for initialization vectors to repeat. –The secret key is only 40 bits, and is also quickly breakable. Some provides use 128-bit WEP but is almost equally vulnerable.

26 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Identify the standards involved in establishing an interoperable Internet PKI. Explain interoperability issues with PKI standards. Describe how the common Internet protocols implement the PKI standards.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Similar presentations

Ads by Google