Upload
nurdinsumantri
View
228
Download
0
Embed Size (px)
Citation preview
8/7/2019 9.0 Cryptography
1/32
1
Cryptography
8/7/2019 9.0 Cryptography
2/32
2
Learning Objectives
Understand the basics of algorithms and
how they are used in modern cryptography
Identify the differences betweenasymmetric and symmetric algorithms
Have a basic understanding of the
concepts ofcryptography and how they
relate to network security
continued
8/7/2019 9.0 Cryptography
3/32
3
Learning Objectives
Discusscharacteristics of PKI certificates
and the policies and procedures
surrounding themUnderstand the implications of key
management and a certificates lifecycle
8/7/2019 9.0 Cryptography
4/32
4
Cryptography
Study ofcomplex mathematical formulas
and algorithms used forencryption and
decryptionAllows users to transmit sensitive
information over unsecured networks
Can beeitherstrong or weak
8/7/2019 9.0 Cryptography
5/32
5
Cryptography Terminology
Plaintext
Data that can be read without any manipulation
Encryption
Method of disguising plaintext to hide itssubstance
Ciphertext
Plaintext that has been encrypted and is an unreadable
series ofsymbols and numbers
8/7/2019 9.0 Cryptography
6/32
6
How Encryption and Decryption Work
8/7/2019 9.0 Cryptography
7/32
7
Algorithms
Mathematical functions that work in
tandem with a key
Same plaintext data encrypts into differentciphertext with different keys
Security of data relies on:
Strength of the algorithm
Secrecy of the key
8/7/2019 9.0 Cryptography
8/32
8
Hashing
Method used for verifying data integrity
Uses variable-length input that isconverted to a fixed-
length output string (hash value)
Checksum: the receiving end usesame hash function tocheck integrity
8/7/2019 9.0 Cryptography
9/32
9
Quantum Cryptography
Depends on a model called Heisenberg Uncertainty
Principle forsecurity
Process that measuring the results, the result are
change
8/7/2019 9.0 Cryptography
10/32
10
The Myth ofUnbreakablecodes
Frequency analysis
Algorithm error
Brute force attackHuman error
8/7/2019 9.0 Cryptography
11/32
11
Symmetric versus Asymmetric
Algorithms
Type of
Algorithm
Advantages Disadvantages
Symmetric Single key Requiressender and
receiver to agree on a keybefore transmission of data
Security lies only with the
key
High cost
Asymmetric Encryption anddecryption keys are
different
Decryption key
cannot becalculated
from encryption key
Security of keyscan becompromised when
malicious users post phony
keys
8/7/2019 9.0 Cryptography
12/32
12
Symmetric Algorithms
Usually usesame key forencryption anddecryption
Encryption key can becalculated from
decryption key and vice versaRequiresender and receiver to agree on a key
before they communicatesecurely
Security lies with the key
Also called secret key algorithms,single-keyalgorithms, or one-key algorithms
8/7/2019 9.0 Cryptography
13/32
13
Encryption Using a
Symmetric Algorithm
8/7/2019 9.0 Cryptography
14/32
14
Categories of Algorithms
Stream algorithms
Operate on the plaintext one bit at a time
Block algorithmsEncrypt and decrypt data in groups of bits,
typically 64 bits in size
8/7/2019 9.0 Cryptography
15/32
15
Asymmetric Algorithms
Use different keys forencryption anddecryption
Decryption key cannot becalculated fromtheencryption key
Anyonecan use the key to encrypt dataand send it to the host; only the host can
decrypt the dataAlso known as public key algorithms
8/7/2019 9.0 Cryptography
16/32
8/7/2019 9.0 Cryptography
17/32
17
Common Encryption Algorithms
Lucifer (1974)
Diffie-Hellman
(1976)RSA (1977)
DES (1977)
TripleDES (1998)
AES (Rijndael)
IDEA (1992)Blowfish (1993)
RC5 (1995)
8/7/2019 9.0 Cryptography
18/32
18
Primary Functions of Cryptography
Confidentiality
Integrity
AuthenticationNo repudiation
8/7/2019 9.0 Cryptography
19/32
19
Digital Signatures
Based on asymmetric algorithms, allow
the recipient to verify whether a public key
belongs to its owner
8/7/2019 9.0 Cryptography
20/32
20
Message
Hash Function
Encrypt
Signature
D iges t
Message Signature
Private
Key
Message
Hash Function
Dec rypt
Expec ted
D iges t
Actual
D iges t
Public
Key
Kalau ini sama maka
digital signature
terverifikas i
8/7/2019 9.0 Cryptography
21/32
21
Cryptography Attacks
Key Attack
Algorithm Attack
Transmission interceptionBirthday Attack
Weak key attack
8/7/2019 9.0 Cryptography
22/32
22
Certificates
Credentials that allow a recipient to verifywhether a public key belongs to its ownerVerify senders information with identity
information that is bound to the public key
ComponentsPublic key
One or more digital signatures
Certificate information (eg, users name, ID)
8/7/2019 9.0 Cryptography
23/32
23
8/7/2019 9.0 Cryptography
24/32
24
Public Key Infrastructure (PKI)
Certificates
Certificatestorage facility that providescertification management functionality (eg, abilityto issue, revoke,store, retrieve, and trust
certificates)Certification authority (CA)Primary feature of PKI
Trusted person or group responsible for issuingcertificates to authorized users on a system
Createscertificates and digitally signs them using aprivate key
8/7/2019 9.0 Cryptography
25/32
25
PKI Policies and Practices
Validity establishes that a public key
certificate belongs to its owner
CA issuescertificates to users by bindinga public key to identification information of
the requester
Usercan manually check certificates
fingerprint
8/7/2019 9.0 Cryptography
26/32
26
Registration
User requestscertificate from CA
CA verifies identity and credentials of user
Certificate practicestatement
Published document that explains CA structure to users
Certificate policy establishes:Who may serve as CA
What types ofcertificates may be issued
How they should be issued and managed
8/7/2019 9.0 Cryptography
27/32
27
Origins of Encryption Standards
Governmental OrganizationNSA (National Security Agency)
NSA/CSSStandardizeDoD activities
NIST (National Institute of Standard Organization)
Industry AssociationABA (American Banker Association)
IETF (Internet Engineering Task Force)
ISOC (Internet Society)W3C
ITU
IEEE
8/7/2019 9.0 Cryptography
28/32
28
PublicDomain Cryptography
PGP
PKIX (Public Key Infrastructure X.509)
SSL (Secure Socket Layer)
8/7/2019 9.0 Cryptography
29/32
29
SET (Secure Electronic Transaction)
8/7/2019 9.0 Cryptography
30/32
30
SSH (Secure Shell)
8/7/2019 9.0 Cryptography
31/32
31
HTTPS (Hypertext Transport Protocol
Secure)
IPSecStandard forencrypting VPN
8/7/2019 9.0 Cryptography
32/32
32
TLS
S/MIME
Providesencryption, integrity, andauthentication when used in conjunction with
PKI