9.0 Cryptography

8/7/2019 9.0 Cryptography

1/32

1

Cryptography


2/32

2

Learning Objectives

Understand the basics of algorithms and

how they are used in modern cryptography

Identify the differences betweenasymmetric and symmetric algorithms

Have a basic understanding of the

concepts ofcryptography and how they

relate to network security

continued


3/32

3

Learning Objectives

Discusscharacteristics of PKI certificates

and the policies and procedures

surrounding themUnderstand the implications of key

management and a certificates lifecycle


4/32

4

Cryptography

Study ofcomplex mathematical formulas

and algorithms used forencryption and

decryptionAllows users to transmit sensitive

information over unsecured networks

Can beeitherstrong or weak


5/32

5

Cryptography Terminology

Plaintext

Data that can be read without any manipulation

Encryption

Method of disguising plaintext to hide itssubstance

Ciphertext

Plaintext that has been encrypted and is an unreadable

series ofsymbols and numbers


6/32

6

How Encryption and Decryption Work


7/32

7

Algorithms

Mathematical functions that work in

tandem with a key

Same plaintext data encrypts into differentciphertext with different keys

Security of data relies on:

Strength of the algorithm

Secrecy of the key


8/32

8

Hashing

Method used for verifying data integrity

Uses variable-length input that isconverted to a fixed-

length output string (hash value)

Checksum: the receiving end usesame hash function tocheck integrity


9/32

9

Quantum Cryptography

Depends on a model called Heisenberg Uncertainty

Principle forsecurity

Process that measuring the results, the result are

change


10/32

10

The Myth ofUnbreakablecodes

Frequency analysis

Algorithm error

Brute force attackHuman error


11/32

11

Symmetric versus Asymmetric

Algorithms

Type of

Algorithm

Advantages Disadvantages

Symmetric Single key Requiressender and

receiver to agree on a keybefore transmission of data

Security lies only with the

key

High cost

Asymmetric Encryption anddecryption keys are

different

Decryption key

cannot becalculated

from encryption key

Security of keyscan becompromised when

malicious users post phony

keys


12/32

12

Symmetric Algorithms

Usually usesame key forencryption anddecryption

Encryption key can becalculated from

decryption key and vice versaRequiresender and receiver to agree on a key

before they communicatesecurely

Security lies with the key

Also called secret key algorithms,single-keyalgorithms, or one-key algorithms


13/32

13

Encryption Using a

Symmetric Algorithm


14/32

14

Categories of Algorithms

Stream algorithms

Operate on the plaintext one bit at a time

Block algorithmsEncrypt and decrypt data in groups of bits,

typically 64 bits in size


15/32

15

Asymmetric Algorithms

Use different keys forencryption anddecryption

Decryption key cannot becalculated fromtheencryption key

Anyonecan use the key to encrypt dataand send it to the host; only the host can

decrypt the dataAlso known as public key algorithms


16/32


17/32

17

Common Encryption Algorithms

Lucifer (1974)

Diffie-Hellman

(1976)RSA (1977)

DES (1977)

TripleDES (1998)

AES (Rijndael)

IDEA (1992)Blowfish (1993)

RC5 (1995)


18/32

18

Primary Functions of Cryptography

Confidentiality

Integrity

AuthenticationNo repudiation


19/32

19

Digital Signatures

Based on asymmetric algorithms, allow

the recipient to verify whether a public key

belongs to its owner


20/32

20

Message

Hash Function

Encrypt

Signature

D iges t

Message Signature

Private

Key

Message

Hash Function

Dec rypt

Expec ted

D iges t

Actual

D iges t

Public

Key

Kalau ini sama maka

digital signature

terverifikas i


21/32

21

Cryptography Attacks

Key Attack

Algorithm Attack

Transmission interceptionBirthday Attack

Weak key attack


22/32

22

Certificates

Credentials that allow a recipient to verifywhether a public key belongs to its ownerVerify senders information with identity

information that is bound to the public key

ComponentsPublic key

One or more digital signatures

Certificate information (eg, users name, ID)


23/32

23


24/32

24

Public Key Infrastructure (PKI)

Certificates

Certificatestorage facility that providescertification management functionality (eg, abilityto issue, revoke,store, retrieve, and trust

certificates)Certification authority (CA)Primary feature of PKI

Trusted person or group responsible for issuingcertificates to authorized users on a system

Createscertificates and digitally signs them using aprivate key


25/32

25

PKI Policies and Practices

Validity establishes that a public key

certificate belongs to its owner

CA issuescertificates to users by bindinga public key to identification information of

the requester

Usercan manually check certificates

fingerprint


26/32

26

Registration

User requestscertificate from CA

CA verifies identity and credentials of user

Certificate practicestatement

Published document that explains CA structure to users

Certificate policy establishes:Who may serve as CA

What types ofcertificates may be issued

How they should be issued and managed


27/32

27

Origins of Encryption Standards

Governmental OrganizationNSA (National Security Agency)

NSA/CSSStandardizeDoD activities

NIST (National Institute of Standard Organization)

Industry AssociationABA (American Banker Association)

IETF (Internet Engineering Task Force)

ISOC (Internet Society)W3C

ITU

IEEE


28/32

28

PublicDomain Cryptography

PGP

PKIX (Public Key Infrastructure X.509)

SSL (Secure Socket Layer)


29/32

29

SET (Secure Electronic Transaction)


30/32

30

SSH (Secure Shell)


31/32

31

HTTPS (Hypertext Transport Protocol

Secure)

IPSecStandard forencrypting VPN


32/32

32

TLS

S/MIME

Providesencryption, integrity, andauthentication when used in conjunction with

PKI

Documents

9.0 Cryptography