logging in or signing up Cryptography(2) aSGuest126329 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 22 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: February 10, 2012 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript PowerPoint Presentation: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSPOutline: Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI Concepts Attacks on Cryptosystems 2Introduction: Introduction “Hidden writing” Increasingly used to protect information Can ensure confidentiality Integrity and Authenticity too 3 History – The Manual Era: History – The Manual Era Dates back to at least 2000 B.C. Pen and Paper Cryptography Examples Scytale Atbash Caesar Vigenère 4History – The Mechanical Era: History – The Mechanical Era Invention of cipher machines Examples Confederate Army’s Cipher Disk Japanese Red and Purple Machines German Enigma 5History – The Modern Era: History – The Modern Era Computers! Examples Lucifer Rijndael RSA ElGamal 6Speak Like a Crypto Geek: Speak Like a Crypto Geek Plaintext – A message in its natural format readable by an attacker Ciphertext – Message altered to be unreadable by anyone except the intended recipients Key – Sequence that controls the operation and behavior of the cryptographic algorithm Keyspace – Total number of possible values of keys in a crypto algorithm 7Speak Like a Crypto Geek (2): Speak Like a Crypto Geek (2) Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations 8Cryptosystem Services: Cryptosystem Services Confidentiality Integrity Authenticity Nonrepudiation Access Control 9Types of Cryptography: Types of Cryptography Stream-based Ciphers One at a time, please Mixes plaintext with key stream Good for real-time services Block Ciphers Amusement Park Ride Substitution and transposition 10Encryption Systems: Encryption Systems Substitution Cipher Convert one letter to another Cryptoquip Transposition Cipher Change position of letter in text Word Jumble Monoalphabetic Cipher Caesar 11Encryption Systems: Encryption Systems Polyalphabetic Cipher Vigenère Modular Mathematics Running Key Cipher One-time Pads Randomly generated keys 12Steganography: Steganography Hiding a message within another medium, such as an image No key is required Example Modify color map of JPEG image 13Cryptographic Methods: Cryptographic Methods Symmetric Same key for encryption and decryption Key distribution problem Asymmetric Mathematically related key pairs for encryption and decryption Public and private keys 14Cryptographic Methods: Cryptographic Methods Hybrid Combines strengths of both methods Asymmetric distributes symmetric key Also known as a session key Symmetric provides bulk encryption Example: SSL negotiates a hybrid method 15Attributes of Strong Encryption: Attributes of Strong Encryption Confusion Change key values each round Performed through substitution Complicates plaintext/key relationship Diffusion Change location of plaintext in ciphertext Done through transposition 16Symmetric Algorithms: Symmetric Algorithms DES Modes: ECB, CBC, CFB, OFB, CM 3DES AES IDEA Blowfish 17Symmetric Algorithms: Symmetric Algorithms RC4 RC5 CAST SAFER Twofish 18Asymmetric Algorithms: Asymmetric Algorithms Diffie-Hellman RSA El Gamal Elliptic Curve Cryptography (ECC) 19Hashing Algorithms: Hashing Algorithms MD5 Computes 128-bit hash value Widely used for file integrity checking SHA-1 Computes 160-bit hash value NIST approved message digest algorithm 20Hashing Algorithms: Hashing Algorithms HAVAL Computes between 128 and 256 bit hash Between 3 and 5 rounds RIPEMD-160 Developed in Europe published in 1996 Patent-free 21Birthday Attack: Birthday Attack Collisions Two messages with the same hash value Based on the “birthday paradox” Hash algorithms should be resistant to this attack 22Message Authentication Codes: Message Authentication Codes Small block of data generated with a secret key and appended to a message HMAC (RFC 2104) Uses hash instead of cipher for speed Used in SSL/TLS and IPSec 23Digital Signatures: Digital Signatures Hash of message encrypted with private key Digital Signature Standard (DSS) DSA/RSA/ECD-SA plus SHA DSS provides Sender authentication Verification of message integrity Nonrepudiation 24Encryption Management: Encryption Management Key Distribution Center (KDC) Uses master keys to issue session keys Example: Kerberos ANSI X9.17 Used by financial institutions Hierarchical set of keys Higher levels used to distribute lower 25Public Key Infrastructure: Public Key Infrastructure All components needed to enable secure communication Policies and Procedures Keys and Algorithms Software and Data Formats Assures identity to users Provides key management features 26PKI Components: PKI Components Digital Certificates Contains identity and verification info Certificate Authorities Trusted entity that issues certificates Registration Authorities Verifies identity for certificate requests Certificate Revocation List (CRL) 27PKI Cross Certification: PKI Cross Certification Process to establish a trust relationship between CAs Allows each CA to validate certificates issued by the other CA Used in large organizations or business partnerships 28Cryptanalysis: Cryptanalysis The study of methods to break cryptosystems Often targeted at obtaining a key Attacks may be passive or active 29Cryptanalysis: Cryptanalysis Kerckhoff’s Principle The only secrecy involved with a cryptosystem should be the key Cryptosystem Strength How hard is it to determine the secret associated with the system? 30Cryptanalysis Attacks: Cryptanalysis Attacks Brute force Trying all key values in the keyspace Frequency Analysis Guess values based on frequency of occurrence Dictionary Attack Find plaintext based on common words 31Cryptanalysis Attacks: Cryptanalysis Attacks Replay Attack Repeating previous known values Factoring Attacks Find keys through prime factorization Ciphertext-Only Known Plaintext Format or content of plaintext available 32Cryptanalysis Attacks: Cryptanalysis Attacks Chosen Plaintext Attack can encrypt chosen plaintext Chosen Ciphertext Decrypt known ciphertext to discover key Differential Power Analysis Side Channel Attack Identify algorithm and key length 33Cryptanalysis Attacks: Cryptanalysis Attacks Social Engineering Humans are the weakest link RNG Attack Predict IV used by an algorithm Temporary Files May contain plaintext 34E-mail Security Protocols: E-mail Security Protocols Privacy Enhanced Email (PEM) Pretty Good Privacy (PGP) Based on a distributed trust model Each user generates a key pair S/MIME Requires public key infrastructure Supported by most e-mail clients 35Network Security: Network Security Link Encryption Encrypt traffic headers + data Transparent to users End-to-End Encryption Encrypts application layer data only Network devices need not be aware 36Network Security: Network Security SSL/TLS Supports mutual authentication Secures a number of popular network services IPSec Security extensions for TCP/IP protocols Supports encryption and authentication Used for VPNs 37Questions?: Questions? 38 You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Cryptography(2) aSGuest126329 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 22 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: February 10, 2012 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript PowerPoint Presentation: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSPOutline: Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI Concepts Attacks on Cryptosystems 2Introduction: Introduction “Hidden writing” Increasingly used to protect information Can ensure confidentiality Integrity and Authenticity too 3 History – The Manual Era: History – The Manual Era Dates back to at least 2000 B.C. Pen and Paper Cryptography Examples Scytale Atbash Caesar Vigenère 4History – The Mechanical Era: History – The Mechanical Era Invention of cipher machines Examples Confederate Army’s Cipher Disk Japanese Red and Purple Machines German Enigma 5History – The Modern Era: History – The Modern Era Computers! Examples Lucifer Rijndael RSA ElGamal 6Speak Like a Crypto Geek: Speak Like a Crypto Geek Plaintext – A message in its natural format readable by an attacker Ciphertext – Message altered to be unreadable by anyone except the intended recipients Key – Sequence that controls the operation and behavior of the cryptographic algorithm Keyspace – Total number of possible values of keys in a crypto algorithm 7Speak Like a Crypto Geek (2): Speak Like a Crypto Geek (2) Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations 8Cryptosystem Services: Cryptosystem Services Confidentiality Integrity Authenticity Nonrepudiation Access Control 9Types of Cryptography: Types of Cryptography Stream-based Ciphers One at a time, please Mixes plaintext with key stream Good for real-time services Block Ciphers Amusement Park Ride Substitution and transposition 10Encryption Systems: Encryption Systems Substitution Cipher Convert one letter to another Cryptoquip Transposition Cipher Change position of letter in text Word Jumble Monoalphabetic Cipher Caesar 11Encryption Systems: Encryption Systems Polyalphabetic Cipher Vigenère Modular Mathematics Running Key Cipher One-time Pads Randomly generated keys 12Steganography: Steganography Hiding a message within another medium, such as an image No key is required Example Modify color map of JPEG image 13Cryptographic Methods: Cryptographic Methods Symmetric Same key for encryption and decryption Key distribution problem Asymmetric Mathematically related key pairs for encryption and decryption Public and private keys 14Cryptographic Methods: Cryptographic Methods Hybrid Combines strengths of both methods Asymmetric distributes symmetric key Also known as a session key Symmetric provides bulk encryption Example: SSL negotiates a hybrid method 15Attributes of Strong Encryption: Attributes of Strong Encryption Confusion Change key values each round Performed through substitution Complicates plaintext/key relationship Diffusion Change location of plaintext in ciphertext Done through transposition 16Symmetric Algorithms: Symmetric Algorithms DES Modes: ECB, CBC, CFB, OFB, CM 3DES AES IDEA Blowfish 17Symmetric Algorithms: Symmetric Algorithms RC4 RC5 CAST SAFER Twofish 18Asymmetric Algorithms: Asymmetric Algorithms Diffie-Hellman RSA El Gamal Elliptic Curve Cryptography (ECC) 19Hashing Algorithms: Hashing Algorithms MD5 Computes 128-bit hash value Widely used for file integrity checking SHA-1 Computes 160-bit hash value NIST approved message digest algorithm 20Hashing Algorithms: Hashing Algorithms HAVAL Computes between 128 and 256 bit hash Between 3 and 5 rounds RIPEMD-160 Developed in Europe published in 1996 Patent-free 21Birthday Attack: Birthday Attack Collisions Two messages with the same hash value Based on the “birthday paradox” Hash algorithms should be resistant to this attack 22Message Authentication Codes: Message Authentication Codes Small block of data generated with a secret key and appended to a message HMAC (RFC 2104) Uses hash instead of cipher for speed Used in SSL/TLS and IPSec 23Digital Signatures: Digital Signatures Hash of message encrypted with private key Digital Signature Standard (DSS) DSA/RSA/ECD-SA plus SHA DSS provides Sender authentication Verification of message integrity Nonrepudiation 24Encryption Management: Encryption Management Key Distribution Center (KDC) Uses master keys to issue session keys Example: Kerberos ANSI X9.17 Used by financial institutions Hierarchical set of keys Higher levels used to distribute lower 25Public Key Infrastructure: Public Key Infrastructure All components needed to enable secure communication Policies and Procedures Keys and Algorithms Software and Data Formats Assures identity to users Provides key management features 26PKI Components: PKI Components Digital Certificates Contains identity and verification info Certificate Authorities Trusted entity that issues certificates Registration Authorities Verifies identity for certificate requests Certificate Revocation List (CRL) 27PKI Cross Certification: PKI Cross Certification Process to establish a trust relationship between CAs Allows each CA to validate certificates issued by the other CA Used in large organizations or business partnerships 28Cryptanalysis: Cryptanalysis The study of methods to break cryptosystems Often targeted at obtaining a key Attacks may be passive or active 29Cryptanalysis: Cryptanalysis Kerckhoff’s Principle The only secrecy involved with a cryptosystem should be the key Cryptosystem Strength How hard is it to determine the secret associated with the system? 30Cryptanalysis Attacks: Cryptanalysis Attacks Brute force Trying all key values in the keyspace Frequency Analysis Guess values based on frequency of occurrence Dictionary Attack Find plaintext based on common words 31Cryptanalysis Attacks: Cryptanalysis Attacks Replay Attack Repeating previous known values Factoring Attacks Find keys through prime factorization Ciphertext-Only Known Plaintext Format or content of plaintext available 32Cryptanalysis Attacks: Cryptanalysis Attacks Chosen Plaintext Attack can encrypt chosen plaintext Chosen Ciphertext Decrypt known ciphertext to discover key Differential Power Analysis Side Channel Attack Identify algorithm and key length 33Cryptanalysis Attacks: Cryptanalysis Attacks Social Engineering Humans are the weakest link RNG Attack Predict IV used by an algorithm Temporary Files May contain plaintext 34E-mail Security Protocols: E-mail Security Protocols Privacy Enhanced Email (PEM) Pretty Good Privacy (PGP) Based on a distributed trust model Each user generates a key pair S/MIME Requires public key infrastructure Supported by most e-mail clients 35Network Security: Network Security Link Encryption Encrypt traffic headers + data Transparent to users End-to-End Encryption Encrypts application layer data only Network devices need not be aware 36Network Security: Network Security SSL/TLS Supports mutual authentication Secures a number of popular network services IPSec Security extensions for TCP/IP protocols Supports encryption and authentication Used for VPNs 37Questions?: Questions? 38