1 / 56

Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography. Objectives. Define cryptography Describe hashing List the basic symmetric cryptographic algorithms. Objectives (continued). Describe how asymmetric cryptography works

preston
Download Presentation

Security+ Guide to Network Security Fundamentals, Third Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography

  2. Objectives • Define cryptography • Describe hashing • List the basic symmetric cryptographic algorithms Security+ Guide to Network Security Fundamentals, Third Edition

  3. Objectives (continued) • Describe how asymmetric cryptography works • List types of file and file system cryptography • Explain how whole disk encryption works Security+ Guide to Network Security Fundamentals, Third Edition

  4. Defining Cryptography • Defining cryptography involves understanding what it is and what it can do • It also involves understanding how cryptography can be used as a security tool to protect data Security+ Guide to Network Security Fundamentals, Third Edition

  5. What Is Cryptography? • Cryptography • The science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it • Steganography • Hides the existence of the data • What appears to be a harmless image can contain hidden data embedded within the image • Can use image files, audio files, or even video files to contain hidden information Security+ Guide to Network Security Fundamentals, Third Edition

  6. Can you tell which file has the map hidden in it? • One of images on the following two slides (Image A or Image B) has the airport map below hidden within it – can you detect which image is the “carrier” file with the hidden data?

  7. Image A

  8. Image B

  9. Answer • If you guessed Image A – you’d be correct. • Image A is a JPEG stego file containing btv_map.gif using a tool called “Camouflage”. • Pictures, by the way, were retrieved from an excellent site: • http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm

  10. What Is Cryptography? (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  11. What Is Cryptography? (continued) • One of the most famous ancient cryptographers was Julius Caesar • Caesar shifted each letter of his messages to his generals three places down in the alphabet • Encryption • Changing the original text to a secret message using cryptography • Decryption • Change the secret message back to its original form Security+ Guide to Network Security Fundamentals, Third Edition

  12. Security+ Guide to Network Security Fundamentals, Third Edition

  13. Cryptography and Security • Cryptography can provide basic security protection for information: • Cryptography can protect the confidentiality of information • Cryptography can protect the integrity of the information • Cryptography can help ensure the availability of the data • Cryptography can verify the authenticity of the sender • Cryptography can enforce non-repudiation Security+ Guide to Network Security Fundamentals, Third Edition

  14. Cryptography and Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  15. Cryptographic Algorithms • There are three categories of cryptographic algorithms: • Hashing algorithms • Symmetric encryption algorithms • Asymmetric encryption algorithms Security+ Guide to Network Security Fundamentals, Third Edition

  16. Hashing Algorithms • Hashing • Also called a one-way hash • A process for creating a unique “signature” for a set of data • This signature, called a hash or digest, represents the contents • Hashing is used only for integrity to ensure that: • Information is in its original form • No unauthorized person or malicious software has altered the data • Hash created from a set of data cannot be reversed Security+ Guide to Network Security Fundamentals, Third Edition

  17. Hashing Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  18. Hashing Algorithms (continued) • A hashing algorithm is considered secure if it has these characteristics: • The ciphertext hash is a fixed size • Two different sets of data cannot produce the same hash, which is known as a collision • It should be impossible to produce a data set that has a desired or predefined hash • The resulting hash ciphertext cannot be reversed • The hash serves as a check to verify the message contents Security+ Guide to Network Security Fundamentals, Third Edition

  19. Hashing Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  20. Hashing Algorithms (continued) • Hash values are often posted on Internet sites • In order to verify the file integrity of files that can be downloaded Security+ Guide to Network Security Fundamentals, Third Edition

  21. Hashing Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  22. Hashing Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  23. Message Digest (MD) • Message Digest (MD) algorithm • One common hash algorithm • Three versions • Message Digest 2 (MD2) • Message Digest 4 (MD2) • Message Digest 5 (MD2) Security+ Guide to Network Security Fundamentals, Third Edition

  24. Secure Hash Algorithm (SHA) • Secure Hash Algorithm (SHA) • A more secure hash than MD • A family of hashes • SHA-1 • Patterned after MD4, but creates a hash that is 160 bits in length instead of 128 bits • SHA-2 • Comprised of four variations, known as SHA-224, SHA-256, SHA-384, and SHA-512 • Considered to be a secure hash Security+ Guide to Network Security Fundamentals, Third Edition

  25. Whirlpool • Whirlpool • A relatively recent cryptographic hash function • Has received international recognition and adoption by standards organizations • Creates a hash of 512 bits Security+ Guide to Network Security Fundamentals, Third Edition

  26. Password Hashes • Another use for hashes is in storing passwords • When a password for an account is created, the password is hashed and stored • The Microsoft NT family of Windows operating systems hashes passwords in two different forms • LM (LAN Manager) hash • NTLM (New Technology LAN Manager) hash • Most Linux systems use password-hashing algorithms such as MD5 • Apple Mac OS X uses SHA-1 hashes Security+ Guide to Network Security Fundamentals, Third Edition

  27. Symmetric Cryptographic Algorithms • Symmetric cryptographic algorithms • Use the same single key to encrypt and decrypt a message • Also called private key cryptography • Stream cipher • Takes one character and replaces it with one character • Substitution cipher • The simplest type of stream cipher • Simply substitutes one letter or character for another Security+ Guide to Network Security Fundamentals, Third Edition

  28. Security+ Guide to Network Security Fundamentals, Third Edition

  29. Symmetric Cryptographic Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  30. Symmetric Cryptographic Algorithms (continued) • Transposition cipher • A more complicated stream cipher • Rearranges letters without changing them • With most symmetric ciphers, the final step is to combine the cipher stream with the plaintext to create the ciphertext • The process is accomplished through the exclusive OR (XOR) binary logic operation • One-time pad (OTP) • Combines a truly random key with the plaintext Security+ Guide to Network Security Fundamentals

  31. Symmetric Cryptographic Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  32. Symmetric Cryptographic Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  33. Symmetric Cryptographic Algorithms (continued) • Block cipher • Manipulates an entire block of plaintext at one time • Plaintext message is divided into separate blocks of 8 to 16 bytes • And then each block is encrypted independently • Stream cipher advantages and disadvantages • Fast when the plaintext is short • More prone to attack because the engine that generates the stream does not vary Security+ Guide to Network Security Fundamentals, Third Edition

  34. Symmetric Cryptographic Algorithms (continued) • Block cipher advantages and disadvantages • Considered more secure because the output is more random • Cipher is reset to its original state after each block is processed • Results in the ciphertext being more difficult to break Security+ Guide to Network Security Fundamentals, Third Edition

  35. Symmetric Cryptographic Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  36. Symmetric Cryptographic Algorithms (continued) • Data Encryption Standard (DES) • One of the first widely popular symmetric cryptography algorithms • DES is a block cipher and encrypts data in 64-bit blocks • However, the 8-bit parity bit is ignored so the effective key length is only 56 bits • Triple Data Encryption Standard (3DES) • Designed to replace DES • Uses three rounds of encryption instead of just one Security+ Guide to Network Security Fundamentals, Third Edition

  37. Symmetric Cryptographic Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  38. Security+ Guide to Network Security Fundamentals, Third Edition

  39. Symmetric Cryptographic Algorithms (continued) • Advanced Encryption Standard (AES) • Approved by the NIST in late 2000 as a replacement for DES • AES performs three steps on every block (128 bits) of plaintext • Within Step 2, multiple rounds are performed depending upon the key size • Within each round, bytes are substituted and rearranged, and then special multiplication is performed based on the new arrangement Security+ Guide to Network Security Fundamentals, Third Edition

  40. Other Algorithms • Several other symmetric cryptographic algorithms are also used: • Rivest Cipher (RC) family from RC1 to RC6 • International Data Encryption Algorithm (IDEA) • Blowfish • Twofish Security+ Guide to Network Security Fundamentals, Third Edition

  41. Asymmetric Cryptographic Algorithms • Asymmetric cryptographic algorithms • Also known as public key cryptography • Uses two keys instead of one • The public key is known to everyone and can be freely distributed • The private key is known only to the recipient of the message • Asymmetric cryptography can also be used to create a digital signature Security+ Guide to Network Security Fundamentals, Third Edition

  42. Security+ Guide to Network Security Fundamentals, Third Edition

  43. Asymmetric Cryptographic Algorithms (continued) • A digital signature can: • Verify the sender • Prove the integrity of the message • Prevent the sender from disowning the message Security+ Guide to Network Security Fundamentals, Third Edition

  44. Security+ Guide to Network Security Fundamentals, Third Edition

  45. Security+ Guide to Network Security Fundamentals, Third Edition

  46. Asymmetric Cryptographic Algorithms (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  47. RSA • The most common asymmetric cryptography algorithm • RSA multiplies two large prime numbers p and q • To compute their product (n=pq) • A number e is chosen that is less than n and a prime factor to (p-1)(q-1) • Another number d is determined, so that (ed-1) is divisible by (p-1)(q-1) • The public key is the pair (n,e) while the private key is (n,d) Security+ Guide to Network Security Fundamentals, Third Edition

  48. Diffie-Hellman • Diffie-Hellman • Allows two users to share a secret key securely over a public network • Once the key has been shared • Then both parties can use it to encrypt and decrypt messages using symmetric cryptography Security+ Guide to Network Security Fundamentals, Third Edition

  49. Elliptic Curve Cryptography • Elliptic curve cryptography • Uses elliptic curves • An elliptic curve is a function drawn on an X-Y axis as a gently curved line • By adding the values of two points on the curve, you can arrive at a third point on the curve • The public aspect of an elliptic curve cryptosystem is that users share an elliptic curve and one point on the curve Security+ Guide to Network Security Fundamentals, Third Edition

  50. Using Cryptography on Files and Disks • Cryptography can also be used to protect large numbers of files on a system or an entire disk Security+ Guide to Network Security Fundamentals, Third Edition

More Related